npm - @logto/schemas - Versions diffs - 1.10.1 → 1.12.0 - Mend

@logto/schemas 1.10.1 → 1.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/alterations/1.11.0-1699422979-add-sso-connector-id-col-to-user-sso-identities-table.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { sql } from 'slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table user_sso_identities add column sso_connector_id varchar(128) not null references sso_connectors (id) on update cascade on delete cascade;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table user_sso_identities drop column sso_connector_id;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.11.0-1699598903-remove-sso-only-column-in-sso-connectors-table.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { sql } from 'slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sso_connectors drop column sso_only;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sso_connectors add column sso_only boolean not null default FALSE;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.12.0-1700031616-update-org-role-foreign-keys.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { sql } from 'slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table organization_role_user_relations
+        drop constraint organization_role_user_relations_organization_id_fkey;
+      alter table organization_role_user_relations
+        drop constraint organization_role_user_relations_user_id_fkey;
+      alter table organization_role_user_relations
+        add foreign key (tenant_id, organization_id, user_id)
+        references organization_user_relations (tenant_id, organization_id, user_id)
+        on update cascade on delete cascade;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table organization_role_user_relations
+        -- The constraint name is strange because it's generated by Postgres and it has a 63 character limit
+        drop constraint organization_role_user_relati_tenant_id_organization_id_us_fkey;
+      alter table organization_role_user_relations
+        add foreign key (organization_id)
+        references organizations (id)
+        on update cascade on delete cascade;
+      alter table organization_role_user_relations
+        add foreign key (user_id)
+        references users (id)
+        on update cascade on delete cascade;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.12.0-1701054133-add-unique-constraint-to-the-sso-connector-name.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { sql } from 'slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sso_connectors
+        add constraint sso_connectors__connector_name__unique
+          unique (tenant_id, connector_name);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sso_connectors
+        drop constraint sso_connectors__connector_name__unique;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.12.0-1701245520-add-single-sign-on-enabled-flag-to-sie.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { sql } from 'slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column single_sign_on_enabled boolean not null default false;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column single_sign_on_enabled;
+    `);
+  },
+};
+export default alteration;

package/alterations-js/1.11.0-1699422979-add-sso-connector-id-col-to-user-sso-identities-table.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.11.0-1699422979-add-sso-connector-id-col-to-user-sso-identities-table.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table user_sso_identities add column sso_connector_id varchar(128) not null references sso_connectors (id) on update cascade on delete cascade;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table user_sso_identities drop column sso_connector_id;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.11.0-1699598903-remove-sso-only-column-in-sso-connectors-table.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.11.0-1699598903-remove-sso-only-column-in-sso-connectors-table.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sso_connectors drop column sso_only;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sso_connectors add column sso_only boolean not null default FALSE;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.12.0-1700031616-update-org-role-foreign-keys.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.12.0-1700031616-update-org-role-foreign-keys.js ADDED Viewed

@@ -0,0 +1,31 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table organization_role_user_relations
+        drop constraint organization_role_user_relations_organization_id_fkey;
+      alter table organization_role_user_relations
+        drop constraint organization_role_user_relations_user_id_fkey;
+      alter table organization_role_user_relations
+        add foreign key (tenant_id, organization_id, user_id)
+        references organization_user_relations (tenant_id, organization_id, user_id)
+        on update cascade on delete cascade;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table organization_role_user_relations
+        -- The constraint name is strange because it's generated by Postgres and it has a 63 character limit
+        drop constraint organization_role_user_relati_tenant_id_organization_id_us_fkey;
+      alter table organization_role_user_relations
+        add foreign key (organization_id)
+        references organizations (id)
+        on update cascade on delete cascade;
+      alter table organization_role_user_relations
+        add foreign key (user_id)
+        references users (id)
+        on update cascade on delete cascade;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.12.0-1701054133-add-unique-constraint-to-the-sso-connector-name.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.12.0-1701054133-add-unique-constraint-to-the-sso-connector-name.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sso_connectors
+        add constraint sso_connectors__connector_name__unique
+          unique (tenant_id, connector_name);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sso_connectors
+        drop constraint sso_connectors__connector_name__unique;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.12.0-1701245520-add-single-sign-on-enabled-flag-to-sie.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.12.0-1701245520-add-single-sign-on-enabled-flag-to-sie.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column single_sign_on_enabled boolean not null default false;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column single_sign_on_enabled;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/index.d.ts CHANGED Viewed

@@ -3,3 +3,4 @@ export * from './system.js';
 export * from './oidc.js';
 export * from './date.js';
 export * from './tenant.js';
+export * from './subscriptions.js';

package/lib/consts/index.js CHANGED Viewed

@@ -3,3 +3,4 @@ export * from './system.js';
 export * from './oidc.js';
 export * from './date.js';
 export * from './tenant.js';
+export * from './subscriptions.js';

package/lib/consts/subscriptions.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export declare enum ReservedPlanId {
+    Free = "free",
+    Hobby = "hobby",
+    Pro = "pro",
+    Development = "dev"
+}

package/lib/consts/subscriptions.js ADDED Viewed

@@ -0,0 +1,7 @@
+export var ReservedPlanId;
+(function (ReservedPlanId) {
+    ReservedPlanId["Free"] = "free";
+    ReservedPlanId["Hobby"] = "hobby";
+    ReservedPlanId["Pro"] = "pro";
+    ReservedPlanId["Development"] = "dev";
+})(ReservedPlanId || (ReservedPlanId = {}));

