@logto/schemas 1.10.0 → 1.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/alterations/1.10.1-1695647183-update-private-key-type.ts +108 -0
- package/alterations/1.10.1-1696657546-organization-tables.ts +150 -0
- package/alterations/1.10.1-1697683802-add-sso-connectors-table.ts +66 -0
- package/alterations/1.10.1-1698646271-add-organization-created-flag.ts +75 -0
- package/alterations/1.10.1-1698820410-add-user-sso-identities-table.ts +61 -0
- package/alterations/1.10.1-1698910485-user-logto-data.ts +20 -0
- package/alterations/1.11.0-1699422979-add-sso-connector-id-col-to-user-sso-identities-table.ts +18 -0
- package/alterations/1.11.0-1699598903-remove-sso-only-column-in-sso-connectors-table.ts +18 -0
- package/alterations-js/1.10.1-1695647183-update-private-key-type.d.ts +3 -0
- package/alterations-js/1.10.1-1695647183-update-private-key-type.js +50 -0
- package/alterations-js/1.10.1-1696657546-organization-tables.d.ts +3 -0
- package/alterations-js/1.10.1-1696657546-organization-tables.js +136 -0
- package/alterations-js/1.10.1-1697683802-add-sso-connectors-table.d.ts +3 -0
- package/alterations-js/1.10.1-1697683802-add-sso-connectors-table.js +58 -0
- package/alterations-js/1.10.1-1698646271-add-organization-created-flag.d.ts +3 -0
- package/alterations-js/1.10.1-1698646271-add-organization-created-flag.js +26 -0
- package/alterations-js/1.10.1-1698820410-add-user-sso-identities-table.d.ts +4 -0
- package/alterations-js/1.10.1-1698820410-add-user-sso-identities-table.js +53 -0
- package/alterations-js/1.10.1-1698910485-user-logto-data.d.ts +3 -0
- package/alterations-js/1.10.1-1698910485-user-logto-data.js +16 -0
- package/alterations-js/1.11.0-1699422979-add-sso-connector-id-col-to-user-sso-identities-table.d.ts +3 -0
- package/alterations-js/1.11.0-1699422979-add-sso-connector-id-col-to-user-sso-identities-table.js +14 -0
- package/alterations-js/1.11.0-1699598903-remove-sso-only-column-in-sso-connectors-table.d.ts +3 -0
- package/alterations-js/1.11.0-1699598903-remove-sso-only-column-in-sso-connectors-table.js +14 -0
- package/lib/db-entries/application.d.ts +7 -1
- package/lib/db-entries/application.js +1 -0
- package/lib/db-entries/applications-role.d.ts +7 -1
- package/lib/db-entries/applications-role.js +1 -0
- package/lib/db-entries/connector.d.ts +7 -1
- package/lib/db-entries/connector.js +1 -0
- package/lib/db-entries/custom-phrase.d.ts +7 -1
- package/lib/db-entries/custom-phrase.js +1 -0
- package/lib/db-entries/daily-active-user.d.ts +7 -1
- package/lib/db-entries/daily-active-user.js +1 -0
- package/lib/db-entries/domain.d.ts +7 -1
- package/lib/db-entries/domain.js +1 -0
- package/lib/db-entries/hook.d.ts +7 -1
- package/lib/db-entries/hook.js +1 -0
- package/lib/db-entries/index.d.ts +8 -0
- package/lib/db-entries/index.js +8 -0
- package/lib/db-entries/log.d.ts +7 -1
- package/lib/db-entries/log.js +1 -0
- package/lib/db-entries/logto-config.d.ts +10 -4
- package/lib/db-entries/logto-config.js +4 -3
- package/lib/db-entries/oidc-model-instance.d.ts +7 -1
- package/lib/db-entries/oidc-model-instance.js +1 -0
- package/lib/db-entries/organization-role-scope-relation.d.ts +20 -0
- package/lib/db-entries/organization-role-scope-relation.js +29 -0
- package/lib/db-entries/organization-role-user-relation.d.ts +22 -0
- package/lib/db-entries/organization-role-user-relation.js +33 -0
- package/lib/db-entries/organization-role.d.ts +28 -0
- package/lib/db-entries/organization-role.js +33 -0
- package/lib/db-entries/organization-scope.d.ts +28 -0
- package/lib/db-entries/organization-scope.js +33 -0
- package/lib/db-entries/organization-user-relation.d.ts +20 -0
- package/lib/db-entries/organization-user-relation.js +29 -0
- package/lib/db-entries/organization.d.ts +32 -0
- package/lib/db-entries/organization.js +37 -0
- package/lib/db-entries/passcode.d.ts +7 -1
- package/lib/db-entries/passcode.js +1 -0
- package/lib/db-entries/resource.d.ts +7 -1
- package/lib/db-entries/resource.js +1 -0
- package/lib/db-entries/role.d.ts +7 -1
- package/lib/db-entries/role.js +1 -0
- package/lib/db-entries/roles-scope.d.ts +7 -1
- package/lib/db-entries/roles-scope.js +1 -0
- package/lib/db-entries/scope.d.ts +7 -1
- package/lib/db-entries/scope.js +1 -0
- package/lib/db-entries/sentinel-activity.d.ts +7 -1
- package/lib/db-entries/sentinel-activity.js +1 -0
- package/lib/db-entries/service-log.d.ts +7 -1
- package/lib/db-entries/service-log.js +1 -0
- package/lib/db-entries/sign-in-experience.d.ts +7 -1
- package/lib/db-entries/sign-in-experience.js +1 -0
- package/lib/db-entries/sso-connector.d.ts +46 -0
