@logto/schemas 1.11.0 → 1.13.0

package/lib/types/domain.d.ts

@@ -15,71 +15,27 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
         value: string;
         name: string;
     }[]>;
-    cloudflareData: z.ZodType<z.objectOutputType<{
-        id: z.ZodString;
-        status: z.ZodString;
-        ssl: z.ZodObject<{
-            status: z.ZodString;
-            validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
-                message: z.ZodString;
-            }, "strip", z.ZodUnknown, z.objectOutputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">, z.objectInputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">>, "many">>;
-        }, "strip", z.ZodUnknown, z.objectOutputType<{
-            status: z.ZodString;
-            validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
-                message: z.ZodString;
-            }, "strip", z.ZodUnknown, z.objectOutputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">, z.objectInputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">>, "many">>;
-        }, z.ZodUnknown, "strip">, z.objectInputType<{
-            status: z.ZodString;
-            validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
-                message: z.ZodString;
-            }, "strip", z.ZodUnknown, z.objectOutputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">, z.objectInputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">>, "many">>;
-        }, z.ZodUnknown, "strip">>;
-        verification_errors: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    }, z.ZodUnknown, "strip"> | null, z.ZodTypeDef, z.objectOutputType<{
-        id: z.ZodString;
-        status: z.ZodString;
-        ssl: z.ZodObject<{
-            status: z.ZodString;
-            validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
-                message: z.ZodString;
-            }, "strip", z.ZodUnknown, z.objectOutputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">, z.objectInputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">>, "many">>;
-        }, "strip", z.ZodUnknown, z.objectOutputType<{
-            status: z.ZodString;
-            validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
-                message: z.ZodString;
-            }, "strip", z.ZodUnknown, z.objectOutputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">, z.objectInputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">>, "many">>;
-        }, z.ZodUnknown, "strip">, z.objectInputType<{
-            status: z.ZodString;
-            validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
-                message: z.ZodString;
-            }, "strip", z.ZodUnknown, z.objectOutputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">, z.objectInputType<{
-                message: z.ZodString;
-            }, z.ZodUnknown, "strip">>, "many">>;
-        }, z.ZodUnknown, "strip">>;
-        verification_errors: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    }, z.ZodUnknown, "strip"> | null>;
+    cloudflareData: z.ZodType<{
+        status: string;
+        id: string;
+        ssl: {
+            status: string;
+            validation_errors?: {
+                message: string;
+            }[] | undefined;
+        };
+        verification_errors?: string[] | undefined;
+    } | null, z.ZodTypeDef, {
+        status: string;
+        id: string;
+        ssl: {
+            status: string;
+            validation_errors?: {
+                message: string;
+            }[] | undefined;
+        };
+        verification_errors?: string[] | undefined;
+    } | null>;
     updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
     createdAt: z.ZodType<number, z.ZodTypeDef, number>;
 }, "status" | "id" | "domain" | "errorMessage" | "dnsRecords">, "strip", z.ZodTypeAny, {

package/lib/types/hook.d.ts

@@ -9,6 +9,7 @@ export type HookEventPayload = {
     sessionId?: string;
     userAgent?: string;
     userId?: string;
+    userIp?: string;
     user?: Pick<User, (typeof userInfoSelectFields)[number]>;
     application?: Pick<Application, 'id' | 'type' | 'name' | 'description'>;
 } & Record<string, unknown>;

package/lib/types/index.d.ts

@@ -23,3 +23,6 @@ export * from './mfa.js';
 export * from './organization.js';
 export * from './sso-connector.js';
 export * from './tenant.js';
+export * from './tenant-organization.js';
+export * from './mapi-proxy.js';
+export * from './consent.js';

package/lib/types/index.js

@@ -23,3 +23,6 @@ export * from './mfa.js';
 export * from './organization.js';
 export * from './sso-connector.js';
 export * from './tenant.js';
+export * from './tenant-organization.js';
+export * from './mapi-proxy.js';
+export * from './consent.js';

