@logto/schemas 1.23.0 → 1.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/alterations/1.23.1-1735274337-add-encryption-config-to-saml-apps.ts +35 -0
  2. package/alterations/1.23.1-1735292380-make-saml-app-first-party-app.ts +28 -0
  3. package/alterations-js/1.23.1-1735274337-add-encryption-config-to-saml-apps.js +31 -0
  4. package/alterations-js/1.23.1-1735292380-make-saml-app-first-party-app.js +24 -0
  5. package/lib/db-entries/saml-application-config.d.ts +6 -2
  6. package/lib/db-entries/saml-application-config.js +9 -1
  7. package/lib/foundations/jsonb-types/saml-application-configs.d.ts +43 -2
  8. package/lib/foundations/jsonb-types/saml-application-configs.js +32 -1
  9. package/lib/foundations/jsonb-types/saml-application-configs.test.d.ts +1 -0
  10. package/lib/foundations/jsonb-types/saml-application-configs.test.js +49 -0
  11. package/lib/types/log/index.d.ts +5 -1
  12. package/lib/types/log/index.js +1 -0
  13. package/lib/types/log/saml.d.ts +7 -0
  14. package/lib/types/log/saml.js +6 -0
  15. package/lib/types/logto-config/index.d.ts +67 -67
  16. package/lib/types/logto-config/jwt-customizer.d.ts +117 -117
  17. package/lib/types/saml-application.d.ts +112 -47
  18. package/lib/types/saml-application.js +9 -3
  19. package/lib/types/system.d.ts +3 -0
  20. package/lib/types/system.js +1 -0
  21. package/lib/types/user.d.ts +7 -7
  22. package/package.json +2 -2
  23. package/tables/applications.sql +1 -4
  24. package/tables/saml_application_configs.sql +2 -0
package/lib/types/saml-application.d.ts CHANGED
@@ -1,10 +1,11 @@
1
1
  import { z } from 'zod';
2
- export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extendShape<Pick<z.objectUtil.extendShape<{
2
+ import { NameIdFormat } from '../foundations/index.js';
3
+ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<Pick<z.objectUtil.extendShape<{
3
4
  type: z.ZodOptional<z.ZodType<import("../index.js").ApplicationType, z.ZodTypeDef, import("../index.js").ApplicationType>>;
4
5
  name: z.ZodOptional<z.ZodType<string, z.ZodTypeDef, string>>;
5
- customData: z.ZodOptional<z.ZodOptional<z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>>>;
6
+ customData: z.ZodOptional<z.ZodOptional<z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>>;
6
7
  description: z.ZodOptional<z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>>;
7
- oidcClientMetadata: z.ZodOptional<z.ZodType<import("../index.js").OidcClientMetadata, z.ZodTypeDef, import("../index.js").OidcClientMetadata>>;
8
+ oidcClientMetadata: z.ZodOptional<z.ZodType<import("../foundations/index.js").OidcClientMetadata, z.ZodTypeDef, import("../foundations/index.js").OidcClientMetadata>>;
8
9
  customClientMetadata: z.ZodOptional<z.ZodOptional<z.ZodType<{
9
10
  corsAllowedOrigins?: string[] | undefined;
10
11
  idTokenTtl?: number | undefined;
@@ -30,7 +31,7 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
30
31
  path: string;
31
32
  }[];
32
33
  customDomains?: {
33
- status: import("../index.js").DomainStatus;
34
+ status: import("../foundations/index.js").DomainStatus;
34
35
  domain: string;
35
36
  errorMessage: string | null;
36
37
  dnsRecords: {
@@ -58,7 +59,7 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
58
59
  path: string;
59
60
  }[];
60
61
  customDomains?: {
61
- status: import("../index.js").DomainStatus;
62
+ status: import("../foundations/index.js").DomainStatus;
62
63
  domain: string;
63
64
  errorMessage: string | null;
64
65
  dnsRecords: {
@@ -87,7 +88,7 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
87
88
  secret: z.ZodType<string, z.ZodTypeDef, string>;
88
89
  description: z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>;
89
90
