@logto/schemas 1.29.0 → 1.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/alterations/1.30.0-1750744685-add-triggers-to-delete-secrets-on-social-identities-deletion.ts +81 -0
  2. package/alterations/1.30.0-1750748516-add-enable-token-storage-column-to-connectors-table.ts +20 -0
  3. package/alterations/1.30.0-1751255436-split-secret-connector-relatioins-table.ts +359 -0
  4. package/alterations/1.30.0-1751337183-add-require-mfa-on-sign-in-to-users.ts +20 -0
  5. package/alterations/1.30.0-1751400000-move-require-mfa-on-sign-in-to-logto-config.ts +21 -0
  6. package/alterations/1.30.0-1751529530-add-enable-token-storage-column-to-sso-connectors-table.ts +20 -0
  7. package/alterations/1.30.0-1752630302-alterate-enable-column-default-value-in-account-centers-table.ts +20 -0
  8. package/alterations/1.30.0-1753669579-add-organization-user-relations-foreign-key.ts +46 -0
  9. package/alterations-js/1.30.0-1750744685-add-triggers-to-delete-secrets-on-social-identities-deletion.js +76 -0
  10. package/alterations-js/1.30.0-1750748516-add-enable-token-storage-column-to-connectors-table.js +16 -0
  11. package/alterations-js/1.30.0-1751255436-split-secret-connector-relatioins-table.js +338 -0
  12. package/alterations-js/1.30.0-1751337183-add-require-mfa-on-sign-in-to-users.js +16 -0
  13. package/alterations-js/1.30.0-1751400000-move-require-mfa-on-sign-in-to-logto-config.js +17 -0
  14. package/alterations-js/1.30.0-1751529530-add-enable-token-storage-column-to-sso-connectors-table.js +16 -0
  15. package/alterations-js/1.30.0-1752630302-alterate-enable-column-default-value-in-account-centers-table.js +16 -0
  16. package/alterations-js/1.30.0-1753669579-add-organization-user-relations-foreign-key.js +38 -0
  17. package/lib/consts/oidc.d.ts +9 -1
  18. package/lib/consts/oidc.js +5 -0
  19. package/lib/db-entries/connector.d.ts +5 -1
  20. package/lib/db-entries/connector.js +4 -0
  21. package/lib/db-entries/index.d.ts +2 -1
  22. package/lib/db-entries/index.js +2 -1
  23. package/lib/db-entries/secret-enterprise-sso-connector-relation.d.ts +28 -0
  24. package/lib/db-entries/secret-enterprise-sso-connector-relation.js +37 -0
  25. package/lib/db-entries/secret-social-connector-relation.d.ts +28 -0
  26. package/lib/db-entries/secret-social-connector-relation.js +37 -0
  27. package/lib/db-entries/secret.d.ts +9 -9
  28. package/lib/db-entries/secret.js +9 -9
  29. package/lib/db-entries/sso-connector.d.ts +5 -1
  30. package/lib/db-entries/sso-connector.js +4 -0
  31. package/lib/foundations/jsonb-types/custom-profile-fields.d.ts +336 -11
  32. package/lib/foundations/jsonb-types/custom-profile-fields.js +17 -9
  33. package/lib/foundations/jsonb-types/secrets.d.ts +2 -0
  34. package/lib/foundations/jsonb-types/secrets.js +5 -0
  35. package/lib/foundations/jsonb-types/sign-in-experience.d.ts +3 -1
  36. package/lib/foundations/jsonb-types/sign-in-experience.js +2 -0
  37. package/lib/foundations/jsonb-types/users.d.ts +94 -0
  38. package/lib/foundations/jsonb-types/users.js +11 -0
  39. package/lib/types/connector.d.ts +39 -0
  40. package/lib/types/connector.js +1 -0
  41. package/lib/types/consent.d.ts +40 -0
  42. package/lib/types/custom-profile-fields.d.ts +1410 -133
  43. package/lib/types/custom-profile-fields.js +51 -15
  44. package/lib/types/index.d.ts +2 -0
  45. package/lib/types/index.js +2 -0
  46. package/lib/types/interactions.d.ts +175 -1
  47. package/lib/types/interactions.js +48 -1