- package/lib/db-entries/sso-connector.js +54 -0
- package/lib/db-entries/system.d.ts +7 -1
- package/lib/db-entries/system.js +1 -0
- package/lib/db-entries/user-sso-identity.d.ts +32 -0
- package/lib/db-entries/user-sso-identity.js +50 -0
- package/lib/db-entries/user.d.ts +9 -1
- package/lib/db-entries/user.js +5 -0
- package/lib/db-entries/users-role.d.ts +7 -1
- package/lib/db-entries/users-role.js +1 -0
- package/lib/db-entries/verification-status.d.ts +7 -1
- package/lib/db-entries/verification-status.js +1 -0
- package/lib/foundations/index.d.ts +1 -1
- package/lib/foundations/index.js +1 -1
- package/lib/foundations/jsonb-types/custom-domain.d.ts +134 -0
- package/lib/foundations/jsonb-types/custom-domain.js +36 -0
- package/lib/foundations/jsonb-types/hooks.d.ts +32 -0
- package/lib/foundations/jsonb-types/hooks.js +24 -0
- package/lib/foundations/jsonb-types/index.d.ts +15 -0
- package/lib/foundations/jsonb-types/index.js +16 -0
- package/lib/foundations/jsonb-types/logs.d.ts +106 -0
- package/lib/foundations/jsonb-types/logs.js +20 -0
- package/lib/foundations/jsonb-types/oidc-module.d.ts +80 -0
- package/lib/foundations/jsonb-types/oidc-module.js +54 -0
- package/lib/foundations/jsonb-types/phrases.d.ts +5 -0
- package/lib/foundations/jsonb-types/phrases.js +2 -0
- package/lib/foundations/jsonb-types/sentinel.d.ts +27 -0
- package/lib/foundations/jsonb-types/sentinel.js +28 -0
- package/lib/foundations/jsonb-types/sign-in-experience.d.ts +118 -0
- package/lib/foundations/jsonb-types/sign-in-experience.js +56 -0
- package/lib/foundations/jsonb-types/sso-connector.d.ts +14 -0
- package/lib/foundations/jsonb-types/sso-connector.js +6 -0
- package/lib/foundations/jsonb-types/users.d.ts +285 -0
- package/lib/foundations/jsonb-types/users.js +47 -0
- package/lib/foundations/schemas.d.ts +11 -13
- package/lib/models/tenants.d.ts +8 -16
- package/lib/models/tenants.js +1 -6
- package/lib/seeds/logto-config.js +1 -0
- package/lib/types/application.d.ts +51 -1
- package/lib/types/application.js +7 -1
- package/lib/types/connector.d.ts +516 -2360
- package/lib/types/domain.d.ts +65 -27
- package/lib/types/hook.d.ts +15 -16
- package/lib/types/index.d.ts +4 -0
- package/lib/types/index.js +4 -0
- package/lib/types/interactions.d.ts +502 -10
- package/lib/types/interactions.js +83 -5
- package/lib/types/log/interaction.d.ts +4 -3
- package/lib/types/log/interaction.js +1 -0
- package/lib/types/logto-config.d.ts +74 -2
- package/lib/types/logto-config.js +38 -3
- package/lib/types/mfa.d.ts +211 -0
- package/lib/types/mfa.js +62 -0
- package/lib/types/organization.d.ts +48 -0
- package/lib/types/organization.js +21 -0
- package/lib/types/role.d.ts +5 -3
- package/lib/types/scope.d.ts +12 -27
- package/lib/types/sso-connector.d.ts +137 -0
- package/lib/types/sso-connector.js +24 -0
- package/lib/types/system.d.ts +26 -7
- package/lib/types/system.js +8 -0
- package/lib/types/tenant.d.ts +5 -0
- package/lib/types/tenant.js +6 -0
- package/lib/types/user-assets.d.ts +2 -2
- package/lib/types/user.d.ts +209 -66
- package/lib/types/user.js +8 -2
- package/package.json +7 -7
- package/tables/logto_configs.sql +1 -1
- package/tables/organization_role_scope_relations.sql +12 -0
- package/tables/organization_role_user_relations.sql +14 -0
- package/tables/organization_roles.sql +19 -0
- package/tables/organization_scopes.sql +19 -0
- package/tables/organization_user_relations.sql +12 -0
- package/tables/organizations.sql +19 -0
- package/tables/sso_connectors.sql +28 -0
- package/tables/user_sso_identities.sql +20 -0
- package/tables/users.sql +1 -0
- package/lib/foundations/jsonb-types.d.ts +0 -673
- package/lib/foundations/jsonb-types.js +0 -260
|
@@ -160,14 +160,14 @@ export declare const profileGuard: z.ZodObject<{
|
|
|
160
160
|
username?: string | undefined;
|
|
161
161
|
email?: string | undefined;
|
|
162
162
|
phone?: string | undefined;
|
|
163
|
-
password?: string | undefined;
|
|
164
163
|
connectorId?: string | undefined;
|
|
164
|
+
password?: string | undefined;
|
|
165
165
|
}, {
|
|
166
166
|
username?: string | undefined;
|
|
167
167
|
email?: string | undefined;
|
|
168
168
|
phone?: string | undefined;
|
|
169
|
-
password?: string | undefined;
|
|
170
169
|
connectorId?: string | undefined;
|
|
170
|
+
password?: string | undefined;
|
|
171
171
|
}>;
|
|
172
172
|
export type Profile = z.infer<typeof profileGuard>;
|
|
173
173
|
export declare enum MissingProfile {
|
|
@@ -188,7 +188,112 @@ export declare const bindTotpPayloadGuard: z.ZodObject<{
|
|
|
188
188
|
type: MfaFactor.TOTP;
|
|
189
