npm - auth0-actions - Versions diffs - 0.1.1 → 0.2.0 - Mend

auth0-actions 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2023 CloudNimble
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,284 @@
+# auth0-actions
+> **DEPRECATION NOTICE**: This package is now deprecated in favor of the official [@auth0/actions](https://www.npmjs.com/package/@auth0/actions) package from Auth0. Please migrate to the official package for better support and comprehensive coverage.
+Type definitions and utilities for building Auth0 Actions.
+## Installation
+```bash
+npm install auth0-actions
+```
+## Overview
+This package provides TypeScript type definitions for Auth0 Actions, focusing on:
+- **Credentials Exchange** actions
+- **Post-Login** actions
+The types are designed to help you build type-safe Auth0 Actions with proper intellisense support in your IDE.
+## Basic Usage
+```typescript
+import { PostLoginEvent, PostLoginApi } from 'auth0-actions';
+// Define your custom types
+interface MySecrets {
+  apiKey: string;
+}
+interface MyClientMetadata {
+  clientType: string;
+}
+interface MyAppMetadata {
+  roles: string[];
+}
+interface MyUserMetadata {
+  preferences: {
+    theme: string;
+  };
+}
+// Your Post-Login action
+export async function onExecutePostLogin(
+  event: PostLoginEvent<MySecrets, MyClientMetadata, MyAppMetadata, MyUserMetadata>,
+  api: PostLoginApi
+) {
+  const apiKey = event.secrets?.apiKey;
+  const userRoles = event.user?.app_metadata.roles;
+  if (!userRoles?.includes('admin')) {
+    api.access.deny('User does not have admin role');
+  }
+  api.accessToken.setCustomClaim('https://my-app.com/roles', userRoles);
+}
+```
+### Credentials Exchange Example
+```typescript
+import { CredentialsExchangeEvent, CredentialsExchangeApi, CredentialsExchangeRequestBody } from 'auth0-actions';
+interface MySecrets {
+  clientSecret: string;
+}
+interface MyClientMetadata {
+  tier: string;
+}
+interface MyRequestBody extends CredentialsExchangeRequestBody {
+  custom_param?: string;
+}
+export async function onExecuteCredentialsExchange(
+  event: CredentialsExchangeEvent<MySecrets, MyClientMetadata, MyRequestBody>,
+  api: CredentialsExchangeApi
+) {
+  const tier = event.client?.metadata.tier;
+  if (tier === 'free') {
+    api.access.deny('Free tier not allowed for this resource');
+  }
+  api.accessToken.setCustomClaim('https://my-app.com/tier', tier);
+}
+```
+## Limitations
+This package provides a simplified implementation focused on the most common Auth0 Actions use cases. It has several limitations:
+1. **Limited Action Types**: Only covers Credentials Exchange and Post-Login actions
+2. **No Versioning**: Does not support multiple API versions
+3. **Incomplete Coverage**: Missing several action types available in Auth0
+4. **Generic Approach**: Uses TypeScript generics instead of specific inline types
+## Migration to Official Package
+Auth0 now provides an official [@auth0/actions](https://www.npmjs.com/package/@auth0/actions) package that is:
+- ✅ More comprehensive (12+ action types)
+- ✅ Properly versioned (v1, v2, v3 for different APIs)
+- ✅ Better typed with discriminated unions
+- ✅ Officially maintained by Auth0
+- ✅ Matches Auth0's actual API exactly
+### Upgrade Guide
+#### Step 1: Install the Official Package
