authhero 7.0.0 → 7.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/dist/assets/u/widget/index.esm.js +1 -1
  2. package/dist/authhero.cjs +105 -105
  3. package/dist/authhero.d.ts +194 -209
  4. package/dist/authhero.mjs +9211 -9198
  5. package/dist/stats.html +1 -1
  6. package/dist/tsconfig.types.tsbuildinfo +1 -1
  7. package/dist/types/authentication-flows/passwordless.d.ts +1 -1
  8. package/dist/types/helpers/dcr/metadata-mapping.d.ts +2 -2
  9. package/dist/types/index.d.ts +173 -191
  10. package/dist/types/routes/auth-api/index.d.ts +10 -10
  11. package/dist/types/routes/auth-api/passwordless.d.ts +8 -8
  12. package/dist/types/routes/auth-api/register/index.d.ts +2 -2
  13. package/dist/types/routes/management-api/authentication-methods.d.ts +1 -1
  14. package/dist/types/routes/management-api/client-grants.d.ts +8 -8
  15. package/dist/types/routes/management-api/clients.d.ts +7 -7
  16. package/dist/types/routes/management-api/connections.d.ts +1 -1
  17. package/dist/types/routes/management-api/custom-domains.d.ts +1 -19
  18. package/dist/types/routes/management-api/forms.d.ts +119 -119
  19. package/dist/types/routes/management-api/guardian.d.ts +5 -5
  20. package/dist/types/routes/management-api/index.d.ts +157 -175
  21. package/dist/types/routes/management-api/logs.d.ts +3 -3
  22. package/dist/types/routes/management-api/migration-sources.d.ts +6 -6
  23. package/dist/types/routes/management-api/prompts.d.ts +4 -4
  24. package/dist/types/routes/management-api/users.d.ts +2 -2
  25. package/dist/types/routes/proxy-control-plane/index.d.ts +10 -15
  26. package/dist/types/routes/proxy-control-plane/verify.d.ts +10 -5
  27. package/dist/types/routes/universal-login/common.d.ts +2 -2
  28. package/dist/types/routes/universal-login/flow-api.d.ts +12 -12
  29. package/dist/types/routes/universal-login/u2-index.d.ts +6 -6
  30. package/dist/types/routes/universal-login/u2-routes.d.ts +6 -6
  31. package/dist/types/types/AuthHeroConfig.d.ts +11 -13
  32. package/package.json +5 -5
package/dist/types/types/AuthHeroConfig.d.ts CHANGED
@@ -284,23 +284,21 @@ export interface AuthHeroConfig {
284
284
  * which returns the cross-tenant `ResolvedHost` for the given hostname.
285
285
  *
286
286
  * Authentication is opinionated and built in: incoming requests must
287
- * carry a `Bearer` JWT signed by a key in `jwksUrl`, with `iss` matching
288
- * the runtime `env.ISSUER` (strict URL equality after trailing-slash
289
- * normalization) and the `proxy:resolve_host` scope. The matching
290
- * client-side helper is `createHttpProxyAdapter` in `@authhero/proxy`.
287
+ * carry a `Bearer` JWT whose `iss` is either the runtime `env.ISSUER`
288
+ * or the host the request landed on (tenant subdomain or registered
289
+ * custom domain). The verifier fetches `<iss>/.well-known/jwks.json` to
290
+ * validate the signature, so each accepted host must publish its own
291
+ * JWKS at that path. Tokens must also carry the `proxy:resolve_host`
292
+ * scope. The matching client-side helper is `createHttpProxyAdapter`
293
+ * in `@authhero/proxy`.
291
294
  */
292
295
  proxyControlPlane?: {
293
296
  resolveHost: (host: string) => Promise<import("@authhero/proxy").ResolvedHost | null>;
294
297
  /**
295
- * JWKS document URL used to verify the bearer token. On a single-shard
296
- * deployment this is typically `${env.ISSUER}/.well-known/jwks.json`.
297
- */
298
- jwksUrl: string;
299
- /**
300
- * Optional fetch override for `jwksUrl`. Defaults to global `fetch`.
301
- * Hosts on Cloudflare Workers can pass
302
- * `(url) => env.JWKS_SERVICE.fetch(url)` to route through a service
303
- * binding instead of the public network.
298
+ * Optional fetch override for the per-issuer JWKS document. Called
299
+ * with the derived URL (`<iss>/.well-known/jwks.json`); defaults to
300
+ * global `fetch`. Hosts on Cloudflare Workers can route specific
301
+ * hosts through a service binding by inspecting the URL.
304
302
  */
305
303
  jwksFetch?: (url: string) => Promise<Response>;
306
304
  /**
package/package.json CHANGED
@@ -11,7 +11,7 @@
11
11
  "type": "git",
12
12
  "url": "https://github.com/markusahlstrand/authhero"
13
13
  },
14
- "version": "7.0.0",
14
+ "version": "7.1.0",
15
15
  "files": [
16
16
  "dist"
17
17
  ],
@@ -62,8 +62,8 @@
62
62
  "vite": "^8.0.14",
63
63
  "vite-plugin-dts": "^4.5.4",
64
64
  "vitest": "^4.1.7",
65
- "@authhero/kysely-adapter": "11.8.3",
66
- "@authhero/widget": "0.32.39"
65
+ "@authhero/kysely-adapter": "11.8.5",
66
+ "@authhero/widget": "0.32.40"
67
67
  },
68
68
  "dependencies": {
69
69
  "@peculiar/x509": "^1.14.0",
@@ -81,8 +81,8 @@
81
81
  "qrcode": "^1.5.4",
82
82
  "sanitize-html": "^2.17.4",
83
83
  "xstate": "^5.31.1",
84
- "@authhero/adapter-interfaces": "3.0.0",
85
- "@authhero/proxy": "0.5.0",
84
+ "@authhero/adapter-interfaces": "3.1.0",
85
+ "@authhero/proxy": "0.5.1",
86
86
  "@authhero/saml": "0.4.1"
87
87
  },
88
88
  "peerDependencies": {