189
|
}>;
|
|
190
190
|
export type BindTotpPayload = z.infer<typeof bindTotpPayloadGuard>;
|
|
191
|
-
export declare const
|
|
191
|
+
export declare const bindWebAuthnPayloadGuard: z.ZodObject<{
|
|
192
|
+
type: z.ZodLiteral<MfaFactor.WebAuthn>;
|
|
193
|
+
id: z.ZodString;
|
|
194
|
+
rawId: z.ZodString;
|
|
195
|
+
/**
|
|
196
|
+
* The response from WebAuthn API
|
|
197
|
+
*
|
|
198
|
+
* @see {@link https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential}
|
|
199
|
+
*/
|
|
200
|
+
response: z.ZodObject<{
|
|
201
|
+
clientDataJSON: z.ZodString;
|
|
202
|
+
attestationObject: z.ZodString;
|
|
203
|
+
authenticatorData: z.ZodOptional<z.ZodString>;
|
|
204
|
+
transports: z.ZodOptional<z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">>;
|
|
205
|
+
publicKeyAlgorithm: z.ZodOptional<z.ZodNumber>;
|
|
206
|
+
publicKey: z.ZodOptional<z.ZodString>;
|
|
207
|
+
}, "strip", z.ZodTypeAny, {
|
|
208
|
+
clientDataJSON: string;
|
|
209
|
+
attestationObject: string;
|
|
210
|
+
authenticatorData?: string | undefined;
|
|
211
|
+
transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
|
|
212
|
+
publicKeyAlgorithm?: number | undefined;
|
|
213
|
+
publicKey?: string | undefined;
|
|
214
|
+
}, {
|
|
215
|
+
clientDataJSON: string;
|
|
216
|
+
attestationObject: string;
|
|
217
|
+
authenticatorData?: string | undefined;
|
|
218
|
+
transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
|
|
219
|
+
publicKeyAlgorithm?: number | undefined;
|
|
220
|
+
publicKey?: string | undefined;
|
|
221
|
+
}>;
|
|
222
|
+
authenticatorAttachment: z.ZodOptional<z.ZodEnum<["cross-platform", "platform"]>>;
|
|
223
|
+
clientExtensionResults: z.ZodObject<{
|
|
224
|
+
appid: z.ZodOptional<z.ZodBoolean>;
|
|
225
|
+
crepProps: z.ZodOptional<z.ZodObject<{
|
|
226
|
+
rk: z.ZodOptional<z.ZodBoolean>;
|
|
227
|
+
}, "strip", z.ZodTypeAny, {
|
|
228
|
+
rk?: boolean | undefined;
|
|
229
|
+
}, {
|
|
230
|
+
rk?: boolean | undefined;
|
|
231
|
+
}>>;
|
|
232
|
+
hmacCreateSecret: z.ZodOptional<z.ZodBoolean>;
|
|
233
|
+
}, "strip", z.ZodTypeAny, {
|
|
234
|
+
appid?: boolean | undefined;
|
|
235
|
+
crepProps?: {
|
|
236
|
+
rk?: boolean | undefined;
|
|
237
|
+
} | undefined;
|
|
238
|
+
hmacCreateSecret?: boolean | undefined;
|
|
239
|
+
}, {
|
|
240
|
+
appid?: boolean | undefined;
|
|
241
|
+
crepProps?: {
|
|
242
|
+
rk?: boolean | undefined;
|
|
243
|
+
} | undefined;
|
|
244
|
+
hmacCreateSecret?: boolean | undefined;
|
|
245
|
+
}>;
|
|
246
|
+
}, "strip", z.ZodTypeAny, {
|
|
247
|
+
type: MfaFactor.WebAuthn;
|
|
248
|
+
id: string;
|
|
249
|
+
rawId: string;
|
|
250
|
+
response: {
|
|
251
|
+
clientDataJSON: string;
|
|
252
|
+
attestationObject: string;
|
|
253
|
+
authenticatorData?: string | undefined;
|
|
254
|
+
transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
|
|
255
|
+
publicKeyAlgorithm?: number | undefined;
|
|
256
|
+
publicKey?: string | undefined;
|
|
257
|
+
};
|
|
258
|
+
clientExtensionResults: {
|
|
259
|
+
appid?: boolean | undefined;
|
|
260
|
+
crepProps?: {
|
|
261
|
+
rk?: boolean | undefined;
|
|
262
|
+
} | undefined;
|
|
263
|
+
hmacCreateSecret?: boolean | undefined;
|
|
264
|
+
};
|
|
265
|
+
authenticatorAttachment?: "platform" | "cross-platform" | undefined;
|
|
266
|
+
}, {
|
|
267
|
+
type: MfaFactor.WebAuthn;
|
|
268
|
+
id: string;
|
|
269
|
+
rawId: string;
|
|
270
|
+
response: {
|
|
271
|
+
clientDataJSON: string;
|
|
272
|
+
attestationObject: string;
|
|
273
|
+
authenticatorData?: string | undefined;
|
|
274
|
+
transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
|
|
275
|
+
publicKeyAlgorithm?: number | undefined;
|
|
276
|
+
publicKey?: string | undefined;
|
|
277
|
+
};
|
|
278
|
+
clientExtensionResults: {
|
|
279
|
+
appid?: boolean | undefined;
|
|
280
|
+
crepProps?: {
|
|
281
|
+
rk?: boolean | undefined;
|
|
282
|
+
} | undefined;
|
|
283
|
+
hmacCreateSecret?: boolean | undefined;
|
|
284
|
+
};
|
|
285
|
+
authenticatorAttachment?: "platform" | "cross-platform" | undefined;
|
|
286
|
+
}>;
|
|
287
|
+
export type BindWebAuthnPayload = z.infer<typeof bindWebAuthnPayloadGuard>;
|
|
288
|
+
export declare const bindBackupCodePayloadGuard: z.ZodObject<{
|
|
289
|
+
type: z.ZodLiteral<MfaFactor.BackupCode>;
|
|
290
|
+
}, "strip", z.ZodTypeAny, {
|
|
291
|
+
type: MfaFactor.BackupCode;
|
|
292
|
+
}, {
|
|
293
|
+
type: MfaFactor.BackupCode;
|
|
294
|
+
}>;
|
|
295
|
+
export type BindBackupCodePayload = z.infer<typeof bindBackupCodePayloadGuard>;
|
|
296
|
+
export declare const bindMfaPayloadGuard: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
