@logto/schemas 1.28.0 → 1.30.0

package/lib/types/verification-records/password-verification.d.ts

@@ -0,0 +1,40 @@
+import { z } from 'zod';
+import { type VerificationIdentifier } from '../interactions.js';
+import { VerificationType } from './verification-type.js';
+export type PasswordVerificationRecordData = {
+    id: string;
+    type: VerificationType.Password;
+    identifier: VerificationIdentifier;
+    verified: boolean;
+};
+export declare const passwordVerificationRecordDataGuard: z.ZodObject<{
+    id: z.ZodString;
+    type: z.ZodLiteral<VerificationType.Password>;
+    identifier: z.ZodObject<{
+        type: z.ZodUnion<[z.ZodNativeEnum<typeof import("../../index.js").SignInIdentifier>, z.ZodNativeEnum<typeof import("../../index.js").AdditionalIdentifier>]>;
+        value: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        value: string;
+        type: import("../../index.js").SignInIdentifier | import("../../index.js").AdditionalIdentifier;
+    }, {
+        value: string;
+        type: import("../../index.js").SignInIdentifier | import("../../index.js").AdditionalIdentifier;
+    }>;
+    verified: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    type: VerificationType.Password;
+    id: string;
+    identifier: {
+        value: string;
+        type: import("../../index.js").SignInIdentifier | import("../../index.js").AdditionalIdentifier;
+    };
+    verified: boolean;
+}, {
+    type: VerificationType.Password;
+    id: string;
+    identifier: {
+        value: string;
+        type: import("../../index.js").SignInIdentifier | import("../../index.js").AdditionalIdentifier;
+    };
+    verified: boolean;
+}>;

package/lib/types/verification-records/password-verification.js

@@ -0,0 +1,9 @@
+import { z } from 'zod';
+import { verificationIdentifierGuard } from '../interactions.js';
+import { VerificationType } from './verification-type.js';
+export const passwordVerificationRecordDataGuard = z.object({
+    id: z.string(),
+    type: z.literal(VerificationType.Password),
+    identifier: verificationIdentifierGuard,
+    verified: z.boolean(),
+});

