@logto/schemas 1.21.0 → 1.23.0

package/alterations-js/1.23.0-1735012422-add-saml-application-sessions-table.js

@@ -0,0 +1,32 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table saml_application_sessions (
+        tenant_id varchar(21) not null 
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(32) not null,
+        application_id varchar(21) not null 
+          references applications (id) on update cascade on delete cascade,
+        saml_request_id varchar(128) not null,
+        oidc_state varchar(32),
+        relay_state varchar(256),
+        raw_auth_request text not null,
+        created_at timestamptz not null default(now()),
+        expires_at timestamptz not null,
+        primary key (tenant_id, id),
+        constraint saml_application_sessions__application_type 
+          check (check_application_type(application_id, 'SAML'))
+      );
+    `);
+        await applyTableRls(pool, 'saml_application_sessions');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'saml_application_sessions');
+        await pool.query(sql `
+      drop table if exists saml_application_sessions;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/subscriptions.d.ts

@@ -8,26 +8,27 @@ export declare enum ReservedPlanId {
     Free = "free",
     /**
      * @deprecated
-     * In recent refactoring, the `hobby` plan is now treated as the `pro` plan.
-     * Only use this plan ID to check if a plan is a `pro` plan or not.
-     * This plan ID will be renamed to `pro` after legacy Stripe data is migrated by @darcyYe
-     *
-     * Todo @darcyYe:
-     * - LOG-7846: Rename `hobby` to `pro` and `pro` to `legacy-pro`
-     * - LOG-8339: Migrate legacy Stripe data
+     * Grandfathered Pro plan ID deprecated from 2024-11.
+     * Use {@link Pro202411} instead.
      */
-    Hobby = "hobby",
     Pro = "pro",
-    Enterprise = "enterprise",
-    /**
-     * @deprecated
-     * Should not use this plan ID, we only use this tag as a record for the legacy `pro` plan since we will rename the `hobby` plan to be `pro`.
-     */
-    GrandfatheredPro = "grandfathered-pro",
     Development = "dev",
     /**
      * This plan ID is reserved for Admin tenant.
      * In our new pricing model, we plan to add a special plan for Admin tenant, previously, admin tenant is using the `pro` plan, which is not suitable.
      */
-    Admin = "admin"
+    Admin = "admin",
+    /**
+     * The latest Pro plan ID applied from 2024-11.
+     */
+    Pro202411 = "pro-202411"
+}
+/**
+ * Tenant subscription related Redis cache keys.
+ *
+ * We use Redis to cache the tenant subscription data to reduce the number of requests to the Cloud.
+ * Both @logto/core and @logto/cloud will need to access the cache, so we define the cache keys here as the SSOT.
+ */
+export declare enum SubscriptionRedisCacheKey {
+    Subscription = "subscription"
 }

package/lib/consts/subscriptions.js

@@ -9,26 +9,28 @@ export var ReservedPlanId;
     ReservedPlanId["Free"] = "free";
     /**
      * @deprecated
-     * In recent refactoring, the `hobby` plan is now treated as the `pro` plan.
-     * Only use this plan ID to check if a plan is a `pro` plan or not.
-     * This plan ID will be renamed to `pro` after legacy Stripe data is migrated by @darcyYe
-     *
-     * Todo @darcyYe:
-     * - LOG-7846: Rename `hobby` to `pro` and `pro` to `legacy-pro`
-     * - LOG-8339: Migrate legacy Stripe data
+     * Grandfathered Pro plan ID deprecated from 2024-11.
+     * Use {@link Pro202411} instead.
      */
-    ReservedPlanId["Hobby"] = "hobby";
     ReservedPlanId["Pro"] = "pro";
-    ReservedPlanId["Enterprise"] = "enterprise";
-    /**
-     * @deprecated
-     * Should not use this plan ID, we only use this tag as a record for the legacy `pro` plan since we will rename the `hobby` plan to be `pro`.
-     */
-    ReservedPlanId["GrandfatheredPro"] = "grandfathered-pro";
     ReservedPlanId["Development"] = "dev";
     /**
      * This plan ID is reserved for Admin tenant.
      * In our new pricing model, we plan to add a special plan for Admin tenant, previously, admin tenant is using the `pro` plan, which is not suitable.
      */
     ReservedPlanId["Admin"] = "admin";
+    /**
+     * The latest Pro plan ID applied from 2024-11.
+     */
+    ReservedPlanId["Pro202411"] = "pro-202411";
 })(ReservedPlanId || (ReservedPlanId = {}));
+/**
+ * Tenant subscription related Redis cache keys.
+ *
+ * We use Redis to cache the tenant subscription data to reduce the number of requests to the Cloud.
+ * Both @logto/core and @logto/cloud will need to access the cache, so we define the cache keys here as the SSOT.
+ */
+export var SubscriptionRedisCacheKey;
+(function (SubscriptionRedisCacheKey) {
+    SubscriptionRedisCacheKey["Subscription"] = "subscription";
+})(SubscriptionRedisCacheKey || (SubscriptionRedisCacheKey = {}));