|
|
192
297
|
type: z.ZodLiteral<MfaFactor.TOTP>;
|
|
193
298
|
code: z.ZodString;
|
|
194
299
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -197,7 +302,108 @@ export declare const bindMfaPayloadGuard: z.ZodObject<{
|
|
|
197
302
|
}, {
|
|
198
303
|
code: string;
|
|
199
304
|
type: MfaFactor.TOTP;
|
|
200
|
-
}
|
|
305
|
+
}>, z.ZodObject<{
|
|
306
|
+
type: z.ZodLiteral<MfaFactor.WebAuthn>;
|
|
307
|
+
id: z.ZodString;
|
|
308
|
+
rawId: z.ZodString;
|
|
309
|
+
/**
|
|
310
|
+
* The response from WebAuthn API
|
|
311
|
+
*
|
|
312
|
+
* @see {@link https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential}
|
|
313
|
+
*/
|
|
314
|
+
response: z.ZodObject<{
|
|
315
|
+
clientDataJSON: z.ZodString;
|
|
316
|
+
attestationObject: z.ZodString;
|
|
317
|
+
authenticatorData: z.ZodOptional<z.ZodString>;
|
|
318
|
+
transports: z.ZodOptional<z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">>;
|
|
319
|
+
publicKeyAlgorithm: z.ZodOptional<z.ZodNumber>;
|
|
320
|
+
publicKey: z.ZodOptional<z.ZodString>;
|
|
321
|
+
}, "strip", z.ZodTypeAny, {
|
|
322
|
+
clientDataJSON: string;
|
|
323
|
+
attestationObject: string;
|
|
324
|
+
authenticatorData?: string | undefined;
|
|
325
|
+
transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
|
|
326
|
+
publicKeyAlgorithm?: number | undefined;
|
|
327
|
+
publicKey?: string | undefined;
|
|
328
|
+
}, {
|
|
329
|
+
clientDataJSON: string;
|
|
330
|
+
attestationObject: string;
|
|
331
|
+
authenticatorData?: string | undefined;
|
|
332
|
+
transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
|
|
333
|
+
publicKeyAlgorithm?: number | undefined;
|
|
334
|
+
publicKey?: string | undefined;
|
|
335
|
+
}>;
|
|
336
|
+
authenticatorAttachment: z.ZodOptional<z.ZodEnum<["cross-platform", "platform"]>>;
|
|
337
|
+
clientExtensionResults: z.ZodObject<{
|
|
338
|
+
appid: z.ZodOptional<z.ZodBoolean>;
|
|
339
|
+
crepProps: z.ZodOptional<z.ZodObject<{
|
|
340
|
+
rk: z.ZodOptional<z.ZodBoolean>;
|
|
341
|
+
}, "strip", z.ZodTypeAny, {
|
|
342
|
+
rk?: boolean | undefined;
|
|
343
|
+
}, {
|
|
344
|
+
rk?: boolean | undefined;
|
|
345
|
+
}>>;
|
|
346
|
+
hmacCreateSecret: z.ZodOptional<z.ZodBoolean>;
|
|
347
|
+
}, "strip", z.ZodTypeAny, {
|
|
348
|
+
appid?: boolean | undefined;
|
|
349
|
+
crepProps?: {
|
|
350
|
+
rk?: boolean | undefined;
|
|
351
|
+
} | undefined;
|
|
352
|
+
hmacCreateSecret?: boolean | undefined;
|
|
353
|
+
}, {
|
|
354
|
+
appid?: boolean | undefined;
|
|
355
|
+
crepProps?: {
|
|
356
|
+
rk?: boolean | undefined;
|
|
357
|
+
} | undefined;
|
|
358
|
+
hmacCreateSecret?: boolean | undefined;
|
|
359
|
+
}>;
|
|
360
|
+
}, "strip", z.ZodTypeAny, {
|
|
361
|
+
type: MfaFactor.WebAuthn;
|
|
362
|
+
id: string;
|
|
363
|
+
rawId: string;
|
|
364
|
+
response: {
|
|
365
|
+
clientDataJSON: string;
|
|
366
|
+
attestationObject: string;
|
|
367
|
+
authenticatorData?: string | undefined;
|
|
368
|
+
transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
|
|
369
|
+
publicKeyAlgorithm?: number | undefined;
|
|
370
|
+
publicKey?: string | undefined;
|
|
371
|
+
};
|
|
372
|
+
clientExtensionResults: {
|
|
373
|
+
appid?: boolean | undefined;
|
|
374
|
+
crepProps?: {
|
|
375
|
+
rk?: boolean | undefined;
|
|
376
|
+
} | undefined;
|
|
377
|
+
hmacCreateSecret?: boolean | undefined;
|
|
378
|
+
};
|
|
379
|
+
authenticatorAttachment?: "platform" | "cross-platform" | undefined;
|
|
380
|
+
}, {
|
|
381
|
+
type: MfaFactor.WebAuthn;
|
|
382
|
+
id: string;
|
|
383
|
+
rawId: string;
|
|
384
|
+
response: {
|
|
385
|
+
clientDataJSON: string;
|
|
386
|
+
attestationObject: string;
|
|
387
|
+
authenticatorData?: string | undefined;
|
|
388
|
+
transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
|
|
389
|
+
publicKeyAlgorithm?: number | undefined;
|
|
390
|
+
publicKey?: string | undefined;
|
|
391
|
+
};
|
|
392
|
+
clientExtensionResults: {
|
|
393
|
+
appid?: boolean | undefined;
|
|
394
|
+
crepProps?: {
|
|
395
|
+
rk?: boolean | undefined;
|
|
396
|
+
} | undefined;
|
|
397
|
+
hmacCreateSecret?: boolean | undefined;
|
|
398
|
+
};
|
|
399
|
+
authenticatorAttachment?: "platform" | "cross-platform" | undefined;
|
|
400
|
+
}>, z.ZodObject<{
|
|
401
|
+
type: z.ZodLiteral<MfaFactor.BackupCode>;
|
|
402
|
+
}, "strip", z.ZodTypeAny, {
|
|
403
|
+
type: MfaFactor.BackupCode;
|
|
404
|
+
}, {
|
|
405
|
+
type: MfaFactor.BackupCode;
|
|
406
|
+
}>]>;
|
|
201
407
|
export type BindMfaPayload = z.infer<typeof bindMfaPayloadGuard>;
|
|
202
408
|
export declare const totpVerificationPayloadGuard: z.ZodObject<{
|
|