+```bash
+npm uninstall auth0-actions
+npm install @auth0/actions
+```
+#### Step 2: Update Your Imports
+**Before (this package):**
+```typescript
+import { PostLoginEvent, PostLoginApi } from 'auth0-actions';
+export async function onExecutePostLogin(
+  event: PostLoginEvent<MySecrets, MyClientMetadata, MyAppMetadata, MyUserMetadata>,
+  api: PostLoginApi
+) {
+  // Your code
+}
+```
+**After (official package):**
+```typescript
+import type {
+  PostLoginAction
+} from '@auth0/actions/post-login/v3';
+export const onExecutePostLogin: PostLoginAction = async (event, api) => {
+  // Your code - the types are inferred automatically
+  // No need for generic type parameters
+};
+```
+#### Step 3: Property Name Changes
+The official package uses consistent `snake_case` for all properties to match Auth0's API:
+| This Package (deprecated) | Official Package |
+|--------------------------|------------------|
+| `event.client?.clientId` | `event.client.client_id` |
+| `event.user?.user_metadata` | `event.user.user_metadata` ✓ (same) |
+| Generic types | Inline types with specific versions |
+#### Step 4: Handle Secrets and Configuration
+**Before:**
+```typescript
+interface MySecrets {
+  apiKey: string;
+}
+// Then used as generic parameter
+PostLoginEvent<MySecrets, ...>
+```
+**After:**
+```typescript
+// Secrets are automatically typed
+const apiKey = event.secrets.API_KEY; // string
+```
+For better type safety with secrets, you can augment the official types:
+```typescript
+import type { PostLoginAction } from '@auth0/actions/post-login/v3';
+// Augment the Secrets interface
+declare module '@auth0/actions/post-login/v3' {
+  interface Secrets {
+    API_KEY: string;
+    DATABASE_URL: string;
+  }
+}
+export const onExecutePostLogin: PostLoginAction = async (event, api) => {
+  const apiKey = event.secrets.API_KEY; // Now typed as string
+};
+```
+#### Step 5: Action Type Mapping
+| This Package | Official Package |
+|-------------|------------------|
+| `CredentialsExchangeEvent` | `@auth0/actions/credentials-exchange/v2` |
+| `PostLoginEvent` | `@auth0/actions/post-login/v3` |
+| Not available | `@auth0/actions/post-user-registration/v2` |
+| Not available | `@auth0/actions/pre-user-registration/v2` |
+| Not available | `@auth0/actions/post-change-password/v2` |
+| And more... | See [official docs](https://auth0.com/docs/customize/actions) |
+### Complete Migration Example
+**Before (this package):**
+```typescript
+import { PostLoginEvent, PostLoginApi } from 'auth0-actions';
+interface Secrets {
+  AUTH_SECRET: string;
+}
+export async function onExecutePostLogin(
+  event: PostLoginEvent<Secrets, any, any, any>,
+  api: PostLoginApi
+) {
+  const secret = event.secrets?.AUTH_SECRET;
+  api.accessToken.setCustomClaim('role', event.user?.app_metadata.role);
+}
+```
+**After (official package):**
+```typescript
+import type { PostLoginAction } from '@auth0/actions/post-login/v3';
+declare module '@auth0/actions/post-login/v3' {
+  interface Secrets {
+    AUTH_SECRET: string;
+  }
+}
+export const onExecutePostLogin: PostLoginAction = async (event, api) => {
+  const secret = event.secrets.AUTH_SECRET;
+  api.accessToken.setCustomClaim('role', event.user.app_metadata.role);
+};
+```
+## Why Migrate?