  48. package/lib/types/logto-config/index.d.ts +214 -179
  49. package/lib/types/logto-config/jwt-customizer.d.ts +453 -328
  50. package/lib/types/logto-config/jwt-customizer.js +6 -1
  51. package/lib/types/secrets.d.ts +436 -0
  52. package/lib/types/secrets.js +73 -0
  53. package/lib/types/sign-in-experience.d.ts +19 -1
  54. package/lib/types/sign-in-experience.js +3 -1
  55. package/lib/types/sso-connector.d.ts +5 -2
  56. package/lib/types/user-logto-config.d.ts +45 -0
  57. package/lib/types/user-logto-config.js +18 -0
  58. package/lib/types/user.d.ts +615 -0
  59. package/lib/types/user.js +14 -1
  60. package/lib/types/verification-records/backup-code-verification.d.ts +18 -0
  61. package/lib/types/verification-records/backup-code-verification.js +3 -0
  62. package/lib/types/verification-records/enterprise-sso-verification.d.ts +145 -0
  63. package/lib/types/verification-records/enterprise-sso-verification.js +5 -0
  64. package/lib/types/verification-records/new-password-identity-verification.d.ts +31 -0
  65. package/lib/types/verification-records/new-password-identity-verification.js +4 -0
  66. package/lib/types/verification-records/social-verification.d.ts +164 -0
  67. package/lib/types/verification-records/social-verification.js +6 -0
  68. package/lib/types/verification-records/totp-verification.d.ts +18 -0
  69. package/lib/types/verification-records/totp-verification.js +3 -0
  70. package/lib/types/verification-records/web-authn-verification.d.ts +44 -0
  71. package/lib/types/verification-records/web-authn-verification.js +5 -0
  72. package/package.json +6 -6
  73. package/tables/account_centers.sql +1 -1
  74. package/tables/connectors.sql +2 -0
  75. package/tables/organization_user_relations.sql +4 -1
  76. package/tables/secret_enterprise_sso_connector_relations.sql +60 -0
  77. package/tables/secret_social_connector_relations.sql +75 -0
  78. package/tables/secrets.sql +4 -4
  79. package/tables/sso_connectors.sql +2 -0
  80. package/tables/users.sql +2 -1
  81. package/lib/db-entries/secret-connector-relation.d.ts +0 -40
  82. package/lib/db-entries/secret-connector-relation.js +0 -49
  83. package/tables/secret_connector_relations.sql +0 -78
package/lib/types/user.d.ts CHANGED
@@ -89,6 +89,16 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
89
89
  usedAt?: string | undefined;
90
90
  }[];
91
91
  lastUsedAt?: string | undefined;
92
+ } | {
93
+ type: MfaFactor.EmailVerificationCode;
94
+ id: string;
95
+ createdAt: string;
96
+ lastUsedAt?: string | undefined;
97
+ } | {
98
+ type: MfaFactor.PhoneVerificationCode;
99
+ id: string;
100
+ createdAt: string;
101
+ lastUsedAt?: string | undefined;
92
102
  })[], z.ZodTypeDef, ({
93
103
  type: MfaFactor.TOTP;
94
104
  id: string;
@@ -115,6 +125,16 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
115
125
  usedAt?: string | undefined;
116
126
  }[];
117
127
  lastUsedAt?: string | undefined;
128
+ } | {
129
+ type: MfaFactor.EmailVerificationCode;
130
+ id: string;
131
+ createdAt: string;
132
+ lastUsedAt?: string | undefined;
133
+ } | {
134
+ type: MfaFactor.PhoneVerificationCode;
135
+ id: string;
136
+ createdAt: string;
137
+ lastUsedAt?: string | undefined;
118
138
  })[]>;
119
139
  isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
120
140
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
@@ -239,6 +259,16 @@ export declare const userProfileResponseGuard: z.ZodObject<Pick<{
239
259
  usedAt?: string | undefined;
240
260
  }[];