  type: z.ZodType<import("../index.js").ApplicationType, z.ZodTypeDef, import("../index.js").ApplicationType>;
90
- oidcClientMetadata: z.ZodType<import("../index.js").OidcClientMetadata, z.ZodTypeDef, import("../index.js").OidcClientMetadata>;
91
+ oidcClientMetadata: z.ZodType<import("../foundations/index.js").OidcClientMetadata, z.ZodTypeDef, import("../foundations/index.js").OidcClientMetadata>;
91
92
  customClientMetadata: z.ZodOptional<z.ZodType<{
92
93
  corsAllowedOrigins?: string[] | undefined;
93
94
  idTokenTtl?: number | undefined;
@@ -113,7 +114,7 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
113
114
  path: string;
114
115
  }[];
115
116
  customDomains?: {
116
- status: import("../index.js").DomainStatus;
117
+ status: import("../foundations/index.js").DomainStatus;
117
118
  domain: string;
118
119
  errorMessage: string | null;
119
120
  dnsRecords: {
@@ -141,7 +142,7 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
141
142
  path: string;
142
143
  }[];
143
144
  customDomains?: {
144
- status: import("../index.js").DomainStatus;
145
+ status: import("../foundations/index.js").DomainStatus;
145
146
  domain: string;
146
147
  errorMessage: string | null;
147
148
  dnsRecords: {
@@ -162,33 +163,57 @@ export declare const samlApplicationCreateGuard: z.ZodObject<z.objectUtil.extend
162
163
  } | null;
163
164
  }[] | undefined;
164
165
  } | null>>;
165
- customData: z.ZodOptional<z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>>;
166
+ customData: z.ZodOptional<z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>;
166
167
  isThirdParty: z.ZodOptional<z.ZodType<boolean, z.ZodTypeDef, boolean>>;
167
168
  createdAt: z.ZodOptional<z.ZodType<number, z.ZodTypeDef, number>>;
168
169
  }, "type" | "name">>, "name" | "customData" | "description">, {
169
- attributeMapping: z.ZodOptional<z.ZodType<import("../index.js").SamlAttributeMapping, z.ZodTypeDef, import("../index.js").SamlAttributeMapping>>;
170
+ attributeMapping: z.ZodOptional<z.ZodType<Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>>, z.ZodTypeDef, Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>>>>;
170
171
  entityId: z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>;
171
- acsUrl: z.ZodOptional<z.ZodType<import("../index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../index.js").SamlAcsUrl | null>>;
172
+ acsUrl: z.ZodOptional<z.ZodType<import("../foundations/index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../foundations/index.js").SamlAcsUrl | null>>;
173
+ encryption: z.ZodOptional<z.ZodType<{
174
+ encryptAssertion?: boolean | undefined;
175
+ encryptThenSign?: boolean | undefined;
176
+ certificate?: string | undefined;
177
+ } | null, z.ZodTypeDef, {
178
+ encryptAssertion?: boolean | undefined;
179
+ encryptThenSign?: boolean | undefined;
180
+ certificate?: string | undefined;
181
+ } | null>>;
182
+ nameIdFormat: z.ZodOptional<z.ZodType<NameIdFormat, z.ZodTypeDef, NameIdFormat>>;
183
+ }>, {
184
+ nameIdFormat: z.ZodDefault<z.ZodOptional<z.ZodNativeEnum<typeof NameIdFormat>>>;
172
185
  }>, "strip", z.ZodTypeAny, {
173
186
  name: string;
174
- customData?: import("@withtyped/server").JsonObject;
187
+ nameIdFormat: NameIdFormat;
188
+ customData?: import("@withtyped/server/lib/types.js").JsonObject;
175
189
  description?: string | null;
176
- attributeMapping?: import("../index.js").SamlAttributeMapping | undefined;
190
+ attributeMapping?: Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>> | undefined;
177
191
  entityId?: string | null | undefined;
178
- acsUrl?: import("../index.js").SamlAcsUrl | null | undefined;
192
+ acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
193
+ encryption?: {
194
+ encryptAssertion?: boolean | undefined;
195
+ encryptThenSign?: boolean | undefined;