package/lib/db-entries/sign-in-experience.d.ts CHANGED Viewed

@@ -21,6 +21,7 @@ export type CreateSignInExperience = {
     customContent?: CustomContent;
     passwordPolicy?: PartialPasswordPolicy;
     mfa?: Mfa;
+    singleSignOnEnabled?: boolean;
 };
 export type SignInExperience = {
     tenantId: string;
@@ -38,6 +39,7 @@ export type SignInExperience = {
     customContent: CustomContent;
     passwordPolicy: PartialPasswordPolicy;
     mfa: Mfa;
+    singleSignOnEnabled: boolean;
 };
-export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'signIn' | 'signUp' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'passwordPolicy' | 'mfa';
+export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'signIn' | 'signUp' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled';
 export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;

package/lib/db-entries/sign-in-experience.js CHANGED Viewed

@@ -18,6 +18,7 @@ const createGuard = z.object({
     customContent: customContentGuard.optional(),
     passwordPolicy: partialPasswordPolicyGuard.optional(),
     mfa: mfaGuard.optional(),
+    singleSignOnEnabled: z.boolean().optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
@@ -35,6 +36,7 @@ const guard = z.object({
     customContent: customContentGuard,
     passwordPolicy: partialPasswordPolicyGuard,
     mfa: mfaGuard,
+    singleSignOnEnabled: z.boolean(),
 });
 export const SignInExperiences = Object.freeze({
     table: 'sign_in_experiences',
@@ -55,6 +57,7 @@ export const SignInExperiences = Object.freeze({
         customContent: 'custom_content',
         passwordPolicy: 'password_policy',
         mfa: 'mfa',
+        singleSignOnEnabled: 'single_sign_on_enabled',
     },
     fieldKeys: [
         'tenantId',
@@ -72,6 +75,7 @@ export const SignInExperiences = Object.freeze({
         'customContent',
         'passwordPolicy',
         'mfa',
+        'singleSignOnEnabled',
     ],
     createGuard,
     guard,

package/lib/db-entries/sso-connector.d.ts CHANGED Viewed

@@ -8,7 +8,7 @@ export type CreateSsoConnector = {
     tenantId?: string;
     /** The globally unique identifier of the SSO connector. */
     id: string;
-    /** The connector factory name of the SSO provider. */
+    /** The identifier of connector's SSO provider */
     providerName: string;
     /** The name of the SSO provider for display. */
     connectorName: string;
@@ -20,8 +20,6 @@ export type CreateSsoConnector = {
     branding?: SsoBranding;
     /** Determines whether to synchronize the user's profile on each login. */
     syncProfile?: boolean;
-    /** Determines whether SSO is the restricted sign-in method for users with the SSO registered email domains */
-    ssoOnly?: boolean;
     /** When the SSO connector was created. */
     createdAt?: number;
 };
@@ -29,7 +27,7 @@ export type SsoConnector = {
     tenantId: string;
     /** The globally unique identifier of the SSO connector. */
     id: string;
-    /** The connector factory name of the SSO provider. */
+    /** The identifier of connector's SSO provider */
     providerName: string;
     /** The name of the SSO provider for display. */
     connectorName: string;
@@ -41,10 +39,8 @@ export type SsoConnector = {
     branding: SsoBranding;
     /** Determines whether to synchronize the user's profile on each login. */
     syncProfile: boolean;
-    /** Determines whether SSO is the restricted sign-in method for users with the SSO registered email domains */
-    ssoOnly: boolean;
     /** When the SSO connector was created. */
     createdAt: number;
 };
-export type SsoConnectorKeys = 'tenantId' | 'id' | 'providerName' | 'connectorName' | 'config' | 'domains' | 'branding' | 'syncProfile' | 'ssoOnly' | 'createdAt';
+export type SsoConnectorKeys = 'tenantId' | 'id' | 'providerName' | 'connectorName' | 'config' | 'domains' | 'branding' | 'syncProfile' | 'createdAt';
 export declare const SsoConnectors: GeneratedSchema<SsoConnectorKeys, CreateSsoConnector, SsoConnector, 'sso_connectors', 'sso_connector'>;

package/lib/db-entries/sso-connector.js CHANGED Viewed

@@ -10,7 +10,6 @@ const createGuard = z.object({
     domains: ssoDomainsGuard.optional(),
     branding: ssoBrandingGuard.optional(),
     syncProfile: z.boolean().optional(),
-    ssoOnly: z.boolean().optional(),
     createdAt: z.number().optional(),
 });
 const guard = z.object({
@@ -22,7 +21,6 @@ const guard = z.object({
     domains: ssoDomainsGuard,
     branding: ssoBrandingGuard,
     syncProfile: z.boolean(),
-    ssoOnly: z.boolean(),
     createdAt: z.number(),
 });
 export const SsoConnectors = Object.freeze({
@@ -37,7 +35,6 @@ export const SsoConnectors = Object.freeze({
         domains: 'domains',
         branding: 'branding',
         syncProfile: 'sync_profile',
-        ssoOnly: 'sso_only',
         createdAt: 'created_at',
     },
     fieldKeys: [
@@ -49,7 +46,6 @@ export const SsoConnectors = Object.freeze({
         'domains',
         'branding',
         'syncProfile',
-        'ssoOnly',
         'createdAt',
     ],
     createGuard,

