@clerk/types
Version:
Typings for Clerk libraries.
1,392 lines (1,358 loc) • 269 kB
TypeScript
import * as CSS from 'csstype';
/**
* An interface that represents an error returned by the Clerk API.
*/
interface ClerkAPIError {
/**
* A string code that represents the error, such as `username_exists_code`.
*/
code: string;
/**
* A message that describes the error.
*/
message: string;
/**
* A more detailed message that describes the error.
*/
longMessage?: string;
/**
* Additional information about the error.
*/
meta?: {
paramName?: string;
sessionId?: string;
emailAddresses?: string[];
identifiers?: string[];
zxcvbn?: {
suggestions: {
code: string;
message: string;
}[];
};
permissions?: string[];
};
}
interface ClerkRuntimeError {
code: string;
message: string;
}
type AlertId = 'danger' | 'warning';
type FieldId = 'firstName' | 'lastName' | 'name' | 'slug' | 'emailAddress' | 'phoneNumber' | 'currentPassword' | 'newPassword' | 'signOutOfOtherSessions' | 'passkeyName' | 'password' | 'confirmPassword' | 'identifier' | 'username' | 'code' | 'role' | 'deleteConfirmation' | 'deleteOrganizationConfirmation' | 'enrollmentMode' | 'affiliationEmailAddress' | 'deleteExistingInvitationsSuggestions' | 'legalAccepted';
type ProfileSectionId = 'profile' | 'username' | 'emailAddresses' | 'phoneNumbers' | 'connectedAccounts' | 'enterpriseAccounts' | 'web3Wallets' | 'password' | 'passkeys' | 'mfa' | 'danger' | 'activeDevices' | 'organizationProfile' | 'organizationDanger' | 'organizationDomains' | 'manageVerifiedDomains' | 'paymentSources';
type ProfilePageId = 'account' | 'security' | 'organizationGeneral' | 'organizationMembers' | 'billing';
type UserPreviewId = 'userButton' | 'personalWorkspace';
type OrganizationPreviewId = 'organizationSwitcherTrigger' | 'organizationList' | 'organizationSwitcherListedOrganization' | 'organizationSwitcherActiveOrganization';
type CardActionId = 'havingTrouble' | 'alternativeMethods' | 'signUp' | 'signIn' | 'usePasskey' | 'waitlist';
type MenuId = 'invitation' | 'member' | ProfileSectionId;
type SelectId = 'countryCode' | 'role' | 'paymentSource';
interface Web3ProviderData {
provider: Web3Provider;
strategy: Web3Strategy;
name: string;
}
type MetamaskWeb3Provider = 'metamask';
type CoinbaseWalletWeb3Provider = 'coinbase_wallet';
type OKXWalletWeb3Provider = 'okx_wallet';
type Web3Provider = MetamaskWeb3Provider | CoinbaseWalletWeb3Provider | OKXWalletWeb3Provider;
/**
* @deprecated Use `import { WEB3_PROVIDERS } from "@clerk/shared/web3"` instead.
*
* @hidden
*/
declare const WEB3_PROVIDERS: Web3ProviderData[];
interface getWeb3ProviderDataProps {
provider?: Web3Provider;
strategy?: Web3Strategy;
}
/**
* @deprecated This utility will be dropped in the next major release.
*
* @hidden
*/
declare function getWeb3ProviderData({ provider, strategy, }: getWeb3ProviderDataProps): Web3ProviderData | undefined | null;
type GoogleOneTapStrategy = 'google_one_tap';
type PasskeyStrategy = 'passkey';
type PasswordStrategy = 'password';
type PhoneCodeStrategy = 'phone_code';
type EmailCodeStrategy = 'email_code';
type EmailLinkStrategy = 'email_link';
type TicketStrategy = 'ticket';
type TOTPStrategy = 'totp';
type BackupCodeStrategy = 'backup_code';
type ResetPasswordPhoneCodeStrategy = 'reset_password_phone_code';
type ResetPasswordEmailCodeStrategy = 'reset_password_email_code';
type CustomOAuthStrategy = `oauth_custom_${string}`;
type EnterpriseSSOStrategy = 'enterprise_sso';
type OAuthStrategy = `oauth_${OAuthProvider}` | CustomOAuthStrategy;
type Web3Strategy = `web3_${Web3Provider}_signature`;
/**
* @deprecated Use `EnterpriseSSOStrategy` instead.
*/
type SamlStrategy = 'saml';
type OAuthScope = string;
interface OAuthProviderData {
provider: OAuthProvider;
strategy: OAuthStrategy;
name: string;
docsUrl: string;
}
type FacebookOauthProvider = 'facebook';
type GoogleOauthProvider = 'google';
type HubspotOauthProvider = 'hubspot';
type GithubOauthProvider = 'github';
type TiktokOauthProvider = 'tiktok';
type GitlabOauthProvider = 'gitlab';
type DiscordOauthProvider = 'discord';
type TwitterOauthProvider = 'twitter';
type TwitchOauthProvider = 'twitch';
type LinkedinOauthProvider = 'linkedin';
type LinkedinOIDCOauthProvider = 'linkedin_oidc';
type DropboxOauthProvider = 'dropbox';
type AtlassianOauthProvider = 'atlassian';
type BitbucketOauthProvider = 'bitbucket';
type MicrosoftOauthProvider = 'microsoft';
type NotionOauthProvider = 'notion';
type AppleOauthProvider = 'apple';
type LineOauthProvider = 'line';
type InstagramOauthProvider = 'instagram';
type CoinbaseOauthProvider = 'coinbase';
type SpotifyOauthProvider = 'spotify';
type XeroOauthProvider = 'xero';
type BoxOauthProvider = 'box';
type SlackOauthProvider = 'slack';
type LinearOauthProvider = 'linear';
type XOauthProvider = 'x';
type EnstallOauthProvider = 'enstall';
type HuggingfaceOAuthProvider = 'huggingface';
type CustomOauthProvider = `custom_${string}`;
type OAuthProvider = FacebookOauthProvider | GoogleOauthProvider | HubspotOauthProvider | GithubOauthProvider | TiktokOauthProvider | GitlabOauthProvider | DiscordOauthProvider | TwitterOauthProvider | TwitchOauthProvider | LinkedinOauthProvider | LinkedinOIDCOauthProvider | DropboxOauthProvider | AtlassianOauthProvider | BitbucketOauthProvider | MicrosoftOauthProvider | NotionOauthProvider | AppleOauthProvider | LineOauthProvider | InstagramOauthProvider | CoinbaseOauthProvider | SpotifyOauthProvider | XeroOauthProvider | BoxOauthProvider | SlackOauthProvider | LinearOauthProvider | XOauthProvider | EnstallOauthProvider | HuggingfaceOAuthProvider | CustomOauthProvider;
/**
* @deprecated Use `import { OAUTH_PROVIDERS } from "@clerk/shared/oauth"` instead.
