authhero 8.7.2 → 8.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -50,7 +50,7 @@ export declare const promptsRoutes: OpenAPIHono<{
50
50
  };
51
51
  };
52
52
  output: {
53
- prompt: "mfa" | "organizations" | "signup" | "status" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
53
+ prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
54
54
  language: string;
55
55
  }[];
56
56
  outputFormat: "json";
@@ -88,7 +88,7 @@ export declare const promptsRoutes: OpenAPIHono<{
88
88
  $get: {
89
89
  input: {
90
90
  param: {
91
- prompt: "mfa" | "organizations" | "signup" | "status" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
91
+ prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
92
92
  language: string;
93
93
  };
94
94
  } & {
@@ -110,7 +110,7 @@ export declare const promptsRoutes: OpenAPIHono<{
110
110
  $put: {
111
111
  input: {
112
112
  param: {
113
- prompt: "mfa" | "organizations" | "signup" | "status" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
113
+ prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
114
114
  language: string;
115
115
  };
116
116
  } & {
@@ -134,7 +134,7 @@ export declare const promptsRoutes: OpenAPIHono<{
134
134
  $delete: {
135
135
  input: {
136
136
  param: {
137
- prompt: "mfa" | "organizations" | "signup" | "status" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
137
+ prompt: "status" | "mfa" | "organizations" | "signup" | "common" | "consent" | "device-flow" | "email-otp-challenge" | "email-verification" | "invitation" | "login" | "login-id" | "login-password" | "login-passwordless" | "mfa-email" | "mfa-otp" | "mfa-phone" | "mfa-login-options" | "mfa-push" | "mfa-recovery-code" | "mfa-voice" | "mfa-webauthn" | "passkeys" | "reset-password" | "signup-id" | "signup-password" | "captcha" | "custom-form";
138
138
  language: string;
139
139
  };
140
140
  } & {
@@ -128,6 +128,7 @@ export declare const tenantRoutes: OpenAPIHono<{
128
128
  provisioning_state_changed_at?: string | undefined;
129
129
  bundle_configuration?: string | undefined;
130
130
  worker_version?: string | undefined;
131
+ database_version?: string | undefined;
131
132
  worker_script_name?: string | undefined;
132
133
  storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
133
134
  d1_database_id?: string | undefined;
@@ -210,6 +211,11 @@ export declare const tenantRoutes: OpenAPIHono<{
210
211
  } & {
211
212
  json: {
212
213
  id?: string | undefined;
214
+ allowed_logout_urls?: string[] | undefined;
215
+ oidc_logout?: {
216
+ rp_logout_end_session_endpoint_discovery?: boolean | undefined;
217
+ } | undefined;
218
+ default_organization?: string | undefined;
213
219
  audience?: string | undefined;
214
220
  friendly_name?: string | undefined;
215
221
  picture_url?: string | undefined;
@@ -224,7 +230,6 @@ export declare const tenantRoutes: OpenAPIHono<{
224
230
  session_cookie?: {
225
231
  mode?: "persistent" | "non-persistent" | undefined;
226
232
  } | undefined;
227
- allowed_logout_urls?: string[] | undefined;
228
233
  default_redirection_uri?: string | undefined;
229
234
  default_client_id?: string | undefined;
230
235
  enabled_locales?: string[] | undefined;
@@ -298,13 +303,9 @@ export declare const tenantRoutes: OpenAPIHono<{
298
303
  } | undefined;
299
304
  } | null | undefined;
300
305
  default_audience?: string | undefined;
301
- default_organization?: string | undefined;
302
306
  sessions?: {
303
307
  oidc_logout_prompt_enabled?: boolean | undefined;
304
308
  } | undefined;
305
- oidc_logout?: {
306
- rp_logout_end_session_endpoint_discovery?: boolean | undefined;
307
- } | undefined;
308
309
  allow_organization_name_in_authentication_api?: boolean | undefined;
309
310
