authhero 5.21.1 → 7.0.0

package/dist/types/routes/management-api/logs.d.ts

@@ -24,7 +24,7 @@ export declare const logRoutes: OpenAPIHono<{
                 };
             };
             output: {
-                type: "s" | "w" | "i" | "fn" | "f" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
+                type: "fn" | "i" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
                 date: string;
                 isMobile: boolean;
                 log_id: string;
@@ -63,7 +63,7 @@ export declare const logRoutes: OpenAPIHono<{
                 limit: number;
                 length: number;
                 logs: {
-                    type: "s" | "w" | "i" | "fn" | "f" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
+                    type: "fn" | "i" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
                     date: string;
                     isMobile: boolean;
                     log_id: string;
@@ -117,7 +117,7 @@ export declare const logRoutes: OpenAPIHono<{
                 };
             };
             output: {
-                type: "s" | "w" | "i" | "fn" | "f" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
+                type: "fn" | "i" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
                 date: string;
                 isMobile: boolean;
                 log_id: string;

package/dist/types/routes/management-api/migration-sources.d.ts

@@ -15,7 +15,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
                 created_at: string;
                 updated_at: string;
                 name: string;
-                provider: "auth0" | "oidc" | "cognito" | "okta";
+                provider: "auth0" | "cognito" | "okta" | "oidc";
                 connection: string;
                 enabled: boolean;
                 credentials: {
@@ -47,7 +47,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
                 created_at: string;
                 updated_at: string;
                 name: string;
-                provider: "auth0" | "oidc" | "cognito" | "okta";
+                provider: "auth0" | "cognito" | "okta" | "oidc";
                 connection: string;
                 enabled: boolean;
                 credentials: {
@@ -73,7 +73,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
             } & {
                 json: {
                     name: string;
-                    provider: "auth0" | "oidc" | "cognito" | "okta";
+                    provider: "auth0" | "cognito" | "okta" | "oidc";
                     connection: string;
                     credentials: {
                         domain: string;
@@ -90,7 +90,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
                 created_at: string;
                 updated_at: string;
                 name: string;
-                provider: "auth0" | "oidc" | "cognito" | "okta";
+                provider: "auth0" | "cognito" | "okta" | "oidc";
                 connection: string;
                 enabled: boolean;
                 credentials: {
@@ -121,7 +121,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
                 json: {
                     id?: string | undefined;
                     name?: string | undefined;
-                    provider?: "auth0" | "oidc" | "cognito" | "okta" | undefined;
+                    provider?: "auth0" | "cognito" | "okta" | "oidc" | undefined;
                     connection?: string | undefined;
                     enabled?: boolean | undefined;
                     credentials?: {
@@ -137,7 +137,7 @@ export declare const migrationSourcesRoutes: OpenAPIHono<{
                 created_at: string;
                 updated_at: string;
                 name: string;
-                provider: "auth0" | "oidc" | "cognito" | "okta";
+                provider: "auth0" | "cognito" | "okta" | "oidc";
                 connection: string;
                 enabled: boolean;
                 credentials: {

package/dist/types/routes/management-api/organizations.d.ts

@@ -702,10 +702,10 @@ export declare const organizationRoutes: OpenAPIHono<{
                     invitee: {
                         email?: string | undefined;
                     };
-                    connection_id?: string | undefined;
                     id?: string | undefined;
                     app_metadata?: Record<string, any> | undefined;
                     user_metadata?: Record<string, any> | undefined;
+                    connection_id?: string | undefined;
                     roles?: string[] | undefined;
                     ttl_sec?: number | undefined;
                     send_invitation_email?: boolean | undefined;
@@ -755,7 +755,7 @@ export declare const organizationRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 204;
         } | {
             input: {
                 param: {
@@ -769,7 +769,7 @@ export declare const organizationRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 204;
+            status: 404;
         };
     };
 } & {

