authhero 4.103.2 → 4.105.0

package/dist/authhero.d.ts

@@ -3094,6 +3094,13 @@ export declare const clientInsertSchema: z.ZodObject<{
 	]>>;
 	par_request_expiry: z.ZodOptional<z.ZodNumber>;
 	token_quota: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+	owner_user_id: z.ZodOptional<z.ZodString>;
+	registration_type: z.ZodOptional<z.ZodEnum<[
+		"manual",
+		"open_dcr",
+		"iat_dcr"
+	]>>;
+	registration_metadata: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>>;
 }, "strip", z.ZodTypeAny, {
 	name: string;
 	client_id: string;
@@ -3143,6 +3150,9 @@ export declare const clientInsertSchema: z.ZodObject<{
 	compliance_level?: "none" | "fapi1_adv_pkj_par" | "fapi1_adv_mtls_par" | "fapi2_sp_pkj_mtls" | "fapi2_sp_mtls_mtls" | undefined;
 	par_request_expiry?: number | undefined;
 	token_quota?: Record<string, any> | undefined;
+	owner_user_id?: string | undefined;
+	registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+	registration_metadata?: Record<string, any> | undefined;
 }, {
 	name: string;
 	client_id: string;
@@ -3192,6 +3202,9 @@ export declare const clientInsertSchema: z.ZodObject<{
 	compliance_level?: "none" | "fapi1_adv_pkj_par" | "fapi1_adv_mtls_par" | "fapi2_sp_pkj_mtls" | "fapi2_sp_mtls_mtls" | undefined;
 	par_request_expiry?: number | undefined;
 	token_quota?: Record<string, any> | undefined;
+	owner_user_id?: string | undefined;
+	registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+	registration_metadata?: Record<string, any> | undefined;
 }>;
 export type ClientInsert = z.input<typeof clientInsertSchema>;
 export declare const clientSchema: z.ZodObject<{
@@ -3287,6 +3300,13 @@ export declare const clientSchema: z.ZodObject<{
 	]>>;
 	par_request_expiry: z.ZodOptional<z.ZodNumber>;
 	token_quota: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+	owner_user_id: z.ZodOptional<z.ZodString>;
+	registration_type: z.ZodOptional<z.ZodEnum<[
+		"manual",
+		"open_dcr",
+		"iat_dcr"
+	]>>;
+	registration_metadata: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>>;
 	created_at: z.ZodString;
 	updated_at: z.ZodString;
 }, "strip", z.ZodTypeAny, {
@@ -3340,6 +3360,9 @@ export declare const clientSchema: z.ZodObject<{
 	compliance_level?: "none" | "fapi1_adv_pkj_par" | "fapi1_adv_mtls_par" | "fapi2_sp_pkj_mtls" | "fapi2_sp_mtls_mtls" | undefined;
 	par_request_expiry?: number | undefined;
 	token_quota?: Record<string, any> | undefined;
+	owner_user_id?: string | undefined;
+	registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+	registration_metadata?: Record<string, any> | undefined;
 }, {
 	created_at: string;
 	updated_at: string;
@@ -3391,6 +3414,9 @@ export declare const clientSchema: z.ZodObject<{
 	compliance_level?: "none" | "fapi1_adv_pkj_par" | "fapi1_adv_mtls_par" | "fapi2_sp_pkj_mtls" | "fapi2_sp_mtls_mtls" | undefined;
 	par_request_expiry?: number | undefined;
 	token_quota?: Record<string, any> | undefined;
+	owner_user_id?: string | undefined;
+	registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+	registration_metadata?: Record<string, any> | undefined;
 }>;
 export type Client = z.infer<typeof clientSchema>;
 export declare const clientGrantInsertSchema: z.ZodObject<{
@@ -3519,6 +3545,84 @@ export declare const clientGrantListSchema: z.ZodArray<z.ZodObject<{
 	authorization_details_types?: string[] | undefined;
 }>, "many">;
 export type ClientGrantList = z.infer<typeof clientGrantListSchema>;
+export declare const clientRegistrationTokenTypeSchema: z.ZodEnum<[
+	"iat",
+	"rat"
+]>;
+export type ClientRegistrationTokenType = z.infer<typeof clientRegistrationTokenTypeSchema>;
+export declare const clientRegistrationTokenInsertSchema: z.ZodObject<{
+	id: z.ZodString;
+	token_hash: z.ZodString;
+	type: z.ZodEnum<[
+		"iat",
+		"rat"
+	]>;
+	client_id: z.ZodOptional<z.ZodString>;
+	sub: z.ZodOptional<z.ZodString>;
+	constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+	single_use: z.ZodDefault<z.ZodBoolean>;
+	expires_at: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+	type: "iat" | "rat";
+	id: string;
+	token_hash: string;
+	single_use: boolean;
+	client_id?: string | undefined;
+	sub?: string | undefined;
+	constraints?: Record<string, unknown> | undefined;
+	expires_at?: string | undefined;
+}, {
+	type: "iat" | "rat";
+	id: string;
+	token_hash: string;
+	client_id?: string | undefined;
+	sub?: string | undefined;
+	constraints?: Record<string, unknown> | undefined;
+	single_use?: boolean | undefined;
+	expires_at?: string | undefined;
+}>;
+export type ClientRegistrationTokenInsert = z.infer<typeof clientRegistrationTokenInsertSchema>;
+export declare const clientRegistrationTokenSchema: z.ZodObject<{
