authhero 5.18.0 → 5.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/u/widget/index.esm.js +1 -1
- package/dist/authhero.cjs +2729 -128
- package/dist/authhero.d.ts +602 -230
- package/dist/authhero.mjs +10757 -9901
- package/dist/stats.html +1 -1
- package/dist/tsconfig.types.tsbuildinfo +1 -1
- package/dist/types/authentication-flows/common.d.ts +8 -0
- package/dist/types/authentication-flows/passwordless.d.ts +1 -1
- package/dist/types/authentication-flows/token-exchange.d.ts +19 -0
- package/dist/types/emails/defaults/BlockedAccount.d.ts +1 -0
- package/dist/types/emails/defaults/ChangePassword.d.ts +6 -0
- package/dist/types/emails/defaults/EnrollmentEmail.d.ts +1 -0
- package/dist/types/emails/defaults/MfaOobCode.d.ts +1 -0
- package/dist/types/emails/defaults/PasswordReset.d.ts +5 -0
- package/dist/types/emails/defaults/StolenCredentials.d.ts +1 -0
- package/dist/types/emails/index.d.ts +21 -1
- package/dist/types/helpers/consent.d.ts +31 -0
- package/dist/types/helpers/control-plane-sync-events.d.ts +67 -0
- package/dist/types/helpers/default-destinations.d.ts +11 -0
- package/dist/types/helpers/outbox-destinations/control-plane-sync.d.ts +35 -0
- package/dist/types/helpers/outbox-destinations/logs.d.ts +2 -0
- package/dist/types/helpers/scopes-permissions.d.ts +1 -1
- package/dist/types/index.d.ts +471 -227
- package/dist/types/routes/auth-api/index.d.ts +117 -7
- package/dist/types/routes/auth-api/passwordless.d.ts +6 -6
- package/dist/types/routes/auth-api/token.d.ts +110 -0
- package/dist/types/routes/auth-api/well-known.d.ts +1 -1
- package/dist/types/routes/management-api/action-executions.d.ts +2 -2
- package/dist/types/routes/management-api/actions.d.ts +4 -4
- package/dist/types/routes/management-api/authentication-methods.d.ts +1 -1
- package/dist/types/routes/management-api/branding.d.ts +9 -9
- package/dist/types/routes/management-api/clients.d.ts +2 -2
- package/dist/types/routes/management-api/connections.d.ts +6 -6
- package/dist/types/routes/management-api/custom-domains.d.ts +8 -8
- package/dist/types/routes/management-api/email-templates.d.ts +88 -31
- package/dist/types/routes/management-api/failed-events.d.ts +1 -1
- package/dist/types/routes/management-api/forms.d.ts +126 -126
- package/dist/types/routes/management-api/grants.d.ts +80 -0
- package/dist/types/routes/management-api/guardian.d.ts +5 -5
- package/dist/types/routes/management-api/index.d.ts +343 -212
- package/dist/types/routes/management-api/logs.d.ts +3 -3
- package/dist/types/routes/management-api/migration-sources.d.ts +6 -6
- package/dist/types/routes/management-api/organizations.d.ts +2 -2
- package/dist/types/routes/management-api/prompts.d.ts +4 -4
- package/dist/types/routes/management-api/proxy-routes.d.ts +1 -0
- package/dist/types/routes/management-api/themes.d.ts +6 -6
- package/dist/types/routes/management-api/users.d.ts +2 -2
- package/dist/types/routes/proxy-control-plane/index.d.ts +34 -1
- package/dist/types/routes/universal-login/common.d.ts +8 -8
- package/dist/types/routes/universal-login/flow-api.d.ts +8 -8
- package/dist/types/routes/universal-login/identifier.d.ts +2 -2
