authhero 5.8.1 → 5.9.1

package/dist/types/routes/universal-login/u2-widget-page.d.ts

@@ -0,0 +1,187 @@
+/**
+ * Shared widget page rendering for U2 routes.
+ *
+ * v3 — Logo inside widget by default + adaptive chip chrome.
+ *
+ * Changes vs. v2:
+ *  - Logo renders INSIDE the widget card by default (Auth0-style). The
+ *    widget's own shadow DOM emits the logo from `branding.logo_url`, so
+ *    the page doesn't add an outer-container duplicate. Set
+ *    `logoPosition="chip"` to render the floating-chip variant instead.
+ *  - Chips adapt to dark/light page mode (translucent dark vs. translucent
+ *    white). Tokens are CSS variables flipped via a `data-mode` attribute,
+ *    so a single ruleset handles both directions.
+ *  - When there's no background image, chips drop their pill surface and
+ *    render as plain text (matches a clean solid-bg layout).
+ *  - Privacy/Terms is now a real chip in the with-image case so it doesn't
+ *    float as orphan text.
+ *
+ *   ┌─────────────────────────────────────┐
+ *   │ [logo*]                 [settings]  │   *only when logoPosition=chip
+ *   │                                     │
+ *   │            ┌──────────┐             │
+ *   │            │ [logo]   │             │   <- widget's own header (default)
+ *   │            │  widget  │             │
+ *   │            └──────────┘             │
+ *   │                                     │
+ *   │ [trust]                    [legal]  │
+ *   └─────────────────────────────────────┘
+ *
+ * Slot story (forward-looking): the chips carry `data-ah-slot` attrs so a
+ * future Liquid template can reposition any element via `{% slot %}` tags.
+ * `logoPosition` is the prop-level shortcut for the most common override.
+ */
+import type { Branding, Theme } from "@authhero/adapter-interfaces";
+export type DarkModePreference = "auto" | "light" | "dark";
+export type LogoPosition = "widget" | "chip" | "none";
+/**
+ * Resolve the dark-mode preference for the current request.
+ *
+ * Priority: per-user `ah-dark-mode` cookie > tenant `branding.dark_mode` > "auto".
+ * The cookie lets a user override the tenant default for the rest of their session.
+ */
+export declare function resolveDarkMode(ctx: any, branding: Branding | null | undefined): DarkModePreference;
+export type WidgetPageProps = {
+    widgetHtml: string;
+    screenId: string;
+    branding?: {
+        colors?: {
+            primary?: string;
+            page_background?: string | {
+                type?: string;
+                start?: string;
+                end?: string;
+                angle_deg?: number;
+            };
+        };
+        logo_url?: string;
+        favicon_url?: string;
+        font?: {
+            url?: string;
+        };
+    };
+    theme?: any;
+    themePageBackground?: {
+        background_color?: string;
+        background_image_url?: string;
+        page_layout?: string;
+    };
+    clientName: string;
+    poweredByLogo?: {
+        url: string;
+        darkUrl?: string;
+        alt: string;
+        href?: string;
+        height?: number;
+    };
+    language?: string;
+    availableLanguages?: string[];
+    termsAndConditionsUrl?: string;
+    darkMode?: DarkModePreference;
+    /**
+     * Where to render the tenant logo on the page.
+     * - "widget" (default): inside the widget card, via the widget's own header.
+     * - "chip": floating pill in the top-left page corner. The widget's
+     *   internal logo should also be suppressed in this mode (callers use
+     *   `derivePageLogoPlacement` to clone the theme accordingly before SSR).
+     * - "none": no logo on the page or in the widget.
+     *
+     * If not provided, defaults to `theme.page_background.logo_placement`,
+     * falling back to "widget".
+     */
+    logoPosition?: LogoPosition;
+    /** Optional inline script injected at page level (e.g. WebAuthn ceremony) */
+    extraScript?: string;
+    /**