  customize_mfa_in_postlogin_action?: boolean | undefined;
310
311
  acr_values_supported?: string[] | undefined;
@@ -504,6 +505,209 @@ export declare const tenantRoutes: OpenAPIHono<{
504
505
  provisioning_state_changed_at?: string | undefined;
505
506
  bundle_configuration?: string | undefined;
506
507
  worker_version?: string | undefined;
508
+ database_version?: string | undefined;
509
+ worker_script_name?: string | undefined;
510
+ storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
511
+ d1_database_id?: string | undefined;
512
+ attack_protection?: {
513
+ breached_password_detection?: {
514
+ enabled?: boolean | undefined;
515
+ shields?: string[] | undefined;
516
+ admin_notification_frequency?: string[] | undefined;
517
+ method?: string | undefined;
518
+ stage?: {
519
+ "pre-user-registration"?: {
520
+ shields?: string[] | undefined;
521
+ } | undefined;
522
+ "pre-change-password"?: {
523
+ shields?: string[] | undefined;
524
+ } | undefined;
525
+ } | undefined;
526
+ } | undefined;
527
+ brute_force_protection?: {
528
+ enabled?: boolean | undefined;
529
+ shields?: string[] | undefined;
530
+ allowlist?: string[] | undefined;
531
+ mode?: string | undefined;
532
+ max_attempts?: number | undefined;
533
+ } | undefined;
534
+ suspicious_ip_throttling?: {
535
+ enabled?: boolean | undefined;
536
+ shields?: string[] | undefined;
537
+ allowlist?: string[] | undefined;
538
+ stage?: {
539
+ "pre-login"?: {
540
+ max_attempts?: number | undefined;
541
+ rate?: number | undefined;
542
+ } | undefined;
543
+ "pre-user-registration"?: {
544
+ max_attempts?: number | undefined;
545
+ rate?: number | undefined;
546
+ } | undefined;
547
+ } | undefined;
548
+ } | undefined;
549
+ } | undefined;
550
+ mfa?: {
551
+ policy?: "never" | "always" | undefined;
552
+ factors?: {
553
+ sms: boolean;
554
+ otp: boolean;
555
+ email: boolean;
556
+ push_notification: boolean;
557
+ webauthn_roaming: boolean;
558
+ webauthn_platform: boolean;
559
+ recovery_code: boolean;
560
+ duo: boolean;
561
+ } | undefined;
562
+ sms_provider?: {
563
+ provider?: "twilio" | "vonage" | "aws_sns" | "phone_message_hook" | undefined;
564
+ } | undefined;
565
+ twilio?: {
566
+ sid?: string | undefined;
567
+ auth_token?: string | undefined;
568
+ from?: string | undefined;
569
+ messaging_service_sid?: string | undefined;
570
+ } | undefined;
571
+ phone_message?: {
572
+ message?: string | undefined;
573
+ } | undefined;
574
+ } | undefined;
575
+ is_control_plane?: boolean | undefined;
576
+ };
577
+ outputFormat: "json";
578
+ status: 200;
579
+ };
580
+ };
581
+ } & {
582
+ "/:id/redeploy": {
583
+ $post: {
584
+ input: {
585
+ param: {
586
+ id: string;
587
+ };
588
+ } & {
589
+ header: {
590
+ "tenant-id"?: string | undefined;
591
+ };
592
+ };
593
+ output: {
594
+ created_at: string;
595
+ updated_at: string;
596
+ friendly_name: string;
597
+ id: string;
598
+ audience?: string | undefined;
599
+ picture_url?: string | undefined;
600
+ support_email?: string | undefined;
601
+ support_url?: string | undefined;
602
+ sender_email?: string | undefined;
603
+ sender_name?: string | undefined;
604
+ session_lifetime?: number | undefined;
605
+ idle_session_lifetime?: number | undefined;
606
+ ephemeral_session_lifetime?: number | undefined;
607
+ idle_ephemeral_session_lifetime?: number | undefined;
608
+ session_cookie?: {
609
+ mode?: "persistent" | "non-persistent" | undefined;
610
+ } | undefined;
611
+ allowed_logout_urls?: string[] | undefined;
612
+ default_redirection_uri?: string | undefined;
613
+ default_client_id?: string | undefined;
614
+ enabled_locales?: string[] | undefined;
615
+ default_directory?: string | undefined;
616
+ error_page?: {
617