- package/dist/types/routes/universal-login/index.d.ts +2 -2
- package/dist/types/routes/universal-login/screens/consent.d.ts +9 -0
- package/dist/types/routes/universal-login/u2-index.d.ts +6 -6
- package/dist/types/routes/universal-login/u2-routes.d.ts +6 -6
- package/dist/types/state-machines/login-session.d.ts +12 -1
- package/dist/types/types/AuthHeroConfig.d.ts +26 -0
- package/dist/types/types/GrantFlowResult.d.ts +8 -0
- package/dist/types/types/IdToken.d.ts +1 -1
- package/dist/types/utils/jwks.d.ts +2 -2
- package/dist/types/utils/jwt.d.ts +4 -0
- package/package.json +5 -5
|
@@ -24,7 +24,7 @@ export declare const logRoutes: OpenAPIHono<{
|
|
|
24
24
|
};
|
|
25
25
|
};
|
|
26
26
|
output: {
|
|
27
|
-
type: "
|
|
27
|
+
type: "s" | "w" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
|
|
28
28
|
date: string;
|
|
29
29
|
isMobile: boolean;
|
|
30
30
|
log_id: string;
|
|
@@ -63,7 +63,7 @@ export declare const logRoutes: OpenAPIHono<{
|
|
|
63
63
|
limit: number;
|
|
64
64
|
length: number;
|
|
65
65
|
logs: {
|
|
66
|
-
type: "
|
|
66
|
+
type: "s" | "w" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
|
|
67
67
|
date: string;
|
|
68
68
|
isMobile: boolean;
|
|
69
69
|
log_id: string;
|
|
@@ -117,7 +117,7 @@ export declare const logRoutes: OpenAPIHono<{
|
|
|
117
117
|
};
|
|
118
118
|
};
|
|
119
119
|
output: {
|
|
120
|
-
type: "
|
|
120
|
+
type: "s" | "w" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
|
|
121
121
|
date: string;
|
|
122
122
|
isMobile: boolean;
|
|
123
123
|
log_id: string;
|
|
@@ -15,7 +15,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
|
|
|
15
15
|
created_at: string;
|
|
16
16
|
updated_at: string;
|
|
17
17
|
name: string;
|
|
18
|
-
provider: "auth0" | "
|
|
18
|
+
provider: "auth0" | "oidc" | "cognito" | "okta";
|
|
19
19
|
connection: string;
|
|
20
20
|
enabled: boolean;
|
|
21
21
|
credentials: {
|
|
@@ -47,7 +47,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
|
|
|
47
47
|
created_at: string;
|
|
48
48
|
updated_at: string;
|
|
49
49
|
name: string;
|
|
50
|
-
provider: "auth0" | "
|
|
50
|
+
provider: "auth0" | "oidc" | "cognito" | "okta";
|
|
51
51
|
connection: string;
|
|
52
52
|
enabled: boolean;
|
|
53
53
|
credentials: {
|
|
@@ -73,7 +73,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
|
|
|
73
73
|
} & {
|
|
74
74
|
json: {
|
|
75
75
|
name: string;
|
|
76
|
-
provider: "auth0" | "
|
|
76
|
+
provider: "auth0" | "oidc" | "cognito" | "okta";
|
|
77
77
|
connection: string;
|
|
78
78
|
credentials: {
|
|
79
79
|
domain: string;
|
|
@@ -90,7 +90,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
|
|
|
90
90
|
created_at: string;
|
|
91
91
|
updated_at: string;
|
|
92
92
|
name: string;
|
|
93
|
-
provider: "auth0" | "
|
|
93
|
+
provider: "auth0" | "oidc" | "cognito" | "okta";
|
|
94
94
|
connection: string;
|
|
95
95
|
enabled: boolean;
|
|
96
96
|
credentials: {
|
|
@@ -121,7 +121,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
|
|
|
121
121
|
json: {
|
|
122
122
|
id?: string | undefined;
|
|
123
123
|
name?: string | undefined;
|
|
124
|
-
provider?: "auth0" | "
|
|
124
|
+
provider?: "auth0" | "oidc" | "cognito" | "okta" | undefined;
