@logto/schemas 1.24.1 → 1.26.0

package/alterations/1.25.0-1739429593-add-legacy-password-encryption.ts

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter type users_password_encryption_method add value 'Legacy';
+    `);
+  },
+  down: async (pool) => {
+    const { rows } = await pool.query(sql`
+      select id from users
+      where password_encryption_method = ${'Legacy'}
+    `);
+    if (rows.length > 0) {
+      throw new Error('There are users with password encryption method Legacy.');
+    }
+
+    await pool.query(sql`
+      create type users_password_encryption_method_revised as enum (
+        'Argon2i', 'Argon2id', 'Argon2d', 'SHA1', 'SHA256', 'MD5', 'Bcrypt'
+      );
+
+      alter table users 
+      alter column password_encryption_method type users_password_encryption_method_revised 
+      using password_encryption_method::text::users_password_encryption_method_revised;
+
+      drop type users_password_encryption_method;
+      alter type users_password_encryption_method_revised rename to users_password_encryption_method;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.26.0-1740982044-add-one-time-tokens-table.ts

@@ -0,0 +1,36 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table one_time_tokens (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        email varchar(128) not null,
+        token varchar(256) not null,
+        context jsonb not null default '{}'::jsonb,
+        status varchar(64) not null default 'active',
+        created_at timestamptz not null default(now()),
+        expires_at timestamptz not null,
+        primary key (id)
+      );
+
+      create index one_time_token__email_status on one_time_tokens (tenant_id, email, status);
+    `);
+
+    await applyTableRls(pool, 'one_time_tokens');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'one_time_tokens');
+    await pool.query(sql`
+      drop table if exists one_time_tokens;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.26.0-1741240284-add-captcha-policy.ts

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column captcha_policy jsonb not null default '{}'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column captcha_policy;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.26.0-1741318144-add-one-time-token-unique-index.ts

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create unique index one_time_token__token on one_time_tokens (tenant_id, token);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index if exists one_time_token__token;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.26.0-1741572426-add-captcha-providers.ts

@@ -0,0 +1,34 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table captcha_providers (
+        tenant_id varchar(21) not null 
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(128) not null,
+        config jsonb /* @use CaptchaConfig */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        updated_at timestamptz not null default(now()),
+        primary key (id),
+        unique (tenant_id)
+      );
+
+      create index captcha_providers__id
+        on captcha_providers (tenant_id, id);
+    `);
+    await applyTableRls(pool, 'captcha_providers');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'captcha_providers');
+    await pool.query(sql`
+      drop table captcha_providers;
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.25.0-1739429593-add-legacy-password-encryption.js

@@ -0,0 +1,30 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter type users_password_encryption_method add value 'Legacy';
+    `);
+    },
+    down: async (pool) => {
+        const { rows } = await pool.query(sql `
+      select id from users
+      where password_encryption_method = ${'Legacy'}
+    `);
+        if (rows.length > 0) {
+            throw new Error('There are users with password encryption method Legacy.');
+        }
+        await pool.query(sql `
+      create type users_password_encryption_method_revised as enum (
+        'Argon2i', 'Argon2id', 'Argon2d', 'SHA1', 'SHA256', 'MD5', 'Bcrypt'
+      );
+
+      alter table users 
+      alter column password_encryption_method type users_password_encryption_method_revised 
+      using password_encryption_method::text::users_password_encryption_method_revised;
+
+      drop type users_password_encryption_method;
+      alter type users_password_encryption_method_revised rename to users_password_encryption_method;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.26.0-1740982044-add-one-time-tokens-table.js

@@ -0,0 +1,30 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table one_time_tokens (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        email varchar(128) not null,
+        token varchar(256) not null,
+        context jsonb not null default '{}'::jsonb,
+        status varchar(64) not null default 'active',
+        created_at timestamptz not null default(now()),
+        expires_at timestamptz not null,
+        primary key (id)
+      );
+
+      create index one_time_token__email_status on one_time_tokens (tenant_id, email, status);
+    `);
+        await applyTableRls(pool, 'one_time_tokens');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'one_time_tokens');
+        await pool.query(sql `
+      drop table if exists one_time_tokens;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.26.0-1741240284-add-captcha-policy.js

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column captcha_policy jsonb not null default '{}'::jsonb;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column captcha_policy;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.26.0-1741318144-add-one-time-token-unique-index.js