*
* @hidden
*/
declare const OAUTH_PROVIDERS: OAuthProviderData[];
interface getOAuthProviderDataProps {
provider?: OAuthProvider;
strategy?: OAuthStrategy;
}
/**
* @deprecated This utility will be dropped in the next major release.
*
* @hidden
*/
declare function getOAuthProviderData({ provider, strategy, }: getOAuthProviderDataProps): OAuthProviderData | undefined | null;
/**
* @deprecated This utility will be dropped in the next major release.
*
* @hidden
*/
declare function sortedOAuthProviders(sortingArray: OAuthStrategy[]): OAuthProviderData[];
type ClerkResourceReloadParams = {
rotatingTokenNonce?: string;
};
/**
* Defines common properties and methods that all Clerk resources must implement.
*/
interface ClerkResource {
/**
* The unique identifier of the resource.
*/
readonly id?: string | undefined;
/**
* The root path of the resource.
*/
pathRoot: string;
/**
* Reload the resource and return the resource itself.
*/
reload(p?: ClerkResourceReloadParams): Promise<this>;
}
type SamlIdpSlug = 'saml_okta' | 'saml_google' | 'saml_microsoft' | 'saml_custom';
type SamlIdp = {
name: string;
logo: string;
};
type SamlIdpMap = Record<SamlIdpSlug, SamlIdp>;
declare const SAML_IDPS: SamlIdpMap;
interface DeletedObjectResource {
object: string;
id?: string;
slug?: string;
deleted: boolean;
}
/**
* Pagination params in request
*/
type ClerkPaginationRequest<T = object> = {
/**
* Maximum number of items returned per request.
*/
limit?: number;
/**
* This is the starting point for your fetched results.
*/
offset?: number;
} & T;
/**
* An interface that describes the response of a method that returns a paginated list of resources.
*
* > [!TIP]
* > Clerk's SDKs always use `Promise<ClerkPaginatedResponse<T>>`. If the promise resolves, you will get back the properties. If the promise is rejected, you will receive a `ClerkAPIResponseError` or network error.
*/
interface ClerkPaginatedResponse<T> {
/**
* An array that contains the fetched data.
*/
data: T[];
/**
* The total count of data that exist remotely.
*/
total_count: number;
}
/**
* @interface
*/
type ClerkPaginationParams<T = object> = {
/**
* A number that specifies which page to fetch. For example, if `initialPage` is set to `10`, it will skip the first 9 pages and fetch the 10th page.
* @default 1
*/
initialPage?: number;
/**
* A number that specifies the maximum number of results to return per page.
* @default 10
*/
pageSize?: number;
} & T;
type WithOptionalOrgType<T> = T & {
orgId?: string;
};
interface __experimental_CommerceNamespace {
__experimental_billing: __experimental_CommerceBillingNamespace;
getPaymentSources: (params: __experimental_GetPaymentSourcesParams) => Promise<ClerkPaginatedResponse<__experimental_CommercePaymentSourceResource>>;
initializePaymentSource: (params: __experimental_InitializePaymentSourceParams) => Promise<__experimental_CommerceInitializedPaymentSourceResource>;
addPaymentSource: (params: __experimental_AddPaymentSourceParams) => Promise<__experimental_CommercePaymentSourceResource>;
}
interface __experimental_CommerceBillingNamespace {
getPlans: () => Promise<__experimental_CommercePlanResource[]>;
getSubscriptions: (params: __experimental_GetSubscriptionsParams) => Promise<ClerkPaginatedResponse<__experimental_CommerceSubscriptionResource>>;
getInvoices: (params: __experimental_GetInvoicesParams) => Promise<ClerkPaginatedResponse<__experimental_CommerceInvoiceResource>>;
startCheckout: (params: __experimental_CreateCheckoutParams) => Promise<__experimental_CommerceCheckoutResource>;
}
type __experimental_CommerceSubscriberType = 'org' | 'user';
type __experimental_CommerceSubscriptionStatus = 'active' | 'ended' | 'upcoming';
type __experimental_CommerceSubscriptionPlanPeriod = 'month' | 'annual';
interface __experimental_CommerceProductResource extends ClerkResource {
id: string;
slug: string | null;
currency: string;
isDefault: boolean;
plans: __experimental_CommercePlanResource[];
}
interface __experimental_GetPlansParams {
subscriberType?: __experimental_CommerceSubscriberType;
}
interface __experimental_CommercePlanResource extends ClerkResource {
id: string;
name: string;
amount: number;
amountFormatted: string;
annualMonthlyAmount: number;
annualMonthlyAmountFormatted: string;
currencySymbol: string;
currency: string;
description: string;
isDefault: boolean;
isRecurring: boolean;
hasBaseFee: boolean;
payerType: string[];
publiclyVisible: boolean;
slug: string;
avatarUrl: string;
features: __experimental_CommerceFeatureResource[];
}
interface __experimental_CommerceFeatureResource extends ClerkResource {
id: string;
name: string;
description: string;
slug: string;
avatarUrl: string;
}
type __experimental_CommercePaymentSourceStatus = 'active' | 'expired' | 'disconnected';
type __experimental_GetPaymentSourcesParams = WithOptionalOrgType<ClerkPaginationParams>;
type __experimental_InitializePaymentSourceParams = WithOptionalOrgType<{
gateway: 'stripe' | 'paypal';
}>;
type __experimental_AddPaymentSourceParams = WithOptionalOrgType<{
gateway: 'stripe' | 'paypal';
paymentToken: string;
}>;
type __experimental_RemovePaymentSourceParams = WithOptionalOrgType<unknown>;
type __experimental_MakeDefaultPaymentSourceParams = WithOptionalOrgType<unknown>;
interface __experimental_CommercePaymentSourceResource extends ClerkResource {
id: string;
last4: string;
paymentMethod: string;
cardType: string;
isDefault: boolean;
status: __experimental_CommercePaymentSourceStatus;
walletType: string | undefined;
remove: (params?: __experimental_RemovePaymentSourceParams) => Promise<DeletedObjectResource>;
makeDefault: (params?: __experimental_MakeDefaultPaymentSourceParams) => Promise<null>;
}
interface __experimental_CommerceInitializedPaymentSourceResource extends ClerkResource {
externalClientSecret: string;
externalGatewayId: string;
}
type __experimental_GetInvoicesParams = WithOptionalOrgType<ClerkPaginationParams>;
type __experimental_CommerceInvoiceStatus = 'paid' | 'unpaid' | 'past_due';
interface __experimental_CommerceInvoiceResource extends ClerkResource {
id: string;
planId: string;
paymentSourceId: string;
totals: __experimental_CommerceTotals;
