@logto/schemas 1.15.0 → 1.16.0

package/alterations/1.16.0-1712912361-delete-jwt-customier-with-empty-script.ts

@@ -0,0 +1,23 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  // We are making the jwt-customizer script field mandatory
+  // Delete the records in logto_configs where key is jwt.accessToken or jwt.clientCredentials and value jsonb's script field is undefined
+  up: async (pool) => {
+    await pool.query(
+      sql`
+        delete from logto_configs 
+        where key in ('jwt.accessToken', 'jwt.clientCredentials')
+        and value->>'script' is null
+      `
+    );
+  },
+  down: async () => {
+    // No down script available, this is a non-reversible operation
+    // It is fine since we have not released this feature yet
+  },
+};
+
+export default alteration;

package/alterations/1.16.0-1713942039-add-organization-custom-data.ts

@@ -0,0 +1,25 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+/** The alteration script to add the `custom_data` field to the `organizations` table. */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(
+      sql`
+        alter table organizations
+        add column custom_data jsonb not null default '{}'::jsonb;
+      `
+    );
+  },
+  down: async (pool) => {
+    await pool.query(
+      sql`
+        alter table organizations
+        drop column custom_data;
+      `
+    );
+  },
+};
+
+export default alteration;

package/alterations/1.16.0-1714270244-application-org-resource-scope.ts

@@ -0,0 +1,32 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table application_user_consent_organization_resource_scopes (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the application. */
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the resource scope. */
+        scope_id varchar(21) not null
+          references scopes (id) on update cascade on delete cascade,
+        primary key (application_id, scope_id)
+      );
+    `);
+    await applyTableRls(pool, 'application_user_consent_organization_resource_scopes');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'application_user_consent_organization_resource_scopes');
+    await pool.query(sql`
+      drop table application_user_consent_organization_resource_scopes
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.16.0-1712912361-delete-jwt-customier-with-empty-script.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.16.0-1712912361-delete-jwt-customier-with-empty-script.js

@@ -0,0 +1,17 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    // We are making the jwt-customizer script field mandatory
+    // Delete the records in logto_configs where key is jwt.accessToken or jwt.clientCredentials and value jsonb's script field is undefined
+    up: async (pool) => {
+        await pool.query(sql `
+        delete from logto_configs 
+        where key in ('jwt.accessToken', 'jwt.clientCredentials')
+        and value->>'script' is null
+      `);
+    },
+    down: async () => {
+        // No down script available, this is a non-reversible operation
+        // It is fine since we have not released this feature yet
+    },
+};
+export default alteration;

package/alterations-js/1.16.0-1713942039-add-organization-custom-data.d.ts

@@ -0,0 +1,4 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+/** The alteration script to add the `custom_data` field to the `organizations` table. */
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.16.0-1713942039-add-organization-custom-data.js

@@ -0,0 +1,17 @@
+import { sql } from '@silverhand/slonik';
+/** The alteration script to add the `custom_data` field to the `organizations` table. */
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+        alter table organizations
+        add column custom_data jsonb not null default '{}'::jsonb;
+      `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+        alter table organizations
+        drop column custom_data;
+      `);
+    },
+};
+export default alteration;

package/alterations-js/1.16.0-1714270244-application-org-resource-scope.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.16.0-1714270244-application-org-resource-scope.js

@@ -0,0 +1,27 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table application_user_consent_organization_resource_scopes (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the application. */
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the resource scope. */
+        scope_id varchar(21) not null
+          references scopes (id) on update cascade on delete cascade,
+        primary key (application_id, scope_id)
+      );
+    `);
+        await applyTableRls(pool, 'application_user_consent_organization_resource_scopes');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'application_user_consent_organization_resource_scopes');
+        await pool.query(sql `
+      drop table application_user_consent_organization_resource_scopes
+    `);
+    },
+};
+export default alteration;