196
+ certificate?: string | undefined;
197
+ } | null | undefined;
179
198
  }, {
180
199
  name: string;
181
- customData?: import("@withtyped/server").JsonObject;
200
+ customData?: import("@withtyped/server/lib/types.js").JsonObject;
182
201
  description?: string | null;
183
- attributeMapping?: import("../index.js").SamlAttributeMapping | undefined;
202
+ attributeMapping?: Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>> | undefined;
184
203
  entityId?: string | null | undefined;
185
- acsUrl?: import("../index.js").SamlAcsUrl | null | undefined;
204
+ acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
205
+ encryption?: {
206
+ encryptAssertion?: boolean | undefined;
207
+ encryptThenSign?: boolean | undefined;
208
+ certificate?: string | undefined;
209
+ } | null | undefined;
210
+ nameIdFormat?: NameIdFormat | undefined;
186
211
  }>;
187
- export type CreateSamlApplication = z.infer<typeof samlApplicationCreateGuard>;
188
- export declare const samlApplicationPatchGuard: z.ZodObject<z.objectUtil.extendShape<Pick<Omit<{
189
- customData: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>>>>;
212
+ export type CreateSamlApplication = z.input<typeof samlApplicationCreateGuard>;
213
+ export declare const samlApplicationPatchGuard: z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<Pick<Omit<{
214
+ customData: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>>>;
190
215
  description: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>>>;
191
- oidcClientMetadata: z.ZodOptional<z.ZodOptional<z.ZodType<import("../index.js").OidcClientMetadata, z.ZodTypeDef, import("../index.js").OidcClientMetadata>>>;
216
+ oidcClientMetadata: z.ZodOptional<z.ZodOptional<z.ZodType<import("../foundations/index.js").OidcClientMetadata, z.ZodTypeDef, import("../foundations/index.js").OidcClientMetadata>>>;
192
217
  customClientMetadata: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodType<{
193
218
  corsAllowedOrigins?: string[] | undefined;
194
219
  idTokenTtl?: number | undefined;
@@ -214,7 +239,7 @@ export declare const samlApplicationPatchGuard: z.ZodObject<z.objectUtil.extendS
214
239
  path: string;
215
240
  }[];
216
241
  customDomains?: {
217
- status: import("../index.js").DomainStatus;
242
+ status: import("../foundations/index.js").DomainStatus;
218
243
  domain: string;
219
244
  errorMessage: string | null;
220
245
  dnsRecords: {
@@ -242,7 +267,7 @@ export declare const samlApplicationPatchGuard: z.ZodObject<z.objectUtil.extendS
242
267
  path: string;
243
268
  }[];
244
269
  customDomains?: {
245
- status: import("../index.js").DomainStatus;
270
+ status: import("../foundations/index.js").DomainStatus;
246
271
  domain: string;
247
272
  errorMessage: string | null;
248
273
  dnsRecords: {
@@ -267,33 +292,57 @@ export declare const samlApplicationPatchGuard: z.ZodObject<z.objectUtil.extendS
267
292
  type: z.ZodOptional<z.ZodType<import("../index.js").ApplicationType, z.ZodTypeDef, import("../index.js").ApplicationType>>;
268
293
  name: z.ZodOptional<z.ZodType<string, z.ZodTypeDef, string>>;
269
294
  }, "type" | "isThirdParty">, "name" | "customData" | "description">, {
270
- attributeMapping: z.ZodOptional<z.ZodType<import("../index.js").SamlAttributeMapping, z.ZodTypeDef, import("../index.js").SamlAttributeMapping>>;
295
+ attributeMapping: z.ZodOptional<z.ZodType<Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>>, z.ZodTypeDef, Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>>>>;
271
296
  entityId: z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>;
272
- acsUrl: z.ZodOptional<z.ZodType<import("../index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../index.js").SamlAcsUrl | null>>;
297
