@logto/api 1.34.0 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +21 -0
  2. package/lib/generated-types/management.d.ts +206 -46
  3. package/lib/management.d.ts +39 -0
  4. package/lib/management.js +42 -10
  5. package/package.json +4 -3
package/README.md CHANGED
@@ -51,6 +51,27 @@ const { apiClient } = createManagementApi('default', {
51
51
  });
52
52
  ```
53
53
 
54
+ #### Custom authentication
55
+
56
+ For advanced use cases where you need full control over the authentication logic, use `createApiClient`:
57
+
58
+ ```ts
59
+ import { createApiClient } from '@logto/api/management';
60
+
61
+ const client = createApiClient({
62
+ baseUrl: 'https://your-logto-instance.com',
63
+ getToken: async () => {
64
+ // Your custom token retrieval logic
65
+ return getYourToken();
66
+ },
67
+ });
68
+
69
+ // Type-safe API calls
70
+ const response = await client.GET('/api/applications/{id}', {
71
+ params: { path: { id: 'your-app-id' } },
72
+ });
73
+ ```
74
+
54
75
  ### API documentation
55
76
 
56
77
  For detailed API documentation, refer to the [Logto Management API documentation](https://openapi.logto.io/).
package/lib/generated-types/management.d.ts CHANGED
@@ -3638,8 +3638,6 @@ export interface components {
3638
3638
  /** @description The unique identifier of the one time token. */
3639
3639
  oneTimeTokenId: string;
3640
3640
  /** @description The ID of the SAML application. */
3641
- "saml-applicationId-root": string;
3642
- /** @description The ID of the SAML application. */
3643
3641
  "samlId-root": string;
3644
3642
  };
3645
3643
  requestBodies: never;
@@ -3686,8 +3684,8 @@ export interface operations {
3686
3684
  /** @enum {string} */
3687
3685
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
3688
3686
  oidcClientMetadata: {
3689
- redirectUris: (Record<string, never> | Record<string, never>)[];
3690
- postLogoutRedirectUris: string[];
3687
+ redirectUris: Record<string, never>[];
3688
+ postLogoutRedirectUris: Record<string, never>[];
3691
3689
  /** Format: url */
3692
3690
  backchannelLogoutUri?: string;
3693
3691
  backchannelLogoutSessionRequired?: boolean;
@@ -3701,6 +3699,7 @@ export interface operations {
3701
3699
  tenantId?: string;
3702
3700
  alwaysIssueRefreshToken?: boolean;
3703
3701
  rotateRefreshToken?: boolean;
3702
+ allowTokenExchange?: boolean;
3704
3703
  };
3705
3704
  protectedAppMetadata: {
3706
3705
  host: string;
@@ -3777,8 +3776,8 @@ export interface operations {
3777
3776
  /** @enum {string} */
3778
3777
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
3779
3778
  oidcClientMetadata?: {
3780
- redirectUris: (Record<string, never> | Record<string, never>)[];
3781
- postLogoutRedirectUris: string[];
3779
+ redirectUris: Record<string, never>[];
3780
+ postLogoutRedirectUris: Record<string, never>[];
3782
3781
  /** Format: url */
3783
3782
  backchannelLogoutUri?: string;
3784
3783
  backchannelLogoutSessionRequired?: boolean;
@@ -3792,6 +3791,7 @@ export interface operations {
3792
3791
  tenantId?: string;
3793
3792
  alwaysIssueRefreshToken?: boolean;
3794
3793
  rotateRefreshToken?: boolean;
3794
+ allowTokenExchange?: boolean;
3795
3795
  };
3796
3796
  /** @description arbitrary */
3797
3797
  customData?: Record<string, never>;
@@ -3822,8 +3822,8 @@ export interface operations {
3822
3822
  /** @enum {string} */
3823
3823
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
3824
3824
  oidcClientMetadata: {
3825
- redirectUris: (Record<string, never> | Record<string, never>)[];
3826
- postLogoutRedirectUris: string[];
3825
+ redirectUris: Record<string, never>[];
3826
+ postLogoutRedirectUris: Record<string, never>[];
3827
3827
  /** Format: url */
3828
3828
  backchannelLogoutUri?: string;
3829
3829
  backchannelLogoutSessionRequired?: boolean;
@@ -3837,6 +3837,7 @@ export interface operations {
3837
3837
  tenantId?: string;
3838
3838
  alwaysIssueRefreshToken?: boolean;
3839
3839
  rotateRefreshToken?: boolean;
3840
+ allowTokenExchange?: boolean;
3840
3841
  };
3841
3842
  protectedAppMetadata: {