package/lib/db-entries/user-sso-identity.d.ts CHANGED Viewed

@@ -14,6 +14,7 @@ export type CreateUserSsoIdentity = {
     identityId: string;
     detail?: JsonObject;
     createdAt?: number;
+    ssoConnectorId: string;
 };
 export type UserSsoIdentity = {
     tenantId: string;
@@ -25,6 +26,7 @@ export type UserSsoIdentity = {
     identityId: string;
     detail: JsonObject;
     createdAt: number;
+    ssoConnectorId: string;
 };
-export type UserSsoIdentityKeys = 'tenantId' | 'id' | 'userId' | 'issuer' | 'identityId' | 'detail' | 'createdAt';
+export type UserSsoIdentityKeys = 'tenantId' | 'id' | 'userId' | 'issuer' | 'identityId' | 'detail' | 'createdAt' | 'ssoConnectorId';
 export declare const UserSsoIdentities: GeneratedSchema<UserSsoIdentityKeys, CreateUserSsoIdentity, UserSsoIdentity, 'user_sso_identities', 'user_sso_identity'>;

package/lib/db-entries/user-sso-identity.js CHANGED Viewed

@@ -9,6 +9,7 @@ const createGuard = z.object({
     identityId: z.string().min(1).max(128),
     detail: jsonObjectGuard.optional(),
     createdAt: z.number().optional(),
+    ssoConnectorId: z.string().min(1).max(128),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
@@ -18,6 +19,7 @@ const guard = z.object({
     identityId: z.string().min(1).max(128),
     detail: jsonObjectGuard,
     createdAt: z.number(),
+    ssoConnectorId: z.string().min(1).max(128),
 });
 export const UserSsoIdentities = Object.freeze({
     table: 'user_sso_identities',
@@ -30,6 +32,7 @@ export const UserSsoIdentities = Object.freeze({
         identityId: 'identity_id',
         detail: 'detail',
         createdAt: 'created_at',
+        ssoConnectorId: 'sso_connector_id',
     },
     fieldKeys: [
         'tenantId',
@@ -39,6 +42,7 @@ export const UserSsoIdentities = Object.freeze({
         'identityId',
         'detail',
         'createdAt',
+        'ssoConnectorId',
     ],
     createGuard,
     guard,

package/lib/foundations/jsonb-types/sso-connector.d.ts CHANGED Viewed

@@ -2,12 +2,15 @@ import { z } from 'zod';
 export declare const ssoDomainsGuard: z.ZodArray<z.ZodString, "many">;
 export type SsoDomains = z.infer<typeof ssoDomainsGuard>;
 export declare const ssoBrandingGuard: z.ZodObject<{
+    displayName: z.ZodOptional<z.ZodString>;
     logo: z.ZodOptional<z.ZodString>;
     darkLogo: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
+    displayName?: string | undefined;
     logo?: string | undefined;
     darkLogo?: string | undefined;
 }, {
+    displayName?: string | undefined;
     logo?: string | undefined;
     darkLogo?: string | undefined;
 }>;

package/lib/foundations/jsonb-types/sso-connector.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { z } from 'zod';
 export const ssoDomainsGuard = z.array(z.string());
 export const ssoBrandingGuard = z.object({
+    displayName: z.string().optional(),
     logo: z.string().optional(),
     darkLogo: z.string().optional(),
 });

package/lib/foundations/jsonb-types/users.d.ts CHANGED Viewed

@@ -3,23 +3,23 @@ import { MfaFactor } from './sign-in-experience.js';
 export declare const roleNamesGuard: z.ZodArray<z.ZodString, "many">;
 declare const identityGuard: z.ZodObject<{
     userId: z.ZodString;
-    details: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
+    details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, "strip", z.ZodTypeAny, {
     userId: string;
-    details?: {} | undefined;
+    details?: Record<string, unknown> | undefined;
 }, {
     userId: string;
-    details?: {} | undefined;
+    details?: Record<string, unknown> | undefined;
 }>;
 export declare const identitiesGuard: z.ZodRecord<z.ZodString, z.ZodObject<{
     userId: z.ZodString;
-    details: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
+    details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, "strip", z.ZodTypeAny, {
     userId: string;
-    details?: {} | undefined;
+    details?: Record<string, unknown> | undefined;
 }, {
     userId: string;
-    details?: {} | undefined;
+    details?: Record<string, unknown> | undefined;
 }>>;
 export type Identity = z.infer<typeof identityGuard>;
 export type Identities = z.infer<typeof identitiesGuard>;

package/lib/foundations/jsonb-types/users.js CHANGED Viewed

@@ -3,7 +3,7 @@ import { MfaFactor } from './sign-in-experience.js';
 export const roleNamesGuard = z.string().array();
 const identityGuard = z.object({
     userId: z.string(),
-    details: z.object({}).optional(), // Connector's userinfo details, schemaless
+    details: z.record(z.unknown()).optional(), // Connector's userinfo details, schemaless
 });
 export const identitiesGuard = z.record(identityGuard);
 export const baseMfaVerification = {