paymentDueOn: number;
paidOn: number;
status: __experimental_CommerceInvoiceStatus;
}
type __experimental_GetSubscriptionsParams = WithOptionalOrgType<ClerkPaginationParams>;
type __experimental_CancelSubscriptionParams = WithOptionalOrgType<unknown>;
interface __experimental_CommerceSubscriptionResource extends ClerkResource {
id: string;
paymentSourceId: string;
plan: __experimental_CommercePlanResource;
planPeriod: __experimental_CommerceSubscriptionPlanPeriod;
status: __experimental_CommerceSubscriptionStatus;
periodStart: number;
periodEnd: number;
canceledAt: number | null;
cancel: (params: __experimental_CancelSubscriptionParams) => Promise<DeletedObjectResource>;
}
interface __experimental_CommerceMoney {
amount: number;
amountFormatted: string;
currency: string;
currencySymbol: string;
}
interface __experimental_CommerceTotals {
subtotal: __experimental_CommerceMoney;
grandTotal: __experimental_CommerceMoney;
taxTotal: __experimental_CommerceMoney;
totalDueNow?: __experimental_CommerceMoney;
}
type __experimental_CreateCheckoutParams = WithOptionalOrgType<{
planId: string;
planPeriod: __experimental_CommerceSubscriptionPlanPeriod;
}>;
type __experimental_ConfirmCheckoutParams = WithOptionalOrgType<{
paymentSourceId?: string;
}>;
interface __experimental_CommerceCheckoutResource extends ClerkResource {
id: string;
externalClientSecret: string;
externalGatewayId: string;
invoice_id: string;
paymentSource?: __experimental_CommercePaymentSourceResource;
plan: __experimental_CommercePlanResource;
planPeriod: __experimental_CommerceSubscriptionPlanPeriod;
status: string;
totals: __experimental_CommerceTotals;
subscription?: __experimental_CommerceSubscriptionResource;
confirm: (params: __experimental_ConfirmCheckoutParams) => Promise<__experimental_CommerceCheckoutResource>;
}
type PreferredSignInStrategy = 'password' | 'otp';
type CaptchaWidgetType = 'smart' | 'invisible' | null;
type CaptchaProvider = 'turnstile';
interface DisplayConfigJSON {
object: 'display_config';
id: string;
after_sign_in_url: string;
after_sign_out_all_url: string;
after_sign_out_one_url: string;
after_sign_up_url: string;
after_switch_session_url: string;
application_name: string;
branded: boolean;
captcha_public_key: string | null;
captcha_widget_type: CaptchaWidgetType;
captcha_public_key_invisible: string | null;
captcha_provider: CaptchaProvider;
captcha_oauth_bypass: OAuthStrategy[] | null;
captcha_heartbeat?: boolean;
captcha_heartbeat_interval_ms?: number;
home_url: string;
instance_environment_type: string;
logo_image_url: string;
favicon_image_url: string;
preferred_sign_in_strategy: PreferredSignInStrategy;
sign_in_url: string;
sign_up_url: string;
support_email: string;
theme: DisplayThemeJSON;
user_profile_url: string;
clerk_js_version?: string;
organization_profile_url: string;
create_organization_url: string;
after_leave_organization_url: string;
after_create_organization_url: string;
google_one_tap_client_id?: string;
show_devmode_warning: boolean;
terms_url: string;
privacy_policy_url: string;
waitlist_url: string;
after_join_waitlist_url: string;
}
interface DisplayConfigResource extends ClerkResource {
id: string;
afterSignInUrl: string;
afterSignOutAllUrl: string;
afterSignOutOneUrl: string;
afterSignUpUrl: string;
afterSwitchSessionUrl: string;
applicationName: string;
backendHost: string;
branded: boolean;
captchaPublicKey: string | null;
captchaWidgetType: CaptchaWidgetType;
captchaProvider: CaptchaProvider;
captchaPublicKeyInvisible: string | null;
/**
* An array of OAuth strategies for which we will bypass the captcha.
* We trust that the provider will verify that the user is not a bot on their end.
* This can also be used to bypass the captcha for a specific OAuth provider on a per-instance basis.
*/
captchaOauthBypass: OAuthStrategy[];
captchaHeartbeat: boolean;
captchaHeartbeatIntervalMs?: number;
homeUrl: string;
instanceEnvironmentType: string;
logoImageUrl: string;
faviconImageUrl: string;
preferredSignInStrategy: PreferredSignInStrategy;
signInUrl: string;
signUpUrl: string;
supportEmail: string;
theme: DisplayThemeJSON;
userProfileUrl: string;
clerkJSVersion?: string;
experimental__forceOauthFirst?: boolean;
organizationProfileUrl: string;
createOrganizationUrl: string;
afterLeaveOrganizationUrl: string;
afterCreateOrganizationUrl: string;
googleOneTapClientId?: string;
showDevModeWarning: boolean;
termsUrl: string;
privacyPolicyUrl: string;
waitlistUrl: string;
afterJoinWaitlistUrl: string;
__internal_toSnapshot: () => DisplayConfigJSONSnapshot;
}
interface OrganizationDomainVerification {
status: OrganizationDomainVerificationStatus;
strategy: 'email_code';
attempts: number;
expiresAt: Date;
}
/**
* @inline
*/
type OrganizationDomainVerificationStatus = 'unverified' | 'verified';
/**
* @inline
*/
type OrganizationEnrollmentMode = 'manual_invitation' | 'automatic_invitation' | 'automatic_suggestion';
/**
* The `OrganizationDomain` object is the model around an organization domain.
* @interface
*/
interface OrganizationDomainResource extends ClerkResource {
id: string;
name: string;
organizationId: string;
enrollmentMode: OrganizationEnrollmentMode;
verification: OrganizationDomainVerification | null;
createdAt: Date;
updatedAt: Date;
affiliationEmailAddress: string | null;
totalPendingInvitations: number;
totalPendingSuggestions: number;
prepareAffiliationVerification: (params: PrepareAffiliationVerificationParams) => Promise<OrganizationDomainResource>;
attemptAffiliationVerification: (params: AttemptAffiliationVerificationParams) => Promise<OrganizationDomainResource>;
delete: () => Promise<void>;
updateEnrollmentMode: (params: UpdateEnrollmentModeParams) => Promise<OrganizationDomainResource>;
}
type PrepareAffiliationVerificationParams = {
affiliationEmailAddress: string;
};
type AttemptAffiliationVerificationParams = {
code: string;
};
type UpdateEnrollmentModeParams = Pick<OrganizationDomainResource, 'enrollmentMode'> & {
deletePending?: boolean;
};
declare global {
/**
* If you want to provide custom types for the organizationInvitation.publicMetadata
* object, simply redeclare this rule in the global namespace.