+ html?: string | undefined;
618
+ show_log_link?: boolean | undefined;
619
+ url?: string | undefined;
620
+ } | null | undefined;
621
+ flags?: {
622
+ allow_changing_enable_sso?: boolean | undefined;
623
+ allow_legacy_delegation_grant_types?: boolean | undefined;
624
+ allow_legacy_ro_grant_types?: boolean | undefined;
625
+ allow_legacy_tokeninfo_endpoint?: boolean | undefined;
626
+ change_pwd_flow_v1?: boolean | undefined;
627
+ client_id_metadata_document_registration?: boolean | undefined;
628
+ custom_domains_provisioning?: boolean | undefined;
629
+ dashboard_insights_view?: boolean | undefined;
630
+ dashboard_log_streams_next?: boolean | undefined;
631
+ disable_clickjack_protection_headers?: boolean | undefined;
632
+ disable_fields_map_fix?: boolean | undefined;
633
+ disable_impersonation?: boolean | undefined;
634
+ disable_management_api_sms_obfuscation?: boolean | undefined;
635
+ enable_adfs_waad_email_verification?: boolean | undefined;
636
+ enable_apis_section?: boolean | undefined;
637
+ enable_client_connections?: boolean | undefined;
638
+ enable_custom_domain_in_emails?: boolean | undefined;
639
+ enable_dynamic_client_registration?: boolean | undefined;
640
+ dcr_require_initial_access_token?: boolean | undefined;
641
+ dcr_allowed_grant_types?: string[] | undefined;
642
+ allow_http_return_to?: string[] | undefined;
643
+ enable_idtoken_api2?: boolean | undefined;
644
+ enable_legacy_logs_search_v2?: boolean | undefined;
645
+ enable_legacy_profile?: boolean | undefined;
646
+ enable_pipeline2?: boolean | undefined;
647
+ enable_public_signup_user_exists_error?: boolean | undefined;
648
+ enable_sso?: boolean | undefined;
649
+ enforce_client_authentication_on_passwordless_start?: boolean | undefined;
650
+ genai_trial?: boolean | undefined;
651
+ improved_signup_bot_detection_in_classic?: boolean | undefined;
652
+ mfa_show_factor_list_on_enrollment?: boolean | undefined;
653
+ no_disclose_enterprise_connections?: boolean | undefined;
654
+ remove_alg_from_jwks?: boolean | undefined;
655
+ revoke_refresh_token_grant?: boolean | undefined;
656
+ trust_azure_adfs_email_verified_connection_property?: boolean | undefined;
657
+ use_scope_descriptions_for_consent?: boolean | undefined;
658
+ inherit_global_permissions_in_organizations?: boolean | undefined;
659
+ restrict_undefined_scopes?: boolean | undefined;
660
+ } | undefined;
661
+ sandbox_version?: string | undefined;
662
+ legacy_sandbox_version?: string | undefined;
663
+ sandbox_versions_available?: string[] | undefined;
664
+ change_password?: {
665
+ enabled?: boolean | undefined;
666
+ html?: string | undefined;
667
+ } | undefined;
668
+ guardian_mfa_page?: {
669
+ enabled?: boolean | undefined;
670
+ html?: string | undefined;
671
+ } | undefined;
672
+ device_flow?: {
673
+ charset?: "base20" | "digits" | undefined;
674
+ mask?: string | undefined;
675
+ } | undefined;
676
+ default_token_quota?: {
677
+ clients?: {
678
+ client_credentials?: {
679
+ [x: string]: any;
680
+ } | undefined;
681
+ } | undefined;
682
+ organizations?: {
683
+ client_credentials?: {
684
+ [x: string]: any;
685
+ } | undefined;
686
+ } | undefined;
687
+ } | null | undefined;
688
+ default_audience?: string | undefined;
689
+ default_organization?: string | undefined;
690
+ sessions?: {
691
+ oidc_logout_prompt_enabled?: boolean | undefined;
692
+ } | undefined;
693
+ oidc_logout?: {
694
+ rp_logout_end_session_endpoint_discovery?: boolean | undefined;
695
+ } | undefined;
696
+ allow_organization_name_in_authentication_api?: boolean | undefined;
697
+ customize_mfa_in_postlogin_action?: boolean | undefined;
698
+ acr_values_supported?: string[] | undefined;
699
+ mtls?: {
700