+1. **Official Support**: Maintained directly by Auth0
+2. **Complete Coverage**: All action types, not just 2
+3. **API Versioning**: Target specific API versions (v1, v2, v3)
+4. **Better Types**: More accurate with discriminated unions and specific error codes
+5. **Future-Proof**: Gets updates when Auth0 adds new features
+6. **Better Documentation**: Integrated with Auth0's official documentation
+## Resources
+- [Official @auth0/actions Package](https://www.npmjs.com/package/@auth0/actions)
+- [Auth0 Actions Documentation](https://auth0.com/docs/customize/actions)
+- [Auth0 Actions Triggers](https://auth0.com/docs/customize/actions/triggers)
+- [Actions Marketplace](https://marketplace.auth0.com/features/actions)
+## Legacy API Reference
+For those still using this package, basic API reference:
+### Event Interfaces
+- `PostLoginEvent<TSecret, TClientMetadata, TAppMetadata, TUserMetadata>`
+- `CredentialsExchangeEvent<TSecret, TClientMetadata, TRequest>`
+### API Interfaces
+- `PostLoginApi` - Main API for post-login actions
+- `CredentialsExchangeApi` - Main API for credentials exchange
+### Managers
+- `AccessTokenManager` - Modify access token
+- `IdTokenManager` - Modify ID token
+- `CacheManager` - Store/retrieve cached data
+- `UserManager` - Update user metadata
+- `MultifactorManager` - Configure MFA
+- `RedirectManager` - Handle redirects
+- `AuthenticationManager` - Record authentication methods
+## License
+MIT
+## Author
+CloudNimble, Inc. - opensource@nimbleapps.cloud
+---
+**Again, please migrate to [@auth0/actions](https://www.npmjs.com/package/@auth0/actions) for the best experience.**

package/package.json CHANGED Viewed

@@ -1,20 +1,40 @@
 {
   "name": "auth0-actions",
-  "version": "0.1.1",
-  "description": "Type definitions and utilities for building Auth0 Actions.",
+  "version": "0.2.0",
+  "description": "Type definitions and utilities for building Auth0 Actions. DEPRECATED: Use @auth0/actions instead.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
+  "deprecated": "This package is deprecated. Please use @auth0/actions for official, comprehensive Auth0 Actions type definitions.",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
     "build": "tsc --build",
-    "clean": "tsc --build --clean"
+    "clean": "tsc --build --clean",
+    "prepublishOnly": "npm run build"
   },
   "keywords": [
     "auth0",
-    "actions"
+    "actions",
+    "typescript",
+    "types",
+    "auth0-actions",
+    "deprecated"
   ],
-  "author": "CloudNimble, Inc. opensource@nimbleapps.cloud",
+  "author": "CloudNimble, Inc. <opensource@nimbleapps.cloud>",
   "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/CloudNimble/Auth0.Actions.git",
+    "directory": "src/Auth0.Actions.TypeScript"
+  },
+  "homepage": "https://github.com/CloudNimble/Auth0.Actions#readme",
+  "bugs": {
+    "url": "https://github.com/CloudNimble/Auth0.Actions/issues"
+  },
+  "files": [
+    "dist/**/*",
+    "README.md",
+    "LICENSE"
+  ],
   "dependencies": {
     "auth0": "^4.3.1"
   },

package/index.ts DELETED Viewed

@@ -1,842 +0,0 @@
-//#region Events
-/**
- *
- */
-export interface CredentialsExchangeEvent<TSecret, TClientMetadata, TRequest extends CredentialsExchangeRequestBody> {
-    /** An object containing information describing the authorization granted to the user who is logging in. */
-    accessToken?: AccessToken;
-    /**  */
-    client?: Client<TClientMetadata>;
-    /**  */
-    request?: RequestBase<TRequest>;
-    /**  */
-    resource_server?: ResourceServer;
-    /**  */
-    secrets?: TSecret;
-    /**  */
-    tenant?: Tenant;
-    /**  */
-    transaction?: TransactionBase;
-}
-/**
- *
- */
-export interface PostLoginEvent<TSecret, TClientMetadata, TAppMetadata, TUserMetadata> {
-    /** Details about authentication signals obtained during the login flow. */
-    authentication?: AuthenticationInfoWithRiskAssessment
-    /** An object containing information describing the authorization granted to the user who is logging in. */
-    authorization?: AuthorizationInfo;
-    /**  */
-    client?: Client<TClientMetadata>;
-    /**  */
-    configuration?: Configuration;
-    /**  */
-    connection?: Connection;
-    /**  */
-    organization?: Organization;
-    /**  */
-    request?: Request<any>;
-    /**  */
-    resource_server?: ResourceServer;
-    /**  */
-    secrets?: TSecret;
-    /**  */
-    stats?: Stats;
-    /**  */
-    tenant?: Tenant;
-    /**  */
-    transaction?: Transaction;
-    /**  */
-    user?: UserBase<TAppMetadata, TUserMetadata>;
-}
-/**
- *
- */
-export interface AccessToken {
-    customClaims: any;
-    scope: string[];
-}
-/**
- * Details about authentication signals obtained during the login flow.