203
409
|
type: z.ZodLiteral<MfaFactor.TOTP>;
|
|
@@ -210,7 +416,100 @@ export declare const totpVerificationPayloadGuard: z.ZodObject<{
|
|
|
210
416
|
type: MfaFactor.TOTP;
|
|
211
417
|
}>;
|
|
212
418
|
export type TotpVerificationPayload = z.infer<typeof totpVerificationPayloadGuard>;
|
|
213
|
-
export declare const
|
|
419
|
+
export declare const webAuthnVerificationPayloadGuard: z.ZodObject<{
|
|
420
|
+
type: z.ZodLiteral<MfaFactor.WebAuthn>;
|
|
421
|
+
id: z.ZodString;
|
|
422
|
+
rawId: z.ZodString;
|
|
423
|
+
authenticatorAttachment: z.ZodOptional<z.ZodEnum<["cross-platform", "platform"]>>;
|
|
424
|
+
clientExtensionResults: z.ZodObject<{
|
|
425
|
+
appid: z.ZodOptional<z.ZodBoolean>;
|
|
426
|
+
crepProps: z.ZodOptional<z.ZodObject<{
|
|
427
|
+
rk: z.ZodOptional<z.ZodBoolean>;
|
|
428
|
+
}, "strip", z.ZodTypeAny, {
|
|
429
|
+
rk?: boolean | undefined;
|
|
430
|
+
}, {
|
|
431
|
+
rk?: boolean | undefined;
|
|
432
|
+
}>>;
|
|
433
|
+
hmacCreateSecret: z.ZodOptional<z.ZodBoolean>;
|
|
434
|
+
}, "strip", z.ZodTypeAny, {
|
|
435
|
+
appid?: boolean | undefined;
|
|
436
|
+
crepProps?: {
|
|
437
|
+
rk?: boolean | undefined;
|
|
438
|
+
} | undefined;
|
|
439
|
+
hmacCreateSecret?: boolean | undefined;
|
|
440
|
+
}, {
|
|
441
|
+
appid?: boolean | undefined;
|
|
442
|
+
crepProps?: {
|
|
443
|
+
rk?: boolean | undefined;
|
|
444
|
+
} | undefined;
|
|
445
|
+
hmacCreateSecret?: boolean | undefined;
|
|
446
|
+
}>;
|
|
447
|
+
response: z.ZodObject<{
|
|
448
|
+
clientDataJSON: z.ZodString;
|
|
449
|
+
authenticatorData: z.ZodString;
|
|
450
|
+
signature: z.ZodString;
|
|
451
|
+
userHandle: z.ZodOptional<z.ZodString>;
|
|
452
|
+
}, "strip", z.ZodTypeAny, {
|
|
453
|
+
clientDataJSON: string;
|
|
454
|
+
authenticatorData: string;
|
|
455
|
+
signature: string;
|
|
456
|
+
userHandle?: string | undefined;
|
|
457
|
+
}, {
|
|
458
|
+
clientDataJSON: string;
|
|
459
|
+
authenticatorData: string;
|
|
460
|
+
signature: string;
|
|
461
|
+
userHandle?: string | undefined;
|
|
462
|
+
}>;
|
|
463
|
+
}, "strip", z.ZodTypeAny, {
|
|
464
|
+
type: MfaFactor.WebAuthn;
|
|
465
|
+
id: string;
|
|
466
|
+
rawId: string;
|
|
467
|
+
response: {
|
|
468
|
+
clientDataJSON: string;
|
|
469
|
+
authenticatorData: string;
|
|
470
|
+
signature: string;
|
|
471
|
+
userHandle?: string | undefined;
|
|
472
|
+
};
|
|
473
|
+
clientExtensionResults: {
|
|
474
|
+
appid?: boolean | undefined;
|
|
475
|
+
crepProps?: {
|
|
476
|
+
rk?: boolean | undefined;
|
|
477
|
+
} | undefined;
|
|
478
|
+
hmacCreateSecret?: boolean | undefined;
|
|
479
|
+
};
|
|
480
|
+
authenticatorAttachment?: "platform" | "cross-platform" | undefined;
|
|
481
|
+
}, {
|
|
482
|
+
type: MfaFactor.WebAuthn;
|
|
483
|
+
id: string;
|
|
484
|
+
rawId: string;
|
|
485
|
+
response: {
|
|
486
|
+
clientDataJSON: string;
|
|
487
|
+
authenticatorData: string;
|
|
488
|
+
signature: string;
|
|
489
|
+
userHandle?: string | undefined;
|
|
490
|
+
};
|
|
491
|
+
clientExtensionResults: {
|
|
492
|
+
appid?: boolean | undefined;
|
|
493
|
+
crepProps?: {
|
|
494
|
+
rk?: boolean | undefined;
|
|
495
|
+
} | undefined;
|
|
496
|
+
hmacCreateSecret?: boolean | undefined;
|
|
497
|
+
};
|
|
498
|
+
authenticatorAttachment?: "platform" | "cross-platform" | undefined;
|
|
499
|
+
}>;
|
|
500
|
+
export type WebAuthnVerificationPayload = z.infer<typeof webAuthnVerificationPayloadGuard>;
|
|
501
|
+
export declare const backupCodeVerificationPayloadGuard: z.ZodObject<{
|
|
502
|
+
type: z.ZodLiteral<MfaFactor.BackupCode>;
|
|
503
|
+
code: z.ZodString;
|
|
504
|
+
}, "strip", z.ZodTypeAny, {
|
|
505
|
+
code: string;
|
|
506
|
+
type: MfaFactor.BackupCode;
|
|
507
|
+
}, {
|
|
508
|
+
code: string;
|
|
509
|
+
type: MfaFactor.BackupCode;
|
|
510
|
+
}>;
|
|
511
|
+
export type BackupCodeVerificationPayload = z.infer<typeof backupCodeVerificationPayloadGuard>;
|
|
512
|
+
export declare const verifyMfaPayloadGuard: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
|
|
214
513
|
type: z.ZodLiteral<MfaFactor.TOTP>;
|
|
215
514
|
code: z.ZodString;
|
|
216
515
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -219,7 +518,96 @@ export declare const verifyMfaPayloadGuard: z.ZodObject<{
|
|
|
219
518
|
}, {
|
|
220
519
|
code: string;
|
|
221
520
|
type: MfaFactor.TOTP;
|
|
222
|
-
}
|
|
521
|
+
}>, z.ZodObject<{
|
|
522
|
+
type: z.ZodLiteral<MfaFactor.WebAuthn>;
|
|
523
|
+
id: z.ZodString;
|
|
524
|
+
rawId: z.ZodString;
|
|
525
|
+
authenticatorAttachment: z.ZodOptional<z.ZodEnum<["cross-platform", "platform"]>>;
|
|
526
|
+
clientExtensionResults: z.ZodObject<{