3842
3843
  host: string;
@@ -3939,8 +3940,8 @@ export interface operations {
3939
3940
  /** @enum {string} */
3940
3941
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
3941
3942
  oidcClientMetadata: {
3942
- redirectUris: (Record<string, never> | Record<string, never>)[];
3943
- postLogoutRedirectUris: string[];
3943
+ redirectUris: Record<string, never>[];
3944
+ postLogoutRedirectUris: Record<string, never>[];
3944
3945
  /** Format: url */
3945
3946
  backchannelLogoutUri?: string;
3946
3947
  backchannelLogoutSessionRequired?: boolean;
@@ -3954,6 +3955,7 @@ export interface operations {
3954
3955
  tenantId?: string;
3955
3956
  alwaysIssueRefreshToken?: boolean;
3956
3957
  rotateRefreshToken?: boolean;
3958
+ allowTokenExchange?: boolean;
3957
3959
  };
3958
3960
  protectedAppMetadata: {
3959
3961
  host: string;
@@ -4095,8 +4097,8 @@ export interface operations {
4095
4097
  name?: string;
4096
4098
  description?: string | null;
4097
4099
  oidcClientMetadata?: {
4098
- redirectUris: (Record<string, never> | Record<string, never>)[];
4099
- postLogoutRedirectUris: string[];
4100
+ redirectUris: Record<string, never>[];
4101
+ postLogoutRedirectUris: Record<string, never>[];
4100
4102
  /** Format: url */
4101
4103
  backchannelLogoutUri?: string;
4102
4104
  backchannelLogoutSessionRequired?: boolean;
@@ -4110,6 +4112,7 @@ export interface operations {
4110
4112
  tenantId?: string;
4111
4113
  alwaysIssueRefreshToken?: boolean;
4112
4114
  rotateRefreshToken?: boolean;
4115
+ allowTokenExchange?: boolean;
4113
4116
  };
4114
4117
  /** @description arbitrary */
4115
4118
  customData?: Record<string, never>;
@@ -4141,8 +4144,8 @@ export interface operations {
4141
4144
  /** @enum {string} */
4142
4145
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
4143
4146
  oidcClientMetadata: {
4144
- redirectUris: (Record<string, never> | Record<string, never>)[];
4145
- postLogoutRedirectUris: string[];
4147
+ redirectUris: Record<string, never>[];
4148
+ postLogoutRedirectUris: Record<string, never>[];
4146
4149
  /** Format: url */
4147
4150
  backchannelLogoutUri?: string;
4148
4151
  backchannelLogoutSessionRequired?: boolean;
@@ -4156,6 +4159,7 @@ export interface operations {
4156
4159
  tenantId?: string;
4157
4160
  alwaysIssueRefreshToken?: boolean;
4158
4161
  rotateRefreshToken?: boolean;
4162
+ allowTokenExchange?: boolean;
4159
4163
  };
4160
4164
  protectedAppMetadata: {
4161
4165
  host: string;
@@ -4878,8 +4882,8 @@ export interface operations {
4878
4882
  /** @enum {string} */
4879
4883
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
4880
4884
  oidcClientMetadata: {
4881
- redirectUris: (Record<string, never> | Record<string, never>)[];
4882
- postLogoutRedirectUris: string[];
4885
+ redirectUris: Record<string, never>[];
4886
+ postLogoutRedirectUris: Record<string, never>[];
4883
4887
  /** Format: url */
4884
4888
  backchannelLogoutUri?: string;
4885
4889
  backchannelLogoutSessionRequired?: boolean;
@@ -4893,6 +4897,7 @@ export interface operations {
4893
4897
  tenantId?: string;
4894
4898
  alwaysIssueRefreshToken?: boolean;
4895
4899
  rotateRefreshToken?: boolean;
4900
+ allowTokenExchange?: boolean;
4896
4901
  };
4897
4902
  protectedAppMetadata: {
4898
4903
  host: string;
@@ -6398,7 +6403,7 @@ export interface operations {
6398
6403
  phone?: string;
6399
6404
  name?: string;
6400
6405
  avatar?: string;
6401
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6406
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6402
6407
  };
6403
6408
  } | {
6404
6409
  id: string;
@@ -6411,7 +6416,7 @@ export interface operations {
6411
6416
  phone?: string;
6412
6417
  name?: string;
6413
6418
  avatar?: string;
6414
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6419
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6415
6420
  };
6416
6421
  issuer?: string;
6417
6422
  } | {
@@ -6691,7 +6696,7 @@ export interface operations {
6691
6696
  phone?: string;
6692
6697
  name?: string;
6693
6698
