authhero 5.19.0 → 5.21.0

package/dist/types/authentication-flows/common.d.ts

@@ -39,6 +39,14 @@ export interface CreateAuthTokensParams {
     permissions?: string[];
     grantType?: GrantType;
     impersonatingUser?: User;
+    /**
+     * RFC 8693 §4.1 — when the token was minted via a delegated flow (e.g.
+     * token-exchange) where the *acting party* is a client rather than a user,
+     * pass its client_id here so the `act` claim records the actor.
+     */
+    actClient?: {
+        client_id: string;
+    };
     auth_time?: number;
     /** Custom claims to add to the access token payload (cannot override reserved claims) */
     customClaims?: Record<string, unknown>;

package/dist/types/authentication-flows/passwordless.d.ts

@@ -233,6 +233,15 @@ export declare function passwordlessGrantUser(ctx: Context<{
             } | null | undefined;
             pushed_authorization_requests_supported?: boolean | undefined;
             authorization_response_iss_parameter_supported?: boolean | undefined;
+            deployment_type?: "shared" | "wfp" | undefined;
+            provisioning_state?: "pending" | "ready" | "failed" | undefined;
+            provisioning_error?: string | undefined;
+            provisioning_state_changed_at?: string | undefined;
+            bundle_configuration?: string | undefined;
+            worker_version?: string | undefined;
+            worker_script_name?: string | undefined;
+            storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
+            d1_database_id?: string | undefined;
             attack_protection?: {
                 breached_password_detection?: {
                     enabled?: boolean | undefined;
@@ -448,7 +457,7 @@ export declare function passwordlessGrantUser(ctx: Context<{
         custom_login_page_preview?: string | undefined;
         form_template?: string | undefined;
         addons?: Record<string, any> | undefined;
-        token_endpoint_auth_method?: "none" | "private_key_jwt" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | undefined;
+        token_endpoint_auth_method?: "client_secret_post" | "client_secret_basic" | "none" | "client_secret_jwt" | "private_key_jwt" | undefined;
         client_metadata?: Record<string, string> | undefined;
         hide_sign_up_disabled_error?: boolean | undefined;
         mobile?: Record<string, any> | undefined;
@@ -531,8 +540,8 @@ export declare function passwordlessGrantUser(ctx: Context<{
         } | undefined;
         authenticated_at?: string | undefined;
     };
-    connectionType: "username" | "sms" | "email";
-    authConnection: "username" | "sms" | "email";
+    connectionType: "sms" | "email" | "username";
+    authConnection: "sms" | "email" | "username";
     session_id: string | undefined;
     authParams: {
         client_id: string;

package/dist/types/authentication-flows/token-exchange.d.ts

@@ -0,0 +1,19 @@
+import { Context } from "hono";
+import { z } from "@hono/zod-openapi";
+import { Bindings, Variables, GrantFlowUserResult } from "../types";
+export declare const TOKEN_EXCHANGE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange";
+export declare const tokenExchangeParamsSchema: z.ZodObject<{
+    grant_type: z.ZodLiteral<"urn:ietf:params:oauth:grant-type:token-exchange">;
+    client_id: z.ZodString;
+    client_secret: z.ZodOptional<z.ZodString>;
+    subject_token: z.ZodString;
+    subject_token_type: z.ZodLiteral<"urn:ietf:params:oauth:token-type:access_token">;
+    organization: z.ZodString;
+    audience: z.ZodOptional<z.ZodString>;
+    scope: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type TokenExchangeParams = z.infer<typeof tokenExchangeParamsSchema>;
+export declare function tokenExchangeGrant(ctx: Context<{
+    Bindings: Bindings;
+    Variables: Variables;
+}>, params: TokenExchangeParams): Promise<GrantFlowUserResult>;

package/dist/types/emails/defaults/BlockedAccount.d.ts

@@ -0,0 +1 @@
+export declare function BlockedAccount(): import("react").JSX.Element;

package/dist/types/emails/defaults/ChangePassword.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Legacy Auth0 template name. Same shape as `reset_email` — kept for
+ * Auth0-import compatibility. authhero never sends this; the active path is
+ * `reset_email` / `reset_email_by_code`.
+ */
+export declare function ChangePassword(): import("react").JSX.Element;

package/dist/types/emails/defaults/EnrollmentEmail.d.ts

@@ -0,0 +1 @@
+export declare function EnrollmentEmail(): import("react").JSX.Element;

package/dist/types/emails/defaults/MfaOobCode.d.ts

@@ -0,0 +1 @@
+export declare function MfaOobCode(): import("react").JSX.Element;

