authhero 5.18.0 → 5.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/dist/assets/u/widget/index.esm.js +1 -1
  2. package/dist/authhero.cjs +136 -129
  3. package/dist/authhero.d.ts +309 -104
  4. package/dist/authhero.mjs +10431 -9866
  5. package/dist/stats.html +1 -1
  6. package/dist/tsconfig.types.tsbuildinfo +1 -1
  7. package/dist/types/authentication-flows/passwordless.d.ts +4 -4
  8. package/dist/types/helpers/consent.d.ts +31 -0
  9. package/dist/types/helpers/control-plane-sync-events.d.ts +67 -0
  10. package/dist/types/helpers/dcr/metadata-mapping.d.ts +1 -1
  11. package/dist/types/helpers/default-destinations.d.ts +11 -0
  12. package/dist/types/helpers/outbox-destinations/control-plane-sync.d.ts +35 -0
  13. package/dist/types/helpers/outbox-destinations/logs.d.ts +2 -0
  14. package/dist/types/index.d.ts +178 -101
  15. package/dist/types/routes/auth-api/index.d.ts +24 -24
  16. package/dist/types/routes/auth-api/passwordless.d.ts +6 -6
  17. package/dist/types/routes/auth-api/register/index.d.ts +2 -2
  18. package/dist/types/routes/auth-api/revoke.d.ts +6 -6
  19. package/dist/types/routes/auth-api/token.d.ts +10 -10
  20. package/dist/types/routes/management-api/action-executions.d.ts +1 -1
  21. package/dist/types/routes/management-api/authentication-methods.d.ts +1 -1
  22. package/dist/types/routes/management-api/branding.d.ts +9 -9
  23. package/dist/types/routes/management-api/clients.d.ts +9 -9
  24. package/dist/types/routes/management-api/connections.d.ts +5 -5
  25. package/dist/types/routes/management-api/custom-domains.d.ts +8 -8
  26. package/dist/types/routes/management-api/email-templates.d.ts +15 -15
  27. package/dist/types/routes/management-api/grants.d.ts +80 -0
  28. package/dist/types/routes/management-api/guardian.d.ts +5 -5
  29. package/dist/types/routes/management-api/index.d.ts +143 -69
  30. package/dist/types/routes/management-api/logs.d.ts +3 -3
  31. package/dist/types/routes/management-api/migration-sources.d.ts +6 -6
  32. package/dist/types/routes/management-api/organizations.d.ts +1 -1
  33. package/dist/types/routes/management-api/prompts.d.ts +4 -4
  34. package/dist/types/routes/management-api/proxy-routes.d.ts +1 -0
  35. package/dist/types/routes/management-api/themes.d.ts +6 -6
  36. package/dist/types/routes/management-api/users.d.ts +2 -2
  37. package/dist/types/routes/proxy-control-plane/index.d.ts +34 -1
  38. package/dist/types/routes/universal-login/common.d.ts +10 -10
  39. package/dist/types/routes/universal-login/flow-api.d.ts +4 -4
  40. package/dist/types/routes/universal-login/identifier.d.ts +2 -2
  41. package/dist/types/routes/universal-login/index.d.ts +2 -2
  42. package/dist/types/routes/universal-login/screens/consent.d.ts +9 -0
  43. package/dist/types/routes/universal-login/u2-index.d.ts +6 -6
  44. package/dist/types/routes/universal-login/u2-routes.d.ts +6 -6
  45. package/dist/types/state-machines/login-session.d.ts +12 -1
  46. package/dist/types/types/AuthHeroConfig.d.ts +26 -0
  47. package/dist/types/types/IdToken.d.ts +1 -1
  48. package/package.json +5 -5
package/dist/types/routes/management-api/logs.d.ts CHANGED
@@ -24,7 +24,7 @@ export declare const logRoutes: OpenAPIHono<{
24
24
  };
25
25
  };
26
26
  output: {
27
- type: "i" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
27
+ type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
28
28
  date: string;
29
29
  isMobile: boolean;
30
30
  log_id: string;
@@ -63,7 +63,7 @@ export declare const logRoutes: OpenAPIHono<{
63
63
  limit: number;
64
64
  length: number;
65
65
  logs: {
66
- type: "i" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
66
+ type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
67
67
  date: string;
68
68
  isMobile: boolean;
69
69
  log_id: string;
@@ -117,7 +117,7 @@ export declare const logRoutes: OpenAPIHono<{
117
117
  };
118
118
  };
119
119
  output: {
120
- type: "i" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
120
+ type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
121
121
  date: string;
122
122