package/lib/types/interactions.d.ts

@@ -39,13 +39,13 @@ export declare const phonePasswordPayloadGuard: z.ZodObject<{
 export type PhonePasswordPayload = z.infer<typeof phonePasswordPayloadGuard>;
 export declare const socialConnectorPayloadGuard: z.ZodObject<{
     connectorId: z.ZodString;
-    connectorData: z.ZodRecord<z.ZodString, z.ZodType<import("../foundations/index.js").Json, z.ZodTypeDef, import("../foundations/index.js").Json>>;
+    connectorData: z.ZodRecord<z.ZodString, z.ZodType<import("@withtyped/server/lib/types.js").Json, z.ZodTypeDef, import("@withtyped/server/lib/types.js").Json>>;
 }, "strip", z.ZodTypeAny, {
     connectorId: string;
-    connectorData: Record<string, import("../foundations/index.js").Json>;
+    connectorData: Record<string, import("@withtyped/server/lib/types.js").Json>;
 }, {
     connectorId: string;
-    connectorData: Record<string, import("../foundations/index.js").Json>;
+    connectorData: Record<string, import("@withtyped/server/lib/types.js").Json>;
 }>;
 export type SocialConnectorPayload = z.infer<typeof socialConnectorPayloadGuard>;
 export declare const socialEmailPayloadGuard: z.ZodObject<{
@@ -123,13 +123,13 @@ export declare const identifierPayloadGuard: z.ZodUnion<[z.ZodObject<{
     verificationCode: string;
 }>, z.ZodObject<{
     connectorId: z.ZodString;
-    connectorData: z.ZodRecord<z.ZodString, z.ZodType<import("../foundations/index.js").Json, z.ZodTypeDef, import("../foundations/index.js").Json>>;
+    connectorData: z.ZodRecord<z.ZodString, z.ZodType<import("@withtyped/server/lib/types.js").Json, z.ZodTypeDef, import("@withtyped/server/lib/types.js").Json>>;
 }, "strip", z.ZodTypeAny, {
     connectorId: string;
-    connectorData: Record<string, import("../foundations/index.js").Json>;
+    connectorData: Record<string, import("@withtyped/server/lib/types.js").Json>;
 }, {
     connectorId: string;
-    connectorData: Record<string, import("../foundations/index.js").Json>;
+    connectorData: Record<string, import("@withtyped/server/lib/types.js").Json>;
 }>, z.ZodObject<{
     connectorId: z.ZodString;
     email: z.ZodString;