* Every organizationInvitation object will use the provided type.
*/
interface OrganizationInvitationPublicMetadata {
[k: string]: unknown;
}
interface OrganizationInvitationPrivateMetadata {
[k: string]: unknown;
}
}
/**
* The `OrganizationInvitation` object is the model around an organization invitation.
* @interface
*/
interface OrganizationInvitationResource extends ClerkResource {
id: string;
emailAddress: string;
organizationId: string;
publicMetadata: OrganizationInvitationPublicMetadata;
role: OrganizationCustomRoleKey;
status: OrganizationInvitationStatus;
createdAt: Date;
updatedAt: Date;
revoke: () => Promise<OrganizationInvitationResource>;
}
/**
* @inline
*/
type OrganizationInvitationStatus = 'pending' | 'accepted' | 'revoked' | 'expired';
type SnakeToCamel<T> = T extends `${infer A}_${infer B}` ? `${Uncapitalize<A>}${Capitalize<SnakeToCamel<B>>}` : T extends object ? {
[K in keyof T as SnakeToCamel<K>]: T[K];
} : T;
type DeepSnakeToCamel<T> = T extends `${infer A}_${infer B}` ? `${Uncapitalize<A>}${Capitalize<DeepSnakeToCamel<B>>}` : T extends object ? {
[K in keyof T as DeepSnakeToCamel<K>]: DeepSnakeToCamel<T[K]>;
} : T;
type DeepCamelToSnake<T> = T extends `${infer C0}${infer R}` ? `${C0 extends Uppercase<C0> ? '_' : ''}${Lowercase<C0>}${DeepCamelToSnake<R>}` : T extends object ? {
[K in keyof T as DeepCamelToSnake<Extract<K, string>>]: DeepCamelToSnake<T[K]>;
} : T;
type CamelToSnake<T> = T extends `${infer C0}${infer R}` ? `${C0 extends Uppercase<C0> ? '_' : ''}${Lowercase<C0>}${CamelToSnake<R>}` : T extends object ? {
[K in keyof T as CamelToSnake<Extract<K, string>>]: T[K];
} : T;
/**
* @internal
*/
type DeepPartial<T> = {
[P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P];
};
type DeepRequired<T> = Required<{
[P in keyof T]: T[P] extends object | undefined ? DeepRequired<Required<T[P]>> : T[P];
}>;
type Nullable<T, K extends keyof T> = {
[P in keyof T]: P extends K ? T[P] | null : T[P];
};
/**
* Internal type used by RecordToPath
*/
type PathImpl<T, Key extends keyof T> = Key extends string ? T[Key] extends Record<string, any> ? `${Key}.${PathImpl<T[Key], Exclude<keyof T[Key], keyof any[]>> & string}` | `${Key}.${Exclude<keyof T[Key], keyof any[]> & string}` : never : never;
/**
* Internal type used by RecordToPath
*/
type PathImpl2<T> = PathImpl<T, keyof T> | keyof T;
/**
* Used to construct a type union containing all the keys (even if nested) of an object defined as const
* const obj = { a: { b: '' }, c: '' } as const;
* type Paths = RecordToPath<typeof obj>
* Paths contains: 'a' | 'a.b' | 'c'
*/
type RecordToPath<T> = PathImpl2<T> extends string | keyof T ? PathImpl2<T> : keyof T;
/**
* Used to read the value of a string path inside an object defined as const
* const obj = { a: { b: 'hello' }} as const;
* type Value = PathValue<typeof obj, 'a.b'>
* Value is now a union set containing a single type: 'hello'
*/
type PathValue<T, P extends RecordToPath<T>> = P extends `${infer Key}.${infer Rest}` ? Key extends keyof T ? Rest extends RecordToPath<T[Key]> ? PathValue<T[Key], Rest> : never : never : P extends keyof T ? T[P] : never;
type IsSerializable<T> = T extends Function ? false : true;
/**
* Excludes any non-serializable prop from an object
* @hidden
*/
type Serializable<T> = {
[K in keyof T as IsSerializable<T[K]> extends true ? K : never]: T[K];
};
/**
* Enables autocompletion for a union type, while keeping the ability to use any string
* or type of `T`
* @internal
*/
type Autocomplete<U extends T, T = string> = U | (T & Record<never, never>);
/**
* Omit without union flattening
* */
type Without<T, W> = {
[P in keyof T as Exclude<P, W>]: T[P];
};
/**
* Overrides the type of existing properties
* const obj = { a: string, b: number } as const;
* type Value = Override<typeof obj, { b: string }>
* Value contains: { a:string, b: string }
*/
type Override<T, U> = Omit<T, keyof U> & U;
interface VerificationResource extends ClerkResource {
attempts: number | null;
error: ClerkAPIError | null;
expireAt: Date | null;
externalVerificationRedirectURL: URL | null;
nonce: string | null;
message: string | null;
status: VerificationStatus | null;
strategy: string | null;
verifiedAtClient: string | null;
verifiedFromTheSameClient: () => boolean;
__internal_toSnapshot: () => VerificationJSONSnapshot;
}
interface PasskeyVerificationResource extends VerificationResource {
publicKey: PublicKeyCredentialCreationOptionsWithoutExtensions | null;
}
type VerificationStatus = 'unverified' | 'verified' | 'transferable' | 'failed' | 'expired';
interface CodeVerificationAttemptParam {
code: string;
signature?: never;
}
interface SignatureVerificationAttemptParam {
code?: never;
signature: string;
}
type VerificationAttemptParams = CodeVerificationAttemptParam | SignatureVerificationAttemptParam;
interface StartEmailLinkFlowParams {
redirectUrl: string;
}
type CreateEmailLinkFlowReturn<Params, Resource> = {
startEmailLinkFlow: (params: Params) => Promise<Resource>;
cancelEmailLinkFlow: () => void;
};
interface StartEnterpriseSSOLinkFlowParams {
redirectUrl: string;
}
type CreateEnterpriseSSOLinkFlowReturn<Params, Resource> = {
startEnterpriseSSOLinkFlow: (params: Params) => Promise<Resource>;
cancelEnterpriseSSOLinkFlow: () => void;
};
type UpdatePasskeyJSON = Pick<PasskeyJSON, 'name'>;
type UpdatePasskeyParams = Partial<SnakeToCamel<UpdatePasskeyJSON>>;