  avatar?: string;
6694
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6699
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6695
6700
  };
6696
6701
  } | {
6697
6702
  id: string;
@@ -6704,7 +6709,7 @@ export interface operations {
6704
6709
  phone?: string;
6705
6710
  name?: string;
6706
6711
  avatar?: string;
6707
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6712
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6708
6713
  };
6709
6714
  issuer?: string;
6710
6715
  } | {
@@ -6929,7 +6934,7 @@ export interface operations {
6929
6934
  phone?: string;
6930
6935
  name?: string;
6931
6936
  avatar?: string;
6932
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6937
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6933
6938
  };
6934
6939
  } | {
6935
6940
  id: string;
@@ -6942,7 +6947,7 @@ export interface operations {
6942
6947
  phone?: string;
6943
6948
  name?: string;
6944
6949
  avatar?: string;
6945
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6950
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6946
6951
  };
6947
6952
  issuer?: string;
6948
6953
  } | {
@@ -7264,7 +7269,7 @@ export interface operations {
7264
7269
  phone?: string;
7265
7270
  name?: string;
7266
7271
  avatar?: string;
7267
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7272
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7268
7273
  };
7269
7274
  } | {
7270
7275
  id: string;
@@ -7277,7 +7282,7 @@ export interface operations {
7277
7282
  phone?: string;
7278
7283
  name?: string;
7279
7284
  avatar?: string;
7280
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7285
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7281
7286
  };
7282
7287
  issuer?: string;
7283
7288
  } | {
@@ -7544,7 +7549,7 @@ export interface operations {
7544
7549
  phone?: string;
7545
7550
  name?: string;
7546
7551
  avatar?: string;
7547
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7552
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7548
7553
  };
7549
7554
  } | {
7550
7555
  id: string;
@@ -7557,7 +7562,7 @@ export interface operations {
7557
7562
  phone?: string;
7558
7563
  name?: string;
7559
7564
  avatar?: string;
7560
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7565
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7561
7566
  };
7562
7567
  issuer?: string;
7563
7568
  } | {
@@ -7835,7 +7840,7 @@ export interface operations {
7835
7840
  phone?: string;
7836
7841
  name?: string;
7837
7842
  avatar?: string;
7838
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7843
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7839
7844
  };
7840
7845
  } | {
7841
7846
  id: string;
@@ -7848,7 +7853,7 @@ export interface operations {
7848
7853
  phone?: string;
7849
7854
  name?: string;
7850
7855
  avatar?: string;
7851
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7856
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7852
7857
  };
7853
7858
  issuer?: string;
7854
7859
  } | {
@@ -9743,6 +9748,7 @@ export interface operations {
9743
9748
  };
9744
9749
  socialSignIn: {
9745
9750
  automaticAccountLinking?: boolean;
9751
+ skipRequiredIdentifiers?: boolean;
9746
9752
  };
9747
9753
  /** @description Enabled social sign-in connectors, will displayed on the sign-in page. */
9748
9754
  socialSignInConnectorTargets: string[];
@@ -9791,6 +9797,10 @@ export interface operations {
9791
9797
  /** @enum {string} */
9792
9798
  organizationRequiredMfaPolicy?: "NoPrompt" | "Mandatory";
9793
9799
  };
9800
+ /** @description Adaptive MFA settings. */
9801
+ adaptiveMfa: {
9802
+ enabled?: boolean;
9803
+ };
9794
9804
  singleSignOnEnabled: boolean;
9795
9805
  /** @description The support email address to display on the error pages. */
9796
9806
  supportEmail: string | null;
@@ -9817,6 +9827,11 @@ export interface operations {
9817
9827
  blockDisposableAddress?: unknown;
9818
9828
  };
9819
9829
  forgotPasswordMethods: ("EmailVerificationCode" | "PhoneVerificationCode")[] | null;
9830
+ passkeySignIn: {
9831