+	id: z.ZodString;
+	token_hash: z.ZodString;
+	type: z.ZodEnum<[
+		"iat",
+		"rat"
+	]>;
+	client_id: z.ZodOptional<z.ZodString>;
+	sub: z.ZodOptional<z.ZodString>;
+	constraints: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+	single_use: z.ZodDefault<z.ZodBoolean>;
+	expires_at: z.ZodOptional<z.ZodString>;
+	created_at: z.ZodString;
+	used_at: z.ZodOptional<z.ZodString>;
+	revoked_at: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+	created_at: string;
+	type: "iat" | "rat";
+	id: string;
+	token_hash: string;
+	single_use: boolean;
+	client_id?: string | undefined;
+	sub?: string | undefined;
+	constraints?: Record<string, unknown> | undefined;
+	expires_at?: string | undefined;
+	used_at?: string | undefined;
+	revoked_at?: string | undefined;
+}, {
+	created_at: string;
+	type: "iat" | "rat";
+	id: string;
+	token_hash: string;
+	client_id?: string | undefined;
+	sub?: string | undefined;
+	constraints?: Record<string, unknown> | undefined;
+	single_use?: boolean | undefined;
+	expires_at?: string | undefined;
+	used_at?: string | undefined;
+	revoked_at?: string | undefined;
+}>;
+export type ClientRegistrationToken = z.infer<typeof clientRegistrationTokenSchema>;
 /**
  * Types for Auth0 Form Flow components
  * Based on the actual structure used by Auth0 forms API
@@ -11375,12 +11479,13 @@ export declare const codeInsertSchema: z.ZodObject<{
 	used_at: z.ZodOptional<z.ZodString>;
 	user_id: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
+	expires_at: string;
 	code_id: string;
 	login_id: string;
 	code_type: "password_reset" | "email_verification" | "otp" | "mfa_otp" | "authorization_code" | "oauth2_state" | "ticket";
-	expires_at: string;
 	connection_id?: string | undefined;
 	user_id?: string | undefined;
+	used_at?: string | undefined;
 	redirect_uri?: string | undefined;
 	state?: string | undefined;
 	nonce?: string | undefined;
@@ -11388,14 +11493,14 @@ export declare const codeInsertSchema: z.ZodObject<{
 	code_challenge?: string | undefined;
 	otp?: string | undefined;
 	code_verifier?: string | undefined;
-	used_at?: string | undefined;
 }, {
+	expires_at: string;
 	code_id: string;
 	login_id: string;
 	code_type: "password_reset" | "email_verification" | "otp" | "mfa_otp" | "authorization_code" | "oauth2_state" | "ticket";
-	expires_at: string;
 	connection_id?: string | undefined;
 	user_id?: string | undefined;
+	used_at?: string | undefined;
 	redirect_uri?: string | undefined;
 	state?: string | undefined;
 	nonce?: string | undefined;
@@ -11403,7 +11508,6 @@ export declare const codeInsertSchema: z.ZodObject<{
 	code_challenge?: string | undefined;
 	otp?: string | undefined;
 	code_verifier?: string | undefined;
-	used_at?: string | undefined;
 }>;
 export type CodeInsert = z.infer<typeof codeInsertSchema>;
 export declare const codeSchema: z.ZodObject<{
@@ -11435,12 +11539,13 @@ export declare const codeSchema: z.ZodObject<{
 	user_id: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
 	created_at: string;
+	expires_at: string;
 	code_id: string;
 	login_id: string;
 	code_type: "password_reset" | "email_verification" | "otp" | "mfa_otp" | "authorization_code" | "oauth2_state" | "ticket";
-	expires_at: string;
 	connection_id?: string | undefined;
 	user_id?: string | undefined;
+	used_at?: string | undefined;
 	redirect_uri?: string | undefined;
 	state?: string | undefined;
 	nonce?: string | undefined;
@@ -11448,15 +11553,15 @@ export declare const codeSchema: z.ZodObject<{
 	code_challenge?: string | undefined;
 	otp?: string | undefined;
 	code_verifier?: string | undefined;
-	used_at?: string | undefined;
 }, {
 	created_at: string;
+	expires_at: string;
 	code_id: string;
 	login_id: string;
 	code_type: "password_reset" | "email_verification" | "otp" | "mfa_otp" | "authorization_code" | "oauth2_state" | "ticket";
-	expires_at: string;
 	connection_id?: string | undefined;
 	user_id?: string | undefined;
+	used_at?: string | undefined;
 	redirect_uri?: string | undefined;
 	state?: string | undefined;
 	nonce?: string | undefined;
@@ -11464,7 +11569,6 @@ export declare const codeSchema: z.ZodObject<{
 	code_challenge?: string | undefined;
 	otp?: string | undefined;
 	code_verifier?: string | undefined;
-	used_at?: string | undefined;
 }>;
 export type Code = z.infer<typeof codeSchema>;
 export declare const connectionOptionsSchema: z.ZodObject<{
@@ -42927,7 +43031,7 @@ export declare const openIDConfigurationSchema: z.ZodObject<{
 	userinfo_endpoint: z.ZodString;
 	mfa_challenge_endpoint: z.ZodString;
 	jwks_uri: z.ZodString;
-	registration_endpoint: z.ZodString;
+	registration_endpoint: z.ZodOptional<z.ZodString>;
