@logto/api 1.35.0 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +21 -0
  2. package/lib/generated-types/management.d.ts +188 -44
  3. package/lib/management.d.ts +39 -0
  4. package/lib/management.js +42 -10
  5. package/package.json +4 -3
package/README.md CHANGED
@@ -51,6 +51,27 @@ const { apiClient } = createManagementApi('default', {
51
51
  });
52
52
  ```
53
53
 
54
+ #### Custom authentication
55
+
56
+ For advanced use cases where you need full control over the authentication logic, use `createApiClient`:
57
+
58
+ ```ts
59
+ import { createApiClient } from '@logto/api/management';
60
+
61
+ const client = createApiClient({
62
+ baseUrl: 'https://your-logto-instance.com',
63
+ getToken: async () => {
64
+ // Your custom token retrieval logic
65
+ return getYourToken();
66
+ },
67
+ });
68
+
69
+ // Type-safe API calls
70
+ const response = await client.GET('/api/applications/{id}', {
71
+ params: { path: { id: 'your-app-id' } },
72
+ });
73
+ ```
74
+
54
75
  ### API documentation
55
76
 
56
77
  For detailed API documentation, refer to the [Logto Management API documentation](https://openapi.logto.io/).
package/lib/generated-types/management.d.ts CHANGED
@@ -3638,8 +3638,6 @@ export interface components {
3638
3638
  /** @description The unique identifier of the one time token. */
3639
3639
  oneTimeTokenId: string;
3640
3640
  /** @description The ID of the SAML application. */
3641
- "saml-applicationId-root": string;
3642
- /** @description The ID of the SAML application. */
3643
3641
  "samlId-root": string;
3644
3642
  };
3645
3643
  requestBodies: never;
@@ -3686,8 +3684,8 @@ export interface operations {
3686
3684
  /** @enum {string} */
3687
3685
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
3688
3686
  oidcClientMetadata: {
3689
- redirectUris: (Record<string, never> | Record<string, never>)[];
3690
- postLogoutRedirectUris: string[];
3687
+ redirectUris: Record<string, never>[];
3688
+ postLogoutRedirectUris: Record<string, never>[];
3691
3689
  /** Format: url */
3692
3690
  backchannelLogoutUri?: string;
3693
3691
  backchannelLogoutSessionRequired?: boolean;
@@ -3701,6 +3699,7 @@ export interface operations {
3701
3699
  tenantId?: string;
3702
3700
  alwaysIssueRefreshToken?: boolean;
3703
3701
  rotateRefreshToken?: boolean;
3702
+ allowTokenExchange?: boolean;
3704
3703
  };
3705
3704
  protectedAppMetadata: {
3706
3705
  host: string;
@@ -3777,8 +3776,8 @@ export interface operations {
3777
3776
  /** @enum {string} */
3778
3777
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
3779
3778
  oidcClientMetadata?: {
3780
- redirectUris: (Record<string, never> | Record<string, never>)[];
3781
- postLogoutRedirectUris: string[];
3779
+ redirectUris: Record<string, never>[];
3780
+ postLogoutRedirectUris: Record<string, never>[];
3782
3781
  /** Format: url */
3783
3782
  backchannelLogoutUri?: string;
3784
3783
  backchannelLogoutSessionRequired?: boolean;
@@ -3792,6 +3791,7 @@ export interface operations {
3792
3791
  tenantId?: string;
3793
3792
  alwaysIssueRefreshToken?: boolean;
3794
3793
  rotateRefreshToken?: boolean;
3794
+ allowTokenExchange?: boolean;
3795
3795
  };
3796
3796
  /** @description arbitrary */
3797
3797
  customData?: Record<string, never>;
@@ -3822,8 +3822,8 @@ export interface operations {
3822
3822
  /** @enum {string} */
3823
3823
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
3824
3824
  oidcClientMetadata: {
3825
- redirectUris: (Record<string, never> | Record<string, never>)[];
3826
- postLogoutRedirectUris: string[];
3825
+ redirectUris: Record<string, never>[];
3826
+ postLogoutRedirectUris: Record<string, never>[];
3827
3827
  /** Format: url */