- */
-export interface AuthenticationInfoWithRiskAssessment {
-    /** Contains the authentication methods a user has completed during their session. */
-    methods: AuthenticationMethod[];
-    riskAssessment?: RiskAssessmentSummary;
-}
-/**
- *
- */
-export interface AuthenticationMethod {
-    /**
-     * The name of the first factor that was completed. Values include the following:
-     */
-    name: AuthenticationMethods | string;
-    timestamp: string;
-    /* A specific MFA factor. Only present when name is set to 'mfa'. */
-    type: string;
-}
-/**
- *
- */
-export enum AuthenticationMethods {
-    /** A social or enterprise connection was used to authenticate the user as the first factor. */
-    federated = 'federated',
-    /**  */
-    passkey = 'passkey',
-    /** A database connection was used to authenticate the user as the first factor. */
-    pwd = 'pwd',
-    /** A Passwordless SMS connection was used to authenticate the user as the first factor. */
-    sms = 'sms',
-    /** A Passwordless Email connection was used to authenticate the user as the first factor or verify email for password reset. */
-    email = 'email',
-    /**  */
-    mfa = 'mfa',
-    /* "Used for internal testing. */
-    mock = 'mock'
-}
-/**
- *
- */
-export interface AuthorizationInfo {
-    roles: string[];
-}
-/**
- *
- */
-export interface Client<TMetadata> {
-    /** The client id of the application the user is logging in to. */
-    clientId: string;
-    /** An object for holding other application properties. */
-    metadata: TMetadata
-    /** The name of the application (as defined in the Dashboard). */
-    name: string;
-    /**  */
-    strategy: string;
-}
-/**
- *
- */
-export interface Configuration {
-}
-/**
- *
- */
-export interface Connection {
-    /**
-     * The connection's identifier
-    */
-    id: string;
-    /**
-     * Metadata associated with the connection in the form of an object with string values (max 255 chars).  Maximum of 10 metadata properties allowed.
-     */
-    metadata: { [key: string]: any };
-    /**
-     * The name of the connection
-     */
-    name: string;
-    /**
-     * The type of the connection, related to the identity provider
-     */
-    strategy: ConnectionStrategies;
-}
-/**
- *
- */
-export enum ConnectionStrategies {
-    ad = 'ad',
-    adfs = 'adfs',
-    amazon = 'amazon',
-    apple = 'apple',
-    dropbox = 'dropbox',
-    bitbucket = 'bitbucket',
-    aol = 'aol',
-    auth0_oidc = 'auth0-oidc',
-    auth0 = 'auth0',
-    baidu = 'baidu',
-    bitly = 'bitly',
-    box = 'box',
-    custom = 'custom',
-    daccount = 'daccount',
-    dwolla = 'dwolla',
-    email = 'email',
-    evernote_sandbox = 'evernote-sandbox',
-    evernote = 'evernote',
-    exact = 'exact',
-    facebook = 'facebook',
-    fitbit = 'fitbit',
-    flickr = 'flickr',
-    github = 'github',
-    google_apps = 'google-apps',
-    google_oauth2 = 'google-oauth2',
-    instagram = 'instagram',
-    ip = 'ip',
-    line = 'line',
-    linkedin = 'linkedin',
-    miicard = 'miicard',
-    oauth1 = 'oauth1',
-    oauth2 = 'oauth2',
-    office365 = 'office365',
-    oidc = 'oidc',
-    okta = 'okta',
-    paypal = 'paypal',
-    paypal_sandbox = 'paypal-sandbox',
-    pingfederate = 'pingfederate',
-    planningcenter = 'planningcenter',
-    renren = 'renren',
-    salesforce_community = 'salesforce-community',
