feat: add support for passwordless authentication methods on database connections EA

[kushalshit27]

🔧 Changes

• Extended database connection to support new passwordless authentication methods (email_otp and phone_otp) alongside existing password and passkey options
• Added authentication_methods configuration object with support for:
  • email_otp.enabled - Enable email-based one-time password authentication
  • phone_otp.enabled - Enable phone-based one-time password authentication
  • password.enabled - Control whether password authentication is enabled
  • password.api_behavior - Configure password behavior for API interactions
• Added default_method field to identifier attributes (email, phone_number, username) to specify the default authentication method for each identifier type

Examples

YAML format

databases:
  - name: "Username-Password-Authentication"
    options:
      authentication_methods:
        password:
          enabled: false
        email_otp:
          enabled: true
        phone_otp:
          enabled: true
      disable_self_service_change_password: true
      attributes:
        email:
          identifier:
            default_method: "email_otp"
        phone_number:
          identifier:
            default_method: "phone_otp"

JSON format

{
  "name": "Username-Password-Authentication",
  "options": {
    "authentication_methods": {
      "password": { "enabled": false },
      "email_otp": { "enabled": true },
      "phone_otp": { "enabled": true }
    },
    "disable_self_service_change_password": true,
    "attributes": {
      "email": {
        "identifier": { "default_method": "email_otp" }
      },
      "phone_number": {
        "identifier": { "default_method": "phone_otp" }
      }
    }
  }
}

📌 Note:

• When setting authentication_methods.password.enabled to false, you must also set disable_self_service_change_password to true
• Both password.enabled and disable_self_service_change_password must be set together; the validation will fail if only one is provided

📚 References

🔬 Testing

• Added unit tests validating the new passwordless properties
• Added test case for validating the relationship between password.enabled and disable_self_service_change_password settings

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

[codecov-commenter]

Codecov Report

❌ Patch coverage is 80.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.28%. Comparing base (0c86dbd) to head (e9b0f0f).

Files with missing lines	Patch %	Lines
src/tools/auth0/handlers/databases.ts	80.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1282      +/-   ##
==========================================
- Coverage   80.28%   80.28%   -0.01%     
==========================================
  Files         146      146              
  Lines        5823     5833      +10     
  Branches     1193     1197       +4     
==========================================
+ Hits         4675     4683       +8     
- Misses        655      656       +1     
- Partials      493      494       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.