+ enabled?: boolean;
9832
+ showPasskeyButton?: boolean;
9833
+ allowAutofill?: boolean;
9834
+ };
9820
9835
  };
9821
9836
  };
9822
9837
  };
@@ -9910,6 +9925,7 @@ export interface operations {
9910
9925
  };
9911
9926
  socialSignIn?: {
9912
9927
  automaticAccountLinking?: boolean;
9928
+ skipRequiredIdentifiers?: boolean;
9913
9929
  };
9914
9930
  /** @description Specify the social sign-in connectors to display on the sign-in page. */
9915
9931
  socialSignInConnectorTargets?: string[];
@@ -9978,6 +9994,11 @@ export interface operations {
9978
9994
  blockDisposableAddress?: unknown;
9979
9995
  };
9980
9996
  forgotPasswordMethods?: ("EmailVerificationCode" | "PhoneVerificationCode")[] | null;
9997
+ passkeySignIn?: {
9998
+ enabled?: boolean;
9999
+ showPasskeyButton?: boolean;
10000
+ allowAutofill?: boolean;
10001
+ };
9981
10002
  termsOfUseUrl?: (string | null) | string;
9982
10003
  privacyPolicyUrl?: (string | null) | string;
9983
10004
  /** @description The support email address to display on the error pages. */
@@ -9986,6 +10007,8 @@ export interface operations {
9986
10007
  supportWebsiteUrl?: (string | null) | string;
9987
10008
  /** @description The fallback URL to redirect users when the sign-in session does not exist or unknown. Client should initiate a new authentication flow after the redirection. */
9988
10009
  unknownSessionRedirectUrl?: (string | null) | string;
10010
+ /** @description Adaptive MFA settings. Only effective when developer features are enabled. */
10011
+ adaptiveMfa?: unknown;
9989
10012
  };
9990
10013
  };
9991
10014
  };
@@ -10046,6 +10069,7 @@ export interface operations {
10046
10069
  };
10047
10070
  socialSignIn: {
10048
10071
  automaticAccountLinking?: boolean;
10072
+ skipRequiredIdentifiers?: boolean;
10049
10073
  };
10050
10074
  socialSignInConnectorTargets: string[];
10051
10075
  /** @enum {string} */
@@ -10090,6 +10114,9 @@ export interface operations {
10090
10114
  /** @enum {string} */
10091
10115
  organizationRequiredMfaPolicy?: "NoPrompt" | "Mandatory";
10092
10116
  };
10117
+ adaptiveMfa: {
10118
+ enabled?: boolean;
10119
+ };
10093
10120
  singleSignOnEnabled: boolean;
10094
10121
  supportEmail: string | null;
10095
10122
  supportWebsiteUrl: string | null;
@@ -10107,6 +10134,11 @@ export interface operations {
10107
10134
  customBlocklist?: string[];
10108
10135
  };
10109
10136
  forgotPasswordMethods: ("EmailVerificationCode" | "PhoneVerificationCode")[] | null;
10137
+ passkeySignIn: {
10138
+ enabled?: boolean;
10139
+ showPasskeyButton?: boolean;
10140
+ allowAutofill?: boolean;
10141
+ };
10110
10142
  };
10111
10143
  };
10112
10144
  };
@@ -11599,7 +11631,10 @@ export interface operations {
11599
11631
  [name: string]: unknown;
11600
11632
  };
11601
11633
  content: {
11602
- "application/json": unknown;
11634
+ "application/json": {
11635
+ /** @description An array of API resource role IDs assigned to the user. */
11636
+ roleIds: string[];
11637
+ };
11603
11638
  };
11604
11639
  };
11605
11640
  /** @description Bad Request */
@@ -11664,7 +11699,12 @@ export interface operations {
11664
11699
  [name: string]: unknown;
11665
11700
  };
11666
11701
  content: {
11667
- "application/json": unknown;
11702
+ "application/json": {
11703
+ /** @description An array of API resource role IDs requested for assignment. */
11704
+ roleIds: string[];
11705
+ /** @description An array of API resource role IDs newly assigned to the user. */
11706
+ addedRoleIds: string[];
11707
+ };
11668
11708
  };
11669
11709
  };
11670
11710
  /** @description Bad Request */
@@ -12211,6 +12251,7 @@ export interface operations {
12211
12251
  "application/json": {
12212
12252
  id: string;
12213
12253
  createdAt: string;
12254
+ lastUsedAt?: string;
12214
12255
  /** @enum {string} */
12215
12256
  type: "Totp" | "WebAuthn" | "BackupCode" | "EmailVerificationCode" | "PhoneVerificationCode";
12216
12257
  agent?: string;
@@ -13000,6 +13041,34 @@ export interface operations {
13000
13041
  } | string;
13001
13042