package/lib/types/verification-records/social-verification.d.ts

@@ -0,0 +1,270 @@
+import { type ConnectorSession, type SocialUserInfo } from '@logto/connector-kit';
+import { z } from 'zod';
+import { type EncryptedTokenSet } from '../secrets.js';
+import { VerificationType } from './verification-type.js';
+/** The JSON data type for the SocialVerification record stored in the interaction storage */
+export type SocialVerificationRecordData = {
+    id: string;
+    connectorId: string;
+    type: VerificationType.Social;
+    /**
+     * The social identity returned by the connector.
+     */
+    socialUserInfo?: SocialUserInfo;
+    encryptedTokenSet?: EncryptedTokenSet;
+    /**
+     * The connector session result
+     */
+    connectorSession?: ConnectorSession;
+};
+export declare const socialVerificationRecordDataGuard: z.ZodObject<{
+    id: z.ZodString;
+    connectorId: z.ZodString;
+    type: z.ZodLiteral<VerificationType.Social>;
+    socialUserInfo: z.ZodOptional<z.ZodObject<{
+        id: z.ZodString;
+        email: z.ZodOptional<z.ZodString>;
+        phone: z.ZodOptional<z.ZodString>;
+        name: z.ZodOptional<z.ZodString>;
+        avatar: z.ZodOptional<z.ZodString>;
+        rawData: z.ZodOptional<z.ZodType<import("@withtyped/server").Json, z.ZodTypeDef, import("@withtyped/server").Json>>;
+    }, "strip", z.ZodTypeAny, {
+        id: string;
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        avatar?: string | undefined;
+        rawData?: import("@withtyped/server").Json | undefined;
+    }, {
+        id: string;
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        avatar?: string | undefined;
+        rawData?: import("@withtyped/server").Json | undefined;
+    }>>;
+    encryptedTokenSet: z.ZodOptional<z.ZodObject<{
+        encryptedTokenSetBase64: z.ZodString;
+        metadata: z.ZodObject<{
+            scope: z.ZodOptional<z.ZodString>;
+            expiresAt: z.ZodOptional<z.ZodNumber>;
+            tokenType: z.ZodOptional<z.ZodString>;
+            hasRefreshToken: z.ZodBoolean;
+        }, "strip", z.ZodTypeAny, {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        }, {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        }>;
+    }, "strip", z.ZodTypeAny, {
+        metadata: {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        };
+        encryptedTokenSetBase64: string;
+    }, {
+        metadata: {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        };
+        encryptedTokenSetBase64: string;
+    }>>;
+    connectorSession: z.ZodOptional<z.ZodObject<{
+        nonce: z.ZodOptional<z.ZodString>;
+        redirectUri: z.ZodOptional<z.ZodString>;
+        connectorId: z.ZodOptional<z.ZodString>;
+        connectorFactoryId: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        state: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodUnknown, z.objectOutputType<{
+        nonce: z.ZodOptional<z.ZodString>;
+        redirectUri: z.ZodOptional<z.ZodString>;
+        connectorId: z.ZodOptional<z.ZodString>;
+        connectorFactoryId: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        state: z.ZodOptional<z.ZodString>;
+    }, z.ZodUnknown, "strip">, z.objectInputType<{
+        nonce: z.ZodOptional<z.ZodString>;
+        redirectUri: z.ZodOptional<z.ZodString>;
+        connectorId: z.ZodOptional<z.ZodString>;
+        connectorFactoryId: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        state: z.ZodOptional<z.ZodString>;
+    }, z.ZodUnknown, "strip">>>;
+}, "strip", z.ZodTypeAny, {
+    type: VerificationType.Social;
+    id: string;
+    connectorId: string;
+    encryptedTokenSet?: {
+        metadata: {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        };
+        encryptedTokenSetBase64: string;
+    } | undefined;
+    socialUserInfo?: {
+        id: string;
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        avatar?: string | undefined;
+        rawData?: import("@withtyped/server").Json | undefined;
+    } | undefined;
+    connectorSession?: z.objectOutputType<{
+        nonce: z.ZodOptional<z.ZodString>;
+        redirectUri: z.ZodOptional<z.ZodString>;
+        connectorId: z.ZodOptional<z.ZodString>;
+        connectorFactoryId: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        state: z.ZodOptional<z.ZodString>;
+    }, z.ZodUnknown, "strip"> | undefined;
+}, {
+    type: VerificationType.Social;
+    id: string;
+    connectorId: string;
