authhero 8.14.1 → 8.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/u/widget/index.esm.js +1 -1
- package/dist/authhero.cjs +109 -109
- package/dist/authhero.d.ts +159 -132
- package/dist/authhero.mjs +8675 -8363
- package/dist/tsconfig.types.tsbuildinfo +1 -1
- package/dist/types/authentication-flows/passwordless.d.ts +3 -3
- package/dist/types/constants.d.ts +1 -1
- package/dist/types/index.d.ts +121 -121
- package/dist/types/routes/auth-api/authorize.d.ts +14 -14
- package/dist/types/routes/auth-api/index.d.ts +51 -51
- package/dist/types/routes/auth-api/oidc-logout.d.ts +2 -2
- package/dist/types/routes/auth-api/passwordless.d.ts +2 -2
- package/dist/types/routes/management-api/action-executions.d.ts +1 -1
- package/dist/types/routes/management-api/actions.d.ts +1 -1
- package/dist/types/routes/management-api/branding.d.ts +3 -3
- package/dist/types/routes/management-api/clients.d.ts +6 -6
- package/dist/types/routes/management-api/connections.d.ts +16 -16
- package/dist/types/routes/management-api/forms.d.ts +126 -126
- package/dist/types/routes/management-api/index.d.ts +162 -162
- package/dist/types/routes/management-api/logs.d.ts +3 -3
- package/dist/types/routes/management-api/prompts.d.ts +4 -4
- package/dist/types/routes/management-api/tenant-operations.d.ts +128 -0
- package/dist/types/routes/management-api/tenants.d.ts +37 -28
- package/dist/types/routes/management-api/users.d.ts +2 -2
- package/dist/types/routes/universal-login/common.d.ts +6 -6
- package/dist/types/routes/universal-login/continue.d.ts +2 -2
- package/dist/types/routes/universal-login/flow-api.d.ts +12 -12
- package/dist/types/routes/universal-login/identifier.d.ts +4 -4
- package/dist/types/routes/universal-login/impersonate.d.ts +2 -2
- package/dist/types/routes/universal-login/index.d.ts +8 -8
- package/dist/types/routes/universal-login/u2-index.d.ts +2 -2
- package/dist/types/routes/universal-login/u2-routes.d.ts +2 -2
- package/dist/types/types/AuthHeroConfig.d.ts +35 -9
- package/dist/types/types/Bindings.d.ts +2 -1
- package/dist/types/utils/username-password-provider.d.ts +19 -5
- package/package.json +5 -5
- package/dist/stats.html +0 -4949
|
@@ -27,7 +27,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
27
27
|
};
|
|
28
28
|
output: {};
|
|
29
29
|
outputFormat: string;
|
|
30
|
-
status:
|
|
30
|
+
status: 400;
|
|
31
31
|
} | {
|
|
32
32
|
input: {
|
|
33
33
|
query: {
|
|
@@ -36,7 +36,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
36
36
|
};
|
|
37
37
|
output: {};
|
|
38
38
|
outputFormat: string;
|
|
39
|
-
status:
|
|
39
|
+
status: 302;
|
|
40
40
|
} | {
|
|
41
41
|
input: {
|
|
42
42
|
query: {
|
|
@@ -165,7 +165,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
165
165
|
};
|
|
166
166
|
output: {};
|
|
167
167
|
outputFormat: string;
|
|
168
|
-
status:
|
|
168
|
+
status: 400;
|
|
169
169
|
} | {
|
|
170
170
|
input: {
|
|
171
171
|
query: {
|
|
@@ -178,7 +178,7 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
178
178
|
};
|
|
179
179
|
output: {};
|
|
180
180
|
outputFormat: string;
|
|
181
|
-
status:
|
|
181
|
+
status: 302;
|
|
182
182
|
};
|
|
183
183
|
};
|
|
184
184
|
}, "/impersonate"> & import("hono/types").MergeSchemaPath<{
|
|
@@ -515,12 +515,12 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
515
515
|
} & {
|
|
516
516
|
form: {
|
|
517
517
|
username: string;
|
|
518
|
-
login_selection?: "
|
|
518
|
+
login_selection?: "password" | "code" | undefined;
|
|
519
519
|
};
|
|
520
520
|
};
|
|
521
521
|
output: {};
|
|
522
522
|
outputFormat: string;
|
|
523
|