  ip?: string;
13002
13043
  userAgent?: string;
13044
+ userAgentParsed?: {
13045
+ ua?: string;
13046
+ browser?: {
13047
+ name?: string;
13048
+ version?: string;
13049
+ major?: string;
13050
+ type?: string;
13051
+ };
13052
+ device?: {
13053
+ model?: string;
13054
+ type?: string;
13055
+ vendor?: string;
13056
+ };
13057
+ engine?: {
13058
+ name?: string;
13059
+ version?: string;
13060
+ };
13061
+ os?: {
13062
+ name?: string;
13063
+ version?: string;
13064
+ };
13065
+ cpu?: {
13066
+ architecture?: string;
13067
+ };
13068
+ };
13069
+ injectedHeaders?: {
13070
+ [key: string]: string;
13071
+ };
13003
13072
  userId?: string;
13004
13073
  applicationId?: string;
13005
13074
  sessionId?: string;
@@ -13065,6 +13134,34 @@ export interface operations {
13065
13134
  } | string;
13066
13135
  ip?: string;
13067
13136
  userAgent?: string;
13137
+ userAgentParsed?: {
13138
+ ua?: string;
13139
+ browser?: {
13140
+ name?: string;
13141
+ version?: string;
13142
+ major?: string;
13143
+ type?: string;
13144
+ };
13145
+ device?: {
13146
+ model?: string;
13147
+ type?: string;
13148
+ vendor?: string;
13149
+ };
13150
+ engine?: {
13151
+ name?: string;
13152
+ version?: string;
13153
+ };
13154
+ os?: {
13155
+ name?: string;
13156
+ version?: string;
13157
+ };
13158
+ cpu?: {
13159
+ architecture?: string;
13160
+ };
13161
+ };
13162
+ injectedHeaders?: {
13163
+ [key: string]: string;
13164
+ };
13068
13165
  userId?: string;
13069
13166
  applicationId?: string;
13070
13167
  sessionId?: string;
@@ -13713,8 +13810,8 @@ export interface operations {
13713
13810
  /** @enum {string} */
13714
13811
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
13715
13812
  oidcClientMetadata: {
13716
- redirectUris: (Record<string, never> | Record<string, never>)[];
13717
- postLogoutRedirectUris: string[];
13813
+ redirectUris: Record<string, never>[];
13814
+ postLogoutRedirectUris: Record<string, never>[];
13718
13815
  /** Format: url */
13719
13816
  backchannelLogoutUri?: string;
13720
13817
  backchannelLogoutSessionRequired?: boolean;
@@ -13728,6 +13825,7 @@ export interface operations {
13728
13825
  tenantId?: string;
13729
13826
  alwaysIssueRefreshToken?: boolean;
13730
13827
  rotateRefreshToken?: boolean;
13828
+ allowTokenExchange?: boolean;
13731
13829
  };
13732
13830
  protectedAppMetadata: {
13733
13831
  host: string;
@@ -14890,6 +14988,34 @@ export interface operations {
14890
14988
  } | string;
14891
14989
  ip?: string;
14892
14990
  userAgent?: string;
14991
+ userAgentParsed?: {
14992
+ ua?: string;
14993
+ browser?: {
14994
+ name?: string;
14995
+ version?: string;
14996
+ major?: string;
14997
+ type?: string;
14998
+ };
14999
+ device?: {
15000
+ model?: string;
15001
+ type?: string;
15002
+ vendor?: string;
15003
+ };
15004
+ engine?: {
15005
+ name?: string;
15006
+ version?: string;
15007
+ };
15008
+ os?: {
15009
+ name?: string;
15010
+ version?: string;
15011
+ };
15012
+ cpu?: {
15013
+ architecture?: string;
15014
+ };
15015
+ };
15016
+ injectedHeaders?: {
15017
+ [key: string]: string;
15018
+ };
14893
15019
  userId?: string;
14894
15020
  applicationId?: string;
14895
15021
  sessionId?: string;
@@ -18071,8 +18197,8 @@ export interface operations {
18071
18197
  /** @enum {string} */
18072
18198
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
18073
18199
  oidcClientMetadata: {
18074
- redirectUris: (Record<string, never> | Record<string, never>)[];
18075
- postLogoutRedirectUris: string[];
18200
+ redirectUris: Record<string, never>[];
18201
+ postLogoutRedirectUris: Record<string, never>[];
18076
18202
  /** Format: url */
18077
18203
  backchannelLogoutUri?: string;
18078
18204
  backchannelLogoutSessionRequired?: boolean;
@@ -18086,6 +18212,7 @@ export interface operations {
18086
18212
  tenantId?: string;
18087
18213
  alwaysIssueRefreshToken?: boolean;
18088
18214
  rotateRefreshToken?: boolean;
18215
+ allowTokenExchange?: boolean;
18089
18216
  };
18090
18217
  protectedAppMetadata: {
18091
18218