package/lib/db-entries/application-user-consent-organization-resource-scope.d.ts

@@ -0,0 +1,24 @@
+import { GeneratedSchema } from './../foundations/index.js';
+/**
+ * The organization resource scopes (permissions) assigned to an application's consent request. This is different from the application_user_consent_resource_scopes table, scopes in this table is granted by the organization roles.
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link ApplicationUserConsentOrganizationResourceScope} for the original type.
+ */
+export type CreateApplicationUserConsentOrganizationResourceScope = {
+    tenantId?: string;
+    /** The globally unique identifier of the application. */
+    applicationId: string;
+    /** The globally unique identifier of the resource scope. */
+    scopeId: string;
+};
+/** The organization resource scopes (permissions) assigned to an application's consent request. This is different from the application_user_consent_resource_scopes table, scopes in this table is granted by the organization roles. */
+export type ApplicationUserConsentOrganizationResourceScope = {
+    tenantId: string;
+    /** The globally unique identifier of the application. */
+    applicationId: string;
+    /** The globally unique identifier of the resource scope. */
+    scopeId: string;
+};
+export type ApplicationUserConsentOrganizationResourceScopeKeys = 'tenantId' | 'applicationId' | 'scopeId';
+export declare const ApplicationUserConsentOrganizationResourceScopes: GeneratedSchema<ApplicationUserConsentOrganizationResourceScopeKeys, CreateApplicationUserConsentOrganizationResourceScope, ApplicationUserConsentOrganizationResourceScope, 'application_user_consent_organization_resource_scopes', 'application_user_consent_organization_resource_scope'>;

package/lib/db-entries/application-user-consent-organization-resource-scope.js

@@ -0,0 +1,29 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    applicationId: z.string().min(1).max(21),
+    scopeId: z.string().min(1).max(21),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    applicationId: z.string().min(1).max(21),
+    scopeId: z.string().min(1).max(21),
+});
+export const ApplicationUserConsentOrganizationResourceScopes = Object.freeze({
+    table: 'application_user_consent_organization_resource_scopes',
+    tableSingular: 'application_user_consent_organization_resource_scope',
+    fields: {
+        tenantId: 'tenant_id',
+        applicationId: 'application_id',
+        scopeId: 'scope_id',
+    },
+    fieldKeys: [
+        'tenantId',
+        'applicationId',
+        'scopeId',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/index.d.ts

@@ -4,6 +4,7 @@ export * from './-after-each.js';
 export * from './-before-all.js';
 export * from './-function.js';
 export * from './application-sign-in-experience.js';
+export * from './application-user-consent-organization-resource-scope.js';
 export * from './application-user-consent-organization-scope.js';
 export * from './application-user-consent-organization.js';
 export * from './application-user-consent-resource-scope.js';

package/lib/db-entries/index.js

@@ -5,6 +5,7 @@ export * from './-after-each.js';
 export * from './-before-all.js';
 export * from './-function.js';
 export * from './application-sign-in-experience.js';
+export * from './application-user-consent-organization-resource-scope.js';
 export * from './application-user-consent-organization-scope.js';
 export * from './application-user-consent-organization.js';
 export * from './application-user-consent-resource-scope.js';

package/lib/db-entries/organization.d.ts

@@ -1,4 +1,4 @@
-import { GeneratedSchema } from './../foundations/index.js';
+import { JsonObject, GeneratedSchema } from './../foundations/index.js';
 /**
  * Organizations defined by [RFC 0001](https://github.com/logto-io/rfcs/blob/HEAD/active/0001-organization.md).
  *
@@ -13,6 +13,8 @@ export type CreateOrganization = {
     name: string;
     /** A brief description of the organization. */
     description?: string | null;
+    /** Additional data associated with the organization. */
+    customData?: JsonObject;
     /** When the organization was created. */
     createdAt?: number;
 };
@@ -25,8 +27,10 @@ export type Organization = {
     name: string;
     /** A brief description of the organization. */
     description: string | null;
+    /** Additional data associated with the organization. */
+    customData: JsonObject;
     /** When the organization was created. */
     createdAt: number;
 };
-export type OrganizationKeys = 'tenantId' | 'id' | 'name' | 'description' | 'createdAt';
+export type OrganizationKeys = 'tenantId' | 'id' | 'name' | 'description' | 'customData' | 'createdAt';
 export declare const Organizations: GeneratedSchema<OrganizationKeys, CreateOrganization, Organization, 'organizations', 'organization'>;

