@logto/schemas 1.17.0 → 1.19.0

package/lib/types/user.d.ts

@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import { type User } from '../db-entries/index.js';
 import { MfaFactor } from '../foundations/index.js';
-export declare const userInfoSelectFields: readonly ("name" | "id" | "applicationId" | "username" | "profile" | "createdAt" | "updatedAt" | "customData" | "primaryEmail" | "primaryPhone" | "avatar" | "identities" | "isSuspended" | "lastSignInAt")[];
+export declare const userInfoSelectFields: readonly ("name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "customData" | "updatedAt" | "primaryEmail" | "primaryPhone" | "avatar" | "identities" | "isSuspended" | "lastSignInAt")[];
 export declare const userInfoGuard: z.ZodObject<Pick<{
     tenantId: z.ZodType<string, z.ZodTypeDef, string>;
     id: z.ZodType<string, z.ZodTypeDef, string>;
@@ -77,8 +77,8 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
         publicKey: string;
         counter: number;
         agent: string;
-        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
         lastUsedAt?: string | undefined;
+        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
     } | {
         type: MfaFactor.BackupCode;
         id: string;
@@ -102,8 +102,8 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
         publicKey: string;
         counter: number;
         agent: string;
-        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
         lastUsedAt?: string | undefined;
+        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
     } | {
         type: MfaFactor.BackupCode;
         id: string;
@@ -118,42 +118,19 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
     lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
     createdAt: z.ZodType<number, z.ZodTypeDef, number>;
     updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
-}, "name" | "id" | "applicationId" | "username" | "profile" | "createdAt" | "updatedAt" | "customData" | "primaryEmail" | "primaryPhone" | "avatar" | "identities" | "isSuspended" | "lastSignInAt">, "strip", z.ZodTypeAny, {
+}, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "customData" | "updatedAt" | "primaryEmail" | "primaryPhone" | "avatar" | "identities" | "isSuspended" | "lastSignInAt">, "strip", z.ZodTypeAny, {
     name: string | null;
     id: string;
     applicationId: string | null;
     username: string | null;
-    profile: Partial<{
-        familyName: string;
-        givenName: string;
-        middleName: string;
-        nickname: string;
-        preferredUsername: string;
-        profile: string;
-        website: string;
-        gender: string;
-        birthdate: string;
-        zoneinfo: string;
-        locale: string;
-        address: Partial<{
-            formatted: string;
-            streetAddress: string;
-            locality: string;
-            region: string;
-            postalCode: string;
-            country: string;
-        }>;
-    }>;
     createdAt: number;
-    updatedAt: number;
+    profile: import("../foundations/index.js").UserProfile;
     customData: import("@withtyped/server/lib/types.js").JsonObject;
+    updatedAt: number;
     primaryEmail: string | null;
     primaryPhone: string | null;
     avatar: string | null;
-    identities: Record<string, {
-        userId: string;
-        details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
-    }>;
+    identities: import("../foundations/index.js").Identities;
     isSuspended: boolean;
     lastSignInAt: number | null;
 }, {
@@ -161,46 +138,28 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
     id: string;
     applicationId: string | null;
     username: string | null;
-    profile: Partial<{
-        familyName: string;
-        givenName: string;
-        middleName: string;
-        nickname: string;
-        preferredUsername: string;
-        profile: string;
-        website: string;
-        gender: string;
-        birthdate: string;
-        zoneinfo: string;
-        locale: string;
-        address: Partial<{
-            formatted: string;
-            streetAddress: string;
-            locality: string;
-            region: string;
-            postalCode: string;