-
status:
|
|
523
|
+
status: 400;
|
|
524
524
|
} | {
|
|
525
525
|
input: {
|
|
526
526
|
query: {
|
|
@@ -529,12 +529,12 @@ export default function create(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
529
529
|
} & {
|
|
530
530
|
form: {
|
|
531
531
|
username: string;
|
|
532
|
-
login_selection?: "
|
|
532
|
+
login_selection?: "password" | "code" | undefined;
|
|
533
533
|
};
|
|
534
534
|
};
|
|
535
535
|
output: {};
|
|
536
536
|
outputFormat: string;
|
|
537
|
-
status:
|
|
537
|
+
status: 302;
|
|
538
538
|
};
|
|
539
539
|
};
|
|
540
540
|
}, "/login/identifier"> & import("hono/types").MergeSchemaPath<{
|
|
@@ -193,7 +193,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
193
193
|
};
|
|
194
194
|
output: {};
|
|
195
195
|
outputFormat: string;
|
|
196
|
-
status:
|
|
196
|
+
status: 400;
|
|
197
197
|
} | {
|
|
198
198
|
input: {
|
|
199
199
|
param: {
|
|
@@ -209,7 +209,7 @@ export default function createU2App(config: AuthHeroConfig): OpenAPIHono<{
|
|
|
209
209
|
};
|
|
210
210
|
output: {};
|
|
211
211
|
outputFormat: string;
|
|
212
|
-
status:
|
|
212
|
+
status: 302;
|
|
213
213
|
};
|
|
214
214
|
};
|
|
215
215
|
} & {
|
|
@@ -198,7 +198,7 @@ export declare const u2Routes: OpenAPIHono<{
|
|
|
198
198
|
};
|
|
199
199
|
output: {};
|
|
200
200
|
outputFormat: string;
|
|
201
|
-
status:
|
|
201
|
+
status: 400;
|
|
202
202
|
} | {
|
|
203
203
|
input: {
|
|
204
204
|
param: {
|
|
@@ -214,7 +214,7 @@ export declare const u2Routes: OpenAPIHono<{
|
|
|
214
214
|
};
|
|
215
215
|
output: {};
|
|
216
216
|
outputFormat: string;
|
|
217
|
-
status:
|
|
217
|
+
status: 302;
|
|
218
218
|
};
|
|
219
219
|
};
|
|
220
220
|
} & {
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { CodeExecutor, Connection, ConnectionInsert, CreateTenantParams, DataAdapters, Hook, ResourceServer, ResourceServerInsert, Role, RoleInsert, Tenant } from "@authhero/adapter-interfaces";
|
|
1
|
+
import { CodeExecutor, Connection, ConnectionInsert, CreateTenantParams, DataAdapters, Hook, ResourceServer, ResourceServerInsert, Role, RoleInsert, Tenant, TenantOperation, TenantOperationKind } from "@authhero/adapter-interfaces";
|
|
2
2
|
import type { RolePermissionHooks, Hooks } from "./Hooks";
|
|
3
3
|
import type { SamlSigner } from "@authhero/saml/core";
|
|
4
4
|
import type { OpenAPIHono } from "@hono/zod-openapi";
|
|
@@ -99,6 +99,21 @@ export interface ManagementApiExtension {
|
|
|
99
99
|
*/
|
|
100
100
|
router: OpenAPIHono<any, any, any>;
|
|
101
101
|
}
|
|
102
|
+
/**
|
|
103
|
+
* Enqueues a durable tenant lifecycle operation (issue #1026): creates
|
|
104
|
+
* the `tenant_operations` row and starts execution on the configured
|
|
105
|
+
* engine. The inline engine resolves with a terminal row; durable engines
|
|
106
|
+
* resolve as soon as the run is enqueued — clients poll
|
|
107
|
+
* `GET /api/v2/operations/{id}`.
|
|
108
|
+
*/
|
|
109
|
+
export interface TenantOperationExecutorBinding {
|
|
110
|
+
engine: string;
|
|
111
|
+
enqueue(params: {
|
|
112
|
+
kind: TenantOperationKind;
|
|
113
|
+
tenant_id: string | null;
|
|
114
|
+
initiated_by?: string;
|
|
115
|
+
}): Promise<TenantOperation>;
|
|
116
|
+
}
|
|
102
117
|
/**
|
|
103
118
|
* Configuration for the transactional outbox pattern.
|
|
104
119
|
* When enabled, audit events are written atomically with entity mutations
|
|
@@ -146,11 +161,11 @@ export type UserLinkingModeOption = UserLinkingMode | UserLinkingModeResolver;
|
|
|
146
161
|
/**
|
|
147
162
|
* Resolver for the per-tenant username/password provider value.