package/lib/types/logto-config.d.ts

@@ -1,6 +1,5 @@
 import type { ZodType } from 'zod';
 import { z } from 'zod';
-import { TenantTag } from './tenant.js';
 /**
  * Logto OIDC signing key types, used mainly in REST API routes.
  */
@@ -48,33 +47,60 @@ export declare const adminConsoleDataGuard: z.ZodObject<{
     organizationCreated: z.ZodBoolean;
     developmentTenantMigrationNotification: z.ZodOptional<z.ZodObject<{
         isPaidTenant: z.ZodBoolean;
-        tag: z.ZodNativeEnum<typeof TenantTag>;
+        /**
+         * Tag is used to store the original tenant tag before dev tenant migration.
+         * This field is only used for DB rollback and because the `TenantTag` may change, so we don't guard it as the `TenantTag` type.
+         */
+        tag: z.ZodString;
         readAt: z.ZodOptional<z.ZodNumber>;
     }, "strip", z.ZodTypeAny, {
         isPaidTenant: boolean;
-        tag: TenantTag;
+        tag: string;
         readAt?: number | undefined;
     }, {
         isPaidTenant: boolean;
-        tag: TenantTag;
+        tag: string;
         readAt?: number | undefined;
     }>>;
+    checkedChargeNotification: z.ZodOptional<z.ZodObject<{
+        token: z.ZodOptional<z.ZodBoolean>;
+        apiResource: z.ZodOptional<z.ZodBoolean>;
+        machineToMachineApp: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        token?: boolean | undefined;
+        apiResource?: boolean | undefined;
+        machineToMachineApp?: boolean | undefined;
+    }, {
+        token?: boolean | undefined;
+        apiResource?: boolean | undefined;
+        machineToMachineApp?: boolean | undefined;
+    }>>;
 }, "strip", z.ZodTypeAny, {
     signInExperienceCustomized: boolean;
     organizationCreated: boolean;
     developmentTenantMigrationNotification?: {
         isPaidTenant: boolean;
-        tag: TenantTag;
+        tag: string;
         readAt?: number | undefined;
     } | undefined;
+    checkedChargeNotification?: {
+        token?: boolean | undefined;
+        apiResource?: boolean | undefined;
+        machineToMachineApp?: boolean | undefined;
+    } | undefined;
 }, {
     signInExperienceCustomized: boolean;
     organizationCreated: boolean;
     developmentTenantMigrationNotification?: {
         isPaidTenant: boolean;
-        tag: TenantTag;
+        tag: string;
         readAt?: number | undefined;
     } | undefined;
+    checkedChargeNotification?: {
+        token?: boolean | undefined;
+        apiResource?: boolean | undefined;
+        machineToMachineApp?: boolean | undefined;
+    } | undefined;
 }>;
 export type AdminConsoleData = z.infer<typeof adminConsoleDataGuard>;
 export declare const cloudConnectionDataGuard: z.ZodObject<{

package/lib/types/logto-config.js

@@ -1,5 +1,4 @@
 import { z } from 'zod';
-import { TenantTag } from './tenant.js';
 /**
  * Logto OIDC signing key types, used mainly in REST API routes.
  */
@@ -40,10 +39,21 @@ export const adminConsoleDataGuard = z.object({
     developmentTenantMigrationNotification: z
         .object({
         isPaidTenant: z.boolean(),
-        tag: z.nativeEnum(TenantTag),
+        /**
+         * Tag is used to store the original tenant tag before dev tenant migration.
+         * This field is only used for DB rollback and because the `TenantTag` may change, so we don't guard it as the `TenantTag` type.
+         */
+        tag: z.string(),
         readAt: z.number().optional(),
     })
         .optional(),
+    checkedChargeNotification: z
+        .object({
+        token: z.boolean().optional(),
+        apiResource: z.boolean().optional(),
+        machineToMachineApp: z.boolean().optional(),
+    })
+        .optional(),
 });
 /* --- Logto tenant cloud connection config --- */
 export const cloudConnectionDataGuard = z.object({

package/lib/types/mapi-proxy.d.ts

@@ -0,0 +1,30 @@
+/**
+ * @fileoverview
+ * Mapi (Management API) proxy is an endpoint in Logto Cloud that proxies the requests to the
+ * corresponding Management API. It has the following benefits:
+ *
+ * - When we migrate the tenant management from API resources to tenant organizations, we can
+ *   migrate Console to use the mapi proxy endpoint by changing only the base URL.
+ * - It decouples the access control of Cloud user collaboration from the machine-to-machine access
+ *   control of the Management API.
+ * - The mapi proxy endpoint shares the same domain with Logto Cloud, so it can be used in the
+ *   browser without CORS.
+ *
+ * This module provides utilities to manage mapi proxy.
+ */
+import { type Role, type CreateApplication } from '../db-entries/index.js';
+/**
+ * Given a tenant ID, return the role data for the mapi proxy.
+ *
+ * It follows a convention to generate all the fields which can be used across the system. See
+ * source code for details.
+ */
+export declare const getMapiProxyRole: (tenantId: string) => Readonly<Role>;
+/**
+ * Given a tenant ID, return the application create data for the mapi proxy. The proxy will use the
+ * application to access the Management API.
+ *
+ * It follows a convention to generate all the fields which can be used across the system. See
+ * source code for details.
+ */
+export declare const getMapiProxyM2mApp: (tenantId: string) => Readonly<CreateApplication>;

