@logto/core-kit 2.2.0 → 2.2.1

package/lib/index.d.ts

@@ -1,6 +1,6 @@
 export * from './utils/index.js';
 export * from './regex.js';
-export * from './scope.js';
+export * from './openid.js';
 export * from './models/index.js';
 export * from './http.js';
 export * from './password-policy.js';

package/lib/index.js

@@ -1,6 +1,6 @@
 export * from './utils/index.js';
 export * from './regex.js';
-export * from './scope.js';
+export * from './openid.js';
 export * from './models/index.js';
 export * from './http.js';
 export * from './password-policy.js';

package/lib/openid.d.ts

@@ -0,0 +1,112 @@
+/** Scopes that reserved by Logto, which will be added to the auth request automatically. */
+export declare enum ReservedScope {
+    OpenId = "openid",
+    OfflineAccess = "offline_access"
+}
+/** Resources that reserved by Logto, which cannot be defined by users. */
+export declare enum ReservedResource {
+    /**
+     * The resource for organization template per RFC 0001.
+     *
+     * @see {@link https://github.com/logto-io/rfcs | RFC 0001} for more details.
+     */
+    Organization = "urn:logto:resource:organizations"
+}
+export type UserClaim = 'name' | 'picture' | 'username' | 'email' | 'email_verified' | 'phone_number' | 'phone_number_verified' | 'roles' | 'organizations' | 'organization_data' | 'organization_roles' | 'custom_data' | 'identities';
+/**
+ * Scopes for ID Token and Userinfo Endpoint.
+ */
+export declare enum UserScope {
+    /**
+     * Scope for basic user info.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    Profile = "profile",
+    /**
+     * Scope for user email address.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    Email = "email",
+    /**
+     * Scope for user phone number.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    Phone = "phone",
+    /**
+     * Scope for user's custom data.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    CustomData = "custom_data",
+    /**
+     * Scope for user's social identity details.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    Identities = "identities",
+    /**
+     * Scope for user's roles.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    Roles = "roles",
+    /**
+     * Scope for user's organization IDs and perform organization token grant per [RFC 0001](https://github.com/logto-io/rfcs).
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    Organizations = "urn:logto:scope:organizations",
+    /**
+     * Scope for user's organization roles per [RFC 0001](https://github.com/logto-io/rfcs).
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    OrganizationRoles = "urn:logto:scope:organization_roles"
+}
+/**
+ * Mapped claims that ID Token includes.
+ */
+export declare const idTokenClaims: Readonly<Record<UserScope, UserClaim[]>>;
+/**
+ * Additional claims that Userinfo Endpoint returns.
+ */
+export declare const userinfoClaims: Readonly<Record<UserScope, UserClaim[]>>;
+export declare const userClaims: Readonly<Record<UserScope, UserClaim[]>>;
+/**
+ * The prefix of the URN (Uniform Resource Name) for the organization in Logto.
+ *
+ * @example
+ * ```
+ * urn:logto:organization:123 // organization with ID 123
+ * ```
+ * @see {@link https://en.wikipedia.org/wiki/Uniform_Resource_Name | Uniform Resource Name}
+ */
+export declare const organizationUrnPrefix = "urn:logto:organization:";
+/**
+ * Build the URN (Uniform Resource Name) for the organization in Logto.
+ *
+ * @param organizationId The ID of the organization.
+ * @returns The URN for the organization.
+ * @see {@link organizationUrnPrefix} for the prefix of the URN.
+ * @example
+ * ```ts
+ * buildOrganizationUrn('1') // returns 'urn:logto:organization:1'
+ * ```
+ */
+export declare const buildOrganizationUrn: (organizationId: string) => string;
+/**
+ * Get the organization ID from the URN (Uniform Resource Name) for the organization in Logto.
+ *
+ * @param urn The URN for the organization. Must start with {@link organizationUrnPrefix}.
+ * @returns The ID of the organization.
+ * @throws {TypeError} If the URN is invalid.
+ * @example
+ * ```ts
+ * getOrganizationIdFromUrn('1') // throws TypeError
+ * getOrganizationIdFromUrn('urn:logto:organization:1') // returns '1'
+ * ```
+ */
+export declare const getOrganizationIdFromUrn: (urn: string) => string;