-            country: string;
-        }>;
-    }>;
     createdAt: number;
-    updatedAt: number;
+    profile: import("../foundations/index.js").UserProfile;
     customData: import("@withtyped/server/lib/types.js").JsonObject;
+    updatedAt: number;
     primaryEmail: string | null;
     primaryPhone: string | null;
     avatar: string | null;
-    identities: Record<string, {
-        userId: string;
-        details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
-    }>;
+    identities: import("../foundations/index.js").Identities;
     isSuspended: boolean;
     lastSignInAt: number | null;
 }>;
 export type UserInfo = z.infer<typeof userInfoGuard>;
-export declare const userProfileResponseGuard: z.ZodObject<{
-    name: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+export declare const userProfileResponseGuard: z.ZodObject<z.objectUtil.extendShape<Pick<{
+    tenantId: z.ZodType<string, z.ZodTypeDef, string>;
     id: z.ZodType<string, z.ZodTypeDef, string>;
-    applicationId: z.ZodType<string | null, z.ZodTypeDef, string | null>;
     username: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+    primaryEmail: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+    primaryPhone: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+    passwordEncrypted: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+    passwordEncryptionMethod: z.ZodType<import("../db-entries/custom-types.js").UsersPasswordEncryptionMethod | null, z.ZodTypeDef, import("../db-entries/custom-types.js").UsersPasswordEncryptionMethod | null>;
+    name: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+    avatar: z.ZodType<string | null, z.ZodTypeDef, string | null>;
     profile: z.ZodType<Partial<{
         familyName: string;
         givenName: string;
@@ -242,12 +201,7 @@ export declare const userProfileResponseGuard: z.ZodObject<{
             country: string;
         }>;
     }>>;
-    createdAt: z.ZodType<number, z.ZodTypeDef, number>;
-    updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
-    customData: z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
-    primaryEmail: z.ZodType<string | null, z.ZodTypeDef, string | null>;
-    primaryPhone: z.ZodType<string | null, z.ZodTypeDef, string | null>;
-    avatar: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+    applicationId: z.ZodType<string | null, z.ZodTypeDef, string | null>;
     identities: z.ZodType<Record<string, {
         userId: string;
         details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -255,46 +209,79 @@ export declare const userProfileResponseGuard: z.ZodObject<{
         userId: string;
         details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
     }>>;
+    customData: z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
+    logtoConfig: z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
+    mfaVerifications: z.ZodType<({
+        type: MfaFactor.TOTP;
+        id: string;
+        key: string;
+        createdAt: string;
+        lastUsedAt?: string | undefined;
+    } | {
+        type: MfaFactor.WebAuthn;
+        id: string;
+        createdAt: string;
+        credentialId: string;
+        publicKey: string;
+        counter: number;
+        agent: string;
+        lastUsedAt?: string | undefined;
+        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
+    } | {
+        type: MfaFactor.BackupCode;
+        id: string;
+        createdAt: string;
+        codes: {
+            code: string;
+            usedAt?: string | undefined;
+        }[];
+        lastUsedAt?: string | undefined;
+    })[], z.ZodTypeDef, ({
+        type: MfaFactor.TOTP;
+        id: string;
+        key: string;
+        createdAt: string;
+        lastUsedAt?: string | undefined;
+    } | {
+        type: MfaFactor.WebAuthn;
+        id: string;
+        createdAt: string;
+        credentialId: string;
+        publicKey: string;
+        counter: number;
+        agent: string;
+        lastUsedAt?: string | undefined;
+        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
+    } | {
+        type: MfaFactor.BackupCode;
+        id: string;
+        createdAt: string;
+        codes: {
+            code: string;
