authhero 5.11.0 → 5.12.0

package/dist/types/authentication-flows/passwordless.d.ts

@@ -446,7 +446,7 @@ export declare function passwordlessGrantUser(ctx: Context<{
         custom_login_page_preview?: string | undefined;
         form_template?: string | undefined;
         addons?: Record<string, any> | undefined;
-        token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | "private_key_jwt" | undefined;
+        token_endpoint_auth_method?: "client_secret_post" | "client_secret_basic" | "none" | "client_secret_jwt" | "private_key_jwt" | undefined;
         client_metadata?: Record<string, string> | undefined;
         hide_sign_up_disabled_error?: boolean | undefined;
         mobile?: Record<string, any> | undefined;
@@ -529,8 +529,8 @@ export declare function passwordlessGrantUser(ctx: Context<{
         } | undefined;
         authenticated_at?: string | undefined;
     };
-    connectionType: "email" | "sms" | "username";
-    authConnection: "email" | "sms" | "username";
+    connectionType: "email" | "username" | "sms";
+    authConnection: "email" | "username" | "sms";
     session_id: string | undefined;
     authParams: {
         client_id: string;

package/dist/types/helpers/dcr/metadata-mapping.d.ts

@@ -23,9 +23,9 @@ export declare const dcrRequestSchema: z.ZodObject<{
     grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
     response_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
     token_endpoint_auth_method: z.ZodOptional<z.ZodEnum<{
-        none: "none";
         client_secret_post: "client_secret_post";
         client_secret_basic: "client_secret_basic";
+        none: "none";
         client_secret_jwt: "client_secret_jwt";
         private_key_jwt: "private_key_jwt";
     }>>;

package/dist/types/helpers/users.d.ts

@@ -10,12 +10,40 @@ interface GetUserByProviderParams {
     provider: string;
 }
 export declare function getUserByProvider({ userAdapter, tenant_id, username, provider, }: GetUserByProviderParams): Promise<User | null>;
+/**
+ * Order users by age (oldest first). When account-linking has to choose
+ * which of two matching users should remain primary, the older account
+ * wins — it has the longer history, accrued sessions, and is most likely
+ * the canonical identity the user expects to keep.
+ *
+ * Falls back to `user_id` so the ordering is fully deterministic when
+ * `created_at` is missing or identical (e.g. fixture rows seeded in the
+ * same millisecond).
+ */
+export declare function compareUsersByAge(a: User, b: User): number;
 interface GetPrimaryUserByEmailParams {
     userAdapter: UserDataAdapter;
     tenant_id: string;
     email: string;
 }
 export declare function getPrimaryUserByEmail({ userAdapter, tenant_id, email, }: GetPrimaryUserByEmailParams): Promise<User | undefined>;
+interface RepointPrimaryParams {
+    userAdapter: UserDataAdapter;
+    tenant_id: string;
+    formerPrimary: User;
+    newPrimaryId: string;
+}
+/**
+ * Demote `formerPrimary` to a secondary of `newPrimaryId`. Any users
+ * currently linked to `formerPrimary` are repointed first so the resulting
+ * graph remains a single hop deep — `getPrimaryUserByProvider` and similar
+ * resolvers only follow one `linked_to` step.
+ *
+ * Each write is a single-field `linked_to` update so the user-update
+ * decorator's fast-path bypasses the pre/post hooks and we don't re-enter
+ * the linking logic recursively.
+ */
+export declare function repointPrimary({ userAdapter, tenant_id, formerPrimary, newPrimaryId, }: RepointPrimaryParams): Promise<void>;
 interface GetPrimaryUserByProviderParams {
     userAdapter: UserDataAdapter;
     tenant_id: string;