  host: string;
@@ -20156,8 +20283,8 @@ export interface operations {
20156
20283
  query?: never;
20157
20284
  header?: never;
20158
20285
  path: {
20159
- /** @description The ID of the SAML application. */
20160
- id: string;
20286
+ /** @description The unique identifier of the saml application. */
20287
+ id: components["parameters"]["samlApplicationId-root"];
20161
20288
  };
20162
20289
  cookie?: never;
20163
20290
  };
@@ -20556,8 +20683,8 @@ export interface operations {
20556
20683
  query?: never;
20557
20684
  header?: never;
20558
20685
  path: {
20559
- /** @description The ID of the SAML application. */
20560
- id: string;
20686
+ /** @description The unique identifier of the saml application. */
20687
+ id: components["parameters"]["samlApplicationId-root"];
20561
20688
  };
20562
20689
  cookie?: never;
20563
20690
  };
@@ -20626,8 +20753,8 @@ export interface operations {
20626
20753
  query?: never;
20627
20754
  header?: never;
20628
20755
  path: {
20629
- /** @description The ID of the SAML application. */
20630
- id: string;
20756
+ /** @description The unique identifier of the saml application. */
20757
+ id: components["parameters"]["samlApplicationId-root"];
20631
20758
  /** @description The unique identifier of the secret. */
20632
20759
  secretId: components["parameters"]["secretId"];
20633
20760
  };
@@ -21554,6 +21681,9 @@ export interface operations {
21554
21681
  siteKey: string;
21555
21682
  secretKey: string;
21556
21683
  projectId: string;
21684
+ domain?: string;
21685
+ /** @enum {string} */
21686
+ mode?: "invisible" | "checkbox";
21557
21687
  };
21558
21688
  createdAt: number;
21559
21689
  updatedAt: number;
@@ -21605,6 +21735,9 @@ export interface operations {
21605
21735
  siteKey: string;
21606
21736
  secretKey: string;
21607
21737
  projectId: string;
21738
+ domain?: string;
21739
+ /** @enum {string} */
21740
+ mode?: "invisible" | "checkbox";
21608
21741
  };
21609
21742
  };
21610
21743
  };
@@ -21630,6 +21763,9 @@ export interface operations {
21630
21763
  siteKey: string;
21631
21764
  secretKey: string;
21632
21765
  projectId: string;
21766
+ domain?: string;
21767
+ /** @enum {string} */
21768
+ mode?: "invisible" | "checkbox";
21633
21769
  };
21634
21770
  createdAt: number;
21635
21771
  updatedAt: number;
@@ -22908,6 +23044,7 @@ export interface operations {
22908
23044
  };
22909
23045
  socialSignIn: {
22910
23046
  automaticAccountLinking?: boolean;
23047
+ skipRequiredIdentifiers?: boolean;
22911
23048
  };
22912
23049
  socialSignInConnectorTargets: string[];
22913
23050
  /** @enum {string} */
@@ -22952,6 +23089,9 @@ export interface operations {
22952
23089
  /** @enum {string} */
22953
23090
  organizationRequiredMfaPolicy?: "NoPrompt" | "Mandatory";
22954
23091
  };
23092
+ adaptiveMfa: {
23093
+ enabled?: boolean;
23094
+ };
22955
23095
  singleSignOnEnabled: boolean;
22956
23096
  supportEmail: string | null;
22957
23097
  supportWebsiteUrl: string | null;
@@ -22968,6 +23108,11 @@ export interface operations {
22968
23108
  blockSubaddressing?: boolean;
22969
23109
  customBlocklist?: string[];
22970
23110
  };
23111
+ passkeySignIn: {
23112
+ enabled?: boolean;
23113
+ showPasskeyButton?: boolean;
23114
+ allowAutofill?: boolean;
23115
+ };
22971
23116
  socialConnectors: {
22972
23117
  id: string;
22973
23118
  target: string;
@@ -23004,6 +23149,9 @@ export interface operations {
23004
23149
  /** @enum {string} */
23005
23150
  type: "RecaptchaEnterprise" | "Turnstile";
23006
23151
  siteKey: string;
23152
+ domain?: string;
23153
+ /** @enum {string} */
23154
+ mode?: "invisible" | "checkbox";
23007
23155
  };
23008
23156
  customProfileFields: {
23009
23157
  tenantId: string;
@@ -23168,6 +23316,7 @@ export interface operations {
23168
23316
  };
23169
23317
  socialSignIn: {
23170
23318
  automaticAccountLinking?: boolean;
23319
+ skipRequiredIdentifiers?: boolean;
23171
23320
  };
23172
23321
  socialSignInConnectorTargets: string[];
23173
23322
  /** @enum {string} */
