authhero 5.11.0 → 5.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/u/widget/index.esm.js +1 -1
- package/dist/authhero.cjs +126 -126
- package/dist/authhero.d.ts +81 -66
- package/dist/authhero.mjs +9177 -8949
- package/dist/stats.html +1 -1
- package/dist/tsconfig.types.tsbuildinfo +1 -1
- package/dist/types/authentication-flows/passwordless.d.ts +3 -3
- package/dist/types/helpers/dcr/metadata-mapping.d.ts +1 -1
- package/dist/types/helpers/users.d.ts +28 -0
- package/dist/types/index.d.ts +66 -66
- package/dist/types/routes/auth-api/index.d.ts +18 -18
- package/dist/types/routes/auth-api/passwordless.d.ts +16 -16
- package/dist/types/routes/auth-api/register/index.d.ts +2 -2
- package/dist/types/routes/management-api/action-executions.d.ts +1 -1
- package/dist/types/routes/management-api/actions.d.ts +1 -1
- package/dist/types/routes/management-api/authentication-methods.d.ts +1 -1
- package/dist/types/routes/management-api/client-grants.d.ts +8 -8
- package/dist/types/routes/management-api/clients.d.ts +7 -7
- package/dist/types/routes/management-api/email-templates.d.ts +14 -14
- package/dist/types/routes/management-api/failed-events.d.ts +1 -1
- package/dist/types/routes/management-api/guardian.d.ts +5 -5
- package/dist/types/routes/management-api/index.d.ts +48 -48
- package/dist/types/routes/management-api/logs.d.ts +3 -3
- package/dist/types/routes/management-api/organizations.d.ts +1 -1
- package/dist/types/routes/management-api/prompts.d.ts +4 -4
- package/dist/types/routes/management-api/proxy-routes.d.ts +221 -0
- package/dist/types/routes/management-api/users.d.ts +2 -2
- package/dist/types/routes/proxy-control-plane/index.d.ts +22 -0
- package/dist/types/routes/universal-login/common.d.ts +2 -2
- package/dist/types/types/AuthHeroConfig.d.ts +14 -0
- package/dist/types/types/IdToken.d.ts +3 -3
- package/package.json +5 -4
|
@@ -703,10 +703,10 @@ export declare const organizationRoutes: OpenAPIHono<{
|
|
|
703
703
|
email?: string | undefined;
|
|
704
704
|
};
|
|
705
705
|
id?: string | undefined;
|
|
706
|
-
connection_id?: string | undefined;
|
|
707
706
|
app_metadata?: Record<string, any> | undefined;
|
|
708
707
|
user_metadata?: Record<string, any> | undefined;
|
|
709
708
|
roles?: string[] | undefined;
|
|
709
|
+
connection_id?: string | undefined;
|
|
710
710
|
ttl_sec?: number | undefined;
|
|
711
711
|
send_invitation_email?: boolean | undefined;
|
|
712
712
|
};
|
|
@@ -50,7 +50,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
50
50
|
};
|
|
51
51
|
};
|
|
52
52
|
output: {
|
|
53
|
-
prompt: "
|
|
53
|
+
prompt: "signup" | "status" | "mfa" | "organizations" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
54
54
|
language: string;
|
|
55
55
|
}[];
|
|
56
56
|
outputFormat: "json";
|
|
@@ -88,7 +88,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
88
88
|
$get: {
|
|
89
89
|
input: {
|
|
90
90
|
param: {
|
|
91
|
-
prompt: "
|
|
91
|
+
prompt: "signup" | "status" | "mfa" | "organizations" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
92
92
|
language: string;
|
|
93
93
|
};
|
|
94
94
|
} & {
|
|
@@ -110,7 +110,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
110
110
|
$put: {
|
|
111
111
|
input: {
|
|
112
112
|
param: {
|
|
113
|
-
prompt: "
|
|
113
|
+
prompt: "signup" | "status" | "mfa" | "organizations" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
