authhero 0.150.0 → 0.152.0

package/dist/authhero.d.ts

@@ -8589,6 +8589,12 @@ export declare const codeInsertSchema: z.ZodObject<{
 		"ticket"
 	]>;
 	code_verifier: z.ZodOptional<z.ZodString>;
+	code_challenge: z.ZodOptional<z.ZodString>;
+	code_challenge_method: z.ZodOptional<z.ZodEnum<[
+		"plain",
+		"S256"
+	]>>;
+	redirect_uri: z.ZodOptional<z.ZodString>;
 	expires_at: z.ZodString;
 	used_at: z.ZodOptional<z.ZodString>;
 	user_id: z.ZodOptional<z.ZodString>;
@@ -8598,6 +8604,9 @@ export declare const codeInsertSchema: z.ZodObject<{
 	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	user_id?: string | undefined;
+	redirect_uri?: string | undefined;
+	code_challenge_method?: "S256" | "plain" | undefined;
+	code_challenge?: string | undefined;
 	connection_id?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
@@ -8607,6 +8616,9 @@ export declare const codeInsertSchema: z.ZodObject<{
 	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	user_id?: string | undefined;
+	redirect_uri?: string | undefined;
+	code_challenge_method?: "S256" | "plain" | undefined;
+	code_challenge?: string | undefined;
 	connection_id?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
@@ -8626,6 +8638,12 @@ export declare const codeSchema: z.ZodObject<{
 		"ticket"
 	]>;
 	code_verifier: z.ZodOptional<z.ZodString>;
+	code_challenge: z.ZodOptional<z.ZodString>;
+	code_challenge_method: z.ZodOptional<z.ZodEnum<[
+		"plain",
+		"S256"
+	]>>;
+	redirect_uri: z.ZodOptional<z.ZodString>;
 	expires_at: z.ZodString;
 	used_at: z.ZodOptional<z.ZodString>;
 	user_id: z.ZodOptional<z.ZodString>;
@@ -8636,6 +8654,9 @@ export declare const codeSchema: z.ZodObject<{
 	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	user_id?: string | undefined;
+	redirect_uri?: string | undefined;
+	code_challenge_method?: "S256" | "plain" | undefined;
+	code_challenge?: string | undefined;
 	connection_id?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
@@ -8646,6 +8667,9 @@ export declare const codeSchema: z.ZodObject<{
 	code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
 	expires_at: string;
 	user_id?: string | undefined;
+	redirect_uri?: string | undefined;
+	code_challenge_method?: "S256" | "plain" | undefined;
+	code_challenge?: string | undefined;
 	connection_id?: string | undefined;
 	code_verifier?: string | undefined;
 	used_at?: string | undefined;
@@ -17296,9 +17320,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17325,9 +17349,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17354,9 +17378,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17391,9 +17415,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17422,9 +17446,9 @@ export declare function init(config: AuthHeroConfig): {
 						scope?: string | undefined;
 						login_ticket?: string | undefined;
 						screen_hint?: string | undefined;
+						code_challenge?: string | undefined;
 						code_challenge_method?: CodeChallengeMethod | undefined;
 						realm?: string | undefined;
-						code_challenge?: string | undefined;
 						organization?: string | undefined;
 						prompt?: string | undefined;
 						ui_locales?: string | undefined;
@@ -17482,8 +17506,8 @@ export declare function init(config: AuthHeroConfig): {
 							state?: string | undefined;
 							scope?: string | undefined;
 							redirect_uri?: string | undefined;
-							code_challenge_method?: CodeChallengeMethod | undefined;
 							code_challenge?: string | undefined;
+							code_challenge_method?: CodeChallengeMethod | undefined;
 							act_as?: string | undefined;
 							organization?: string | undefined;
 							prompt?: string | undefined;
@@ -17504,8 +17528,8 @@ export declare function init(config: AuthHeroConfig): {
 							state?: string | undefined;
 							scope?: string | undefined;
 							redirect_uri?: string | undefined;
-							code_challenge_method?: CodeChallengeMethod | undefined;
 							code_challenge?: string | undefined;
+							code_challenge_method?: CodeChallengeMethod | undefined;
 							act_as?: string | undefined;
 							organization?: string | undefined;
 							prompt?: string | undefined;

