npm - authhero - Versions diffs - 5.18.0 → 5.20.0 - Mend

authhero 5.18.0 → 5.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

package/dist/types/routes/universal-login/u2-index.d.ts CHANGED Viewed

@@ -165,7 +165,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         $get: {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -181,7 +181,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -197,7 +197,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -217,7 +217,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         $post: {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -235,7 +235,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -253,7 +253,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {

package/dist/types/routes/universal-login/u2-routes.d.ts CHANGED Viewed

@@ -170,7 +170,7 @@ export declare const u2Routes: OpenAPIHono<{
         $get: {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -186,7 +186,7 @@ export declare const u2Routes: OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -202,7 +202,7 @@ export declare const u2Routes: OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -222,7 +222,7 @@ export declare const u2Routes: OpenAPIHono<{
         $post: {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -240,7 +240,7 @@ export declare const u2Routes: OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -258,7 +258,7 @@ export declare const u2Routes: OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "consent" | "login" | "reset-password" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {

package/dist/types/state-machines/login-session.d.ts CHANGED Viewed

@@ -22,6 +22,8 @@ export declare enum LoginSessionEventType {
     REQUIRE_EMAIL_VERIFICATION = "REQUIRE_EMAIL_VERIFICATION",
     REQUIRE_MFA = "REQUIRE_MFA",
     COMPLETE_MFA = "COMPLETE_MFA",
+    REQUIRE_CONSENT = "REQUIRE_CONSENT",
+    COMPLETE_CONSENT = "COMPLETE_CONSENT",
     START_HOOK = "START_HOOK",
     COMPLETE_HOOK = "COMPLETE_HOOK",
     START_CONTINUATION = "START_CONTINUATION",
@@ -42,6 +44,10 @@ export type LoginSessionEvent = {
     type: LoginSessionEventType.REQUIRE_MFA;
 } | {
     type: LoginSessionEventType.COMPLETE_MFA;
+} | {
+    type: LoginSessionEventType.REQUIRE_CONSENT;
+} | {
+    type: LoginSessionEventType.COMPLETE_CONSENT;
 } | {
     type: LoginSessionEventType.START_HOOK;
     hookId?: string;
@@ -95,6 +101,10 @@ export declare const loginSessionMachine: import("xstate").StateMachine<LoginSes
     type: LoginSessionEventType.REQUIRE_MFA;
 } | {
     type: LoginSessionEventType.COMPLETE_MFA;
+} | {
+    type: LoginSessionEventType.REQUIRE_CONSENT;
+} | {
+    type: LoginSessionEventType.COMPLETE_CONSENT;
 } | {
     type: LoginSessionEventType.START_HOOK;
     hookId?: string;
@@ -130,13 +140,14 @@ export declare const loginSessionMachine: import("xstate").StateMachine<LoginSes
 } | {
     type: "setFailureReason";
     params: import("xstate").NonReducibleUnknown;
-}, never, never, "pending" | "failed" | "authenticated" | "expired" | "awaiting_email_verification" | "awaiting_mfa" | "awaiting_hook" | "awaiting_continuation" | "completed", string, import("xstate").NonReducibleUnknown, import("xstate").NonReducibleUnknown, import("xstate").EventObject, import("xstate").MetaObject, {
+}, never, never, "pending" | "failed" | "authenticated" | "expired" | "awaiting_email_verification" | "awaiting_mfa" | "awaiting_consent" | "awaiting_hook" | "awaiting_continuation" | "completed", string, import("xstate").NonReducibleUnknown, import("xstate").NonReducibleUnknown, import("xstate").EventObject, import("xstate").MetaObject, {
     id: "loginSession";
     states: {
         readonly pending: {};
         readonly authenticated: {};
         readonly awaiting_email_verification: {};
         readonly awaiting_mfa: {};
+        readonly awaiting_consent: {};
         readonly awaiting_hook: {};
         readonly awaiting_continuation: {};
         readonly completed: {};