114
114
|
language: string;
|
|
115
115
|
};
|
|
116
116
|
} & {
|
|
@@ -134,7 +134,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
134
134
|
$delete: {
|
|
135
135
|
input: {
|
|
136
136
|
param: {
|
|
137
|
-
prompt: "
|
|
137
|
+
prompt: "signup" | "status" | "mfa" | "organizations" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
138
138
|
language: string;
|
|
139
139
|
};
|
|
140
140
|
} & {
|
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
import { OpenAPIHono } from "@hono/zod-openapi";
|
|
2
|
+
import { Bindings, Variables } from "../../types";
|
|
3
|
+
export declare const proxyRoutesRoutes: OpenAPIHono<{
|
|
4
|
+
Bindings: Bindings;
|
|
5
|
+
Variables: Variables;
|
|
6
|
+
}, {
|
|
7
|
+
"/": {
|
|
8
|
+
$get: {
|
|
9
|
+
input: {
|
|
10
|
+
query: {
|
|
11
|
+
page?: unknown;
|
|
12
|
+
per_page?: unknown;
|
|
13
|
+
custom_domain_id?: string | undefined;
|
|
14
|
+
};
|
|
15
|
+
} & {
|
|
16
|
+
header: {
|
|
17
|
+
"tenant-id"?: string | undefined;
|
|
18
|
+
};
|
|
19
|
+
};
|
|
20
|
+
output: {
|
|
21
|
+
proxy_routes: {
|
|
22
|
+
custom_domain_id: string;
|
|
23
|
+
priority: number;
|
|
24
|
+
match: {
|
|
25
|
+
path: string;
|
|
26
|
+
hosts?: string[] | undefined;
|
|
27
|
+
methods?: string[] | undefined;
|
|
28
|
+
headers?: {
|
|
29
|
+
[x: string]: string;
|
|
30
|
+
} | undefined;
|
|
31
|
+
query?: {
|
|
32
|
+
[x: string]: string;
|
|
33
|
+
} | undefined;
|
|
34
|
+
};
|
|
35
|
+
handlers: {
|
|
36
|
+
type: string;
|
|
37
|
+
options: {
|
|
38
|
+
[x: string]: import("hono/utils/types").JSONValue;
|
|
39
|
+
};
|
|
40
|
+
}[];
|
|
41
|
+
id: string;
|
|
42
|
+
tenant_id: string;
|
|
43
|
+
created_at: string;
|
|
44
|
+
updated_at: string;
|
|
45
|
+
}[];
|
|
46
|
+
start: number;
|
|
47
|
+
limit: number;
|
|
48
|
+
length: number;
|
|
49
|
+
};
|
|
50
|
+
outputFormat: "json";
|
|
51
|
+
status: 200;
|
|
52
|
+
};
|
|
53
|
+
};
|
|
54
|
+
} & {
|
|
55
|
+
"/:id": {
|
|
56
|
+
$get: {
|
|
57
|
+
input: {
|
|
58
|
+
param: {
|
|
59
|
+
id: string;
|
|
60
|
+
};
|
|
61
|
+
} & {
|
|
62
|
+
header: {
|
|
63
|
+
"tenant-id"?: string | undefined;
|
|
64
|
+
};
|
|
65
|
+
};
|
|
66
|
+
output: {
|
|
67
|
+
custom_domain_id: string;
|
|
68
|
+
priority: number;
|
|
69
|
+
match: {
|
|
70
|
+
path: string;
|
|
71
|
+
hosts?: string[] | undefined;
|
|
72
|
+
methods?: string[] | undefined;
|
|
73
|
+
headers?: {
|
|
74
|
+
[x: string]: string;
|
|
75
|
+
} | undefined;
|
|
76
|
+
query?: {
|
|
77
|
+
[x: string]: string;
|
|
78
|
+
} | undefined;
|
|
79
|
+
};
|
|
80
|
+
handlers: {
|
|
81
|
+
type: string;
|
|
82
|
+
options: {
|
|
83
|
+
[x: string]: import("hono/utils/types").JSONValue;
|
|
84
|
+
};
|
|
85
|
+
}[];
|
|
86
|
+
id: string;
|
|
87
|
+
tenant_id: string;
|
|
88
|
+
created_at: string;
|
|
89
|
+
updated_at: string;
|
|
90
|
+
};
|
|
91
|
+
outputFormat: "json";
|
|
92
|
+
status: 200;
|
|
93
|
+
};
|
|
94
|
+
};
|
|
95
|
+
} & {
|
|
96
|
+
"/": {
|
|
97
|
+
$post: {
|
|
98
|
+
input: {
|
|
99
|
+
header: {
|
|
100
|
+
"tenant-id"?: string | undefined;
|
|
101
|
+
};
|
|
102
|
+
} & {
|
|
103
|
+
json: {
|
|
104
|
+
custom_domain_id: string;
|
|
105
|
+
match: {
|
|
106
|
+
hosts?: string[] | undefined;
|
|
107
|
+
methods?: string[] | undefined;
|
|
108
|
+
path?: string | undefined;