package/lib/models/tenants.d.ts CHANGED Viewed

@@ -1,10 +1,6 @@
 import type { InferModelType } from '@withtyped/server/model';
 import { z } from 'zod';
-export declare enum TenantTag {
-    Development = "development",
-    Staging = "staging",
-    Production = "production"
-}
+import { TenantTag } from '../types/tenant.js';
 export declare const Tenants: import("@withtyped/server/model").default<"tenants", {
     id: string;
     dbUser: string | null;

package/lib/models/tenants.js CHANGED Viewed

@@ -1,11 +1,6 @@
 import { createModel } from '@withtyped/server/model';
 import { z } from 'zod';
-export var TenantTag;
-(function (TenantTag) {
-    TenantTag["Development"] = "development";
-    TenantTag["Staging"] = "staging";
-    TenantTag["Production"] = "production";
-})(TenantTag || (TenantTag = {}));
+import { TenantTag } from '../types/tenant.js';
 export const Tenants = createModel(
 /* Sql */ `
   /* init_order = 0 */

package/lib/types/hook.d.ts CHANGED Viewed

@@ -9,6 +9,7 @@ export type HookEventPayload = {
     sessionId?: string;
     userAgent?: string;
     userId?: string;
+    userIp?: string;
     user?: Pick<User, (typeof userInfoSelectFields)[number]>;
     application?: Pick<Application, 'id' | 'type' | 'name' | 'description'>;
 } & Record<string, unknown>;

package/lib/types/index.d.ts CHANGED Viewed

@@ -22,3 +22,4 @@ export * from './sentinel.js';
 export * from './mfa.js';
 export * from './organization.js';
 export * from './sso-connector.js';
+export * from './tenant.js';

package/lib/types/index.js CHANGED Viewed

@@ -22,3 +22,4 @@ export * from './sentinel.js';
 export * from './mfa.js';
 export * from './organization.js';
 export * from './sso-connector.js';
+export * from './tenant.js';

package/lib/types/logto-config.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import type { ZodType } from 'zod';
 import { z } from 'zod';
+import { TenantTag } from './tenant.js';
 /**
  * Logto OIDC signing key types, used mainly in REST API routes.
  */
@@ -45,12 +46,35 @@ export declare const logtoOidcConfigGuard: Readonly<{
 export declare const adminConsoleDataGuard: z.ZodObject<{
     signInExperienceCustomized: z.ZodBoolean;
     organizationCreated: z.ZodBoolean;
+    developmentTenantMigrationNotification: z.ZodOptional<z.ZodObject<{
+        isPaidTenant: z.ZodBoolean;
+        tag: z.ZodNativeEnum<typeof TenantTag>;
+        readAt: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        isPaidTenant: boolean;
+        tag: TenantTag;
+        readAt?: number | undefined;
+    }, {
+        isPaidTenant: boolean;
+        tag: TenantTag;
+        readAt?: number | undefined;
+    }>>;
 }, "strip", z.ZodTypeAny, {
     signInExperienceCustomized: boolean;
     organizationCreated: boolean;
+    developmentTenantMigrationNotification?: {
+        isPaidTenant: boolean;
+        tag: TenantTag;
+        readAt?: number | undefined;
+    } | undefined;
 }, {
     signInExperienceCustomized: boolean;
     organizationCreated: boolean;
+    developmentTenantMigrationNotification?: {
+        isPaidTenant: boolean;
+        tag: TenantTag;
+        readAt?: number | undefined;
+    } | undefined;
 }>;
 export type AdminConsoleData = z.infer<typeof adminConsoleDataGuard>;
 export declare const cloudConnectionDataGuard: z.ZodObject<{

package/lib/types/logto-config.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { z } from 'zod';
+import { TenantTag } from './tenant.js';
 /**
  * Logto OIDC signing key types, used mainly in REST API routes.
  */
@@ -36,6 +37,13 @@ export const logtoOidcConfigGuard = Object.freeze({
 export const adminConsoleDataGuard = z.object({
     signInExperienceCustomized: z.boolean(),
     organizationCreated: z.boolean(),
+    developmentTenantMigrationNotification: z
+        .object({
+        isPaidTenant: z.boolean(),
+        tag: z.nativeEnum(TenantTag),
+        readAt: z.number().optional(),
+    })
+        .optional(),
 });
 /* --- Logto tenant cloud connection config --- */
 export const cloudConnectionDataGuard = z.object({

package/lib/types/organization.d.ts CHANGED Viewed

@@ -1,11 +1,15 @@
 import { z } from 'zod';
-import { type OrganizationRole, type Organization, type User } from '../db-entries/index.js';
-import { type FeaturedUser } from './user.js';
+import { type OrganizationRole, type Organization } from '../db-entries/index.js';
+import { type UserInfo, type FeaturedUser } from './user.js';
+/**
+ * The simplified organization scope entity that is returned for some endpoints.
+ */
+export type OrganizationScopeEntity = {
+    id: string;
+    name: string;
+};
 export type OrganizationRoleWithScopes = OrganizationRole & {
-    scopes: Array<{
-        id: string;
-        name: string;
-    }>;
+    scopes: OrganizationScopeEntity[];
 };
 export declare const organizationRoleWithScopesGuard: z.ZodType<OrganizationRoleWithScopes>;
 /**
@@ -29,7 +33,7 @@ export declare const organizationWithOrganizationRolesGuard: z.ZodType<Organizat
  * The user entity with the `organizationRoles` field that contains the roles of
  * the user in a specific organization.
  */
-export type UserWithOrganizationRoles = User & {
+export type UserWithOrganizationRoles = UserInfo & {
     /** The roles of the user in a specific organization. */
     organizationRoles: OrganizationRoleEntity[];
 };