|
|
125
125
|
connection?: string | undefined;
|
|
126
126
|
enabled?: boolean | undefined;
|
|
127
127
|
credentials?: {
|
|
@@ -137,7 +137,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
|
|
|
137
137
|
created_at: string;
|
|
138
138
|
updated_at: string;
|
|
139
139
|
name: string;
|
|
140
|
-
provider: "auth0" | "
|
|
140
|
+
provider: "auth0" | "oidc" | "cognito" | "okta";
|
|
141
141
|
connection: string;
|
|
142
142
|
enabled: boolean;
|
|
143
143
|
credentials: {
|
|
@@ -702,9 +702,9 @@ export declare const organizationRoutes: OpenAPIHono<{
|
|
|
702
702
|
invitee: {
|
|
703
703
|
email?: string | undefined;
|
|
704
704
|
};
|
|
705
|
-
id?: string | undefined;
|
|
706
705
|
app_metadata?: Record<string, any> | undefined;
|
|
707
706
|
user_metadata?: Record<string, any> | undefined;
|
|
707
|
+
id?: string | undefined;
|
|
708
708
|
connection_id?: string | undefined;
|
|
709
709
|
roles?: string[] | undefined;
|
|
710
710
|
ttl_sec?: number | undefined;
|
|
@@ -890,8 +890,8 @@ export declare const organizationRoutes: OpenAPIHono<{
|
|
|
890
890
|
};
|
|
891
891
|
} & {
|
|
892
892
|
json: {
|
|
893
|
-
assign_membership_on_login?: boolean | undefined;
|
|
894
893
|
show_as_button?: boolean | undefined;
|
|
894
|
+
assign_membership_on_login?: boolean | undefined;
|
|
895
895
|
is_signup_enabled?: boolean | undefined;
|
|
896
896
|
};
|
|
897
897
|
};
|
|
@@ -50,7 +50,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
50
50
|
};
|
|
51
51
|
};
|
|
52
52
|
output: {
|
|
53
|
-
prompt: "
|
|
53
|
+
prompt: "mfa" | "organizations" | "status" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
54
54
|
language: string;
|
|
55
55
|
}[];
|
|
56
56
|
outputFormat: "json";
|
|
@@ -88,7 +88,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
88
88
|
$get: {
|
|
89
89
|
input: {
|
|
90
90
|
param: {
|
|
91
|
-
prompt: "
|
|
91
|
+
prompt: "mfa" | "organizations" | "status" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
92
92
|
language: string;
|
|
93
93
|
};
|
|
94
94
|
} & {
|
|
@@ -110,7 +110,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
110
110
|
$put: {
|
|
111
111
|
input: {
|
|
112
112
|
param: {
|
|
113
|
-
prompt: "
|
|
113
|
+
prompt: "mfa" | "organizations" | "status" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
114
114
|
language: string;
|
|
115
115
|
};
|
|
116
116
|
} & {
|
|
@@ -134,7 +134,7 @@ export declare const promptsRoutes: OpenAPIHono<{
|
|
|
134
134
|
$delete: {
|
|
135
135
|
input: {
|
|
136
136
|
param: {
|
|
137
|
-
prompt: "
|
|
137
|
+
prompt: "mfa" | "organizations" | "status" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
|
|
138
138
|
language: string;
|
|
139
139
|
};
|
|
140
140
|
} & {
|
|
@@ -27,7 +27,7 @@ export declare const themesRoutes: OpenAPIHono<{
|
|
|
27
27
|
base_focus_color: string;
|
|
28
28
|
base_hover_color: string;
|
|
29
29
|
body_text: string;
|
|
30
|
-
captcha_widget_theme: "
|
|
30
|
+
captcha_widget_theme: "dark" | "light" | "auto";
|
|
31
31
|
error: string;
|
|
32
32
|
header: string;
|
|
33
33
|
icons: string;
|
|
@@ -78,7 +78,7 @@ export declare const themesRoutes: OpenAPIHono<{
|
|
|
78
78
|
background_color: string;