package/lib/db-entries/account-center.d.ts

@@ -0,0 +1,24 @@
+import { AccountCenterFieldControl, GeneratedSchema } from './../foundations/index.js';
+/**
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link AccountCenter} for the original type.
+ */
+export type CreateAccountCenter = {
+    tenantId?: string;
+    id: string;
+    /** The whole feature can be disabled */
+    enabled?: boolean;
+    /** Control each fields */
+    fields?: AccountCenterFieldControl;
+};
+export type AccountCenter = {
+    tenantId: string;
+    id: string;
+    /** The whole feature can be disabled */
+    enabled: boolean;
+    /** Control each fields */
+    fields: AccountCenterFieldControl;
+};
+export type AccountCenterKeys = 'tenantId' | 'id' | 'enabled' | 'fields';
+export declare const AccountCenters: GeneratedSchema<AccountCenterKeys, CreateAccountCenter, AccountCenter, 'account_centers', 'account_center'>;

package/lib/db-entries/account-center.js

@@ -0,0 +1,34 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+import { accountCenterFieldControlGuard } from './../foundations/index.js';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    id: z.string().min(1).max(21),
+    enabled: z.boolean().optional(),
+    fields: accountCenterFieldControlGuard.optional(),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    id: z.string().min(1).max(21),
+    enabled: z.boolean(),
+    fields: accountCenterFieldControlGuard,
+});
+export const AccountCenters = Object.freeze({
+    table: 'account_centers',
+    tableSingular: 'account_center',
+    fields: {
+        tenantId: 'tenant_id',
+        id: 'id',
+        enabled: 'enabled',
+        fields: 'fields',
+    },
+    fieldKeys: [
+        'tenantId',
+        'id',
+        'enabled',
+        'fields',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/custom-types.d.ts

@@ -3,7 +3,8 @@ export declare enum ApplicationType {
     SPA = "SPA",
     Traditional = "Traditional",
     MachineToMachine = "MachineToMachine",
-    Protected = "Protected"
+    Protected = "Protected",
+    SAML = "SAML"
 }
 export declare enum OrganizationInvitationStatus {
     Pending = "Pending",

package/lib/db-entries/custom-types.js

@@ -6,6 +6,7 @@ export var ApplicationType;
     ApplicationType["Traditional"] = "Traditional";
     ApplicationType["MachineToMachine"] = "MachineToMachine";
     ApplicationType["Protected"] = "Protected";
+    ApplicationType["SAML"] = "SAML";
 })(ApplicationType || (ApplicationType = {}));
 export var OrganizationInvitationStatus;
 (function (OrganizationInvitationStatus) {

package/lib/db-entries/index.d.ts

@@ -3,6 +3,7 @@ export * from './-after-all.js';
 export * from './-after-each.js';
 export * from './-before-all.js';
 export * from './-function.js';
+export * from './account-center.js';
 export * from './application-secret.js';
 export * from './application-sign-in-experience.js';
 export * from './application-user-consent-organization-resource-scope.js';
@@ -41,6 +42,9 @@ export * from './personal-access-token.js';
 export * from './resource.js';
 export * from './role.js';
 export * from './roles-scope.js';
+export * from './saml-application-config.js';
+export * from './saml-application-secret.js';
+export * from './saml-application-session.js';
 export * from './scope.js';
 export * from './sentinel-activity.js';
 export * from './service-log.js';