@@ -23212,6 +23361,9 @@ export interface operations {
23212
23361
  /** @enum {string} */
23213
23362
  organizationRequiredMfaPolicy?: "NoPrompt" | "Mandatory";
23214
23363
  };
23364
+ adaptiveMfa: {
23365
+ enabled?: boolean;
23366
+ };
23215
23367
  singleSignOnEnabled: boolean;
23216
23368
  supportEmail: string | null;
23217
23369
  supportWebsiteUrl: string | null;
@@ -23228,6 +23380,11 @@ export interface operations {
23228
23380
  blockSubaddressing?: boolean;
23229
23381
  customBlocklist?: string[];
23230
23382
  };
23383
+ passkeySignIn: {
23384
+ enabled?: boolean;
23385
+ showPasskeyButton?: boolean;
23386
+ allowAutofill?: boolean;
23387
+ };
23231
23388
  socialConnectors: {
23232
23389
  id: string;
23233
23390
  target: string;
@@ -23264,6 +23421,9 @@ export interface operations {
23264
23421
  /** @enum {string} */
23265
23422
  type: "RecaptchaEnterprise" | "Turnstile";
23266
23423
  siteKey: string;
23424
+ domain?: string;
23425
+ /** @enum {string} */
23426
+ mode?: "invisible" | "checkbox";
23267
23427
  };
23268
23428
  customProfileFields: {
23269
23429
  tenantId: string;
@@ -23472,8 +23632,8 @@ export interface operations {
23472
23632
  query?: never;
23473
23633
  header?: never;
23474
23634
  path: {
23475
- /** @description The ID of the SAML application. */
23476
- id: string;
23635
+ /** @description The unique identifier of the saml application. */
23636
+ id: components["parameters"]["samlApplicationId-root"];
23477
23637
  };
23478
23638
  cookie?: never;
23479
23639
  };
@@ -23519,8 +23679,8 @@ export interface operations {
23519
23679
  };
23520
23680
  header?: never;
23521
23681
  path: {
23522
- /** @description The ID of the SAML application. */
23523
- id: string;
23682
+ /** @description The unique identifier of the saml application. */
23683
+ id: components["parameters"]["samlApplicationId-root"];
23524
23684
  };
23525
23685
  cookie?: never;
23526
23686
  };
@@ -23561,7 +23721,7 @@ export interface operations {
23561
23721
  /** @description The signature algorithm. */
23562
23722
  SigAlg?: string;
23563
23723
  /** @description The relay state parameter. */
23564
- RelayState?: string;
23724
+ RelayState?: string | null;
23565
23725
  };
23566
23726
  header?: never;
23567
23727
  path: {
@@ -23618,7 +23778,7 @@ export interface operations {
23618
23778
  content: {
23619
23779
  "application/json": {
23620
23780
  SAMLRequest: string;
23621
- RelayState?: string;
23781
+ RelayState?: string | null;
23622
23782
  };
23623
23783
  "application/x-www-form-urlencoded": {
23624
23784
  /** @description Base64-encoded SAML request message. */
package/lib/management.d.ts CHANGED
@@ -27,6 +27,20 @@ export type CreateManagementApiOptions = {
27
27
  */
28
28
  apiIndicator?: string;
29
29
  };
30
+ /**
31
+ * Options for creating an API client with custom token authentication.
32
+ */
33
+ export type CreateApiClientOptions = {
34
+ /**
35
+ * The base URL for the Management API.
36
+ */
37
+ baseUrl: string;
38
+ /**
39
+ * A function that returns a promise resolving to the access token.
40
+ * This function will be called for each request that requires authentication.
41
+ */
42
+ getToken: () => Promise<string>;
43
+ };
30
44
  /**
31
45
  * Returns the base URL for the Management API based on the tenant ID.
32
46
  * @param tenantId The tenant ID to construct the base URL.
@@ -45,6 +59,31 @@ export declare const getManagementApiIndicator: (tenantId: string) => string;
45
59
  * This is used when requesting an access token for the Management API.
46
60
  */
47
61
  export declare const allScope = "all";
62
+ /**
63
+ * Creates an API client with custom token authentication.
64
+ *
65
+ * This function is useful when you need full control over the authentication flow,
66
+ * such as custom token sources.
67
+ *
68
+ * The client automatically skips authentication for `.well-known` endpoints.
69
+ *
70
+ * @param options The options including base URL and token getter function.
71
+ * @returns A configured API client with type-safe methods.
