npm - authhero - Versions diffs - 5.18.0 → 5.19.0 - Mend

authhero 5.18.0 → 5.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/dist/types/routes/universal-login/u2-routes.d.ts CHANGED Viewed

@@ -170,7 +170,7 @@ export declare const u2Routes: OpenAPIHono<{
         $get: {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -186,7 +186,7 @@ export declare const u2Routes: OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -202,7 +202,7 @@ export declare const u2Routes: OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -222,7 +222,7 @@ export declare const u2Routes: OpenAPIHono<{
         $post: {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -240,7 +240,7 @@ export declare const u2Routes: OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -258,7 +258,7 @@ export declare const u2Routes: OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {

package/dist/types/state-machines/login-session.d.ts CHANGED Viewed

@@ -22,6 +22,8 @@ export declare enum LoginSessionEventType {
     REQUIRE_EMAIL_VERIFICATION = "REQUIRE_EMAIL_VERIFICATION",
     REQUIRE_MFA = "REQUIRE_MFA",
     COMPLETE_MFA = "COMPLETE_MFA",
+    REQUIRE_CONSENT = "REQUIRE_CONSENT",
+    COMPLETE_CONSENT = "COMPLETE_CONSENT",
     START_HOOK = "START_HOOK",
     COMPLETE_HOOK = "COMPLETE_HOOK",
     START_CONTINUATION = "START_CONTINUATION",
@@ -42,6 +44,10 @@ export type LoginSessionEvent = {
     type: LoginSessionEventType.REQUIRE_MFA;
 } | {
     type: LoginSessionEventType.COMPLETE_MFA;
+} | {
+    type: LoginSessionEventType.REQUIRE_CONSENT;
+} | {
+    type: LoginSessionEventType.COMPLETE_CONSENT;
 } | {
     type: LoginSessionEventType.START_HOOK;
     hookId?: string;
@@ -95,6 +101,10 @@ export declare const loginSessionMachine: import("xstate").StateMachine<LoginSes
     type: LoginSessionEventType.REQUIRE_MFA;
 } | {
     type: LoginSessionEventType.COMPLETE_MFA;
+} | {
+    type: LoginSessionEventType.REQUIRE_CONSENT;
+} | {
+    type: LoginSessionEventType.COMPLETE_CONSENT;
 } | {
     type: LoginSessionEventType.START_HOOK;
     hookId?: string;
@@ -130,13 +140,14 @@ export declare const loginSessionMachine: import("xstate").StateMachine<LoginSes
 } | {
     type: "setFailureReason";
     params: import("xstate").NonReducibleUnknown;
-}, never, never, "pending" | "failed" | "authenticated" | "expired" | "awaiting_email_verification" | "awaiting_mfa" | "awaiting_hook" | "awaiting_continuation" | "completed", string, import("xstate").NonReducibleUnknown, import("xstate").NonReducibleUnknown, import("xstate").EventObject, import("xstate").MetaObject, {
+}, never, never, "pending" | "failed" | "authenticated" | "expired" | "awaiting_email_verification" | "awaiting_mfa" | "awaiting_consent" | "awaiting_hook" | "awaiting_continuation" | "completed", string, import("xstate").NonReducibleUnknown, import("xstate").NonReducibleUnknown, import("xstate").EventObject, import("xstate").MetaObject, {
     id: "loginSession";
     states: {
         readonly pending: {};
         readonly authenticated: {};
         readonly awaiting_email_verification: {};
         readonly awaiting_mfa: {};
+        readonly awaiting_consent: {};
         readonly awaiting_hook: {};
         readonly awaiting_continuation: {};
         readonly completed: {};

package/dist/types/types/AuthHeroConfig.d.ts CHANGED Viewed

@@ -290,6 +290,32 @@ export interface AuthHeroConfig {
     proxyControlPlane?: {
         resolveHost: (host: string) => Promise<import("@authhero/proxy").ResolvedHost | null>;
         authenticate: (request: Request) => Promise<boolean> | boolean;
+        /**
+         * Optional receiver for `POST /sync` events emitted by tenant shards via
+         * the `ControlPlaneSyncDestination`. Mount on the control-plane authhero
+         * instance only. Implementations MUST be idempotent — the outbox retries
+         * on transient failures. Use `createApplySyncEvents({ customDomains,
+         * proxyRoutes })` (exported from `authhero`) for the default
+         * adapter-backed implementation.
+         */
+        applySyncEvents?: (events: import("../helpers/control-plane-sync-events").SyncEvent[]) => Promise<void>;
+    };
+    /**
+     * Optional outbox-driven replication of `custom_domains` and `proxy_routes`
+     * mutations to a global proxy control plane. When set, every successful
+     * write on this tenant shard enqueues a `controlplane.sync.*` outbox event;
+     * the `ControlPlaneSyncDestination` POSTs each event to
+     * `${baseUrl}/api/v2/proxy/control-plane/sync`. Requires the outbox to be
+     * enabled (`outbox: { enabled: true }`).
+     *
+     * Leave unset for single-DB deployments — the proxy reads the same database
+     * the management API writes to, so replication is unnecessary.
+     */
+    controlPlaneSync?: {
+        /** Base URL of the control-plane authhero instance. */
+        baseUrl: string;
+        /** Per-request timeout for the sync POST (default: 10_000ms). */
+        timeoutMs?: number;
     };
     /**
      * Optional powered-by logo to display at the bottom left of the login widget.

package/dist/types/types/IdToken.d.ts CHANGED Viewed

@@ -18,12 +18,12 @@ export declare const idTokenSchema: z.ZodObject<{
     c_hash: z.ZodOptional<z.ZodString>;
 }, z.core.$loose>;
 export declare const userInfoSchema: z.ZodObject<{
-    sub: z.ZodString;
     name: z.ZodOptional<z.ZodString>;
     email: z.ZodOptional<z.ZodString>;
     given_name: z.ZodOptional<z.ZodString>;
     family_name: z.ZodOptional<z.ZodString>;
     iss: z.ZodString;
+    sub: z.ZodString;
     aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
     exp: z.ZodNumber;
 }, z.core.$loose>;

package/package.json CHANGED Viewed

@@ -11,7 +11,7 @@
     "type": "git",
     "url": "https://github.com/markusahlstrand/authhero"
   },
-  "version": "5.18.0",
+  "version": "5.19.0",
   "files": [
     "dist"
   ],
@@ -62,8 +62,8 @@
     "vite": "^8.0.14",
     "vite-plugin-dts": "^4.5.4",
     "vitest": "^4.1.7",
-    "@authhero/kysely-adapter": "11.5.4",
-    "@authhero/widget": "0.32.34"
+    "@authhero/kysely-adapter": "11.6.0",
+    "@authhero/widget": "0.32.35"
   },
   "dependencies": {
     "@peculiar/x509": "^1.14.0",
@@ -81,8 +81,8 @@
     "qrcode": "^1.5.4",
     "sanitize-html": "^2.17.4",
     "xstate": "^5.31.1",
-    "@authhero/adapter-interfaces": "2.10.0",
-    "@authhero/proxy": "0.4.0",
+    "@authhero/adapter-interfaces": "2.11.0",
+    "@authhero/proxy": "0.4.1",
     "@authhero/saml": "0.4.1"
   },
   "peerDependencies": {