+    encryptedTokenSet?: {
+        metadata: {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        };
+        encryptedTokenSetBase64: string;
+    } | undefined;
+    socialUserInfo?: {
+        id: string;
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        avatar?: string | undefined;
+        rawData?: import("@withtyped/server").Json | undefined;
+    } | undefined;
+    connectorSession?: z.objectInputType<{
+        nonce: z.ZodOptional<z.ZodString>;
+        redirectUri: z.ZodOptional<z.ZodString>;
+        connectorId: z.ZodOptional<z.ZodString>;
+        connectorFactoryId: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        state: z.ZodOptional<z.ZodString>;
+    }, z.ZodUnknown, "strip"> | undefined;
+}>;
+export type SanitizedSocialVerificationRecordData = Omit<SocialVerificationRecordData, 'encryptedTokenSet' | 'connectorSession'>;
+export declare const sanitizedSocialVerificationRecordDataGuard: z.ZodObject<Omit<{
+    id: z.ZodString;
+    connectorId: z.ZodString;
+    type: z.ZodLiteral<VerificationType.Social>;
+    socialUserInfo: z.ZodOptional<z.ZodObject<{
+        id: z.ZodString;
+        email: z.ZodOptional<z.ZodString>;
+        phone: z.ZodOptional<z.ZodString>;
+        name: z.ZodOptional<z.ZodString>;
+        avatar: z.ZodOptional<z.ZodString>;
+        rawData: z.ZodOptional<z.ZodType<import("@withtyped/server").Json, z.ZodTypeDef, import("@withtyped/server").Json>>;
+    }, "strip", z.ZodTypeAny, {
+        id: string;
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        avatar?: string | undefined;
+        rawData?: import("@withtyped/server").Json | undefined;
+    }, {
+        id: string;
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        avatar?: string | undefined;
+        rawData?: import("@withtyped/server").Json | undefined;
+    }>>;
+    encryptedTokenSet: z.ZodOptional<z.ZodObject<{
+        encryptedTokenSetBase64: z.ZodString;
+        metadata: z.ZodObject<{
+            scope: z.ZodOptional<z.ZodString>;
+            expiresAt: z.ZodOptional<z.ZodNumber>;
+            tokenType: z.ZodOptional<z.ZodString>;
+            hasRefreshToken: z.ZodBoolean;
+        }, "strip", z.ZodTypeAny, {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        }, {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        }>;
+    }, "strip", z.ZodTypeAny, {
+        metadata: {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        };
+        encryptedTokenSetBase64: string;
+    }, {
+        metadata: {
+            hasRefreshToken: boolean;
+            scope?: string | undefined;
+            expiresAt?: number | undefined;
+            tokenType?: string | undefined;
+        };
+        encryptedTokenSetBase64: string;
+    }>>;
+    connectorSession: z.ZodOptional<z.ZodObject<{
+        nonce: z.ZodOptional<z.ZodString>;
+        redirectUri: z.ZodOptional<z.ZodString>;
+        connectorId: z.ZodOptional<z.ZodString>;
+        connectorFactoryId: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        state: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodUnknown, z.objectOutputType<{
+        nonce: z.ZodOptional<z.ZodString>;
+        redirectUri: z.ZodOptional<z.ZodString>;
+        connectorId: z.ZodOptional<z.ZodString>;
+        connectorFactoryId: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        state: z.ZodOptional<z.ZodString>;
+    }, z.ZodUnknown, "strip">, z.objectInputType<{
+        nonce: z.ZodOptional<z.ZodString>;
+        redirectUri: z.ZodOptional<z.ZodString>;
+        connectorId: z.ZodOptional<z.ZodString>;
+        connectorFactoryId: z.ZodOptional<z.ZodString>;
+        jti: z.ZodOptional<z.ZodString>;
+        state: z.ZodOptional<z.ZodString>;
+    }, z.ZodUnknown, "strip">>>;
+}, "encryptedTokenSet" | "connectorSession">, "strip", z.ZodTypeAny, {
+    type: VerificationType.Social;
+    id: string;
+    connectorId: string;
+    socialUserInfo?: {
+        id: string;
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        avatar?: string | undefined;
+        rawData?: import("@withtyped/server").Json | undefined;
+    } | undefined;
+}, {
+    type: VerificationType.Social;
+    id: string;
+    connectorId: string;
+    socialUserInfo?: {
+        id: string;
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        avatar?: string | undefined;
+        rawData?: import("@withtyped/server").Json | undefined;
+    } | undefined;
+}>;