+     * When set, replaces the default body content (widget + chips) with a
+     * pre-expanded HTML fragment. Used by the universal-login custom-template
+     * path: the tenant's template is run through `applyUniversalLoginTemplate`
+     * and the resulting body markup is injected here, while the page shell
+     * (html/head, dark-mode runtime, background tint, body styling) is still
+     * managed by this component.
+     */
+    customBodyHtml?: string;
+};
+export declare function LogoChip({ logoUrl, clientName, }: {
+    logoUrl?: string | null;
+    clientName: string;
+}): import("hono/jsx/jsx-dev-runtime").JSX.Element;
+export declare function DarkModeToggle({ darkMode }: {
+    darkMode: DarkModePreference;
+}): import("hono/jsx/jsx-dev-runtime").JSX.Element;
+export declare function LanguagePicker({ language, availableLanguages, }: {
+    language?: string;
+    availableLanguages: string[];
+}): import("hono/jsx/jsx-dev-runtime").JSX.Element | null;
+export declare function SettingsChip({ darkMode, language, availableLanguages, }: {
+    darkMode: DarkModePreference;
+    language?: string;
+    availableLanguages?: string[];
+}): import("hono/jsx/jsx-dev-runtime").JSX.Element;
+export declare function PoweredByChip({ url, href, alt, height, }: {
+    url: string;
+    href?: string;
+    alt?: string;
+    height?: number;
+}): import("hono/jsx/jsx-dev-runtime").JSX.Element | null;
+export declare function LegalChip({ termsAndConditionsUrl, language, }: {
+    termsAndConditionsUrl?: string;
+    language?: string;
+}): import("hono/jsx/jsx-dev-runtime").JSX.Element | null;
+export declare function WidgetPage({ widgetHtml, screenId, branding, theme, themePageBackground, clientName, poweredByLogo, language, availableLanguages, termsAndConditionsUrl, darkMode, logoPosition, extraScript, customBodyHtml, }: WidgetPageProps): import("hono/jsx/jsx-dev-runtime").JSX.Element;
+/**
+ * Reads `theme.page_background.logo_placement` and returns the resolved
+ * page-level `logoPosition` plus a theme variant suitable for passing to
+ * the widget SSR. When placement is "chip" or "none" we override
+ * `theme.widget.logo_position = "none"` so the widget's internal header
+ * logo is suppressed — otherwise we'd render a duplicate (chip + widget
+ * header) or a logo when the caller asked for none.
+ *
+ * Callers should pass the returned `theme` to `JSON.stringify` for the
+ * widget's `theme` attribute, and forward `logoPosition` to `WidgetPage`.
+ */
+export declare function derivePageLogoPlacement<T extends {
+    page_background?: {
+        logo_placement?: LogoPosition;
+    };
+    widget?: {
+        logo_position?: string;
+    };
+} | null | undefined>(theme: T): {
+    logoPosition: LogoPosition;
+    theme: T;
+};
+export declare function renderWidgetSSR(params: {
+    screenId: string;
+    screenJson: string;
+    brandingJson?: string;
+    themeJson?: string;
+    state: string;
+    authParamsJson: string;
+}): Promise<string>;
+export declare function extractBrandingProps(branding: Branding | null | undefined): WidgetPageProps["branding"];
+export declare function renderWidgetPageResponse(ctx: any, opts: {
+    screenId: string;
+    screenJson: string;
+    brandingJson?: string;
+    themeJson?: string;
+    state: string;
+    authParamsJson: string;
+    branding: Branding | null | undefined;
+    theme: Theme | null | undefined;
+    clientName: string;
+    poweredByLogo?: WidgetPageProps["poweredByLogo"];
+    language?: string;
+    availableLanguages?: string[];
+    termsAndConditionsUrl?: string;
+    darkMode?: DarkModePreference;
+    logoPosition?: LogoPosition;
+    extraScript?: string;
+    /**
+     * Optional tenant-uploaded body template. When provided, the body is
+     * built via `applyUniversalLoginTemplate(customTemplateBody, ...)`
+     * instead of the default chip layout. The shell (html/head, runtime,
+     * bg tint) is unchanged.
+     */
+    customTemplateBody?: string;
+}): Promise<Response>;