 	revocation_endpoint: z.ZodString;
 	scopes_supported: z.ZodArray<z.ZodString, "many">;
 	response_types_supported: z.ZodArray<z.ZodString, "many">;
@@ -42948,7 +43052,6 @@ export declare const openIDConfigurationSchema: z.ZodObject<{
 	issuer: string;
 	device_authorization_endpoint: string;
 	mfa_challenge_endpoint: string;
-	registration_endpoint: string;
 	revocation_endpoint: string;
 	scopes_supported: string[];
 	response_types_supported: string[];
@@ -42961,6 +43064,7 @@ export declare const openIDConfigurationSchema: z.ZodObject<{
 	request_uri_parameter_supported: boolean;
 	request_parameter_supported: boolean;
 	token_endpoint_auth_signing_alg_values_supported: string[];
+	registration_endpoint?: string | undefined;
 }, {
 	authorization_endpoint: string;
 	token_endpoint: string;
@@ -42969,7 +43073,6 @@ export declare const openIDConfigurationSchema: z.ZodObject<{
 	issuer: string;
 	device_authorization_endpoint: string;
 	mfa_challenge_endpoint: string;
-	registration_endpoint: string;
 	revocation_endpoint: string;
 	scopes_supported: string[];
 	response_types_supported: string[];
@@ -42982,6 +43085,7 @@ export declare const openIDConfigurationSchema: z.ZodObject<{
 	request_uri_parameter_supported: boolean;
 	request_parameter_supported: boolean;
 	token_endpoint_auth_signing_alg_values_supported: string[];
+	registration_endpoint?: string | undefined;
 }>;
 export interface ListParams {
 	page?: number;
@@ -43118,8 +43222,8 @@ export declare const loginSessionInsertSchema: z.ZodObject<{
 	}>>;
 	authenticated_at: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
-	state: LoginSessionState;
 	expires_at: string;
+	state: LoginSessionState;
 	csrf_token: string;
 	authParams: {
 		client_id: string;
@@ -43287,8 +43391,8 @@ export declare const loginSessionSchema: z.ZodObject<{
 	created_at: string;
 	updated_at: string;
 	id: string;
-	state: LoginSessionState;
 	expires_at: string;
+	state: LoginSessionState;
 	csrf_token: string;
 	authParams: {
 		client_id: string;
@@ -44151,6 +44255,10 @@ export declare const tenantInsertSchema: z.ZodObject<{
 		enable_client_connections: z.ZodOptional<z.ZodBoolean>;
 		enable_custom_domain_in_emails: z.ZodOptional<z.ZodBoolean>;
 		enable_dynamic_client_registration: z.ZodOptional<z.ZodBoolean>;
+		dcr_require_initial_access_token: z.ZodOptional<z.ZodBoolean>;
+		dcr_allowed_grant_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+		dcr_allowed_integration_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+		allow_http_return_to: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
 		enable_idtoken_api2: z.ZodOptional<z.ZodBoolean>;
 		enable_legacy_logs_search_v2: z.ZodOptional<z.ZodBoolean>;
 		enable_legacy_profile: z.ZodOptional<z.ZodBoolean>;
@@ -44185,6 +44293,10 @@ export declare const tenantInsertSchema: z.ZodObject<{
 		enable_client_connections?: boolean | undefined;
 		enable_custom_domain_in_emails?: boolean | undefined;
 		enable_dynamic_client_registration?: boolean | undefined;
+		dcr_require_initial_access_token?: boolean | undefined;
+		dcr_allowed_grant_types?: string[] | undefined;
+		dcr_allowed_integration_types?: string[] | undefined;
+		allow_http_return_to?: string[] | undefined;
 		enable_idtoken_api2?: boolean | undefined;
 		enable_legacy_logs_search_v2?: boolean | undefined;
 		enable_legacy_profile?: boolean | undefined;
@@ -44219,6 +44331,10 @@ export declare const tenantInsertSchema: z.ZodObject<{
 		enable_client_connections?: boolean | undefined;
 		enable_custom_domain_in_emails?: boolean | undefined;
 		enable_dynamic_client_registration?: boolean | undefined;
+		dcr_require_initial_access_token?: boolean | undefined;
+		dcr_allowed_grant_types?: string[] | undefined;
+		dcr_allowed_integration_types?: string[] | undefined;
+		allow_http_return_to?: string[] | undefined;
 		enable_idtoken_api2?: boolean | undefined;
 		enable_legacy_logs_search_v2?: boolean | undefined;
 		enable_legacy_profile?: boolean | undefined;
@@ -44494,6 +44610,10 @@ export declare const tenantInsertSchema: z.ZodObject<{
 		enable_client_connections?: boolean | undefined;
 		enable_custom_domain_in_emails?: boolean | undefined;
 		enable_dynamic_client_registration?: boolean | undefined;
+		dcr_require_initial_access_token?: boolean | undefined;
+		dcr_allowed_grant_types?: string[] | undefined;
+		dcr_allowed_integration_types?: string[] | undefined;
+		allow_http_return_to?: string[] | undefined;
 		enable_idtoken_api2?: boolean | undefined;
 		enable_legacy_logs_search_v2?: boolean | undefined;
 		enable_legacy_profile?: boolean | undefined;
@@ -44618,6 +44738,10 @@ export declare const tenantInsertSchema: z.ZodObject<{