package/lib/db-entries/index.js

@@ -4,6 +4,7 @@ export * from './-after-all.js';
 export * from './-after-each.js';
 export * from './-before-all.js';
 export * from './-function.js';
+export * from './account-center.js';
 export * from './application-secret.js';
 export * from './application-sign-in-experience.js';
 export * from './application-user-consent-organization-resource-scope.js';
@@ -42,6 +43,9 @@ export * from './personal-access-token.js';
 export * from './resource.js';
 export * from './role.js';
 export * from './roles-scope.js';
+export * from './saml-application-config.js';
+export * from './saml-application-secret.js';
+export * from './saml-application-session.js';
 export * from './scope.js';
 export * from './sentinel-activity.js';
 export * from './service-log.js';

package/lib/db-entries/saml-application-config.d.ts

@@ -0,0 +1,24 @@
+import { SamlAttributeMapping, SamlAcsUrl, GeneratedSchema } from './../foundations/index.js';
+/**
+ * The SAML application config and SAML-type application have a one-to-one correspondence: 1. a SAML-type application can only have one SAML application config. (CANNOT use "semicolon" in comments, since it indicates the end of query.) 2. a SAML application config can only configure one SAML-type application.
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link SamlApplicationConfig} for the original type.
+ */
+export type CreateSamlApplicationConfig = {
+    applicationId: string;
+    tenantId?: string;
+    attributeMapping?: SamlAttributeMapping;
+    entityId?: string | null;
+    acsUrl?: SamlAcsUrl | null;
+};
+/** The SAML application config and SAML-type application have a one-to-one correspondence: 1. a SAML-type application can only have one SAML application config. (CANNOT use "semicolon" in comments, since it indicates the end of query.) 2. a SAML application config can only configure one SAML-type application. */
+export type SamlApplicationConfig = {
+    applicationId: string;
+    tenantId: string;
+    attributeMapping: SamlAttributeMapping;
+    entityId: string | null;
+    acsUrl: SamlAcsUrl | null;
+};
+export type SamlApplicationConfigKeys = 'applicationId' | 'tenantId' | 'attributeMapping' | 'entityId' | 'acsUrl';
+export declare const SamlApplicationConfigs: GeneratedSchema<SamlApplicationConfigKeys, CreateSamlApplicationConfig, SamlApplicationConfig, 'saml_application_configs', 'saml_application_config'>;

package/lib/db-entries/saml-application-config.js

@@ -0,0 +1,38 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+import { samlAttributeMappingGuard, samlAcsUrlGuard } from './../foundations/index.js';
+const createGuard = z.object({
+    applicationId: z.string().min(1).max(21),
+    tenantId: z.string().max(21).optional(),
+    attributeMapping: samlAttributeMappingGuard.optional(),
+    entityId: z.string().max(128).nullable().optional(),
+    acsUrl: samlAcsUrlGuard.nullable().optional(),
+});
+const guard = z.object({
+    applicationId: z.string().min(1).max(21),
+    tenantId: z.string().max(21),
+    attributeMapping: samlAttributeMappingGuard,
+    entityId: z.string().max(128).nullable(),
+    acsUrl: samlAcsUrlGuard.nullable(),
+});
+export const SamlApplicationConfigs = Object.freeze({
+    table: 'saml_application_configs',
+    tableSingular: 'saml_application_config',
+    fields: {
+        applicationId: 'application_id',
+        tenantId: 'tenant_id',
+        attributeMapping: 'attribute_mapping',
+        entityId: 'entity_id',
+        acsUrl: 'acs_url',
+    },
+    fieldKeys: [
+        'applicationId',
+        'tenantId',
+        'attributeMapping',
+        'entityId',
+        'acsUrl',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/saml-application-secret.d.ts

@@ -0,0 +1,28 @@
+import { GeneratedSchema } from './../foundations/index.js';
+/**
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link SamlApplicationSecret} for the original type.
+ */
+export type CreateSamlApplicationSecret = {
+    id: string;
+    tenantId?: string;
+    applicationId: string;
+    privateKey: string;
+    certificate: string;
+    createdAt?: number;
+    expiresAt: number;
+    active: boolean;
+};
+export type SamlApplicationSecret = {
+    id: string;
+    tenantId: string;
+    applicationId: string;
+    privateKey: string;
+    certificate: string;
+    createdAt: number;
+    expiresAt: number;
+    active: boolean;
+};
+export type SamlApplicationSecretKeys = 'id' | 'tenantId' | 'applicationId' | 'privateKey' | 'certificate' | 'createdAt' | 'expiresAt' | 'active';
+export declare const SamlApplicationSecrets: GeneratedSchema<SamlApplicationSecretKeys, CreateSamlApplicationSecret, SamlApplicationSecret, 'saml_application_secrets', 'saml_application_secret'>;