package/dist/types/routes/universal-login/universal-login-template.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Universal Login Template — slot-based body markup.
+ *
+ * Tenants opt into custom chrome by uploading a body fragment that uses these
+ * slot tokens. The default body (`DEFAULT_UNIVERSAL_LOGIN_TEMPLATE`) is
+ * what's served when no custom template is stored, and is what tenants
+ * should copy and edit.
+ *
+ * The page shell (`<!DOCTYPE>`, `<html>`, `<head>`, body styles, dark-mode
+ * runtime, background tint) is fixed in code — it's not part of the tenant
+ * template. This keeps tenants out of CSS/runtime authoring and limits
+ * customization to layout: hide a chip by deleting its token, reorder by
+ * moving them.
+ *
+ * Slot tokens:
+ *   `{%- auth0:widget -%}`             — widget container (required)
+ *   `{%- authhero:logo -%}`            — logo chip (top-left)
+ *   `{%- authhero:settings -%}`        — settings chip (top-right), wraps the
+ *                                        dark-mode toggle + language picker
+ *   `{%- authhero:dark-mode-toggle -%}`— dark-mode button only
+ *   `{%- authhero:language-picker -%}` — language picker only
+ *   `{%- authhero:powered-by -%}`      — powered-by chip (bottom-left)
+ *   `{%- authhero:legal -%}`           — legal/terms chip (bottom-right)
+ */
+import { type DarkModePreference } from "./u2-widget-page";
+export declare const REQUIRED_SLOT = "{%- auth0:widget -%}";
+/**
+ * Canonical default body. Mirrors the layout the JSX `WidgetPage` emits.
+ * Tenants who want to hide a chip should copy this, delete a slot, and PUT
+ * it back via `PUT /api/v2/branding/templates/universal-login`.
+ */
+export declare const DEFAULT_UNIVERSAL_LOGIN_TEMPLATE = "{%- auth0:widget -%}\n{%- authhero:logo -%}\n{%- authhero:settings -%}\n{%- authhero:powered-by -%}\n{%- authhero:legal -%}\n";
+export type TemplateSlotOptions = {
+    widgetHtml: string;
+    logoUrl?: string | null;
+    clientName: string;
+    darkMode: DarkModePreference;
+    language?: string;
+    availableLanguages?: string[];
+    poweredBy?: {
+        url: string;
+        href?: string;
+        alt?: string;
+        height?: number;
+    };
+    termsAndConditionsUrl?: string;
+};
+/**
+ * Expand slot tokens in a template body. Unknown tokens are left in place
+ * (so tenants can spot typos in their templates).
+ */
+export declare function applyUniversalLoginTemplate(template: string, opts: TemplateSlotOptions & {
+    screenId: string;
+    widgetContainerStyle?: string;
+}): string;

package/dist/types/routes/universal-login/validate-email.d.ts

@@ -0,0 +1,20 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { Bindings, Variables } from "../../types";
+export declare const validateEmailRoutes: OpenAPIHono<{
+    Bindings: Bindings;
+    Variables: Variables;
+}, {
+    "/": {
+        $get: {
+            input: {
+                query: {
+                    state: string;
+                    code: string;
+                };
+            };
+            output: {};
+            outputFormat: string;
+            status: 200;
+        };
+    };
+}, "/">;

