authhero 0.151.0 → 0.153.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/authhero.cjs +5 -5
  2. package/dist/authhero.d.ts +18 -0
  3. package/dist/authhero.mjs +27 -6
  4. package/package.json +3 -3
package/dist/authhero.d.ts CHANGED
@@ -8594,6 +8594,9 @@ export declare const codeInsertSchema: z.ZodObject<{
8594
8594
  "plain",
8595
8595
  "S256"
8596
8596
  ]>>;
8597
+ redirect_uri: z.ZodOptional<z.ZodString>;
8598
+ nonce: z.ZodOptional<z.ZodString>;
8599
+ state: z.ZodOptional<z.ZodString>;
8597
8600
  expires_at: z.ZodString;
8598
8601
  used_at: z.ZodOptional<z.ZodString>;
8599
8602
  user_id: z.ZodOptional<z.ZodString>;
@@ -8603,6 +8606,9 @@ export declare const codeInsertSchema: z.ZodObject<{
8603
8606
  code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
8604
8607
  expires_at: string;
8605
8608
  user_id?: string | undefined;
8609
+ redirect_uri?: string | undefined;
8610
+ state?: string | undefined;
8611
+ nonce?: string | undefined;
8606
8612
  code_challenge_method?: "S256" | "plain" | undefined;
8607
8613
  code_challenge?: string | undefined;
8608
8614
  connection_id?: string | undefined;
@@ -8614,6 +8620,9 @@ export declare const codeInsertSchema: z.ZodObject<{
8614
8620
  code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
8615
8621
  expires_at: string;
8616
8622
  user_id?: string | undefined;
8623
+ redirect_uri?: string | undefined;
8624
+ state?: string | undefined;
8625
+ nonce?: string | undefined;
8617
8626
  code_challenge_method?: "S256" | "plain" | undefined;
8618
8627
  code_challenge?: string | undefined;
8619
8628
  connection_id?: string | undefined;
@@ -8640,6 +8649,9 @@ export declare const codeSchema: z.ZodObject<{
8640
8649
  "plain",
8641
8650
  "S256"
8642
8651
  ]>>;
8652
+ redirect_uri: z.ZodOptional<z.ZodString>;
8653
+ nonce: z.ZodOptional<z.ZodString>;
8654
+ state: z.ZodOptional<z.ZodString>;
8643
8655
  expires_at: z.ZodString;
8644
8656
  used_at: z.ZodOptional<z.ZodString>;
8645
8657
  user_id: z.ZodOptional<z.ZodString>;
@@ -8650,6 +8662,9 @@ export declare const codeSchema: z.ZodObject<{
8650
8662
  code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
8651
8663
  expires_at: string;
8652
8664
  user_id?: string | undefined;
8665
+ redirect_uri?: string | undefined;
8666
+ state?: string | undefined;
8667
+ nonce?: string | undefined;
8653
8668
  code_challenge_method?: "S256" | "plain" | undefined;
8654
8669
  code_challenge?: string | undefined;
8655
8670
  connection_id?: string | undefined;
@@ -8662,6 +8677,9 @@ export declare const codeSchema: z.ZodObject<{
8662
8677
  code_type: "password_reset" | "email_verification" | "otp" | "authorization_code" | "oauth2_state" | "ticket";
8663
8678
  expires_at: string;
8664
8679
  user_id?: string | undefined;
8680
+ redirect_uri?: string | undefined;
8681
+ state?: string | undefined;
8682
+ nonce?: string | undefined;
8665
8683
  code_challenge_method?: "S256" | "plain" | undefined;
8666
8684
  code_challenge?: string | undefined;
8667
8685
  connection_id?: string | undefined;
package/dist/authhero.mjs CHANGED
@@ -1852,6 +1852,15 @@ const k1 = o.enum([
1852
1852
  code_challenge_method: o.enum(["plain", "S256"]).optional().openapi({
1853
1853
  description: "The code challenge method used in PKCE in outbound flows"
1854
1854
  }),
1855
+ redirect_uri: o.string().optional().openapi({
1856
+ description: "The redirect URI associated with the code"
1857
+ }),
1858
+ nonce: o.string().optional().openapi({
1859
+ description: "The nonce value used for security in OIDC flows"
1860
+ }),
1861
+ state: o.string().optional().openapi({
1862
+ description: "The state parameter used for CSRF protection in OAuth flows"
1863
+ }),
1855
1864
  expires_at: o.string(),
1856
1865
  used_at: o.string().optional(),
1857
1866