  isMobile: boolean;
123
123
  log_id: string;
package/dist/types/routes/management-api/migration-sources.d.ts CHANGED
@@ -15,7 +15,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
15
15
  created_at: string;
16
16
  updated_at: string;
17
17
  name: string;
18
- provider: "auth0" | "cognito" | "okta" | "oidc";
18
+ provider: "auth0" | "oidc" | "cognito" | "okta";
19
19
  connection: string;
20
20
  enabled: boolean;
21
21
  credentials: {
@@ -47,7 +47,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
47
47
  created_at: string;
48
48
  updated_at: string;
49
49
  name: string;
50
- provider: "auth0" | "cognito" | "okta" | "oidc";
50
+ provider: "auth0" | "oidc" | "cognito" | "okta";
51
51
  connection: string;
52
52
  enabled: boolean;
53
53
  credentials: {
@@ -73,7 +73,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
73
73
  } & {
74
74
  json: {
75
75
  name: string;
76
- provider: "auth0" | "cognito" | "okta" | "oidc";
76
+ provider: "auth0" | "oidc" | "cognito" | "okta";
77
77
  connection: string;
78
78
  credentials: {
79
79
  domain: string;
@@ -90,7 +90,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
90
90
  created_at: string;
91
91
  updated_at: string;
92
92
  name: string;
93
- provider: "auth0" | "cognito" | "okta" | "oidc";
93
+ provider: "auth0" | "oidc" | "cognito" | "okta";
94
94
  connection: string;
95
95
  enabled: boolean;
96
96
  credentials: {
@@ -121,7 +121,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
121
121
  json: {
122
122
  id?: string | undefined;
123
123
  name?: string | undefined;
124
- provider?: "auth0" | "cognito" | "okta" | "oidc" | undefined;
124
+ provider?: "auth0" | "oidc" | "cognito" | "okta" | undefined;
125
125
  connection?: string | undefined;
126
126
  enabled?: boolean | undefined;
127
127
  credentials?: {
@@ -137,7 +137,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
137
137
  created_at: string;
138
138
  updated_at: string;
139
139
  name: string;
140
- provider: "auth0" | "cognito" | "okta" | "oidc";
140
+ provider: "auth0" | "oidc" | "cognito" | "okta";
141
141
  connection: string;
142
142
  enabled: boolean;
143
143
  credentials: {
package/dist/types/routes/management-api/organizations.d.ts CHANGED
@@ -890,8 +890,8 @@ export declare const organizationRoutes: OpenAPIHono<{
890
890
  };
891
891
  } & {
892
892
  json: {
893
- assign_membership_on_login?: boolean | undefined;
894
893
  show_as_button?: boolean | undefined;
894
+ assign_membership_on_login?: boolean | undefined;
895
895
  is_signup_enabled?: boolean | undefined;
896
896
  };
897
897
  };
package/dist/types/routes/management-api/prompts.d.ts CHANGED
@@ -50,7 +50,7 @@ export declare const promptsRoutes: OpenAPIHono<{
50
50
  };
51
51
  };
52
52
  output: {
53
- prompt: "common" | "status" | "organizations" | "signup" | "mfa" | "invitation" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
53
+ prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
54
54
  language: string;
55
55
  }[];
56
56
  outputFormat: "json";
@@ -88,7 +88,7 @@ export declare const promptsRoutes: OpenAPIHono<{
88
88
  $get: {
89
89
  input: {
90
90
  param: {
91
- prompt: "common" | "status" | "organizations" | "signup" | "mfa" | "invitation" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
91
+ prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
92
92
  language: string;
93
93
  };
94
94
  } & {
@@ -110,7 +110,7 @@ export declare const promptsRoutes: OpenAPIHono<{
110
110
  $put: {
111
111
  input: {
112
112
  param: {
113
- prompt: "common" | "status" | "organizations" | "signup" | "mfa" | "invitation" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
113
+ prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
114
114
  language: string;
115
115
  };
116
116
  } & {
@@ -134,7 +134,7 @@ export declare const promptsRoutes: OpenAPIHono<{
134
134
  $delete: {
135
135
  input: {
136
136
  param: {
137
- prompt: "common" | "status" | "organizations" | "signup" | "mfa" | "invitation" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
137
+ prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
