authhero 5.17.1 → 5.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/u/widget/authhero-widget.esm.js +1 -1
- package/dist/assets/u/widget/index.esm.js +1 -1
- package/dist/assets/u/widget/p-35c8b265.entry.js +1 -0
- package/dist/authhero.cjs +139 -136
- package/dist/authhero.d.ts +425 -194
- package/dist/authhero.mjs +10490 -9833
- package/dist/stats.html +1 -1
- package/dist/tsconfig.types.tsbuildinfo +1 -1
- package/dist/types/authentication-flows/passwordless.d.ts +3 -3
- package/dist/types/emails/defaults/Layout.d.ts +3 -3
- package/dist/types/emails/defaults/PrimaryButton.d.ts +5 -2
- package/dist/types/helpers/consent.d.ts +31 -0
- package/dist/types/helpers/control-plane-sync-events.d.ts +67 -0
- package/dist/types/helpers/dcr/metadata-mapping.d.ts +1 -1
- package/dist/types/helpers/default-destinations.d.ts +11 -0
- package/dist/types/helpers/outbox-destinations/control-plane-sync.d.ts +35 -0
- package/dist/types/helpers/outbox-destinations/logs.d.ts +2 -0
- package/dist/types/index.d.ts +285 -191
- package/dist/types/middlewares/index.d.ts +3 -0
- package/dist/types/middlewares/prefer.d.ts +12 -0
- package/dist/types/routes/auth-api/index.d.ts +26 -26
- package/dist/types/routes/auth-api/passwordless.d.ts +14 -14
- package/dist/types/routes/auth-api/register/index.d.ts +2 -2
- package/dist/types/routes/auth-api/token.d.ts +10 -10
- package/dist/types/routes/management-api/action-executions.d.ts +1 -1
- package/dist/types/routes/management-api/authentication-methods.d.ts +1 -1
- package/dist/types/routes/management-api/clients.d.ts +7 -7
- package/dist/types/routes/management-api/connections.d.ts +1 -1
- package/dist/types/routes/management-api/email-templates.d.ts +31 -14
- package/dist/types/routes/management-api/forms.d.ts +119 -119
- package/dist/types/routes/management-api/grants.d.ts +80 -0
- package/dist/types/routes/management-api/guardian.d.ts +5 -5
- package/dist/types/routes/management-api/index.d.ts +250 -159
- package/dist/types/routes/management-api/logs.d.ts +3 -3
- package/dist/types/routes/management-api/organizations.d.ts +2 -2
- package/dist/types/routes/management-api/prompts.d.ts +4 -4
- package/dist/types/routes/management-api/proxy-routes.d.ts +1 -0
- package/dist/types/routes/management-api/users.d.ts +2 -2
- package/dist/types/routes/proxy-control-plane/index.d.ts +34 -1
- package/dist/types/routes/universal-login/common.d.ts +2 -2
- package/dist/types/routes/universal-login/flow-api.d.ts +12 -12
- package/dist/types/routes/universal-login/screens/consent.d.ts +9 -0
- package/dist/types/routes/universal-login/u2-index.d.ts +6 -6
- package/dist/types/routes/universal-login/u2-routes.d.ts +6 -6
- package/dist/types/state-machines/login-session.d.ts +12 -1
- package/dist/types/types/AuthHeroConfig.d.ts +26 -0
- package/dist/types/types/IdToken.d.ts +1 -1
- package/dist/types/types/Variables.d.ts +2 -0
- package/package.json +5 -5
- package/dist/assets/u/widget/p-f0f9eca3.entry.js +0 -1
|
@@ -24,7 +24,7 @@ export declare const logRoutes: OpenAPIHono<{
|
|
|
24
24
|
};
|
|
25
25
|
};
|
|
26
26
|
output: {
|
|
27
|
-
type: "
|
|
27
|
+
type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
|
|
28
28
|
date: string;
|
|
29
29
|
isMobile: boolean;
|
|
30
30
|
log_id: string;
|
|
@@ -63,7 +63,7 @@ export declare const logRoutes: OpenAPIHono<{
|
|
|
63
63
|
limit: number;
|
|
64
64
|
length: number;
|
|
65
65
|
logs: {
|
|
66
|
-
type: "
|
|
66
|
+
type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
|
|
67
67
|
date: string;
|
|
68
68
|
isMobile: boolean;