package/lib/db-entries/organization.js

@@ -1,10 +1,12 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
+import { jsonObjectGuard } from './../foundations/index.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
     id: z.string().min(1).max(21),
     name: z.string().min(1).max(128),
     description: z.string().max(256).nullable().optional(),
+    customData: jsonObjectGuard.optional(),
     createdAt: z.number().optional(),
 });
 const guard = z.object({
@@ -12,6 +14,7 @@ const guard = z.object({
     id: z.string().min(1).max(21),
     name: z.string().min(1).max(128),
     description: z.string().max(256).nullable(),
+    customData: jsonObjectGuard,
     createdAt: z.number(),
 });
 export const Organizations = Object.freeze({
@@ -22,6 +25,7 @@ export const Organizations = Object.freeze({
         id: 'id',
         name: 'name',
         description: 'description',
+        customData: 'custom_data',
         createdAt: 'created_at',
     },
     fieldKeys: [
@@ -29,6 +33,7 @@ export const Organizations = Object.freeze({
         'id',
         'name',
         'description',
+        'customData',
         'createdAt',
     ],
     createGuard,

package/lib/foundations/jsonb-types/hooks.d.ts

@@ -1,12 +1,43 @@
 import { z } from 'zod';
-export declare enum HookEvent {
+/**
+ * We categorize the hook events into two types:
+ *
+ * InteractionHookEvent: The hook events that are triggered by user interactions.
+ * DataHookEvent: The hook events that are triggered by Logto data mutations.
+ */
+export declare enum InteractionHookEvent {
     PostRegister = "PostRegister",
     PostSignIn = "PostSignIn",
     PostResetPassword = "PostResetPassword"
 }
-export declare const hookEventGuard: z.ZodType<HookEvent>;
-export declare const hookEventsGuard: z.ZodArray<z.ZodType<HookEvent, z.ZodTypeDef, HookEvent>, "many">;
+declare enum DataHookSchema {
+    User = "User",
+    Role = "Role",
+    Scope = "Scope",
+    Organization = "Organization",
+    OrganizationRole = "OrganizationRole",
+    OrganizationScope = "OrganizationScope"
+}
+declare enum DataHookBasicMutationType {
+    Created = "Created",
+    Deleted = "Deleted",
+    Updated = "Updated"
+}
+type BasicDataHookEvent = `${DataHookSchema}.${DataHookBasicMutationType}`;
+type CustomDataHookMutableSchema = `${DataHookSchema.User}.SuspensionStatus` | `${DataHookSchema.Role}.Scopes` | `${DataHookSchema.Organization}.Membership` | `${DataHookSchema.OrganizationRole}.Scopes`;
+type DataHookPropertyUpdateEvent = `${CustomDataHookMutableSchema}.${DataHookBasicMutationType.Updated}`;
+export type DataHookEvent = BasicDataHookEvent | DataHookPropertyUpdateEvent;
+/** The hook event values that can be registered. */
+export declare const hookEvents: readonly [InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Updated", "Organization.Created", "Organization.Deleted", "Organization.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Updated"];
+/** The type of hook event values that can be registered. */
+export type HookEvent = (typeof hookEvents)[number];