package/dist/types/routes/management-api/prompts.d.ts

@@ -50,7 +50,7 @@ export declare const promptsRoutes: OpenAPIHono<{
                 };
             };
             output: {
-                prompt: "mfa" | "organizations" | "status" | "signup" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
+                prompt: "signup" | "status" | "mfa" | "organizations" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
                 language: string;
             }[];
             outputFormat: "json";
@@ -88,7 +88,7 @@ export declare const promptsRoutes: OpenAPIHono<{
         $get: {
             input: {
                 param: {
-                    prompt: "mfa" | "organizations" | "status" | "signup" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
+                    prompt: "signup" | "status" | "mfa" | "organizations" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
                     language: string;
                 };
             } & {
@@ -110,7 +110,7 @@ export declare const promptsRoutes: OpenAPIHono<{
         $put: {
             input: {
                 param: {
-                    prompt: "mfa" | "organizations" | "status" | "signup" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
+                    prompt: "signup" | "status" | "mfa" | "organizations" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
                     language: string;
                 };
             } & {
@@ -134,7 +134,7 @@ export declare const promptsRoutes: OpenAPIHono<{
         $delete: {
             input: {
                 param: {
-                    prompt: "mfa" | "organizations" | "status" | "signup" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
+                    prompt: "signup" | "status" | "mfa" | "organizations" | "login" | "login-id" | "login-password" | "signup-id" | "signup-password" | "reset-password" | "consent" | "mfa-push" | "mfa-otp" | "mfa-voice" | "mfa-phone" | "mfa-webauthn" | "mfa-email" | "mfa-recovery-code" | "device-flow" | "email-verification" | "email-otp-challenge" | "invitation" | "common" | "passkeys" | "captcha" | "custom-form" | "login-passwordless" | "mfa-login-options";
                     language: string;
                 };
             } & {

package/dist/types/routes/management-api/users.d.ts

@@ -737,7 +737,7 @@ export declare const userRoutes: OpenAPIHono<{
                 };
             };
             output: {
-                type: "s" | "w" | "i" | "fn" | "f" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
+                type: "fn" | "i" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
                 date: string;
                 isMobile: boolean;
                 log_id: string;
@@ -776,7 +776,7 @@ export declare const userRoutes: OpenAPIHono<{
                 limit: number;
                 length: number;
                 logs: {
-                    type: "s" | "w" | "i" | "fn" | "f" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "wn" | "wum";
+                    type: "fn" | "i" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "sapi" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
                     date: string;
                     isMobile: boolean;
                     log_id: string;

package/dist/types/routes/proxy-control-plane/index.d.ts

@@ -2,6 +2,7 @@ import { Hono } from "hono";
 import type { ResolvedHost } from "@authhero/proxy";
 import { CustomDomain, CustomDomainsAdapter, ProxyRoute, ProxyRoutesAdapter } from "@authhero/adapter-interfaces";
 import { SyncEvent } from "../../helpers/control-plane-sync-events";
+import { Bindings } from "../../types";
 export interface ProxyControlPlaneOptions {
     /**
      * Cross-tenant host resolver. Typically delegated to a database adapter's
@@ -9,13 +10,20 @@ export interface ProxyControlPlaneOptions {
      */
     resolveHost: (host: string) => Promise<ResolvedHost | null>;
     /**
-     * Authentication check for incoming requests. Return `true` to allow,
-     * `false` to reject with 401. The control-plane endpoint is cross-tenant
-     * and must not be exposed to regular tenant tokens — use a dedicated
-     * proxy-reader credential (shared secret, mTLS, JWT with `proxy:resolve_host`
-     * scope, …).
+     * URL of the JWKS document used to verify control-plane bearer tokens.
+     *
+     * Tokens MUST be signed by a key in this JWKS, carry an `iss` matching
+     * the runtime `env.ISSUER` (strict URL equality after trailing-slash
+     * normalization), and include the `proxy:resolve_host` scope.
+     */
+    jwksUrl: string;
+    /**
+     * Optional fetch override for `jwksUrl`. Defaults to global `fetch`.
+     * Hosts on Cloudflare Workers can pass
+     * `(url) => env.JWKS_SERVICE.fetch(url)` to route through a service
+     * binding instead of the public network.
      */
-    authenticate: (request: Request) => Promise<boolean> | boolean;
+    jwksFetch?: (url: string) => Promise<Response>;
     /**
      * Optional handler for `POST /sync` — receives `controlplane.sync.*` events
      * emitted by tenant shards via `ControlPlaneSyncDestination` and replicates
@@ -34,8 +42,14 @@ export interface ProxyControlPlaneOptions {
  * `GET /hosts/:host`. When `applySyncEvents` is provided, also exposes
  * `POST /sync` for tenant shards to replicate custom_domains / proxy_routes
  * mutations. Mount under `/api/v2/proxy/control-plane`.
+ *
+ * Authentication is built in: requests must carry a `Bearer` JWT signed by
+ * a key published at `options.jwksUrl`, with `iss` matching the runtime
+ * `env.ISSUER` and scope `proxy:resolve_host`.
  */
-export declare function createProxyControlPlaneApp(options: ProxyControlPlaneOptions): Hono;
+export declare function createProxyControlPlaneApp(options: ProxyControlPlaneOptions): Hono<{
+    Bindings: Bindings;
+}>;
 export interface CreateApplySyncEventsOptions {
     customDomains: CustomDomainsAdapter;
     proxyRoutes?: ProxyRoutesAdapter;