package/lib/types/organization.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { z } from 'zod';
-import { OrganizationRoles, Organizations, Users, } from '../db-entries/index.js';
+import { OrganizationRoles, Organizations, } from '../db-entries/index.js';
+import { userInfoGuard } from './user.js';
 export const organizationRoleWithScopesGuard = OrganizationRoles.guard.extend({
     scopes: z
         .object({
@@ -15,6 +16,6 @@ const organizationRoleEntityGuard = z.object({
 export const organizationWithOrganizationRolesGuard = Organizations.guard.extend({
     organizationRoles: organizationRoleEntityGuard.array(),
 });
-export const userWithOrganizationRolesGuard = Users.guard.extend({
+export const userWithOrganizationRolesGuard = userInfoGuard.extend({
     organizationRoles: organizationRoleEntityGuard.array(),
 });

package/lib/types/sso-connector.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { z } from 'zod';
+import { type SsoConnector } from '../db-entries/sso-connector.js';
 /**
  * SSO Connector data type that are returned to the experience client for sign-in use.
  */
@@ -19,3 +20,115 @@ export declare const ssoConnectorMetadataGuard: z.ZodObject<{
     darkLogo?: string | undefined;
 }>;
 export type SsoConnectorMetadata = z.infer<typeof ssoConnectorMetadataGuard>;
+export declare enum SsoProviderName {
+    OIDC = "OIDC",
+    SAML = "SAML",
+    AZURE_AD = "AzureAD",
+    GOOGLE_WORKSPACE = "GoogleWorkspace",
+    OKTA = "Okta"
+}
+export declare const singleSignOnDomainBlackList: readonly string[];
+export type SupportedSsoConnector = Omit<SsoConnector, 'providerName'> & {
+    providerName: SsoProviderName;
+};
+declare const ssoConnectorProviderDetailGuard: z.ZodObject<{
+    providerName: z.ZodNativeEnum<typeof SsoProviderName>;
+    logo: z.ZodString;
+    logoDark: z.ZodString;
+    description: z.ZodString;
+    name: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    logo: string;
+    description: string;
+    logoDark: string;
+    providerName: SsoProviderName;
+}, {
+    name: string;
+    logo: string;
+    description: string;
+    logoDark: string;
+    providerName: SsoProviderName;
+}>;
+export type SsoConnectorProviderDetail = z.infer<typeof ssoConnectorProviderDetailGuard>;
+export declare const ssoConnectorProvidersResponseGuard: z.ZodArray<z.ZodObject<{
+    providerName: z.ZodNativeEnum<typeof SsoProviderName>;
+    logo: z.ZodString;
+    logoDark: z.ZodString;
+    description: z.ZodString;
+    name: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    logo: string;
+    description: string;
+    logoDark: string;
+    providerName: SsoProviderName;
+}, {
+    name: string;
+    logo: string;
+    description: string;
+    logoDark: string;
+    providerName: SsoProviderName;
+}>, "many">;
+export type SsoConnectorProvidersResponse = z.infer<typeof ssoConnectorProvidersResponseGuard>;
+export declare const ssoConnectorWithProviderConfigGuard: z.ZodObject<{
+    id: z.ZodType<string, z.ZodTypeDef, string>;
+    tenantId: z.ZodType<string, z.ZodTypeDef, string>;
+    createdAt: z.ZodType<number, z.ZodTypeDef, number>;
+    syncProfile: z.ZodType<boolean, z.ZodTypeDef, boolean>;
+    config: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
+    domains: z.ZodType<string[], z.ZodTypeDef, string[]>;
+    branding: z.ZodType<{
+        displayName?: string | undefined;
+        logo?: string | undefined;
+        darkLogo?: string | undefined;
+    }, z.ZodTypeDef, {
+        displayName?: string | undefined;
+        logo?: string | undefined;
+        darkLogo?: string | undefined;
+    }>;
+    connectorName: z.ZodType<string, z.ZodTypeDef, string>;
+    name: z.ZodString;
+    providerName: z.ZodNativeEnum<typeof SsoProviderName>;
+    providerLogo: z.ZodString;
+    providerLogoDark: z.ZodString;
+    providerConfig: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    id: string;
+    tenantId: string;
+    createdAt: number;
+    syncProfile: boolean;
+    config: import("@withtyped/server").JsonObject;
+    domains: string[];
+    branding: {
+        displayName?: string | undefined;
+        logo?: string | undefined;
+        darkLogo?: string | undefined;
+    };
+    providerName: SsoProviderName;
+    connectorName: string;
+    providerLogo: string;
+    providerLogoDark: string;
+    providerConfig?: Record<string, unknown> | undefined;
+}, {
+    name: string;
+    id: string;
+    tenantId: string;
+    createdAt: number;
+    syncProfile: boolean;
+    config: import("@withtyped/server").JsonObject;
+    domains: string[];
+    branding: {
+        displayName?: string | undefined;
+        logo?: string | undefined;
+        darkLogo?: string | undefined;
+    };
+    providerName: SsoProviderName;
+    connectorName: string;
+    providerLogo: string;
+    providerLogoDark: string;
+    providerConfig?: Record<string, unknown> | undefined;
+}>;
+export type SsoConnectorWithProviderConfig = z.infer<typeof ssoConnectorWithProviderConfigGuard>;
+export {};