3828
3828
  backchannelLogoutUri?: string;
3829
3829
  backchannelLogoutSessionRequired?: boolean;
@@ -3837,6 +3837,7 @@ export interface operations {
3837
3837
  tenantId?: string;
3838
3838
  alwaysIssueRefreshToken?: boolean;
3839
3839
  rotateRefreshToken?: boolean;
3840
+ allowTokenExchange?: boolean;
3840
3841
  };
3841
3842
  protectedAppMetadata: {
3842
3843
  host: string;
@@ -3939,8 +3940,8 @@ export interface operations {
3939
3940
  /** @enum {string} */
3940
3941
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
3941
3942
  oidcClientMetadata: {
3942
- redirectUris: (Record<string, never> | Record<string, never>)[];
3943
- postLogoutRedirectUris: string[];
3943
+ redirectUris: Record<string, never>[];
3944
+ postLogoutRedirectUris: Record<string, never>[];
3944
3945
  /** Format: url */
3945
3946
  backchannelLogoutUri?: string;
3946
3947
  backchannelLogoutSessionRequired?: boolean;
@@ -3954,6 +3955,7 @@ export interface operations {
3954
3955
  tenantId?: string;
3955
3956
  alwaysIssueRefreshToken?: boolean;
3956
3957
  rotateRefreshToken?: boolean;
3958
+ allowTokenExchange?: boolean;
3957
3959
  };
3958
3960
  protectedAppMetadata: {
3959
3961
  host: string;
@@ -4095,8 +4097,8 @@ export interface operations {
4095
4097
  name?: string;
4096
4098
  description?: string | null;
4097
4099
  oidcClientMetadata?: {
4098
- redirectUris: (Record<string, never> | Record<string, never>)[];
4099
- postLogoutRedirectUris: string[];
4100
+ redirectUris: Record<string, never>[];
4101
+ postLogoutRedirectUris: Record<string, never>[];
4100
4102
  /** Format: url */
4101
4103
  backchannelLogoutUri?: string;
4102
4104
  backchannelLogoutSessionRequired?: boolean;
@@ -4110,6 +4112,7 @@ export interface operations {
4110
4112
  tenantId?: string;
4111
4113
  alwaysIssueRefreshToken?: boolean;
4112
4114
  rotateRefreshToken?: boolean;
4115
+ allowTokenExchange?: boolean;
4113
4116
  };
4114
4117
  /** @description arbitrary */
4115
4118
  customData?: Record<string, never>;
@@ -4141,8 +4144,8 @@ export interface operations {
4141
4144
  /** @enum {string} */
4142
4145
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
4143
4146
  oidcClientMetadata: {
4144
- redirectUris: (Record<string, never> | Record<string, never>)[];
4145
- postLogoutRedirectUris: string[];
4147
+ redirectUris: Record<string, never>[];
4148
+ postLogoutRedirectUris: Record<string, never>[];
4146
4149
  /** Format: url */
4147
4150
  backchannelLogoutUri?: string;
4148
4151
  backchannelLogoutSessionRequired?: boolean;
@@ -4156,6 +4159,7 @@ export interface operations {
4156
4159
  tenantId?: string;
4157
4160
  alwaysIssueRefreshToken?: boolean;
4158
4161
  rotateRefreshToken?: boolean;
4162
+ allowTokenExchange?: boolean;
4159
4163
  };
4160
4164
  protectedAppMetadata: {
4161
4165
  host: string;
@@ -4878,8 +4882,8 @@ export interface operations {
4878
4882
  /** @enum {string} */
4879
4883
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
4880
4884
  oidcClientMetadata: {
4881
- redirectUris: (Record<string, never> | Record<string, never>)[];
4882
- postLogoutRedirectUris: string[];
4885
+ redirectUris: Record<string, never>[];
4886
+ postLogoutRedirectUris: Record<string, never>[];
4883
4887
  /** Format: url */
4884
4888
  backchannelLogoutUri?: string;
4885
4889
  backchannelLogoutSessionRequired?: boolean;
@@ -4893,6 +4897,7 @@ export interface operations {
4893
4897
  tenantId?: string;
4894
4898
  alwaysIssueRefreshToken?: boolean;
4895
4899
  rotateRefreshToken?: boolean;
4900
+ allowTokenExchange?: boolean;
4896
4901
  };
4897
4902
  protectedAppMetadata: {
4898
4903
  host: string;
@@ -6398,7 +6403,7 @@ export interface operations {