 		enable_client_connections?: boolean | undefined;
 		enable_custom_domain_in_emails?: boolean | undefined;
 		enable_dynamic_client_registration?: boolean | undefined;
+		dcr_require_initial_access_token?: boolean | undefined;
+		dcr_allowed_grant_types?: string[] | undefined;
+		dcr_allowed_integration_types?: string[] | undefined;
+		allow_http_return_to?: string[] | undefined;
 		enable_idtoken_api2?: boolean | undefined;
 		enable_legacy_logs_search_v2?: boolean | undefined;
 		enable_legacy_profile?: boolean | undefined;
@@ -44754,6 +44878,10 @@ export declare const tenantSchema: z.ZodObject<{
 		enable_client_connections: z.ZodOptional<z.ZodBoolean>;
 		enable_custom_domain_in_emails: z.ZodOptional<z.ZodBoolean>;
 		enable_dynamic_client_registration: z.ZodOptional<z.ZodBoolean>;
+		dcr_require_initial_access_token: z.ZodOptional<z.ZodBoolean>;
+		dcr_allowed_grant_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+		dcr_allowed_integration_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+		allow_http_return_to: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
 		enable_idtoken_api2: z.ZodOptional<z.ZodBoolean>;
 		enable_legacy_logs_search_v2: z.ZodOptional<z.ZodBoolean>;
 		enable_legacy_profile: z.ZodOptional<z.ZodBoolean>;
@@ -44788,6 +44916,10 @@ export declare const tenantSchema: z.ZodObject<{
 		enable_client_connections?: boolean | undefined;
 		enable_custom_domain_in_emails?: boolean | undefined;
 		enable_dynamic_client_registration?: boolean | undefined;
+		dcr_require_initial_access_token?: boolean | undefined;
+		dcr_allowed_grant_types?: string[] | undefined;
+		dcr_allowed_integration_types?: string[] | undefined;
+		allow_http_return_to?: string[] | undefined;
 		enable_idtoken_api2?: boolean | undefined;
 		enable_legacy_logs_search_v2?: boolean | undefined;
 		enable_legacy_profile?: boolean | undefined;
@@ -44822,6 +44954,10 @@ export declare const tenantSchema: z.ZodObject<{
 		enable_client_connections?: boolean | undefined;
 		enable_custom_domain_in_emails?: boolean | undefined;
 		enable_dynamic_client_registration?: boolean | undefined;
+		dcr_require_initial_access_token?: boolean | undefined;
+		dcr_allowed_grant_types?: string[] | undefined;
+		dcr_allowed_integration_types?: string[] | undefined;
+		allow_http_return_to?: string[] | undefined;
 		enable_idtoken_api2?: boolean | undefined;
 		enable_legacy_logs_search_v2?: boolean | undefined;
 		enable_legacy_profile?: boolean | undefined;
@@ -45101,6 +45237,10 @@ export declare const tenantSchema: z.ZodObject<{
 		enable_client_connections?: boolean | undefined;
 		enable_custom_domain_in_emails?: boolean | undefined;
 		enable_dynamic_client_registration?: boolean | undefined;
+		dcr_require_initial_access_token?: boolean | undefined;
+		dcr_allowed_grant_types?: string[] | undefined;
+		dcr_allowed_integration_types?: string[] | undefined;
+		allow_http_return_to?: string[] | undefined;
 		enable_idtoken_api2?: boolean | undefined;
 		enable_legacy_logs_search_v2?: boolean | undefined;
 		enable_legacy_profile?: boolean | undefined;
@@ -45227,6 +45367,10 @@ export declare const tenantSchema: z.ZodObject<{
 		enable_client_connections?: boolean | undefined;
 		enable_custom_domain_in_emails?: boolean | undefined;
 		enable_dynamic_client_registration?: boolean | undefined;
+		dcr_require_initial_access_token?: boolean | undefined;
+		dcr_allowed_grant_types?: string[] | undefined;
+		dcr_allowed_integration_types?: string[] | undefined;
+		allow_http_return_to?: string[] | undefined;
 		enable_idtoken_api2?: boolean | undefined;
 		enable_legacy_logs_search_v2?: boolean | undefined;
 		enable_legacy_profile?: boolean | undefined;
@@ -48753,6 +48897,7 @@ export interface IdentifierConfig {
  *   options.attributes.username.validation.{min_length,max_length}
  */
 export declare function getConnectionIdentifierConfig(connection: ConnectionLike | null | undefined): IdentifierConfig;
+export declare function isPlainObject(value: unknown): value is Record<string, unknown>;
 export interface ListActionsResponse extends Totals {
 	actions: Action[];
 }
@@ -48866,6 +49011,16 @@ export interface ClientGrantsAdapter {
 	update(tenant_id: string, id: string, clientGrant: Partial<ClientGrantInsert>): Promise<boolean>;
 	remove(tenant_id: string, id: string): Promise<boolean>;
 }
+export interface ClientRegistrationTokensAdapter {
+	create: (tenant_id: string, token: ClientRegistrationTokenInsert) => Promise<ClientRegistrationToken>;
+	get: (tenant_id: string, id: string) => Promise<ClientRegistrationToken | null>;
+	getByHash: (tenant_id: string, token_hash: string) => Promise<ClientRegistrationToken | null>;