package/dist/types/routes/proxy-control-plane/verify.d.ts

@@ -0,0 +1,39 @@
+import { PROXY_RESOLVE_HOST_SCOPE } from "@authhero/proxy";
+/**
+ * Strict issuer equality: parse both `iss` and `expected` as URLs and compare
+ * the resulting hrefs after stripping any single trailing slash. No host-only
+ * match, no subdomain match — a token issued by `https://a.example.com/` and
+ * an expected `https://b.example.com/` (or `https://example.com/x/`) must NOT
+ * be treated as equivalent.
+ */
+export declare function isAllowedIssuer(iss: string, expected: string): boolean;
+export type VerifyControlPlaneTokenResult = {
+    ok: true;
+} | {
+    ok: false;
+    reason: string;
+};
+export interface VerifyControlPlaneTokenOptions {
+    /** Compact JWS to verify. */
+    token: string;
+    /** JWKS document URL. */
+    jwksUrl: string;
+    /** Optional fetch override — defaults to global `fetch`. */
+    jwksFetch?: (url: string) => Promise<Response>;
+    /** Expected `iss` claim (compared via {@link isAllowedIssuer}). */
+    expectedIssuer: string;
+    /** Required `scope` (space-separated). Defaults to `proxy:resolve_host`. */
+    requiredScope?: string;
+}
+/**
+ * Verify a bearer token for the proxy control plane. Returns `{ ok: true }`
+ * on success, `{ ok: false, reason }` on any failure — the reason is for
+ * logs only and must not be surfaced to the caller.
+ *
+ * Accepted algs: RS256/384/512, ES256/384/512. The JWK's `alg` must match
+ * the token header's `alg`. The token must carry the configured required
+ * scope (`proxy:resolve_host` by default) and an `iss` that strictly equals
+ * `expectedIssuer` after URL normalization.
+ */
+export declare function verifyControlPlaneToken(options: VerifyControlPlaneTokenOptions): Promise<VerifyControlPlaneTokenResult>;
+export { PROXY_RESOLVE_HOST_SCOPE };

package/dist/types/routes/universal-login/common.d.ts

@@ -447,7 +447,7 @@ export declare function initJSXRoute(ctx: Context<{
         custom_login_page_preview?: string | undefined;
         form_template?: string | undefined;
         addons?: Record<string, any> | undefined;
-        token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | "private_key_jwt" | undefined;
+        token_endpoint_auth_method?: "client_secret_post" | "client_secret_basic" | "none" | "client_secret_jwt" | "private_key_jwt" | undefined;
         client_metadata?: Record<string, string> | undefined;
         hide_sign_up_disabled_error?: boolean | undefined;
         mobile?: Record<string, any> | undefined;
@@ -1166,7 +1166,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
         custom_login_page_preview?: string | undefined;
         form_template?: string | undefined;
         addons?: Record<string, any> | undefined;
-        token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | "private_key_jwt" | undefined;
+        token_endpoint_auth_method?: "client_secret_post" | "client_secret_basic" | "none" | "client_secret_jwt" | "private_key_jwt" | undefined;
         client_metadata?: Record<string, string> | undefined;
         hide_sign_up_disabled_error?: boolean | undefined;
         mobile?: Record<string, any> | undefined;