+ acsUrl: z.ZodOptional<z.ZodType<import("../foundations/index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../foundations/index.js").SamlAcsUrl | null>>;
298
+ encryption: z.ZodOptional<z.ZodType<{
299
+ encryptAssertion?: boolean | undefined;
300
+ encryptThenSign?: boolean | undefined;
301
+ certificate?: string | undefined;
302
+ } | null, z.ZodTypeDef, {
303
+ encryptAssertion?: boolean | undefined;
304
+ encryptThenSign?: boolean | undefined;
305
+ certificate?: string | undefined;
306
+ } | null>>;
307
+ nameIdFormat: z.ZodOptional<z.ZodType<NameIdFormat, z.ZodTypeDef, NameIdFormat>>;
308
+ }>, {
309
+ nameIdFormat: z.ZodOptional<z.ZodNativeEnum<typeof NameIdFormat>>;
273
310
  }>, "strip", z.ZodTypeAny, {
274
311
  name?: string | undefined;
275
- customData?: import("@withtyped/server").JsonObject;
312
+ customData?: import("@withtyped/server/lib/types.js").JsonObject;
276
313
  description?: string | null;
277
- attributeMapping?: import("../index.js").SamlAttributeMapping | undefined;
314
+ attributeMapping?: Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>> | undefined;
278
315
  entityId?: string | null | undefined;
279
- acsUrl?: import("../index.js").SamlAcsUrl | null | undefined;
316
+ acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
317
+ encryption?: {
318
+ encryptAssertion?: boolean | undefined;
319
+ encryptThenSign?: boolean | undefined;
320
+ certificate?: string | undefined;
321
+ } | null | undefined;
322
+ nameIdFormat?: NameIdFormat | undefined;
280
323
  }, {
281
324
  name?: string | undefined;
282
- customData?: import("@withtyped/server").JsonObject;
325
+ customData?: import("@withtyped/server/lib/types.js").JsonObject;
283
326
  description?: string | null;
284
- attributeMapping?: import("../index.js").SamlAttributeMapping | undefined;
327
+ attributeMapping?: Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>> | undefined;
285
328
  entityId?: string | null | undefined;
286
- acsUrl?: import("../index.js").SamlAcsUrl | null | undefined;
329
+ acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
330
+ encryption?: {
331
+ encryptAssertion?: boolean | undefined;
332
+ encryptThenSign?: boolean | undefined;
333
+ certificate?: string | undefined;
334
+ } | null | undefined;
335
+ nameIdFormat?: NameIdFormat | undefined;
287
336
  }>;
288
337
  export type PatchSamlApplication = z.infer<typeof samlApplicationPatchGuard>;
289
- export declare const samlApplicationResponseGuard: z.ZodObject<z.objectUtil.extendShape<Omit<{
338
+ export declare const samlApplicationResponseGuard: z.ZodObject<z.objectUtil.extendShape<z.objectUtil.extendShape<Omit<{
290
339
  tenantId: z.ZodType<string, z.ZodTypeDef, string>;
291
340
  id: z.ZodType<string, z.ZodTypeDef, string>;
292
341
  name: z.ZodType<string, z.ZodTypeDef, string>;
293
342
  secret: z.ZodType<string, z.ZodTypeDef, string>;
294
343
  description: z.ZodType<string | null, z.ZodTypeDef, string | null>;
295
344
  type: z.ZodType<import("../index.js").ApplicationType, z.ZodTypeDef, import("../index.js").ApplicationType>;
296
- oidcClientMetadata: z.ZodType<import("../index.js").OidcClientMetadata, z.ZodTypeDef, import("../index.js").OidcClientMetadata>;
345
+ oidcClientMetadata: z.ZodType<import("../foundations/index.js").OidcClientMetadata, z.ZodTypeDef, import("../foundations/index.js").OidcClientMetadata>;
297
346
  customClientMetadata: z.ZodType<{
298
347
  corsAllowedOrigins?: string[] | undefined;
299
348
  idTokenTtl?: number | undefined;
@@ -319,7 +368,7 @@ export declare const samlApplicationResponseGuard: z.ZodObject<z.objectUtil.exte
319
368
  path: string;
320
369
  }[];
321
370
  customDomains?: {
322
- status: import("../index.js").DomainStatus;
371