interface PasskeyResource extends ClerkResource {
id: string;
name: string | null;
verification: PasskeyVerificationResource | null;
lastUsedAt: Date | null;
updatedAt: Date;
createdAt: Date;
update: (params: UpdatePasskeyParams) => Promise<PasskeyResource>;
delete: () => Promise<DeletedObjectResource>;
__internal_toSnapshot: () => PasskeyJSONSnapshot;
}
type PublicKeyCredentialCreationOptionsWithoutExtensions = Omit<Required<PublicKeyCredentialCreationOptions>, 'extensions'>;
type PublicKeyCredentialRequestOptionsWithoutExtensions = Omit<Required<PublicKeyCredentialRequestOptions>, 'extensions'>;
type PublicKeyCredentialWithAuthenticatorAttestationResponse = Omit<PublicKeyCredential, 'response' | 'getClientExtensionResults'> & {
response: Omit<AuthenticatorAttestationResponse, 'getAuthenticatorData' | 'getPublicKey' | 'getPublicKeyAlgorithm'>;
};
type PublicKeyCredentialWithAuthenticatorAssertionResponse = Omit<PublicKeyCredential, 'response' | 'getClientExtensionResults'> & {
response: AuthenticatorAssertionResponse;
};
type CredentialReturn<T> = {
publicKeyCredential: T;
error: null;
} | {
publicKeyCredential: null;
error: Error;
};
type EmailCodeFactor = {
strategy: EmailCodeStrategy;
emailAddressId: string;
safeIdentifier: string;
primary?: boolean;
};
type EmailLinkFactor = {
strategy: EmailLinkStrategy;
emailAddressId: string;
safeIdentifier: string;
primary?: boolean;
};
type PhoneCodeFactor = {
strategy: PhoneCodeStrategy;
phoneNumberId: string;
safeIdentifier: string;
primary?: boolean;
default?: boolean;
};
type Web3SignatureFactor = {
strategy: Web3Strategy;
web3WalletId: string;
primary?: boolean;
};
type PasswordFactor = {
strategy: PasswordStrategy;
};
type PasskeyFactor = {
strategy: PasskeyStrategy;
};
type OauthFactor = {
strategy: OAuthStrategy;
};
type SamlFactor = {
strategy: SamlStrategy;
};
type EnterpriseSSOFactor = {
strategy: EnterpriseSSOStrategy;
};
type TOTPFactor = {
strategy: TOTPStrategy;
};
type BackupCodeFactor = {
strategy: BackupCodeStrategy;
};
type ResetPasswordPhoneCodeFactor = {
strategy: ResetPasswordPhoneCodeStrategy;
phoneNumberId: string;
safeIdentifier: string;
primary?: boolean;
};
type ResetPasswordEmailCodeFactor = {
strategy: ResetPasswordEmailCodeStrategy;
emailAddressId: string;
safeIdentifier: string;
primary?: boolean;
};
type ResetPasswordCodeFactor = ResetPasswordEmailCodeFactor | ResetPasswordPhoneCodeFactor;
type ResetPasswordPhoneCodeFactorConfig = Omit<ResetPasswordPhoneCodeFactor, 'safeIdentifier'>;
type ResetPasswordEmailCodeFactorConfig = Omit<ResetPasswordEmailCodeFactor, 'safeIdentifier'>;
type EmailCodeConfig = Omit<EmailCodeFactor, 'safeIdentifier'>;
type EmailLinkConfig = Omit<EmailLinkFactor, 'safeIdentifier'> & {
redirectUrl: string;
};
type PhoneCodeConfig = Omit<PhoneCodeFactor, 'safeIdentifier'>;
type Web3SignatureConfig = Web3SignatureFactor;
type PassKeyConfig = PasskeyFactor;
type OAuthConfig = OauthFactor & {
redirectUrl: string;
actionCompleteRedirectUrl: string;
oidcPrompt?: string;
oidcLoginHint?: string;
};
type SamlConfig = SamlFactor & {
redirectUrl: string;
actionCompleteRedirectUrl: string;
};
type EnterpriseSSOConfig = EnterpriseSSOFactor & {
redirectUrl: string;
actionCompleteRedirectUrl: string;
};
type PhoneCodeSecondFactorConfig = {
strategy: PhoneCodeStrategy;
phoneNumberId?: string;
};
type EmailCodeAttempt = {
strategy: EmailCodeStrategy;
code: string;
};
type PhoneCodeAttempt = {
strategy: PhoneCodeStrategy;
code: string;
};
type PasswordAttempt = {
strategy: PasswordStrategy;
password: string;
};
type PasskeyAttempt = {
strategy: PasskeyStrategy;
publicKeyCredential: PublicKeyCredentialWithAuthenticatorAssertionResponse;
};
type Web3Attempt = {
strategy: Web3Strategy;
signature: string;
};
type TOTPAttempt = {
strategy: TOTPStrategy;
code: string;
};
type BackupCodeAttempt = {
strategy: BackupCodeStrategy;
code: string;
};
type ResetPasswordPhoneCodeAttempt = {
strategy: ResetPasswordPhoneCodeStrategy;
code: string;
password?: string;
};
type ResetPasswordEmailCodeAttempt = {
strategy: ResetPasswordEmailCodeStrategy;
code: string;
password?: string;
};
interface SessionVerificationResource extends ClerkResource {
status: SessionVerificationStatus;
level: SessionVerificationLevel;
session: SessionResource;
firstFactorVerification: VerificationResource;
secondFactorVerification: VerificationResource;
supportedFirstFactors: SessionVerificationFirstFactor[] | null;
supportedSecondFactors: SessionVerificationSecondFactor[] | null;
}
type SessionVerificationStatus = 'needs_first_factor' | 'needs_second_factor' | 'complete';
type SessionVerificationTypes = 'strict_mfa' | 'strict' | 'moderate' | 'lax';
type ReverificationConfig = SessionVerificationTypes | {
level: SessionVerificationLevel;
afterMinutes: SessionVerificationAfterMinutes;
};
type SessionVerificationLevel = 'first_factor' | 'second_factor' | 'multi_factor';
type SessionVerificationAfterMinutes = number;
type SessionVerificationFirstFactor = EmailCodeFactor | PhoneCodeFactor | PasswordFactor | PasskeyFactor;
type SessionVerificationSecondFactor = PhoneCodeFactor | TOTPFactor | BackupCodeFactor;
interface JWT {
encoded: {
header: string;
payload: string;
signature: string;
};
header: JwtHeader;
claims: JwtPayload;
}
type NonEmptyArray<T> = [T, ...T[]];
/**
* @deprecated Use `JwtHeader` instead.