+	listByClient: (tenant_id: string, client_id: string) => Promise<ClientRegistrationToken[]>;
+	markUsed: (tenant_id: string, id: string, used_at: string) => Promise<boolean>;
+	revoke: (tenant_id: string, id: string, revoked_at: string) => Promise<boolean>;
+	revokeByClient: (tenant_id: string, client_id: string, revoked_at: string) => Promise<number>;
+	remove: (tenant_id: string, id: string) => Promise<boolean>;
+}
 export interface ListCodesResponse extends Totals {
 	codes: Code[];
 }
@@ -49328,6 +49483,7 @@ export interface DataAdapters {
 	clients: ClientsAdapter;
 	clientConnections: ClientConnectionsAdapter;
 	clientGrants: ClientGrantsAdapter;
+	clientRegistrationTokens?: ClientRegistrationTokensAdapter;
 	codes: CodesAdapter;
 	connections: ConnectionsAdapter;
 	customDomains: CustomDomainsAdapter;
@@ -49517,6 +49673,10 @@ declare const enrichedClientSchema: z.ZodObject<{
 			enable_client_connections: z.ZodOptional<z.ZodBoolean>;
 			enable_custom_domain_in_emails: z.ZodOptional<z.ZodBoolean>;
 			enable_dynamic_client_registration: z.ZodOptional<z.ZodBoolean>;
+			dcr_require_initial_access_token: z.ZodOptional<z.ZodBoolean>;
+			dcr_allowed_grant_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+			dcr_allowed_integration_types: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+			allow_http_return_to: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
 			enable_idtoken_api2: z.ZodOptional<z.ZodBoolean>;
 			enable_legacy_logs_search_v2: z.ZodOptional<z.ZodBoolean>;
 			enable_legacy_profile: z.ZodOptional<z.ZodBoolean>;
@@ -49551,6 +49711,10 @@ declare const enrichedClientSchema: z.ZodObject<{
 			enable_client_connections?: boolean | undefined;
 			enable_custom_domain_in_emails?: boolean | undefined;
 			enable_dynamic_client_registration?: boolean | undefined;
+			dcr_require_initial_access_token?: boolean | undefined;
+			dcr_allowed_grant_types?: string[] | undefined;
+			dcr_allowed_integration_types?: string[] | undefined;
+			allow_http_return_to?: string[] | undefined;
 			enable_idtoken_api2?: boolean | undefined;
 			enable_legacy_logs_search_v2?: boolean | undefined;
 			enable_legacy_profile?: boolean | undefined;
@@ -49585,6 +49749,10 @@ declare const enrichedClientSchema: z.ZodObject<{
 			enable_client_connections?: boolean | undefined;
 			enable_custom_domain_in_emails?: boolean | undefined;
 			enable_dynamic_client_registration?: boolean | undefined;
+			dcr_require_initial_access_token?: boolean | undefined;
+			dcr_allowed_grant_types?: string[] | undefined;
+			dcr_allowed_integration_types?: string[] | undefined;
+			allow_http_return_to?: string[] | undefined;
 			enable_idtoken_api2?: boolean | undefined;
 			enable_legacy_logs_search_v2?: boolean | undefined;
 			enable_legacy_profile?: boolean | undefined;
@@ -49864,6 +50032,10 @@ declare const enrichedClientSchema: z.ZodObject<{
 			enable_client_connections?: boolean | undefined;
 			enable_custom_domain_in_emails?: boolean | undefined;
 			enable_dynamic_client_registration?: boolean | undefined;
+			dcr_require_initial_access_token?: boolean | undefined;
+			dcr_allowed_grant_types?: string[] | undefined;
+			dcr_allowed_integration_types?: string[] | undefined;
+			allow_http_return_to?: string[] | undefined;
 			enable_idtoken_api2?: boolean | undefined;
 			enable_legacy_logs_search_v2?: boolean | undefined;
 			enable_legacy_profile?: boolean | undefined;
@@ -49990,6 +50162,10 @@ declare const enrichedClientSchema: z.ZodObject<{
 			enable_client_connections?: boolean | undefined;
 			enable_custom_domain_in_emails?: boolean | undefined;
 			enable_dynamic_client_registration?: boolean | undefined;
+			dcr_require_initial_access_token?: boolean | undefined;
+			dcr_allowed_grant_types?: string[] | undefined;
+			dcr_allowed_integration_types?: string[] | undefined;
+			allow_http_return_to?: string[] | undefined;
 			enable_idtoken_api2?: boolean | undefined;
 			enable_legacy_logs_search_v2?: boolean | undefined;
 			enable_legacy_profile?: boolean | undefined;
@@ -51038,6 +51214,13 @@ declare const enrichedClientSchema: z.ZodObject<{
 	]>>;
 	par_request_expiry: z.ZodOptional<z.ZodNumber>;
 	token_quota: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+	owner_user_id: z.ZodOptional<z.ZodString>;
+	registration_type: z.ZodOptional<z.ZodEnum<[
+		"manual",
+		"open_dcr",
+		"iat_dcr"
+	]>>;
+	registration_metadata: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>>;
 	created_at: z.ZodString;
 	updated_at: z.ZodString;
 }, "strip", z.ZodTypeAny, {
@@ -51091,6 +51274,10 @@ declare const enrichedClientSchema: z.ZodObject<{
 			enable_client_connections?: boolean | undefined;