+export declare const hookEventGuard: z.ZodEnum<[InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Updated", "Organization.Created", "Organization.Deleted", "Organization.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Updated"]>;
+export declare const hookEventsGuard: z.ZodArray<z.ZodEnum<[InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Updated", "Organization.Created", "Organization.Deleted", "Organization.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Updated"]>, "many">;
 export type HookEvents = z.infer<typeof hookEventsGuard>;
+export declare const interactionHookEventGuard: z.ZodNativeEnum<typeof InteractionHookEvent>;
+/**
+ * Hook configuration for web hook.
+ */
 export declare const hookConfigGuard: z.ZodObject<{
     /** We don't need `type` since v1 only has web hook */
     /** Method fixed to `POST` */
@@ -30,3 +61,40 @@ export declare const hookConfigGuard: z.ZodObject<{
     retries?: number | undefined;
 }>;
 export type HookConfig = z.infer<typeof hookConfigGuard>;
+/**
+ * Management API hooks registration.
+ * Define the hook event that should be triggered when the management API is called.
+ */
+export declare const managementApiHooksRegistration: Readonly<{
+    'POST /users': "User.Created";
+    'DELETE /users/:userId': "User.Deleted";
+    'PATCH /users/:userId': "User.Updated";
+    'PATCH /users/:userId/custom-data': "User.Updated";
+    'PATCH /users/:userId/profile': "User.Updated";
+    'PATCH /users/:userId/password': "User.Updated";
+    'PATCH /users/:userId/is-suspended': "User.SuspensionStatus.Updated";
+    'POST /roles': "Role.Created";
+    'DELETE /roles/:id': "Role.Deleted";
+    'PATCH /roles/:id': "Role.Updated";
+    'POST /roles/:id/scopes': "Role.Scopes.Updated";
+    'DELETE /roles/:id/scopes/:scopeId': "Role.Scopes.Updated";
+    'POST /resources/:resourceId/scopes': "Scope.Created";
+    'DELETE /resources/:resourceId/scopes/:scopeId': "Scope.Deleted";
+    'PATCH /resources/:resourceId/scopes/:scopeId': "Scope.Updated";
+    'POST /organizations': "Organization.Created";
+    'DELETE /organizations/:id': "Organization.Deleted";
+    'PATCH /organizations/:id': "Organization.Updated";
+    'PUT /organizations/:id/users': "Organization.Membership.Updated";
+    'POST /organizations/:id/users': "Organization.Membership.Updated";
+    'DELETE /organizations/:id/users/:userId': "Organization.Membership.Updated";
+    'POST /organization-roles': "OrganizationRole.Created";
+    'DELETE /organization-roles/:id': "OrganizationRole.Deleted";
+    'PATCH /organization-roles/:id': "OrganizationRole.Updated";
+    'POST /organization-scopes': "OrganizationScope.Created";
+    'DELETE /organization-scopes/:id': "OrganizationScope.Deleted";
+    'PATCH /organization-scopes/:id': "OrganizationScope.Updated";
+    'PUT /organization-roles/:id/scopes': "OrganizationRole.Scopes.Updated";
+    'POST /organization-roles/:id/scopes': "OrganizationRole.Scopes.Updated";
+    'DELETE /organization-roles/:id/scopes/:organizationScopeId': "OrganizationRole.Scopes.Updated";
+}>;
+export {};