6398
6403
  phone?: string;
6399
6404
  name?: string;
6400
6405
  avatar?: string;
6401
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6406
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6402
6407
  };
6403
6408
  } | {
6404
6409
  id: string;
@@ -6411,7 +6416,7 @@ export interface operations {
6411
6416
  phone?: string;
6412
6417
  name?: string;
6413
6418
  avatar?: string;
6414
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6419
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6415
6420
  };
6416
6421
  issuer?: string;
6417
6422
  } | {
@@ -6691,7 +6696,7 @@ export interface operations {
6691
6696
  phone?: string;
6692
6697
  name?: string;
6693
6698
  avatar?: string;
6694
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6699
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6695
6700
  };
6696
6701
  } | {
6697
6702
  id: string;
@@ -6704,7 +6709,7 @@ export interface operations {
6704
6709
  phone?: string;
6705
6710
  name?: string;
6706
6711
  avatar?: string;
6707
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6712
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6708
6713
  };
6709
6714
  issuer?: string;
6710
6715
  } | {
@@ -6929,7 +6934,7 @@ export interface operations {
6929
6934
  phone?: string;
6930
6935
  name?: string;
6931
6936
  avatar?: string;
6932
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6937
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6933
6938
  };
6934
6939
  } | {
6935
6940
  id: string;
@@ -6942,7 +6947,7 @@ export interface operations {
6942
6947
  phone?: string;
6943
6948
  name?: string;
6944
6949
  avatar?: string;
6945
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
6950
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
6946
6951
  };
6947
6952
  issuer?: string;
6948
6953
  } | {
@@ -7264,7 +7269,7 @@ export interface operations {
7264
7269
  phone?: string;
7265
7270
  name?: string;
7266
7271
  avatar?: string;
7267
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7272
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7268
7273
  };
7269
7274
  } | {
7270
7275
  id: string;
@@ -7277,7 +7282,7 @@ export interface operations {
7277
7282
  phone?: string;
7278
7283
  name?: string;
7279
7284
  avatar?: string;
7280
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7285
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7281
7286
  };
7282
7287
  issuer?: string;
7283
7288
  } | {
@@ -7544,7 +7549,7 @@ export interface operations {
7544
7549
  phone?: string;
7545
7550
  name?: string;
7546
7551
  avatar?: string;
7547
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7552
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7548
7553
  };
7549
7554
  } | {
7550
7555
  id: string;
@@ -7557,7 +7562,7 @@ export interface operations {
7557
7562
  phone?: string;
7558
7563
  name?: string;
7559
7564
  avatar?: string;
7560
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7565
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7561
7566
  };
7562
7567
  issuer?: string;
7563
7568
  } | {
@@ -7835,7 +7840,7 @@ export interface operations {
7835
7840
  phone?: string;
7836
7841
  name?: string;
7837
7842
  avatar?: string;
7838
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7843
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7839
7844
  };
7840
7845
  } | {
7841
7846
  id: string;
@@ -7848,7 +7853,7 @@ export interface operations {
7848
7853
  phone?: string;
7849
7854
  name?: string;
7850
7855
  avatar?: string;
7851
- rawData?: (Record<string, never> | (string | number | boolean | unknown | Record<string, never>)[] | string | number | boolean) | null;
7856