package/dist/authhero.mjs

@@ -1846,6 +1846,15 @@ const k1 = o.enum([
   code_verifier: o.string().optional().openapi({
     description: "The code verifier used in PKCE in outbound flows"
   }),
+  code_challenge: o.string().optional().openapi({
+    description: "The code challenge used in PKCE in outbound flows"
+  }),
+  code_challenge_method: o.enum(["plain", "S256"]).optional().openapi({
+    description: "The code challenge method used in PKCE in outbound flows"
+  }),
+  redirect_uri: o.string().optional().openapi({
+    description: "The redirect URI associated with the code"
+  }),
   expires_at: o.string(),
   used_at: o.string().optional(),
   user_id: o.string().optional()
@@ -5972,7 +5981,9 @@ async function Fh(t, e) {
       expires_at: new Date(
         Date.now() + h_ * 1e3
       ).toISOString(),
-      code_verifier: e.authParams.code_challenge
+      code_challenge: e.authParams.code_challenge,
+      code_challenge_method: e.authParams.code_challenge_method,
+      redirect_uri: e.authParams.redirect_uri
     })).code_id,
     state: e.authParams.state
   };
@@ -6061,7 +6072,8 @@ async function Zt(t, e) {
       code_type: "ticket",
       login_id: e.loginSession.id,
       expires_at: new Date(Date.now() + m_).toISOString(),
-      code_verifier: [b, v].join("|")
+      code_verifier: [b, v].join("|"),
+      redirect_uri: n.redirect_uri
     });
     return t.json({
       login_ticket: E.code_id,
@@ -19814,15 +19826,15 @@ async function pb(t, e) {
     const a = await t.env.data.clients.get("DEFAULT_CLIENT");
     if (!os(n.client_secret, e.client_secret) && !os(a == null ? void 0 : a.client_secret, e.client_secret))
       throw new A(403, { message: "Invalid client credentials" });
-  } else if ("code_verifier" in e && typeof e.code_verifier == "string" && "code_challenge_method" in i.authParams && typeof i.authParams.code_challenge_method == "string") {
+  } else if (r.code_challenge && r.code_challenge_method && e.code_verifier) {
     const a = await u_(
       e.code_verifier,
-      i.authParams.code_challenge_method
+      r.code_challenge_method
     );
-    if (!os(a, i.authParams.code_challenge || ""))
+    if (!os(a, r.code_challenge))
       throw new A(403, { message: "Invalid client credentials" });
   }
-  if (i.authParams.redirect_uri && i.authParams.redirect_uri !== e.redirect_uri)
+  if (r.redirect_uri && r.redirect_uri !== e.redirect_uri)
     throw new A(403, { message: "Invalid redirect uri" });
   const s = await t.env.data.users.get(n.tenant.id, r.user_id);
   if (!s)
@@ -22270,7 +22282,8 @@ const A4 = new ae().openapi(
       code_id: Dn(),
       code_type: "otp",
       login_id: m.id,
-      expires_at: new Date(Date.now() + es).toISOString()
+      expires_at: new Date(Date.now() + es).toISOString(),
+      redirect_uri: s.redirect_uri
     });
     return i === "link" ? await Vl(t, {
       to: d,
@@ -22689,7 +22702,8 @@ async function C4({
       login_id: u.id,
       expires_at: new Date(
         Date.now() + Zr * 1e3
-      ).toISOString()
+      ).toISOString(),
+      redirect_uri: r.redirect_uri
     }), await Vl(t, {
       code: f,
       to: s,
@@ -24214,7 +24228,8 @@ const g$ = new ae().openapi(
       code_id: u,
       code_type: "otp",
       login_id: s.id,
-      expires_at: new Date(Date.now() + es).toISOString()
+      expires_at: new Date(Date.now() + es).toISOString(),
+      redirect_uri: s.authParams.redirect_uri
     }), w = h$(
       s.auth0Client
     ), { connection: h } = hi(d);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "authhero",
-  "version": "0.150.0",
+  "version": "0.152.0",
   "files": [
     "dist"
   ],
@@ -36,7 +36,7 @@
     "vite": "^5.4.11",
     "vite-plugin-dts": "^4.3.0",
     "vitest": "^2.1.5",
-    "@authhero/kysely-adapter": "^10.17.0"
+    "@authhero/kysely-adapter": "^10.19.0"
   },
   "dependencies": {
     "@peculiar/x509": "^1.12.3",
@@ -49,7 +49,7 @@
     "libphonenumber-js": "^1.12.8",
     "nanoid": "^5.0.8",
     "oslo": "^1.2.1",
-    "@authhero/adapter-interfaces": "^0.67.0"
+    "@authhero/adapter-interfaces": "^0.69.0"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^0.19.2",