authhero 0.190.0 → 0.193.0

package/dist/authhero.d.ts

@@ -13909,41 +13909,27 @@ export declare const resourceServerOptionsSchema: z.ZodObject<{
 	}, {
 		bound_access_tokens?: boolean | undefined;
 	}>>;
-}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-	token_dialect: z.ZodOptional<z.ZodEnum<[
-		"access_token",
-		"access_token_authz"
-	]>>;
-	enforce_policies: z.ZodOptional<z.ZodBoolean>;
-	allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-	skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-	persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-	enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-	mtls: z.ZodOptional<z.ZodObject<{
-		bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-	}, "strip", z.ZodTypeAny, {
-		bound_access_tokens?: boolean | undefined;
-	}, {
-		bound_access_tokens?: boolean | undefined;
-	}>>;
-}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-	token_dialect: z.ZodOptional<z.ZodEnum<[
-		"access_token",
-		"access_token_authz"
-	]>>;
-	enforce_policies: z.ZodOptional<z.ZodBoolean>;
-	allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-	skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-	persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-	enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-	mtls: z.ZodOptional<z.ZodObject<{
-		bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-	}, "strip", z.ZodTypeAny, {
+}, "strip", z.ZodTypeAny, {
+	token_dialect?: "access_token" | "access_token_authz" | undefined;
+	enforce_policies?: boolean | undefined;
+	allow_skipping_userinfo?: boolean | undefined;
+	skip_userinfo?: boolean | undefined;
+	persist_client_authorization?: boolean | undefined;
+	enable_introspection_endpoint?: boolean | undefined;
+	mtls?: {
 		bound_access_tokens?: boolean | undefined;
-	}, {
+	} | undefined;
+}, {
+	token_dialect?: "access_token" | "access_token_authz" | undefined;
+	enforce_policies?: boolean | undefined;
+	allow_skipping_userinfo?: boolean | undefined;
+	skip_userinfo?: boolean | undefined;
+	persist_client_authorization?: boolean | undefined;
+	enable_introspection_endpoint?: boolean | undefined;
+	mtls?: {
 		bound_access_tokens?: boolean | undefined;
-	}>>;
-}, z.ZodTypeAny, "passthrough">>;
+	} | undefined;
+}>;
 export type ResourceServerOptions = z.infer<typeof resourceServerOptionsSchema>;
 export declare const resourceServerInsertSchema: z.ZodObject<{
 	name: z.ZodString;
@@ -13982,62 +13968,41 @@ export declare const resourceServerInsertSchema: z.ZodObject<{
 		}, {
 			bound_access_tokens?: boolean | undefined;
 		}>>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
-			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
+	}, "strip", z.ZodTypeAny, {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}, {
+		} | undefined;
+	}, {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough">>>;
+		} | undefined;
+	}>>;
 }, "strip", z.ZodTypeAny, {
 	name: string;
 	identifier: string;
-	options?: z.objectOutputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
+	options?: {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough"> | undefined;
+		} | undefined;
+	} | undefined;
 	scopes?: {
 		value: string;
 		description?: string | undefined;
@@ -14052,24 +14017,17 @@ export declare const resourceServerInsertSchema: z.ZodObject<{
 }, {
 	name: string;
 	identifier: string;
-	options?: z.objectInputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
+	options?: {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough"> | undefined;
+		} | undefined;
+	} | undefined;
 	scopes?: {
 		value: string;
 		description?: string | undefined;
@@ -14122,63 +14080,42 @@ export declare const resourceServerSchema: z.ZodObject<{
 		}, {
 			bound_access_tokens?: boolean | undefined;
 		}>>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
-			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
+	}, "strip", z.ZodTypeAny, {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}, {
+		} | undefined;
+	}, {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough">>>;
+		} | undefined;
+	}>>;
 	id: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
 	name: string;
 	identifier: string;
-	options?: z.objectOutputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
+	options?: {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough"> | undefined;
+		} | undefined;
+	} | undefined;
 	created_at?: string | undefined;
 	updated_at?: string | undefined;
 	id?: string | undefined;
@@ -14196,24 +14133,17 @@ export declare const resourceServerSchema: z.ZodObject<{