package/lib/types/verification-records/social-verification.js

@@ -0,0 +1,16 @@
+import { connectorSessionGuard, socialUserInfoGuard, } from '@logto/connector-kit';
+import { z } from 'zod';
+import { encryptedTokenSetGuard } from '../secrets.js';
+import { VerificationType } from './verification-type.js';
+export const socialVerificationRecordDataGuard = z.object({
+    id: z.string(),
+    connectorId: z.string(),
+    type: z.literal(VerificationType.Social),
+    socialUserInfo: socialUserInfoGuard.optional(),
+    encryptedTokenSet: encryptedTokenSetGuard.optional(),
+    connectorSession: connectorSessionGuard.optional(),
+});
+export const sanitizedSocialVerificationRecordDataGuard = socialVerificationRecordDataGuard.omit({
+    encryptedTokenSet: true,
+    connectorSession: true,
+});

package/lib/types/verification-records/totp-verification.d.ts

@@ -0,0 +1,47 @@
+import { z } from 'zod';
+import { VerificationType } from './verification-type.js';
+export type TotpVerificationRecordData = {
+    id: string;
+    type: VerificationType.TOTP;
+    /** UserId is required for verifying or binding new TOTP */
+    userId: string;
+    secret?: string;
+    verified: boolean;
+};
+export declare const totpVerificationRecordDataGuard: z.ZodObject<{
+    id: z.ZodString;
+    type: z.ZodLiteral<VerificationType.TOTP>;
+    userId: z.ZodString;
+    secret: z.ZodOptional<z.ZodString>;
+    verified: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    type: VerificationType.TOTP;
+    id: string;
+    userId: string;
+    verified: boolean;
+    secret?: string | undefined;
+}, {
+    type: VerificationType.TOTP;
+    id: string;
+    userId: string;
+    verified: boolean;
+    secret?: string | undefined;
+}>;
+export type SanitizedTotpVerificationRecordData = Omit<TotpVerificationRecordData, 'secret'>;
+export declare const sanitizedTotpVerificationRecordDataGuard: z.ZodObject<Omit<{
+    id: z.ZodString;
+    type: z.ZodLiteral<VerificationType.TOTP>;
+    userId: z.ZodString;
+    secret: z.ZodOptional<z.ZodString>;
+    verified: z.ZodBoolean;
+}, "secret">, "strip", z.ZodTypeAny, {
+    type: VerificationType.TOTP;
+    id: string;
+    userId: string;
+    verified: boolean;
+}, {
+    type: VerificationType.TOTP;
+    id: string;
+    userId: string;
+    verified: boolean;
+}>;

package/lib/types/verification-records/totp-verification.js

@@ -0,0 +1,12 @@
+import { z } from 'zod';
+import { VerificationType } from './verification-type.js';
+export const totpVerificationRecordDataGuard = z.object({
+    id: z.string(),
+    type: z.literal(VerificationType.TOTP),
+    userId: z.string(),
+    secret: z.string().optional(),
+    verified: z.boolean(),
+});
+export const sanitizedTotpVerificationRecordDataGuard = totpVerificationRecordDataGuard.omit({
+    secret: true,
+});