|
|
69
69
|
log_id: string;
|
|
@@ -117,7 +117,7 @@ export declare const logRoutes: OpenAPIHono<{
|
|
|
117
117
|
};
|
|
118
118
|
};
|
|
119
119
|
output: {
|
|
120
|
-
type: "
|
|
120
|
+
type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
|
|
121
121
|
date: string;
|
|
122
122
|
isMobile: boolean;
|
|
123
123
|
log_id: string;
|
|
@@ -483,7 +483,7 @@ export declare const organizationRoutes: OpenAPIHono<{
|
|
|
483
483
|
};
|
|
484
484
|
output: {};
|
|
485
485
|
outputFormat: string;
|
|
486
|
-
status:
|
|
486
|
+
status: 204;
|
|
487
487
|
};
|
|
488
488
|
};
|
|
489
489
|
} & {
|
|
@@ -702,10 +702,10 @@ export declare const organizationRoutes: OpenAPIHono<{
|
|
|
702
702
|
invitee: {
|
|
703
703
|
email?: string | undefined;
|
|
704
704
|
};
|
|
705
|
+
id?: string | undefined;
|
|
705
706
|
app_metadata?: Record<string, any> | undefined;
|
|
706
707
|
user_metadata?: Record<string, any> | undefined;
|
|
707
708
|
connection_id?: string | undefined;
|
|
708
|
-
id?: string | undefined;
|
|
709
709
|
roles?: string[] | undefined;
|
|
710
710
|
ttl_sec?: number | undefined;
|
|
711
711
|
send_invitation_email?: boolean | undefined;
|
|
@@ -50,7 +50,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
50
50
|
};
|
|
51
51
|
};
|
|
52
52
|
output: {
|
|
53
|
-
prompt: "
|
|
53
|
+
prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
54
54
|
language: string;
|
|
55
55
|
}[];
|
|
56
56
|
outputFormat: "json";
|
|
@@ -88,7 +88,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
88
88
|
$get: {
|
|
89
89
|
input: {
|
|
90
90
|
param: {
|
|
91
|
-
prompt: "
|
|
91
|
+
prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
92
92
|
language: string;
|
|
93
93
|
};
|
|
94
94
|
} & {
|
|
@@ -110,7 +110,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
110
110
|
$put: {
|
|
111
111
|
input: {
|
|
112
112
|
param: {
|
|
113
|
-
prompt: "
|
|
113
|
+
prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
114
114
|
language: string;
|
|
115
115
|
};
|
|
116
116
|
} & {
|
|
@@ -134,7 +134,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
134
134
|
$delete: {
|
|
135
135
|
input: {
|
|
136
136
|
param: {
|
|
137
|
-
prompt: "
|
|
137
|
+
prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
138
138
|
language: string;
|
|
139
139
|
};
|
|
140
140
|
} & {
|
|
@@ -737,7 +737,7 @@ export declare const userRoutes: OpenAPIHono<{
|
|
|
737
737
|
};
|
|
738
738
|
};
|
|
739
739
|
output: {
|
|
740
|
-
type: "
|
|
740
|
+
type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
|
|
741
741
|
date: string;
|
|
742
742
|
isMobile: boolean;
|
|
743
743
|
log_id: string;
|
|
@@ -776,7 +776,7 @@ export declare const userRoutes: OpenAPIHono<{
|
|
|
776
776
|
limit: number;
|
|
777
777
|
length: number;
|
|
778
778
|
logs: {
|
|
779
|
-
type: "
|
|
779
|
+
type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
|
|
780
780
|
date: string;
|
|
781
781
|
isMobile: boolean;
|
|
782
782
|
log_id: string;
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import { Hono } from "hono";
|
|
2
2
|
import type { ResolvedHost } from "@authhero/proxy";
|
|
3
|
+
import { CustomDomain, CustomDomainsAdapter, ProxyRoute, ProxyRoutesAdapter } from "@authhero/adapter-interfaces";
|
|
4
|
+
import { SyncEvent } from "../../helpers/control-plane-sync-events";
|
|
3
5
|
export interface ProxyControlPlaneOptions {
|
|
4
6
|
/**
|
|
5
7
|
* Cross-tenant host resolver. Typically delegated to a database adapter's
|
|
@@ -14,9 +16,40 @@ export interface ProxyControlPlaneOptions {
|
|
|
14
16
|
* scope, …).