-    salesforce_sandbox = 'salesforce-sandbox',
-    salesforce = 'salesforce',
-    samlp = 'samlp',
-    sharepoint = 'sharepoint',
-    shopify = 'shopify',
-    sms = 'sms',
-    soundcloud = 'soundcloud',
-    thecity_sandbox = 'thecity-sandbox',
-    thecity = 'thecity',
-    thirtysevensignals = 'thirtysevensignals',
-    twitter = 'twitter',
-    untappd = 'untappd',
-    vkontakte = 'vkontakte',
-    waad = 'waad',
-    weibo = 'weibo',
-    windowslive = 'windowslive',
-    wordpress = 'wordpress',
-    yahoo = 'yahoo',
-    yammer = 'yammer',
-    yandex = 'yandex',
-}
-/**
- *
- */
-export interface CredentialsExchangeRequestBody {
-    audience: string;
-    client_id: string;
-    client_secret: string;
-    grant_type: string;
-}
-/**
- *
- */
-export interface GeoIP {
-    cityName: string
-    continentCode: string
-    countryCode3: string
-    countryCode: string
-    countryName: string
-    latitude: number
-    longitude: number
-    subdivisionCode: string
-    subdivisionName: string
-    timeZone: string
-}
-/**
- *
- */
-export interface Identity {
-    connection: string
-    isSocial: boolean
-    provider: string
-    userId: string
-    user_id: string
-}
-/**
- *
- */
-export interface IPAddressDetails {
-    category: string;
-    ip: string;
-    matches: string;
-    source: string;
-}
-/**
- *
- */
-export interface NewDeviceDetails {
-    device: string;
-    useragent: string;
-}
-/**
- *
- */
-export interface Organization {
-    /* The friendly name of the Organization. */
-    display_name: string;
-    /**
-     * The Organization's identifier.
-    */
-    id: string;
-    /**
-     * Metadata associated with the Organization.
-     */
-    metadata: { [key: string]: any };
-    /**
-     * The name of the Organization.
-     */
-    name: string;
-}
-/**
- *
- */
-export interface Query {
-    audience: string
-    client_id: string
-    code_challenge: string
-    code_challenge_method: string
-    prompt: string
-    redirect_uri: string
-    response_mode: string
-    response_type: string
-    scope: string
-    state: string
-}
-/**
- *
- */
-export interface Request<TBody> extends RequestBase<TBody> {
-    query: Query;
-}
-/**
- *
- */
-export interface RequestBase<TBody> {
-    body: TBody;
-    geoip: GeoIP;
-    hostname: string;
-    ip: string;
-    method: string;
-    user_agent: string;
-}
-/**
- *
- */
-export interface ResourceServer {
-    identifier: string
-}
-export interface RiskAssessmentBase {
-    code: string;
-    confidence: string;
-}
-/**
- *
- */
-export interface RiskAssessmentSummary {
-    assessments: RiskAssessments;
-    confidence: "low" | "medium" | "high" | "neutral";
-    version: string;
-}
-/**
- *
- */
-export interface RiskAssessments {
-    ImpossibleTravel: RiskAssessmentBase;
-    NewDevice: RiskAssessmentWithDetails<NewDeviceDetails>
-    UntrustedIP: RiskAssessmentWithDetails<IPAddressDetails>
-}
-/**
- *
- */
-export interface RiskAssessmentWithDetails<TDetails> {
-    details: TDetails;
-}
-/**
- *
- */
-export interface Stats {
-    logins_count: number
-}
-/**
- *
- */
-export interface Tenant {
-    id: string
-}
-/**
- *
- */
-export interface Transaction extends TransactionBase {
-    acr_values: any[]
-    linking_id?: string
-    locale: string
-    login_hint?: string
-    prompt: string[]