138
138
  language: string;
139
139
  };
140
140
  } & {
package/dist/types/routes/management-api/proxy-routes.d.ts CHANGED
@@ -113,6 +113,7 @@ export declare const proxyRoutesRoutes: OpenAPIHono<{
113
113
  type: string;
114
114
  options?: Record<string, unknown> | undefined;
115
115
  }[];
116
+ id?: string | undefined;
116
117
  priority?: number | undefined;
117
118
  };
118
119
  };
package/dist/types/routes/management-api/themes.d.ts CHANGED
@@ -27,7 +27,7 @@ export declare const themesRoutes: OpenAPIHono<{
27
27
  base_focus_color: string;
28
28
  base_hover_color: string;
29
29
  body_text: string;
30
- captcha_widget_theme: "auto" | "light" | "dark";
30
+ captcha_widget_theme: "dark" | "light" | "auto";
31
31
  error: string;
32
32
  header: string;
33
33
  icons: string;
@@ -78,7 +78,7 @@ export declare const themesRoutes: OpenAPIHono<{
78
78
  background_color: string;
79
79
  background_image_url: string;
80
80
  page_layout: "center" | "left" | "right";
81
- logo_placement?: "widget" | "chip" | "none" | undefined;
81
+ logo_placement?: "none" | "widget" | "chip" | undefined;
82
82
  };
83
83
  widget: {
84
84
  header_text_alignment: "center" | "left" | "right";
@@ -117,7 +117,7 @@ export declare const themesRoutes: OpenAPIHono<{
117
117
  base_focus_color: string;
118
118
  base_hover_color: string;
119
119
  body_text: string;
120
- captcha_widget_theme: "auto" | "light" | "dark";
120
+ captcha_widget_theme: "dark" | "light" | "auto";
121
121
  error: string;
122
122
  header: string;
123
123
  icons: string;
@@ -168,7 +168,7 @@ export declare const themesRoutes: OpenAPIHono<{
168
168
  background_color: string;
169
169
  background_image_url: string;
170
170
  page_layout: "center" | "left" | "right";
171
- logo_placement?: "widget" | "chip" | "none" | undefined;
171
+ logo_placement?: "none" | "widget" | "chip" | undefined;
172
172
  };
173
173
  widget: {
174
174
  header_text_alignment: "center" | "left" | "right";
@@ -196,7 +196,7 @@ export declare const themesRoutes: OpenAPIHono<{
196
196
  base_focus_color: string;
197
197
  base_hover_color: string;
198
198
  body_text: string;
199
- captcha_widget_theme: "auto" | "light" | "dark";
199
+ captcha_widget_theme: "dark" | "light" | "auto";
200
200
  error: string;
201
201
  header: string;
202
202
  icons: string;
@@ -247,7 +247,7 @@ export declare const themesRoutes: OpenAPIHono<{
247
247
  background_color: string;
248
248
  background_image_url: string;
249
249
  page_layout: "center" | "left" | "right";
250
- logo_placement?: "widget" | "chip" | "none" | undefined;
250
+ logo_placement?: "none" | "widget" | "chip" | undefined;
251
251
  };
252
252
  widget: {
253
253
  header_text_alignment: "center" | "left" | "right";
package/dist/types/routes/management-api/users.d.ts CHANGED
@@ -737,7 +737,7 @@ export declare const userRoutes: OpenAPIHono<{
737
737
  };
738
738
  };
739
739
  output: {
740
- type: "i" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
740
+ type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
741
741
  date: string;
742
742
  isMobile: boolean;
743
743
  log_id: string;
@@ -776,7 +776,7 @@ export declare const userRoutes: OpenAPIHono<{
776
776
  limit: number;
777
777
  length: number;
778
778
  logs: {
779
- type: "i" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
779
+ type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
780
780
  date: string;
781
781
  isMobile: boolean;
782
782
  log_id: string;
package/dist/types/routes/proxy-control-plane/index.d.ts CHANGED
@@ -1,5 +1,7 @@
1
1
  import { Hono } from "hono";
2
2
  import type { ResolvedHost } from "@authhero/proxy";
3
+ import { CustomDomain, CustomDomainsAdapter, ProxyRoute, ProxyRoutesAdapter } from "@authhero/adapter-interfaces";
4
+ import { SyncEvent } from "../../helpers/control-plane-sync-events";
3
5
  export interface ProxyControlPlaneOptions {
4
6
  /**
5
7
  * Cross-tenant host resolver. Typically delegated to a database adapter's
@@ -14,9 +16,40 @@ export interface ProxyControlPlaneOptions {
14
16
  * scope, …).