package/lib/types/sso-connector.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { z } from 'zod';
+import { SsoConnectors } from '../db-entries/sso-connector.js';
 /**
  * SSO Connector data type that are returned to the experience client for sign-in use.
  */
@@ -8,3 +9,50 @@ export const ssoConnectorMetadataGuard = z.object({
     logo: z.string(),
     darkLogo: z.string().optional(),
 });
+export var SsoProviderName;
+(function (SsoProviderName) {
+    SsoProviderName["OIDC"] = "OIDC";
+    SsoProviderName["SAML"] = "SAML";
+    SsoProviderName["AZURE_AD"] = "AzureAD";
+    SsoProviderName["GOOGLE_WORKSPACE"] = "GoogleWorkspace";
+    SsoProviderName["OKTA"] = "Okta";
+})(SsoProviderName || (SsoProviderName = {}));
+export const singleSignOnDomainBlackList = Object.freeze([
+    'gmail.com',
+    'yahoo.com',
+    'hotmail.com',
+    'outlook.com',
+    'live.com',
+    'icloud.com',
+    'aol.com',
+    'yandex.com',
+    'mail.com',
+    'protonmail.com',
+    'yanex.com',
+    'gmx.com',
+    'mail.ru',
+    'zoho.com',
+    'qq.com',
+    '163.com',
+    '126.com',
+    'sina.com',
+    'sohu.com',
+]);
+const ssoConnectorProviderDetailGuard = z.object({
+    providerName: z.nativeEnum(SsoProviderName),
+    logo: z.string(),
+    logoDark: z.string(),
+    description: z.string(),
+    name: z.string(),
+});
+export const ssoConnectorProvidersResponseGuard = z.array(ssoConnectorProviderDetailGuard);
+// API response guard for all the SSO connectors CRUD APIs
+export const ssoConnectorWithProviderConfigGuard = SsoConnectors.guard
+    .omit({ providerName: true })
+    .merge(z.object({
+    name: z.string(),
+    providerName: z.nativeEnum(SsoProviderName),
+    providerLogo: z.string(),
+    providerLogoDark: z.string(),
+    providerConfig: z.record(z.unknown()).optional(),
+}));

package/lib/types/tenant.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export declare enum TenantTag {
+    Development = "development",
+    Staging = "staging",
+    Production = "production"
+}

package/lib/types/tenant.js ADDED Viewed

@@ -0,0 +1,9 @@
+export var TenantTag;
+(function (TenantTag) {
+    /* Development tenants are free to use but are not meant to be used as production environment */
+    TenantTag["Development"] = "development";
+    /* @deprecated */
+    TenantTag["Staging"] = "staging";
+    /* A production tenant must have an associated subscription plan, even if it's a free plan */
+    TenantTag["Production"] = "production";
+})(TenantTag || (TenantTag = {}));

package/lib/types/user.d.ts CHANGED Viewed

@@ -15,10 +15,10 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
     applicationId: z.ZodType<string | null, z.ZodTypeDef, string | null>;
     identities: z.ZodType<Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>, z.ZodTypeDef, Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>>;
     customData: z.ZodType<import("../foundations/index.js").JsonObject, z.ZodTypeDef, import("../foundations/index.js").JsonObject>;
     logtoConfig: z.ZodType<import("../foundations/index.js").JsonObject, z.ZodTypeDef, import("../foundations/index.js").JsonObject>;
@@ -90,7 +90,7 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
     avatar: string | null;
     identities: Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>;
     customData: import("../foundations/index.js").JsonObject;
     logtoConfig: import("../foundations/index.js").JsonObject;
@@ -136,7 +136,7 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
     avatar: string | null;
     identities: Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>;
     customData: import("../foundations/index.js").JsonObject;
     logtoConfig: import("../foundations/index.js").JsonObject;
@@ -184,10 +184,10 @@ export declare const userProfileResponseGuard: z.ZodObject<{
     avatar: z.ZodType<string | null, z.ZodTypeDef, string | null>;
     identities: z.ZodType<Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>, z.ZodTypeDef, Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>>;
     customData: z.ZodType<import("../foundations/index.js").JsonObject, z.ZodTypeDef, import("../foundations/index.js").JsonObject>;
     logtoConfig: z.ZodType<import("../foundations/index.js").JsonObject, z.ZodTypeDef, import("../foundations/index.js").JsonObject>;
@@ -245,6 +245,7 @@ export declare const userProfileResponseGuard: z.ZodObject<{
     isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
     lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
     hasPassword: z.ZodOptional<z.ZodBoolean>;
+    ssoIdentities: z.ZodOptional<z.ZodArray<import("../foundations/schemas.js").Guard<import("../db-entries/user-sso-identity.js").UserSsoIdentity>, "many">>;
 }, "strip", z.ZodTypeAny, {
     name: string | null;
     id: string;
@@ -259,7 +260,7 @@ export declare const userProfileResponseGuard: z.ZodObject<{
     avatar: string | null;
     identities: Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>;
     customData: import("../foundations/index.js").JsonObject;
     logtoConfig: import("../foundations/index.js").JsonObject;
@@ -292,6 +293,7 @@ export declare const userProfileResponseGuard: z.ZodObject<{
     isSuspended: boolean;
     lastSignInAt: number | null;
     hasPassword?: boolean | undefined;
+    ssoIdentities?: import("../db-entries/user-sso-identity.js").UserSsoIdentity[] | undefined;
 }, {
     name: string | null;
     id: string;
@@ -306,7 +308,7 @@ export declare const userProfileResponseGuard: z.ZodObject<{
     avatar: string | null;
     identities: Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>;
     customData: import("../foundations/index.js").JsonObject;
     logtoConfig: import("../foundations/index.js").JsonObject;
@@ -339,6 +341,7 @@ export declare const userProfileResponseGuard: z.ZodObject<{
     isSuspended: boolean;
     lastSignInAt: number | null;
     hasPassword?: boolean | undefined;
+    ssoIdentities?: import("../db-entries/user-sso-identity.js").UserSsoIdentity[] | undefined;
 }>;
 export type UserProfileResponse = z.infer<typeof userProfileResponseGuard>;
 export declare const userMfaVerificationResponseGuard: z.ZodArray<z.ZodObject<{
@@ -399,10 +402,10 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
     applicationId: z.ZodType<string | null, z.ZodTypeDef, string | null>;
     identities: z.ZodType<Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>, z.ZodTypeDef, Record<string, {
         userId: string;
-        details?: {} | undefined;
+        details?: Record<string, unknown> | undefined;
     }>>;
     customData: z.ZodType<import("../foundations/index.js").JsonObject, z.ZodTypeDef, import("../foundations/index.js").JsonObject>;
     logtoConfig: z.ZodType<import("../foundations/index.js").JsonObject, z.ZodTypeDef, import("../foundations/index.js").JsonObject>;