package/lib/openid.js

@@ -0,0 +1,143 @@
+/** Scopes that reserved by Logto, which will be added to the auth request automatically. */
+export var ReservedScope;
+(function (ReservedScope) {
+    ReservedScope["OpenId"] = "openid";
+    ReservedScope["OfflineAccess"] = "offline_access";
+})(ReservedScope || (ReservedScope = {}));
+/** Resources that reserved by Logto, which cannot be defined by users. */
+export var ReservedResource;
+(function (ReservedResource) {
+    /**
+     * The resource for organization template per RFC 0001.
+     *
+     * @see {@link https://github.com/logto-io/rfcs | RFC 0001} for more details.
+     */
+    ReservedResource["Organization"] = "urn:logto:resource:organizations";
+})(ReservedResource || (ReservedResource = {}));
+/**
+ * Scopes for ID Token and Userinfo Endpoint.
+ */
+export var UserScope;
+(function (UserScope) {
+    /**
+     * Scope for basic user info.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["Profile"] = "profile";
+    /**
+     * Scope for user email address.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["Email"] = "email";
+    /**
+     * Scope for user phone number.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["Phone"] = "phone";
+    /**
+     * Scope for user's custom data.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["CustomData"] = "custom_data";
+    /**
+     * Scope for user's social identity details.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["Identities"] = "identities";
+    /**
+     * Scope for user's roles.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["Roles"] = "roles";
+    /**
+     * Scope for user's organization IDs and perform organization token grant per [RFC 0001](https://github.com/logto-io/rfcs).
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["Organizations"] = "urn:logto:scope:organizations";
+    /**
+     * Scope for user's organization roles per [RFC 0001](https://github.com/logto-io/rfcs).
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["OrganizationRoles"] = "urn:logto:scope:organization_roles";
+})(UserScope || (UserScope = {}));
+/**
+ * Mapped claims that ID Token includes.
+ */
+export const idTokenClaims = Object.freeze({
+    [UserScope.Profile]: ['name', 'picture', 'username'],
+    [UserScope.Email]: ['email', 'email_verified'],
+    [UserScope.Phone]: ['phone_number', 'phone_number_verified'],
+    [UserScope.Roles]: ['roles'],
+    [UserScope.Organizations]: ['organizations'],
+    [UserScope.OrganizationRoles]: ['organization_roles'],
+    [UserScope.CustomData]: [],
+    [UserScope.Identities]: [],
+});
+/**
+ * Additional claims that Userinfo Endpoint returns.
+ */
+export const userinfoClaims = Object.freeze({
+    [UserScope.Profile]: [],
+    [UserScope.Email]: [],
+    [UserScope.Phone]: [],
+    [UserScope.Roles]: [],
+    [UserScope.Organizations]: ['organization_data'],
+    [UserScope.OrganizationRoles]: [],
+    [UserScope.CustomData]: ['custom_data'],
+    [UserScope.Identities]: ['identities'],
+});
+export const userClaims = Object.freeze(
+// Hard to infer type directly, use `as` for a workaround.
+// eslint-disable-next-line no-restricted-syntax
+Object.fromEntries(Object.values(UserScope).map((current) => [
+    current,
+    [...idTokenClaims[current], ...userinfoClaims[current]],
+])));
+/**
+ * The prefix of the URN (Uniform Resource Name) for the organization in Logto.
+ *
+ * @example
+ * ```
+ * urn:logto:organization:123 // organization with ID 123
+ * ```
+ * @see {@link https://en.wikipedia.org/wiki/Uniform_Resource_Name | Uniform Resource Name}
+ */
+export const organizationUrnPrefix = 'urn:logto:organization:';
+/**
+ * Build the URN (Uniform Resource Name) for the organization in Logto.
+ *
+ * @param organizationId The ID of the organization.
+ * @returns The URN for the organization.
+ * @see {@link organizationUrnPrefix} for the prefix of the URN.
+ * @example
+ * ```ts
+ * buildOrganizationUrn('1') // returns 'urn:logto:organization:1'
+ * ```
+ */
+export const buildOrganizationUrn = (organizationId) => `${organizationUrnPrefix}${organizationId}`;
+/**
+ * Get the organization ID from the URN (Uniform Resource Name) for the organization in Logto.
+ *
+ * @param urn The URN for the organization. Must start with {@link organizationUrnPrefix}.
+ * @returns The ID of the organization.
+ * @throws {TypeError} If the URN is invalid.
+ * @example
+ * ```ts
+ * getOrganizationIdFromUrn('1') // throws TypeError
+ * getOrganizationIdFromUrn('urn:logto:organization:1') // returns '1'
+ * ```
+ */
+export const getOrganizationIdFromUrn = (urn) => {
+    if (!urn.startsWith(organizationUrnPrefix)) {
+        throw new TypeError('Invalid organization URN.');
+    }
+    return urn.slice(organizationUrnPrefix.length);
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/core-kit",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "homepage": "https://github.com/logto-io/toolkit#readme",
   "repository": {
@@ -34,7 +34,7 @@
     "color": "^4.2.3"
   },
   "optionalDependencies": {
-    "zod": "^3.20.2"
+    "zod": "^3.22.4"
   },
   "devDependencies": {
     "@jest/types": "^29.0.3",
@@ -48,8 +48,8 @@
     "@types/react": "^18.0.31",
     "eslint": "^8.44.0",
     "jest": "^29.5.0",
-    "lint-staged": "^14.0.0",
-    "postcss": "^8.4.6",
+    "lint-staged": "^15.0.0",
+    "postcss": "^8.4.31",
     "prettier": "^3.0.0",
     "stylelint": "^15.0.0",
     "tslib": "^2.4.1",