15
17
  */
16
18
  authenticate: (request: Request) => Promise<boolean> | boolean;
19
+ /**
20
+ * Optional handler for `POST /sync` — receives `controlplane.sync.*` events
21
+ * emitted by tenant shards via `ControlPlaneSyncDestination` and replicates
22
+ * the mutation into the control-plane data store. When omitted, the
23
+ * `/sync` route is not mounted (control-plane is read-only).
24
+ *
25
+ * Implementations MUST be idempotent: the outbox retries on transient
26
+ * failures even after the receiver applied the change.
27
+ * `createDefaultApplySyncEvents` wires this to a local data adapter with
28
+ * idempotent semantics.
29
+ */
30
+ applySyncEvents?: (events: SyncEvent[]) => Promise<void>;
17
31
  }
18
32
  /**
19
33
  * Returns a Hono app exposing the privileged proxy control-plane endpoint
20
- * `GET /hosts/:host`. Mount under `/api/v2/proxy/control-plane`.
34
+ * `GET /hosts/:host`. When `applySyncEvents` is provided, also exposes
35
+ * `POST /sync` for tenant shards to replicate custom_domains / proxy_routes
36
+ * mutations. Mount under `/api/v2/proxy/control-plane`.
21
37
  */
22
38
  export declare function createProxyControlPlaneApp(options: ProxyControlPlaneOptions): Hono;
39
+ export interface CreateApplySyncEventsOptions {
40
+ customDomains: CustomDomainsAdapter;
41
+ proxyRoutes?: ProxyRoutesAdapter;
42
+ }
43
+ /**
44
+ * Build an idempotent `applySyncEvents` implementation backed by a local
45
+ * `CustomDomainsAdapter` / `ProxyRoutesAdapter`. Handles the three retry
46
+ * shapes the outbox can produce:
47
+ *
48
+ * - duplicate `created` (retry after the previous succeeded but
49
+ * `markProcessed` failed) — falls back to `update`.
50
+ * - `updated` for a row that doesn't exist locally yet (a `created`
51
+ * delivery is still in flight or lost) — falls back to `create`.
52
+ * - `deleted` for a row that's already gone — no-op success.