72
+ * @example
73
+ * ```ts
74
+ * import { createApiClient } from '@logto/api/management';
75
+ *
76
+ * const client = createApiClient({
77
+ * baseUrl: 'https://my-tenant.logto.app',
78
+ * getToken: async () => getYourToken(),
79
+ * });
80
+ *
81
+ * const response = await client.GET('/api/applications/{id}', {
82
+ * params: { path: { id: 'app-id' } },
83
+ * });
84
+ * ```
85
+ */
86
+ export declare function createApiClient(options: CreateApiClientOptions): Client<paths>;
48
87
  type ManagementApiReturnType = {
49
88
  /**
50
89
  * The API client for the Management API.
package/lib/management.js CHANGED
@@ -18,6 +18,45 @@ export const getManagementApiIndicator = (tenantId) => `${getBaseUrl(tenantId)}/
18
18
  * This is used when requesting an access token for the Management API.
19
19
  */
20
20
  export const allScope = 'all';
21
+ /**
22
+ * Creates an API client with custom token authentication.
23
+ *
24
+ * This function is useful when you need full control over the authentication flow,
25
+ * such as custom token sources.
26
+ *
27
+ * The client automatically skips authentication for `.well-known` endpoints.
28
+ *
29
+ * @param options The options including base URL and token getter function.
30
+ * @returns A configured API client with type-safe methods.
31
+ * @example
32
+ * ```ts
33
+ * import { createApiClient } from '@logto/api/management';
34
+ *
35
+ * const client = createApiClient({
36
+ * baseUrl: 'https://my-tenant.logto.app',
37
+ * getToken: async () => getYourToken(),
38
+ * });
39
+ *
40
+ * const response = await client.GET('/api/applications/{id}', {
41
+ * params: { path: { id: 'app-id' } },
42
+ * });
43
+ * ```
44
+ */
45
+ export function createApiClient(options) {
46
+ const { baseUrl, getToken } = options;
47
+ const client = createClient({ baseUrl });
48
+ client.use({
49
+ async onRequest({ schemaPath, request }) {
50
+ if (schemaPath.includes('/.well-known/')) {
51
+ return;
52
+ }
53
+ const token = await getToken();
54
+ request.headers.set('Authorization', `Bearer ${token}`);
55
+ return request;
56
+ },
57
+ });
58
+ return client;
59
+ }
21
60
  /**
22
61
  * Creates a Management API client with the specified tenant ID and options.
23
62
  *
@@ -72,21 +111,14 @@ export function createManagementApi(tenantId, options) {
72
111
  scope: allScope,
73
112
  },
74
113
  });
75
- const apiClient = createClient({
114
+ const apiClient = createApiClient({
76
115
  baseUrl,
77
- });
78
- apiClient.use({
79
- async onRequest({ schemaPath, request }) {
80
- if (schemaPath.includes('/.well-known/')) {
81
- // Skip auth for well-known endpoints
82
- return;
83
- }
116
+ getToken: async () => {
84
117
  const { value, scope } = await clientCredentials.getAccessToken();
85
118
  if (scope !== allScope) {
86
119
  console.warn(`The scope "${scope}" is not equal to the expected value "${allScope}". This may cause issues with API access. See https://a.logto.io/m2m-mapi to learn more about configuring machine-to-machine access to the Management API.`);
87
120
  }
88
- request.headers.set('Authorization', `Bearer ${value}`);
89
- return request;
121
+ return value;
90
122
  },
91
123
  });
92
124
  return {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@logto/api",
3
- "version": "1.34.0",
3
+ "version": "1.36.0",
4
4
  "description": "Logto API types and clients.",
5
5
  "author": "Silverhand Inc. <contact@silverhand.io>",
6
6
  "homepage": "https://github.com/logto-io/logto#readme",
@@ -11,9 +11,9 @@
11
11
  },
12
12
  "exports": {
13
13
  "./management": {
14
- "default": "./lib/management.js",
15
14
  "types": "./lib/management.d.ts",
16
- "import": "./lib/management.js"
15
+ "import": "./lib/management.js",
16
+ "default": "./lib/management.js"
17
17
  }
18
18
  },
19
19
  "files": [
@@ -37,6 +37,7 @@
37
37
  "@silverhand/ts-config": "6.0.0",
38
38
  "@vitest/coverage-v8": "^3.1.1",
39
39
  "eslint": "^8.57.0",
40
+ "lint-staged": "^15.0.0",
40
41
  "openapi-typescript": "^7.8.0",
41
42
  "prettier": "^3.5.3",
42
43
  "typescript": "^5.5.3",