 }, {
 	name: string;
 	identifier: string;
-	options?: z.objectInputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
+	options?: {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough"> | undefined;
+		} | undefined;
+	} | undefined;
 	created_at?: string | undefined;
 	updated_at?: string | undefined;
 	id?: string | undefined;
@@ -14269,63 +14199,42 @@ export declare const resourceServerListSchema: z.ZodArray<z.ZodObject<{
 		}, {
 			bound_access_tokens?: boolean | undefined;
 		}>>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
-			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
+	}, "strip", z.ZodTypeAny, {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}, {
+		} | undefined;
+	}, {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough">>>;
+		} | undefined;
+	}>>;
 	id: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
 	name: string;
 	identifier: string;
-	options?: z.objectOutputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
+	options?: {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough"> | undefined;
+		} | undefined;
+	} | undefined;
 	created_at?: string | undefined;
 	updated_at?: string | undefined;
 	id?: string | undefined;
@@ -14343,24 +14252,17 @@ export declare const resourceServerListSchema: z.ZodArray<z.ZodObject<{
 }, {
 	name: string;
 	identifier: string;
-	options?: z.objectInputType<{
-		token_dialect: z.ZodOptional<z.ZodEnum<[
-			"access_token",
-			"access_token_authz"
-		]>>;
-		enforce_policies: z.ZodOptional<z.ZodBoolean>;
-		allow_skipping_userinfo: z.ZodOptional<z.ZodBoolean>;
-		skip_userinfo: z.ZodOptional<z.ZodBoolean>;
-		persist_client_authorization: z.ZodOptional<z.ZodBoolean>;
-		enable_introspection_endpoint: z.ZodOptional<z.ZodBoolean>;
-		mtls: z.ZodOptional<z.ZodObject<{
-			bound_access_tokens: z.ZodOptional<z.ZodBoolean>;
-		}, "strip", z.ZodTypeAny, {
-			bound_access_tokens?: boolean | undefined;
-		}, {
+	options?: {
+		token_dialect?: "access_token" | "access_token_authz" | undefined;
+		enforce_policies?: boolean | undefined;
+		allow_skipping_userinfo?: boolean | undefined;
+		skip_userinfo?: boolean | undefined;
+		persist_client_authorization?: boolean | undefined;
+		enable_introspection_endpoint?: boolean | undefined;
+		mtls?: {
 			bound_access_tokens?: boolean | undefined;
-		}>>;
-	}, z.ZodTypeAny, "passthrough"> | undefined;
+		} | undefined;
+	} | undefined;
 	created_at?: string | undefined;
 	updated_at?: string | undefined;
 	id?: string | undefined;
@@ -14377,145 +14279,206 @@ export declare const resourceServerListSchema: z.ZodArray<z.ZodObject<{
 	verificationKey?: string | undefined;
 }>, "many">;
 export type ResourceServerList = z.infer<typeof resourceServerListSchema>;
-export declare const permissionSourceSchema: z.ZodObject<{
-	source_id: z.ZodOptional<z.ZodString>;
-	source_name: z.ZodOptional<z.ZodString>;
-	source_type: z.ZodOptional<z.ZodString>;
-}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-	source_id: z.ZodOptional<z.ZodString>;
-	source_name: z.ZodOptional<z.ZodString>;
-	source_type: z.ZodOptional<z.ZodString>;
-}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-	source_id: z.ZodOptional<z.ZodString>;
-	source_name: z.ZodOptional<z.ZodString>;
-	source_type: z.ZodOptional<z.ZodString>;
-}, z.ZodTypeAny, "passthrough">>;
-export type PermissionSource = z.infer<typeof permissionSourceSchema>;
-export declare const permissionSchema: z.ZodObject<{
+export declare const rolePermissionInsertSchema: z.ZodObject<{
+	role_id: z.ZodString;
+	resource_server_identifier: z.ZodString;
 	permission_name: z.ZodString;
-	description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+}, {
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+}>;
+export type RolePermissionInsert = z.infer<typeof rolePermissionInsertSchema>;
+export declare const rolePermissionSchema: z.ZodObject<{
+	tenant_id: z.ZodString;
+	created_at: z.ZodOptional<z.ZodString>;
+	role_id: z.ZodString;
 	resource_server_identifier: z.ZodString;
-	resource_server_name: z.ZodString;
-	sources: z.ZodOptional<z.ZodArray<z.ZodObject<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">>, "many">>;
+	permission_name: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+	tenant_id: string;
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	created_at?: string | undefined;
+}, {
+	tenant_id: string;
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	created_at?: string | undefined;
+}>;
+export type RolePermission = z.infer<typeof rolePermissionSchema>;