241
261
  lastUsedAt?: string | undefined;
262
+ } | {
263
+ type: MfaFactor.EmailVerificationCode;
264
+ id: string;
265
+ createdAt: string;
266
+ lastUsedAt?: string | undefined;
267
+ } | {
268
+ type: MfaFactor.PhoneVerificationCode;
269
+ id: string;
270
+ createdAt: string;
271
+ lastUsedAt?: string | undefined;
242
272
  })[], z.ZodTypeDef, ({
243
273
  type: MfaFactor.TOTP;
244
274
  id: string;
@@ -265,6 +295,16 @@ export declare const userProfileResponseGuard: z.ZodObject<Pick<{
265
295
  usedAt?: string | undefined;
266
296
  }[];
267
297
  lastUsedAt?: string | undefined;
298
+ } | {
299
+ type: MfaFactor.EmailVerificationCode;
300
+ id: string;
301
+ createdAt: string;
302
+ lastUsedAt?: string | undefined;
303
+ } | {
304
+ type: MfaFactor.PhoneVerificationCode;
305
+ id: string;
306
+ createdAt: string;
307
+ lastUsedAt?: string | undefined;
268
308
  })[]>;
269
309
  isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
270
310
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
@@ -447,6 +487,16 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
447
487
  usedAt?: string | undefined;
448
488
  }[];
449
489
  lastUsedAt?: string | undefined;
490
+ } | {
491
+ type: MfaFactor.EmailVerificationCode;
492
+ id: string;
493
+ createdAt: string;
494
+ lastUsedAt?: string | undefined;
495
+ } | {
496
+ type: MfaFactor.PhoneVerificationCode;
497
+ id: string;
498
+ createdAt: string;
499
+ lastUsedAt?: string | undefined;
450
500
  })[], z.ZodTypeDef, ({
451
501
  type: MfaFactor.TOTP;
452
502
  id: string;
@@ -473,6 +523,16 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
473
523
  usedAt?: string | undefined;
474
524
  }[];
475
525
  lastUsedAt?: string | undefined;
526
+ } | {
527
+ type: MfaFactor.EmailVerificationCode;
528
+ id: string;
529
+ createdAt: string;
530
+ lastUsedAt?: string | undefined;
531
+ } | {
532
+ type: MfaFactor.PhoneVerificationCode;
533
+ id: string;
534
+ createdAt: string;
535
+ lastUsedAt?: string | undefined;
476
536
  })[]>;
477
537
  isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
478
538
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
@@ -489,3 +549,558 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
489
549
  }>;
490
550
  export declare const consoleUserPreferenceKey = "adminConsolePreferences";
491
551
  export declare const guideRequestsKey = "guideRequests";
552
+ export declare const getUserSocialIdentityResponseGuard: z.ZodObject<{
553
+ identity: z.ZodObject<{
554
+ userId: z.ZodString;
555
+ details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<import("@withtyped/server/lib/types.js").Json, z.ZodTypeDef, import("@withtyped/server/lib/types.js").Json>>>;
556
+ }, "strip", z.ZodTypeAny, {
557
+ userId: string;
558
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
559
+ }, {
560
+ userId: string;
561
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
562
+ }>;
563
+ tokenSecret: z.ZodOptional<z.ZodObject<Omit<{
564
+ tenantId: z.ZodType<string, z.ZodTypeDef, string>;
565
+ id: z.ZodType<string, z.ZodTypeDef, string>;
566
+ userId: z.ZodType<string, z.ZodTypeDef, string>;
567
+ encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
568
+ iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
569
+ authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
570
+ ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
571
+ createdAt: z.ZodType<number, z.ZodTypeDef, number>;
572
+ updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