package/lib/types/verification-records/web-authn-verification.d.ts

@@ -0,0 +1,124 @@
+import { z } from 'zod';
+import { type BindWebAuthn } from '../interactions.js';
+import { VerificationType } from './verification-type.js';
+export type WebAuthnVerificationRecordData = {
+    id: string;
+    type: VerificationType.WebAuthn;
+    /** UserId is required for verifying or binding new TOTP */
+    userId: string;
+    verified: boolean;
+    /** The challenge generated for the WebAuthn registration */
+    registrationChallenge?: string;
+    /** The challenge generated for the WebAuthn authentication */
+    authenticationChallenge?: string;
+    registrationInfo?: BindWebAuthn;
+};
+export declare const webAuthnVerificationRecordDataGuard: z.ZodObject<{
+    id: z.ZodString;
+    type: z.ZodLiteral<VerificationType.WebAuthn>;
+    userId: z.ZodString;
+    verified: z.ZodBoolean;
+    registrationChallenge: z.ZodOptional<z.ZodString>;
+    authenticationChallenge: z.ZodOptional<z.ZodString>;
+    registrationInfo: z.ZodOptional<z.ZodObject<{
+        type: z.ZodLiteral<import("../../index.js").MfaFactor.WebAuthn>;
+        credentialId: z.ZodString;
+        publicKey: z.ZodString;
+        transports: z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">;
+        counter: z.ZodNumber;
+        agent: z.ZodString;
+        name: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        type: import("../../index.js").MfaFactor.WebAuthn;
+        credentialId: string;
+        publicKey: string;
+        transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
+        counter: number;
+        agent: string;
+        name?: string | undefined;
+    }, {
+        type: import("../../index.js").MfaFactor.WebAuthn;
+        credentialId: string;
+        publicKey: string;
+        transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
+        counter: number;
+        agent: string;
+        name?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    type: VerificationType.WebAuthn;
+    id: string;
+    userId: string;
+    verified: boolean;
+    registrationChallenge?: string | undefined;
+    authenticationChallenge?: string | undefined;
+    registrationInfo?: {
+        type: import("../../index.js").MfaFactor.WebAuthn;
+        credentialId: string;
+        publicKey: string;
+        transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
+        counter: number;
+        agent: string;
+        name?: string | undefined;
+    } | undefined;
+}, {
+    type: VerificationType.WebAuthn;
+    id: string;
+    userId: string;
+    verified: boolean;
+    registrationChallenge?: string | undefined;
+    authenticationChallenge?: string | undefined;
+    registrationInfo?: {
+        type: import("../../index.js").MfaFactor.WebAuthn;
+        credentialId: string;
+        publicKey: string;
+        transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
+        counter: number;
+        agent: string;
+        name?: string | undefined;
+    } | undefined;
+}>;
+export type SanitizedWebAuthnVerificationRecordData = Omit<WebAuthnVerificationRecordData, 'registrationInfo' | 'registrationChallenge' | 'authenticationChallenge'>;
+export declare const sanitizedWebAuthnVerificationRecordDataGuard: z.ZodObject<Omit<{
+    id: z.ZodString;
+    type: z.ZodLiteral<VerificationType.WebAuthn>;
+    userId: z.ZodString;
+    verified: z.ZodBoolean;
+    registrationChallenge: z.ZodOptional<z.ZodString>;
+    authenticationChallenge: z.ZodOptional<z.ZodString>;
+    registrationInfo: z.ZodOptional<z.ZodObject<{
+        type: z.ZodLiteral<import("../../index.js").MfaFactor.WebAuthn>;
+        credentialId: z.ZodString;
+        publicKey: z.ZodString;
+        transports: z.ZodArray<z.ZodEnum<["usb", "nfc", "ble", "internal", "cable", "hybrid", "smart-card"]>, "many">;
+        counter: z.ZodNumber;
+        agent: z.ZodString;
+        name: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        type: import("../../index.js").MfaFactor.WebAuthn;
+        credentialId: string;
+        publicKey: string;
+        transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
+        counter: number;
+        agent: string;
+        name?: string | undefined;
+    }, {
+        type: import("../../index.js").MfaFactor.WebAuthn;
+        credentialId: string;
+        publicKey: string;
+        transports: ("usb" | "nfc" | "ble" | "internal" | "cable" | "hybrid" | "smart-card")[];
+        counter: number;
+        agent: string;
+        name?: string | undefined;
+    }>>;
+}, "registrationChallenge" | "authenticationChallenge" | "registrationInfo">, "strip", z.ZodTypeAny, {
+    type: VerificationType.WebAuthn;
+    id: string;
+    userId: string;
+    verified: boolean;
+}, {
+    type: VerificationType.WebAuthn;
+    id: string;
+    userId: string;
+    verified: boolean;
+}>;

package/lib/types/verification-records/web-authn-verification.js

@@ -0,0 +1,17 @@
+import { z } from 'zod';
+import { bindWebAuthnGuard } from '../interactions.js';
+import { VerificationType } from './verification-type.js';
+export const webAuthnVerificationRecordDataGuard = z.object({
+    id: z.string(),
+    type: z.literal(VerificationType.WebAuthn),
+    userId: z.string(),
+    verified: z.boolean(),
+    registrationChallenge: z.string().optional(),
+    authenticationChallenge: z.string().optional(),
+    registrationInfo: bindWebAuthnGuard.optional(),
+});
+export const sanitizedWebAuthnVerificationRecordDataGuard = webAuthnVerificationRecordDataGuard.omit({
+    registrationInfo: true,
+    registrationChallenge: true,
+    authenticationChallenge: true,
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.28.0",
+  "version": "1.30.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -63,14 +63,14 @@
   },
   "prettier": "@silverhand/eslint-config/.prettierrc",
   "dependencies": {
-    "@logto/connector-kit": "^4.3.0",
+    "@withtyped/server": "^0.14.0",
+    "nanoid": "^5.0.9",
+    "@logto/connector-kit": "^4.4.0",
     "@logto/core-kit": "^2.6.0",
     "@logto/language-kit": "^1.2.0",
-    "@logto/phrases": "^1.19.0",
-    "@logto/phrases-experience": "^1.10.0",
     "@logto/shared": "^3.3.0",
-    "@withtyped/server": "^0.14.0",
-    "nanoid": "^5.0.9"
+    "@logto/phrases": "^1.19.0",
+    "@logto/phrases-experience": "^1.10.0"
   },
   "peerDependencies": {
     "zod": "3.24.3"

