Skip to content

Commit be986fa

Browse files
feat(api): type can_reauth_reason as an enum on ManagedAuth
1 parent 958614b commit be986fa

2 files changed

Lines changed: 51 additions & 7 deletions

File tree

.stats.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
configured_endpoints: 113
2-
openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-a9c7e806132001dbfbd4e8ae6c7d0935e503f457d63385fc800c862e3d064375.yml
3-
openapi_spec_hash: b048dcb0c5401bc0a301c3d30cb8ecba
2+
openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-2118a79fa452fad5922776130ea4877059e9568b603ef146171b7bb6a0f8458a.yml
3+
openapi_spec_hash: 686e8c5855ed88b2944b9d9ec21d22ce
44
config_hash: 37661d89120558d34b6cc184292632f2

src/resources/auth/connections.ts

Lines changed: 49 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -269,15 +269,59 @@ export interface ManagedAuth {
269269
browser_session_id?: string | null;
270270

271271
/**
272-
* Whether automatic re-authentication is possible (has credential, selectors, and
273-
* login_url)
272+
* Whether Kernel can automatically re-authenticate this connection when the
273+
* session expires. Requires a prior successful login plus either a Kernel
274+
* credential or an external credential reference. See `can_reauth_reason` for the
275+
* specific outcome.
274276
*/
275277
can_reauth?: boolean;
276278

277279
/**
278-
* Reason why automatic re-authentication is or is not possible
279-
*/
280-
can_reauth_reason?: string;
280+
* Machine-readable reason for the current value of `can_reauth`. Affirmative
281+
* values (re-auth is possible):
282+
*
283+
* - `external_credential` — an external credential provider is attached
284+
* - `cua_has_credential` — CUA flow with a stored credential
285+
* - `has_credential` — Kernel credential is attached (optimistic; plan viability
286+
* not checked)
287+
* - `viable_plans_found` — at least one stored login plan can be replayed
288+
* - `no_requirements_recorded` — no recorded credential requirements to fail
289+
* against
290+
* - `requirements_satisfiable` — recorded requirements can be met by the attached
291+
* credential
292+
*
293+
* Negative values (a human must complete the login flow):
294+
*
295+
* - `no_prior_successful_login` — connection has never completed a successful
296+
* login
297+
* - `no_credential` — no Kernel or external credential attached
298+
* - `no_viable_plans` — credential attached but no replayable login plan exists
299+
* yet
300+
* - `viable_plans_require_external_action` — stored plans need an external step
301+
* (email link, push, etc.)
302+
* - `requires_external_action` — recorded requirements include an external step
303+
* - `requires_totp_without_secret` — flow needs a TOTP code but no TOTP secret is
304+
* stored
305+
* - `requires_sms_code` — flow needs an SMS code that cannot be received
306+
* automatically
307+
* - `requires_email_code` — flow needs an email code that cannot be received
308+
* automatically
309+
*/
310+
can_reauth_reason?:
311+
| 'external_credential'
312+
| 'cua_has_credential'
313+
| 'has_credential'
314+
| 'viable_plans_found'
315+
| 'no_requirements_recorded'
316+
| 'requirements_satisfiable'
317+
| 'no_prior_successful_login'
318+
| 'no_credential'
319+
| 'no_viable_plans'
320+
| 'viable_plans_require_external_action'
321+
| 'requires_external_action'
322+
| 'requires_totp_without_secret'
323+
| 'requires_sms_code'
324+
| 'requires_email_code';
281325

282326
/**
283327
* Reference to credentials for the auth connection. Use one of:

0 commit comments

Comments
 (0)