573
+ } & {
574
+ type: z.ZodLiteral<import("../foundations/index.js").SecretType>;
575
+ metadata: z.ZodObject<{
576
+ scope: z.ZodOptional<z.ZodString>;
577
+ expiresAt: z.ZodOptional<z.ZodNumber>;
578
+ tokenType: z.ZodOptional<z.ZodString>;
579
+ hasRefreshToken: z.ZodBoolean;
580
+ }, "strip", z.ZodTypeAny, {
581
+ hasRefreshToken: boolean;
582
+ scope?: string | undefined;
583
+ expiresAt?: number | undefined;
584
+ tokenType?: string | undefined;
585
+ }, {
586
+ hasRefreshToken: boolean;
587
+ scope?: string | undefined;
588
+ expiresAt?: number | undefined;
589
+ tokenType?: string | undefined;
590
+ }>;
591
+ connectorId: z.ZodString;
592
+ identityId: z.ZodString;
593
+ target: z.ZodString;
594
+ }, "encryptedDek" | "iv" | "authTag" | "ciphertext">, "strip", z.ZodTypeAny, {
595
+ type: import("../foundations/index.js").SecretType;
596
+ id: string;
597
+ userId: string;
598
+ tenantId: string;
599
+ createdAt: number;
600
+ updatedAt: number;
601
+ connectorId: string;
602
+ metadata: {
603
+ hasRefreshToken: boolean;
604
+ scope?: string | undefined;
605
+ expiresAt?: number | undefined;
606
+ tokenType?: string | undefined;
607
+ };
608
+ target: string;
609
+ identityId: string;
610
+ }, {
611
+ type: import("../foundations/index.js").SecretType;
612
+ id: string;
613
+ userId: string;
614
+ tenantId: string;
615
+ createdAt: number;
616
+ updatedAt: number;
617
+ connectorId: string;
618
+ metadata: {
619
+ hasRefreshToken: boolean;
620
+ scope?: string | undefined;
621
+ expiresAt?: number | undefined;
622
+ tokenType?: string | undefined;
623
+ };
624
+ target: string;
625
+ identityId: string;
626
+ }>>;
627
+ }, "strip", z.ZodTypeAny, {
628
+ identity: {
629
+ userId: string;
630
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
631
+ };
632
+ tokenSecret?: {
633
+ type: import("../foundations/index.js").SecretType;
634
+ id: string;
635
+ userId: string;
636
+ tenantId: string;
637
+ createdAt: number;
638
+ updatedAt: number;
639
+ connectorId: string;
640
+ metadata: {
641
+ hasRefreshToken: boolean;
642
+ scope?: string | undefined;
643
+ expiresAt?: number | undefined;
644
+ tokenType?: string | undefined;
645
+ };
646
+ target: string;
647
+ identityId: string;
648
+ } | undefined;
649
+ }, {
650
+ identity: {
651
+ userId: string;
652
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
653
+ };
654
+ tokenSecret?: {
655
+ type: import("../foundations/index.js").SecretType;
656
+ id: string;
657
+ userId: string;
658
+ tenantId: string;
659
+ createdAt: number;
660
+ updatedAt: number;
661
+ connectorId: string;
662
+ metadata: {
663
+ hasRefreshToken: boolean;
664
+ scope?: string | undefined;
665
+ expiresAt?: number | undefined;
666
+ tokenType?: string | undefined;
667
+ };
668
+ target: string;
669
+ identityId: string;
670
+ } | undefined;
671
+ }>;
672
+ export type GetUserSocialIdentityResponse = z.infer<typeof getUserSocialIdentityResponseGuard>;
673
+ export declare const getUserSsoIdentityResponseGuard: z.ZodObject<{
674
+ ssoIdentity: import("../foundations/schemas.js").Guard<import("../db-entries/user-sso-identity.js").UserSsoIdentity>;
675
+ tokenSecret: z.ZodOptional<z.ZodObject<Omit<{
676
+ tenantId: z.ZodType<string, z.ZodTypeDef, string>;
677
+ id: z.ZodType<string, z.ZodTypeDef, string>;
678
+ userId: z.ZodType<string, z.ZodTypeDef, string>;
679
+ encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
680
+ iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
681
+ authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
682
+ ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
683
+ createdAt: z.ZodType<number, z.ZodTypeDef, number>;
684
+ updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
685
+ } & {
686
+ type: z.ZodLiteral<import("../foundations/index.js").SecretType>;
687
+ metadata: z.ZodObject<{
688
+ scope: z.ZodOptional<z.ZodString>;
689
+ expiresAt: z.ZodOptional<z.ZodNumber>;
690
+ tokenType: z.ZodOptional<z.ZodString>;
691
+ hasRefreshToken: z.ZodBoolean;
692
+ }, "strip", z.ZodTypeAny, {
693
+ hasRefreshToken: boolean;
694
+ scope?: string | undefined;
695
+ expiresAt?: number | undefined;
696
+ tokenType?: string | undefined;
697
+ }, {
698
+ hasRefreshToken: boolean;
699
+ scope?: string | undefined;
700
+ expiresAt?: number | undefined;
701
+ tokenType?: string | undefined;
702
+ }>;
703
+ ssoConnectorId: z.ZodString;
704
+ issuer: z.ZodString;
705
+ identityId: z.ZodString;
706
+ }, "encryptedDek" | "iv" | "authTag" | "ciphertext">, "strip", z.ZodTypeAny, {
707
+ type: import("../foundations/index.js").SecretType;
708
+ id: string;
709
+ userId: string;
710
+ tenantId: string;
711
+ createdAt: number;
712
+ issuer: string;
713
+ updatedAt: number;
714
+ metadata: {
715
+ hasRefreshToken: boolean;
716
+ scope?: string | undefined;
717
+ expiresAt?: number | undefined;
718
+ tokenType?: string | undefined;
719
+ };
720
+ ssoConnectorId: string;
721
+ identityId: string;
722
+ }, {
723
+ type: import("../foundations/index.js").SecretType;
724
+ id: string;
725
+ userId: string;
726
+ tenantId: string;
727
+ createdAt: number;
728
+ issuer: string;
729
+ updatedAt: number;
730
+ metadata: {
731
+ hasRefreshToken: boolean;
732
+ scope?: string | undefined;
733
+ expiresAt?: number | undefined;
734
+ tokenType?: string | undefined;
735
+ };
736
+ ssoConnectorId: string;
737
+ identityId: string;
738
+ }>>;
739
+ }, "strip", z.ZodTypeAny, {
740
+ ssoIdentity: import("../db-entries/user-sso-identity.js").UserSsoIdentity;
741
+ tokenSecret?: {
742
+ type: import("../foundations/index.js").SecretType;
743
+ id: string;
744
+ userId: string;
745
+ tenantId: string;
746
+ createdAt: number;
747
+ issuer: string;
748
+ updatedAt: number;
749
+ metadata: {
750
+ hasRefreshToken: boolean;
751
+ scope?: string | undefined;
752
+ expiresAt?: number | undefined;
753
+ tokenType?: string | undefined;
754
+ };
755
+ ssoConnectorId: string;
756
+ identityId: string;
757
+ } | undefined;
758
+ }, {
759
+ ssoIdentity: import("../db-entries/user-sso-identity.js").UserSsoIdentity;
760
+ tokenSecret?: {
761
+ type: import("../foundations/index.js").SecretType;
762
+ id: string;
763
+ userId: string;
764
+ tenantId: string;
765
+ createdAt: number;
766
+ issuer: string;
767
+ updatedAt: number;
768
+ metadata: {
769
+ hasRefreshToken: boolean;
770
+ scope?: string | undefined;
771
+ expiresAt?: number | undefined;
772
+ tokenType?: string | undefined;
773
+ };
774
+ ssoConnectorId: string;
775
+ identityId: string;
776
+ } | undefined;
777
+ }>;
778
+ export type GetUserSsoIdentityResponse = z.infer<typeof getUserSsoIdentityResponseGuard>;
779
+ export declare const getUserAllIdentitiesResponseGuard: z.ZodObject<{
780
+ socialIdentities: z.ZodArray<z.ZodObject<{
781
+ identity: z.ZodObject<{
782
+ userId: z.ZodString;
783
+ details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<import("@withtyped/server/lib/types.js").Json, z.ZodTypeDef, import("@withtyped/server/lib/types.js").Json>>>;