package/dist/types/emails/defaults/PasswordReset.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Legacy Auth0 template name. Notification that a password was changed (no
+ * call-to-action). Kept for Auth0-import compatibility.
+ */
+export declare function PasswordReset(): import("react").JSX.Element;

package/dist/types/emails/defaults/StolenCredentials.d.ts

@@ -0,0 +1 @@
+export declare function StolenCredentials(): import("react").JSX.Element;

package/dist/types/emails/index.d.ts

@@ -1,6 +1,6 @@
 import { Context } from "hono";
 import { Bindings, Variables } from "../types";
-import { AuthParams, User } from "@authhero/adapter-interfaces";
+import { AuthParams, EmailTemplateName, User } from "@authhero/adapter-interfaces";
 export type SendEmailParams = {
     to: string;
     subject: string;
@@ -68,3 +68,23 @@ export declare function sendInvitation(ctx: Context<{
     Bindings: Bindings;
     Variables: Variables;
 }>, { to, invitationUrl, inviterName, organizationName, ttlSec, language, }: SendInvitationParams): Promise<void>;
+export interface SendTestEmailParams {
+    to: string;
+    templateName: EmailTemplateName;
+    /** Optional override for the body — defaults to stored override or bundled default. */
+    body?: string;
+    /** Optional override for the subject — defaults to stored override or bundled default. */
+    subject?: string;
+    /** Optional override for the from address. */
+    from?: string;
+    language?: string;
+}
+/**
+ * Send a test email using the provided body/subject (or the stored / bundled
+ * default), with realistic-looking sample data. Used by the admin UI's
+ * "Send test" button so customizations can be validated before saving.
+ */
+export declare function sendTestEmail(ctx: Context<{
+    Bindings: Bindings;
+    Variables: Variables;
+}>, params: SendTestEmailParams): Promise<void>;

package/dist/types/helpers/client.d.ts

@@ -242,6 +242,26 @@ export declare const enrichedClientSchema: z.ZodObject<{
         }, z.core.$strip>>>;
         pushed_authorization_requests_supported: z.ZodOptional<z.ZodBoolean>;
         authorization_response_iss_parameter_supported: z.ZodOptional<z.ZodBoolean>;
+        deployment_type: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
+            shared: "shared";
+            wfp: "wfp";
+        }>>>;
+        provisioning_state: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
+            pending: "pending";
+            ready: "ready";
+            failed: "failed";
+        }>>>;
+        provisioning_error: z.ZodOptional<z.ZodString>;
+        provisioning_state_changed_at: z.ZodOptional<z.ZodString>;
+        bundle_configuration: z.ZodOptional<z.ZodString>;
+        worker_version: z.ZodOptional<z.ZodString>;
+        worker_script_name: z.ZodOptional<z.ZodString>;
+        storage_kind: z.ZodOptional<z.ZodEnum<{
+            own_d1: "own_d1";
+            existing_d1: "existing_d1";
+            shared_planetscale: "shared_planetscale";
+        }>>;
+        d1_database_id: z.ZodOptional<z.ZodString>;
         attack_protection: z.ZodOptional<z.ZodObject<{
             breached_password_detection: z.ZodOptional<z.ZodObject<{
                 enabled: z.ZodOptional<z.ZodBoolean>;

package/dist/types/helpers/dcr/metadata-mapping.d.ts

@@ -23,11 +23,11 @@ export declare const dcrRequestSchema: z.ZodObject<{
     grant_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
     response_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
     token_endpoint_auth_method: z.ZodOptional<z.ZodEnum<{
-        none: "none";
-        private_key_jwt: "private_key_jwt";
         client_secret_post: "client_secret_post";
         client_secret_basic: "client_secret_basic";
+        none: "none";
         client_secret_jwt: "client_secret_jwt";
+        private_key_jwt: "private_key_jwt";
     }>>;
     jwks_uri: z.ZodOptional<z.ZodString>;
     jwks: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;

package/dist/types/helpers/scopes-permissions.d.ts

@@ -13,7 +13,7 @@ interface ClientCredentialsScopesAndPermissionsParams extends BaseScopesAndPermi
     userId?: never;
 }
 interface UserBasedScopesAndPermissionsParams extends BaseScopesAndPermissionsParams {
-    grantType?: GrantType.AuthorizationCode | GrantType.RefreshToken | GrantType.Password | GrantType.Passwordless | GrantType.OTP | undefined;
+    grantType?: GrantType.AuthorizationCode | GrantType.RefreshToken | GrantType.Password | GrantType.Passwordless | GrantType.OTP | GrantType.TokenExchange | undefined;
     userId: string;
 }
 export type CalculateScopesAndPermissionsParams = ClientCredentialsScopesAndPermissionsParams | UserBasedScopesAndPermissionsParams;