package/lib/foundations/jsonb-types/hooks.js

@@ -1,12 +1,67 @@
 import { z } from 'zod';
-export var HookEvent;
-(function (HookEvent) {
-    HookEvent["PostRegister"] = "PostRegister";
-    HookEvent["PostSignIn"] = "PostSignIn";
-    HookEvent["PostResetPassword"] = "PostResetPassword";
-})(HookEvent || (HookEvent = {}));
-export const hookEventGuard = z.nativeEnum(HookEvent);
+/**
+ * We categorize the hook events into two types:
+ *
+ * InteractionHookEvent: The hook events that are triggered by user interactions.
+ * DataHookEvent: The hook events that are triggered by Logto data mutations.
+ */
+// InteractionHookEvent
+export var InteractionHookEvent;
+(function (InteractionHookEvent) {
+    InteractionHookEvent["PostRegister"] = "PostRegister";
+    InteractionHookEvent["PostSignIn"] = "PostSignIn";
+    InteractionHookEvent["PostResetPassword"] = "PostResetPassword";
+})(InteractionHookEvent || (InteractionHookEvent = {}));
+// DataHookEvent
+var DataHookSchema;
+(function (DataHookSchema) {
+    DataHookSchema["User"] = "User";
+    DataHookSchema["Role"] = "Role";
+    DataHookSchema["Scope"] = "Scope";
+    DataHookSchema["Organization"] = "Organization";
+    DataHookSchema["OrganizationRole"] = "OrganizationRole";
+    DataHookSchema["OrganizationScope"] = "OrganizationScope";
+})(DataHookSchema || (DataHookSchema = {}));
+var DataHookBasicMutationType;
+(function (DataHookBasicMutationType) {
+    DataHookBasicMutationType["Created"] = "Created";
+    DataHookBasicMutationType["Deleted"] = "Deleted";
+    DataHookBasicMutationType["Updated"] = "Updated";
+})(DataHookBasicMutationType || (DataHookBasicMutationType = {}));
+/** The hook event values that can be registered. */
+export const hookEvents = Object.freeze([
+    InteractionHookEvent.PostRegister,
+    InteractionHookEvent.PostSignIn,
+    InteractionHookEvent.PostResetPassword,
+    'User.Created',
+    'User.Deleted',
+    'User.Updated',
+    'User.SuspensionStatus.Updated',
+    'Role.Created',
+    'Role.Deleted',
+    'Role.Updated',
+    'Role.Scopes.Updated',
+    'Scope.Created',
+    'Scope.Deleted',
+    'Scope.Updated',
+    'Organization.Created',
+    'Organization.Deleted',
+    'Organization.Updated',
+    'Organization.Membership.Updated',
+    'OrganizationRole.Created',
+    'OrganizationRole.Deleted',
+    'OrganizationRole.Updated',
+    'OrganizationRole.Scopes.Updated',
+    'OrganizationScope.Created',
+    'OrganizationScope.Deleted',
+    'OrganizationScope.Updated',
+]);
+export const hookEventGuard = z.enum(hookEvents);
 export const hookEventsGuard = hookEventGuard.array();
+export const interactionHookEventGuard = z.nativeEnum(InteractionHookEvent);
+/**
+ * Hook configuration for web hook.
+ */
 export const hookConfigGuard = z.object({
     /** We don't need `type` since v1 only has web hook */
     // type: 'web';
@@ -22,3 +77,39 @@ export const hookConfigGuard = z.object({
      */
     retries: z.number().gte(0).lte(3).optional(),
 });
+/**
+ * Management API hooks registration.
+ * Define the hook event that should be triggered when the management API is called.
+ */
+export const managementApiHooksRegistration = Object.freeze({
+    'POST /users': 'User.Created',
+    'DELETE /users/:userId': 'User.Deleted',
+    'PATCH /users/:userId': 'User.Updated',
+    'PATCH /users/:userId/custom-data': 'User.Updated',
+    'PATCH /users/:userId/profile': 'User.Updated',
+    'PATCH /users/:userId/password': 'User.Updated',
+    'PATCH /users/:userId/is-suspended': 'User.SuspensionStatus.Updated',
+    'POST /roles': 'Role.Created',
+    'DELETE /roles/:id': 'Role.Deleted',
+    'PATCH /roles/:id': 'Role.Updated',
+    'POST /roles/:id/scopes': 'Role.Scopes.Updated',
+    'DELETE /roles/:id/scopes/:scopeId': 'Role.Scopes.Updated',
+    'POST /resources/:resourceId/scopes': 'Scope.Created',
+    'DELETE /resources/:resourceId/scopes/:scopeId': 'Scope.Deleted',
+    'PATCH /resources/:resourceId/scopes/:scopeId': 'Scope.Updated',
+    'POST /organizations': 'Organization.Created',
+    'DELETE /organizations/:id': 'Organization.Deleted',
+    'PATCH /organizations/:id': 'Organization.Updated',
+    'PUT /organizations/:id/users': 'Organization.Membership.Updated',
+    'POST /organizations/:id/users': 'Organization.Membership.Updated',
+    'DELETE /organizations/:id/users/:userId': 'Organization.Membership.Updated',
+    'POST /organization-roles': 'OrganizationRole.Created',
+    'DELETE /organization-roles/:id': 'OrganizationRole.Deleted',
+    'PATCH /organization-roles/:id': 'OrganizationRole.Updated',
+    'POST /organization-scopes': 'OrganizationScope.Created',
+    'DELETE /organization-scopes/:id': 'OrganizationScope.Deleted',
+    'PATCH /organization-scopes/:id': 'OrganizationScope.Updated',
+    'PUT /organization-roles/:id/scopes': 'OrganizationRole.Scopes.Updated',
+    'POST /organization-roles/:id/scopes': 'OrganizationRole.Scopes.Updated',
+    'DELETE /organization-roles/:id/scopes/:organizationScopeId': 'OrganizationRole.Scopes.Updated',
+});