+ enable_endpoint_aliases?: boolean | undefined;
701
+ } | null | undefined;
702
+ pushed_authorization_requests_supported?: boolean | undefined;
703
+ authorization_response_iss_parameter_supported?: boolean | undefined;
704
+ deployment_type?: "shared" | "wfp" | undefined;
705
+ provisioning_state?: "pending" | "ready" | "failed" | undefined;
706
+ provisioning_error?: string | undefined;
707
+ provisioning_state_changed_at?: string | undefined;
708
+ bundle_configuration?: string | undefined;
709
+ worker_version?: string | undefined;
710
+ database_version?: string | undefined;
507
711
  worker_script_name?: string | undefined;
508
712
  storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
509
713
  d1_database_id?: string | undefined;
@@ -737,7 +737,7 @@ export declare const userRoutes: OpenAPIHono<{
737
737
  };
738
738
  };
739
739
  output: {
740
- type: "fn" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
740
+ type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
741
741
  date: string;
742
742
  isMobile: boolean;
743
743
  log_id: string;
@@ -776,7 +776,7 @@ export declare const userRoutes: OpenAPIHono<{
776
776
  limit: number;
777
777
  length: number;
778
778
  logs: {
779
- type: "fn" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fc" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fd" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "i" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
779
+ type: "fc" | "fd" | "fn" | "i" | "sapi" | "acls_summary" | "actions_execution_failed" | "api_limit" | "api_limit_warning" | "appi" | "ciba_exchange_failed" | "ciba_exchange_succeeded" | "ciba_start_failed" | "ciba_start_succeeded" | "cls" | "cs" | "depnote" | "f" | "fce" | "fco" | "fcoa" | "fcp" | "fcph" | "fcpn" | "fcpr" | "fcpro" | "fcu" | "fdeac" | "fdeaz" | "fdecc" | "fdu" | "feacft" | "feccft" | "fecte" | "fede" | "federated_logout_failed" | "fens" | "feoobft" | "feotpft" | "fepft" | "fepotpft" | "fercft" | "ferrt" | "fertft" | "festft" | "fh" | "fimp" | "fi" | "flo" | "flows_execution_completed" | "flows_execution_failed" | "forms_submission_failed" | "forms_submission_succeeded" | "fp" | "fpar" | "fpurh" | "fs" | "fsa" | "fu" | "fui" | "fv" | "fvr" | "gd_auth_email_verification" | "gd_auth_fail_email_verification" | "gd_auth_failed" | "gd_auth_rejected" | "gd_auth_succeed" | "gd_enrollment_complete" | "gd_otp_rate_limit_exceed" | "gd_recovery_failed" | "gd_recovery_rate_limit_exceed" | "gd_recovery_succeed" | "gd_send_email" | "gd_send_email_verification" | "gd_send_email_verification_failure" | "gd_send_pn" | "gd_send_pn_failure" | "gd_send_sms" | "gd_send_sms_failure" | "gd_send_voice" | "gd_send_voice_failure" | "gd_start_auth" | "gd_start_enroll" | "gd_start_enroll_failed" | "gd_tenant_update" | "gd_unenroll" | "gd_update_device_account" | "gd_webauthn_challenge_failed" | "gd_webauthn_enrollment_failed" | "kms_key_management_failure" | "kms_key_management_success" | "kms_key_state_changed" | "limit_delegation" | "limit_mu" | "limit_sul" | "limit_wc" | "mfar" | "mgmt_api_read" | "my_account_authentication_method_failed" | "my_account_authentication_method_succeeded" | "oidc_backchannel_logout_failed" | "oidc_backchannel_logout_succeeded" | "organization_member_added" | "passkey_challenge_failed" | "passkey_challenge_started" | "pla" | "pwd_leak" | "reset_pwd_leak" | "resource_cleanup" | "rich_consents_access_error" | "s" | "fapi" | "sce" | "scoa" | "scp" | "scpn" | "scpr" | "scu" | "scv" | "sd" | "sdu" | "seacft" | "seccft" | "secte" | "sede" | "sens" | "seoobft" | "seotpft" | "sepotpft" | "sepft" | "sepkoobft" | "sepkotpft" | "sepkrcft" | "sercft" | "sertft" | "sestft" | "simp" | "si" | "signup_pwd_leak" | "slo" | "sh" | "spm" | "srrt" | "ss" | "ss_sso_failure" | "ss_sso_info" | "ss_sso_success" | "ssa" | "sscim" | "sui" | "sv" | "svr" | "too_many_records" | "ublkdu" | "universal_logout_failed" | "universal_logout_succeeded" | "w" | "wn" | "wum";
