authhero 7.2.2 → 8.0.0

package/dist/types/authentication-flows/passwordless.d.ts

@@ -457,7 +457,7 @@ export declare function passwordlessGrantUser(ctx: Context<{
         custom_login_page_preview?: string | undefined;
         form_template?: string | undefined;
         addons?: Record<string, any> | undefined;
-        token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | "private_key_jwt" | undefined;
+        token_endpoint_auth_method?: "none" | "private_key_jwt" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | undefined;
         client_metadata?: Record<string, string> | undefined;
         hide_sign_up_disabled_error?: boolean | undefined;
         mobile?: Record<string, any> | undefined;
@@ -540,8 +540,8 @@ export declare function passwordlessGrantUser(ctx: Context<{
         } | undefined;
         authenticated_at?: string | undefined;
     };
-    connectionType: "sms" | "email" | "username";
-    authConnection: "sms" | "email" | "username";
+    connectionType: "username" | "sms" | "email";
+    authConnection: "username" | "sms" | "email";
     session_id: string | undefined;
     authParams: {
         client_id: string;

package/dist/types/helpers/bundle-write-purge.d.ts

@@ -0,0 +1,16 @@
+import { CacheAdapter, DataAdapters } from "@authhero/adapter-interfaces";
+/**
+ * Wraps a {@link DataAdapters} so that writes to bundle-covered entities
+ * purge the corresponding `client-bundle:{tenant_id}:{client_id}` cache
+ * entry — best-effort and local-edge only on Cloudflare's Cache API.
+ *
+ * Two write shapes:
+ * 1. Client-scoped writes (args = [tenant_id, client_id, ...]): purge the
+ *    exact bundle key. Affects exactly one bundle.
+ * 2. Tenant-scoped writes (args = [tenant_id, ...]): attempt a prefix delete
+ *    of `client-bundle:{tenant_id}:`. This is a no-op on Cloudflare Cache
+ *    (which can't enumerate keys) but works on the in-memory adapter and
+ *    on Redis-backed adapters. Tenant-scoped staleness is otherwise bounded
+ *    by the bundle TTL.
+ */
+export declare function addBundleWritePurge(data: DataAdapters, cache: CacheAdapter, keyPrefix?: string): DataAdapters;

package/dist/types/helpers/client-bundle.d.ts

@@ -0,0 +1,51 @@
+import { CacheAdapter, Client, Connection, ClientWithTenantId, DataAdapters, ListConnectionsResponse, ListResourceServersResponse, ListHooksResponse, Branding, PromptSetting, Tenant } from "@authhero/adapter-interfaces";
+/**
+ * One snapshot of every per-(tenant, client) read that the request path
+ * touches outside of user-specific data. Loaded once per request and held
+ * in a 5-minute SWR cache.
+ *
+ * Tenant-scoped lists (connections, resourceServers, hooks) are stored as
+ * their full default-list response so callers calling list(tenant_id) with
+ * no params get an identical shape from the bundle.
+ */
+export interface ClientBundle {
+    tenant: Tenant | null;
+    client: Client | null;
+    connections: ListConnectionsResponse;
+    clientConnections: Connection[];
+    branding: Branding | null;
+    resourceServers: ListResourceServersResponse;
+    promptSettings: PromptSetting | null;
+    hooks: ListHooksResponse;
+}
+export interface ClientBundleConfig {
+    /** Seconds the bundle is served without a refresh. Default 300. */
+    freshSeconds?: number;
+    /** Seconds the bundle may be served stale while a background refresh runs. Default 600 (so total lifetime = fresh + stale). */
+    staleSeconds?: number;
+    /** Cache key prefix (per-deployment isolation). Default "client-bundle". */
+    keyPrefix?: string;
+}
+export declare function clientBundleKey(tenantId: string, clientId: string, prefix?: string): string;
+/**
+ * Look up — and on miss, populate — the per-(tenant, client) bundle.
+ *
+ * SWR semantics:
+ * - now < freshUntil → return immediately
+ * - freshUntil ≤ now < staleUntil → return immediately, schedule a refresh
+ *   via `scheduleRefresh` (typically wired to `ctx.executionCtx.waitUntil`)
+ * - now ≥ staleUntil OR no entry → fetch synchronously
+ *
+ * `data` should be the underlying adapter (i.e. with hooks but without the
+ * bundle wrapper). Passing the bundle-wrapped adapter would deadlock on
+ * itself, since bundle reads route back into this function.
+ */
+export declare function loadClientBundle(data: DataAdapters, cache: CacheAdapter, tenantId: string, clientId: string, options?: {
+    config?: ClientBundleConfig;
+    /** Schedule a background promise. Provide `ctx.executionCtx.waitUntil.bind(ctx.executionCtx)` on Workers; otherwise omit and we'll skip the background refresh. */
+    scheduleRefresh?: (promise: Promise<unknown>) => void;
+    /** Override the "now" clock for testing. */
+    now?: () => number;
+}): Promise<ClientBundle>;
+/** Helper to extract the ClientWithTenantId shape from a bundle. */
+export declare function bundleToClientWithTenantId(bundle: ClientBundle, tenantId: string): ClientWithTenantId | null;

package/dist/types/helpers/request-scoped-dedup.d.ts

@@ -0,0 +1,8 @@
+import { DataAdapters } from "@authhero/adapter-interfaces";
+export interface RequestScopedDedupOptions {
+    /** Names of adapter entities to dedup. Entities outside this list pass through verbatim. Required — there is no safe default. */
+    dedupEntities: string[];
+    /** Shared Map for memoized Promises. Defaults to a fresh Map per call. */
+    dedup?: Map<string, Promise<unknown>>;
+}
+export declare function addRequestScopedDedup(data: DataAdapters, options: RequestScopedDedupOptions): DataAdapters;

package/dist/types/helpers/with-client-bundle.d.ts

@@ -0,0 +1,31 @@
+import { Context } from "hono";
+import { CacheAdapter, DataAdapters } from "@authhero/adapter-interfaces";
+import { Bindings, Variables } from "../types";
+import { ClientBundleConfig } from "./client-bundle";
+type Ctx = Context<{
+    Bindings: Bindings;
+    Variables: Variables;
+}>;
+/**
+ * Route reads that match the request's (tenant_id, client_id) to a single
+ * cached {@link ClientBundle} instead of going entity-by-entity through the
+ * downstream cache. Calls with different tenants/clients, or with non-default
+ * pagination, fall through to {@link upstream}.
+ *
+ * The bundle is loaded lazily on the first matching read — `tenant_id` and
+ * `client_id` typically come from middleware and route entry, so by the time
+ * any bundle-covered method is hit they're set.
+ *
+ * Pass `upstream` (the layer below this wrapper) so bundle component fetches
+ * still benefit from request-scoped dedup / persistent cache / hooks.
+ */
+export declare function withClientBundle(ctx: Ctx, upstream: DataAdapters, cache: CacheAdapter, options?: {
+    config?: ClientBundleConfig;
+}): DataAdapters;
+/**
+ * Best-effort purge of a (tenant_id, client_id) bundle entry from cache.
+ * On Cloudflare this only affects the local edge; entries on other colos
+ * will expire via TTL.
+ */
+export declare function purgeClientBundle(cache: CacheAdapter, tenantId: string, clientId: string, keyPrefix?: string): Promise<void>;
+export {};