+ status: import("../foundations/index.js").DomainStatus;
323
372
  domain: string;
324
373
  errorMessage: string | null;
325
374
  dnsRecords: {
@@ -347,7 +396,7 @@ export declare const samlApplicationResponseGuard: z.ZodObject<z.objectUtil.exte
347
396
  path: string;
348
397
  }[];
349
398
  customDomains?: {
350
- status: import("../index.js").DomainStatus;
399
+ status: import("../foundations/index.js").DomainStatus;
351
400
  domain: string;
352
401
  errorMessage: string | null;
353
402
  dnsRecords: {
@@ -368,39 +417,55 @@ export declare const samlApplicationResponseGuard: z.ZodObject<z.objectUtil.exte
368
417
  } | null;
369
418
  }[] | undefined;
370
419
  } | null>;
371
- customData: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
420
+ customData: z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
372
421
  isThirdParty: z.ZodType<boolean, z.ZodTypeDef, boolean>;
373
422
  createdAt: z.ZodType<number, z.ZodTypeDef, number>;
374
423
  }, "secret" | "oidcClientMetadata" | "customClientMetadata" | "protectedAppMetadata">, Pick<{
375
424
  applicationId: z.ZodType<string, z.ZodTypeDef, string>;
376
425
  tenantId: z.ZodType<string, z.ZodTypeDef, string>;
377
- attributeMapping: z.ZodType<import("../index.js").SamlAttributeMapping, z.ZodTypeDef, import("../index.js").SamlAttributeMapping>;
426
+ attributeMapping: z.ZodType<Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>>, z.ZodTypeDef, Partial<Record<"name" | "username" | "email" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "roles" | "organizations" | "organization_data" | "organization_roles" | "custom_data" | "identities" | "sso_identities" | "created_at" | "sub", string>>>;
378
427
  entityId: z.ZodType<string | null, z.ZodTypeDef, string | null>;
379
- acsUrl: z.ZodType<import("../index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../index.js").SamlAcsUrl | null>;
380
- }, "attributeMapping" | "entityId" | "acsUrl">>, "strip", z.ZodTypeAny, {
428
+ acsUrl: z.ZodType<import("../foundations/index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../foundations/index.js").SamlAcsUrl | null>;
429
+ encryption: z.ZodType<{
430
+ encryptAssertion?: boolean | undefined;
431
+ encryptThenSign?: boolean | undefined;
432
+ certificate?: string | undefined;
433
+ } | null, z.ZodTypeDef, {
434
+ encryptAssertion?: boolean | undefined;
435
+ encryptThenSign?: boolean | undefined;
436
+ certificate?: string | undefined;
437
+ } | null>;
438
+ nameIdFormat: z.ZodType<NameIdFormat, z.ZodTypeDef, NameIdFormat>;
439
+ }, "attributeMapping" | "entityId" | "acsUrl" | "encryption" | "nameIdFormat">>, {
440
+ nameIdFormat: z.ZodNativeEnum<typeof NameIdFormat>;
441
+ }>, "strip", z.ZodTypeAny, {
381
442
  type: import("../index.js").ApplicationType;
382
443
  name: string;
383
444
  id: string;
384
445
  tenantId: string;
385
446
  createdAt: number;
386
- customData: import("@withtyped/server").JsonObject;
447
+ customData: import("@withtyped/server/lib/types.js").JsonObject;
387
448
  description: string | null;
388
449
  isThirdParty: boolean;
389
- attributeMapping: import("../index.js").SamlAttributeMapping;
450
+ attributeMapping: import("../foundations/index.js").SamlAttributeMapping;
390
451
  entityId: string | null;
391
- acsUrl: import("../index.js").SamlAcsUrl | null;
452
+ acsUrl: import("../foundations/index.js").SamlAcsUrl | null;
453
+ encryption: import("../foundations/index.js").SamlEncryption | null;
454
+ nameIdFormat: NameIdFormat;
392
455
  }, {
393
456
  type: import("../index.js").ApplicationType;
394
457
  name: string;
395
458
  id: string;
396
459
  tenantId: string;
397
460
  createdAt: number;
398
- customData: import("@withtyped/server").JsonObject;
461
+ customData: import("@withtyped/server/lib/types.js").JsonObject;