|
|
15
17
|
*/
|
|
16
18
|
authenticate: (request: Request) => Promise<boolean> | boolean;
|
|
19
|
+
/**
|
|
20
|
+
* Optional handler for `POST /sync` — receives `controlplane.sync.*` events
|
|
21
|
+
* emitted by tenant shards via `ControlPlaneSyncDestination` and replicates
|
|
22
|
+
* the mutation into the control-plane data store. When omitted, the
|
|
23
|
+
* `/sync` route is not mounted (control-plane is read-only).
|
|
24
|
+
*
|
|
25
|
+
* Implementations MUST be idempotent: the outbox retries on transient
|
|
26
|
+
* failures even after the receiver applied the change.
|
|
27
|
+
* `createDefaultApplySyncEvents` wires this to a local data adapter with
|
|
28
|
+
* idempotent semantics.
|
|
29
|
+
*/
|
|
30
|
+
applySyncEvents?: (events: SyncEvent[]) => Promise<void>;
|
|
17
31
|
}
|
|
18
32
|
/**
|
|
19
33
|
* Returns a Hono app exposing the privileged proxy control-plane endpoint
|
|
20
|
-
* `GET /hosts/:host`.
|
|
34
|
+
* `GET /hosts/:host`. When `applySyncEvents` is provided, also exposes
|
|
35
|
+
* `POST /sync` for tenant shards to replicate custom_domains / proxy_routes
|
|
36
|
+
* mutations. Mount under `/api/v2/proxy/control-plane`.
|
|
21
37
|
*/
|
|
22
38
|
export declare function createProxyControlPlaneApp(options: ProxyControlPlaneOptions): Hono;
|
|
39
|
+
export interface CreateApplySyncEventsOptions {
|
|
40
|
+
customDomains: CustomDomainsAdapter;
|
|
41
|
+
proxyRoutes?: ProxyRoutesAdapter;
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Build an idempotent `applySyncEvents` implementation backed by a local
|
|
45
|
+
* `CustomDomainsAdapter` / `ProxyRoutesAdapter`. Handles the three retry
|
|
46
|
+
* shapes the outbox can produce:
|
|
47
|
+
*
|
|
48
|
+
* - duplicate `created` (retry after the previous succeeded but
|
|
49
|
+
* `markProcessed` failed) — falls back to `update`.
|
|
50
|
+
* - `updated` for a row that doesn't exist locally yet (a `created`
|
|
51
|
+
* delivery is still in flight or lost) — falls back to `create`.
|
|
52
|
+
* - `deleted` for a row that's already gone — no-op success.
|
|
53
|
+
*/
|
|
54
|
+
export declare function createApplySyncEvents(options: CreateApplySyncEventsOptions): (events: SyncEvent[]) => Promise<void>;
|
|
55
|
+
export type { CustomDomain, ProxyRoute };
|
|
@@ -438,7 +438,7 @@ export declare function initJSXRoute(ctx: Context<{
|
|
|
438
438
|
custom_login_page_preview?: string | undefined;
|
|
439
439
|
form_template?: string | undefined;
|
|
440
440
|
addons?: Record<string, any> | undefined;
|
|
441
|
-
token_endpoint_auth_method?: "none" | "
|
|
441
|
+
token_endpoint_auth_method?: "none" | "private_key_jwt" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | undefined;
|
|
442
442
|
client_metadata?: Record<string, string> | undefined;
|
|
443
443
|
hide_sign_up_disabled_error?: boolean | undefined;
|
|
444
444
|
mobile?: Record<string, any> | undefined;
|
|
@@ -1139,7 +1139,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
|
|
|
1139
1139
|
custom_login_page_preview?: string | undefined;
|
|
1140
1140
|
form_template?: string | undefined;
|
|
1141
1141
|
addons?: Record<string, any> | undefined;
|
|
1142
|
-
token_endpoint_auth_method?: "none" | "
|
|
1142
|
+
token_endpoint_auth_method?: "none" | "private_key_jwt" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | undefined;
|
|
1143
1143
|
client_metadata?: Record<string, string> | undefined;
|
|
1144
1144
|
hide_sign_up_disabled_error?: boolean | undefined;
|
|
1145
1145
|
mobile?: Record<string, any> | undefined;
|
|
@@ -27,7 +27,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
27
27
|
output: {
|
|
28
28
|
screen: {
|
|
29
29
|
action: string;
|
|
30
|
-
method: "
|
|
30
|
+
method: "GET" | "POST";
|
|
31
31
|
components: {
|
|
32
32
|