package/lib/db-entries/saml-application-secret.js

@@ -0,0 +1,49 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+const createGuard = z.object({
+    id: z.string().min(1).max(21),
+    tenantId: z.string().max(21).optional(),
+    applicationId: z.string().min(1).max(21),
+    privateKey: z.string().min(1),
+    certificate: z.string().min(1),
+    createdAt: z.number().optional(),
+    expiresAt: z.number(),
+    active: z.boolean(),
+});
+const guard = z.object({
+    id: z.string().min(1).max(21),
+    tenantId: z.string().max(21),
+    applicationId: z.string().min(1).max(21),
+    privateKey: z.string().min(1),
+    certificate: z.string().min(1),
+    createdAt: z.number(),
+    expiresAt: z.number(),
+    active: z.boolean(),
+});
+export const SamlApplicationSecrets = Object.freeze({
+    table: 'saml_application_secrets',
+    tableSingular: 'saml_application_secret',
+    fields: {
+        id: 'id',
+        tenantId: 'tenant_id',
+        applicationId: 'application_id',
+        privateKey: 'private_key',
+        certificate: 'certificate',
+        createdAt: 'created_at',
+        expiresAt: 'expires_at',
+        active: 'active',
+    },
+    fieldKeys: [
+        'id',
+        'tenantId',
+        'applicationId',
+        'privateKey',
+        'certificate',
+        'createdAt',
+        'expiresAt',
+        'active',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/saml-application-session.d.ts

@@ -0,0 +1,40 @@
+import { GeneratedSchema } from './../foundations/index.js';
+/**
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link SamlApplicationSession} for the original type.
+ */
+export type CreateSamlApplicationSession = {
+    tenantId?: string;
+    /** The globally unique identifier of the session. */
+    id: string;
+    applicationId: string;
+    /** The identifier of the SAML SSO auth request ID, SAML request ID is pretty long. */
+    samlRequestId: string;
+    /** The identifier of the OIDC auth request state. */
+    oidcState?: string | null;
+    /** The relay state of the SAML auth request. */
+    relayState?: string | null;
+    /** The raw request of the SAML auth request. */
+    rawAuthRequest: string;
+    createdAt?: number;
+    expiresAt: number;
+};
+export type SamlApplicationSession = {
+    tenantId: string;
+    /** The globally unique identifier of the session. */
+    id: string;
+    applicationId: string;
+    /** The identifier of the SAML SSO auth request ID, SAML request ID is pretty long. */
+    samlRequestId: string;
+    /** The identifier of the OIDC auth request state. */
+    oidcState: string | null;
+    /** The relay state of the SAML auth request. */
+    relayState: string | null;
+    /** The raw request of the SAML auth request. */
+    rawAuthRequest: string;
+    createdAt: number;
+    expiresAt: number;
+};
+export type SamlApplicationSessionKeys = 'tenantId' | 'id' | 'applicationId' | 'samlRequestId' | 'oidcState' | 'relayState' | 'rawAuthRequest' | 'createdAt' | 'expiresAt';
+export declare const SamlApplicationSessions: GeneratedSchema<SamlApplicationSessionKeys, CreateSamlApplicationSession, SamlApplicationSession, 'saml_application_sessions', 'saml_application_session'>;

package/lib/db-entries/saml-application-session.js

@@ -0,0 +1,53 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    id: z.string().min(1).max(32),
+    applicationId: z.string().min(1).max(21),
+    samlRequestId: z.string().min(1).max(128),
+    oidcState: z.string().max(32).nullable().optional(),
+    relayState: z.string().max(256).nullable().optional(),
+    rawAuthRequest: z.string().min(1),
+    createdAt: z.number().optional(),
+    expiresAt: z.number(),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    id: z.string().min(1).max(32),
+    applicationId: z.string().min(1).max(21),
+    samlRequestId: z.string().min(1).max(128),
+    oidcState: z.string().max(32).nullable(),
+    relayState: z.string().max(256).nullable(),
+    rawAuthRequest: z.string().min(1),
+    createdAt: z.number(),
+    expiresAt: z.number(),
+});
+export const SamlApplicationSessions = Object.freeze({
+    table: 'saml_application_sessions',
+    tableSingular: 'saml_application_session',
+    fields: {
+        tenantId: 'tenant_id',
+        id: 'id',
+        applicationId: 'application_id',
+        samlRequestId: 'saml_request_id',
+        oidcState: 'oidc_state',
+        relayState: 'relay_state',
+        rawAuthRequest: 'raw_auth_request',
+        createdAt: 'created_at',
+        expiresAt: 'expires_at',
+    },
+    fieldKeys: [
+        'tenantId',
+        'id',
+        'applicationId',
+        'samlRequestId',
+        'oidcState',
+        'relayState',
+        'rawAuthRequest',
+        'createdAt',
+        'expiresAt',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/sign-in-experience.d.ts