399
462
  description: string | null;
400
463
  isThirdParty: boolean;
401
- attributeMapping: import("../index.js").SamlAttributeMapping;
464
+ attributeMapping: import("../foundations/index.js").SamlAttributeMapping;
402
465
  entityId: string | null;
403
- acsUrl: import("../index.js").SamlAcsUrl | null;
466
+ acsUrl: import("../foundations/index.js").SamlAcsUrl | null;
467
+ encryption: import("../foundations/index.js").SamlEncryption | null;
468
+ nameIdFormat: NameIdFormat;
404
469
  }>;
405
470
  export type SamlApplicationResponse = z.infer<typeof samlApplicationResponseGuard>;
406
471
  type FingerprintFormat = {
@@ -467,8 +532,8 @@ export declare const samlApplicationSecretResponseGuard: z.ZodObject<z.objectUti
467
532
  }>, "strip", z.ZodTypeAny, {
468
533
  id: string;
469
534
  createdAt: number;
470
- expiresAt: number;
471
535
  certificate: string;
536
+ expiresAt: number;
472
537
  active: boolean;
473
538
  fingerprints: {
474
539
  sha256: {
@@ -479,8 +544,8 @@ export declare const samlApplicationSecretResponseGuard: z.ZodObject<z.objectUti
479
544
  }, {
480
545
  id: string;
481
546
  createdAt: number;
482
- expiresAt: number;
483
547
  certificate: string;
548
+ expiresAt: number;
484
549
  active: boolean;
485
550
  fingerprints: {
486
551
  sha256: {
package/lib/types/saml-application.js CHANGED
@@ -2,11 +2,14 @@ import { z } from 'zod';
2
2
  import { Applications } from '../db-entries/application.js';
3
3
  import { SamlApplicationConfigs } from '../db-entries/saml-application-config.js';
4
4
  import { SamlApplicationSecrets } from '../db-entries/saml-application-secret.js';
5
+ import { nameIdFormatGuard, NameIdFormat } from '../foundations/index.js';
5
6
  import { applicationCreateGuard, applicationPatchGuard } from './application.js';
6
7
  const samlAppConfigGuard = SamlApplicationConfigs.guard.pick({
7
8
  attributeMapping: true,
8
9
  entityId: true,
9
10
  acsUrl: true,
11
+ encryption: true,
12
+ nameIdFormat: true,
10
13
  });
11
14
  export const samlApplicationCreateGuard = applicationCreateGuard
12
15
  .pick({
@@ -15,7 +18,8 @@ export const samlApplicationCreateGuard = applicationCreateGuard
15
18
  customData: true,
16
19
  })
17
20
  // The reason for encapsulating attributeMapping and spMetadata into an object within the config field is that you cannot provide only one of `attributeMapping` or `spMetadata`. Due to the structure of the `saml_application_configs` table, both must be not null.
18
- .merge(samlAppConfigGuard.partial());
21
+ .merge(samlAppConfigGuard.partial())
22
+ .extend({ nameIdFormat: nameIdFormatGuard.optional().default(NameIdFormat.Persistent) });
19
23
  export const samlApplicationPatchGuard = applicationPatchGuard
20
24
  .pick({
21
25
  name: true,
@@ -23,7 +27,8 @@ export const samlApplicationPatchGuard = applicationPatchGuard
23
27
  customData: true,
24
28
  })
25
29
  // The reason for encapsulating attributeMapping and spMetadata into an object within the config field is that you cannot provide only one of `attributeMapping` or `spMetadata`. Due to the structure of the `saml_application_configs` table, both must be not null.
26
- .merge(samlAppConfigGuard.partial());
30
+ .merge(samlAppConfigGuard.partial())
31
+ .extend({ nameIdFormat: nameIdFormatGuard.optional() });
27
32
  export const samlApplicationResponseGuard = Applications.guard
28
33
  .omit({
29
34
  secret: true,
@@ -34,7 +39,8 @@ export const samlApplicationResponseGuard = Applications.guard
34
39
  .merge(
35
40
  // Partial to allow the optional fields to be omitted in the response.
36
41
  // When starting to create a SAML application, SAML configuration is optional, which can lead to the absence of SAML configuration.