|
|
109
|
+
headers?: Record<string, string> | undefined;
|
|
110
|
+
query?: Record<string, string> | undefined;
|
|
111
|
+
};
|
|
112
|
+
handlers: {
|
|
113
|
+
type: string;
|
|
114
|
+
options?: Record<string, unknown> | undefined;
|
|
115
|
+
}[];
|
|
116
|
+
priority?: number | undefined;
|
|
117
|
+
};
|
|
118
|
+
};
|
|
119
|
+
output: {
|
|
120
|
+
custom_domain_id: string;
|
|
121
|
+
priority: number;
|
|
122
|
+
match: {
|
|
123
|
+
path: string;
|
|
124
|
+
hosts?: string[] | undefined;
|
|
125
|
+
methods?: string[] | undefined;
|
|
126
|
+
headers?: {
|
|
127
|
+
[x: string]: string;
|
|
128
|
+
} | undefined;
|
|
129
|
+
query?: {
|
|
130
|
+
[x: string]: string;
|
|
131
|
+
} | undefined;
|
|
132
|
+
};
|
|
133
|
+
handlers: {
|
|
134
|
+
type: string;
|
|
135
|
+
options: {
|
|
136
|
+
[x: string]: import("hono/utils/types").JSONValue;
|
|
137
|
+
};
|
|
138
|
+
}[];
|
|
139
|
+
id: string;
|
|
140
|
+
tenant_id: string;
|
|
141
|
+
created_at: string;
|
|
142
|
+
updated_at: string;
|
|
143
|
+
};
|
|
144
|
+
outputFormat: "json";
|
|
145
|
+
status: 201;
|
|
146
|
+
};
|
|
147
|
+
};
|
|
148
|
+
} & {
|
|
149
|
+
"/:id": {
|
|
150
|
+
$patch: {
|
|
151
|
+
input: {
|
|
152
|
+
param: {
|
|
153
|
+
id: string;
|
|
154
|
+
};
|
|
155
|
+
} & {
|
|
156
|
+
header: {
|
|
157
|
+
"tenant-id"?: string | undefined;
|
|
158
|
+
};
|
|
159
|
+
} & {
|
|
160
|
+
json: {
|
|
161
|
+
priority?: number | undefined;
|
|
162
|
+
match?: {
|
|
163
|
+
hosts?: string[] | undefined;
|
|
164
|
+
methods?: string[] | undefined;
|
|
165
|
+
path?: string | undefined;
|
|
166
|
+
headers?: Record<string, string> | undefined;
|
|
167
|
+
query?: Record<string, string> | undefined;
|
|
168
|
+
} | undefined;
|
|
169
|
+
handlers?: {
|
|
170
|
+
type: string;
|
|
171
|
+
options?: Record<string, unknown> | undefined;
|
|
172
|
+
}[] | undefined;
|
|
173
|
+
};
|
|
174
|
+
};
|
|
175
|
+
output: {
|
|
176
|
+
custom_domain_id: string;
|
|
177
|
+
priority: number;
|
|
178
|
+
match: {
|
|
179
|
+
path: string;
|
|
180
|
+
hosts?: string[] | undefined;
|
|
181
|
+
methods?: string[] | undefined;
|
|
182
|
+
headers?: {
|
|
183
|
+
[x: string]: string;
|
|
184
|
+
} | undefined;
|
|
185
|
+
query?: {
|
|
186
|
+
[x: string]: string;
|
|
187
|
+
} | undefined;
|
|
188
|
+
};
|
|
189
|
+
handlers: {
|
|
190
|
+
type: string;
|
|
191
|
+
options: {
|
|
192
|
+
[x: string]: import("hono/utils/types").JSONValue;
|
|
193
|
+
};
|
|
194
|
+
}[];
|
|
195
|
+
id: string;
|
|
196
|
+
tenant_id: string;
|
|
197
|
+
created_at: string;
|
|
198
|
+
updated_at: string;
|
|
199
|
+
};
|
|
200
|
+
outputFormat: "json";
|
|
201
|
+
status: 200;
|
|
202
|
+
};
|
|
203
|
+
};
|
|
204
|
+
} & {
|
|
205
|
+
"/:id": {
|
|
206
|
+
$delete: {
|
|
207
|
+
input: {
|
|
208
|
+
param: {
|
|
209
|
+
id: string;
|
|
210
|
+
};
|
|
211
|
+
} & {
|
|
212
|
+
header: {
|
|
213
|
+
"tenant-id"?: string | undefined;
|
|
214
|
+
};
|
|
215
|
+
};
|
|
216
|
+
output: {};
|
|
217
|
+
outputFormat: string;
|
|
218
|
+
status: 204;
|
|
219
|
+
};
|
|
220
|
+
};
|
|
221
|
+
}, "/">;
|
|
@@ -737,7 +737,7 @@ export declare const userRoutes: OpenAPIHono<{
|
|
|
737
737
|
};
|
|
738
738
|
};
|
|
739
739
|
output: {
|
|
740
|
-
type: "
|
|
740
|
+
type: "fn" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
|
|
741