|
|
79
79
|
background_image_url: string;
|
|
80
80
|
page_layout: "center" | "left" | "right";
|
|
81
|
-
logo_placement?: "
|
|
81
|
+
logo_placement?: "none" | "widget" | "chip" | undefined;
|
|
82
82
|
};
|
|
83
83
|
widget: {
|
|
84
84
|
header_text_alignment: "center" | "left" | "right";
|
|
@@ -117,7 +117,7 @@ export declare const themesRoutes: OpenAPIHono<{
|
|
|
117
117
|
base_focus_color: string;
|
|
118
118
|
base_hover_color: string;
|
|
119
119
|
body_text: string;
|
|
120
|
-
captcha_widget_theme: "
|
|
120
|
+
captcha_widget_theme: "dark" | "light" | "auto";
|
|
121
121
|
error: string;
|
|
122
122
|
header: string;
|
|
123
123
|
icons: string;
|
|
@@ -168,7 +168,7 @@ export declare const themesRoutes: OpenAPIHono<{
|
|
|
168
168
|
background_color: string;
|
|
169
169
|
background_image_url: string;
|
|
170
170
|
page_layout: "center" | "left" | "right";
|
|
171
|
-
logo_placement?: "
|
|
171
|
+
logo_placement?: "none" | "widget" | "chip" | undefined;
|
|
172
172
|
};
|
|
173
173
|
widget: {
|
|
174
174
|
header_text_alignment: "center" | "left" | "right";
|
|
@@ -196,7 +196,7 @@ export declare const themesRoutes: OpenAPIHono<{
|
|
|
196
196
|
base_focus_color: string;
|
|
197
197
|
base_hover_color: string;
|
|
198
198
|
body_text: string;
|
|
199
|
-
captcha_widget_theme: "
|
|
199
|
+
captcha_widget_theme: "dark" | "light" | "auto";
|
|
200
200
|
error: string;
|
|
201
201
|
header: string;
|
|
202
202
|
icons: string;
|
|
@@ -247,7 +247,7 @@ export declare const themesRoutes: OpenAPIHono<{
|
|
|
247
247
|
background_color: string;
|
|
248
248
|
background_image_url: string;
|
|
249
249
|
page_layout: "center" | "left" | "right";
|
|
250
|
-
logo_placement?: "
|
|
250
|
+
logo_placement?: "none" | "widget" | "chip" | undefined;
|
|
251
251
|
};
|
|
252
252
|
widget: {
|
|
253
253
|
header_text_alignment: "center" | "left" | "right";
|
|
@@ -737,7 +737,7 @@ export declare const userRoutes: OpenAPIHono<{
|
|
|
737
737
|
};
|
|
738
738
|
};
|
|
739
739
|
output: {
|
|
740
|
-
type: "
|
|
740
|
+
type: "s" | "w" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
|
|
741
741
|
date: string;
|
|
742
742
|
isMobile: boolean;
|
|
743
743
|
log_id: string;
|
|
@@ -776,7 +776,7 @@ export declare const userRoutes: OpenAPIHono<{
|
|
|
776
776
|
limit: number;
|
|
777
777
|
length: number;
|
|
778
778
|
logs: {
|
|
779
|
-
type: "
|
|
779
|
+
type: "s" | "w" | "fn" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
|
|
780
780
|
date: string;
|
|
781
781
|
isMobile: boolean;
|
|
782
782
|
log_id: string;
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import { Hono } from "hono";
|
|
2
2
|
import type { ResolvedHost } from "@authhero/proxy";
|
|
3
|
+
import { CustomDomain, CustomDomainsAdapter, ProxyRoute, ProxyRoutesAdapter } from "@authhero/adapter-interfaces";
|
|
4
|
+
import { SyncEvent } from "../../helpers/control-plane-sync-events";
|
|
3
5
|
export interface ProxyControlPlaneOptions {
|
|
4
6
|
/**
|
|
5
7
|
* Cross-tenant host resolver. Typically delegated to a database adapter's
|
|
@@ -14,9 +16,40 @@ export interface ProxyControlPlaneOptions {
|
|
|
14
16
|
* scope, …).