-    protocol?: TransactionProtocols
-    redirect_uri?: string
-    response_mode?: string
-    response_type?: string[]
-    state?: string
-    ui_locales: string[]
-}
-/**
- *
- */
-export interface TransactionBase {
-    requested_scopes: string[]
-}
-/**
- *
- */
-export enum TransactionProtocols {
-    oidc_basic = 'oidc-basic-profile',
-    /*  Allows your application to have immediate access to an ID token while still providing for secure and safe retrieval of access and refresh tokens. */
-    oidc_hybrid = 'oidc-hybrid',
-    oidc_implicit = 'oidc-implicit-profile',
-    samlp = 'samlp',
-    wsfed = 'wsfed',
-    wstrust_usernamemixed = 'wstrust-usernamemixed',
-    oauth2_device_code = 'oauth2-device-code',
-    oauth2_resource_owner = 'oauth2-resource-owner',
-    oauth2_jwt_bearer = 'oauth2-resource-owner-jwt-bearer',
-    oauth2_password = 'oauth2-password',
-    oauth2_access_token = 'oauth2-access-token',
-    oauth2_refresh_token = 'oauth2-refresh-token',
-    oauth2_token_exchange = 'oauth2-token-exchange',
-}
-/**
- *
- */
-export interface UserBase<TAppMetadata, TUserMetadata> {
-    /** Data that the user has read-only access to (e.g. roles, permissions, vip, etc) */
-    app_metadata: TAppMetadata
-    /**  */
-    created_at: string
-    /**  */
-    email: string
-    /**  */
-    email_verified: boolean
-    /**  */
-    family_name: string
-    /**  */
-    given_name: string
-    /**  */
-    identities: Identity[]
-    /**  */
-    last_password_reset?: string
-    /**  */
-    multifactor?: string[]
-    /**  */
-    name: string
-    /**  */
-    nickname: string
-    /**  */
-    phone_number?: string
-    /**  */
-    phone_verified?: boolean
-    /**  */
-    picture: string
-    /**  */
-    updated_at: string
-    /**  */
-    user_id: string
-    /** Data that the user has read/write access to (e.g. color_preference, blog_url, etc.) */
-    user_metadata: TUserMetadata
-    /**  */
-    username?: string
-}
-//#endregion
-//#region Actions APIs
-export interface PostLoginApi extends ActionsApiBase<PostLoginApi> {
-    /** Modify the user's login access, such as by rejecting the login attempt. */
-    access: LoginAccessManager<PostLoginApi>;
-    /** Request changes to the access token being issued. */
-    accessToken: AccessTokenManager<PostLoginApi>;
-    /**  */
-    authentication: AuthenticationManager;
-    /** Store and retrieve data that persists across executions. */
-    cache: CacheManager;
-    /** Request changes to the ID token being issued. */
-    idToken: IdTokenManager;
-    /**  */
-    multifactor: MultifactorManager;
-    /**  */
-    redirect: RedirectManager;
-    /**  */
-    user: UserManager;
-}
-export interface AccessTokenManager<TApi extends ActionsApiBase<TApi>> extends AccessTokenManagerBase<TApi> {
-    /**
-     * Add a scope on the Access Token that will be issued upon completion of the login flow.
-     * @param scope The scope to be added.
-     */
-    addScope(scope: string): TApi;
-    /**
-     * Remove a scope on the Access Token that will be issued upon completion of the login flow.
-     * @param scope The scope to be removed.
-     */
-    removeScope(scope: string): TApi;
-}
-export interface AccessTokenManagerBase<TApi extends ActionsApiBase<TApi>> {
-    /**
-     * Set a custom claim on the Access Token that will be issued upon completion of the login flow.