package/dist/types/routes/universal-login/widget-routes.d.ts

@@ -0,0 +1,81 @@
+/**
+ * Widget Routes - Universal Login with built-in screens (SSR + Hydration)
+ *
+ * These routes serve the widget UI for each screen in the login flow.
+ * The widget is server-side rendered for instant display, then hydrated
+ * on the client for interactivity.
+ *
+ * Route pattern: /u/widget/:screenId?state=...
+ *
+ * Available screens:
+ * - /u/widget/identifier - Email/username input (first screen)
+ * - /u/widget/email-otp-challenge - Email OTP code verification
+ * - /u/widget/sms-otp-challenge - SMS OTP code verification
+ * - /u/widget/enter-password - Password authentication
+ * - /u/widget/signup - New user registration
+ * - /u/widget/forgot-password - Password reset request
+ * - /u/widget/reset-password - Set new password
+ */
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { Bindings, Variables } from "../../types";
+export declare const widgetRoutes: OpenAPIHono<{
+    Bindings: Bindings;
+    Variables: Variables;
+}, {
+    "/:screenId": {
+        $get: {
+            input: {
+                param: {
+                    screenId: string;
+                };
+            } & {
+                query: {
+                    state: string;
+                };
+            };
+            output: Response;
+            outputFormat: "json";
+            status: import("hono/utils/http-status").StatusCode;
+        } | {
+            input: {
+                param: {
+                    screenId: string;
+                };
+            } & {
+                query: {
+                    state: string;
+                };
+            };
+            output: {};
+            outputFormat: string;
+            status: 404;
+        };
+    };
+} & {
+    "/:screenId": {
+        $post: {
+            input: {
+                param: {
+                    screenId: string;
+                };
+            } & {
+                query: {
+                    state: string;
+                    action?: string | undefined;
+                };
+            } & {
+                json: {
+                    data: Record<string, any>;
+                };
+            };
+            output: {
+                screen: any;
+                branding?: any;
+            } | {
+                redirect: string;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/">;

package/dist/types/seed.d.ts

@@ -0,0 +1,86 @@
+import { DataAdapters } from "@authhero/adapter-interfaces";
+/**
+ * Management API scopes for the AuthHero Management API
+ */
+export declare const MANAGEMENT_API_SCOPES: {
+    description: string;
+    value: string;
+}[];
+export interface SeedOptions {
+    /**
+     * The admin user's username
+     */
+    adminUsername: string;
+    /**
+     * The admin user's email address (optional)
+     */
+    adminEmail?: string;
+    /**
+     * The admin user's password (will be hashed with bcrypt)
+     */
+    adminPassword: string;
+    /**
+     * The tenant ID to create (defaults to "control_plane")
+     */
+    tenantId?: string;
+    /**
+     * The tenant name (defaults to "Control Plane")
+     */
+    tenantName?: string;
+    /**
+     * The audience URL for the tenant.
+     * For the main/management tenant, defaults to `urn:authhero:management`.
+     */
+    audience?: string;
+    /**
+     * Whether this is the control plane tenant (the main management tenant).
+     * If true, the audience will default to `urn:authhero:management`.
+     * @default true
+     */
+    isControlPlane?: boolean;
+    /**
+     * The default client ID (defaults to "default")
+     */
+    clientId?: string;
+    /**
+     * Callback URLs for the default client
+     */
+    callbacks?: string[];
+    /**
+     * Allowed logout URLs for the default client
+     */
+    allowedLogoutUrls?: string[];
+    /**
+     * Whether to log progress (defaults to true)
+     */
+    debug?: boolean;
+    /**
+     * The issuer URL (used to construct the Management API identifier)
+     */
+    issuer?: string;
+}
+export interface SeedResult {
+    tenantId: string;
+    userId: string;
+    username: string;
+    clientId: string;
+    clientSecret: string;
+}
+/**
+ * Seed the AuthHero database with initial data.
+ * Creates a default tenant, admin user, password connection, and default client.
+ *
+ * @example
+ * ```ts
+ * import { seed } from "authhero";
+ * import createAdapters from "@authhero/kysely-adapter";
+ *
+ * const adapters = createAdapters(db);
+ *
+ * await seed(adapters, {
+ *   adminUsername: "admin",
+ *   adminPassword: "admin",
+ * });
+ * ```
+ */
+export declare function seed(adapters: DataAdapters, options: SeedOptions): Promise<SeedResult>;