+            usedAt?: string | undefined;
+        }[];
+        lastUsedAt?: string | undefined;
+    })[]>;
     isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
     lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
+    createdAt: z.ZodType<number, z.ZodTypeDef, number>;
+    updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
+}, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "customData" | "updatedAt" | "primaryEmail" | "primaryPhone" | "avatar" | "identities" | "isSuspended" | "lastSignInAt">, {
     hasPassword: z.ZodOptional<z.ZodBoolean>;
     ssoIdentities: z.ZodOptional<z.ZodArray<import("../foundations/schemas.js").Guard<import("../db-entries/user-sso-identity.js").UserSsoIdentity>, "many">>;
-}, "strip", z.ZodTypeAny, {
+}>, "strip", z.ZodTypeAny, {
     name: string | null;
     id: string;
     applicationId: string | null;
     username: string | null;
-    profile: Partial<{
-        familyName: string;
-        givenName: string;
-        middleName: string;
-        nickname: string;
-        preferredUsername: string;
-        profile: string;
-        website: string;
-        gender: string;
-        birthdate: string;
-        zoneinfo: string;
-        locale: string;
-        address: Partial<{
-            formatted: string;
-            streetAddress: string;
-            locality: string;
-            region: string;
-            postalCode: string;
-            country: string;
-        }>;
-    }>;
     createdAt: number;
-    updatedAt: number;
+    profile: import("../foundations/index.js").UserProfile;
     customData: import("@withtyped/server/lib/types.js").JsonObject;
+    updatedAt: number;
     primaryEmail: string | null;
     primaryPhone: string | null;
     avatar: string | null;
-    identities: Record<string, {
-        userId: string;
-        details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
-    }>;
+    identities: import("../foundations/index.js").Identities;
     isSuspended: boolean;
     lastSignInAt: number | null;
     hasPassword?: boolean | undefined;
@@ -304,37 +291,14 @@ export declare const userProfileResponseGuard: z.ZodObject<{
     id: string;
     applicationId: string | null;
     username: string | null;
-    profile: Partial<{
-        familyName: string;
-        givenName: string;
-        middleName: string;
-        nickname: string;
-        preferredUsername: string;
-        profile: string;
-        website: string;
-        gender: string;
-        birthdate: string;
-        zoneinfo: string;
-        locale: string;
-        address: Partial<{
-            formatted: string;
-            streetAddress: string;
-            locality: string;
-            region: string;
-            postalCode: string;
-            country: string;
-        }>;
-    }>;
     createdAt: number;
-    updatedAt: number;
+    profile: import("../foundations/index.js").UserProfile;
     customData: import("@withtyped/server/lib/types.js").JsonObject;
+    updatedAt: number;
     primaryEmail: string | null;
     primaryPhone: string | null;
     avatar: string | null;
-    identities: Record<string, {
-        userId: string;
-        details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
-    }>;
+    identities: import("../foundations/index.js").Identities;
     isSuspended: boolean;
     lastSignInAt: number | null;
     hasPassword?: boolean | undefined;
@@ -464,8 +428,8 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
         publicKey: string;
         counter: number;
         agent: string;
-        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
         lastUsedAt?: string | undefined;
+        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
     } | {
         type: MfaFactor.BackupCode;
         id: string;
@@ -489,8 +453,8 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
         publicKey: string;
         counter: number;
         agent: string;
-        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
         lastUsedAt?: string | undefined;
+        transports?: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[] | undefined;
     } | {
         type: MfaFactor.BackupCode;
         id: string;