id: string;
|
|
33
33
|
type: string;
|
|
@@ -43,7 +43,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
43
43
|
hint?: string | undefined;
|
|
44
44
|
messages?: {
|
|
45
45
|
text: string;
|
|
46
|
-
type: "
|
|
46
|
+
type: "error" | "success" | "info" | "warning";
|
|
47
47
|
id?: number | undefined;
|
|
48
48
|
}[] | undefined;
|
|
49
49
|
}[];
|
|
@@ -51,7 +51,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
51
51
|
description?: string | undefined;
|
|
52
52
|
messages?: {
|
|
53
53
|
text: string;
|
|
54
|
-
type: "
|
|
54
|
+
type: "error" | "success" | "info" | "warning";
|
|
55
55
|
id?: number | undefined;
|
|
56
56
|
}[] | undefined;
|
|
57
57
|
links?: {
|
|
@@ -107,7 +107,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
107
107
|
output: {
|
|
108
108
|
screen: {
|
|
109
109
|
action: string;
|
|
110
|
-
method: "
|
|
110
|
+
method: "GET" | "POST";
|
|
111
111
|
components: {
|
|
112
112
|
id: string;
|
|
113
113
|
type: string;
|
|
@@ -123,7 +123,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
123
123
|
hint?: string | undefined;
|
|
124
124
|
messages?: {
|
|
125
125
|
text: string;
|
|
126
|
-
type: "
|
|
126
|
+
type: "error" | "success" | "info" | "warning";
|
|
127
127
|
id?: number | undefined;
|
|
128
128
|
}[] | undefined;
|
|
129
129
|
}[];
|
|
@@ -131,7 +131,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
131
131
|
description?: string | undefined;
|
|
132
132
|
messages?: {
|
|
133
133
|
text: string;
|
|
134
|
-
type: "
|
|
134
|
+
type: "error" | "success" | "info" | "warning";
|
|
135
135
|
id?: number | undefined;
|
|
136
136
|
}[] | undefined;
|
|
137
137
|
links?: {
|
|
@@ -204,7 +204,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
204
204
|
output: {
|
|
205
205
|
screen: {
|
|
206
206
|
action: string;
|
|
207
|
-
method: "
|
|
207
|
+
method: "GET" | "POST";
|
|
208
208
|
components: {
|
|
209
209
|
id: string;
|
|
210
210
|
type: string;
|
|
@@ -220,7 +220,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
220
220
|
hint?: string | undefined;
|
|
221
221
|
messages?: {
|
|
222
222
|
text: string;
|
|
223
|
-
type: "
|
|
223
|
+
type: "error" | "success" | "info" | "warning";
|
|
224
224
|
id?: number | undefined;
|
|
225
225
|
}[] | undefined;
|
|
226
226
|
}[];
|
|
@@ -228,7 +228,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
228
228
|
description?: string | undefined;
|
|
229
229
|
messages?: {
|
|
230
230
|
text: string;
|
|
231
|
-
type: "
|
|
231
|
+
type: "error" | "success" | "info" | "warning";
|
|
232
232
|
id?: number | undefined;
|
|
233
233
|
}[] | undefined;
|
|
234
234
|
links?: {
|
|
@@ -319,7 +319,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
319
319
|
output: {
|
|
320
320
|
screen: {
|
|
321
321
|
action: string;
|
|
322
|
-
method: "
|
|
322
|
+
method: "GET" | "POST";
|
|
323
323
|
components: {
|
|
324
324
|
id: string;
|
|
325
325
|
type: string;
|
|
@@ -335,7 +335,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
335
335
|
hint?: string | undefined;
|
|
336
336
|
messages?: {
|
|
337
337
|
text: string;
|
|
338
|
-
type: "
|
|
338
|
+
type: "error" | "success" | "info" | "warning";
|
|
339
339
|
id?: number | undefined;
|
|
340
340
|
}[] | undefined;
|
|
341
341
|
}[];
|
|
@@ -343,7 +343,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
343
343
|
description?: string | undefined;
|
|
344
344
|
messages?: {
|
|
345
345
|
text: string;
|
|
346
|
-
type: "
|
|
346
|
+
type: "error" | "success" | "info" | "warning";
|
|
347
347
|
id?: number | undefined;
|
|
348
348
|
}[] | undefined;
|
|
349
349
|
links?: {
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OAuth Consent screen — shown for third-party clients when they request
|
|
3
|
+
* non-basic scopes the user has not previously consented to.