package/scss/_console-themes.scss

@@ -158,6 +158,8 @@
   --color-env-tag-development: rgba(93, 52, 242, 15%);
   --color-env-tag-staging: rgba(255, 185, 90, 35%);
   --color-env-tag-production: rgba(131, 218, 133, 35%);
+  --color-specific-icon-bg: #f3effa;
+  --color-specific-toggle-off-enable: var(--color-neutral-90);
 
   // Shadows
   --shadow-1: 0 4px 8px rgba(0, 0, 0, 8%);
@@ -173,11 +175,14 @@
   --color-tooltip-background: #34353f; // dark theme Surface-4
   --color-tooltip-text: var(--color-neutral-99);
   --color-overlay: rgba(0, 0, 0, 30%);
+  --color-overlay-default-focused: rgba(25, 28, 29, 16%);
   --color-drawer-overlay: rgba(0, 0, 0, 40%);
   --color-guide-dropdown-background: var(--color-white);
   --color-guide-dropdown-border: var(--color-border);
   --color-skeleton-shimmer-rgb: 255, 255, 255; // rgb of Layer-1
   --color-specific-tag-upsell: var(--color-primary-50);
+  --color-specific-tag-test: var(--color-tertiary-50);
+  --color-specific-toggle-thumb-disabled: #ffffffb3;
 
   // Background
   --color-bg-body-base: var(--color-neutral-95);
@@ -192,6 +197,7 @@
   --color-bg-toast: var(--color-neutral-20);
   --color-bg-state-unselected: var(--color-neutral-90);
   --color-bg-state-disabled: rgba(25, 28, 29, 8%); // 8% --color-neutral-10
+  --color-bg-info-tag: rgba(229, 225, 236, 80%); // 80% --color-neutral-variant-90
 }
 
 @mixin dark {
@@ -354,6 +360,8 @@
   --color-env-tag-development: rgba(202, 190, 255, 32%);
   --color-env-tag-staging: rgba(235, 153, 24, 36%);
   --color-env-tag-production: rgba(104, 190, 108, 36%);
+  --color-specific-icon-bg: rgba(247, 248, 248, 12%);
+  --color-specific-toggle-off-enable: var(--color-neutral-90);
 
   // Shadows
   --shadow-1: 0 4px 8px rgba(0, 0, 0, 8%);
@@ -369,11 +377,14 @@
   --color-tooltip-background: var(--color-surface-4);
   --color-tooltip-text: var(--color-neutral-10);
   --color-overlay: rgba(0, 0, 0, 70%); // 70% Neutral-100
+  --color-overlay-default-focused: rgba(247, 248, 248, 16%);
   --color-drawer-overlay: rgba(0, 0, 0, 60%);
   --color-guide-dropdown-background: var(--color-neutral-variant-80);
   --color-guide-dropdown-border: var(--color-neutral-variant-70);
   --color-skeleton-shimmer-rgb: 42, 44, 50; // rgb of Layer-1
   --color-specific-tag-upsell: var(--color-primary-70);
+  --color-specific-tag-test: var(--color-tertiary-80);
+  --color-specific-toggle-thumb-disabled: #ffffff4d;
 