|
|
15
17
|
*/
|
|
16
18
|
authenticate: (request: Request) => Promise<boolean> | boolean;
|
|
19
|
+
/**
|
|
20
|
+
* Optional handler for `POST /sync` — receives `controlplane.sync.*` events
|
|
21
|
+
* emitted by tenant shards via `ControlPlaneSyncDestination` and replicates
|
|
22
|
+
* the mutation into the control-plane data store. When omitted, the
|
|
23
|
+
* `/sync` route is not mounted (control-plane is read-only).
|
|
24
|
+
*
|
|
25
|
+
* Implementations MUST be idempotent: the outbox retries on transient
|
|
26
|
+
* failures even after the receiver applied the change.
|
|
27
|
+
* `createDefaultApplySyncEvents` wires this to a local data adapter with
|
|
28
|
+
* idempotent semantics.
|
|
29
|
+
*/
|
|
30
|
+
applySyncEvents?: (events: SyncEvent[]) => Promise<void>;
|
|
17
31
|
}
|
|
18
32
|
/**
|
|
19
33
|
* Returns a Hono app exposing the privileged proxy control-plane endpoint
|
|
20
|
-
* `GET /hosts/:host`.
|
|
34
|
+
* `GET /hosts/:host`. When `applySyncEvents` is provided, also exposes
|
|
35
|
+
* `POST /sync` for tenant shards to replicate custom_domains / proxy_routes
|
|
36
|
+
* mutations. Mount under `/api/v2/proxy/control-plane`.
|
|
21
37
|
*/
|
|
22
38
|
export declare function createProxyControlPlaneApp(options: ProxyControlPlaneOptions): Hono;
|
|
39
|
+
export interface CreateApplySyncEventsOptions {
|
|
40
|
+
customDomains: CustomDomainsAdapter;
|
|
41
|
+
proxyRoutes?: ProxyRoutesAdapter;
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Build an idempotent `applySyncEvents` implementation backed by a local
|
|
45
|
+
* `CustomDomainsAdapter` / `ProxyRoutesAdapter`. Handles the three retry
|
|
46
|
+
* shapes the outbox can produce:
|
|
47
|
+
*
|
|
48
|
+
* - duplicate `created` (retry after the previous succeeded but
|
|
49
|
+
* `markProcessed` failed) — falls back to `update`.
|
|
50
|
+
* - `updated` for a row that doesn't exist locally yet (a `created`
|
|
51
|
+
* delivery is still in flight or lost) — falls back to `create`.
|
|
52
|
+
* - `deleted` for a row that's already gone — no-op success.
|
|
53
|
+
*/
|
|
54
|
+
export declare function createApplySyncEvents(options: CreateApplySyncEventsOptions): (events: SyncEvent[]) => Promise<void>;
|
|
55
|
+
export type { CustomDomain, ProxyRoute };
|
|
@@ -21,7 +21,7 @@ export declare function initJSXRoute(ctx: Context<{
|
|
|
21
21
|
base_focus_color: string;
|
|
22
22
|
base_hover_color: string;
|
|
23
23
|
body_text: string;
|
|
24
|
-
captcha_widget_theme: "
|
|
24
|
+
captcha_widget_theme: "dark" | "light" | "auto";
|
|
25
25
|
error: string;
|
|
26
26
|
header: string;
|
|
27
27
|
icons: string;
|
|
@@ -72,7 +72,7 @@ export declare function initJSXRoute(ctx: Context<{
|
|
|
72
72
|
background_color: string;
|
|
73
73
|
background_image_url: string;
|
|
74
74
|
page_layout: "center" | "left" | "right";
|
|
75
|
-
logo_placement?: "
|
|
75
|
+
logo_placement?: "none" | "widget" | "chip" | undefined;
|
|
76
76
|
};
|
|
77
77
|
widget: {
|
|
78
78
|
header_text_alignment: "center" | "left" | "right";
|
|
@@ -99,7 +99,7 @@ export declare function initJSXRoute(ctx: Context<{
|
|
|
99
99
|
font?: {
|
|
100
100
|
url: string;
|
|
101
101
|
} | undefined;
|
|
102
|
-
dark_mode?: "
|
|
102
|
+
