feat: add support for onExistingPasswordProvided workflow event

lib/main.ts

@@ -28,12 +28,22 @@ const getAssetUrl = (assetPath: string, orgCode?: OrgCode) => {
 declare namespace kinde {
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   export function fetch(url: string, options: unknown): Promise<any>;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  export function secureFetch(url: string, options: unknown): Promise<any>;
 
   // eslint-disable-next-line @typescript-eslint/no-namespace
   namespace env {
     export function get(key: string): { value: string; isSecret: boolean };
   }
 
+  // eslint-disable-next-line @typescript-eslint/no-namespace
+  namespace widget {
+    export function invalidateFormField(
+      fieldName: string,
+      message: string,
+    ): void;
+  }
+
   // eslint-disable-next-line @typescript-eslint/no-namespace
   namespace localization {
     export function get(key: string): string;
@@ -230,9 +240,22 @@ export function denyAccess(reason: string) {
   kinde.auth.denyAccess(reason);
 }
 
+/**
+ * Invalidate a Kinde widget form field
+ * @param fieldName Name of the field to invalidate
+ * @param message Reason for invalidating the field
+ */
+export function invalidateFormField(fieldName: string, message: string) {
+  if (!kinde.widget) {
+    throw new Error("widget binding not available");
+  }
+  kinde.widget.invalidateFormField(fieldName, message);
+}
+
 /**
  * Fetch data from an external API
- * @param reason Reason for denying access
+ * @param url URL of the API
+ * @param options Fetch options
  */
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export async function fetch<T = any>(
@@ -254,6 +277,33 @@ export async function fetch<T = any>(
   } as T;
 }
 
+/**
+ * Fetch data from a secure external API
+ *
+ * Encryption keys can be setup in the Kinde dashboard under workflows > encryption keys
+ * @param url URL of the API
+ * @param options Fetch options
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export async function secureFetch<T = any>(
+  url: string,
+  options: KindeFetchOptions,
+): Promise<T> {
+  if (!kinde.secureFetch) {
+    throw new Error("secureFetch binding not available");
+  }
+
+  if (!options.responseFormat) {
+    options.responseFormat = "json";
+  }
+
+  const result = await kinde.secureFetch(url, options);
+
+  return {
+    data: result?.json,
+  } as T;
+}
+
 /**
  * create a Kinde API client
  * @param baseURL Base URL of the Kinde API

lib/types.ts

@@ -52,9 +52,17 @@ export type WorkflowSettings = {
      */
     console?: {};
     /**
-     * Exposes the fetch method to call extenal APIs to the workflow
+     * Exposes the fetch method to call external APIs to the workflow
      */
     "kinde.fetch"?: {};
+    /**
+     * Exposes the fetch method to call signed external APIs to the workflow
+     */
+    "kinde.secureFetch"?: {};
+    /**
+     * Exposes the fetch method to call access the manipulate the Kinde widget
+     */
+    "kinde.widget"?: {};
     /**
      * Exposes access to the kinde environment variables
      */
@@ -77,11 +85,13 @@ export type WorkflowSettings = {
 export enum WorkflowTrigger {
   UserTokenGeneration = "user:tokens_generation",
   M2MTokenGeneration = "m2m:token_generation",
+  ExistingPasswordProvided = "user:existing_password_provided",
 }
 
 export type WorkflowEvents =
   | onUserTokenGeneratedEvent
-  | onM2MTokenGeneratedEvent;
+  | onM2MTokenGeneratedEvent
+  | onExistingPasswordProvided;
 
 type EventBase = {
   request: RequestContext;
@@ -122,6 +132,20 @@ export type onUserTokenGeneratedEvent = EventBase & {
   };
 };
 
+export type onExistingPasswordProvided = EventBase & {
+  context: {
+    auth: {
+      password: string;
+    };
+    user: {
+      id: string;
+    };
+    workflow: {
+      trigger: WorkflowTrigger.ExistingPasswordProvided;
+    };
+  };
+};
+
 export type onM2MTokenGeneratedEvent = EventBase & {
   context: {
     workflow: {