package/tables/account_centers.sql

@@ -3,8 +3,9 @@ create table account_centers (
     references tenants (id) on update cascade on delete cascade,
   id varchar(21) not null,
   /** The whole feature can be disabled */
-  enabled boolean not null default false,
+  enabled boolean not null default true,
   /** Control each fields */
   fields jsonb /* @use AccountCenterFieldControl */ not null default '{}'::jsonb,
+  webauthn_related_origins jsonb /* @use WebauthnRelatedOrigins */ not null default '[]'::jsonb,
   primary key (tenant_id, id)
 );

package/tables/connectors.sql

@@ -1,8 +1,12 @@
+/* init_order = 1 */
+
 create table connectors (
   tenant_id varchar(21) not null 
     references tenants (id) on update cascade on delete cascade,
   id varchar(128) not null,
   sync_profile boolean not null default FALSE,
+  /** Whether the token storage is enabled for this connector. Only applied for OAuth2/OIDC social connectors. */
+  enable_token_storage boolean not null default FALSE,
   connector_id varchar(128) not null,
   config jsonb /* @use JsonObject */ not null default '{}'::jsonb,
   metadata jsonb /* @use ConfigurableConnectorMetadata */ not null default '{}'::jsonb,

package/tables/custom_profile_fields.sql

@@ -0,0 +1,31 @@
+create table custom_profile_fields (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  id varchar(21) not null,
+  name varchar(128) not null,
+  type varchar(128) not null /* @use CustomProfileFieldType */,
+  label varchar(128) not null default '',
+  description varchar(256),
+  required boolean not null default false,
+  config jsonb /* @use CustomProfileFieldConfig */ not null default '{}'::jsonb,
+  created_at timestamptz not null default(now()),
+  sie_order int2 not null default 0,
+  primary key (id),
+  constraint custom_profile_fields__name
+    unique (tenant_id, name)
+);
+
+create or replace function custom_profile_fields__increment_sie_order() returns trigger as
+$$ begin
+  new.sie_order = (
+    select coalesce(max(sie_order), 0)
+    from custom_profile_fields
+    where tenant_id = (
+      select id from tenants where db_user = current_user
+    )
+  ) + 1;
+  return new;
+end; $$ language plpgsql;
+
+create trigger custom_profile_fields__increment_sie_order before insert on custom_profile_fields
+  for each row execute procedure custom_profile_fields__increment_sie_order();

package/tables/oidc_model_instances.sql

@@ -1,3 +1,5 @@
+/* init_order = 1 */
+
 create table oidc_model_instances (
   tenant_id varchar(21) not null
     references tenants (id) on update cascade on delete cascade,

package/tables/oidc_session_extensions.sql

@@ -0,0 +1,18 @@
+/* init_order = 2 */
+
+create table oidc_session_extensions (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  session_uid varchar(128) not null,
+  account_id varchar(12) not null
+    references users (id) on update cascade on delete cascade,
+  last_submission jsonb /* @use JsonObject */ not null default '{}'::jsonb,
+  created_at timestamptz not null default(now()),
+  updated_at timestamptz not null default(now()),
+  primary key (tenant_id, session_uid)
+);
+
+create trigger set_updated_at
+  before update on oidc_session_extensions
+  for each row
+  execute procedure set_updated_at();

package/tables/organization_user_relations.sql

@@ -8,5 +8,8 @@ create table organization_user_relations (
     references organizations (id) on update cascade on delete cascade,
   user_id varchar(21) not null
     references users (id) on update cascade on delete cascade,
-  primary key (tenant_id, organization_id, user_id)
+  primary key (tenant_id, organization_id, user_id),
+  constraint organization_user_relations__user_id__fk
+    foreign key (tenant_id, user_id)
+      references users (tenant_id, id) on update cascade on delete cascade
 );