|
|
527
|
+
appid: z.ZodOptional<z.ZodBoolean>;
|
|
528
|
+
crepProps: z.ZodOptional<z.ZodObject<{
|
|
529
|
+
rk: z.ZodOptional<z.ZodBoolean>;
|
|
530
|
+
}, "strip", z.ZodTypeAny, {
|
|
531
|
+
rk?: boolean | undefined;
|
|
532
|
+
}, {
|
|
533
|
+
rk?: boolean | undefined;
|
|
534
|
+
}>>;
|
|
535
|
+
hmacCreateSecret: z.ZodOptional<z.ZodBoolean>;
|
|
536
|
+
}, "strip", z.ZodTypeAny, {
|
|
537
|
+
appid?: boolean | undefined;
|
|
538
|
+
crepProps?: {
|
|
539
|
+
rk?: boolean | undefined;
|
|
540
|
+
} | undefined;
|
|
541
|
+
hmacCreateSecret?: boolean | undefined;
|
|
542
|
+
}, {
|
|
543
|
+
appid?: boolean | undefined;
|
|
544
|
+
crepProps?: {
|
|
545
|
+
rk?: boolean | undefined;
|
|
546
|
+
} | undefined;
|
|
547
|
+
hmacCreateSecret?: boolean | undefined;
|
|
548
|
+
}>;
|
|
549
|
+
response: z.ZodObject<{
|
|
550
|
+
clientDataJSON: z.ZodString;
|
|
551
|
+
authenticatorData: z.ZodString;
|
|
552
|
+
signature: z.ZodString;
|
|
553
|
+
userHandle: z.ZodOptional<z.ZodString>;
|
|
554
|
+
}, "strip", z.ZodTypeAny, {
|
|
555
|
+
clientDataJSON: string;
|
|
556
|
+
authenticatorData: string;
|
|
557
|
+
signature: string;
|
|
558
|
+
userHandle?: string | undefined;
|
|
559
|
+
}, {
|
|
560
|
+
clientDataJSON: string;
|
|
561
|
+
authenticatorData: string;
|
|
562
|
+
signature: string;
|
|
563
|
+
userHandle?: string | undefined;
|
|
564
|
+
}>;
|
|
565
|
+
}, "strip", z.ZodTypeAny, {
|
|
566
|
+
type: MfaFactor.WebAuthn;
|
|
567
|
+
id: string;
|
|
568
|
+
rawId: string;
|
|
569
|
+
response: {
|
|
570
|
+
clientDataJSON: string;
|
|
571
|
+
authenticatorData: string;
|
|
572
|
+
signature: string;
|
|
573
|
+
userHandle?: string | undefined;
|
|
574
|
+
};
|
|
575
|
+
clientExtensionResults: {
|
|
576
|
+
appid?: boolean | undefined;
|
|
577
|
+
crepProps?: {
|
|
578
|
+
rk?: boolean | undefined;
|
|
579
|
+
} | undefined;
|
|
580
|
+
hmacCreateSecret?: boolean | undefined;
|
|
581
|
+
};
|
|
582
|
+
authenticatorAttachment?: "platform" | "cross-platform" | undefined;
|
|
583
|
+
}, {
|
|
584
|
+
type: MfaFactor.WebAuthn;
|
|
585
|
+
id: string;
|
|
586
|
+
rawId: string;
|
|
587
|
+
response: {
|
|
588
|
+
clientDataJSON: string;
|
|
589
|
+
authenticatorData: string;
|
|
590
|
+
signature: string;
|
|
591
|
+
userHandle?: string | undefined;
|
|
592
|
+
};
|
|
593
|
+
clientExtensionResults: {
|
|
594
|
+
appid?: boolean | undefined;
|
|
595
|
+
crepProps?: {
|
|
596
|
+
rk?: boolean | undefined;
|
|
597
|
+
} | undefined;
|
|
598
|
+
hmacCreateSecret?: boolean | undefined;
|
|
599
|
+
};
|
|
600
|
+
authenticatorAttachment?: "platform" | "cross-platform" | undefined;
|
|
601
|
+
}>, z.ZodObject<{
|
|
602
|
+
type: z.ZodLiteral<MfaFactor.BackupCode>;
|
|
603
|
+
code: z.ZodString;
|
|
604
|
+
}, "strip", z.ZodTypeAny, {
|
|
605
|
+
code: string;
|
|
606
|
+
type: MfaFactor.BackupCode;
|
|
607
|
+
}, {
|
|
608
|
+
code: string;
|
|
609
|
+
type: MfaFactor.BackupCode;
|
|
610
|
+
}>]>;
|
|
223
611
|
export type VerifyMfaPayload = z.infer<typeof verifyMfaPayloadGuard>;
|
|
224
612
|
export declare const pendingTotpGuard: z.ZodObject<{
|
|
225
613
|
type: z.ZodLiteral<MfaFactor.TOTP>;
|
|
@@ -232,7 +620,29 @@ export declare const pendingTotpGuard: z.ZodObject<{
|
|
|
232
620
|
secret: string;
|
|
233
621
|
}>;
|
|
234
622
|
export type PendingTotp = z.infer<typeof pendingTotpGuard>;
|
|
235
|
-
export declare const
|
|
623
|
+
export declare const pendingWebAuthnGuard: z.ZodObject<{
|
|
624
|
+
type: z.ZodLiteral<MfaFactor.WebAuthn>;
|
|
625
|
+
challenge: z.ZodString;
|
|
626
|
+
}, "strip", z.ZodTypeAny, {
|
|
627
|
+
type: MfaFactor.WebAuthn;
|
|
628
|
+
challenge: string;
|
|
629
|
+
}, {
|
|
630
|
+
type: MfaFactor.WebAuthn;
|
|
631
|
+
challenge: string;
|
|
632
|
+
}>;
|
|
633
|
+
export type PendingWebAuthn = z.infer<typeof pendingWebAuthnGuard>;
|
|
634
|
+
export declare const pendingBackupCodeGuard: z.ZodObject<{
|
|
635
|
+
type: z.ZodLiteral<MfaFactor.BackupCode>;
|
|
636
|
+
codes: z.ZodArray<z.ZodString, "many">;
|
|
637
|
+
}, "strip", z.ZodTypeAny, {
|
|
638
|
+
type: MfaFactor.BackupCode;
|
|
639
|
+
codes: string[];
|
|
640
|
+
}, {
|
|
641
|
+
type: MfaFactor.BackupCode;
|
|
642
|
+
codes: string[];
|
|
643
|
+
}>;
|
|
644
|
+
export type PendingBackupCode = z.infer<typeof pendingBackupCodeGuard>;
|
|
645
|
+
export declare const pendingMfaGuard: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
|
|
236
646
|
type: z.ZodLiteral<MfaFactor.TOTP>;
|
|
237
647
|
secret: z.ZodString;
|
|
238
648
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -241,7 +651,25 @@ export declare const pendingMfaGuard: z.ZodObject<{