@@ -26,6 +26,9 @@ export type CreateSignInExperience = {
     passwordPolicy?: PartialPasswordPolicy;
     mfa?: Mfa;
     singleSignOnEnabled?: boolean;
+    supportEmail?: string | null;
+    supportWebsiteUrl?: string | null;
+    unknownSessionRedirectUrl?: string | null;
 };
 export type SignInExperience = {
     tenantId: string;
@@ -48,6 +51,9 @@ export type SignInExperience = {
     passwordPolicy: PartialPasswordPolicy;
     mfa: Mfa;
     singleSignOnEnabled: boolean;
+    supportEmail: string | null;
+    supportWebsiteUrl: string | null;
+    unknownSessionRedirectUrl: string | null;
 };
-export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled';
+export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl';
 export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;

package/lib/db-entries/sign-in-experience.js

@@ -22,6 +22,9 @@ const createGuard = z.object({
     passwordPolicy: partialPasswordPolicyGuard.optional(),
     mfa: mfaGuard.optional(),
     singleSignOnEnabled: z.boolean().optional(),
+    supportEmail: z.string().nullable().optional(),
+    supportWebsiteUrl: z.string().nullable().optional(),
+    unknownSessionRedirectUrl: z.string().nullable().optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
@@ -43,6 +46,9 @@ const guard = z.object({
     passwordPolicy: partialPasswordPolicyGuard,
     mfa: mfaGuard,
     singleSignOnEnabled: z.boolean(),
+    supportEmail: z.string().nullable(),
+    supportWebsiteUrl: z.string().nullable(),
+    unknownSessionRedirectUrl: z.string().nullable(),
 });
 export const SignInExperiences = Object.freeze({
     table: 'sign_in_experiences',
@@ -67,6 +73,9 @@ export const SignInExperiences = Object.freeze({
         passwordPolicy: 'password_policy',
         mfa: 'mfa',
         singleSignOnEnabled: 'single_sign_on_enabled',
+        supportEmail: 'support_email',
+        supportWebsiteUrl: 'support_website_url',
+        unknownSessionRedirectUrl: 'unknown_session_redirect_url',
     },
     fieldKeys: [
         'tenantId',
@@ -88,6 +97,9 @@ export const SignInExperiences = Object.freeze({
         'passwordPolicy',
         'mfa',
         'singleSignOnEnabled',
+        'supportEmail',
+        'supportWebsiteUrl',
+        'unknownSessionRedirectUrl',
     ],
     createGuard,
     guard,

package/lib/foundations/jsonb-types/account-centers.d.ts

@@ -0,0 +1,43 @@
+import { z } from 'zod';
+export declare enum AccountCenterControlValue {
+    Off = "Off",
+    ReadOnly = "ReadOnly",
+    Edit = "Edit"
+}
+/**
+ * Control list of each field in the account center (profile API)
+ * all fields are optional, if not set, the default value is `Off`
+ * this can make the alteration of the field control easier
+ */
+export declare const accountCenterFieldControlGuard: z.ZodObject<{
+    name: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+    avatar: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+    profile: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+    email: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+    phone: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+    password: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+    username: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+    social: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+    customData: z.ZodOptional<z.ZodNativeEnum<typeof AccountCenterControlValue>>;
+}, "strip", z.ZodTypeAny, {
+    name?: AccountCenterControlValue | undefined;
+    username?: AccountCenterControlValue | undefined;
+    email?: AccountCenterControlValue | undefined;
+    phone?: AccountCenterControlValue | undefined;
+    password?: AccountCenterControlValue | undefined;
+    profile?: AccountCenterControlValue | undefined;
+    avatar?: AccountCenterControlValue | undefined;
+    social?: AccountCenterControlValue | undefined;
+    customData?: AccountCenterControlValue | undefined;
+}, {
+    name?: AccountCenterControlValue | undefined;
+    username?: AccountCenterControlValue | undefined;
+    email?: AccountCenterControlValue | undefined;
+    phone?: AccountCenterControlValue | undefined;
+    password?: AccountCenterControlValue | undefined;
+    profile?: AccountCenterControlValue | undefined;
+    avatar?: AccountCenterControlValue | undefined;
+    social?: AccountCenterControlValue | undefined;
+    customData?: AccountCenterControlValue | undefined;
+}>;
+export type AccountCenterFieldControl = z.infer<typeof accountCenterFieldControlGuard>;