   // Background
   --color-bg-body-base: var(--color-neutral-100);
@@ -391,4 +402,5 @@
   --color-bg-toast: var(--color-neutral-80);
   --color-bg-state-unselected: var(--color-neutral-90);
   --color-bg-state-disabled: rgba(247, 248, 248, 8%); // 8% --color-neutral-10
+  --color-bg-info-tag: var(--color-neutral-variant-90);
 }

package/lib/scope.d.ts

@@ -1,55 +0,0 @@
-export declare enum ReservedScope {
-    OpenId = "openid",
-    OfflineAccess = "offline_access"
-}
-export type UserClaim = 'name' | 'picture' | 'username' | 'email' | 'email_verified' | 'phone_number' | 'phone_number_verified' | 'roles' | 'custom_data' | 'identities';
-/**
- * Scopes for ID Token and Userinfo Endpoint.
- */
-export declare enum UserScope {
-    /**
-     * Scope for basic user info.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    Profile = "profile",
-    /**
-     * Scope for user email address.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    Email = "email",
-    /**
-     * Scope for user phone number.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    Phone = "phone",
-    /**
-     * Scope for user's custom data.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    CustomData = "custom_data",
-    /**
-     * Scope for user's social identity details.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    Identities = "identities",
-    /**
-     * Scope for user's roles.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    Roles = "roles"
-}
-/**
- * Mapped claims that ID Token includes.
- */
-export declare const idTokenClaims: Readonly<Record<UserScope, UserClaim[]>>;
-/**
- * Additional claims that Userinfo Endpoint returns.
- */
-export declare const userinfoClaims: Readonly<Record<UserScope, UserClaim[]>>;
-export declare const userClaims: Readonly<Record<UserScope, UserClaim[]>>;

package/lib/scope.js

@@ -1,76 +0,0 @@
-export var ReservedScope;
-(function (ReservedScope) {
-    ReservedScope["OpenId"] = "openid";
-    ReservedScope["OfflineAccess"] = "offline_access";
-})(ReservedScope || (ReservedScope = {}));
-/**
- * Scopes for ID Token and Userinfo Endpoint.
- */
-export var UserScope;
-(function (UserScope) {
-    /**
-     * Scope for basic user info.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Profile"] = "profile";
-    /**
-     * Scope for user email address.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Email"] = "email";
-    /**
-     * Scope for user phone number.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Phone"] = "phone";
-    /**
-     * Scope for user's custom data.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["CustomData"] = "custom_data";
-    /**
-     * Scope for user's social identity details.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Identities"] = "identities";
-    /**
-     * Scope for user's roles.
-     *
-     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
-     */
-    UserScope["Roles"] = "roles";
-})(UserScope || (UserScope = {}));
-/**
- * Mapped claims that ID Token includes.
- */
-export const idTokenClaims = Object.freeze({
-    [UserScope.Profile]: ['name', 'picture', 'username'],
-    [UserScope.Email]: ['email', 'email_verified'],
-    [UserScope.Phone]: ['phone_number', 'phone_number_verified'],
-    [UserScope.Roles]: ['roles'],
-    [UserScope.CustomData]: [],
-    [UserScope.Identities]: [],
-});
-/**
- * Additional claims that Userinfo Endpoint returns.
- */
-export const userinfoClaims = Object.freeze({
-    [UserScope.Profile]: [],
-    [UserScope.Email]: [],
-    [UserScope.Phone]: [],
-    [UserScope.Roles]: [],
-    [UserScope.CustomData]: ['custom_data'],
-    [UserScope.Identities]: ['identities'],
-});
-export const userClaims = Object.freeze(
-// Hard to infer type directly, use `as` for a workaround.
-// eslint-disable-next-line no-restricted-syntax
-Object.fromEntries(Object.values(UserScope).map((current) => [
-    current,
-    [...idTokenClaims[current], ...userinfoClaims[current]],
-])));