package/lib/types/mapi-proxy.js

@@ -0,0 +1,49 @@
+/**
+ * @fileoverview
+ * Mapi (Management API) proxy is an endpoint in Logto Cloud that proxies the requests to the
+ * corresponding Management API. It has the following benefits:
+ *
+ * - When we migrate the tenant management from API resources to tenant organizations, we can
+ *   migrate Console to use the mapi proxy endpoint by changing only the base URL.
+ * - It decouples the access control of Cloud user collaboration from the machine-to-machine access
+ *   control of the Management API.
+ * - The mapi proxy endpoint shares the same domain with Logto Cloud, so it can be used in the
+ *   browser without CORS.
+ *
+ * This module provides utilities to manage mapi proxy.
+ */
+import { generateStandardSecret } from '@logto/shared/universal';
+import { RoleType, ApplicationType, } from '../db-entries/index.js';
+import { adminTenantId } from '../seeds/tenant.js';
+/**
+ * Given a tenant ID, return the role data for the mapi proxy.
+ *
+ * It follows a convention to generate all the fields which can be used across the system. See
+ * source code for details.
+ */
+export const getMapiProxyRole = (tenantId) => Object.freeze({
+    tenantId: adminTenantId,
+    id: `m-${tenantId}`,
+    name: `machine:mapi:${tenantId}`,
+    description: `Machine-to-machine role for accessing Management API of tenant '${tenantId}'.`,
+    type: RoleType.MachineToMachine,
+});
+/**
+ * Given a tenant ID, return the application create data for the mapi proxy. The proxy will use the
+ * application to access the Management API.
+ *
+ * It follows a convention to generate all the fields which can be used across the system. See
+ * source code for details.
+ */
+export const getMapiProxyM2mApp = (tenantId) => Object.freeze({
+    tenantId: adminTenantId,
+    id: `m-${tenantId}`,
+    secret: generateStandardSecret(32),
+    name: `Management API access for ${tenantId}`,
+    description: `Machine-to-machine app for accessing Management API of tenant '${tenantId}'.`,
+    type: ApplicationType.MachineToMachine,
+    oidcClientMetadata: {
+        redirectUris: [],
+        postLogoutRedirectUris: [],
+    },
+});

package/lib/types/organization.d.ts

@@ -1,5 +1,5 @@
 import { z } from 'zod';
-import { type OrganizationRole, type Organization } from '../db-entries/index.js';
+import { type OrganizationRole, type Organization, type OrganizationInvitation } from '../db-entries/index.js';
 import { type UserInfo, type FeaturedUser } from './user.js';
 /**
  * The simplified organization scope entity that is returned for some endpoints.
@@ -46,3 +46,12 @@ export type OrganizationWithFeatured = Organization & {
     usersCount?: number;
     featuredUsers?: FeaturedUser[];
 };
+/**
+ * The organization invitation with additional fields:
+ *
+ * - `organizationRoles`: The roles to be assigned to the user when accepting the invitation.
+ */
+export type OrganizationInvitationEntity = OrganizationInvitation & {
+    organizationRoles: OrganizationRoleEntity[];
+};
+export declare const organizationInvitationEntityGuard: z.ZodType<OrganizationInvitationEntity>;

package/lib/types/organization.js

@@ -1,5 +1,5 @@
 import { z } from 'zod';
-import { OrganizationRoles, Organizations, } from '../db-entries/index.js';
+import { OrganizationRoles, Organizations, OrganizationInvitations, } from '../db-entries/index.js';
 import { userInfoGuard } from './user.js';
 export const organizationRoleWithScopesGuard = OrganizationRoles.guard.extend({
     scopes: z
@@ -19,3 +19,6 @@ export const organizationWithOrganizationRolesGuard = Organizations.guard.extend
 export const userWithOrganizationRolesGuard = userInfoGuard.extend({
     organizationRoles: organizationRoleEntityGuard.array(),
 });
+export const organizationInvitationEntityGuard = OrganizationInvitations.guard.extend({
+    organizationRoles: organizationRoleEntityGuard.array(),
+});