@@ -0,0 +1,14 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create unique index one_time_token__token on one_time_tokens (tenant_id, token);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index if exists one_time_token__token;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.26.0-1741572426-add-captcha-providers.js

@@ -0,0 +1,29 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table captcha_providers (
+        tenant_id varchar(21) not null 
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(128) not null,
+        config jsonb /* @use CaptchaConfig */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        updated_at timestamptz not null default(now()),
+        primary key (id),
+        unique (tenant_id)
+      );
+
+      create index captcha_providers__id
+        on captcha_providers (tenant_id, id);
+    `);
+        await applyTableRls(pool, 'captcha_providers');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'captcha_providers');
+        await pool.query(sql `
+      drop table captcha_providers;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/experience.d.ts

@@ -7,5 +7,7 @@ export declare const experience: Readonly<{
         readonly resetPassword: "reset-password";
         readonly identifierSignIn: "identifier-sign-in";
         readonly identifierRegister: "identifier-register";
+        readonly switchAccount: "switch-account";
+        readonly error: "error";
     }>;
 }>;

package/lib/consts/experience.js

@@ -6,6 +6,8 @@ const routes = Object.freeze({
     resetPassword: 'reset-password',
     identifierSignIn: 'identifier-sign-in',
     identifierRegister: 'identifier-register',
+    switchAccount: 'switch-account',
+    error: 'error',
 });
 export const experience = Object.freeze({
     routes,

package/lib/consts/oidc.d.ts

@@ -49,7 +49,11 @@ export declare enum ExtraParamsKey {
      *
      * @see {@link SignInIdentifier} for available values.
      */
-    Identifier = "identifier"
+    Identifier = "identifier",
+    /**
+     * The one-time token used as a proof for the user's identity. Example use case: Magic link.
+     */
+    OneTimeToken = "one_time_token"
 }
 /** @deprecated Use {@link FirstScreen} instead. */
 export declare enum InteractionMode {
@@ -73,6 +77,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     organization_id: z.ZodOptional<z.ZodString>;
     login_hint: z.ZodOptional<z.ZodString>;
     identifier: z.ZodOptional<z.ZodString>;
+    one_time_token: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     interaction_mode?: InteractionMode | undefined;
     first_screen?: FirstScreen | undefined;
@@ -80,6 +85,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     organization_id?: string | undefined;
     login_hint?: string | undefined;
     identifier?: string | undefined;
+    one_time_token?: string | undefined;
 }, {
     interaction_mode?: InteractionMode | undefined;
     first_screen?: FirstScreen | undefined;
@@ -87,6 +93,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     organization_id?: string | undefined;
     login_hint?: string | undefined;
     identifier?: string | undefined;
+    one_time_token?: string | undefined;
 }>;
 export type ExtraParamsObject = Partial<{
     [ExtraParamsKey.InteractionMode]: InteractionMode;
@@ -95,4 +102,5 @@ export type ExtraParamsObject = Partial<{
     [ExtraParamsKey.OrganizationId]: string;
     [ExtraParamsKey.LoginHint]: string;
     [ExtraParamsKey.Identifier]: string;
+    [ExtraParamsKey.OneTimeToken]: string;
 }>;

package/lib/consts/oidc.js

@@ -52,6 +52,10 @@ export var ExtraParamsKey;
      * @see {@link SignInIdentifier} for available values.
      */
     ExtraParamsKey["Identifier"] = "identifier";
+    /**
+     * The one-time token used as a proof for the user's identity. Example use case: Magic link.
+     */
+    ExtraParamsKey["OneTimeToken"] = "one_time_token";
 })(ExtraParamsKey || (ExtraParamsKey = {}));
 /** @deprecated Use {@link FirstScreen} instead. */
 export var InteractionMode;
@@ -78,5 +82,6 @@ export const extraParamsObjectGuard = z
     [ExtraParamsKey.OrganizationId]: z.string(),
     [ExtraParamsKey.LoginHint]: z.string(),
     [ExtraParamsKey.Identifier]: z.string(),
+    [ExtraParamsKey.OneTimeToken]: z.string(),
 })
     .partial();