+ rawData?: (Record<string, never> | (string | number | boolean | (string | null) | Record<string, never>)[] | string | number | boolean) | null;
7852
7857
  };
7853
7858
  issuer?: string;
7854
7859
  } | {
@@ -9743,6 +9748,7 @@ export interface operations {
9743
9748
  };
9744
9749
  socialSignIn: {
9745
9750
  automaticAccountLinking?: boolean;
9751
+ skipRequiredIdentifiers?: boolean;
9746
9752
  };
9747
9753
  /** @description Enabled social sign-in connectors, will displayed on the sign-in page. */
9748
9754
  socialSignInConnectorTargets: string[];
@@ -9791,6 +9797,10 @@ export interface operations {
9791
9797
  /** @enum {string} */
9792
9798
  organizationRequiredMfaPolicy?: "NoPrompt" | "Mandatory";
9793
9799
  };
9800
+ /** @description Adaptive MFA settings. */
9801
+ adaptiveMfa: {
9802
+ enabled?: boolean;
9803
+ };
9794
9804
  singleSignOnEnabled: boolean;
9795
9805
  /** @description The support email address to display on the error pages. */
9796
9806
  supportEmail: string | null;
@@ -9817,6 +9827,11 @@ export interface operations {
9817
9827
  blockDisposableAddress?: unknown;
9818
9828
  };
9819
9829
  forgotPasswordMethods: ("EmailVerificationCode" | "PhoneVerificationCode")[] | null;
9830
+ passkeySignIn: {
9831
+ enabled?: boolean;
9832
+ showPasskeyButton?: boolean;
9833
+ allowAutofill?: boolean;
9834
+ };
9820
9835
  };
9821
9836
  };
9822
9837
  };
@@ -9910,6 +9925,7 @@ export interface operations {
9910
9925
  };
9911
9926
  socialSignIn?: {
9912
9927
  automaticAccountLinking?: boolean;
9928
+ skipRequiredIdentifiers?: boolean;
9913
9929
  };
9914
9930
  /** @description Specify the social sign-in connectors to display on the sign-in page. */
9915
9931
  socialSignInConnectorTargets?: string[];
@@ -9978,6 +9994,11 @@ export interface operations {
9978
9994
  blockDisposableAddress?: unknown;
9979
9995
  };
9980
9996
  forgotPasswordMethods?: ("EmailVerificationCode" | "PhoneVerificationCode")[] | null;
9997
+ passkeySignIn?: {
9998
+ enabled?: boolean;
9999
+ showPasskeyButton?: boolean;
10000
+ allowAutofill?: boolean;
10001
+ };
9981
10002
  termsOfUseUrl?: (string | null) | string;
9982
10003
  privacyPolicyUrl?: (string | null) | string;
9983
10004
  /** @description The support email address to display on the error pages. */
@@ -9986,6 +10007,8 @@ export interface operations {
9986
10007
  supportWebsiteUrl?: (string | null) | string;
9987
10008
  /** @description The fallback URL to redirect users when the sign-in session does not exist or unknown. Client should initiate a new authentication flow after the redirection. */
9988
10009
  unknownSessionRedirectUrl?: (string | null) | string;
10010
+ /** @description Adaptive MFA settings. Only effective when developer features are enabled. */
10011
+ adaptiveMfa?: unknown;
9989
10012
  };
9990
10013
  };
9991
10014
  };
@@ -10046,6 +10069,7 @@ export interface operations {
10046
10069
  };
10047
10070
  socialSignIn: {
10048
10071
  automaticAccountLinking?: boolean;
10072
+ skipRequiredIdentifiers?: boolean;
10049
10073
  };
10050
10074
  socialSignInConnectorTargets: string[];
10051
10075
  /** @enum {string} */
@@ -10090,6 +10114,9 @@ export interface operations {
10090
10114
  /** @enum {string} */
10091
10115
  organizationRequiredMfaPolicy?: "NoPrompt" | "Mandatory";
10092
10116
  };
10117
+ adaptiveMfa: {
10118
+ enabled?: boolean;
10119
+ };
10093
10120
  singleSignOnEnabled: boolean;
10094
10121
  supportEmail: string | null;
10095
10122
  supportWebsiteUrl: string | null;
@@ -10107,6 +10134,11 @@ export interface operations {
10107
10134
  customBlocklist?: string[];
10108
10135
  };
10109
10136
