npm - @logto/schemas - Versions diffs - 1.11.0 → 1.13.0 - Mend

@logto/schemas 1.11.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

package/tables/application_user_consent_organizations.sql ADDED Viewed

@@ -0,0 +1,16 @@
+/* init_order = 3 */
+/** The relations between applications, users and organizations. A relation means that a user has consented to an application to access data in an organization. */
+create table application_user_consent_organizations (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  application_id varchar(21) not null
+    references applications (id) on update cascade on delete cascade,
+  organization_id varchar(21) not null,
+  user_id varchar(21) not null,
+  primary key (tenant_id, application_id, organization_id, user_id),
+  /** User's consent to an application should be synchronized with the user's membership in the organization. */
+  foreign key (tenant_id, organization_id, user_id)
+    references organization_user_relations (tenant_id, organization_id, user_id)
+    on update cascade on delete cascade
+)

package/tables/application_user_consent_resource_scopes.sql ADDED Viewed

@@ -0,0 +1,14 @@
+/* init_order = 3 */
+/** The resource scopes (permissions) assigned to an application's consent request. */
+create table application_user_consent_resource_scopes (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  /** The globally unique identifier of the application. */
+  application_id varchar(21) not null
+    references applications (id) on update cascade on delete cascade,
+  /** The globally unique identifier of the resource scope. */
+  scope_id varchar(21) not null
+    references scopes (id) on update cascade on delete cascade,
+  primary key (application_id, scope_id)
+);

package/tables/application_user_consent_user_scopes.sql ADDED Viewed

@@ -0,0 +1,13 @@
+/* init_order = 2 */
+/** The user scopes (permissions) assigned to an application */
+create table application_user_consent_user_scopes (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  /** The globally unique identifier of the application. */
+  application_id varchar(21) not null
+    references applications (id) on update cascade on delete cascade,
+  /** The unique UserScope enum value @see (@logto/core-kit/open-id.js) for more details */
+  user_scope varchar(64) not null,
+  primary key (application_id, user_scope)
+);

package/tables/applications.sql CHANGED Viewed

@@ -1,6 +1,6 @@
 /* init_order = 1 */
-create type application_type as enum ('Native', 'SPA', 'Traditional', 'MachineToMachine');
+create type application_type as enum ('Native', 'SPA', 'Traditional', 'MachineToMachine', 'Protected');
 create table applications (
   tenant_id varchar(21) not null
@@ -12,9 +12,24 @@ create table applications (
   type application_type not null,
   oidc_client_metadata jsonb /* @use OidcClientMetadata */ not null,
   custom_client_metadata jsonb /* @use CustomClientMetadata */ not null default '{}'::jsonb,
+  protected_app_metadata jsonb /* @use ProtectedAppMetadata */,
+  is_third_party boolean not null default false,
   created_at timestamptz not null default(now()),
   primary key (id)
 );
 create index applications__id
   on applications (tenant_id, id);
+create index applications__is_third_party
+  on applications (tenant_id, is_third_party);
+create unique index applications__protected_app_metadata_host
+  on applications (
+    (protected_app_metadata->>'host')
+  );
+create unique index applications__protected_app_metadata_custom_domain
+  on applications (
+    (protected_app_metadata->'customDomains'->0->>'domain')
+  );

package/tables/daily_token_usage.sql ADDED Viewed

@@ -0,0 +1,11 @@
+create table daily_token_usage (
+  id varchar(21) not null,
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  usage bigint not null default(0),
+  date timestamptz not null,
+  primary key (id)
+);
+create unique index daily_token_usage__date
+  on daily_token_usage (tenant_id, date);

package/tables/organization_invitation_role_relations.sql ADDED Viewed

@@ -0,0 +1,14 @@
+/* init_order = 4 */
+/** The organization roles that will be assigned to a user when they accept an invitation. */
+create table organization_invitation_role_relations (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  /** The ID of the invitation. */
+  organization_invitation_id varchar(21) not null
+    references organization_invitations (id) on update cascade on delete cascade,
+  /** The ID of the organization role. */
+  organization_role_id varchar(21) not null
+    references organization_roles (id) on update cascade on delete cascade,
+  primary key (tenant_id, organization_invitation_id, organization_role_id)
+);