package/lib/db-entries/captcha-provider.d.ts

@@ -0,0 +1,22 @@
+import { CaptchaConfig, GeneratedSchema } from './../foundations/index.js';
+/**
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link CaptchaProvider} for the original type.
+ */
+export type CreateCaptchaProvider = {
+    tenantId?: string;
+    id: string;
+    config?: CaptchaConfig;
+    createdAt?: number;
+    updatedAt?: number;
+};
+export type CaptchaProvider = {
+    tenantId: string;
+    id: string;
+    config: CaptchaConfig;
+    createdAt: number;
+    updatedAt: number;
+};
+export type CaptchaProviderKeys = 'tenantId' | 'id' | 'config' | 'createdAt' | 'updatedAt';
+export declare const CaptchaProviders: GeneratedSchema<CaptchaProviderKeys, CreateCaptchaProvider, CaptchaProvider, 'captcha_providers', 'captcha_provider'>;

package/lib/db-entries/captcha-provider.js

@@ -0,0 +1,38 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+import { captchaConfigGuard } from './../foundations/index.js';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    id: z.string().min(1).max(128),
+    config: captchaConfigGuard.optional(),
+    createdAt: z.number().optional(),
+    updatedAt: z.number().optional(),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    id: z.string().min(1).max(128),
+    config: captchaConfigGuard,
+    createdAt: z.number(),
+    updatedAt: z.number(),
+});
+export const CaptchaProviders = Object.freeze({
+    table: 'captcha_providers',
+    tableSingular: 'captcha_provider',
+    fields: {
+        tenantId: 'tenant_id',
+        id: 'id',
+        config: 'config',
+        createdAt: 'created_at',
+        updatedAt: 'updated_at',
+    },
+    fieldKeys: [
+        'tenantId',
+        'id',
+        'config',
+        'createdAt',
+        'updatedAt',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/custom-types.d.ts

@@ -43,5 +43,6 @@ export declare enum UsersPasswordEncryptionMethod {
     SHA1 = "SHA1",
     SHA256 = "SHA256",
     MD5 = "MD5",
-    Bcrypt = "Bcrypt"
+    Bcrypt = "Bcrypt",
+    Legacy = "Legacy"
 }

package/lib/db-entries/custom-types.js

@@ -53,4 +53,5 @@ export var UsersPasswordEncryptionMethod;
     UsersPasswordEncryptionMethod["SHA256"] = "SHA256";
     UsersPasswordEncryptionMethod["MD5"] = "MD5";
     UsersPasswordEncryptionMethod["Bcrypt"] = "Bcrypt";
+    UsersPasswordEncryptionMethod["Legacy"] = "Legacy";
 })(UsersPasswordEncryptionMethod || (UsersPasswordEncryptionMethod = {}));

package/lib/db-entries/index.d.ts

@@ -13,6 +13,7 @@ export * from './application-user-consent-resource-scope.js';
 export * from './application-user-consent-user-scope.js';
 export * from './application.js';
 export * from './applications-role.js';
+export * from './captcha-provider.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
 export * from './daily-active-user.js';
@@ -24,6 +25,7 @@ export * from './idp-initiated-saml-sso-session.js';
 export * from './log.js';
 export * from './logto-config.js';
 export * from './oidc-model-instance.js';
+export * from './one-time-token.js';
 export * from './organization-application-relation.js';
 export * from './organization-invitation-role-relation.js';
 export * from './organization-invitation.js';

package/lib/db-entries/index.js

@@ -14,6 +14,7 @@ export * from './application-user-consent-resource-scope.js';
 export * from './application-user-consent-user-scope.js';
 export * from './application.js';
 export * from './applications-role.js';
+export * from './captcha-provider.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
 export * from './daily-active-user.js';
@@ -25,6 +26,7 @@ export * from './idp-initiated-saml-sso-session.js';
 export * from './log.js';
 export * from './logto-config.js';
 export * from './oidc-model-instance.js';
+export * from './one-time-token.js';
 export * from './organization-application-relation.js';
 export * from './organization-invitation-role-relation.js';
 export * from './organization-invitation.js';