|
|
|
241
651
|
}, {
|
|
242
652
|
type: MfaFactor.TOTP;
|
|
243
653
|
secret: string;
|
|
244
|
-
}
|
|
654
|
+
}>, z.ZodObject<{
|
|
655
|
+
type: z.ZodLiteral<MfaFactor.WebAuthn>;
|
|
656
|
+
challenge: z.ZodString;
|
|
657
|
+
}, "strip", z.ZodTypeAny, {
|
|
658
|
+
type: MfaFactor.WebAuthn;
|
|
659
|
+
challenge: string;
|
|
660
|
+
}, {
|
|
661
|
+
type: MfaFactor.WebAuthn;
|
|
662
|
+
challenge: string;
|
|
663
|
+
}>, z.ZodObject<{
|
|
664
|
+
type: z.ZodLiteral<MfaFactor.BackupCode>;
|
|
665
|
+
codes: z.ZodArray<z.ZodString, "many">;
|
|
666
|
+
}, "strip", z.ZodTypeAny, {
|
|
667
|
+
type: MfaFactor.BackupCode;
|
|
668
|
+
codes: string[];
|
|
669
|
+
}, {
|
|
670
|
+
type: MfaFactor.BackupCode;
|
|
671
|
+
codes: string[];
|
|
672
|
+
}>]>;
|
|
245
673
|
export type PendingMfa = z.infer<typeof pendingMfaGuard>;
|
|
246
674
|
export declare const bindTotpGuard: z.ZodObject<{
|
|
247
675
|
type: z.ZodLiteral<MfaFactor.TOTP>;
|
|
@@ -254,7 +682,41 @@ export declare const bindTotpGuard: z.ZodObject<{
|
|
|
254
682
|
secret: string;
|
|
255
683
|
}>;
|
|
256
684
|
export type BindTotp = z.infer<typeof bindTotpGuard>;
|
|
257
|
-
export declare const
|
|
685
|
+
export declare const bindWebAuthnGuard: z.ZodObject<{
|
|
686
|
+
type: z.ZodLiteral<MfaFactor.WebAuthn>;
|
|
687
|
+
credentialId: z.ZodString;
|
|
688
|
+
publicKey: z.ZodString;
|
|
689
|
+
transports: z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">;
|
|
690
|
+
counter: z.ZodNumber;
|
|
691
|
+
agent: z.ZodString;
|
|
692
|
+
}, "strip", z.ZodTypeAny, {
|
|
693
|
+
type: MfaFactor.WebAuthn;
|
|
694
|
+
credentialId: string;
|
|
695
|
+
publicKey: string;
|
|
696
|
+
transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
|
|
697
|
+
counter: number;
|
|
698
|
+
agent: string;
|
|
699
|
+
}, {
|
|
700
|
+
type: MfaFactor.WebAuthn;
|
|
701
|
+
credentialId: string;
|
|
702
|
+
publicKey: string;
|
|
703
|
+
transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
|
|
704
|
+
counter: number;
|
|
705
|
+
agent: string;
|
|
706
|
+
}>;
|
|
707
|
+
export type BindWebAuthn = z.infer<typeof bindWebAuthnGuard>;
|
|
708
|
+
export declare const bindBackupCodeGuard: z.ZodObject<{
|
|
709
|
+
type: z.ZodLiteral<MfaFactor.BackupCode>;
|
|
710
|
+
codes: z.ZodArray<z.ZodString, "many">;
|
|
711
|
+
}, "strip", z.ZodTypeAny, {
|
|
712
|
+
type: MfaFactor.BackupCode;
|
|
713
|
+
codes: string[];
|
|
714
|
+
}, {
|
|
715
|
+
type: MfaFactor.BackupCode;
|
|
716
|
+
codes: string[];
|
|
717
|
+
}>;
|
|
718
|
+
export type BindBackupCode = z.infer<typeof bindBackupCodeGuard>;
|
|
719
|
+
export declare const bindMfaGuard: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
|
|
258
720
|
type: z.ZodLiteral<MfaFactor.TOTP>;
|
|
259
721
|
secret: z.ZodString;
|
|
260
722
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -263,7 +725,37 @@ export declare const bindMfaGuard: z.ZodObject<{
|
|
|
263
725
|
}, {
|
|
264
726
|
type: MfaFactor.TOTP;
|
|
265
727
|
secret: string;
|
|
266
|
-
}
|
|
728
|
+
}>, z.ZodObject<{
|
|
729
|
+
type: z.ZodLiteral<MfaFactor.WebAuthn>;
|
|
730
|
+
credentialId: z.ZodString;
|
|
731
|
+
publicKey: z.ZodString;
|
|
732
|
+
transports: z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">;
|
|
733
|
+
counter: z.ZodNumber;
|
|
734
|
+
agent: z.ZodString;
|
|
735
|
+
}, "strip", z.ZodTypeAny, {
|
|
736
|
+
type: MfaFactor.WebAuthn;
|
|
737
|
+
credentialId: string;
|
|
738
|
+
publicKey: string;
|
|
739
|
+
transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
|
|
740
|
+
counter: number;
|
|
741
|
+
agent: string;
|
|
742
|
+
}, {
|
|
743
|
+
type: MfaFactor.WebAuthn;
|
|
744
|
+
credentialId: string;
|
|
745
|
+
publicKey: string;
|
|
746
|
+
transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
|
|
747
|
+
counter: number;
|
|
748
|
+
agent: string;
|
|
749
|
+
}>, z.ZodObject<{
|
|
750
|
+
type: z.ZodLiteral<MfaFactor.BackupCode>;
|
|
751
|
+
codes: z.ZodArray<z.ZodString, "many">;
|
|
752
|
+
}, "strip", z.ZodTypeAny, {
|
|
753
|
+
type: MfaFactor.BackupCode;
|
|
754
|
+
codes: string[];
|
|
755
|
+
}, {
|
|
756
|
+
type: MfaFactor.BackupCode;
|
|
757
|
+
codes: string[];
|
|
758
|
+
}>]>;
|
|
267
759
|
export type BindMfa = z.infer<typeof bindMfaGuard>;
|
|
268
760
|
export declare const verifyMfaResultGuard: z.ZodObject<{
|
|
269
761
|
type: z.ZodNativeEnum<typeof MfaFactor>;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { emailRegEx, phoneRegEx, usernameRegEx } from '@logto/core-kit';
|
|
2
2
|
import { z } from 'zod';
|
|
3
|
-