53
+ */
54
+ export declare function createApplySyncEvents(options: CreateApplySyncEventsOptions): (events: SyncEvent[]) => Promise<void>;
55
+ export type { CustomDomain, ProxyRoute };
package/dist/types/routes/universal-login/common.d.ts CHANGED
@@ -21,7 +21,7 @@ export declare function initJSXRoute(ctx: Context<{
21
21
  base_focus_color: string;
22
22
  base_hover_color: string;
23
23
  body_text: string;
24
- captcha_widget_theme: "auto" | "light" | "dark";
24
+ captcha_widget_theme: "dark" | "light" | "auto";
25
25
  error: string;
26
26
  header: string;
27
27
  icons: string;
@@ -72,7 +72,7 @@ export declare function initJSXRoute(ctx: Context<{
72
72
  background_color: string;
73
73
  background_image_url: string;
74
74
  page_layout: "center" | "left" | "right";
75
- logo_placement?: "widget" | "chip" | "none" | undefined;
75
+ logo_placement?: "none" | "widget" | "chip" | undefined;
76
76
  };
77
77
  widget: {
78
78
  header_text_alignment: "center" | "left" | "right";
@@ -99,7 +99,7 @@ export declare function initJSXRoute(ctx: Context<{
99
99
  font?: {
100
100
  url: string;
101
101
  } | undefined;
102
- dark_mode?: "auto" | "light" | "dark" | undefined;
102
+ dark_mode?: "dark" | "light" | "auto" | undefined;
103
103
  } | null;
104
104
  client: {
105
105
  created_at: string;
@@ -394,7 +394,7 @@ export declare function initJSXRoute(ctx: Context<{
394
394
  } | undefined;
395
395
  } | undefined;
396
396
  passkey_options?: {
397
- challenge_ui?: "button" | "both" | "autofill" | undefined;
397
+ challenge_ui?: "both" | "autofill" | "button" | undefined;
398
398
  local_enrollment_enabled?: boolean | undefined;
399
399
  progressive_enrollment_enabled?: boolean | undefined;
400
400
  } | undefined;
@@ -438,7 +438,7 @@ export declare function initJSXRoute(ctx: Context<{
438
438
  custom_login_page_preview?: string | undefined;
439
439
  form_template?: string | undefined;
440
440
  addons?: Record<string, any> | undefined;
441
- token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | "private_key_jwt" | undefined;
441
+ token_endpoint_auth_method?: "none" | "private_key_jwt" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | undefined;
442
442
  client_metadata?: Record<string, string> | undefined;
443
443
  hide_sign_up_disabled_error?: boolean | undefined;
444
444
  mobile?: Record<string, any> | undefined;
@@ -722,7 +722,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
722
722
  base_focus_color: string;
723
723
  base_hover_color: string;
724
724
  body_text: string;
725
- captcha_widget_theme: "auto" | "light" | "dark";
725
+ captcha_widget_theme: "dark" | "light" | "auto";
726
726
  error: string;
727
727
  header: string;
728
728
  icons: string;
@@ -773,7 +773,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
773
773
  background_color: string;
774
774
  background_image_url: string;
775
775
  page_layout: "center" | "left" | "right";
776
- logo_placement?: "widget" | "chip" | "none" | undefined;
776
+ logo_placement?: "none" | "widget" | "chip" | undefined;
777
777
  };
778
778
  widget: {
779
779
  header_text_alignment: "center" | "left" | "right";
@@ -800,7 +800,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
800
800
  font?: {
801
801
  url: string;
802
802
  } | undefined;
803
- dark_mode?: "auto" | "light" | "dark" | undefined;
803
+ dark_mode?: "dark" | "light" | "auto" | undefined;
804
804
  } | null;
805
805
  client: {
806
806
  created_at: string;
@@ -1095,7 +1095,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
1095
1095
  } | undefined;
1096
1096
  } | undefined;
1097
1097
  passkey_options?: {
1098
- challenge_ui?: "button" | "both" | "autofill" | undefined;
1098
+ challenge_ui?: "both" | "autofill" | "button" | undefined;
1099
1099
  local_enrollment_enabled?: boolean | undefined;
1100
1100
  progressive_enrollment_enabled?: boolean | undefined;
1101
1101
  } | undefined;
@@ -1139,7 +1139,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
1139
1139
  custom_login_page_preview?: string | undefined;
1140
1140
  form_template?: string | undefined;
1141
1141
  addons?: Record<string, any> | undefined;
1142
- token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | "private_key_jwt" | undefined;
1142
+ token_endpoint_auth_method?: "none" | "private_key_jwt" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | undefined;
1143
1143
  client_metadata?: Record<string, string> | undefined;
1144
1144
  hide_sign_up_disabled_error?: boolean | undefined;
1145
1145
  mobile?: Record<string, any> | undefined;
package/dist/types/routes/universal-login/flow-api.d.ts CHANGED
@@ -27,7 +27,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