37
- samlAppConfigGuard);
42
+ samlAppConfigGuard)
43
+ .extend({ nameIdFormat: nameIdFormatGuard });
38
44
  const fingerprintFormatGuard = z.object({
39
45
  formatted: z.string(),
40
46
  unformatted: z.string(),
package/lib/types/system.d.ts CHANGED
@@ -39,6 +39,7 @@ export declare const storageProviderDataGuard: z.ZodDiscriminatedUnion<"provider
39
39
  endpoint: z.ZodOptional<z.ZodString>;
40
40
  region: z.ZodOptional<z.ZodString>;
41
41
  bucket: z.ZodString;
42
+ forcePathStyle: z.ZodOptional<z.ZodBoolean>;
42
43
  accessKeyId: z.ZodString;
43
44
  accessSecretKey: z.ZodString;
44
45
  }, "strip", z.ZodTypeAny, {
@@ -49,6 +50,7 @@ export declare const storageProviderDataGuard: z.ZodDiscriminatedUnion<"provider
49
50
  region?: string | undefined;
50
51
  publicUrl?: string | undefined;
51
52
  endpoint?: string | undefined;
53
+ forcePathStyle?: boolean | undefined;
52
54
  }, {
53
55
  provider: StorageProvider.S3Storage;
54
56
  bucket: string;
@@ -57,6 +59,7 @@ export declare const storageProviderDataGuard: z.ZodDiscriminatedUnion<"provider
57
59
  region?: string | undefined;
58
60
  publicUrl?: string | undefined;
59
61
  endpoint?: string | undefined;
62
+ forcePathStyle?: boolean | undefined;
60
63
  }>, z.ZodObject<{
61
64
  publicUrl: z.ZodOptional<z.ZodString>;
62
65
  provider: z.ZodLiteral<StorageProvider.GoogleStorage>;
package/lib/types/system.js CHANGED
@@ -32,6 +32,7 @@ export const storageProviderDataGuard = z.discriminatedUnion('provider', [
32
32
  endpoint: z.string().optional(),
33
33
  region: z.string().optional(),
34
34
  bucket: z.string(),
35
+ forcePathStyle: z.boolean().optional(),
35
36
  accessKeyId: z.string(),
36
37
  accessSecretKey: z.string(),
37
38
  ...basicConfig,
package/lib/types/user.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import { z } from 'zod';
2
2
  import { type User } from '../db-entries/index.js';
3
3
  import { MfaFactor } from '../foundations/index.js';
4
- export declare const userInfoSelectFields: readonly ("name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "updatedAt" | "primaryEmail" | "primaryPhone" | "identities" | "isSuspended" | "lastSignInAt")[];
4
+ export declare const userInfoSelectFields: readonly ("name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "identities" | "updatedAt" | "primaryEmail" | "primaryPhone" | "isSuspended" | "lastSignInAt")[];
5
5
  export declare const userInfoGuard: z.ZodObject<Pick<{
6
6
  tenantId: z.ZodType<string, z.ZodTypeDef, string>;
7
7
  id: z.ZodType<string, z.ZodTypeDef, string>;
@@ -118,7 +118,7 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
118
118
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
119
119
  createdAt: z.ZodType<number, z.ZodTypeDef, number>;
120
120
  updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
121
- }, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "updatedAt" | "primaryEmail" | "primaryPhone" | "identities" | "isSuspended" | "lastSignInAt">, "strip", z.ZodTypeAny, {
121
+ }, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "identities" | "updatedAt" | "primaryEmail" | "primaryPhone" | "isSuspended" | "lastSignInAt">, "strip", z.ZodTypeAny, {
122
122
  name: string | null;
123
123
  id: string;
124
124
  applicationId: string | null;
@@ -127,10 +127,10 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
127
127
  profile: import("../foundations/index.js").UserProfile;
128
128
  avatar: string | null;
129
129
  customData: import("@withtyped/server/lib/types.js").JsonObject;
130
+ identities: import("../foundations/index.js").Identities;
130
131
  updatedAt: number;
131
132
  primaryEmail: string | null;
132
133
  primaryPhone: string | null;
133
- identities: import("../foundations/index.js").Identities;
134
134
  isSuspended: boolean;
135
135
  lastSignInAt: number | null;
136
136
  }, {
@@ -142,10 +142,10 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
142
142
  profile: import("../foundations/index.js").UserProfile;
143
143
  avatar: string | null;
144
144
  customData: import("@withtyped/server/lib/types.js").JsonObject;