package/lib/db-entries/one-time-token.d.ts

@@ -0,0 +1,28 @@
+import { OneTimeTokenContext, OneTimeTokenStatus, GeneratedSchema } from './../foundations/index.js';
+/**
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link OneTimeToken} for the original type.
+ */
+export type CreateOneTimeToken = {
+    tenantId?: string;
+    id: string;
+    email: string;
+    token: string;
+    context?: OneTimeTokenContext;
+    status?: OneTimeTokenStatus;
+    createdAt?: number;
+    expiresAt: number;
+};
+export type OneTimeToken = {
+    tenantId: string;
+    id: string;
+    email: string;
+    token: string;
+    context: OneTimeTokenContext;
+    status: OneTimeTokenStatus;
+    createdAt: number;
+    expiresAt: number;
+};
+export type OneTimeTokenKeys = 'tenantId' | 'id' | 'email' | 'token' | 'context' | 'status' | 'createdAt' | 'expiresAt';
+export declare const OneTimeTokens: GeneratedSchema<OneTimeTokenKeys, CreateOneTimeToken, OneTimeToken, 'one_time_tokens', 'one_time_token'>;

package/lib/db-entries/one-time-token.js

@@ -0,0 +1,50 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+import { oneTimeTokenContextGuard, oneTimeTokenStatusGuard } from './../foundations/index.js';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    id: z.string().min(1).max(21),
+    email: z.string().min(1).max(128),
+    token: z.string().min(1).max(256),
+    context: oneTimeTokenContextGuard.optional(),
+    status: oneTimeTokenStatusGuard.optional(),
+    createdAt: z.number().optional(),
+    expiresAt: z.number(),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    id: z.string().min(1).max(21),
+    email: z.string().min(1).max(128),
+    token: z.string().min(1).max(256),
+    context: oneTimeTokenContextGuard,
+    status: oneTimeTokenStatusGuard,
+    createdAt: z.number(),
+    expiresAt: z.number(),
+});
+export const OneTimeTokens = Object.freeze({
+    table: 'one_time_tokens',
+    tableSingular: 'one_time_token',
+    fields: {
+        tenantId: 'tenant_id',
+        id: 'id',
+        email: 'email',
+        token: 'token',
+        context: 'context',
+        status: 'status',
+        createdAt: 'created_at',
+        expiresAt: 'expires_at',
+    },
+    fieldKeys: [
+        'tenantId',
+        'id',
+        'email',
+        'token',
+        'context',
+        'status',
+        'createdAt',
+        'expiresAt',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/sign-in-experience.d.ts

@@ -1,4 +1,4 @@
-import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, GeneratedSchema } from './../foundations/index.js';
+import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, CaptchaPolicy, GeneratedSchema } from './../foundations/index.js';
 import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
 /**
  *
@@ -29,6 +29,7 @@ export type CreateSignInExperience = {
     supportEmail?: string | null;
     supportWebsiteUrl?: string | null;
     unknownSessionRedirectUrl?: string | null;
+    captchaPolicy?: CaptchaPolicy;
 };
 export type SignInExperience = {
     tenantId: string;
@@ -54,6 +55,7 @@ export type SignInExperience = {
     supportEmail: string | null;
     supportWebsiteUrl: string | null;
     unknownSessionRedirectUrl: string | null;
+    captchaPolicy: CaptchaPolicy;
 };
-export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl';
+export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy';
 export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;

package/lib/db-entries/sign-in-experience.js

@@ -1,6 +1,6 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
-import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard } from './../foundations/index.js';
+import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard, captchaPolicyGuard } from './../foundations/index.js';
 import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
@@ -25,6 +25,7 @@ const createGuard = z.object({
     supportEmail: z.string().nullable().optional(),
     supportWebsiteUrl: z.string().nullable().optional(),
     unknownSessionRedirectUrl: z.string().nullable().optional(),
+    captchaPolicy: captchaPolicyGuard.optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
@@ -49,6 +50,7 @@ const guard = z.object({
     supportEmail: z.string().nullable(),
     supportWebsiteUrl: z.string().nullable(),
     unknownSessionRedirectUrl: z.string().nullable(),
+    captchaPolicy: captchaPolicyGuard,
 });
 export const SignInExperiences = Object.freeze({
     table: 'sign_in_experiences',
@@ -76,6 +78,7 @@ export const SignInExperiences = Object.freeze({
         supportEmail: 'support_email',
         supportWebsiteUrl: 'support_website_url',
         unknownSessionRedirectUrl: 'unknown_session_redirect_url',
+        captchaPolicy: 'captcha_policy',
     },
     fieldKeys: [
         'tenantId',
@@ -100,6 +103,7 @@ export const SignInExperiences = Object.freeze({
         'supportEmail',
         'supportWebsiteUrl',
         'unknownSessionRedirectUrl',
+        'captchaPolicy',
     ],
     createGuard,
     guard,