package/lib/types/user.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { z } from 'zod';
-import { Users } from '../db-entries/index.js';
+import { Users, UserSsoIdentities } from '../db-entries/index.js';
 import { MfaFactor } from '../foundations/index.js';
 export const userInfoSelectFields = Object.freeze([
     'id',
@@ -18,6 +18,7 @@ export const userInfoSelectFields = Object.freeze([
 export const userInfoGuard = Users.guard.pick(Object.fromEntries(userInfoSelectFields.map((key) => [key, true])));
 export const userProfileResponseGuard = userInfoGuard.extend({
     hasPassword: z.boolean().optional(),
+    ssoIdentities: z.array(UserSsoIdentities.guard).optional(),
 });
 export const userMfaVerificationResponseGuard = z
     .object({

package/lib/utils/domain.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Find duplicated domains and blocked domains using the domain blacklist.
+ *
+ * @param domains Array of email domains.
+ * @returns
+ */
+export declare const findDuplicatedOrBlockedEmailDomains: (domains?: string[]) => {
+    duplicatedDomains: Set<string>;
+    forbiddenDomains: Set<string>;
+};

package/lib/utils/domain.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { singleSignOnDomainBlackList } from '../types/sso-connector.js';
+/**
+ * Find duplicated domains and blocked domains using the domain blacklist.
+ *
+ * @param domains Array of email domains.
+ * @returns
+ */
+export const findDuplicatedOrBlockedEmailDomains = (domains) => {
+    const blackListSet = new Set(singleSignOnDomainBlackList);
+    const validDomainSet = new Set();
+    const duplicatedDomains = new Set();
+    const forbiddenDomains = new Set();
+    for (const domain of domains ?? []) {
+        if (blackListSet.has(domain)) {
+            forbiddenDomains.add(domain);
+        }
+        if (validDomainSet.has(domain)) {
+            duplicatedDomains.add(domain);
+        }
+        else {
+            validDomainSet.add(domain);
+        }
+    }
+    return {
+        duplicatedDomains,
+        forbiddenDomains,
+    };
+};

package/lib/utils/domain.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/lib/utils/domain.test.js ADDED Viewed

@@ -0,0 +1,34 @@
+import { findDuplicatedOrBlockedEmailDomains } from './domain.js';
+describe('findDuplicatedOrBlockedEmailDomains', () => {
+    it('should return blocked domains and duplicated domains correctly', () => {
+        const { duplicatedDomains, forbiddenDomains } = findDuplicatedOrBlockedEmailDomains([
+            'gmail.com',
+            'silverhand.io',
+            'logto.io',
+            'yahoo.com',
+            'outlook.com',
+            'logto.io',
+        ]);
+        expect(duplicatedDomains).toEqual(new Set(['logto.io']));
+        expect(forbiddenDomains).toEqual(new Set(['gmail.com', 'yahoo.com', 'outlook.com']));
+    });
+    it('should return empty `duplicatedDomains` and `forbiddenDomains` sets if all domains are valid', () => {
+        const { duplicatedDomains, forbiddenDomains } = findDuplicatedOrBlockedEmailDomains([
+            'silverhand.io',
+            'logto.io',
+            'metalhand.io',
+        ]);
+        expect(duplicatedDomains).toEqual(new Set());
+        expect(forbiddenDomains).toEqual(new Set());
+    });
+    it('should return empty `duplicatedDomains` and `forbiddenDomains` sets if input is undefined', () => {
+        const { duplicatedDomains, forbiddenDomains } = findDuplicatedOrBlockedEmailDomains();
+        expect(duplicatedDomains).toEqual(new Set());
+        expect(forbiddenDomains).toEqual(new Set());
+    });
+    it('should return empty `duplicatedDomains` and `forbiddenDomains` sets if input is empty array', () => {
+        const { duplicatedDomains, forbiddenDomains } = findDuplicatedOrBlockedEmailDomains([]);
+        expect(duplicatedDomains).toEqual(new Set());
+        expect(forbiddenDomains).toEqual(new Set());
+    });
+});