 			enable_custom_domain_in_emails?: boolean | undefined;
 			enable_dynamic_client_registration?: boolean | undefined;
+			dcr_require_initial_access_token?: boolean | undefined;
+			dcr_allowed_grant_types?: string[] | undefined;
+			dcr_allowed_integration_types?: string[] | undefined;
+			allow_http_return_to?: string[] | undefined;
 			enable_idtoken_api2?: boolean | undefined;
 			enable_legacy_logs_search_v2?: boolean | undefined;
 			enable_legacy_profile?: boolean | undefined;
@@ -51336,6 +51523,9 @@ declare const enrichedClientSchema: z.ZodObject<{
 	compliance_level?: "none" | "fapi1_adv_pkj_par" | "fapi1_adv_mtls_par" | "fapi2_sp_pkj_mtls" | "fapi2_sp_mtls_mtls" | undefined;
 	par_request_expiry?: number | undefined;
 	token_quota?: Record<string, any> | undefined;
+	owner_user_id?: string | undefined;
+	registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+	registration_metadata?: Record<string, any> | undefined;
 }, {
 	name: string;
 	tenant: {
@@ -51387,6 +51577,10 @@ declare const enrichedClientSchema: z.ZodObject<{
 			enable_client_connections?: boolean | undefined;
 			enable_custom_domain_in_emails?: boolean | undefined;
 			enable_dynamic_client_registration?: boolean | undefined;
+			dcr_require_initial_access_token?: boolean | undefined;
+			dcr_allowed_grant_types?: string[] | undefined;
+			dcr_allowed_integration_types?: string[] | undefined;
+			allow_http_return_to?: string[] | undefined;
 			enable_idtoken_api2?: boolean | undefined;
 			enable_legacy_logs_search_v2?: boolean | undefined;
 			enable_legacy_profile?: boolean | undefined;
@@ -51632,6 +51826,9 @@ declare const enrichedClientSchema: z.ZodObject<{
 	compliance_level?: "none" | "fapi1_adv_pkj_par" | "fapi1_adv_mtls_par" | "fapi2_sp_pkj_mtls" | "fapi2_sp_mtls_mtls" | undefined;
 	par_request_expiry?: number | undefined;
 	token_quota?: Record<string, any> | undefined;
+	owner_user_id?: string | undefined;
+	registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+	registration_metadata?: Record<string, any> | undefined;
 }>;
 export type EnrichedClient = z.infer<typeof enrichedClientSchema>;
 /** Context passed to entity hooks */
@@ -61234,6 +61431,35 @@ export declare function init(config: AuthHeroConfig): {
 			};
 		};
 	}, "/logs"> & import("hono/types").MergeSchemaPath<{
+		"/": {
+			$post: {
+				input: {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				} & {
+					json: {
+						sub?: string | undefined;
+						single_use?: boolean | undefined;
+						constraints?: Record<string, unknown> | undefined;
+						expires_in_seconds?: number | undefined;
+					};
+				};
+				output: {
+					id: string;
+					expires_at: string;
+					token: string;
+					single_use: boolean;
+					sub?: string | undefined;
+					constraints?: {
+						[x: string]: import("hono/utils/types").JSONValue;
+					} | undefined;
+				};
+				outputFormat: "json";
+				status: 201;
+			};
+		};
+	}, "/client-registration-tokens"> & import("hono/types").MergeSchemaPath<{
 		"/": {
 			$get: {
 				input: {
@@ -61507,6 +61733,11 @@ export declare function init(config: AuthHeroConfig): {
 					token_quota?: {
 						[x: string]: any;
 					} | undefined;
+					owner_user_id?: string | undefined | undefined;
+					registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined | undefined;
+					registration_metadata?: {
+						[x: string]: any;
+					} | undefined;
 				}[] | {
 					length: number;
 					start: number;
@@ -61590,6 +61821,11 @@ export declare function init(config: AuthHeroConfig): {
 						token_quota?: {
 							[x: string]: any;
 						} | undefined;
+						owner_user_id?: string | undefined | undefined;
+						registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined | undefined;
+						registration_metadata?: {
+							[x: string]: any;
+						} | undefined;
 					}[];
 					total?: number | undefined;
 				};
@@ -61688,6 +61924,11 @@ export declare function init(config: AuthHeroConfig): {
 					token_quota?: {
 						[x: string]: any;
 					} | undefined;
+					owner_user_id?: string | undefined | undefined;
+					registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined | undefined;
+					registration_metadata?: {
+						[x: string]: any;
+					} | undefined;
 				};
 				outputFormat: "json";
 				status: 200;
@@ -61771,6 +62012,9 @@ export declare function init(config: AuthHeroConfig): {
 						compliance_level?: "none" | "fapi1_adv_pkj_par" | "fapi1_adv_mtls_par" | "fapi2_sp_pkj_mtls" | "fapi2_sp_mtls_mtls" | undefined;
 						par_request_expiry?: number | undefined;
 						token_quota?: Record<string, any> | undefined;
+						owner_user_id?: string | undefined;