import { MfaFactor, jsonObjectGuard } from '../foundations/index.js';
|
|
3
|
+
import { MfaFactor, jsonObjectGuard, webAuthnTransportGuard } from '../foundations/index.js';
|
|
4
4
|
import { emailVerificationCodePayloadGuard, phoneVerificationCodePayloadGuard, } from './verification-code.js';
|
|
5
5
|
/**
|
|
6
6
|
* Detailed interaction identifier payload guard
|
|
@@ -68,19 +68,97 @@ export const bindTotpPayloadGuard = z.object({
|
|
|
68
68
|
type: z.literal(MfaFactor.TOTP),
|
|
69
69
|
code: z.string(),
|
|
70
70
|
});
|
|
71
|
-
export const
|
|
71
|
+
export const bindWebAuthnPayloadGuard = z.object({
|
|
72
|
+
type: z.literal(MfaFactor.WebAuthn),
|
|
73
|
+
id: z.string(),
|
|
74
|
+
rawId: z.string(),
|
|
75
|
+
/**
|
|
76
|
+
* The response from WebAuthn API
|
|
77
|
+
*
|
|
78
|
+
* @see {@link https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential}
|
|
79
|
+
*/
|
|
80
|
+
response: z.object({
|
|
81
|
+
clientDataJSON: z.string(),
|
|
82
|
+
attestationObject: z.string(),
|
|
83
|
+
authenticatorData: z.string().optional(),
|
|
84
|
+
transports: webAuthnTransportGuard.array().optional(),
|
|
85
|
+
publicKeyAlgorithm: z.number().optional(),
|
|
86
|
+
publicKey: z.string().optional(),
|
|
87
|
+
}),
|
|
88
|
+
authenticatorAttachment: z.enum(['cross-platform', 'platform']).optional(),
|
|
89
|
+
clientExtensionResults: z.object({
|
|
90
|
+
appid: z.boolean().optional(),
|
|
91
|
+
crepProps: z
|
|
92
|
+
.object({
|
|
93
|
+
rk: z.boolean().optional(),
|
|
94
|
+
})
|
|
95
|
+
.optional(),
|
|
96
|
+
hmacCreateSecret: z.boolean().optional(),
|
|
97
|
+
}),
|
|
98
|
+
});
|
|
99
|
+
export const bindBackupCodePayloadGuard = z.object({
|
|
100
|
+
type: z.literal(MfaFactor.BackupCode),
|
|
101
|
+
});
|
|
102
|
+
export const bindMfaPayloadGuard = z.discriminatedUnion('type', [
|
|
103
|
+
bindTotpPayloadGuard,
|
|
104
|
+
bindWebAuthnPayloadGuard,
|
|
105
|
+
bindBackupCodePayloadGuard,
|
|
106
|
+
]);
|
|
72
107
|
export const totpVerificationPayloadGuard = bindTotpPayloadGuard;
|
|
73
|
-
export const
|
|
108
|
+
export const webAuthnVerificationPayloadGuard = bindWebAuthnPayloadGuard
|
|
109
|
+
.omit({ response: true })
|
|
110
|
+
.extend({
|
|
111
|
+
response: z.object({
|
|
112
|
+
clientDataJSON: z.string(),
|
|
113
|
+
authenticatorData: z.string(),
|
|
114
|
+
signature: z.string(),
|
|
115
|
+
userHandle: z.string().optional(),
|
|
116
|
+
}),
|
|
117
|
+
});
|
|
118
|
+
export const backupCodeVerificationPayloadGuard = z.object({
|
|
119
|
+
type: z.literal(MfaFactor.BackupCode),
|
|
120
|
+
code: z.string(),
|
|
121
|
+
});
|
|
122
|
+
export const verifyMfaPayloadGuard = z.discriminatedUnion('type', [
|
|
123
|
+
totpVerificationPayloadGuard,
|
|
124
|
+
webAuthnVerificationPayloadGuard,
|
|
125
|
+
backupCodeVerificationPayloadGuard,
|
|
126
|
+
]);
|
|
74
127
|
export const pendingTotpGuard = z.object({
|
|
75
128
|
type: z.literal(MfaFactor.TOTP),
|
|
76
129
|
secret: z.string(),
|
|
77
130
|
});
|
|
131
|
+
export const pendingWebAuthnGuard = z.object({
|
|
132
|
+
type: z.literal(MfaFactor.WebAuthn),
|
|
133
|
+
challenge: z.string(),
|
|
134
|
+
});
|
|
135
|
+
export const pendingBackupCodeGuard = z.object({
|
|
136
|
+
type: z.literal(MfaFactor.BackupCode),
|
|
137
|
+
codes: z.array(z.string()),
|
|
138
|
+
});
|
|
78
139
|
// Some information like TOTP secret should be generated in the backend
|
|
79
140
|
// and stored in the interaction temporarily.
|
|
80
|
-
export const pendingMfaGuard =
|
|
141
|
+
export const pendingMfaGuard = z.discriminatedUnion('type', [
|
|
142
|
+
pendingTotpGuard,
|
|
143
|
+
pendingWebAuthnGuard,
|
|
144
|
+
pendingBackupCodeGuard,
|
|
145
|
+
]);
|
|
81
146
|
export const bindTotpGuard = pendingTotpGuard;
|
|
147
|
+
export const bindWebAuthnGuard = z.object({
|
|
148
|
+
type: z.literal(MfaFactor.WebAuthn),
|
|
149
|
+
credentialId: z.string(),
|
|
150
|
+
publicKey: z.string(),
|
|
151
|
+
transports: webAuthnTransportGuard.array(),
|
|
152
|
+
counter: z.number(),
|
|
153
|
+
agent: z.string(),
|
|
154
|
+
});
|
|
155
|
+
export const bindBackupCodeGuard = pendingBackupCodeGuard;
|
|
82
156
|
// The type for binding new mfa verification to a user, not always equals to the pending type.
|
|
83
|
-
export const bindMfaGuard =
|
|
157
|
+
export const bindMfaGuard = z.discriminatedUnion('type', [
|
|
158
|
+
bindTotpGuard,
|
|
159
|
+
bindWebAuthnGuard,
|
|
160
|
+
bindBackupCodeGuard,
|
|
161
|
+
]);
|
|
84
162
|
export const verifyMfaResultGuard = z.object({
|
|
85
163
|
type: z.nativeEnum(MfaFactor),
|
|
86
164
|
id: z.string(),
|