784
+ }, "strip", z.ZodTypeAny, {
785
+ userId: string;
786
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
787
+ }, {
788
+ userId: string;
789
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
790
+ }>;
791
+ tokenSecret: z.ZodOptional<z.ZodObject<Omit<{
792
+ tenantId: z.ZodType<string, z.ZodTypeDef, string>;
793
+ id: z.ZodType<string, z.ZodTypeDef, string>;
794
+ userId: z.ZodType<string, z.ZodTypeDef, string>;
795
+ encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
796
+ iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
797
+ authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
798
+ ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
799
+ createdAt: z.ZodType<number, z.ZodTypeDef, number>;
800
+ updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
801
+ } & {
802
+ type: z.ZodLiteral<import("../foundations/index.js").SecretType>;
803
+ metadata: z.ZodObject<{
804
+ scope: z.ZodOptional<z.ZodString>;
805
+ expiresAt: z.ZodOptional<z.ZodNumber>;
806
+ tokenType: z.ZodOptional<z.ZodString>;
807
+ hasRefreshToken: z.ZodBoolean;
808
+ }, "strip", z.ZodTypeAny, {
809
+ hasRefreshToken: boolean;
810
+ scope?: string | undefined;
811
+ expiresAt?: number | undefined;
812
+ tokenType?: string | undefined;
813
+ }, {
814
+ hasRefreshToken: boolean;
815
+ scope?: string | undefined;
816
+ expiresAt?: number | undefined;
817
+ tokenType?: string | undefined;
818
+ }>;
819
+ connectorId: z.ZodString;
820
+ identityId: z.ZodString;
821
+ target: z.ZodString;
822
+ }, "encryptedDek" | "iv" | "authTag" | "ciphertext">, "strip", z.ZodTypeAny, {
823
+ type: import("../foundations/index.js").SecretType;
824
+ id: string;
825
+ userId: string;
826
+ tenantId: string;
827
+ createdAt: number;
828
+ updatedAt: number;
829
+ connectorId: string;
830
+ metadata: {
831
+ hasRefreshToken: boolean;
832
+ scope?: string | undefined;
833
+ expiresAt?: number | undefined;
834
+ tokenType?: string | undefined;
835
+ };
836
+ target: string;
837
+ identityId: string;
838
+ }, {
839
+ type: import("../foundations/index.js").SecretType;
840
+ id: string;
841
+ userId: string;
842
+ tenantId: string;
843
+ createdAt: number;
844
+ updatedAt: number;
845
+ connectorId: string;
846
+ metadata: {
847
+ hasRefreshToken: boolean;
848
+ scope?: string | undefined;
849
+ expiresAt?: number | undefined;
850
+ tokenType?: string | undefined;
851
+ };
852
+ target: string;
853
+ identityId: string;
854
+ }>>;
855
+ } & {
856
+ target: z.ZodString;
857
+ }, "strip", z.ZodTypeAny, {
858
+ target: string;
859
+ identity: {
860
+ userId: string;
861
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
862
+ };
863
+ tokenSecret?: {
864
+ type: import("../foundations/index.js").SecretType;
865
+ id: string;
866
+ userId: string;
867
+ tenantId: string;
868
+ createdAt: number;
869
+ updatedAt: number;
870
+ connectorId: string;
871
+ metadata: {
872
+ hasRefreshToken: boolean;
873
+ scope?: string | undefined;
874
+ expiresAt?: number | undefined;
875
+ tokenType?: string | undefined;
876
+ };
877
+ target: string;
878
+ identityId: string;
879
+ } | undefined;
880
+ }, {
881
+ target: string;
882
+ identity: {
883
+ userId: string;
884
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
885
+ };
886
+ tokenSecret?: {
887
+ type: import("../foundations/index.js").SecretType;
888
+ id: string;
889
+ userId: string;
890
+ tenantId: string;
891
+ createdAt: number;
892
+ updatedAt: number;
893
+ connectorId: string;
894