package/lib/utils/index.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
 export * from './role.js';
 export * from './management-api.js';
+export * from './domain.js';

package/lib/utils/index.js CHANGED Viewed

@@ -1,2 +1,3 @@
 export * from './role.js';
 export * from './management-api.js';
+export * from './domain.js';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.10.1",
+  "version": "1.12.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -30,7 +30,7 @@
     "@types/inquirer": "^9.0.0",
     "@types/jest": "^29.4.0",
     "@types/node": "^18.11.18",
-    "@types/pluralize": "^0.0.32",
+    "@types/pluralize": "^0.0.33",
     "camelcase": "^8.0.0",
     "chalk": "^5.0.0",
     "eslint": "^8.44.0",
@@ -65,15 +65,15 @@
   "prettier": "@silverhand/eslint-config/.prettierrc",
   "dependencies": {
     "@logto/connector-kit": "^2.0.0",
-    "@logto/core-kit": "^2.2.0",
+    "@logto/core-kit": "^2.2.1",
     "@logto/language-kit": "^1.0.0",
-    "@logto/phrases": "^1.6.0",
-    "@logto/phrases-experience": "^1.3.1",
+    "@logto/phrases": "^1.8.0",
+    "@logto/phrases-experience": "^1.5.0",
     "@logto/shared": "^3.0.0",
     "@withtyped/server": "^0.12.9"
   },
   "peerDependencies": {
-    "zod": "^3.22.3"
+    "zod": "^3.22.4"
   },
   "scripts": {
     "precommit": "lint-staged",

package/tables/organization_role_user_relations.sql CHANGED Viewed

@@ -1,14 +1,16 @@
-/* init_order = 2 */
+/* init_order = 3 */
 /** The relations between organizations, organization roles, and users. A relation means that a user has a role in an organization. */
 create table organization_role_user_relations (
   tenant_id varchar(21) not null
     references tenants (id) on update cascade on delete cascade,
-  organization_id varchar(21) not null
-    references organizations (id) on update cascade on delete cascade,
+  organization_id varchar(21) not null,
   organization_role_id varchar(21) not null
     references organization_roles (id) on update cascade on delete cascade,
-  user_id varchar(21) not null
-    references users (id) on update cascade on delete cascade,
-  primary key (tenant_id, organization_id, organization_role_id, user_id)
+  user_id varchar(21) not null,
+  primary key (tenant_id, organization_id, organization_role_id, user_id),
+  /** User's roles in an organization should be synchronized with the user's membership in the organization. */
+  foreign key (tenant_id, organization_id, user_id)
+    references organization_user_relations (tenant_id, organization_id, user_id)
+    on update cascade on delete cascade
 );

package/tables/sign_in_experiences.sql CHANGED Viewed

@@ -17,5 +17,6 @@ create table sign_in_experiences (
   custom_content jsonb /* @use CustomContent */ not null default '{}'::jsonb,
   password_policy jsonb /* @use PartialPasswordPolicy */ not null default '{}'::jsonb,
   mfa jsonb /* @use Mfa */ not null default '{}'::jsonb,
+  single_sign_on_enabled boolean not null default false,
   primary key (tenant_id, id)
 );

package/tables/sso_connectors.sql CHANGED Viewed

@@ -1,9 +1,10 @@
+/* init_order = 1 */
 create table sso_connectors (
   tenant_id varchar(21) not null
     references tenants (id) on update cascade on delete cascade,
   /** The globally unique identifier of the SSO connector. */
   id varchar(128) not null,
-  /** The connector factory name of the SSO provider. */
+  /** The identifier of connector's SSO provider */
   provider_name varchar(128) not null,
   /** The name of the SSO provider for display. */
   connector_name varchar(128) not null,
@@ -15,11 +16,11 @@ create table sso_connectors (
   branding jsonb /* @use SsoBranding */ not null default '{}'::jsonb,
   /** Determines whether to synchronize the user's profile on each login. */
   sync_profile boolean not null default FALSE,
-  /** Determines whether SSO is the restricted sign-in method for users with the SSO registered email domains */
-  sso_only boolean not null default FALSE,
   /** When the SSO connector was created. */
   created_at timestamptz not null default(now()),
-  primary key (id)
+  primary key (id),
+  constraint sso_connectors__connector_name__unique
+    unique (tenant_id, connector_name)
 );
 create index sso_connectors__id

package/tables/user_sso_identities.sql CHANGED Viewed

@@ -11,6 +11,9 @@ create table user_sso_identities (
   identity_id varchar(128) not null,
   detail jsonb /* @use JsonObject */ not null default '{}'::jsonb,
   created_at timestamp not null default(now()),
+  sso_connector_id
+    varchar(128) not null
+    references sso_connectors (id) on update cascade on delete cascade,
   primary key (id),
   constraint user_sso_identities__issuer__identity_id
     unique (tenant_id, issuer, identity_id)