|
|
4
|
+
*
|
|
5
|
+
* Corresponds to: /u2/consent
|
|
6
|
+
*/
|
|
7
|
+
import type { ScreenContext, ScreenResult, ScreenDefinition } from "./types";
|
|
8
|
+
export declare function consentScreen(context: ScreenContext): Promise<ScreenResult>;
|
|
9
|
+
export declare const consentScreenDefinition: ScreenDefinition;
|
|
@@ -165,7 +165,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
165
165
|
$get: {
|
|
166
166
|
input: {
|
|
167
167
|
param: {
|
|
168
|
-
screen: "signup" | "
|
|
168
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
169
169
|
};
|
|
170
170
|
} & {
|
|
171
171
|
query: {
|
|
@@ -181,7 +181,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
181
181
|
} | {
|
|
182
182
|
input: {
|
|
183
183
|
param: {
|
|
184
|
-
screen: "signup" | "
|
|
184
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
185
185
|
};
|
|
186
186
|
} & {
|
|
187
187
|
query: {
|
|
@@ -197,7 +197,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
197
197
|
} | {
|
|
198
198
|
input: {
|
|
199
199
|
param: {
|
|
200
|
-
screen: "signup" | "
|
|
200
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
201
201
|
};
|
|
202
202
|
} & {
|
|
203
203
|
query: {
|
|
@@ -217,7 +217,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
217
217
|
$post: {
|
|
218
218
|
input: {
|
|
219
219
|
param: {
|
|
220
|
-
screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
220
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
221
221
|
};
|
|
222
222
|
} & {
|
|
223
223
|
query: {
|
|
@@ -235,7 +235,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
235
235
|
} | {
|
|
236
236
|
input: {
|
|
237
237
|
param: {
|
|
238
|
-
screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
238
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
239
239
|
};
|
|
240
240
|
} & {
|
|
241
241
|
query: {
|
|
@@ -253,7 +253,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
253
253
|
} | {
|
|
254
254
|
input: {
|
|
255
255
|
param: {
|
|
256
|
-
screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
256
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
257
257
|
};
|
|
258
258
|
} & {
|
|
259
259
|
query: {
|
|
@@ -170,7 +170,7 @@ export declare const u2Routes: OpenAPIHono<{
|
|
|
170
170
|
$get: {
|
|
171
171
|
input: {
|
|
172
172
|
param: {
|
|
173
|
-
screen: "signup" | "
|
|
173
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
174
174
|
};
|
|
175
175
|
} & {
|
|
176
176
|
query: {
|
|
@@ -186,7 +186,7 @@ export declare const u2Routes: OpenAPIHono<{
|
|
|
186
186
|
} | {
|
|
187
187
|
input: {
|
|
188
188
|
param: {
|
|
189
|
-
screen: "signup" | "
|
|
189
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
190
190
|
};
|
|
191
191
|
} & {
|
|
192
192
|
query: {
|
|
@@ -202,7 +202,7 @@ export declare const u2Routes: OpenAPIHono<{
|
|
|
202
202
|
} | {
|
|
203
203
|
input: {
|
|
204
204
|
param: {
|
|
205
|
-
screen: "signup" | "
|
|
205
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
206
206
|
};
|
|
207
207
|
} & {
|
|
208
208
|
query: {
|
|
@@ -222,7 +222,7 @@ export declare const u2Routes: OpenAPIHono<{
|
|
|
222
222
|
$post: {
|
|
223
223
|
input: {
|
|
224
224
|
param: {
|
|
225
|
-
screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
225
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
226
226
|
};
|
|
227
227
|
} & {
|
|
228
228
|
query: {
|
|