  forgotPasswordMethods: ("EmailVerificationCode" | "PhoneVerificationCode")[] | null;
10137
+ passkeySignIn: {
10138
+ enabled?: boolean;
10139
+ showPasskeyButton?: boolean;
10140
+ allowAutofill?: boolean;
10141
+ };
10110
10142
  };
10111
10143
  };
10112
10144
  };
@@ -11599,7 +11631,10 @@ export interface operations {
11599
11631
  [name: string]: unknown;
11600
11632
  };
11601
11633
  content: {
11602
- "application/json": unknown;
11634
+ "application/json": {
11635
+ /** @description An array of API resource role IDs assigned to the user. */
11636
+ roleIds: string[];
11637
+ };
11603
11638
  };
11604
11639
  };
11605
11640
  /** @description Bad Request */
@@ -11664,7 +11699,12 @@ export interface operations {
11664
11699
  [name: string]: unknown;
11665
11700
  };
11666
11701
  content: {
11667
- "application/json": unknown;
11702
+ "application/json": {
11703
+ /** @description An array of API resource role IDs requested for assignment. */
11704
+ roleIds: string[];
11705
+ /** @description An array of API resource role IDs newly assigned to the user. */
11706
+ addedRoleIds: string[];
11707
+ };
11668
11708
  };
11669
11709
  };
11670
11710
  /** @description Bad Request */
@@ -13001,6 +13041,34 @@ export interface operations {
13001
13041
  } | string;
13002
13042
  ip?: string;
13003
13043
  userAgent?: string;
13044
+ userAgentParsed?: {
13045
+ ua?: string;
13046
+ browser?: {
13047
+ name?: string;
13048
+ version?: string;
13049
+ major?: string;
13050
+ type?: string;
13051
+ };
13052
+ device?: {
13053
+ model?: string;
13054
+ type?: string;
13055
+ vendor?: string;
13056
+ };
13057
+ engine?: {
13058
+ name?: string;
13059
+ version?: string;
13060
+ };
13061
+ os?: {
13062
+ name?: string;
13063
+ version?: string;
13064
+ };
13065
+ cpu?: {
13066
+ architecture?: string;
13067
+ };
13068
+ };
13069
+ injectedHeaders?: {
13070
+ [key: string]: string;
13071
+ };
13004
13072
  userId?: string;
13005
13073
  applicationId?: string;
13006
13074
  sessionId?: string;
@@ -13066,6 +13134,34 @@ export interface operations {
13066
13134
  } | string;
13067
13135
  ip?: string;
13068
13136
  userAgent?: string;
13137
+ userAgentParsed?: {
13138
+ ua?: string;
13139
+ browser?: {
13140
+ name?: string;
13141
+ version?: string;
13142
+ major?: string;
13143
+ type?: string;
13144
+ };
13145
+ device?: {
13146
+ model?: string;
13147
+ type?: string;
13148
+ vendor?: string;
13149
+ };
13150
+ engine?: {
13151
+ name?: string;
13152
+ version?: string;
13153
+ };
13154
+ os?: {
13155
+ name?: string;
13156
+ version?: string;
13157
+ };
13158
+ cpu?: {
13159
+ architecture?: string;
13160
+ };
13161
+ };
13162
+ injectedHeaders?: {
13163
+ [key: string]: string;
13164
+ };
13069
13165
  userId?: string;
13070
13166
  applicationId?: string;
13071
13167
  sessionId?: string;
@@ -13714,8 +13810,8 @@ export interface operations {
13714
13810
  /** @enum {string} */
13715
13811
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
13716
13812
  oidcClientMetadata: {
13717
- redirectUris: (Record<string, never> | Record<string, never>)[];
13718
- postLogoutRedirectUris: string[];
13813
+ redirectUris: Record<string, never>[];
13814
+ postLogoutRedirectUris: Record<string, never>[];
13719
13815
  /** Format: url */
13720
13816
  backchannelLogoutUri?: string;
13721
13817
  backchannelLogoutSessionRequired?: boolean;
@@ -13729,6 +13825,7 @@ export interface operations {
13729
13825
  tenantId?: string;
13730
13826
  alwaysIssueRefreshToken?: boolean;
13731
13827
  rotateRefreshToken?: boolean;
13828
+ allowTokenExchange?: boolean;
13732
13829
  };
13733
13830
  protectedAppMetadata: {
13734
13831
  host: string;
@@ -14891,6 +14988,34 @@ export interface operations {