+export declare const rolePermissionListSchema: z.ZodArray<z.ZodObject<{
+	tenant_id: z.ZodString;
 	created_at: z.ZodOptional<z.ZodString>;
-	updated_at: z.ZodOptional<z.ZodString>;
-}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+	role_id: z.ZodString;
+	resource_server_identifier: z.ZodString;
 	permission_name: z.ZodString;
-	description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+	tenant_id: string;
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	created_at?: string | undefined;
+}, {
+	tenant_id: string;
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	created_at?: string | undefined;
+}>, "many">;
+export type RolePermissionList = z.infer<typeof rolePermissionListSchema>;
+export declare const rolePermissionWithDetailsSchema: z.ZodObject<{
+	role_id: z.ZodString;
 	resource_server_identifier: z.ZodString;
 	resource_server_name: z.ZodString;
-	sources: z.ZodOptional<z.ZodArray<z.ZodObject<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">>, "many">>;
-	created_at: z.ZodOptional<z.ZodString>;
-	updated_at: z.ZodOptional<z.ZodString>;
-}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
 	permission_name: z.ZodString;
 	description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+	created_at: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	resource_server_name: string;
+	description?: string | null | undefined;
+	created_at?: string | undefined;
+}, {
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	resource_server_name: string;
+	description?: string | null | undefined;
+	created_at?: string | undefined;
+}>;
+export type RolePermissionWithDetails = z.infer<typeof rolePermissionWithDetailsSchema>;
+export declare const rolePermissionWithDetailsListSchema: z.ZodArray<z.ZodObject<{
+	role_id: z.ZodString;
 	resource_server_identifier: z.ZodString;
 	resource_server_name: z.ZodString;
-	sources: z.ZodOptional<z.ZodArray<z.ZodObject<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">>, "many">>;
-	created_at: z.ZodOptional<z.ZodString>;
-	updated_at: z.ZodOptional<z.ZodString>;
-}, z.ZodTypeAny, "passthrough">>;
-export type Permission = z.infer<typeof permissionSchema>;
-export type PermissionInsert = z.input<typeof permissionSchema>;
-export declare const permissionListSchema: z.ZodArray<z.ZodObject<{
 	permission_name: z.ZodString;
 	description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+	created_at: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	resource_server_name: string;
+	description?: string | null | undefined;
+	created_at?: string | undefined;
+}, {
+	role_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	resource_server_name: string;
+	description?: string | null | undefined;
+	created_at?: string | undefined;
+}>, "many">;
+export type RolePermissionWithDetailsList = z.infer<typeof rolePermissionWithDetailsListSchema>;
+export declare const userPermissionInsertSchema: z.ZodObject<{
+	user_id: z.ZodString;
 	resource_server_identifier: z.ZodString;
-	resource_server_name: z.ZodString;
-	sources: z.ZodOptional<z.ZodArray<z.ZodObject<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">>, "many">>;
+	permission_name: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+	user_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+}, {
+	user_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+}>;
+export type UserPermissionInsert = z.infer<typeof userPermissionInsertSchema>;
+export declare const userPermissionSchema: z.ZodObject<{
+	tenant_id: z.ZodString;
 	created_at: z.ZodOptional<z.ZodString>;
-	updated_at: z.ZodOptional<z.ZodString>;
-}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+	user_id: z.ZodString;
+	resource_server_identifier: z.ZodString;
 	permission_name: z.ZodString;
-	description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+	user_id: string;
+	tenant_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	created_at?: string | undefined;
+}, {
+	user_id: string;
+	tenant_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	created_at?: string | undefined;
+}>;
+export type UserPermission = z.infer<typeof userPermissionSchema>;
+export declare const userPermissionListSchema: z.ZodArray<z.ZodObject<{
+	tenant_id: z.ZodString;
+	created_at: z.ZodOptional<z.ZodString>;
+	user_id: z.ZodString;
+	resource_server_identifier: z.ZodString;
+	permission_name: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+	user_id: string;
+	tenant_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	created_at?: string | undefined;