@@ -240,7 +240,7 @@ export declare const u2Routes: OpenAPIHono<{
|
|
|
240
240
|
} | {
|
|
241
241
|
input: {
|
|
242
242
|
param: {
|
|
243
|
-
screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
243
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
244
244
|
};
|
|
245
245
|
} & {
|
|
246
246
|
query: {
|
|
@@ -258,7 +258,7 @@ export declare const u2Routes: OpenAPIHono<{
|
|
|
258
258
|
} | {
|
|
259
259
|
input: {
|
|
260
260
|
param: {
|
|
261
|
-
screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
261
|
+
screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
|
|
262
262
|
};
|
|
263
263
|
} & {
|
|
264
264
|
query: {
|
|
@@ -22,6 +22,8 @@ export declare enum LoginSessionEventType {
|
|
|
22
22
|
REQUIRE_EMAIL_VERIFICATION = "REQUIRE_EMAIL_VERIFICATION",
|
|
23
23
|
REQUIRE_MFA = "REQUIRE_MFA",
|
|
24
24
|
COMPLETE_MFA = "COMPLETE_MFA",
|
|
25
|
+
REQUIRE_CONSENT = "REQUIRE_CONSENT",
|
|
26
|
+
COMPLETE_CONSENT = "COMPLETE_CONSENT",
|
|
25
27
|
START_HOOK = "START_HOOK",
|
|
26
28
|
COMPLETE_HOOK = "COMPLETE_HOOK",
|
|
27
29
|
START_CONTINUATION = "START_CONTINUATION",
|
|
@@ -42,6 +44,10 @@ export type LoginSessionEvent = {
|
|
|
42
44
|
type: LoginSessionEventType.REQUIRE_MFA;
|
|
43
45
|
} | {
|
|
44
46
|
type: LoginSessionEventType.COMPLETE_MFA;
|
|
47
|
+
} | {
|
|
48
|
+
type: LoginSessionEventType.REQUIRE_CONSENT;
|
|
49
|
+
} | {
|
|
50
|
+
type: LoginSessionEventType.COMPLETE_CONSENT;
|
|
45
51
|
} | {
|
|
46
52
|
type: LoginSessionEventType.START_HOOK;
|
|
47
53
|
hookId?: string;
|
|
@@ -95,6 +101,10 @@ export declare const loginSessionMachine: import("xstate").StateMachine<LoginSes
|
|
|
95
101
|
type: LoginSessionEventType.REQUIRE_MFA;
|
|
96
102
|
} | {
|
|
97
103
|
type: LoginSessionEventType.COMPLETE_MFA;
|
|
104
|
+
} | {
|
|
105
|
+
type: LoginSessionEventType.REQUIRE_CONSENT;
|
|
106
|
+
} | {
|
|
107
|
+
type: LoginSessionEventType.COMPLETE_CONSENT;
|
|
98
108
|
} | {
|
|
99
109
|
type: LoginSessionEventType.START_HOOK;
|
|
100
110
|
hookId?: string;
|
|
@@ -130,13 +140,14 @@ export declare const loginSessionMachine: import("xstate").StateMachine<LoginSes
|
|
|
130
140
|
} | {
|
|
131
141
|
type: "setFailureReason";
|
|
132
142
|
params: import("xstate").NonReducibleUnknown;
|
|
133
|
-
}, never, never, "pending" | "failed" | "authenticated" | "expired" | "awaiting_email_verification" | "awaiting_mfa" | "awaiting_hook" | "awaiting_continuation" | "completed", string, import("xstate").NonReducibleUnknown, import("xstate").NonReducibleUnknown, import("xstate").EventObject, import("xstate").MetaObject, {
|
|
143
|
+
}, never, never, "pending" | "failed" | "authenticated" | "expired" | "awaiting_email_verification" | "awaiting_mfa" | "awaiting_consent" | "awaiting_hook" | "awaiting_continuation" | "completed", string, import("xstate").NonReducibleUnknown, import("xstate").NonReducibleUnknown, import("xstate").EventObject, import("xstate").MetaObject, {
|
|
134
144
|
id: "loginSession";
|
|
135
145
|
states: {
|
|
136
146
|
readonly pending: {};
|
|
137
147
|
readonly authenticated: {};
|
|
138
148
|
readonly awaiting_email_verification: {};
|
|
139
149
|
readonly awaiting_mfa: {};
|
|
150
|
+
readonly awaiting_consent: {};
|
|
140
151
|
readonly awaiting_hook: {};
|
|
141
152
|
readonly awaiting_continuation: {};
|
|
142
153
|
readonly completed: {};
|