741
|
date: string;
|
|
742
742
|
isMobile: boolean;
|
|
743
743
|
log_id: string;
|
|
@@ -776,7 +776,7 @@ export declare const userRoutes: OpenAPIHono<{
|
|
|
776
776
|
limit: number;
|
|
777
777
|
length: number;
|
|
778
778
|
logs: {
|
|
779
|
-
type: "
|
|
779
|
+
type: "fn" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
|
|
780
780
|
date: string;
|
|
781
781
|
isMobile: boolean;
|
|
782
782
|
log_id: string;
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { Hono } from "hono";
|
|
2
|
+
import type { ResolvedHost } from "@authhero/proxy";
|
|
3
|
+
export interface ProxyControlPlaneOptions {
|
|
4
|
+
/**
|
|
5
|
+
* Cross-tenant host resolver. Typically delegated to a database adapter's
|
|
6
|
+
* `createProxyDataAdapter(db).resolveHost`.
|
|
7
|
+
*/
|
|
8
|
+
resolveHost: (host: string) => Promise<ResolvedHost | null>;
|
|
9
|
+
/**
|
|
10
|
+
* Authentication check for incoming requests. Return `true` to allow,
|
|
11
|
+
* `false` to reject with 401. The control-plane endpoint is cross-tenant
|
|
12
|
+
* and must not be exposed to regular tenant tokens — use a dedicated
|
|
13
|
+
* proxy-reader credential (shared secret, mTLS, JWT with `proxy:resolve_host`
|
|
14
|
+
* scope, …).
|
|
15
|
+
*/
|
|
16
|
+
authenticate: (request: Request) => Promise<boolean> | boolean;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Returns a Hono app exposing the privileged proxy control-plane endpoint
|
|
20
|
+
* `GET /hosts/:host`. Mount under `/api/v2/proxy/control-plane`.
|
|
21
|
+
*/
|
|
22
|
+
export declare function createProxyControlPlaneApp(options: ProxyControlPlaneOptions): Hono;
|
|
@@ -436,7 +436,7 @@ export declare function initJSXRoute(ctx: Context<{
|
|
|
436
436
|
custom_login_page_preview?: string | undefined;
|
|
437
437
|
form_template?: string | undefined;
|
|
438
438
|
addons?: Record<string, any> | undefined;
|
|
439
|
-
token_endpoint_auth_method?: "
|
|
439
|
+
token_endpoint_auth_method?: "client_secret_post" | "client_secret_basic" | "none" | "client_secret_jwt" | "private_key_jwt" | undefined;
|
|
440
440
|
client_metadata?: Record<string, string> | undefined;
|
|
441
441
|
hide_sign_up_disabled_error?: boolean | undefined;
|
|
442
442
|
mobile?: Record<string, any> | undefined;
|
|
@@ -1133,7 +1133,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
|
|
|
1133
1133
|
custom_login_page_preview?: string | undefined;
|
|
1134
1134
|
form_template?: string | undefined;
|
|
1135
1135
|
addons?: Record<string, any> | undefined;
|
|
1136
|
-
token_endpoint_auth_method?: "
|
|
1136
|
+
token_endpoint_auth_method?: "client_secret_post" | "client_secret_basic" | "none" | "client_secret_jwt" | "private_key_jwt" | undefined;
|
|
1137
1137
|
client_metadata?: Record<string, string> | undefined;
|
|
1138
1138
|
hide_sign_up_disabled_error?: boolean | undefined;
|
|
1139
1139
|
mobile?: Record<string, any> | undefined;
|
|
@@ -276,6 +276,20 @@ export interface AuthHeroConfig {
|
|
|
276
276
|
* ```
|
|
277
277
|
*/
|
|
278
278
|
managementApiExtensions?: ManagementApiExtension[];
|
|
279
|
+
/**
|
|
280
|
+
* Optional privileged control-plane endpoint for the `@authhero/proxy`
|
|
281
|
+
* data plane. When set, mounts `GET /api/v2/proxy/control-plane/hosts/:host`
|
|
282
|
+
* which returns the cross-tenant `ResolvedHost` for the given hostname.