package/lib/utils/application.d.ts

@@ -0,0 +1,3 @@
+import { ApplicationType } from '../db-entries/custom-types.js';
+/** If the application type has (or can have) secrets. */
+export declare const hasSecrets: (type: ApplicationType) => boolean;

package/lib/utils/application.js

@@ -0,0 +1,7 @@
+import { ApplicationType } from '../db-entries/custom-types.js';
+/** If the application type has (or can have) secrets. */
+export const hasSecrets = (type) => [
+    ApplicationType.MachineToMachine,
+    ApplicationType.Protected,
+    ApplicationType.Traditional,
+].includes(type);

package/lib/utils/index.d.ts

@@ -1,3 +1,4 @@
+export * from './application.js';
 export * from './role.js';
 export * from './management-api.js';
 export * from './domain.js';

package/lib/utils/index.js

@@ -1,3 +1,4 @@
+export * from './application.js';
 export * from './role.js';
 export * from './management-api.js';
 export * from './domain.js';

package/lib/utils/zod.d.ts

@@ -1,4 +1,4 @@
 import { type z } from 'zod';
 export type ToZodObject<T> = z.ZodObject<{
-    [K in keyof T]: z.ZodType<T[K]>;
+    [K in keyof T]-?: z.ZodType<T[K]>;
 }>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.17.0",
+  "version": "1.19.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -31,16 +31,16 @@
     "@types/inquirer": "^9.0.0",
     "@types/node": "^20.9.5",
     "@types/pluralize": "^0.0.33",
-    "@vitest/coverage-v8": "^1.4.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "camelcase": "^8.0.0",
-    "chalk": "^5.0.0",
+    "chalk": "^5.3.0",
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "pluralize": "^8.0.0",
     "prettier": "^3.0.0",
     "roarr": "^7.11.0",
-    "typescript": "^5.3.3",
-    "vitest": "^1.4.0"
+    "typescript": "^5.5.3",
+    "vitest": "^2.0.0"
   },
   "eslintConfig": {
     "extends": "@silverhand",
@@ -63,17 +63,17 @@
   },
   "prettier": "@silverhand/eslint-config/.prettierrc",
   "dependencies": {
-    "@logto/connector-kit": "^3.0.0",
+    "@logto/connector-kit": "^4.0.0",
     "@logto/core-kit": "^2.5.0",
     "@logto/language-kit": "^1.1.0",
-    "@logto/phrases": "^1.11.0",
-    "@logto/phrases-experience": "^1.6.1",
+    "@logto/phrases": "^1.13.0",
+    "@logto/phrases-experience": "^1.7.0",
     "@logto/shared": "^3.1.1",
     "@withtyped/server": "^0.13.6",
     "nanoid": "^5.0.1"
   },
   "peerDependencies": {
-    "zod": "^3.22.4"
+    "zod": "^3.23.8"
   },
   "scripts": {
     "precommit": "lint-staged",

package/tables/application_secrets.sql

@@ -0,0 +1,17 @@
+/* init_order = 2 */
+
+/** Application secrets for the `client_credentials` grant type and other confidential client use cases. Note that these secrets replace the `secret` column in the `applications` table, while the `secret` column is still used for the internal validation as `oidc-provider` does not support multiple secrets per client. */
+create table application_secrets (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  application_id varchar(21) not null
+    references applications (id) on update cascade on delete cascade,
+  /** The name of the secret. Should be unique within the application. */
+  name varchar(256) not null,
+  value varchar(64) not null,
+  created_at timestamptz not null default now(),
+  expires_at timestamptz,
+  primary key (tenant_id, application_id, name),
+  constraint application_type
+    check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'))
+);

package/tables/application_sign_in_experiences.sql

@@ -6,10 +6,10 @@ create table application_sign_in_experiences (
     references tenants (id) on update cascade on delete cascade,
   application_id varchar(21) not null
     references applications (id) on update cascade on delete cascade,
+  color jsonb /* @use PartialColor */ not null default '{}'::jsonb,
   branding jsonb /* @use Branding */ not null default '{}'::jsonb,
   terms_of_use_url varchar(2048),
   privacy_policy_url varchar(2048),
   display_name varchar(256),
-  
   primary key (tenant_id, application_id)
 );

package/tables/applications.sql

@@ -7,12 +7,14 @@ create table applications (
     references tenants (id) on update cascade on delete cascade,
   id varchar(21) not null,
   name varchar(256) not null,
+  /** @deprecated The internal client secret. Note it is only used for internal validation, and the actual secret should be stored in the `application_secrets` table. You should NOT use it unless you are sure what you are doing. */
   secret varchar(64) not null,
   description text,
   type application_type not null,
   oidc_client_metadata jsonb /* @use OidcClientMetadata */ not null,
   custom_client_metadata jsonb /* @use CustomClientMetadata */ not null default '{}'::jsonb,
   protected_app_metadata jsonb /* @use ProtectedAppMetadata */,
+  custom_data jsonb /* @use JsonObject */ not null default '{}'::jsonb,
   is_third_party boolean not null default false,
   created_at timestamptz not null default(now()),
   primary key (id)
@@ -33,3 +35,11 @@ create unique index applications__protected_app_metadata_custom_domain
   on applications (
     (protected_app_metadata->'customDomains'->0->>'domain')
   );
+
+create function check_application_type(
+  application_id varchar(21),
+  variadic target_type application_type[]
+) returns boolean as
+$$ begin
+  return (select type from applications where id = application_id) = any(target_type);
+end; $$ language plpgsql set search_path = public;

package/tables/organization_application_relations.sql

@@ -0,0 +1,14 @@
+/* init_order = 2 */
+
+/** The relations between organizations and applications. It indicates membership of applications in organizations. For now only machine-to-machine applications are supported. */
+create table organization_application_relations (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  organization_id varchar(21) not null
+    references organizations (id) on update cascade on delete cascade,
+  application_id varchar(21) not null
+    references applications (id) on update cascade on delete cascade,
+  primary key (tenant_id, organization_id, application_id),
+  constraint application_type
+    check (check_application_type(application_id, 'MachineToMachine'))
+);