*/
interface JWTHeader {
alg: string | Algorithm;
typ?: string;
cty?: string;
crit?: NonEmptyArray<Exclude<keyof JWTHeader, 'crit'>>;
kid?: string;
jku?: string;
x5u?: string | string[];
'x5t#S256'?: string;
x5t?: string;
x5c?: string | string[];
}
/**
* @deprecated Use `JwtPayload` instead.
*/
interface JWTClaims extends ClerkJWTClaims {
/**
* Encoded token supporting the `getRawString` method.
*/
__raw: string;
}
/**
* Clerk-issued JWT payload
* @deprecated Use `JwtPayload` instead.
*/
interface ClerkJWTClaims {
/**
* JWT Issuer - [RFC7519#section-4.1.1](https://tools.ietf.org/html/rfc7519#section-4.1.1).
*/
iss: string;
/**
* JWT Subject - [RFC7519#section-4.1.2](https://tools.ietf.org/html/rfc7519#section-4.1.2).
*/
sub: string;
/**
* Session ID
*/
sid: string;
/**
* JWT Not Before - [RFC7519#section-4.1.5](https://tools.ietf.org/html/rfc7519#section-4.1.5).
*/
nbf: number;
/**
* JWT Expiration Time - [RFC7519#section-4.1.4](https://tools.ietf.org/html/rfc7519#section-4.1.4).
*/
exp: number;
/**
* JWT Issued At - [RFC7519#section-4.1.6](https://tools.ietf.org/html/rfc7519#section-4.1.6).
*/
iat: number;
/**
* JWT Authorized party - [RFC7800#section-3](https://tools.ietf.org/html/rfc7800#section-3).
*/
azp?: string;
/**
* JWT Actor - [RFC8693](https://www.rfc-editor.org/rfc/rfc8693.html#name-act-actor-claim).
*/
act?: ActClaim;
/**
* Active organization ID.
*/
org_id?: string;
/**
* Active organization slug.
*/
org_slug?: string;
/**
* Active organization role.
*/
org_role?: OrganizationCustomRoleKey;
/**
* Any other JWT Claim Set member.
*/
[propName: string]: unknown;
}
/**
* JWT Actor - [RFC8693](https://www.rfc-editor.org/rfc/rfc8693.html#name-act-actor-claim).
* @inline
* @deprecated Use `ActClaim` instead.
*/
interface ActJWTClaim {
sub: string;
[x: string]: unknown;
}
/**
* @deprecated This type will be removed in the next major version.
*/
type OrganizationsJWTClaim = Record<string, OrganizationCustomRoleKey>;
interface TokenResource extends ClerkResource {
jwt?: JWT;
getRawString: () => string;
__internal_toSnapshot: () => TokenJSONSnapshot;
}
interface BackupCodeResource extends ClerkResource {
id: string;
codes: string[];
createdAt: Date | null;
updatedAt: Date | null;
}
interface IdentificationLinkResource extends ClerkResource {
id: string;
type: string;
__internal_toSnapshot(): IdentificationLinkJSONSnapshot;
}
type PrepareEmailAddressVerificationParams = {
strategy: EmailCodeStrategy;
} | {
strategy: EmailLinkStrategy | EnterpriseSSOStrategy;
redirectUrl: string;
};
type AttemptEmailAddressVerificationParams = {
code: string;
};
interface EmailAddressResource extends ClerkResource {
id: string;
emailAddress: string;
verification: VerificationResource;
matchesSsoConnection: boolean;
linkedTo: IdentificationLinkResource[];
toString: () => string;
prepareVerification: (params: PrepareEmailAddressVerificationParams) => Promise<EmailAddressResource>;
attemptVerification: (params: AttemptEmailAddressVerificationParams) => Promise<EmailAddressResource>;
createEmailLinkFlow: () => CreateEmailLinkFlowReturn<StartEmailLinkFlowParams, EmailAddressResource>;
createEnterpriseSSOLinkFlow: () => CreateEnterpriseSSOLinkFlowReturn<StartEnterpriseSSOLinkFlowParams, EmailAddressResource>;
destroy: () => Promise<void>;
create: () => Promise<EmailAddressResource>;
__internal_toSnapshot: () => EmailAddressJSONSnapshot;
}
type ReauthorizeExternalAccountParams = {
additionalScopes?: OAuthScope[];
redirectUrl?: string;
oidcPrompt?: string;
oidcLoginHint?: string;
};
interface ExternalAccountResource extends ClerkResource {
id: string;
identificationId: string;
provider: OAuthProvider;
providerUserId: string;
emailAddress: string;
approvedScopes: string;
firstName: string;
lastName: string;
imageUrl: string;
username?: string;
phoneNumber?: string;
publicMetadata: Record<string, unknown>;
label?: string;
verification: VerificationResource | null;
reauthorize: (params: ReauthorizeExternalAccountParams) => Promise<ExternalAccountResource>;
destroy: () => Promise<void>;
providerSlug: () => OAuthProvider;
providerTitle: () => string;
accountIdentifier: () => string;
__internal_toSnapshot: () => ExternalAccountJSONSnapshot;
}
interface ImageResource extends ClerkResource {
id?: string;
name: string | null;
publicUrl: string | null;
}
/**
* @inline
*/
type OrganizationSuggestionStatus = 'pending' | 'accepted';
/**
* An interface representing an organization suggestion.