14891
14988
  } | string;
14892
14989
  ip?: string;
14893
14990
  userAgent?: string;
14991
+ userAgentParsed?: {
14992
+ ua?: string;
14993
+ browser?: {
14994
+ name?: string;
14995
+ version?: string;
14996
+ major?: string;
14997
+ type?: string;
14998
+ };
14999
+ device?: {
15000
+ model?: string;
15001
+ type?: string;
15002
+ vendor?: string;
15003
+ };
15004
+ engine?: {
15005
+ name?: string;
15006
+ version?: string;
15007
+ };
15008
+ os?: {
15009
+ name?: string;
15010
+ version?: string;
15011
+ };
15012
+ cpu?: {
15013
+ architecture?: string;
15014
+ };
15015
+ };
15016
+ injectedHeaders?: {
15017
+ [key: string]: string;
15018
+ };
14894
15019
  userId?: string;
14895
15020
  applicationId?: string;
14896
15021
  sessionId?: string;
@@ -18072,8 +18197,8 @@ export interface operations {
18072
18197
  /** @enum {string} */
18073
18198
  type: "Native" | "SPA" | "Traditional" | "MachineToMachine" | "Protected" | "SAML";
18074
18199
  oidcClientMetadata: {
18075
- redirectUris: (Record<string, never> | Record<string, never>)[];
18076
- postLogoutRedirectUris: string[];
18200
+ redirectUris: Record<string, never>[];
18201
+ postLogoutRedirectUris: Record<string, never>[];
18077
18202
  /** Format: url */
18078
18203
  backchannelLogoutUri?: string;
18079
18204
  backchannelLogoutSessionRequired?: boolean;
@@ -18087,6 +18212,7 @@ export interface operations {
18087
18212
  tenantId?: string;
18088
18213
  alwaysIssueRefreshToken?: boolean;
18089
18214
  rotateRefreshToken?: boolean;
18215
+ allowTokenExchange?: boolean;
18090
18216
  };
18091
18217
  protectedAppMetadata: {
18092
18218
  host: string;
@@ -20157,8 +20283,8 @@ export interface operations {
20157
20283
  query?: never;
20158
20284
  header?: never;
20159
20285
  path: {
20160
- /** @description The ID of the SAML application. */
20161
- id: string;
20286
+ /** @description The unique identifier of the saml application. */
20287
+ id: components["parameters"]["samlApplicationId-root"];
20162
20288
  };
20163
20289
  cookie?: never;
20164
20290
  };
@@ -20557,8 +20683,8 @@ export interface operations {
20557
20683
  query?: never;
20558
20684
  header?: never;
20559
20685
  path: {
20560
- /** @description The ID of the SAML application. */
20561
- id: string;
20686
+ /** @description The unique identifier of the saml application. */
20687
+ id: components["parameters"]["samlApplicationId-root"];
20562
20688
  };
20563
20689
  cookie?: never;
20564
20690
  };
@@ -20627,8 +20753,8 @@ export interface operations {
20627
20753
  query?: never;
20628
20754
  header?: never;
20629
20755
  path: {
20630
- /** @description The ID of the SAML application. */
20631
- id: string;
20756
+ /** @description The unique identifier of the saml application. */
20757
+ id: components["parameters"]["samlApplicationId-root"];
20632
20758
  /** @description The unique identifier of the secret. */
20633
20759
  secretId: components["parameters"]["secretId"];
20634
20760
  };
@@ -22918,6 +23044,7 @@ export interface operations {
22918
23044
  };
22919
23045
  socialSignIn: {
22920
23046
  automaticAccountLinking?: boolean;
23047
+ skipRequiredIdentifiers?: boolean;
22921
23048
  };
22922
23049
  socialSignInConnectorTargets: string[];
22923
23050
  /** @enum {string} */
@@ -22962,6 +23089,9 @@ export interface operations {
22962
23089
  /** @enum {string} */
22963
23090
  organizationRequiredMfaPolicy?: "NoPrompt" | "Mandatory";
22964
23091
  };
23092
+ adaptiveMfa: {
23093
+ enabled?: boolean;
23094
+ };
22965
23095
  singleSignOnEnabled: boolean;
22966
23096
  supportEmail: string | null;
22967
23097
  supportWebsiteUrl: string | null;