package/lib/types/sso-connector.d.ts

@@ -1,4 +1,5 @@
 import { z } from 'zod';
+import { type SsoConnector } from '../db-entries/sso-connector.js';
 /**
  * SSO Connector data type that are returned to the experience client for sign-in use.
  */
@@ -19,118 +20,114 @@ export declare const ssoConnectorMetadataGuard: z.ZodObject<{
     darkLogo?: string | undefined;
 }>;
 export type SsoConnectorMetadata = z.infer<typeof ssoConnectorMetadataGuard>;
-declare const ssoConnectorFactoryDetailGuard: z.ZodObject<{
-    providerName: z.ZodString;
+export declare enum SsoProviderName {
+    OIDC = "OIDC",
+    SAML = "SAML",
+    AZURE_AD = "AzureAD",
+    GOOGLE_WORKSPACE = "GoogleWorkspace",
+    OKTA = "Okta"
+}
+export declare const singleSignOnDomainBlackList: readonly string[];
+export type SupportedSsoConnector = Omit<SsoConnector, 'providerName'> & {
+    providerName: SsoProviderName;
+};
+declare const ssoConnectorProviderDetailGuard: z.ZodObject<{
+    providerName: z.ZodNativeEnum<typeof SsoProviderName>;
     logo: z.ZodString;
+    logoDark: z.ZodString;
     description: z.ZodString;
+    name: z.ZodString;
 }, "strip", z.ZodTypeAny, {
+    name: string;
     logo: string;
     description: string;
-    providerName: string;
+    logoDark: string;
+    providerName: SsoProviderName;
 }, {
+    name: string;
     logo: string;
     description: string;
-    providerName: string;
+    logoDark: string;
+    providerName: SsoProviderName;
 }>;
-export type SsoConnectorFactoryDetail = z.infer<typeof ssoConnectorFactoryDetailGuard>;
-export declare const ssoConnectorFactoriesResponseGuard: z.ZodObject<{
-    standardConnectors: z.ZodArray<z.ZodObject<{
-        providerName: z.ZodString;
-        logo: z.ZodString;
-        description: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        logo: string;
-        description: string;
-        providerName: string;
-    }, {
-        logo: string;
-        description: string;
-        providerName: string;
-    }>, "many">;
-    providerConnectors: z.ZodArray<z.ZodObject<{
-        providerName: z.ZodString;
-        logo: z.ZodString;
-        description: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        logo: string;
-        description: string;
-        providerName: string;
-    }, {
-        logo: string;
-        description: string;
-        providerName: string;
-    }>, "many">;
+export type SsoConnectorProviderDetail = z.infer<typeof ssoConnectorProviderDetailGuard>;
+export declare const ssoConnectorProvidersResponseGuard: z.ZodArray<z.ZodObject<{
+    providerName: z.ZodNativeEnum<typeof SsoProviderName>;
+    logo: z.ZodString;
+    logoDark: z.ZodString;
+    description: z.ZodString;
+    name: z.ZodString;
 }, "strip", z.ZodTypeAny, {
-    standardConnectors: {
-        logo: string;
-        description: string;
-        providerName: string;
-    }[];
-    providerConnectors: {
-        logo: string;
-        description: string;
-        providerName: string;
-    }[];
+    name: string;
+    logo: string;
+    description: string;
+    logoDark: string;
+    providerName: SsoProviderName;
 }, {
-    standardConnectors: {
-        logo: string;