+}, {
+	user_id: string;
+	tenant_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	created_at?: string | undefined;
+}>, "many">;
+export type UserPermissionList = z.infer<typeof userPermissionListSchema>;
+export declare const userPermissionWithDetailsSchema: z.ZodObject<{
+	user_id: z.ZodString;
 	resource_server_identifier: z.ZodString;
 	resource_server_name: z.ZodString;
-	sources: z.ZodOptional<z.ZodArray<z.ZodObject<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">>, "many">>;
-	created_at: z.ZodOptional<z.ZodString>;
-	updated_at: z.ZodOptional<z.ZodString>;
-}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
 	permission_name: z.ZodString;
 	description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+	created_at: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+	user_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	resource_server_name: string;
+	description?: string | null | undefined;
+	created_at?: string | undefined;
+}, {
+	user_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	resource_server_name: string;
+	description?: string | null | undefined;
+	created_at?: string | undefined;
+}>;
+export type UserPermissionWithDetails = z.infer<typeof userPermissionWithDetailsSchema>;
+export declare const userPermissionWithDetailsListSchema: z.ZodArray<z.ZodObject<{
+	user_id: z.ZodString;
 	resource_server_identifier: z.ZodString;
 	resource_server_name: z.ZodString;
-	sources: z.ZodOptional<z.ZodArray<z.ZodObject<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
-		source_id: z.ZodOptional<z.ZodString>;
-		source_name: z.ZodOptional<z.ZodString>;
-		source_type: z.ZodOptional<z.ZodString>;
-	}, z.ZodTypeAny, "passthrough">>, "many">>;
+	permission_name: z.ZodString;
+	description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
 	created_at: z.ZodOptional<z.ZodString>;
-	updated_at: z.ZodOptional<z.ZodString>;
-}, z.ZodTypeAny, "passthrough">>, "many">;
-export type PermissionList = z.infer<typeof permissionListSchema>;
+}, "strip", z.ZodTypeAny, {
+	user_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	resource_server_name: string;
+	description?: string | null | undefined;
+	created_at?: string | undefined;
+}, {
+	user_id: string;
+	resource_server_identifier: string;
+	permission_name: string;
+	resource_server_name: string;
+	description?: string | null | undefined;
+	created_at?: string | undefined;
+}>, "many">;
+export type UserPermissionWithDetailsList = z.infer<typeof userPermissionWithDetailsListSchema>;
 export declare const roleInsertSchema: z.ZodObject<{
 	name: z.ZodString;
 	description: z.ZodOptional<z.ZodString>;
@@ -14733,15 +14696,15 @@ export interface ResourceServersAdapter {
 	update(tenant_id: string, id: string, resourceServer: Partial<ResourceServerInsert>): Promise<boolean>;
 	remove(tenant_id: string, id: string): Promise<boolean>;
 }
-export interface ListPermissionsResponse extends Totals {
-	permissions: Permission[];
+export interface RolePermissionsAdapter {
+	assign(tenant_id: string, role_id: string, permissions: RolePermissionInsert[]): Promise<boolean>;
+	remove(tenant_id: string, role_id: string, permissions: Pick<RolePermissionInsert, "resource_server_identifier" | "permission_name">[]): Promise<boolean>;
+	list(tenant_id: string, role_id: string, params?: ListParams): Promise<RolePermissionWithDetailsList>;
 }
-export interface PermissionsAdapter {
-	create(tenant_id: string, permission: PermissionInsert): Promise<Permission>;
-	get(tenant_id: string, permission_id: string): Promise<Permission | null>;
-	list(tenant_id: string, params?: ListParams): Promise<ListPermissionsResponse>;
-	update(tenant_id: string, permission_id: string, permission: Partial<PermissionInsert>): Promise<boolean>;
-	remove(tenant_id: string, permission_id: string): Promise<boolean>;
+export interface UserPermissionsAdapter {
+	assign(tenant_id: string, user_id: string, permissions: UserPermissionInsert[]): Promise<boolean>;
+	remove(tenant_id: string, user_id: string, permissions: Pick<UserPermissionInsert, "resource_server_identifier" | "permission_name">[]): Promise<boolean>;
+	list(tenant_id: string, user_id: string, params?: ListParams): Promise<UserPermissionWithDetailsList>;
 }
 export interface ListRolesResponse {
 	roles: Role[];
@@ -14774,7 +14737,8 @@ export interface DataAdapters {
 	promptSettings: PromptSettingsAdapter;
 	refreshTokens: RefreshTokensAdapter;
 	resourceServers: ResourceServersAdapter;
-	permissions: PermissionsAdapter;
+	rolePermissions: RolePermissionsAdapter;