@@ -22978,6 +23108,11 @@ export interface operations {
22978
23108
  blockSubaddressing?: boolean;
22979
23109
  customBlocklist?: string[];
22980
23110
  };
23111
+ passkeySignIn: {
23112
+ enabled?: boolean;
23113
+ showPasskeyButton?: boolean;
23114
+ allowAutofill?: boolean;
23115
+ };
22981
23116
  socialConnectors: {
22982
23117
  id: string;
22983
23118
  target: string;
@@ -23181,6 +23316,7 @@ export interface operations {
23181
23316
  };
23182
23317
  socialSignIn: {
23183
23318
  automaticAccountLinking?: boolean;
23319
+ skipRequiredIdentifiers?: boolean;
23184
23320
  };
23185
23321
  socialSignInConnectorTargets: string[];
23186
23322
  /** @enum {string} */
@@ -23225,6 +23361,9 @@ export interface operations {
23225
23361
  /** @enum {string} */
23226
23362
  organizationRequiredMfaPolicy?: "NoPrompt" | "Mandatory";
23227
23363
  };
23364
+ adaptiveMfa: {
23365
+ enabled?: boolean;
23366
+ };
23228
23367
  singleSignOnEnabled: boolean;
23229
23368
  supportEmail: string | null;
23230
23369
  supportWebsiteUrl: string | null;
@@ -23241,6 +23380,11 @@ export interface operations {
23241
23380
  blockSubaddressing?: boolean;
23242
23381
  customBlocklist?: string[];
23243
23382
  };
23383
+ passkeySignIn: {
23384
+ enabled?: boolean;
23385
+ showPasskeyButton?: boolean;
23386
+ allowAutofill?: boolean;
23387
+ };
23244
23388
  socialConnectors: {
23245
23389
  id: string;
23246
23390
  target: string;
@@ -23488,8 +23632,8 @@ export interface operations {
23488
23632
  query?: never;
23489
23633
  header?: never;
23490
23634
  path: {
23491
- /** @description The ID of the SAML application. */
23492
- id: string;
23635
+ /** @description The unique identifier of the saml application. */
23636
+ id: components["parameters"]["samlApplicationId-root"];
23493
23637
  };
23494
23638
  cookie?: never;
23495
23639
  };
@@ -23535,8 +23679,8 @@ export interface operations {
23535
23679
  };
23536
23680
  header?: never;
23537
23681
  path: {
23538
- /** @description The ID of the SAML application. */
23539
- id: string;
23682
+ /** @description The unique identifier of the saml application. */
23683
+ id: components["parameters"]["samlApplicationId-root"];
23540
23684
  };
23541
23685
  cookie?: never;
23542
23686
  };
package/lib/management.d.ts CHANGED
@@ -27,6 +27,20 @@ export type CreateManagementApiOptions = {
27
27
  */
28
28
  apiIndicator?: string;
29
29
  };
30
+ /**
31
+ * Options for creating an API client with custom token authentication.
32
+ */
33
+ export type CreateApiClientOptions = {
34
+ /**
35
+ * The base URL for the Management API.
36
+ */
37
+ baseUrl: string;
38
+ /**
39
+ * A function that returns a promise resolving to the access token.
40
+ * This function will be called for each request that requires authentication.
41
+ */
42
+ getToken: () => Promise<string>;
43
+ };
30
44
  /**
31
45
  * Returns the base URL for the Management API based on the tenant ID.
32
46
  * @param tenantId The tenant ID to construct the base URL.
@@ -45,6 +59,31 @@ export declare const getManagementApiIndicator: (tenantId: string) => string;
45
59
  * This is used when requesting an access token for the Management API.
46
60
  */
47
61
  export declare const allScope = "all";
62
+ /**
63
+ * Creates an API client with custom token authentication.
64
+ *
65
+ * This function is useful when you need full control over the authentication flow,
66
+ * such as custom token sources.
67
+ *
68
+ * The client automatically skips authentication for `.well-known` endpoints.
69
+ *
70
+ * @param options The options including base URL and token getter function.
71
+ * @returns A configured API client with type-safe methods.