-        description: string;
-        providerName: string;
-    }[];
-    providerConnectors: {
-        logo: string;
-        description: string;
-        providerName: string;
-    }[];
-}>;
-export type SsoConnectorFactoriesResponse = z.infer<typeof ssoConnectorFactoriesResponseGuard>;
+    name: string;
+    logo: string;
+    description: string;
+    logoDark: string;
+    providerName: SsoProviderName;
+}>, "many">;
+export type SsoConnectorProvidersResponse = z.infer<typeof ssoConnectorProvidersResponseGuard>;
 export declare const ssoConnectorWithProviderConfigGuard: z.ZodObject<{
     id: z.ZodType<string, z.ZodTypeDef, string>;
     tenantId: z.ZodType<string, z.ZodTypeDef, string>;
     createdAt: z.ZodType<number, z.ZodTypeDef, number>;
-    syncProfile: z.ZodType<boolean, z.ZodTypeDef, boolean>;
-    config: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
-    domains: z.ZodType<string[], z.ZodTypeDef, string[]>;
     branding: z.ZodType<{
+        displayName?: string | undefined;
         logo?: string | undefined;
         darkLogo?: string | undefined;
     }, z.ZodTypeDef, {
+        displayName?: string | undefined;
         logo?: string | undefined;
         darkLogo?: string | undefined;
     }>;
-    providerName: z.ZodType<string, z.ZodTypeDef, string>;
+    syncProfile: z.ZodType<boolean, z.ZodTypeDef, boolean>;
+    config: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
+    domains: z.ZodType<string[], z.ZodTypeDef, string[]>;
     connectorName: z.ZodType<string, z.ZodTypeDef, string>;
+    name: z.ZodString;
+    providerName: z.ZodNativeEnum<typeof SsoProviderName>;
     providerLogo: z.ZodString;
+    providerLogoDark: z.ZodString;
     providerConfig: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, "strip", z.ZodTypeAny, {
+    name: string;
     id: string;
     tenantId: string;
     createdAt: number;
-    syncProfile: boolean;
-    config: import("@withtyped/server").JsonObject;
-    domains: string[];
     branding: {
+        displayName?: string | undefined;
         logo?: string | undefined;
         darkLogo?: string | undefined;
     };
-    providerName: string;
+    syncProfile: boolean;
+    config: import("@withtyped/server").JsonObject;
+    domains: string[];
+    providerName: SsoProviderName;
     connectorName: string;
     providerLogo: string;
+    providerLogoDark: string;
     providerConfig?: Record<string, unknown> | undefined;
 }, {
+    name: string;
     id: string;
     tenantId: string;
     createdAt: number;
-    syncProfile: boolean;
-    config: import("@withtyped/server").JsonObject;
-    domains: string[];
     branding: {
+        displayName?: string | undefined;
         logo?: string | undefined;
         darkLogo?: string | undefined;
     };
-    providerName: string;
+    syncProfile: boolean;
+    config: import("@withtyped/server").JsonObject;
+    domains: string[];
+    providerName: SsoProviderName;
     connectorName: string;
     providerLogo: string;
+    providerLogoDark: string;
     providerConfig?: Record<string, unknown> | undefined;
 }>;
 export type SsoConnectorWithProviderConfig = z.infer<typeof ssoConnectorWithProviderConfigGuard>;