+						registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+						registration_metadata?: Record<string, any> | undefined;
 					};
 				};
 				output: {
@@ -61852,6 +62096,11 @@ export declare function init(config: AuthHeroConfig): {
 					token_quota?: {
 						[x: string]: any;
 					} | undefined;
+					owner_user_id?: string | undefined | undefined;
+					registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined | undefined;
+					registration_metadata?: {
+						[x: string]: any;
+					} | undefined;
 				};
 				outputFormat: "json";
 				status: 200;
@@ -61914,6 +62163,9 @@ export declare function init(config: AuthHeroConfig): {
 						compliance_level?: "none" | "fapi1_adv_pkj_par" | "fapi1_adv_mtls_par" | "fapi2_sp_pkj_mtls" | "fapi2_sp_mtls_mtls" | undefined;
 						par_request_expiry?: number | undefined;
 						token_quota?: Record<string, any> | undefined;
+						owner_user_id?: string | undefined;
+						registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+						registration_metadata?: Record<string, any> | undefined;
 					};
 				};
 				output: {
@@ -61995,6 +62247,11 @@ export declare function init(config: AuthHeroConfig): {
 					token_quota?: {
 						[x: string]: any;
 					} | undefined;
+					owner_user_id?: string | undefined;
+					registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+					registration_metadata?: {
+						[x: string]: any;
+					} | undefined;
 				};
 				outputFormat: "json";
 				status: 201;
@@ -62968,6 +63225,59 @@ export declare function init(config: AuthHeroConfig): {
 				status: 200;
 			};
 		};
+	} & {
+		"/:user_id/connected-clients": {
+			$get: {
+				input: {
+					param: {
+						user_id: string;
+					};
+				} & {
+					query: {
+						sort?: string | undefined;
+						page?: string | undefined;
+						per_page?: string | undefined;
+						include_totals?: string | undefined;
+						from?: string | undefined;
+						take?: string | undefined;
+						q?: string | undefined;
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {
+					name: string;
+					client_id: string;
+					logo_uri?: string | undefined;
+					registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+					registration_metadata?: {
+						[x: string]: any;
+					} | undefined;
+					created_at?: string | undefined;
+					updated_at?: string | undefined;
+				}[] | {
+					length: number;
+					start: number;
+					limit: number;
+					connected_clients: {
+						name: string;
+						client_id: string;
+						logo_uri?: string | undefined;
+						registration_type?: "manual" | "open_dcr" | "iat_dcr" | undefined;
+						registration_metadata?: {
+							[x: string]: any;
+						} | undefined;
+						created_at?: string | undefined;
+						updated_at?: string | undefined;
+					}[];
+					total?: number | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
 	} & {
 		"/:user_id/sessions": {
 			$get: {
@@ -64763,6 +65073,200 @@ export declare function init(config: AuthHeroConfig): {
 			};
 		};
 	}, "/callback"> & import("hono/types").MergeSchemaPath<{
+		"/": {
+			$get: {
+				input: {
+					query: {
+						domain: string;
+						state: string;
+						integration_type: string;
+						return_to: string;
+						scope?: string | undefined;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 302;
+			} | {
+				input: {
+					query: {
+						domain: string;
+						state: string;
+						integration_type: string;
+						return_to: string;
+						scope?: string | undefined;
+					};
+				};
+				output: {};
+				outputFormat: "json";
+				status: 400;
+			} | {
+				input: {
+					query: {
+						domain: string;
+						state: string;
+						integration_type: string;
+						return_to: string;
+						scope?: string | undefined;
+					};
+				};
+				output: {};
+				outputFormat: "json";
+				status: 404;
+			};
+		};
+	}, "/connect/start"> & import("hono/types").MergeSchemaPath<{
+		"/": {
+			$post: {
+				input: {
+					json: {
+						client_id?: string | undefined;
+						client_secret?: string | undefined;
+						logo_uri?: string | undefined;
+						grant_types?: string[] | undefined;
+						token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | undefined;
+						scope?: string | undefined;
+						client_name?: string | undefined;
+						jwks_uri?: string | undefined;
+						redirect_uris?: string[] | undefined;
+						client_uri?: string | undefined;
+						tos_uri?: string | undefined;
+						policy_uri?: string | undefined;
+						contacts?: string[] | undefined;
+						response_types?: string[] | undefined;
+						jwks?: Record<string, unknown> | undefined;
+						software_id?: string | undefined;