|
|
283
|
+
*
|
|
284
|
+
* This endpoint is read by remote proxy deployments via
|
|
285
|
+
* `createHttpProxyAdapter`. It is **cross-tenant** — gate it with a
|
|
286
|
+
* dedicated credential (shared secret, mTLS, or a JWT scoped to
|
|
287
|
+
* `proxy:resolve_host`), never with a tenant token.
|
|
288
|
+
*/
|
|
289
|
+
proxyControlPlane?: {
|
|
290
|
+
resolveHost: (host: string) => Promise<import("@authhero/proxy").ResolvedHost | null>;
|
|
291
|
+
authenticate: (request: Request) => Promise<boolean> | boolean;
|
|
292
|
+
};
|
|
279
293
|
/**
|
|
280
294
|
* Optional powered-by logo to display at the bottom left of the login widget.
|
|
281
295
|
* This is only configurable in code, not stored in the database.
|
|
@@ -18,13 +18,13 @@ export declare const idTokenSchema: z.ZodObject<{
|
|
|
18
18
|
c_hash: z.ZodOptional<z.ZodString>;
|
|
19
19
|
}, z.core.$loose>;
|
|
20
20
|
export declare const userInfoSchema: z.ZodObject<{
|
|
21
|
-
email: z.ZodOptional<z.ZodString>;
|
|
22
21
|
name: z.ZodOptional<z.ZodString>;
|
|
22
|
+
email: z.ZodOptional<z.ZodString>;
|
|
23
|
+
given_name: z.ZodOptional<z.ZodString>;
|
|
24
|
+
family_name: z.ZodOptional<z.ZodString>;
|
|
23
25
|
sub: z.ZodString;
|
|
24
26
|
iss: z.ZodString;
|
|
25
27
|
aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
|
|
26
28
|
exp: z.ZodNumber;
|
|
27
|
-
given_name: z.ZodOptional<z.ZodString>;
|
|
28
|
-
family_name: z.ZodOptional<z.ZodString>;
|
|
29
29
|
}, z.core.$loose>;
|
|
30
30
|
export type IdToken = z.infer<typeof idTokenSchema>;
|
package/package.json
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
"type": "git",
|
|
12
12
|
"url": "https://github.com/markusahlstrand/authhero"
|
|
13
13
|
},
|
|
14
|
-
"version": "5.
|
|
14
|
+
"version": "5.12.0",
|
|
15
15
|
"files": [
|
|
16
16
|
"dist"
|
|
17
17
|
],
|
|
@@ -62,8 +62,8 @@
|
|
|
62
62
|
"vite": "^8.0.14",
|
|
63
63
|
"vite-plugin-dts": "^4.5.4",
|
|
64
64
|
"vitest": "^4.1.7",
|
|
65
|
-
"@authhero/kysely-adapter": "11.
|
|
66
|
-
"@authhero/widget": "0.32.
|
|
65
|
+
"@authhero/kysely-adapter": "11.5.0",
|
|
66
|
+
"@authhero/widget": "0.32.30"
|
|
67
67
|
},
|
|
68
68
|
"dependencies": {
|
|
69
69
|
"@peculiar/x509": "^1.14.0",
|
|
@@ -81,7 +81,8 @@
|
|
|
81
81
|
"qrcode": "^1.5.4",
|
|
82
82
|
"sanitize-html": "^2.17.4",
|
|
83
83
|
"xstate": "^5.31.1",
|
|
84
|
-
"@authhero/adapter-interfaces": "2.
|
|
84
|
+
"@authhero/adapter-interfaces": "2.8.0",
|
|
85
|
+
"@authhero/proxy": "0.3.0",
|
|
85
86
|
"@authhero/saml": "0.4.1"
|
|
86
87
|
},
|
|
87
88
|
"peerDependencies": {
|