780
780
  date: string;
781
781
  isMobile: boolean;
782
782
  log_id: string;
@@ -229,6 +229,7 @@ export declare function initJSXRoute(ctx: Context<{
229
229
  provisioning_state_changed_at?: string | undefined;
230
230
  bundle_configuration?: string | undefined;
231
231
  worker_version?: string | undefined;
232
+ database_version?: string | undefined;
232
233
  worker_script_name?: string | undefined;
233
234
  storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
234
235
  d1_database_id?: string | undefined;
@@ -588,6 +589,7 @@ export declare function initJSXRoute(ctx: Context<{
588
589
  provisioning_state_changed_at?: string | undefined;
589
590
  bundle_configuration?: string | undefined;
590
591
  worker_version?: string | undefined;
592
+ database_version?: string | undefined;
591
593
  worker_script_name?: string | undefined;
592
594
  storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
593
595
  d1_database_id?: string | undefined;
@@ -948,6 +950,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
948
950
  provisioning_state_changed_at?: string | undefined;
949
951
  bundle_configuration?: string | undefined;
950
952
  worker_version?: string | undefined;
953
+ database_version?: string | undefined;
951
954
  worker_script_name?: string | undefined;
952
955
  storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
953
956
  d1_database_id?: string | undefined;
@@ -1375,6 +1378,7 @@ export declare function initJSXRouteWithSession(ctx: Context<{
1375
1378
  provisioning_state_changed_at?: string | undefined;
1376
1379
  bundle_configuration?: string | undefined;
1377
1380
  worker_version?: string | undefined;
1381
+ database_version?: string | undefined;
1378
1382
  worker_script_name?: string | undefined;
1379
1383
  storage_kind?: "own_d1" | "existing_d1" | "shared_planetscale" | undefined;
1380
1384
  d1_database_id?: string | undefined;
@@ -27,7 +27,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
27
27
  output: {
28
28
  screen: {
29
29
  action: string;
30
- method: "POST" | "GET";
30
+ method: "GET" | "POST";
31
31
  components: {
32
32
  id: string;
33
33
  type: string;
@@ -107,7 +107,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
107
107
  output: {
108
108
  screen: {
109
109
  action: string;
110
- method: "POST" | "GET";
110
+ method: "GET" | "POST";
111
111
  components: {
112
112
  id: string;
113
113
  type: string;
@@ -204,7 +204,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
204
204
  output: {
205
205
  screen: {
206
206
  action: string;
207
- method: "POST" | "GET";
207
+ method: "GET" | "POST";
208
208
  components: {
209
209
  id: string;
210
210
  type: string;
@@ -319,7 +319,7 @@ export declare const flowApiRoutes: OpenAPIHono<{
319
319
  output: {
320
320
  screen: {
321
321
  action: string;
322
- method: "POST" | "GET";
322
+ method: "GET" | "POST";
323
323
  components: {
324
324
  id: string;
325
325
  type: string;
@@ -359,6 +359,27 @@ export interface AuthHeroConfig {
359
359
  * ```
360
360
  */
361
361
  tenantDispatch?: MiddlewareHandler;
362
+ /**
363
+ * Optional handler that re-provisions (upgrades) an existing WFP tenant onto
364
+ * the control plane's current worker bundle + migrations. When set, the
365
+ * management API exposes `POST /api/v2/tenants/{id}/redeploy` (control-plane
366
+ * only), which invokes this handler and returns the refreshed tenant row with
367
+ * its updated `worker_version` / `bundle_configuration` / `database_version`.