package/dist/types/state-machines/index.d.ts

@@ -0,0 +1 @@
+export { loginSessionMachine, transitionLoginSession, transitionLoginSessionFromEntity, canTransition, getValidEvents, LoginSessionEventType, type LoginSessionContext, type LoginSessionEvent, } from "./login-session";

package/dist/types/state-machines/login-session.d.ts

@@ -0,0 +1,173 @@
+import { LoginSession, LoginSessionState } from "@authhero/adapter-interfaces";
+/**
+ * Context for the login session state machine
+ */
+export interface LoginSessionContext {
+    /** User ID once identified */
+    userId?: string;
+    /** Error/failure reason if login failed */
+    failureReason?: string;
+    /** Hook/flow ID if waiting for completion */
+    hookId?: string;
+    /** Continuation scope - which pages are allowed during AWAITING_CONTINUATION */
+    continuationScope?: string[];
+    /** Additional state data */
+    stateData?: Record<string, unknown>;
+}
+/**
+ * Event types for the login session state machine
+ */
+export declare enum LoginSessionEventType {
+    AUTHENTICATE = "AUTHENTICATE",
+    REQUIRE_EMAIL_VERIFICATION = "REQUIRE_EMAIL_VERIFICATION",
+    REQUIRE_MFA = "REQUIRE_MFA",
+    COMPLETE_MFA = "COMPLETE_MFA",
+    START_HOOK = "START_HOOK",
+    COMPLETE_HOOK = "COMPLETE_HOOK",
+    START_CONTINUATION = "START_CONTINUATION",
+    COMPLETE_CONTINUATION = "COMPLETE_CONTINUATION",
+    COMPLETE = "COMPLETE",
+    FAIL = "FAIL",
+    EXPIRE = "EXPIRE"
+}
+/**
+ * Events that can trigger state transitions
+ */
+export type LoginSessionEvent = {
+    type: LoginSessionEventType.AUTHENTICATE;
+    userId: string;
+} | {
+    type: LoginSessionEventType.REQUIRE_EMAIL_VERIFICATION;
+} | {
+    type: LoginSessionEventType.REQUIRE_MFA;
+} | {
+    type: LoginSessionEventType.COMPLETE_MFA;
+} | {
+    type: LoginSessionEventType.START_HOOK;
+    hookId?: string;
+} | {
+    type: LoginSessionEventType.COMPLETE_HOOK;
+} | {
+    type: LoginSessionEventType.START_CONTINUATION;
+    scope: string[];
+} | {
+    type: LoginSessionEventType.COMPLETE_CONTINUATION;
+} | {
+    type: LoginSessionEventType.COMPLETE;
+} | {
+    type: LoginSessionEventType.FAIL;
+    reason: string;
+} | {
+    type: LoginSessionEventType.EXPIRE;
+};
+/**
+ * Login session state machine
+ *
+ * The AUTHENTICATED state acts as a "hub" that decides the next requirement.
+ * After completing hooks or continuations, the flow returns to AUTHENTICATED
+ * so the backend can check if additional steps are needed.
+ *
+ * Flow examples:
+ *   pending → authenticated → completed (simple login)
+ *   pending → authenticated → awaiting_email_verification → authenticated → completed
+ *   pending → authenticated → awaiting_mfa → authenticated → completed
+ *   pending → authenticated → awaiting_hook → authenticated → awaiting_continuation → authenticated → completed
+ *
+ * Any non-final state can transition to failed or expired.
+ *
+ * States:
+ * - pending: Initial state, awaiting user authentication
+ * - authenticated: Credentials validated - hub state that decides next steps
+ * - awaiting_email_verification: Blocked on email verification
+ * - awaiting_mfa: Waiting for MFA verification (SMS, TOTP, etc.)
+ * - awaiting_hook: Waiting for hook/flow completion (form, page, impersonate)