package/dist/types/types/AuthHeroConfig.d.ts CHANGED Viewed

@@ -290,6 +290,32 @@ export interface AuthHeroConfig {
     proxyControlPlane?: {
         resolveHost: (host: string) => Promise<import("@authhero/proxy").ResolvedHost | null>;
         authenticate: (request: Request) => Promise<boolean> | boolean;
+        /**
+         * Optional receiver for `POST /sync` events emitted by tenant shards via
+         * the `ControlPlaneSyncDestination`. Mount on the control-plane authhero
+         * instance only. Implementations MUST be idempotent — the outbox retries
+         * on transient failures. Use `createApplySyncEvents({ customDomains,
+         * proxyRoutes })` (exported from `authhero`) for the default
+         * adapter-backed implementation.
+         */
+        applySyncEvents?: (events: import("../helpers/control-plane-sync-events").SyncEvent[]) => Promise<void>;
+    };
+    /**
+     * Optional outbox-driven replication of `custom_domains` and `proxy_routes`
+     * mutations to a global proxy control plane. When set, every successful
+     * write on this tenant shard enqueues a `controlplane.sync.*` outbox event;
+     * the `ControlPlaneSyncDestination` POSTs each event to
+     * `${baseUrl}/api/v2/proxy/control-plane/sync`. Requires the outbox to be
+     * enabled (`outbox: { enabled: true }`).
+     *
+     * Leave unset for single-DB deployments — the proxy reads the same database
+     * the management API writes to, so replication is unnecessary.
+     */
+    controlPlaneSync?: {
+        /** Base URL of the control-plane authhero instance. */
+        baseUrl: string;
+        /** Per-request timeout for the sync POST (default: 10_000ms). */
+        timeoutMs?: number;
     };
     /**
      * Optional powered-by logo to display at the bottom left of the login widget.

package/dist/types/types/GrantFlowResult.d.ts CHANGED Viewed

@@ -13,6 +13,14 @@ export interface GrantFlowResult {
         name: string;
     };
     impersonatingUser?: User;
+    /**
+     * RFC 8693 §4.1 — client acting on behalf of the user via a delegated flow
+     * (e.g. token-exchange). Carries through to the access token's `act` claim
+     * as `{ sub: client_id, client_id }`.
+     */
+    actClient?: {
+        client_id: string;
+    };
     auth_time?: number;
     /** The connection name used for authentication (e.g., "email", "google-oauth2") */
     authConnection?: string;

package/dist/types/types/IdToken.d.ts CHANGED Viewed

@@ -18,12 +18,12 @@ export declare const idTokenSchema: z.ZodObject<{
     c_hash: z.ZodOptional<z.ZodString>;
 }, z.core.$loose>;
 export declare const userInfoSchema: z.ZodObject<{
-    sub: z.ZodString;
     name: z.ZodOptional<z.ZodString>;
     email: z.ZodOptional<z.ZodString>;
     given_name: z.ZodOptional<z.ZodString>;
     family_name: z.ZodOptional<z.ZodString>;
     iss: z.ZodString;
+    sub: z.ZodString;
     aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
     exp: z.ZodNumber;
 }, z.core.$loose>;

package/dist/types/utils/jwks.d.ts CHANGED Viewed

@@ -10,7 +10,7 @@ import { SigningKeyModeOption } from "../types/AuthHeroConfig";
 export declare function getJwksFromDatabase(data: DataAdapters): Promise<{
     alg: "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512";
     kid: string;
-    kty: "EC" | "RSA" | "oct";
+    kty: "RSA" | "EC" | "oct";
     use?: "sig" | "enc" | undefined;
     n?: string | undefined;
     e?: string | undefined;
@@ -29,7 +29,7 @@ export declare function getJwksFromDatabase(data: DataAdapters): Promise<{
 export declare function getJwksForPublication(data: DataAdapters, tenantId: string, modeOption: SigningKeyModeOption | undefined): Promise<{
     alg: "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512";
     kid: string;
-    kty: "EC" | "RSA" | "oct";
+    kty: "RSA" | "EC" | "oct";
     use?: "sig" | "enc" | undefined;
     n?: string | undefined;
     e?: string | undefined;

package/dist/types/utils/jwt.d.ts CHANGED Viewed

@@ -11,5 +11,9 @@ export interface JwtPayload {
     tenant_id?: string;
     org_id?: string;
     org_name?: string;
+    act?: {
+        sub: string;
+        client_id?: string;
+    };
 }
 export declare function validateJwtToken(ctx: Context, token: string): Promise<JwtPayload>;

package/package.json CHANGED Viewed

@@ -11,7 +11,7 @@
     "type": "git",
     "url": "https://github.com/markusahlstrand/authhero"
   },
-  "version": "5.18.0",
+  "version": "5.20.0",
   "files": [
     "dist"
   ],
@@ -62,8 +62,8 @@
     "vite": "^8.0.14",
     "vite-plugin-dts": "^4.5.4",
     "vitest": "^4.1.7",
-    "@authhero/kysely-adapter": "11.5.4",
-    "@authhero/widget": "0.32.34"
+    "@authhero/kysely-adapter": "11.7.0",
+    "@authhero/widget": "0.32.36"
   },
   "dependencies": {
     "@peculiar/x509": "^1.14.0",
@@ -81,8 +81,8 @@
     "qrcode": "^1.5.4",
     "sanitize-html": "^2.17.4",
     "xstate": "^5.31.1",
-    "@authhero/adapter-interfaces": "2.10.0",
-    "@authhero/proxy": "0.4.0",
+    "@authhero/adapter-interfaces": "2.12.0",
+    "@authhero/proxy": "0.4.2",
     "@authhero/saml": "0.4.1"
   },
   "peerDependencies": {