+ metadata: {
895
+ hasRefreshToken: boolean;
896
+ scope?: string | undefined;
897
+ expiresAt?: number | undefined;
898
+ tokenType?: string | undefined;
899
+ };
900
+ target: string;
901
+ identityId: string;
902
+ } | undefined;
903
+ }>, "many">;
904
+ ssoIdentities: z.ZodArray<z.ZodObject<{
905
+ ssoIdentity: import("../foundations/schemas.js").Guard<import("../db-entries/user-sso-identity.js").UserSsoIdentity>;
906
+ tokenSecret: z.ZodOptional<z.ZodObject<Omit<{
907
+ tenantId: z.ZodType<string, z.ZodTypeDef, string>;
908
+ id: z.ZodType<string, z.ZodTypeDef, string>;
909
+ userId: z.ZodType<string, z.ZodTypeDef, string>;
910
+ encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
911
+ iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
912
+ authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
913
+ ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
914
+ createdAt: z.ZodType<number, z.ZodTypeDef, number>;
915
+ updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
916
+ } & {
917
+ type: z.ZodLiteral<import("../foundations/index.js").SecretType>;
918
+ metadata: z.ZodObject<{
919
+ scope: z.ZodOptional<z.ZodString>;
920
+ expiresAt: z.ZodOptional<z.ZodNumber>;
921
+ tokenType: z.ZodOptional<z.ZodString>;
922
+ hasRefreshToken: z.ZodBoolean;
923
+ }, "strip", z.ZodTypeAny, {
924
+ hasRefreshToken: boolean;
925
+ scope?: string | undefined;
926
+ expiresAt?: number | undefined;
927
+ tokenType?: string | undefined;
928
+ }, {
929
+ hasRefreshToken: boolean;
930
+ scope?: string | undefined;
931
+ expiresAt?: number | undefined;
932
+ tokenType?: string | undefined;
933
+ }>;
934
+ ssoConnectorId: z.ZodString;
935
+ issuer: z.ZodString;
936
+ identityId: z.ZodString;
937
+ }, "encryptedDek" | "iv" | "authTag" | "ciphertext">, "strip", z.ZodTypeAny, {
938
+ type: import("../foundations/index.js").SecretType;
939
+ id: string;
940
+ userId: string;
941
+ tenantId: string;
942
+ createdAt: number;
943
+ issuer: string;
944
+ updatedAt: number;
945
+ metadata: {
946
+ hasRefreshToken: boolean;
947
+ scope?: string | undefined;
948
+ expiresAt?: number | undefined;
949
+ tokenType?: string | undefined;
950
+ };
951
+ ssoConnectorId: string;
952
+ identityId: string;
953
+ }, {
954
+ type: import("../foundations/index.js").SecretType;
955
+ id: string;
956
+ userId: string;
957
+ tenantId: string;
958
+ createdAt: number;
959
+ issuer: string;
960
+ updatedAt: number;
961
+ metadata: {
962
+ hasRefreshToken: boolean;
963
+ scope?: string | undefined;
964
+ expiresAt?: number | undefined;
965
+ tokenType?: string | undefined;
966
+ };
967
+ ssoConnectorId: string;
968
+ identityId: string;
969
+ }>>;
970
+ } & {
971
+ ssoConnectorId: z.ZodString;
972
+ }, "strip", z.ZodTypeAny, {
973
+ ssoConnectorId: string;
974
+ ssoIdentity: import("../db-entries/user-sso-identity.js").UserSsoIdentity;
975
+ tokenSecret?: {
976
+ type: import("../foundations/index.js").SecretType;
977
+ id: string;
978
+ userId: string;
979
+ tenantId: string;
980
+ createdAt: number;
981
+ issuer: string;
982
+ updatedAt: number;
983
+ metadata: {
984
+ hasRefreshToken: boolean;
985
+ scope?: string | undefined;
986
+ expiresAt?: number | undefined;
987
+ tokenType?: string | undefined;
988
+ };
989
+ ssoConnectorId: string;
990
+ identityId: string;
991
+ } | undefined;
992
+ }, {
993
+ ssoConnectorId: string;
994
+ ssoIdentity: import("../db-entries/user-sso-identity.js").UserSsoIdentity;
995
+ tokenSecret?: {
996