* @interface
*/
interface OrganizationSuggestionResource extends ClerkResource {
id: string;
publicOrganizationData: {
hasImage: boolean;
imageUrl: string;
name: string;
id: string;
slug: string | null;
};
status: OrganizationSuggestionStatus;
createdAt: Date;
updatedAt: Date;
accept: () => Promise<OrganizationSuggestionResource>;
}
type PhoneNumberVerificationStrategy = PhoneCodeStrategy;
type PreparePhoneNumberVerificationParams = {
strategy: PhoneNumberVerificationStrategy;
};
type AttemptPhoneNumberVerificationParams = {
code: string;
};
type SetReservedForSecondFactorParams = {
reserved: boolean;
};
interface PhoneNumberResource extends ClerkResource {
id: string;
phoneNumber: string;
verification: VerificationResource;
reservedForSecondFactor: boolean;
defaultSecondFactor: boolean;
linkedTo: IdentificationLinkResource[];
backupCodes?: string[];
toString: () => string;
prepareVerification: () => Promise<PhoneNumberResource>;
attemptVerification: (params: AttemptPhoneNumberVerificationParams) => Promise<PhoneNumberResource>;
makeDefaultSecondFactor: () => Promise<PhoneNumberResource>;
setReservedForSecondFactor: (params: SetReservedForSecondFactorParams) => Promise<PhoneNumberResource>;
destroy: () => Promise<void>;
create: () => Promise<PhoneNumberResource>;
__internal_toSnapshot: () => PhoneNumberJSONSnapshot;
}
interface SamlAccountConnectionResource extends ClerkResource {
id: string;
name: string;
domain: string;
active: boolean;
provider: string;
syncUserAttributes: boolean;
allowSubdomains: boolean;
allowIdpInitiated: boolean;
disableAdditionalIdentifications: boolean;
createdAt: Date;
updatedAt: Date;
__internal_toSnapshot: () => SamlAccountConnectionJSONSnapshot;
}
interface SamlAccountResource extends ClerkResource {
provider: SamlIdpSlug;
providerUserId: string | null;
active: boolean;
emailAddress: string;
firstName: string;
lastName: string;
verification: VerificationResource | null;
samlConnection: SamlAccountConnectionResource | null;
__internal_toSnapshot: () => SamlAccountJSONSnapshot;
}
interface TOTPResource extends ClerkResource {
id: string;
secret?: string;
uri?: string;
verified: boolean;
backupCodes?: string[];
createdAt: Date | null;
updatedAt: Date | null;
}
declare global {
/**
* If you want to provide custom types for the organizationInvitation.publicMetadata
* object, simply redeclare this rule in the global namespace.
* Every organizationInvitation object will use the provided type.
*/
interface UserOrganizationInvitationPublicMetadata {
[k: string]: unknown;
}
interface UserOrganizationInvitationPrivateMetadata {
[k: string]: unknown;
}
}
/**
* The `OrganizationInvitation` object is the model around an organization invitation.
* @interface
*/
interface UserOrganizationInvitationResource extends ClerkResource {
id: string;
emailAddress: string;
publicOrganizationData: {
hasImage: boolean;
imageUrl: string;
name: string;
id: string;
slug: string | null;
};
publicMetadata: UserOrganizationInvitationPublicMetadata;
role: OrganizationCustomRoleKey;
status: OrganizationInvitationStatus;
createdAt: Date;
updatedAt: Date;
accept: () => Promise<UserOrganizationInvitationResource>;
}
type PrepareWeb3WalletVerificationParams = {
strategy: Web3Strategy;
};
type AttemptWeb3WalletVerificationParams = {
signature: string;
strategy?: Web3Strategy;
};
interface Web3WalletResource extends ClerkResource {
id: string;
web3Wallet: string;
verification: VerificationResource;
toString: () => string;
prepareVerification: (params: PrepareWeb3WalletVerificationParams) => Promise<Web3WalletResource>;
attemptVerification: (params: AttemptWeb3WalletVerificationParams) => Promise<Web3WalletResource>;
destroy: () => Promise<void>;
create: () => Promise<Web3WalletResource>;
__internal_toSnapshot: () => Web3WalletJSONSnapshot;
}
type GenerateSignature = (opts: GenerateSignatureParams) => Promise<string>;
interface AuthenticateWithWeb3Params {
identifier: string;
generateSignature: GenerateSignature;
strategy?: Web3Strategy;
}
interface GenerateSignatureParams {
identifier: string;
nonce: string;
provider?: Web3Provider;
}
declare global {
/**
* If you want to provide custom types for the user.publicMetadata object,
* simply redeclare this rule in the global namespace.
* Every user object will use the provided type.
*/
interface UserPublicMetadata {
[k: string]: unknown;
}
/**
* If you want to provide custom types for the user.privateMetadata object,
* simply redeclare this rule in the global namespace.
* Every user object will use the provided type.
*/
interface UserPrivateMetadata {
[k: string]: unknown;
}
/**
* If you want to provide custom types for the user.unsafeMetadata object,
* simply redeclare this rule in the global namespace.
* Every user object will use the provided type.
*/
interface UserUnsafeMetadata {
[k: string]: unknown;
}
}
/**
* The `User` object holds all of the information for a single user of your application and provides a set of methods to manage their account. Each `User` has at least one authentication [identifier](https://clerk.com/docs/authentication/configuration/sign-up-sign-in-options#identifiers), which might be their email address, phone number, or a username.
*
* A user can be contacted at their primary email address or primary phone number. They can have more than one registered email address, but only one of them will be their primary email address. This goes for phone numbers as well; a user can have more than one, but only one phone number will be their primary. At the same time, a user can also have one or more external accounts by connecting to [social providers](https://clerk.com/docs/authentication/social-connections/oauth) such as Google, Apple, Facebook, and many more.
*
* Finally, a `User` object holds profile data like the user's name, profile picture, and a set of [metadata](/docs/users/metadata) that can be used internally to store arbitrary information. The metadata are split into `publicMetadata` and `privateMetadata`. Both types are set from the [Backend API](https://clerk.com/docs/reference/backend-api){{ target: '_blank' }}, but public metadata can also be accessed from the [Frontend API](https://clerk.com/docs/reference/frontend-api){{ target: '_blank' }}.
*
* The ClerkJS SDK provides some helper [methods](#methods) on the `User` object to help retrieve and update user information and authentication status.
*/
interface UserResource extends ClerkResource {
id: string;
externalId: string | null;
primaryEmailAddressId: string | null;
primaryEmailAddress: EmailAddressResource | null;
primaryPhoneNumberId: string | null;
primaryPhoneNumber: PhoneNumberResource | null;
primaryWeb3WalletId: string | null;
primaryWeb3Wallet: Web3WalletResource | null;
username: string | null;
fullName: string | null;
firstName: string | null;
lastName: string | null;
imageUrl: string;
hasImage: boolean;
emailAddresses: EmailAddressResource[];
phoneNumbers: PhoneNumberResource[];
web3Wallets: Web3WalletResource[];
externalAccounts: ExternalAccountResource[];
enterpriseAccounts: EnterpriseAccountResource[];
passkeys: PasskeyResource[];
/**
* @deprecated Use `enterpriseAccounts` instead.