|
|
148
163
|
*
|
|
149
|
-
* The native database provider has historically been written as `"auth2"
|
|
150
|
-
*
|
|
151
|
-
*
|
|
152
|
-
*
|
|
153
|
-
*
|
|
164
|
+
* The native database provider has historically been written as `"auth2"`;
|
|
165
|
+
* new rows now default to `"auth0"`. Returning `"auth2"` for selected
|
|
166
|
+
* tenants pins them on the legacy value during a staged cutover. Reads
|
|
167
|
+
* always accept both values, so existing `auth2|*` rows keep resolving
|
|
168
|
+
* during and after the cutover.
|
|
154
169
|
*
|
|
155
170
|
* TRANSITIONAL: this resolver and the dual-read fallback can be removed
|
|
156
171
|
* once every tenant has been migrated to a single value.
|
|
@@ -380,6 +395,16 @@ export interface AuthHeroConfig {
|
|
|
380
395
|
* ```
|
|
381
396
|
*/
|
|
382
397
|
tenantUpgrade?: (tenantId: string) => Promise<void>;
|
|
398
|
+
/**
|
|
399
|
+
* Optional executor for durable tenant lifecycle operations (issue
|
|
400
|
+
* #1026). When set together with the `tenantOperations` /
|
|
401
|
+
* `tenantOperationEvents` adapters, `POST /api/v2/tenants/{id}/operations`
|
|
402
|
+
* enqueues operations through it. Kept structural so authhero core
|
|
403
|
+
* depends on neither `@authhero/multi-tenancy` nor any engine —
|
|
404
|
+
* `@authhero/multi-tenancy`'s `enqueueTenantOperation` + executors
|
|
405
|
+
* satisfy this shape.
|
|
406
|
+
*/
|
|
407
|
+
tenantOperationExecutor?: TenantOperationExecutorBinding;
|
|
383
408
|
/**
|
|
384
409
|
* Optional powered-by logo to display at the bottom left of the login widget.
|
|
385
410
|
* This is only configurable in code, not stored in the database.
|
|
@@ -489,11 +514,12 @@ export interface AuthHeroConfig {
|
|
|
489
514
|
userLinkingMode?: UserLinkingModeOption;
|
|
490
515
|
/**
|
|
491
516
|
* Per-tenant override for the username/password provider value used on
|
|
492
|
-
* NEW user rows.
|
|
493
|
-
* password resets, etc.
|
|
517
|
+
* NEW user rows. Omit to write `"auth0"` for every tenant — new signups,
|
|
518
|
+
* password resets, etc. use the `auth0|*` user_id format. Existing
|
|
494
519
|
* `auth2|*` rows keep working — reads accept either value.
|
|
495
520
|
*
|
|
496
|
-
*
|
|
521
|
+
* Returning `"auth2"` pins a tenant on the legacy value during a staged
|
|
522
|
+
* cutover.
|
|
497
523
|
*
|
|
498
524
|
* TRANSITIONAL: this hook and the dual-read fallback in the password
|
|
499
525
|
* flows can be removed once all tenants have been backfilled.
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { CodeExecutor, DataAdapters } from "@authhero/adapter-interfaces";
|
|
2
2
|
import type { SamlSigner } from "@authhero/saml/core";
|
|
3
3
|
import { Hooks } from "./Hooks";
|
|
4
|
-
import { EntityHooksConfig, OutboxConfig, SigningKeyModeOption, UserLinkingModeOption, UsernamePasswordProviderResolver, WebhookInvoker } from "./AuthHeroConfig";
|
|
4
|
+
import { EntityHooksConfig, OutboxConfig, SigningKeyModeOption, TenantOperationExecutorBinding, UserLinkingModeOption, UsernamePasswordProviderResolver, WebhookInvoker } from "./AuthHeroConfig";
|
|
5
5
|
import { StrategyHandler } from "../strategies";
|
|
6
6
|
export type Bindings = {
|
|
7
7
|
ENVIRONMENT: string;
|
|
@@ -34,6 +34,7 @@ export type Bindings = {
|
|
|
34
34
|
codeExecutor?: CodeExecutor;
|
|
35
35
|
webhookInvoker?: WebhookInvoker;
|
|
36
36
|
tenantUpgrade?: (tenantId: string) => Promise<void>;
|
|
37
|
+
tenantOperationExecutor?: TenantOperationExecutorBinding;
|
|
37
38
|
outbox?: OutboxConfig;
|
|
38
39
|
userLinkingMode?: UserLinkingModeOption;
|
|
39
40
|
usernamePasswordProvider?: UsernamePasswordProviderResolver;
|
|
@@ -6,15 +6,15 @@ import { EnrichedClient } from "../helpers/client";
|
|
|
6
6
|
* TRANSITIONAL helpers for the auth2 → auth0 provider migration.
|
|
7
7
|
*
|
|
8
8
|
* Historically every native database user has been stored with
|
|
9
|
-
* `provider = "auth2"` and `user_id = "auth2|<id>"`.