27
27
  output: {
28
28
  screen: {
29
29
  action: string;
30
- method: "POST" | "GET";
30
+ method: "GET" | "POST";
31
31
  components: {
32
32
  id: string;
33
33
  type: string;
@@ -107,7 +107,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
107
107
  output: {
108
108
  screen: {
109
109
  action: string;
110
- method: "POST" | "GET";
110
+ method: "GET" | "POST";
111
111
  components: {
112
112
  id: string;
113
113
  type: string;
@@ -204,7 +204,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
204
204
  output: {
205
205
  screen: {
206
206
  action: string;
207
- method: "POST" | "GET";
207
+ method: "GET" | "POST";
208
208
  components: {
209
209
  id: string;
210
210
  type: string;
@@ -319,7 +319,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
319
319
  output: {
320
320
  screen: {
321
321
  action: string;
322
- method: "POST" | "GET";
322
+ method: "GET" | "POST";
323
323
  components: {
324
324
  id: string;
325
325
  type: string;
package/dist/types/routes/universal-login/identifier.d.ts CHANGED
@@ -30,7 +30,7 @@ export declare const identifierRoutes: OpenAPIHono<{
30
30
  } & {
31
31
  form: {
32
32
  username: string;
33
- login_selection?: "password" | "code" | undefined;
33
+ login_selection?: "code" | "password" | undefined;
34
34
  };
35
35
  };
36
36
  output: {};
@@ -44,7 +44,7 @@ export declare const identifierRoutes: OpenAPIHono<{
44
44
  } & {
45
45
  form: {
46
46
  username: string;
47
- login_selection?: "password" | "code" | undefined;
47
+ login_selection?: "code" | "password" | undefined;
48
48
  };
49
49
  };
50
50
  output: {};
package/dist/types/routes/universal-login/index.d.ts CHANGED
@@ -515,7 +515,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
515
515
  } & {
516
516
  form: {
517
517
  username: string;
518
- login_selection?: "password" | "code" | undefined;
518
+ login_selection?: "code" | "password" | undefined;
519
519
  };
520
520
  };
521
521
  output: {};
@@ -529,7 +529,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
529
529
  } & {
530
530
  form: {
531
531
  username: string;
532
- login_selection?: "password" | "code" | undefined;
532
+ login_selection?: "code" | "password" | undefined;
533
533
  };
534
534
  };
535
535
  output: {};
package/dist/types/routes/universal-login/screens/consent.d.ts ADDED
@@ -0,0 +1,9 @@
1
+ /**
2
+ * OAuth Consent screen — shown for third-party clients when they request
3
+ * non-basic scopes the user has not previously consented to.
4
+ *
5
+ * Corresponds to: /u2/consent
6
+ */
7
+ import type { ScreenContext, ScreenResult, ScreenDefinition } from "./types";
8
+ export declare function consentScreen(context: ScreenContext): Promise<ScreenResult>;
9
+ export declare const consentScreenDefinition: ScreenDefinition;
package/dist/types/routes/universal-login/u2-index.d.ts CHANGED
@@ -165,7 +165,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
165
165
  $get: {
166
166
  input: {
167
167
  param: {
168
- screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
168
+ screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
169
169
  };
170
170
  } & {
171
171
  query: {
@@ -181,7 +181,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
181
181
  } | {
182
182
  input: {
183
183
  param: {
184
- screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
184
+ screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
185
185
  };
186
186
  } & {
187
187
  query: {
@@ -197,7 +197,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
197
197
  } | {
198
198
  input: {
199
199
  param: {
200
- screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
200
+ screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
201
201
  };
202
202
  } & {
203
203
  query: {
@@ -217,7 +217,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
217
217
  $post: {
218
218
  input: {
219
219
  param: {
220
- screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
220
+ screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
221
221
  };
222
222
  } & {
223
223
  query: {
@@ -235,7 +235,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
235
235
  } | {
236
236
  input: {
237
237
  param: {
238
- screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
238
+ screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
239
239
  };
240
240
  } & {
241
241
  query: {
@@ -253,7 +253,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
253
253
  } | {
254
254
  input: {
255
255
  param: {
256
- screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
256
+ screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
257
257
  };
258
258
  } & {
259
259
  query: {