*/
samlAccounts: SamlAccountResource[];
organizationMemberships: OrganizationMembershipResource[];
passwordEnabled: boolean;
totpEnabled: boolean;
backupCodeEnabled: boolean;
twoFactorEnabled: boolean;
publicMetadata: UserPublicMetadata;
unsafeMetadata: UserUnsafeMetadata;
lastSignInAt: Date | null;
createOrganizationEnabled: boolean;
createOrganizationsLimit: number | null;
deleteSelfEnabled: boolean;
updatedAt: Date | null;
createdAt: Date | null;
update: (params: UpdateUserParams) => Promise<UserResource>;
delete: () => Promise<void>;
updatePassword: (params: UpdateUserPasswordParams) => Promise<UserResource>;
removePassword: (params: RemoveUserPasswordParams) => Promise<UserResource>;
createEmailAddress: (params: CreateEmailAddressParams) => Promise<EmailAddressResource>;
createPasskey: () => Promise<PasskeyResource>;
createPhoneNumber: (params: CreatePhoneNumberParams) => Promise<PhoneNumberResource>;
createWeb3Wallet: (params: CreateWeb3WalletParams) => Promise<Web3WalletResource>;
isPrimaryIdentification: (ident: EmailAddressResource | PhoneNumberResource | Web3WalletResource) => boolean;
getSessions: () => Promise<SessionWithActivitiesResource[]>;
setProfileImage: (params: SetProfileImageParams) => Promise<ImageResource>;
createExternalAccount: (params: CreateExternalAccountParams) => Promise<ExternalAccountResource>;
getOrganizationMemberships: GetOrganizationMemberships;
getOrganizationInvitations: (params?: GetUserOrganizationInvitationsParams) => Promise<ClerkPaginatedResponse<UserOrganizationInvitationResource>>;
getOrganizationSuggestions: (params?: GetUserOrganizationSuggestionsParams) => Promise<ClerkPaginatedResponse<OrganizationSuggestionResource>>;
leaveOrganization: (organizationId: string) => Promise<DeletedObjectResource>;
createTOTP: () => Promise<TOTPResource>;
verifyTOTP: (params: VerifyTOTPParams) => Promise<TOTPResource>;
disableTOTP: () => Promise<DeletedObjectResource>;
createBackupCode: () => Promise<BackupCodeResource>;
get verifiedExternalAccounts(): ExternalAccountResource[];
get unverifiedExternalAccounts(): ExternalAccountResource[];
get verifiedWeb3Wallets(): Web3WalletResource[];
get hasVerifiedEmailAddress(): boolean;
get hasVerifiedPhoneNumber(): boolean;
__internal_toSnapshot: () => UserJSONSnapshot;
}
type CreateEmailAddressParams = {
email: string;
};
type CreatePhoneNumberParams = {
phoneNumber: string;
};
type CreateWeb3WalletParams = {
web3Wallet: string;
};
type SetProfileImageParams = {
file: Blob | File | string | null;
};
type CreateExternalAccountParams = {
strategy: OAuthStrategy;
redirectUrl?: string;
additionalScopes?: OAuthScope[];
oidcPrompt?: string;
oidcLoginHint?: string;
};
type VerifyTOTPParams = {
code: string;
};
type UpdateUserJSON = Pick<UserJSON, 'username' | 'first_name' | 'last_name' | 'primary_email_address_id' | 'primary_phone_number_id' | 'primary_web3_wallet_id' | 'unsafe_metadata'>;
type UpdateUserParams = Partial<SnakeToCamel<UpdateUserJSON>>;
type UpdateUserPasswordParams = {
newPassword: string;
currentPassword?: string;
signOutOfOtherSessions?: boolean;
};
type RemoveUserPasswordParams = Pick<UpdateUserPasswordParams, 'currentPassword'>;
type GetUserOrganizationInvitationsParams = ClerkPaginationParams<{
status?: OrganizationInvitationStatus;
}>;
type GetUserOrganizationSuggestionsParams = ClerkPaginationParams<{
status?: OrganizationSuggestionStatus | OrganizationSuggestionStatus[];
}>;
type GetUserOrganizationMembershipParams = ClerkPaginationParams;
type GetOrganizationMemberships = (params?: GetUserOrganizationMembershipParams) => Promise<ClerkPaginatedResponse<OrganizationMembershipResource>>;
/**
* @inline
*/
type PendingSessionOptions = {
/**
* A boolean that indicates whether pending sessions are considered as signed out or not.
* @default true
*/
treatPendingAsSignedOut?: boolean;
};
type DisallowSystemPermissions<P extends string> = P extends `${OrganizationSystemPermissionPrefix}${string}` ? 'System permissions are not included in session claims and cannot be used on the server-side' : P;
/** @inline */
type CheckAuthorizationFn<Params> = (isAuthorizedParams: Params) => boolean;
/** @inline */
type CheckAuthorizationWithCustomPermissions = CheckAuthorizationFn<CheckAuthorizationParamsWithCustomPermissions>;
type WithReverification<T> = T & {
reverification?: ReverificationConfig;
};
type CheckAuthorizationParamsWithCustomPermissions = WithReverification<{
role: OrganizationCustomRoleKey;
permission?: never;
feature?: never;
plan?: never;
} | {
role?: never;
permission: OrganizationCustomPermissionKey;
feature?: never;
plan?: never;
} | {
role?: never;
permission?: never;
feature: Autocomplete<`user:${string}` | `org:${string}`>;
plan?: never;
} | {
role?: never;
permission?: never;
feature?: never;
plan: Autocomplete<`user:${string}` | `org:${string}`>;
} | {
role?: never;
permission?: never;
feature?: never;
plan?: never;
}>;
type CheckAuthorization = CheckAuthorizationFn<CheckAuthorizationParams>;
type CheckAuthorizationParams = WithReverification<{
role: OrganizationCustomRoleKey;
permission?: never;
feature?: never;
plan?: never;
} | {
role?: never;
permission: OrganizationPermissionKey;
feature?: never;
plan?: never;
} | {
role?: never;
permission?: never;
feature: Autocomplete<`user:${string}` | `org:${string}`>;
plan?: never;
} | {
role?: never;
permission?: never;
feature?: never;
plan: Autocomplete<`user:${string}` | `org:${string}`>;
} | {
role?: never;
permission?: never;
feature?: never;
plan?: never;
}>;
/**
* Type guard for server-side authorization checks using session claims.
* System permissions are not allowed since they are not included
* in session claims and cannot be verified on the server side.
*/
type CheckAuthorizationFromSessionClaims = <P extends OrganizationCustomPermissionKey>(isAuthorizedParams: CheckAuthorizationParamsFromSessionClaims<P>) => boolean;
type CheckAuthorizationParamsFromSessionClaims<P extends OrganizationCustomPermissionKey> = WithReverification<{
role: OrganizationCustomRoleKey;
permission?: never;
feature?: never;
plan?: never;
} | {
role?: never;
permission: DisallowSystemPermissions<P>;
feature?: never;
plan?: never;
} | {
role?: never;
permission?: never;
feature: Autocomplete<`us