package/lib/types/application.d.ts

@@ -548,6 +548,62 @@ export declare const applicationUserConsentScopesResponseGuard: z.ZodObject<{
             description: string | null;
         }[];
     }>, "many">;
+    organizationResourceScopes: z.ZodArray<z.ZodObject<{
+        resource: z.ZodObject<Pick<{
+            tenantId: z.ZodType<string, z.ZodTypeDef, string>;
+            id: z.ZodType<string, z.ZodTypeDef, string>;
+            name: z.ZodType<string, z.ZodTypeDef, string>;
+            indicator: z.ZodType<string, z.ZodTypeDef, string>;
+            isDefault: z.ZodType<boolean, z.ZodTypeDef, boolean>;
+            accessTokenTtl: z.ZodType<number, z.ZodTypeDef, number>;
+        }, "name" | "id" | "indicator">, "strip", z.ZodTypeAny, {
+            name: string;
+            id: string;
+            indicator: string;
+        }, {
+            name: string;
+            id: string;
+            indicator: string;
+        }>;
+        scopes: z.ZodArray<z.ZodObject<Pick<{
+            tenantId: z.ZodType<string, z.ZodTypeDef, string>;
+            id: z.ZodType<string, z.ZodTypeDef, string>;
+            resourceId: z.ZodType<string, z.ZodTypeDef, string>;
+            name: z.ZodType<string, z.ZodTypeDef, string>;
+            description: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+            createdAt: z.ZodType<number, z.ZodTypeDef, number>;
+        }, "name" | "id" | "description">, "strip", z.ZodTypeAny, {
+            name: string;
+            id: string;
+            description: string | null;
+        }, {
+            name: string;
+            id: string;
+            description: string | null;
+        }>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        resource: {
+            name: string;
+            id: string;
+            indicator: string;
+        };
+        scopes: {
+            name: string;
+            id: string;
+            description: string | null;
+        }[];
+    }, {
+        resource: {
+            name: string;
+            id: string;
+            indicator: string;
+        };
+        scopes: {
+            name: string;
+            id: string;
+            description: string | null;
+        }[];
+    }>, "many">;
     userScopes: z.ZodArray<z.ZodNativeEnum<typeof UserScope>, "many">;
 }, "strip", z.ZodTypeAny, {
     organizationScopes: {
@@ -567,6 +623,18 @@ export declare const applicationUserConsentScopesResponseGuard: z.ZodObject<{
             description: string | null;
         }[];
     }[];
+    organizationResourceScopes: {
+        resource: {
+            name: string;
+            id: string;
+            indicator: string;
+        };
+        scopes: {
+            name: string;
+            id: string;
+            description: string | null;
+        }[];
+    }[];
     userScopes: UserScope[];
 }, {
     organizationScopes: {
@@ -586,11 +654,24 @@ export declare const applicationUserConsentScopesResponseGuard: z.ZodObject<{
             description: string | null;
         }[];
     }[];
+    organizationResourceScopes: {
+        resource: {
+            name: string;
+            id: string;
+            indicator: string;
+        };
+        scopes: {
+            name: string;
+            id: string;
+            description: string | null;
+        }[];
+    }[];
     userScopes: UserScope[];
 }>;
 export declare enum ApplicationUserConsentScopeType {
     OrganizationScopes = "organization-scopes",
     ResourceScopes = "resource-scopes",
+    OrganizationResourceScopes = "organization-resource-scopes",
     UserScopes = "user-scopes"
 }
 export type ApplicationUserConsentScopesResponse = z.infer<typeof applicationUserConsentScopesResponseGuard>;

package/lib/types/application.js

@@ -20,18 +20,21 @@ export const applicationPatchGuard = applicationCreateGuard.partial().omit({
     type: true,
     isThirdParty: true,
 });
+const resourceScopesGuard = z.array(z.object({
+    resource: Resources.guard.pick({ id: true, name: true, indicator: true }),
+    scopes: z.array(Scopes.guard.pick({ id: true, name: true, description: true })),
+}));
 export const applicationUserConsentScopesResponseGuard = z.object({
     organizationScopes: z.array(OrganizationScopes.guard.pick({ id: true, name: true, description: true })),
-    resourceScopes: z.array(z.object({
-        resource: Resources.guard.pick({ id: true, name: true, indicator: true }),
-        scopes: z.array(Scopes.guard.pick({ id: true, name: true, description: true })),
-    })),
+    resourceScopes: resourceScopesGuard,
+    organizationResourceScopes: resourceScopesGuard,
     userScopes: z.array(z.nativeEnum(UserScope)),
 });
 export var ApplicationUserConsentScopeType;
 (function (ApplicationUserConsentScopeType) {
     ApplicationUserConsentScopeType["OrganizationScopes"] = "organization-scopes";
     ApplicationUserConsentScopeType["ResourceScopes"] = "resource-scopes";
+    ApplicationUserConsentScopeType["OrganizationResourceScopes"] = "organization-resource-scopes";
     ApplicationUserConsentScopeType["UserScopes"] = "user-scopes";
 })(ApplicationUserConsentScopeType || (ApplicationUserConsentScopeType = {}));
 export const applicationSignInExperienceCreateGuard = ApplicationSignInExperiences.createGuard