+	userPermissions: UserPermissionsAdapter;
 	roles: RolesAdapter;
 	sessions: SessionsAdapter;
 	tenants: TenantsDataAdapter;
@@ -14957,8 +14921,8 @@ export declare type Fetcher = {
 export type Bindings = {
 	ENVIRONMENT: string;
 	AUTH_URL: string;
-	JWKS_URL: string;
-	JWKS_SERVICE: Fetcher;
+	JWKS_URL?: string;
+	JWKS_SERVICE?: Fetcher;
 	ISSUER: string;
 	UNIVERSAL_LOGIN_URL?: string;
 	OAUTH_API_URL?: string;
@@ -15230,6 +15194,290 @@ export declare function init(config: AuthHeroConfig): {
 		Bindings: Bindings;
 		Variables: Variables;
 	}, import("hono/types").MergeSchemaPath<{
+		"/": {
+			$get: {
+				input: {
+					query: {
+						sort?: string | undefined;
+						page?: string | undefined;
+						per_page?: string | undefined;
+						include_totals?: string | undefined;
+						q?: string | undefined;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				};
+				output: {
+					name: string;
+					identifier: string;
+					options?: {
+						token_dialect?: "access_token" | "access_token_authz" | undefined | undefined;
+						enforce_policies?: boolean | undefined | undefined;
+						allow_skipping_userinfo?: boolean | undefined | undefined;
+						skip_userinfo?: boolean | undefined | undefined;
+						persist_client_authorization?: boolean | undefined | undefined;
+						enable_introspection_endpoint?: boolean | undefined | undefined;
+						mtls?: {
+							bound_access_tokens?: boolean | undefined | undefined;
+						} | undefined;
+					} | undefined;
+					created_at?: string | undefined | undefined;
+					updated_at?: string | undefined | undefined;
+					id?: string | undefined | undefined;
+					scopes?: {
+						value: string;
+						description?: string | undefined | undefined;
+					}[] | undefined;
+					signing_alg?: string | undefined | undefined;
+					signing_secret?: string | undefined | undefined;
+					token_lifetime?: number | undefined | undefined;
+					token_lifetime_for_web?: number | undefined | undefined;
+					skip_consent_for_verifiable_first_party_clients?: boolean | undefined | undefined;
+					allow_offline_access?: boolean | undefined | undefined;
+					verificationKey?: string | undefined | undefined;
+				}[] | {
+					length: number;
+					start: number;
+					limit: number;
+					resource_servers: {
+						name: string;
+						identifier: string;
+						options?: {
+							token_dialect?: "access_token" | "access_token_authz" | undefined | undefined;
+							enforce_policies?: boolean | undefined | undefined;
+							allow_skipping_userinfo?: boolean | undefined | undefined;
+							skip_userinfo?: boolean | undefined | undefined;
+							persist_client_authorization?: boolean | undefined | undefined;
+							enable_introspection_endpoint?: boolean | undefined | undefined;
+							mtls?: {
+								bound_access_tokens?: boolean | undefined | undefined;
+							} | undefined;
+						} | undefined;
+						created_at?: string | undefined | undefined;
+						updated_at?: string | undefined | undefined;
+						id?: string | undefined | undefined;
+						scopes?: {
+							value: string;
+							description?: string | undefined | undefined;
+						}[] | undefined;
+						signing_alg?: string | undefined | undefined;
+						signing_secret?: string | undefined | undefined;
+						token_lifetime?: number | undefined | undefined;
+						token_lifetime_for_web?: number | undefined | undefined;
+						skip_consent_for_verifiable_first_party_clients?: boolean | undefined | undefined;
+						allow_offline_access?: boolean | undefined | undefined;
+						verificationKey?: string | undefined | undefined;
+					}[];
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:id": {
+			$get: {
+				input: {
+					param: {
+						id: string;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				};
+				output: {
+					name: string;
+					identifier: string;
+					options?: {
+						token_dialect?: "access_token" | "access_token_authz" | undefined | undefined;
+						enforce_policies?: boolean | undefined | undefined;
+						allow_skipping_userinfo?: boolean | undefined | undefined;
+						skip_userinfo?: boolean | undefined | undefined;
+						persist_client_authorization?: boolean | undefined | undefined;
+						enable_introspection_endpoint?: boolean | undefined | undefined;
+						mtls?: {
+							bound_access_tokens?: boolean | undefined | undefined;
+						} | undefined;
+					} | undefined;
+					created_at?: string | undefined | undefined;
+					updated_at?: string | undefined | undefined;