package/lib/types/sso-connector.js

@@ -9,16 +9,50 @@ export const ssoConnectorMetadataGuard = z.object({
     logo: z.string(),
     darkLogo: z.string().optional(),
 });
-const ssoConnectorFactoryDetailGuard = z.object({
-    providerName: z.string(),
+export var SsoProviderName;
+(function (SsoProviderName) {
+    SsoProviderName["OIDC"] = "OIDC";
+    SsoProviderName["SAML"] = "SAML";
+    SsoProviderName["AZURE_AD"] = "AzureAD";
+    SsoProviderName["GOOGLE_WORKSPACE"] = "GoogleWorkspace";
+    SsoProviderName["OKTA"] = "Okta";
+})(SsoProviderName || (SsoProviderName = {}));
+export const singleSignOnDomainBlackList = Object.freeze([
+    'gmail.com',
+    'yahoo.com',
+    'hotmail.com',
+    'outlook.com',
+    'live.com',
+    'icloud.com',
+    'aol.com',
+    'yandex.com',
+    'mail.com',
+    'protonmail.com',
+    'yanex.com',
+    'gmx.com',
+    'mail.ru',
+    'zoho.com',
+    'qq.com',
+    '163.com',
+    '126.com',
+    'sina.com',
+    'sohu.com',
+]);
+const ssoConnectorProviderDetailGuard = z.object({
+    providerName: z.nativeEnum(SsoProviderName),
     logo: z.string(),
+    logoDark: z.string(),
     description: z.string(),
+    name: z.string(),
 });
-export const ssoConnectorFactoriesResponseGuard = z.object({
-    standardConnectors: z.array(ssoConnectorFactoryDetailGuard),
-    providerConnectors: z.array(ssoConnectorFactoryDetailGuard),
-});
-export const ssoConnectorWithProviderConfigGuard = SsoConnectors.guard.merge(z.object({
+export const ssoConnectorProvidersResponseGuard = z.array(ssoConnectorProviderDetailGuard);
+// API response guard for all the SSO connectors CRUD APIs
+export const ssoConnectorWithProviderConfigGuard = SsoConnectors.guard
+    .omit({ providerName: true })
+    .merge(z.object({
+    name: z.string(), // For display purpose, generate from i18n key name defined by SSO factory.
+    providerName: z.nativeEnum(SsoProviderName),
     providerLogo: z.string(),
+    providerLogoDark: z.string(),
     providerConfig: z.record(z.unknown()).optional(),
 }));

package/lib/types/system.d.ts

@@ -175,19 +175,46 @@ export declare const demoSocialGuard: Readonly<{
 export declare const hostnameProviderDataGuard: z.ZodObject<{
     zoneId: z.ZodString;
     apiToken: z.ZodString;
+    blockedDomains: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
 }, "strip", z.ZodTypeAny, {
     zoneId: string;
     apiToken: string;
+    blockedDomains?: string[] | undefined;
 }, {
     zoneId: string;
     apiToken: string;
+    blockedDomains?: string[] | undefined;
 }>;
 export type HostnameProviderData = z.infer<typeof hostnameProviderDataGuard>;
+export declare const protectedAppConfigProviderDataGuard: z.ZodObject<{
+    accountIdentifier: z.ZodString;
+    namespaceIdentifier: z.ZodString;
+    keyName: z.ZodString;
+    domain: z.ZodString;
+    apiToken: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    domain: string;
+    apiToken: string;
+    accountIdentifier: string;
+    namespaceIdentifier: string;
+    keyName: string;
+}, {
+    domain: string;
+    apiToken: string;
+    accountIdentifier: string;
+    namespaceIdentifier: string;
+    keyName: string;
+}>;
+export type ProtectedAppConfigProviderData = z.infer<typeof protectedAppConfigProviderDataGuard>;
 export declare enum CloudflareKey {
-    HostnameProvider = "cloudflareHostnameProvider"
+    HostnameProvider = "cloudflareHostnameProvider",
+    ProtectedAppConfigProvider = "cloudflareProtectedAppConfigProvider",
+    ProtectedAppHostnameProvider = "cloudflareProtectedAppHostnameProvider"
 }
 export type CloudflareType = {
     [CloudflareKey.HostnameProvider]: HostnameProviderData;
+    [CloudflareKey.ProtectedAppConfigProvider]: ProtectedAppConfigProviderData;
+    [CloudflareKey.ProtectedAppHostnameProvider]: HostnameProviderData;
 };
 export declare const cloudflareGuard: Readonly<{
     [key in CloudflareKey]: ZodType<CloudflareType[key]>;