+ * - awaiting_continuation: Waiting for user to complete action on account page
+ * - completed: Tokens issued successfully (final)
+ * - failed: Authentication failed (final)
+ * - expired: Session timed out (final)
+ */
+export declare const loginSessionMachine: import("xstate").StateMachine<LoginSessionContext, {
+    type: LoginSessionEventType.AUTHENTICATE;
+    userId: string;
+} | {
+    type: LoginSessionEventType.REQUIRE_EMAIL_VERIFICATION;
+} | {
+    type: LoginSessionEventType.REQUIRE_MFA;
+} | {
+    type: LoginSessionEventType.COMPLETE_MFA;
+} | {
+    type: LoginSessionEventType.START_HOOK;
+    hookId?: string;
+} | {
+    type: LoginSessionEventType.COMPLETE_HOOK;
+} | {
+    type: LoginSessionEventType.START_CONTINUATION;
+    scope: string[];
+} | {
+    type: LoginSessionEventType.COMPLETE_CONTINUATION;
+} | {
+    type: LoginSessionEventType.COMPLETE;
+} | {
+    type: LoginSessionEventType.FAIL;
+    reason: string;
+} | {
+    type: LoginSessionEventType.EXPIRE;
+}, {}, never, {
+    type: "setUserId";
+    params: import("xstate").NonReducibleUnknown;
+} | {
+    type: "setHookId";
+    params: import("xstate").NonReducibleUnknown;
+} | {
+    type: "clearHookId";
+    params: import("xstate").NonReducibleUnknown;
+} | {
+    type: "setContinuationScope";
+    params: import("xstate").NonReducibleUnknown;
+} | {
+    type: "clearContinuationScope";
+    params: import("xstate").NonReducibleUnknown;
+} | {
+    type: "setFailureReason";
+    params: import("xstate").NonReducibleUnknown;
+}, never, never, "pending" | "failed" | "authenticated" | "expired" | "awaiting_email_verification" | "awaiting_mfa" | "awaiting_hook" | "awaiting_continuation" | "completed", string, import("xstate").NonReducibleUnknown, import("xstate").NonReducibleUnknown, import("xstate").EventObject, import("xstate").MetaObject, {
+    id: "loginSession";
+    states: {
+        readonly pending: {};
+        readonly authenticated: {};
+        readonly awaiting_email_verification: {};
+        readonly awaiting_mfa: {};
+        readonly awaiting_hook: {};
+        readonly awaiting_continuation: {};
+        readonly completed: {};
+        readonly failed: {};
+        readonly expired: {};
+    };
+}>;
+/**
+ * Transition a login session and return the new state
+ *
+ * Uses XState's transition for a single source of truth - the machine
+ * definition determines all valid transitions.
+ */
+export declare function transitionLoginSession(currentState: LoginSessionState, event: LoginSessionEvent, context?: LoginSessionContext): {
+    state: LoginSessionState;
+    context: Partial<LoginSessionContext>;
+};
+/**
+ * Check if a login session can transition with the given event
+ *
+ * Uses XState's transition - if the state changes, the transition is valid.
+ */
+export declare function canTransition(currentState: LoginSessionState, eventType: LoginSessionEvent["type"], context?: LoginSessionContext): boolean;
+/**
+ * Helper to transition from a LoginSession object
+ */
+export declare function transitionLoginSessionFromEntity(loginSession: LoginSession, event: LoginSessionEvent): {
+    state: LoginSessionState;
+    context: Partial<LoginSessionContext>;
+};
+/**
+ * Get valid events for a given state
+ */
+export declare function getValidEvents(currentState: LoginSessionState): LoginSessionEventType[];