-     * @param name Name of the claim (note that this may need to be a fully-qualified URL).
-     * @param value The value of the claim.
-     */
-    setCustomClaim(name: string, value: any): TApi;
-}
-export interface ActionsApiBase<TApi extends ActionsApiBase<TApi>> {
-    /** Modify the user's login access, such as by rejecting the login attempt. */
-    access: LoginAccessManager<TApi>;
-    /** Request changes to the access token being issued. */
-    accessToken: AccessTokenManagerBase<TApi>;
-    /** Store and retrieve data that persists across executions. */
-    cache: CacheManager;
-}
-export interface AuthenticationManager {
-    /**
-     * Indicate that a custom authentication method has been completed in the current session. This method will then be available in the
-     * `event.authentication.methods` array in subsequent logins.
-     *
-     * Important: This API is only available from within the onContinuePostLogin function for PostLogin Actions. In other words, this may
-     * be used to record the completion of a custom authentication method after redirecting the user via api.redirect.sendUserTo().
-     *
-     * @param provider_url
-     */
-    recordMethod(provider_url: string): PostLoginApi;
-    /**
-     * Challenge the user with one or more specified multifactor authentication factors. This method presents the default challenge first,
-     * then allows the user to select a different option if additional factors have been supplied. If the user has not enrolled in any of
-     * the factors supplied (including both the default and any additional factors), the command fails.
-     *
-     * Note: This method overrides existing policies and rules that enable or disable MFA in a tenant.
-     * @param factor Used to specify the default MFA factor or factors used to challenge the user.
-     * @param options An object containing the optional additionalFactors field.
-     */
-    challengeWith(factor: ChallengeFactor, options: ChallengeOptions): void
-    /**
-     * Trigger an MFA challenge and allow the user to select their preferred factor from the supplied list. This method presents a factor picker to the user rather than a specific challenge, in accordance with the following conditions:
-     * - If two or more factors are specified, a factor picker displays to the user.
-     * - If the user has only enrolled in one of the specified factors (or only one factor is specified), the factor picker is skipped.
-     * - If the user has not enrolled in any of the specified factors, the challenge command fails.
-     * Note: This method overrides existing policies and rules that enable or disable MFA in a tenant.
-     * @param factors
-     */
-    challengeWithAny(factors: ChallengeFactor[]): void
-}
-export interface CacheManager {
-    /**
-     * Delete a record describing a cached value at the supplied key if it exists.
-     * @param key
-     */
-    delete(key: string): CacheWriteResult;
-    /**
-     * Retrieve a record describing a cached value at the supplied key, if it exists. If a record is found, the cached value can be found at the value
-     * property of the returned object.
-     * @param key The key of the record stored in the cache.
-     */
-    get(key: string): CacheRecord
-    /**
-     *
-     * @param key The value of the record to be stored.
-     * @param value The value of the record to be stored.
-     * @param options Options for adjusting cache behavior.
-     */
-    set(key: string, value: any, options?: CacheOptions): void
-}
-export interface CacheWriteResult {
-    /**  */
-    type: 'success' | 'error'
-    /** If @see type = 'error', then the error code will be populated here. */
-    code: string
-}
-export interface CacheRecord {
-    /** The object stored in the Cache. */
-    value: any
-    /** The maximum expiry of the record in milliseconds since the Unix epoch. */
-    expires_at: number
-}
-export interface CacheOptions {
-    /**
-     * The absolute expiry time in milliseconds since the unix epoch. While cached records may be evicted earlier, they will never remain beyond the the supplied expires_at.
-     * NOTE: This value should not be supplied if a value was also provided for ttl. If both options are supplied, the earlier expiry of the two will be used.
-     */
-    expires_at?: number
-    /**
-     * The time-to-live value of this cache entry in milliseconds. While cached values may be evicted earlier, they will never remain beyond the the supplied ttl.