+					id?: string | undefined | undefined;
+					scopes?: {
+						value: string;
+						description?: string | undefined | undefined;
+					}[] | undefined;
+					signing_alg?: string | undefined | undefined;
+					signing_secret?: string | undefined | undefined;
+					token_lifetime?: number | undefined | undefined;
+					token_lifetime_for_web?: number | undefined | undefined;
+					skip_consent_for_verifiable_first_party_clients?: boolean | undefined | undefined;
+					allow_offline_access?: boolean | undefined | undefined;
+					verificationKey?: string | undefined | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:id": {
+			$delete: {
+				input: {
+					param: {
+						id: string;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 200;
+			};
+		};
+	} & {
+		"/:id": {
+			$patch: {
+				input: {
+					param: {
+						id: string;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				} & {
+					json: {
+						name?: string | undefined;
+						options?: {
+							token_dialect?: "access_token" | "access_token_authz" | undefined;
+							enforce_policies?: boolean | undefined;
+							allow_skipping_userinfo?: boolean | undefined;
+							skip_userinfo?: boolean | undefined;
+							persist_client_authorization?: boolean | undefined;
+							enable_introspection_endpoint?: boolean | undefined;
+							mtls?: {
+								bound_access_tokens?: boolean | undefined;
+							} | undefined;
+						} | undefined;
+						scopes?: {
+							value: string;
+							description?: string | undefined;
+						}[] | undefined;
+						identifier?: string | undefined;
+						signing_alg?: string | undefined;
+						signing_secret?: string | undefined;
+						token_lifetime?: number | undefined;
+						token_lifetime_for_web?: number | undefined;
+						skip_consent_for_verifiable_first_party_clients?: boolean | undefined;
+						allow_offline_access?: boolean | undefined;
+						verificationKey?: string | undefined;
+					};
+				};
+				output: {
+					name: string;
+					identifier: string;
+					options?: {
+						token_dialect?: "access_token" | "access_token_authz" | undefined | undefined;
+						enforce_policies?: boolean | undefined | undefined;
+						allow_skipping_userinfo?: boolean | undefined | undefined;
+						skip_userinfo?: boolean | undefined | undefined;
+						persist_client_authorization?: boolean | undefined | undefined;
+						enable_introspection_endpoint?: boolean | undefined | undefined;
+						mtls?: {
+							bound_access_tokens?: boolean | undefined | undefined;
+						} | undefined;
+					} | undefined;
+					created_at?: string | undefined | undefined;
+					updated_at?: string | undefined | undefined;
+					id?: string | undefined | undefined;
+					scopes?: {
+						value: string;
+						description?: string | undefined | undefined;
+					}[] | undefined;
+					signing_alg?: string | undefined | undefined;
+					signing_secret?: string | undefined | undefined;
+					token_lifetime?: number | undefined | undefined;
+					token_lifetime_for_web?: number | undefined | undefined;
+					skip_consent_for_verifiable_first_party_clients?: boolean | undefined | undefined;
+					allow_offline_access?: boolean | undefined | undefined;
+					verificationKey?: string | undefined | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/": {
+			$post: {
+				input: {
+					header: {
+						"tenant-id": string;
+					};
+				} & {
+					json: {
+						name: string;
+						identifier: string;
+						options?: {
+							token_dialect?: "access_token" | "access_token_authz" | undefined;
+							enforce_policies?: boolean | undefined;
+							allow_skipping_userinfo?: boolean | undefined;
+							skip_userinfo?: boolean | undefined;
+							persist_client_authorization?: boolean | undefined;
+							enable_introspection_endpoint?: boolean | undefined;
+							mtls?: {
+								bound_access_tokens?: boolean | undefined;
+							} | undefined;
+						} | undefined;
+						scopes?: {
+							value: string;
+							description?: string | undefined;
+						}[] | undefined;
+						signing_alg?: string | undefined;
+						signing_secret?: string | undefined;
+						token_lifetime?: number | undefined;
+						token_lifetime_for_web?: number | undefined;
+						skip_consent_for_verifiable_first_party_clients?: boolean | undefined;
+						allow_offline_access?: boolean | undefined;
+						verificationKey?: string | undefined;
+					};
+				};
+				output: {
+					name: string;
+					identifier: string;
+					options?: {
+						token_dialect?: "access_token" | "access_token_authz" | undefined | undefined;