dark_mode?: "dark" | "light" | "auto" | undefined;
|
|
103
103
|
} | null;
|
|
104
104
|
client: {
|
|
105
105
|
created_at: string;
|
|
@@ -394,7 +394,7 @@ export declare function initJSXRoute(ctx: Context<{
|
|
|
394
394
|
} | undefined;
|
|
395
395
|
} | undefined;
|
|
396
396
|
passkey_options?: {
|
|
397
|
-
challenge_ui?: "
|
|
397
|
+
challenge_ui?: "both" | "autofill" | "button" | undefined;
|
|
398
398
|
local_enrollment_enabled?: boolean | undefined;
|
|
399
399
|
progressive_enrollment_enabled?: boolean | undefined;
|
|
400
400
|
} | undefined;
|
|
@@ -722,7 +722,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
|
|
|
722
722
|
base_focus_color: string;
|
|
723
723
|
base_hover_color: string;
|
|
724
724
|
body_text: string;
|
|
725
|
-
captcha_widget_theme: "
|
|
725
|
+
captcha_widget_theme: "dark" | "light" | "auto";
|
|
726
726
|
error: string;
|
|
727
727
|
header: string;
|
|
728
728
|
icons: string;
|
|
@@ -773,7 +773,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
|
|
|
773
773
|
background_color: string;
|
|
774
774
|
background_image_url: string;
|
|
775
775
|
page_layout: "center" | "left" | "right";
|
|
776
|
-
logo_placement?: "
|
|
776
|
+
logo_placement?: "none" | "widget" | "chip" | undefined;
|
|
777
777
|
};
|
|
778
778
|
widget: {
|
|
779
779
|
header_text_alignment: "center" | "left" | "right";
|
|
@@ -800,7 +800,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
|
|
|
800
800
|
font?: {
|
|
801
801
|
url: string;
|
|
802
802
|
} | undefined;
|
|
803
|
-
dark_mode?: "
|
|
803
|
+
dark_mode?: "dark" | "light" | "auto" | undefined;
|
|
804
804
|
} | null;
|
|
805
805
|
client: {
|
|
806
806
|
created_at: string;
|
|
@@ -1095,7 +1095,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
|
|
|
1095
1095
|
} | undefined;
|
|
1096
1096
|
} | undefined;
|
|
1097
1097
|
passkey_options?: {
|
|
1098
|
-
challenge_ui?: "
|
|
1098
|
+
challenge_ui?: "both" | "autofill" | "button" | undefined;
|
|
1099
1099
|
local_enrollment_enabled?: boolean | undefined;
|
|
1100
1100
|
progressive_enrollment_enabled?: boolean | undefined;
|
|
1101
1101
|
} | undefined;
|
|
@@ -43,7 +43,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
43
43
|
hint?: string | undefined;
|
|
44
44
|
messages?: {
|
|
45
45
|
text: string;
|
|
46
|
-
type: "
|
|
46
|
+
type: "success" | "error" | "info" | "warning";
|
|
47
47
|
id?: number | undefined;
|
|
48
48
|
}[] | undefined;
|
|
49
49
|
}[];
|
|
@@ -51,7 +51,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
51
51
|
description?: string | undefined;
|
|
52
52
|
messages?: {
|
|
53
53
|
text: string;
|
|
54
|
-
type: "
|
|
54
|
+
type: "success" | "error" | "info" | "warning";
|
|
55
55
|
id?: number | undefined;
|
|
56
56
|
}[] | undefined;
|
|
57
57
|
links?: {
|
|
@@ -123,7 +123,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
123
123
|
hint?: string | undefined;
|
|
124
124
|
messages?: {
|
|
125
125
|
text: string;
|
|
126
|
-
type: "
|
|
126
|
+
type: "success" | "error" | "info" | "warning";
|
|
127
127
|
id?: number | undefined;
|
|
128
128
|
}[] | undefined;
|
|
129
129
|
}[];
|
|
@@ -131,7 +131,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
131
131
|
description?: string | undefined;
|
|
132
132
|
messages?: {
|
|
133
133
|