|
|
10
|
-
* `"auth0"` provider value
|
|
11
|
-
* `init({ usernamePasswordProvider })`
|
|
12
|
-
*
|
|
9
|
+
* `provider = "auth2"` and `user_id = "auth2|<id>"`. New rows are now
|
|
10
|
+
* written with the `"auth0"` provider value everywhere; the
|
|
11
|
+
* `init({ usernamePasswordProvider })` resolver only exists to pin a
|
|
12
|
+
* tenant back onto `"auth2"` during a staged cutover.
|
|
13
13
|
*
|
|
14
14
|
* Two surfaces are exposed:
|
|
15
15
|
*
|
|
16
16
|
* - {@link resolveUsernamePasswordProvider} — used at WRITE sites to pick
|
|
17
|
-
* the value to stamp on a new row. Defaults to `"
|
|
17
|
+
* the value to stamp on a new row. Defaults to `"auth0"`.
|
|
18
18
|
* - {@link isUsernamePasswordProvider} / {@link getUsernamePasswordUser} /
|
|
19
19
|
* {@link getPrimaryUsernamePasswordUser} — used at READ sites to match
|
|
20
20
|
* existing rows under EITHER value, so a tenant can have a mix of
|
|
@@ -25,7 +25,21 @@ import { EnrichedClient } from "../helpers/client";
|
|
|
25
25
|
*/
|
|
26
26
|
declare const LEGACY_PROVIDER = "auth2";
|
|
27
27
|
declare const TARGET_PROVIDER = "auth0";
|
|
28
|
+
/**
|
|
29
|
+
* True when a connection's `strategy` field marks it as a native database
|
|
30
|
+
* (username/password) connection. Legacy tenants persist the provider
|
|
31
|
+
* literal ("auth2") in the strategy field instead of the canonical Auth0
|
|
32
|
+
* strategy name, and either provider literal must never leak into new
|
|
33
|
+
* user rows as the provider — write sites go through
|
|
34
|
+
* {@link resolveUsernamePasswordProvider} instead.
|
|
35
|
+
*/
|
|
36
|
+
export declare function isDatabaseConnectionStrategy(strategy: string | undefined | null): boolean;
|
|
28
37
|
export type UsernamePasswordProviderValue = typeof LEGACY_PROVIDER | typeof TARGET_PROVIDER;
|
|
38
|
+
/**
|
|
39
|
+
* Both native database provider values, legacy first — for read sites
|
|
40
|
+
* that need to enumerate rather than predicate-match.
|
|
41
|
+
*/
|
|
42
|
+
export declare const USERNAME_PASSWORD_PROVIDERS: readonly UsernamePasswordProviderValue[];
|
|
29
43
|
export declare function resolveUsernamePasswordProvider(env: Bindings, tenant_id: string): Promise<UsernamePasswordProviderValue>;
|
|
30
44
|
export declare function isUsernamePasswordProvider(provider: string | undefined | null): boolean;
|
|
31
45
|
interface DualReadParams {
|
package/package.json
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
"type": "git",
|
|
12
12
|
"url": "https://github.com/markusahlstrand/authhero"
|
|
13
13
|
},
|
|
14
|
-
"version": "8.
|
|
14
|
+
"version": "8.16.0",
|
|
15
15
|
"files": [
|
|
16
16
|
"dist"
|
|
17
17
|
],
|
|
@@ -63,8 +63,8 @@
|
|
|
63
63
|
"vite": "^8.0.14",
|
|
64
64
|
"vite-plugin-dts": "^4.5.4",
|
|
65
65
|
"vitest": "^4.1.7",
|
|
66
|
-
"@authhero/
|
|
67
|
-
"@authhero/
|
|
66
|
+
"@authhero/kysely-adapter": "11.13.1",
|
|
67
|
+
"@authhero/widget": "0.34.7"
|
|
68
68
|
},
|
|
69
69
|
"dependencies": {
|
|
70
70
|
"@peculiar/x509": "^1.14.0",
|
|
@@ -82,8 +82,8 @@
|
|
|
82
82
|
"qrcode": "^1.5.4",
|
|
83
83
|
"sanitize-html": "^2.17.4",
|
|
84
84
|
"xstate": "^5.31.1",
|
|
85
|
-
"@authhero/adapter-interfaces": "3.
|
|
86
|
-
"@authhero/proxy": "0.8.
|
|
85
|
+
"@authhero/adapter-interfaces": "3.7.0",
|
|
86
|
+
"@authhero/proxy": "0.8.3",
|
|
87
87
|
"@authhero/saml": "0.4.2"
|
|
88
88
|
},
|
|
89
89
|
"peerDependencies": {
|