-     * NOTE: This value should not be supplied if a value was also provided for expires_at. If both options are supplied, the earlier expiry of the two will be used.
-     */
-    ttl?: number
-}
-export interface ChallengeFactor {
-    type: ChallengeTypes
-    /**
-     * When set to true, the user cannot use the OTP fallback option of the push notification factor. (Developer's note: This makes no sense.)
-     * Only used for @see ChallengeTypes.push_notification.
-     */
-    otpFallback?: boolean
-    /**
-     * Only used for @see ChallengeTypes.phone.
-     */
-    preferredMethod?: 'voice' | 'phone' | 'both'
-}
-export interface ChallengeOptions {
-    additionalFactors: ChallengeFactor[]
-}
-export enum ChallengeTypes {
-    otp = 'otp',
-    email = 'email',
-    phone = 'phone',
-    push_notification = 'push-notification',
-    webauthn_platform = 'webauthn-platform',
-    webauthn_roaming = 'webauthn-roaming'
-}
-export interface CredentialsExchangeApi extends ActionsApiBase<CredentialsExchangeApi> {
-    /** Control availability to the access token. */
-    access: LoginAccessManager<CredentialsExchangeApi>;
-    /** Request changes to the access token being issued. */
-    accessToken: AccessTokenManagerBase<CredentialsExchangeApi>;
-    /** Store and retrieve data that persists across executions. */
-    cache: CacheManager;
-}
-export interface DuoMultifactorOptions {
-    host: string
-    ikey: string
-    skey: string
-}
-export interface EncodeTokenOptions {
-    expiresInSeconds: number
-    payload: any;
-    /**
-     * A secret that will be used to sign a JWT that is shared with the redirect target.
-     * The secret value should be stored as a secret and retrieved using event.secrets['SECRET_NAME']
-     */
-    secret: string;
-}
-export interface IdTokenManager {
-    /**
-     * Set a custom claim on the ID token that will be issued upon completion of the login flow.
-     * @param name Name of the claim (note that this may need to be a fully-qualified URL).
-     * @param value The value of the claim.
-     */
-    setCustomClaim(name: string, value: any): PostLoginApi
-}
-export interface LoginAccessManager<TApi extends ActionsApiBase<TApi>> {
-    /**
-     * Mark the current login attempt as denied. This will prevent the end-user from completing the login flow. This will NOT cancel other user-related
-     * side effects (such as metadata changes) requested by this Action. The login flow will immediately stop following the completion of this action
-     * and no further Actions will be executed.
-     * @param reason A human-readable explanation for rejecting the login. This may be presented directly in end-user interfaces.
-     */
-    deny(reason: string): TApi;
-}
-export interface MultifactorManager {
-    /**
-     *
-     * @param provider
-     * @param options
-     */
-    enable(provider: 'any' | 'duo' | 'google-authenticator' | 'guardian' | 'none', options: MultifactorOptions): PostLoginApi
-}
-export interface MultifactorOptions {
-    allowRememberBrowser?: boolean
-    providerOptions?: DuoMultifactorOptions
-}
-export interface RedirectManager {
-    /**
-     *
-     * @param options
-     */
-    encodeToken(options: EncodeTokenOptions): string
-    /**
-     *
-     * @param url
-     * @param options
-     */
-    sendUserTo(url: string, options: { query: string }): PostLoginApi
-    /**
-     *
-     * @param options
-     */
-    validateToken(options: ValidateTokenOptions): string
-}
-export interface UserManager {
-    /**
-     *
-     * @param name
-     * @param value
-     */
-    setAppMetadata(name: string, value: any): PostLoginApi
-    /**
-     *
-     * @param name
-     * @param value
-     */
-    setUserMetadata(name: string, value: any): PostLoginApi
-}
-export interface ValidateTokenOptions {
-    secret: string;
-    tokenParameterName: string;
-}
-//#endregion