text: string;
|
|
134
|
-
type: "
|
|
134
|
+
type: "success" | "error" | "info" | "warning";
|
|
135
135
|
id?: number | undefined;
|
|
136
136
|
}[] | undefined;
|
|
137
137
|
links?: {
|
|
@@ -220,7 +220,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
220
220
|
hint?: string | undefined;
|
|
221
221
|
messages?: {
|
|
222
222
|
text: string;
|
|
223
|
-
type: "
|
|
223
|
+
type: "success" | "error" | "info" | "warning";
|
|
224
224
|
id?: number | undefined;
|
|
225
225
|
}[] | undefined;
|
|
226
226
|
}[];
|
|
@@ -228,7 +228,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
228
228
|
description?: string | undefined;
|
|
229
229
|
messages?: {
|
|
230
230
|
text: string;
|
|
231
|
-
type: "
|
|
231
|
+
type: "success" | "error" | "info" | "warning";
|
|
232
232
|
id?: number | undefined;
|
|
233
233
|
}[] | undefined;
|
|
234
234
|
links?: {
|
|
@@ -335,7 +335,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
335
335
|
hint?: string | undefined;
|
|
336
336
|
messages?: {
|
|
337
337
|
text: string;
|
|
338
|
-
type: "
|
|
338
|
+
type: "success" | "error" | "info" | "warning";
|
|
339
339
|
id?: number | undefined;
|
|
340
340
|
}[] | undefined;
|
|
341
341
|
}[];
|
|
@@ -343,7 +343,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
|
|
|
343
343
|
description?: string | undefined;
|
|
344
344
|
messages?: {
|
|
345
345
|
text: string;
|
|
346
|
-
type: "
|
|
346
|
+
type: "success" | "error" | "info" | "warning";
|
|
347
347
|
id?: number | undefined;
|
|
348
348
|
}[] | undefined;
|
|
349
349
|
links?: {
|
|
@@ -30,7 +30,7 @@ export declare const identifierRoutes: OpenAPIHono<{
|
|
|
30
30
|
} & {
|
|
31
31
|
form: {
|
|
32
32
|
username: string;
|
|
33
|
-
login_selection?: "
|
|
33
|
+
login_selection?: "code" | "password" | undefined;
|
|
34
34
|
};
|
|
35
35
|
};
|
|
36
36
|
output: {};
|
|
@@ -44,7 +44,7 @@ export declare const identifierRoutes: OpenAPIHono<{
|
|
|
44
44
|
} & {
|
|
45
45
|
form: {
|
|
46
46
|
username: string;
|
|
47
|
-
login_selection?: "
|
|
47
|
+
login_selection?: "code" | "password" | undefined;
|
|
48
48
|
};
|
|
49
49
|
};
|
|
50
50
|
output: {};
|
|
@@ -515,7 +515,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
515
515
|
} & {
|
|
516
516
|
form: {
|
|
517
517
|
username: string;
|
|
518
|
-
login_selection?: "
|
|
518
|
+
login_selection?: "code" | "password" | undefined;
|
|
519
519
|
};
|
|
520
520
|
};
|
|
521
521
|
output: {};
|
|
@@ -529,7 +529,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
529
529
|
} & {
|
|
530
530
|
form: {
|
|
531
531
|
username: string;
|
|
532
|
-
login_selection?: "
|
|
532
|
+
login_selection?: "code" | "password" | undefined;
|
|
533
533
|
};
|
|
534
534
|
};
|
|
535
535
|
output: {};
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OAuth Consent screen — shown for third-party clients when they request
|
|
3
|
+
* non-basic scopes the user has not previously consented to.
|
|
4
|
+
*
|
|
5
|
+
* Corresponds to: /u2/consent
|
|
6
|
+
*/
|
|
7
|
+
import type { ScreenContext, ScreenResult, ScreenDefinition } from "./types";
|
|
8
|
+
export declare function consentScreen(context: ScreenContext): Promise<ScreenResult>;
|
|
9
|
+
export declare const consentScreenDefinition: ScreenDefinition;
|