  user_id: o.string().optional()
@@ -5979,7 +5988,10 @@ async function Fh(t, e) {
5979
5988
  Date.now() + h_ * 1e3
5980
5989
  ).toISOString(),
5981
5990
  code_challenge: e.authParams.code_challenge,
5982
- code_challenge_method: e.authParams.code_challenge_method
5991
+ code_challenge_method: e.authParams.code_challenge_method,
5992
+ redirect_uri: e.authParams.redirect_uri,
5993
+ state: e.authParams.state,
5994
+ nonce: e.authParams.nonce
5983
5995
  })).code_id,
5984
5996
  state: e.authParams.state
5985
5997
  };
@@ -6068,7 +6080,10 @@ async function Zt(t, e) {
6068
6080
  code_type: "ticket",
6069
6081
  login_id: e.loginSession.id,
6070
6082
  expires_at: new Date(Date.now() + m_).toISOString(),
6071
- code_verifier: [b, v].join("|")
6083
+ code_verifier: [b, v].join("|"),
6084
+ redirect_uri: n.redirect_uri,
6085
+ state: n.state,
6086
+ nonce: n.nonce
6072
6087
  });
6073
6088
  return t.json({
6074
6089
  login_ticket: E.code_id,
@@ -19829,7 +19844,7 @@ async function pb(t, e) {
19829
19844
  if (!os(a, r.code_challenge))
19830
19845
  throw new A(403, { message: "Invalid client credentials" });
19831
19846
  }
19832
- if (i.authParams.redirect_uri && i.authParams.redirect_uri !== e.redirect_uri)
19847
+ if (r.redirect_uri && r.redirect_uri !== e.redirect_uri)
19833
19848
  throw new A(403, { message: "Invalid redirect uri" });
19834
19849
  const s = await t.env.data.users.get(n.tenant.id, r.user_id);
19835
19850
  if (!s)
@@ -19840,6 +19855,9 @@ async function pb(t, e) {
19840
19855
  loginSession: i,
19841
19856
  authParams: {
19842
19857
  ...i.authParams,
19858
+ // Use the state and nonce from the code as it might differ if it's a silent auth login
19859
+ state: r.state,
19860
+ nonce: r.nonce,
19843
19861
  // Ensure WEB_MESSAGE is explicitly passed, as createAuthResponse relies on it
19844
19862
  response_mode: an.WEB_MESSAGE,
19845
19863
  // Pass through other relevant authParams from the loginSession or original request if necessary
@@ -22277,7 +22295,8 @@ const A4 = new ae().openapi(
22277
22295
  code_id: Dn(),
22278
22296
  code_type: "otp",
22279
22297
  login_id: m.id,
22280
- expires_at: new Date(Date.now() + es).toISOString()
22298
+ expires_at: new Date(Date.now() + es).toISOString(),
22299
+ redirect_uri: s.redirect_uri
22281
22300
  });
22282
22301
  return i === "link" ? await Vl(t, {
22283
22302
  to: d,
@@ -22696,7 +22715,8 @@ async function C4({
22696
22715
  login_id: u.id,
22697
22716
  expires_at: new Date(
22698
22717
  Date.now() + Zr * 1e3
22699
- ).toISOString()
22718
+ ).toISOString(),
22719
+ redirect_uri: r.redirect_uri
22700
22720
  }), await Vl(t, {
22701
22721
  code: f,
22702
22722
  to: s,
@@ -24221,7 +24241,8 @@ const g$ = new ae().openapi(
24221
24241
  code_id: u,
24222
24242
  code_type: "otp",
24223
24243
  login_id: s.id,
24224
- expires_at: new Date(Date.now() + es).toISOString()
24244
+ expires_at: new Date(Date.now() + es).toISOString(),
24245
+ redirect_uri: s.authParams.redirect_uri
24225
24246
  }), w = h$(
24226
24247
  s.auth0Client
24227
24248
  ), { connection: h } = hi(d);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "authhero",
3
- "version": "0.151.0",
3
+ "version": "0.153.0",
4
4
  "files": [
5
5
  "dist"
6
6
  ],
@@ -36,7 +36,7 @@
36
36
  "vite": "^5.4.11",
37
37
  "vite-plugin-dts": "^4.3.0",
38
38
  "vitest": "^2.1.5",
39
- "@authhero/kysely-adapter": "^10.18.0"
39
+ "@authhero/kysely-adapter": "^10.19.0"
40
40
  },
41
41
  "dependencies": {
42
42
  "@peculiar/x509": "^1.12.3",
@@ -49,7 +49,7 @@
49
49
  "libphonenumber-js": "^1.12.8",
50
50
  "nanoid": "^5.0.8",
51
51
  "oslo": "^1.2.1",
52
- "@authhero/adapter-interfaces": "^0.68.0"
52
+ "@authhero/adapter-interfaces": "^0.70.0"
53
53
  },
54
54
  "peerDependencies": {
55
55
  "@hono/zod-openapi": "^0.19.2",