package/dist/types/storybook-utils/HonoJSXWrapper.d.ts

@@ -0,0 +1,43 @@
+/** @jsxImportSource react */
+import React from "react";
+/**
+ * Wrapper component to render Hono JSX components in Storybook
+ * This takes the already-rendered HTML string from a Hono component
+ * and hydrates client-side functionality
+ */
+export declare function HonoJSXWrapper({ html }: {
+    html: string;
+}): React.DetailedReactHTMLElement<{
+    dangerouslySetInnerHTML: {
+        __html: string;
+    };
+    className: string;
+}, HTMLElement>;
+/**
+ * Helper function to render a Hono component to HTML
+ * Use this in your stories to convert Hono JSX to HTML before passing to React
+ */
+export declare function renderHonoComponent<T>(Component: (props: T) => any, props: T): string;
+/**
+ * Extract body content from a full HTML document
+ * This is useful for rendering full-page components (like AuthLayout) in Storybook
+ */
+export declare function extractBodyContent(html: string): string;
+/**
+ * Wrapper for rendering full HTML documents in Storybook
+ * Extracts just the body content to display in the Storybook iframe
+ * Uses display:contents to make the wrapper transparent to layout,
+ * allowing the inner flex container to work properly
+ * Also hydrates client-side functionality like password toggles
+ */
+export declare function HonoFullPageWrapper({ html }: {
+    html: string;
+}): React.DetailedReactHTMLElement<{
+    dangerouslySetInnerHTML: {
+        __html: string;
+    };
+    className: string;
+    style: {
+        display: "contents";
+    };
+}, HTMLElement>;

package/dist/types/strategies/apple.d.ts

@@ -0,0 +1,24 @@
+import { Context } from "hono";
+import { Connection } from "@authhero/adapter-interfaces";
+import { Bindings, Variables } from "../types";
+export declare const displayName = "Apple";
+export declare const logoDataUri = "data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20fill%3D%22none%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M45%200H0V45H45V0Z%22%20fill%3D%22white%22%2F%3E%3Cpath%20d%3D%22M23.5344%2010.3846C25.5313%2010.3846%2028.0344%209.01144%2029.525%207.18055C30.875%205.5213%2031.8594%203.20407%2031.8594%200.886839C31.8594%200.572154%2031.8313%200.25747%2031.775%200C29.5531%200.0858233%2026.8813%201.51621%2025.2781%203.43293C24.0125%204.89193%2022.8594%207.18055%2022.8594%209.52638C22.8594%209.86968%2022.9156%2010.213%2022.9438%2010.3274C23.0844%2010.356%2023.3094%2010.3846%2023.5344%2010.3846ZM16.5031%2045C19.2313%2045%2020.4406%2043.1405%2023.8438%2043.1405C27.3031%2043.1405%2028.0625%2044.9428%2031.1%2044.9428C34.0813%2044.9428%2036.0781%2042.1392%2037.9625%2039.3929C40.0719%2036.246%2040.9438%2033.1564%2041%2033.0134C40.8031%2032.9561%2035.0938%2030.5817%2035.0938%2023.9161C35.0938%2018.1373%2039.5938%2015.534%2039.8469%2015.3338C36.8656%2010.9854%2032.3375%2010.8709%2031.1%2010.8709C27.7531%2010.8709%2025.025%2012.9307%2023.3094%2012.9307C21.4531%2012.9307%2019.0063%2010.9854%2016.1094%2010.9854C10.5969%2010.9854%205%2015.6198%205%2024.3738C5%2029.8093%207.08125%2035.5594%209.64063%2039.2784C11.8344%2042.4253%2013.7469%2045%2016.5031%2045Z%22%20fill%3D%22black%22%2F%3E%3C%2Fsvg%3E";
+export declare function getRedirect(ctx: Context<{
+    Bindings: Bindings;
+    Variables: Variables;
+}>, connection: Connection): Promise<{
+    redirectUrl: string;
+    code: string;
+}>;
+export declare function validateAuthorizationCodeAndGetUser(ctx: Context<{
+    Bindings: Bindings;
+    Variables: Variables;
+}>, connection: Connection, code: string): Promise<{
+    sub: string;
+    email: string | undefined;
+    given_name: string | undefined;
+    family_name: string | undefined;
+    name: string | undefined;
+    picture: unknown;
+    locale: unknown;
+}>;