145
+ identities: import("../foundations/index.js").Identities;
145
146
  updatedAt: number;
146
147
  primaryEmail: string | null;
147
148
  primaryPhone: string | null;
148
- identities: import("../foundations/index.js").Identities;
149
149
  isSuspended: boolean;
150
150
  lastSignInAt: number | null;
151
151
  }>;
@@ -266,7 +266,7 @@ export declare const userProfileResponseGuard: z.ZodObject<z.objectUtil.extendSh
266
266
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
267
267
  createdAt: z.ZodType<number, z.ZodTypeDef, number>;
268
268
  updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
269
- }, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "updatedAt" | "primaryEmail" | "primaryPhone" | "identities" | "isSuspended" | "lastSignInAt">, {
269
+ }, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "identities" | "updatedAt" | "primaryEmail" | "primaryPhone" | "isSuspended" | "lastSignInAt">, {
270
270
  hasPassword: z.ZodOptional<z.ZodBoolean>;
271
271
  ssoIdentities: z.ZodOptional<z.ZodArray<import("../foundations/schemas.js").Guard<import("../db-entries/user-sso-identity.js").UserSsoIdentity>, "many">>;
272
272
  }>, "strip", z.ZodTypeAny, {
@@ -278,10 +278,10 @@ export declare const userProfileResponseGuard: z.ZodObject<z.objectUtil.extendSh
278
278
  profile: import("../foundations/index.js").UserProfile;
279
279
  avatar: string | null;
280
280
  customData: import("@withtyped/server/lib/types.js").JsonObject;
281
+ identities: import("../foundations/index.js").Identities;
281
282
  updatedAt: number;
282
283
  primaryEmail: string | null;
283
284
  primaryPhone: string | null;
284
- identities: import("../foundations/index.js").Identities;
285
285
  isSuspended: boolean;
286
286
  lastSignInAt: number | null;
287
287
  hasPassword?: boolean | undefined;
@@ -295,10 +295,10 @@ export declare const userProfileResponseGuard: z.ZodObject<z.objectUtil.extendSh
295
295
  profile: import("../foundations/index.js").UserProfile;
296
296
  avatar: string | null;
297
297
  customData: import("@withtyped/server/lib/types.js").JsonObject;
298
+ identities: import("../foundations/index.js").Identities;
298
299
  updatedAt: number;
299
300
  primaryEmail: string | null;
300
301
  primaryPhone: string | null;
301
- identities: import("../foundations/index.js").Identities;
302
302
  isSuspended: boolean;
303
303
  lastSignInAt: number | null;
304
304
  hasPassword?: boolean | undefined;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@logto/schemas",
3
- "version": "1.23.0",
3
+ "version": "1.24.0",
4
4
  "author": "Silverhand Inc. <contact@silverhand.io>",
5
5
  "license": "MPL-2.0",
6
6
  "type": "module",
@@ -66,7 +66,7 @@
66
66
  "@logto/connector-kit": "^4.1.0",
67
67
  "@logto/core-kit": "^2.5.2",
68
68
  "@logto/language-kit": "^1.1.0",
69
- "@logto/phrases": "^1.16.0",
69
+ "@logto/phrases": "^1.17.0",
70
70
  "@logto/phrases-experience": "^1.9.0",
71
71
  "@logto/shared": "^3.1.2",
72
72
  "@withtyped/server": "^0.14.0",
package/tables/applications.sql CHANGED
@@ -17,10 +17,7 @@ create table applications (
17
17
  custom_data jsonb /* @use JsonObject */ not null default '{}'::jsonb,
18
18
  is_third_party boolean not null default false,
19
19
  created_at timestamptz not null default(now()),
20
- primary key (id),
21
- constraint check_saml_app_third_party_consistency check (
22
- type != 'SAML' OR (type = 'SAML' AND is_third_party = true)
23
- )
20
+ primary key (id)
24
21
  );
25
22
 
26
23
  create index applications__id
package/tables/saml_application_configs.sql CHANGED
@@ -9,6 +9,8 @@ create table saml_application_configs (
9
9
  attribute_mapping jsonb /* @use SamlAttributeMapping */ not null default '{}'::jsonb,
10
10
  entity_id varchar(128),
11
11
  acs_url jsonb /* @use SamlAcsUrl */,
12
+ encryption jsonb /* @use SamlEncryption */,
13
+ name_id_format varchar(128) /* @use NameIdFormat */ not null,
12
14
  primary key (tenant_id, application_id),
13
15
  constraint saml_application_configs__application_type
14
16
  check (check_application_type(application_id, 'SAML'))