package/tables/organization_jit_email_domains.sql

@@ -0,0 +1,13 @@
+/* init_order = 2 */
+
+/** The email domains that will automatically assign users into an organization when they sign up or are added through the Management API. */
+create table organization_jit_email_domains (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  /** The ID of the organization. */
+  organization_id varchar(21) not null
+    references organizations (id) on update cascade on delete cascade,
+  /** The email domain that will be automatically provisioned. */
+  email_domain varchar(128) not null,
+  primary key (tenant_id, organization_id, email_domain)
+);

package/tables/organization_jit_roles.sql

@@ -0,0 +1,14 @@
+/* init_order = 2 */
+
+/** The organization roles that will be automatically provisioned to users when they join an organization through JIT. */
+create table organization_jit_roles (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  /** The ID of the organization. */
+  organization_id varchar(21) not null
+    references organizations (id) on update cascade on delete cascade,
+  /** The organization role ID that will be automatically provisioned. */
+  organization_role_id varchar(21) not null
+    references organization_roles (id) on update cascade on delete cascade,
+  primary key (tenant_id, organization_id, organization_role_id)
+);

package/tables/organization_jit_sso_connectors.sql

@@ -0,0 +1,13 @@
+/* init_order = 2 */
+
+/** The enterprise SSO connectors that will automatically assign users into an organization when they are authenticated via the SSO connector for the first time. */
+create table organization_jit_sso_connectors (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  /** The ID of the organization. */
+  organization_id varchar(21) not null
+    references organizations (id) on update cascade on delete cascade,
+  sso_connector_id varchar(128) not null
+    references sso_connectors (id) on update cascade on delete cascade,
+  primary key (tenant_id, organization_id, sso_connector_id)
+);

package/tables/organization_role_application_relations.sql

@@ -0,0 +1,18 @@
+/* init_order = 3 */
+
+/** The relations between organizations, organization roles, and applications. A relation means that an application has a role in an organization. */
+create table organization_role_application_relations (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  organization_id varchar(21) not null,
+  organization_role_id varchar(21) not null
+    references organization_roles (id) on update cascade on delete cascade,
+  application_id varchar(21) not null,
+  primary key (tenant_id, organization_id, organization_role_id, application_id),
+  /** Application's roles in an organization should be synchronized with the application's membership in the organization. */
+  foreign key (tenant_id, organization_id, application_id)
+    references organization_application_relations (tenant_id, organization_id, application_id)
+    on update cascade on delete cascade,
+  constraint organization_role_application_relations__role_type
+    check (check_organization_role_type(organization_role_id, 'MachineToMachine'))
+);

package/tables/organization_role_user_relations.sql

@@ -12,5 +12,7 @@ create table organization_role_user_relations (
   /** User's roles in an organization should be synchronized with the user's membership in the organization. */
   foreign key (tenant_id, organization_id, user_id)
     references organization_user_relations (tenant_id, organization_id, user_id)
-    on update cascade on delete cascade
+    on update cascade on delete cascade,
+  constraint organization_role_user_relations__role_type
+    check (check_organization_role_type(organization_role_id, 'User'))
 );

package/tables/organization_roles.sql

@@ -1,4 +1,4 @@
-/* init_order = 1 */
+/* init_order = 1.1 */
 
 /** The roles defined by the organization template. */
 create table organization_roles (
@@ -10,6 +10,8 @@ create table organization_roles (
   name varchar(128) not null,
   /** A brief description of the organization role. */
   description varchar(256),
+  /** The type of the organization role. Same as the `type` field in the `roles` table. */
+  type role_type not null default 'User',
   primary key (id),
   constraint organization_roles__name
     unique (tenant_id, name)
@@ -17,3 +19,8 @@ create table organization_roles (
 
 create index organization_roles__id
   on organization_roles (tenant_id, id);
+
+create function check_organization_role_type(role_id varchar(21), target_type role_type) returns boolean as
+$$ begin
+  return (select type from organization_roles where id = role_id) = target_type;
+end; $$ language plpgsql set search_path = public;