package/tables/organization_invitations.sql ADDED Viewed

@@ -0,0 +1,36 @@
+/* init_order = 3 */
+create type organization_invitation_status as enum ('Pending', 'Accepted', 'Expired', 'Revoked');
+/** The invitation entry defined in RFC 0003. It stores the invitation information for a user to join an organization. */
+create table organization_invitations (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  /** The unique identifier of the invitation. */
+  id varchar(21) not null,
+  /** The user ID who sent the invitation. */
+  inviter_id varchar(21)
+    references users (id) on update cascade on delete cascade,
+  /** The email address or other identifier of the invitee. */
+  invitee varchar(256) not null,
+  /** The user ID of who accepted the invitation. */
+  accepted_user_id varchar(21)
+    references users (id) on update cascade on delete cascade,
+  /** The ID of the organization to which the invitee is invited. */
+  organization_id varchar(21) not null
+    references organizations (id) on update cascade on delete cascade,
+  /** The status of the invitation. */
+  status organization_invitation_status not null,
+  /** The time when the invitation was created. */
+  created_at timestamptz not null default (now()),
+  /** The time when the invitation status was last updated. */
+  updated_at timestamptz not null default (now()),
+  /** The time when the invitation expires. */
+  expires_at timestamptz not null,
+  primary key (id)
+);
+-- Ensure there is only one pending invitation for a given invitee and organization.
+create unique index organization_invitations__invitee_organization_id
+  on organization_invitations (tenant_id, invitee, organization_id)
+  where status = 'Pending';

package/tables/organization_role_user_relations.sql CHANGED Viewed

@@ -1,14 +1,16 @@
-/* init_order = 2 */
+/* init_order = 3 */
 /** The relations between organizations, organization roles, and users. A relation means that a user has a role in an organization. */
 create table organization_role_user_relations (
   tenant_id varchar(21) not null
     references tenants (id) on update cascade on delete cascade,
-  organization_id varchar(21) not null
-    references organizations (id) on update cascade on delete cascade,
+  organization_id varchar(21) not null,
   organization_role_id varchar(21) not null
     references organization_roles (id) on update cascade on delete cascade,
-  user_id varchar(21) not null
-    references users (id) on update cascade on delete cascade,
-  primary key (tenant_id, organization_id, organization_role_id, user_id)
+  user_id varchar(21) not null,
+  primary key (tenant_id, organization_id, organization_role_id, user_id),
+  /** User's roles in an organization should be synchronized with the user's membership in the organization. */
+  foreign key (tenant_id, organization_id, user_id)
+    references organization_user_relations (tenant_id, organization_id, user_id)
+    on update cascade on delete cascade
 );

package/tables/sign_in_experiences.sql CHANGED Viewed

@@ -17,5 +17,6 @@ create table sign_in_experiences (
   custom_content jsonb /* @use CustomContent */ not null default '{}'::jsonb,
   password_policy jsonb /* @use PartialPasswordPolicy */ not null default '{}'::jsonb,
   mfa jsonb /* @use Mfa */ not null default '{}'::jsonb,
+  single_sign_on_enabled boolean not null default false,
   primary key (tenant_id, id)
 );

package/tables/sso_connectors.sql CHANGED Viewed

@@ -4,7 +4,7 @@ create table sso_connectors (
     references tenants (id) on update cascade on delete cascade,
   /** The globally unique identifier of the SSO connector. */
   id varchar(128) not null,
-  /** The connector factory name of the SSO provider. */
+  /** The identifier of connector's SSO provider */
   provider_name varchar(128) not null,
   /** The name of the SSO provider for display. */
   connector_name varchar(128) not null,
@@ -18,7 +18,9 @@ create table sso_connectors (
   sync_profile boolean not null default FALSE,
   /** When the SSO connector was created. */
   created_at timestamptz not null default(now()),
-  primary key (id)
+  primary key (id),
+  constraint sso_connectors__connector_name__unique
+    unique (tenant_id, connector_name)
 );
 create index sso_connectors__id