+						enforce_policies?: boolean | undefined | undefined;
+						allow_skipping_userinfo?: boolean | undefined | undefined;
+						skip_userinfo?: boolean | undefined | undefined;
+						persist_client_authorization?: boolean | undefined | undefined;
+						enable_introspection_endpoint?: boolean | undefined | undefined;
+						mtls?: {
+							bound_access_tokens?: boolean | undefined | undefined;
+						} | undefined;
+					} | undefined;
+					created_at?: string | undefined | undefined;
+					updated_at?: string | undefined | undefined;
+					id?: string | undefined | undefined;
+					scopes?: {
+						value: string;
+						description?: string | undefined | undefined;
+					}[] | undefined;
+					signing_alg?: string | undefined | undefined;
+					signing_secret?: string | undefined | undefined;
+					token_lifetime?: number | undefined | undefined;
+					token_lifetime_for_web?: number | undefined | undefined;
+					skip_consent_for_verifiable_first_party_clients?: boolean | undefined | undefined;
+					allow_offline_access?: boolean | undefined | undefined;
+					verificationKey?: string | undefined | undefined;
+				};
+				outputFormat: "json";
+				status: 201;
+			};
+		};
+	}, "/resource-servers"> & import("hono/types").MergeSchemaPath<{
 		"/": {
 			$get: {
 				input: {
@@ -15359,6 +15607,86 @@ export declare function init(config: AuthHeroConfig): {
 				status: 200;
 			};
 		};
+	} & {
+		"/:id/permissions": {
+			$get: {
+				input: {
+					param: {
+						id: string;
+					};
+				} & {
+					query: {
+						sort?: string | undefined;
+						page?: string | undefined;
+						per_page?: string | undefined;
+						include_totals?: string | undefined;
+						q?: string | undefined;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				};
+				output: {
+					role_id: string;
+					resource_server_identifier: string;
+					permission_name: string;
+					resource_server_name: string;
+					description?: string | null | undefined | undefined;
+					created_at?: string | undefined | undefined;
+				}[];
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:id/permissions": {
+			$post: {
+				input: {
+					param: {
+						id: string;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				} & {
+					json: {
+						permissions: {
+							resource_server_identifier: string;
+							permission_name: string;
+						}[];
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 201;
+			};
+		};
+	} & {
+		"/:id/permissions": {
+			$delete: {
+				input: {
+					param: {
+						id: string;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				} & {
+					json: {
+						permissions: {
+							resource_server_identifier: string;
+							permission_name: string;
+						}[];
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 200;
+			};
+		};
 	}, "/roles"> & import("hono/types").MergeSchemaPath<{
 		"/": {
 			$get: {
@@ -18186,6 +18514,86 @@ export declare function init(config: AuthHeroConfig): {
 				status: 200;
 			};
 		};
+	} & {
+		"/:user_id/permissions": {
+			$get: {
+				input: {
+					param: {
+						user_id: string;
+					};
+				} & {
+					query: {
+						sort?: string | undefined;
+						page?: string | undefined;
+						per_page?: string | undefined;
+						include_totals?: string | undefined;
+						q?: string | undefined;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				};
+				output: {
+					user_id: string;
+					resource_server_identifier: string;
+					permission_name: string;
+					resource_server_name: string;
+					description?: string | null | undefined | undefined;
+					created_at?: string | undefined | undefined;
+				}[];
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:user_id/permissions": {
+			$post: {
+				input: {
+					param: {
+						user_id: string;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				} & {
+					json: {
+						permissions: {
+							resource_server_identifier: string;
+							permission_name: string;
+						}[];
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 201;
+			};
+		};
+	} & {
+		"/:user_id/permissions": {
+			$delete: {
+				input: {
+					param: {
+						user_id: string;
+					};
+				} & {
+					header: {
+						"tenant-id": string;
+					};
+				} & {
+					json: {
+						permissions: {
+							resource_server_identifier: string;
+							permission_name: string;
+						}[];
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 200;
+			};
+		};
 	}, "/users"> & import("hono/types").MergeSchemaPath<{
 		"/": {
 			$get: {