package/lib/foundations/jsonb-types/account-centers.js

@@ -0,0 +1,25 @@
+import { z } from 'zod';
+export var AccountCenterControlValue;
+(function (AccountCenterControlValue) {
+    AccountCenterControlValue["Off"] = "Off";
+    AccountCenterControlValue["ReadOnly"] = "ReadOnly";
+    AccountCenterControlValue["Edit"] = "Edit";
+})(AccountCenterControlValue || (AccountCenterControlValue = {}));
+/**
+ * Control list of each field in the account center (profile API)
+ * all fields are optional, if not set, the default value is `Off`
+ * this can make the alteration of the field control easier
+ */
+export const accountCenterFieldControlGuard = z
+    .object({
+    name: z.nativeEnum(AccountCenterControlValue),
+    avatar: z.nativeEnum(AccountCenterControlValue),
+    profile: z.nativeEnum(AccountCenterControlValue),
+    email: z.nativeEnum(AccountCenterControlValue),
+    phone: z.nativeEnum(AccountCenterControlValue),
+    password: z.nativeEnum(AccountCenterControlValue),
+    username: z.nativeEnum(AccountCenterControlValue),
+    social: z.nativeEnum(AccountCenterControlValue),
+    customData: z.nativeEnum(AccountCenterControlValue),
+})
+    .partial();

package/lib/foundations/jsonb-types/index.d.ts

@@ -9,5 +9,8 @@ export * from './users.js';
 export * from './sso-connector.js';
 export * from './applications.js';
 export * from './verification-records.js';
+export * from './account-centers.js';
+export * from './saml-application-configs.js';
+export * from './saml-application-sessions.js';
 export { configurableConnectorMetadataGuard, type ConfigurableConnectorMetadata, jsonGuard, jsonObjectGuard, } from '@logto/connector-kit';
 export type { Json, JsonObject } from '@withtyped/server';

package/lib/foundations/jsonb-types/index.js

@@ -9,4 +9,7 @@ export * from './users.js';
 export * from './sso-connector.js';
 export * from './applications.js';
 export * from './verification-records.js';
+export * from './account-centers.js';
+export * from './saml-application-configs.js';
+export * from './saml-application-sessions.js';
 export { configurableConnectorMetadataGuard, jsonGuard, jsonObjectGuard, } from '@logto/connector-kit';

package/lib/foundations/jsonb-types/saml-application-configs.d.ts

@@ -0,0 +1,21 @@
+import { z } from 'zod';
+export type SamlAttributeMapping = Record<string, string>;
+export declare const samlAttributeMappingGuard: z.ZodRecord<z.ZodString, z.ZodString>;
+export declare enum BindingType {
+    Post = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+    Redirect = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+}
+export type SamlAcsUrl = {
+    binding: BindingType;
+    url: string;
+};
+export declare const samlAcsUrlGuard: z.ZodObject<{
+    binding: z.ZodNativeEnum<typeof BindingType>;
+    url: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    url: string;
+    binding: BindingType;
+}, {
+    url: string;
+    binding: BindingType;
+}>;

package/lib/foundations/jsonb-types/saml-application-configs.js

@@ -0,0 +1,11 @@
+import { z } from 'zod';
+export const samlAttributeMappingGuard = z.record(z.string());
+export var BindingType;
+(function (BindingType) {
+    BindingType["Post"] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+    BindingType["Redirect"] = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
+})(BindingType || (BindingType = {}));
+export const samlAcsUrlGuard = z.object({
+    binding: z.nativeEnum(BindingType),
+    url: z.string().url(),
+});