368
+ *
369
+ * Kept as a generic `(tenantId) => Promise<void>` so authhero core carries no
370
+ * Cloudflare / dispatch-namespace dependency. Wire it to
371
+ * `@authhero/cloudflare-adapter`'s provisioning hook:
372
+ *
373
+ * @example
374
+ * ```typescript
375
+ * const hook = createWfpTenantProvisioningHook({ provisioner, tenants });
376
+ * const { app } = init({
377
+ * dataAdapter,
378
+ * tenantUpgrade: hook.onUpgrade,
379
+ * });
380
+ * ```
381
+ */
382
+ tenantUpgrade?: (tenantId: string) => Promise<void>;
362
383
  /**
363
384
  * Optional powered-by logo to display at the bottom left of the login widget.
364
385
  * This is only configurable in code, not stored in the database.
@@ -33,6 +33,7 @@ export type Bindings = {
33
33
  };
34
34
  codeExecutor?: CodeExecutor;
35
35
  webhookInvoker?: WebhookInvoker;
36
+ tenantUpgrade?: (tenantId: string) => Promise<void>;
36
37
  outbox?: OutboxConfig;
37
38
  userLinkingMode?: UserLinkingModeOption;
38
39
  usernamePasswordProvider?: UsernamePasswordProviderResolver;
@@ -20,11 +20,11 @@ export declare const idTokenSchema: z.ZodObject<{
20
20
  export declare const userInfoSchema: z.ZodObject<{
21
21
  name: z.ZodOptional<z.ZodString>;
22
22
  email: z.ZodOptional<z.ZodString>;
23
+ given_name: z.ZodOptional<z.ZodString>;
24
+ family_name: z.ZodOptional<z.ZodString>;
23
25
  iss: z.ZodString;
24
26
  sub: z.ZodString;
25
27
  aud: z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>;
26
28
  exp: z.ZodNumber;
27
- given_name: z.ZodOptional<z.ZodString>;
28
- family_name: z.ZodOptional<z.ZodString>;
29
29
  }, z.core.$loose>;
30
30
  export type IdToken = z.infer<typeof idTokenSchema>;
package/package.json CHANGED
@@ -11,7 +11,7 @@
11
11
  "type": "git",
12
12
  "url": "https://github.com/markusahlstrand/authhero"
13
13
  },
14
- "version": "8.7.2",
14
+ "version": "8.8.1",
15
15
  "files": [
16
16
  "dist"
17
17
  ],
@@ -63,8 +63,8 @@
63
63
  "vite": "^8.0.14",
64
64
  "vite-plugin-dts": "^4.5.4",
65
65
  "vitest": "^4.1.7",
66
- "@authhero/kysely-adapter": "11.8.11",
67
- "@authhero/widget": "0.34.1"
66
+ "@authhero/widget": "0.34.2",
67
+ "@authhero/kysely-adapter": "11.9.0"
68
68
  },
69
69
  "dependencies": {
70
70
  "@peculiar/x509": "^1.14.0",
@@ -82,8 +82,8 @@
82
82
  "qrcode": "^1.5.4",
83
83
  "sanitize-html": "^2.17.4",
84
84
  "xstate": "^5.31.1",
85
- "@authhero/adapter-interfaces": "3.2.0",
86
- "@authhero/proxy": "0.7.2",
85
+ "@authhero/proxy": "0.7.3",
86
+ "@authhero/adapter-interfaces": "3.3.0",
87
87
  "@authhero/saml": "0.4.2"
88
88
  },
89
89
  "peerDependencies": {