72
+ * @example
73
+ * ```ts
74
+ * import { createApiClient } from '@logto/api/management';
75
+ *
76
+ * const client = createApiClient({
77
+ * baseUrl: 'https://my-tenant.logto.app',
78
+ * getToken: async () => getYourToken(),
79
+ * });
80
+ *
81
+ * const response = await client.GET('/api/applications/{id}', {
82
+ * params: { path: { id: 'app-id' } },
83
+ * });
84
+ * ```
85
+ */
86
+ export declare function createApiClient(options: CreateApiClientOptions): Client<paths>;
48
87
  type ManagementApiReturnType = {
49
88
  /**
50
89
  * The API client for the Management API.
package/lib/management.js CHANGED
@@ -18,6 +18,45 @@ export const getManagementApiIndicator = (tenantId) => `${getBaseUrl(tenantId)}/
18
18
  * This is used when requesting an access token for the Management API.
19
19
  */
20
20
  export const allScope = 'all';
21
+ /**
22
+ * Creates an API client with custom token authentication.
23
+ *
24
+ * This function is useful when you need full control over the authentication flow,
25
+ * such as custom token sources.
26
+ *
27
+ * The client automatically skips authentication for `.well-known` endpoints.
28
+ *
29
+ * @param options The options including base URL and token getter function.
30
+ * @returns A configured API client with type-safe methods.
31
+ * @example
32
+ * ```ts
33
+ * import { createApiClient } from '@logto/api/management';
34
+ *
35
+ * const client = createApiClient({
36
+ * baseUrl: 'https://my-tenant.logto.app',
37
+ * getToken: async () => getYourToken(),
38
+ * });
39
+ *
40
+ * const response = await client.GET('/api/applications/{id}', {
41
+ * params: { path: { id: 'app-id' } },
42
+ * });
43
+ * ```
44
+ */
45
+ export function createApiClient(options) {
46
+ const { baseUrl, getToken } = options;
47
+ const client = createClient({ baseUrl });
48
+ client.use({
49
+ async onRequest({ schemaPath, request }) {
50
+ if (schemaPath.includes('/.well-known/')) {
51
+ return;
52
+ }
53
+ const token = await getToken();
54
+ request.headers.set('Authorization', `Bearer ${token}`);
55
+ return request;
56
+ },
57
+ });
58
+ return client;
59
+ }
21
60
  /**
22
61
  * Creates a Management API client with the specified tenant ID and options.
23
62
  *
@@ -72,21 +111,14 @@ export function createManagementApi(tenantId, options) {
72
111
  scope: allScope,
73
112
  },
74
113
  });
75
- const apiClient = createClient({
114
+ const apiClient = createApiClient({
76
115
  baseUrl,
77
- });
78
- apiClient.use({
79
- async onRequest({ schemaPath, request }) {
80
- if (schemaPath.includes('/.well-known/')) {
81
- // Skip auth for well-known endpoints
82
- return;
83
- }
116
+ getToken: async () => {
84
117
  const { value, scope } = await clientCredentials.getAccessToken();
85
118
  if (scope !== allScope) {
86
119
  console.warn(`The scope "${scope}" is not equal to the expected value "${allScope}". This may cause issues with API access. See https://a.logto.io/m2m-mapi to learn more about configuring machine-to-machine access to the Management API.`);
87
120
  }
88
- request.headers.set('Authorization', `Bearer ${value}`);
89
- return request;
121
+ return value;
90
122
  },
91
123
  });
92
124
  return {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@logto/api",
3
- "version": "1.35.0",
3
+ "version": "1.36.0",
4
4
  "description": "Logto API types and clients.",
5
5
  "author": "Silverhand Inc. <contact@silverhand.io>",
6
6
  "homepage": "https://github.com/logto-io/logto#readme",
@@ -11,9 +11,9 @@
11
11
  },
12
12
  "exports": {
13
13
  "./management": {
14
- "default": "./lib/management.js",
15
14
  "types": "./lib/management.d.ts",
16
- "import": "./lib/management.js"
15
+ "import": "./lib/management.js",
16
+ "default": "./lib/management.js"
17
17
  }
18
18
  },
19
19
  "files": [
@@ -37,6 +37,7 @@
37
37
  "@silverhand/ts-config": "6.0.0",
38
38
  "@vitest/coverage-v8": "^3.1.1",
39
39
  "eslint": "^8.57.0",
40
+ "lint-staged": "^15.0.0",
40
41
  "openapi-typescript": "^7.8.0",
41
42
  "prettier": "^3.5.3",
42
43
  "typescript": "^5.5.3",