authhero 0.149.0 → 0.151.0

package/dist/authhero.d.ts

@@ -8589,6 +8589,11 @@ export declare const codeInsertSchema: z.ZodObject<{
 		"ticket"
 	]>;
 	code_verifier: z.ZodOptional<z.ZodString>;
+	code_challenge: z.ZodOptional<z.ZodString>;
+	code_challenge_method: z.ZodOptional<z.ZodEnum<[
+		"plain",
+		"S256"
+	]>>;
 	expires_at: z.ZodString;
 	used_at: z.ZodOptional<z.ZodString>;
 	user_id: z.ZodOptional<z.ZodString>;
@@ -8598,6 +8603,8 @@ export declare const codeInsertSchema: z.ZodObject<{
 	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	user_id?: string | undefined;
+	code_challenge_method?: "S256" | "plain" | undefined;
+	code_challenge?: string | undefined;
 	connection_id?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
@@ -8607,6 +8614,8 @@ export declare const codeInsertSchema: z.ZodObject<{
 	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	user_id?: string | undefined;
+	code_challenge_method?: "S256" | "plain" | undefined;
+	code_challenge?: string | undefined;
 	connection_id?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
@@ -8626,6 +8635,11 @@ export declare const codeSchema: z.ZodObject<{
 		"ticket"
 	]>;
 	code_verifier: z.ZodOptional<z.ZodString>;
+	code_challenge: z.ZodOptional<z.ZodString>;
+	code_challenge_method: z.ZodOptional<z.ZodEnum<[
+		"plain",
+		"S256"
+	]>>;
 	expires_at: z.ZodString;
 	used_at: z.ZodOptional<z.ZodString>;
 	user_id: z.ZodOptional<z.ZodString>;
@@ -8636,6 +8650,8 @@ export declare const codeSchema: z.ZodObject<{
 	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	user_id?: string | undefined;
+	code_challenge_method?: "S256" | "plain" | undefined;
+	code_challenge?: string | undefined;
 	connection_id?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
@@ -8646,6 +8662,8 @@ export declare const codeSchema: z.ZodObject<{
 	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	user_id?: string | undefined;
+	code_challenge_method?: "S256" | "plain" | undefined;
+	code_challenge?: string | undefined;
 	connection_id?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
@@ -17296,9 +17314,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17325,9 +17343,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17354,9 +17372,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17391,9 +17409,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17422,9 +17440,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17482,8 +17500,8 @@ export declare function init(config: AuthHeroConfig): {
 							state?: string | undefined;
 							scope?: string | undefined;
 							redirect_uri?: string | undefined;
-							code_challenge_method?: CodeChallengeMethod | undefined;
 							code_challenge?: string | undefined;
+							code_challenge_method?: CodeChallengeMethod | undefined;
 							act_as?: string | undefined;
 							organization?: string | undefined;
 							prompt?: string | undefined;
@@ -17504,8 +17522,8 @@ export declare function init(config: AuthHeroConfig): {
 							state?: string | undefined;
 							scope?: string | undefined;
 							redirect_uri?: string | undefined;
-							code_challenge_method?: CodeChallengeMethod | undefined;
 							code_challenge?: string | undefined;
+							code_challenge_method?: CodeChallengeMethod | undefined;
 							act_as?: string | undefined;
 							organization?: string | undefined;
 							prompt?: string | undefined;

package/dist/authhero.mjs

@@ -1846,6 +1846,12 @@ const k1 = o.enum([
   code_verifier: o.string().optional().openapi({
     description: "The code verifier used in PKCE in outbound flows"
   }),
+  code_challenge: o.string().optional().openapi({
+    description: "The code challenge used in PKCE in outbound flows"
+  }),
+  code_challenge_method: o.enum(["plain", "S256"]).optional().openapi({
+    description: "The code challenge method used in PKCE in outbound flows"
+  }),
   expires_at: o.string(),
   used_at: o.string().optional(),
   user_id: o.string().optional()
@@ -5971,7 +5977,9 @@ async function Fh(t, e) {
       login_id: e.login_id,
       expires_at: new Date(
         Date.now() + h_ * 1e3
-      ).toISOString()
+      ).toISOString(),
+      code_challenge: e.authParams.code_challenge,
+      code_challenge_method: e.authParams.code_challenge_method
     })).code_id,
     state: e.authParams.state
   };
@@ -6161,7 +6169,6 @@ async function Zt(t, e) {
       client: i,
       authParams: n,
       login_id: e.loginSession.id
-      // Use login session id instead of session_id
     });
     if (!n.redirect_uri)
       throw new A(400, {
@@ -19814,12 +19821,12 @@ async function pb(t, e) {
     const a = await t.env.data.clients.get("DEFAULT_CLIENT");
     if (!os(n.client_secret, e.client_secret) && !os(a == null ? void 0 : a.client_secret, e.client_secret))
       throw new A(403, { message: "Invalid client credentials" });
-  } else if ("code_verifier" in e && typeof e.code_verifier == "string" && "code_challenge_method" in i.authParams && typeof i.authParams.code_challenge_method == "string") {
+  } else if (r.code_challenge && r.code_challenge_method && e.code_verifier) {
     const a = await u_(
       e.code_verifier,
-      i.authParams.code_challenge_method
+      r.code_challenge_method
     );
-    if (!os(a, i.authParams.code_challenge || ""))
+    if (!os(a, r.code_challenge))
       throw new A(403, { message: "Invalid client credentials" });
   }
   if (i.authParams.redirect_uri && i.authParams.redirect_uri !== e.redirect_uri)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "authhero",
-  "version": "0.149.0",
+  "version": "0.151.0",
   "files": [
     "dist"
   ],
@@ -36,7 +36,7 @@
     "vite": "^5.4.11",
     "vite-plugin-dts": "^4.3.0",
     "vitest": "^2.1.5",
-    "@authhero/kysely-adapter": "^10.17.0"
+    "@authhero/kysely-adapter": "^10.18.0"
   },
   "dependencies": {
     "@peculiar/x509": "^1.12.3",
@@ -49,7 +49,7 @@
     "libphonenumber-js": "^1.12.8",
     "nanoid": "^5.0.8",
     "oslo": "^1.2.1",
-    "@authhero/adapter-interfaces": "^0.67.0"
+    "@authhero/adapter-interfaces": "^0.68.0"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^0.19.2",