package/tables/organizations.sql

@@ -12,6 +12,10 @@ create table organizations (
   description varchar(256),
   /** Additional data associated with the organization. */
   custom_data jsonb /* @use JsonObject */ not null default '{}'::jsonb,
+  /** Whether multi-factor authentication configuration is required for the members of the organization. */
+  is_mfa_required boolean not null default false,
+  /** The organization's branding configuration. */
+  branding jsonb /* @use Branding */ not null default '{}'::jsonb,
   /** When the organization was created. */
   created_at timestamptz not null default(now()),
   primary key (id)

package/tables/sign_in_experiences.sql

@@ -1,4 +1,5 @@
 create type sign_in_mode as enum ('SignIn', 'Register', 'SignInAndRegister');
+create type agree_to_terms_policy as enum ('Automatic', 'ManualRegistrationOnly', 'Manual');
 
 create table sign_in_experiences (
   tenant_id varchar(21) not null
@@ -9,12 +10,16 @@ create table sign_in_experiences (
   language_info jsonb /* @use LanguageInfo */ not null,
   terms_of_use_url varchar(2048),
   privacy_policy_url varchar(2048),
+  /** The policy that determines how users agree to the terms of use and privacy policy. */
+  agree_to_terms_policy agree_to_terms_policy not null default 'Automatic',
   sign_in jsonb /* @use SignIn */ not null,
   sign_up jsonb /* @use SignUp */ not null,
+  social_sign_in jsonb /* @use SocialSignIn */ not null default '{}'::jsonb,
   social_sign_in_connector_targets jsonb /* @use ConnectorTargets */ not null default '[]'::jsonb,
   sign_in_mode sign_in_mode not null default 'SignInAndRegister',
   custom_css text,
   custom_content jsonb /* @use CustomContent */ not null default '{}'::jsonb,
+  custom_ui_assets jsonb /* @use CustomUiAssets */,
   password_policy jsonb /* @use PartialPasswordPolicy */ not null default '{}'::jsonb,
   mfa jsonb /* @use Mfa */ not null default '{}'::jsonb,
   single_sign_on_enabled boolean not null default false,

package/tables/subject_tokens.sql

@@ -0,0 +1,16 @@
+create table subject_tokens (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  id varchar(25) not null,
+  context jsonb /* @use JsonObject */ not null default '{}'::jsonb,
+  expires_at timestamptz not null,
+  consumed_at timestamptz,
+  user_id varchar(21) not null
+    references users (id) on update cascade on delete cascade,
+  created_at timestamptz not null default(now()),
+  /* It is intented to not reference to user or application table, it can be userId or applicationId, for audit only */
+  creator_id varchar(32) not null,
+  primary key (id)
+);
+
+create index subject_token__id on subject_tokens (tenant_id, id);

package/tables/users.sql

@@ -1,6 +1,6 @@
 /* init_order = 1 */
 
-create type users_password_encryption_method as enum ('Argon2i', 'SHA1', 'SHA256', 'MD5', 'Bcrypt');
+create type users_password_encryption_method as enum ('Argon2i', 'Argon2id', 'Argon2d', 'SHA1', 'SHA256', 'MD5', 'Bcrypt');
 
 create table users (
   tenant_id varchar(21) not null

package/alterations-js/1.0.0-1677208902-update-admin-console-config.d.ts

@@ -1,3 +0,0 @@
-import type { AlterationScript } from '../lib/types/alteration.js';
-declare const alteration: AlterationScript;
-export default alteration;

package/alterations-js/1.0.0-1677765137-seed-for-admin-tenant.d.ts

@@ -1,3 +0,0 @@
-import type { AlterationScript } from '../lib/types/alteration.js';
-declare const alteration: AlterationScript;
-export default alteration;

package/alterations-js/1.0.0-1677907982-allow-admin-create-multiple-tenants.d.ts

@@ -1,3 +0,0 @@
-import type { AlterationScript } from '../lib/types/alteration.js';
-declare const alteration: AlterationScript;
-export default alteration;

package/alterations-js/1.0.0-1678157950-privacy-policy-url.d.ts

@@ -1,3 +0,0 @@
-import type { AlterationScript } from '../lib/types/alteration.js';
-declare const alteration: AlterationScript;
-export default alteration;