package/dist/types/routes/universal-login/flow-api.d.ts

@@ -27,7 +27,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
             output: {
                 screen: {
                     action: string;
-                    method: "POST" | "GET";
+                    method: "GET" | "POST";
                     components: {
                         id: string;
                         type: string;
@@ -107,7 +107,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
             output: {
                 screen: {
                     action: string;
-                    method: "POST" | "GET";
+                    method: "GET" | "POST";
                     components: {
                         id: string;
                         type: string;
@@ -173,7 +173,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 400;
         } | {
             input: {
                 query: {
@@ -188,7 +188,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 400;
+            status: 404;
         } | {
             input: {
                 query: {
@@ -204,7 +204,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
             output: {
                 screen: {
                     action: string;
-                    method: "POST" | "GET";
+                    method: "GET" | "POST";
                     components: {
                         id: string;
                         type: string;
@@ -282,7 +282,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 400;
         } | {
             input: {
                 param: {
@@ -300,7 +300,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 400;
+            status: 404;
         } | {
             input: {
                 param: {
@@ -319,7 +319,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
             output: {
                 screen: {
                     action: string;
-                    method: "POST" | "GET";
+                    method: "GET" | "POST";
                     components: {
                         id: string;
                         type: string;

package/dist/types/routes/universal-login/form-node.d.ts

@@ -18,7 +18,7 @@ export declare const formNodeRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 200;
         } | {
             input: {
                 param: {
@@ -32,7 +32,7 @@ export declare const formNodeRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 200;
+            status: 404;
         };
     };
 } & {
@@ -52,7 +52,7 @@ export declare const formNodeRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 200;
         } | {
             input: {
                 param: {
@@ -68,7 +68,7 @@ export declare const formNodeRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 200;
+            status: 404;
         };
     };
 }, "/">;

package/dist/types/routes/universal-login/index.d.ts

@@ -63,7 +63,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 200;
         } | {
             input: {
                 param: {
@@ -77,7 +77,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 200;
+            status: 404;
         };
     };
 } & {
@@ -97,7 +97,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 200;
         } | {
             input: {
                 param: {
@@ -113,7 +113,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 200;
+            status: 404;
         };
     };
 }, "/forms"> & import("hono/types").MergeSchemaPath<{

package/dist/types/routes/universal-login/u2-form-node.d.ts

@@ -28,7 +28,7 @@ export declare const u2FormNodeRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 200;
         } | {
             input: {
                 param: {
@@ -42,7 +42,7 @@ export declare const u2FormNodeRoutes: OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 200;
+            status: 404;
         };
     };
 } & {

package/dist/types/routes/universal-login/u2-index.d.ts

@@ -165,7 +165,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         $get: {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "account" | "try-connection-result" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "login" | "reset-password" | "consent" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "reset-password/code" | "reset-password/request" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -181,7 +181,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "account" | "try-connection-result" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "login" | "reset-password" | "consent" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "reset-password/code" | "reset-password/request" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -197,7 +197,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "account" | "try-connection-result" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "login" | "reset-password" | "consent" | "account" | "enter-password" | "impersonate" | "try-connection-result" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "reset-password/code" | "reset-password/request" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -217,7 +217,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         $post: {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "reset-password/code" | "reset-password/request" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -235,7 +235,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "reset-password/code" | "reset-password/request" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -253,7 +253,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
         } | {
             input: {
                 param: {
-                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "reset-password/request" | "reset-password/code" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
+                    screen: "signup" | "login" | "reset-password" | "consent" | "enter-password" | "impersonate" | "login/identifier" | "login/email-otp-challenge" | "login/sms-otp-challenge" | "login/login-passwordless-identifier" | "reset-password/code" | "reset-password/request" | "mfa/login-options" | "mfa/totp-challenge" | "mfa/totp-enrollment" | "mfa/phone-challenge" | "mfa/phone-enrollment" | "passkey/challenge" | "passkey/enrollment" | "passkey/enrollment-nudge" | "account/profile" | "account/security" | "account/security/totp-enrollment" | "account/security/phone-enrollment" | "account/linked" | "account/delete" | "account/passkeys" | "connect/start" | "connect/select-tenant";
                 };
             } & {
                 query: {
@@ -285,7 +285,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 404;
+            status: 200;
         } | {
             input: {
                 param: {
@@ -299,7 +299,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
             };
             output: {};
             outputFormat: string;
-            status: 200;
+            status: 404;
         };
     };
 } & {