+						software_version?: string | undefined;
+					};
+				};
+				output: {
+					client_id: string;
+					registration_client_uri: string;
+					client_secret?: string | undefined;
+					logo_uri?: string | undefined;
+					grant_types?: string[] | undefined;
+					token_endpoint_auth_method?: string | undefined;
+					scope?: string | undefined;
+					client_name?: string | undefined;
+					jwks_uri?: string | undefined;
+					redirect_uris?: string[] | undefined;
+					client_uri?: string | undefined;
+					tos_uri?: string | undefined;
+					policy_uri?: string | undefined;
+					contacts?: string[] | undefined;
+					response_types?: string[] | undefined;
+					software_id?: string | undefined;
+					software_version?: string | undefined;
+					client_id_issued_at?: number | undefined;
+					client_secret_expires_at?: number | undefined;
+					registration_access_token?: string | undefined;
+				};
+				outputFormat: "json";
+				status: 201;
+			};
+		};
+	} & {
+		"/:client_id": {
+			$get: {
+				input: {
+					param: {
+						client_id: string;
+					};
+				};
+				output: {
+					client_id: string;
+					registration_client_uri: string;
+					client_secret?: string | undefined;
+					logo_uri?: string | undefined;
+					grant_types?: string[] | undefined;
+					token_endpoint_auth_method?: string | undefined;
+					scope?: string | undefined;
+					client_name?: string | undefined;
+					jwks_uri?: string | undefined;
+					redirect_uris?: string[] | undefined;
+					client_uri?: string | undefined;
+					tos_uri?: string | undefined;
+					policy_uri?: string | undefined;
+					contacts?: string[] | undefined;
+					response_types?: string[] | undefined;
+					software_id?: string | undefined;
+					software_version?: string | undefined;
+					client_id_issued_at?: number | undefined;
+					client_secret_expires_at?: number | undefined;
+					registration_access_token?: string | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:client_id": {
+			$put: {
+				input: {
+					param: {
+						client_id: string;
+					};
+				} & {
+					json: {
+						client_id?: string | undefined;
+						client_secret?: string | undefined;
+						logo_uri?: string | undefined;
+						grant_types?: string[] | undefined;
+						token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | undefined;
+						scope?: string | undefined;
+						client_name?: string | undefined;
+						jwks_uri?: string | undefined;
+						redirect_uris?: string[] | undefined;
+						client_uri?: string | undefined;
+						tos_uri?: string | undefined;
+						policy_uri?: string | undefined;
+						contacts?: string[] | undefined;
+						response_types?: string[] | undefined;
+						jwks?: Record<string, unknown> | undefined;
+						software_id?: string | undefined;
+						software_version?: string | undefined;
+					};
+				};
+				output: {
+					client_id: string;
+					registration_client_uri: string;
+					client_secret?: string | undefined;
+					logo_uri?: string | undefined;
+					grant_types?: string[] | undefined;
+					token_endpoint_auth_method?: string | undefined;
+					scope?: string | undefined;
+					client_name?: string | undefined;
+					jwks_uri?: string | undefined;
+					redirect_uris?: string[] | undefined;
+					client_uri?: string | undefined;
+					tos_uri?: string | undefined;
+					policy_uri?: string | undefined;
+					contacts?: string[] | undefined;
+					response_types?: string[] | undefined;
+					software_id?: string | undefined;
+					software_version?: string | undefined;
+					client_id_issued_at?: number | undefined;
+					client_secret_expires_at?: number | undefined;
+					registration_access_token?: string | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:client_id": {
+			$delete: {
+				input: {
+					param: {
+						client_id: string;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 204;
+			};
+		};
+	}, "/oidc/register"> & import("hono/types").MergeSchemaPath<{
 		"/": {
 			$get: {
 				input: {
@@ -65637,7 +66141,6 @@ export declare function init(config: AuthHeroConfig): {
 					issuer: string;
 					device_authorization_endpoint: string;
 					mfa_challenge_endpoint: string;
-					registration_endpoint: string;
 					revocation_endpoint: string;
 					scopes_supported: string[];
 					response_types_supported: string[];
@@ -65650,6 +66153,7 @@ export declare function init(config: AuthHeroConfig): {
 					request_uri_parameter_supported: boolean;
 					request_parameter_supported: boolean;
 					token_endpoint_auth_signing_alg_values_supported: string[];
+					registration_endpoint?: string | undefined | undefined;
 				};
 				outputFormat: "json";
 				status: 200;