+ type: import("../foundations/index.js").SecretType;
997
+ id: string;
998
+ userId: string;
999
+ tenantId: string;
1000
+ createdAt: number;
1001
+ issuer: string;
1002
+ updatedAt: number;
1003
+ metadata: {
1004
+ hasRefreshToken: boolean;
1005
+ scope?: string | undefined;
1006
+ expiresAt?: number | undefined;
1007
+ tokenType?: string | undefined;
1008
+ };
1009
+ ssoConnectorId: string;
1010
+ identityId: string;
1011
+ } | undefined;
1012
+ }>, "many">;
1013
+ }, "strip", z.ZodTypeAny, {
1014
+ ssoIdentities: {
1015
+ ssoConnectorId: string;
1016
+ ssoIdentity: import("../db-entries/user-sso-identity.js").UserSsoIdentity;
1017
+ tokenSecret?: {
1018
+ type: import("../foundations/index.js").SecretType;
1019
+ id: string;
1020
+ userId: string;
1021
+ tenantId: string;
1022
+ createdAt: number;
1023
+ issuer: string;
1024
+ updatedAt: number;
1025
+ metadata: {
1026
+ hasRefreshToken: boolean;
1027
+ scope?: string | undefined;
1028
+ expiresAt?: number | undefined;
1029
+ tokenType?: string | undefined;
1030
+ };
1031
+ ssoConnectorId: string;
1032
+ identityId: string;
1033
+ } | undefined;
1034
+ }[];
1035
+ socialIdentities: {
1036
+ target: string;
1037
+ identity: {
1038
+ userId: string;
1039
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
1040
+ };
1041
+ tokenSecret?: {
1042
+ type: import("../foundations/index.js").SecretType;
1043
+ id: string;
1044
+ userId: string;
1045
+ tenantId: string;
1046
+ createdAt: number;
1047
+ updatedAt: number;
1048
+ connectorId: string;
1049
+ metadata: {
1050
+ hasRefreshToken: boolean;
1051
+ scope?: string | undefined;
1052
+ expiresAt?: number | undefined;
1053
+ tokenType?: string | undefined;
1054
+ };
1055
+ target: string;
1056
+ identityId: string;
1057
+ } | undefined;
1058
+ }[];
1059
+ }, {
1060
+ ssoIdentities: {
1061
+ ssoConnectorId: string;
1062
+ ssoIdentity: import("../db-entries/user-sso-identity.js").UserSsoIdentity;
1063
+ tokenSecret?: {
1064
+ type: import("../foundations/index.js").SecretType;
1065
+ id: string;
1066
+ userId: string;
1067
+ tenantId: string;
1068
+ createdAt: number;
1069
+ issuer: string;
1070
+ updatedAt: number;
1071
+ metadata: {
1072
+ hasRefreshToken: boolean;
1073
+ scope?: string | undefined;
1074
+ expiresAt?: number | undefined;
1075
+ tokenType?: string | undefined;
1076
+ };
1077
+ ssoConnectorId: string;
1078
+ identityId: string;
1079
+ } | undefined;
1080
+ }[];
1081
+ socialIdentities: {
1082
+ target: string;
1083
+ identity: {
1084
+ userId: string;
1085
+ details?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
1086
+ };
1087
+ tokenSecret?: {
1088
+ type: import("../foundations/index.js").SecretType;
1089
+ id: string;
1090
+ userId: string;
1091
+ tenantId: string;
1092
+ createdAt: number;
1093
+ updatedAt: number;
1094
+ connectorId: string;
1095
+ metadata: {
1096
+ hasRefreshToken: boolean;
1097
+ scope?: string | undefined;
1098
+ expiresAt?: number | undefined;
1099
+ tokenType?: string | undefined;
1100
+ };
1101
+ target: string;
1102
+ identityId: string;
1103
+ } | undefined;
1104
+ }[];
1105
+ }>;
1106
+ export type GetUserAllIdentitiesResponse = z.infer<typeof getUserAllIdentitiesResponseGuard>;
package/lib/types/user.js CHANGED
@@ -1,6 +1,7 @@
1
1
  import { z } from 'zod';
2
2
  import { Users, UserSsoIdentities } from '../db-entries/index.js';
3
- import { MfaFactor } from '../foundations/index.js';
3
+ import { identityGuard, MfaFactor } from '../foundations/index.js';
4
+ import { desensitizedEnterpriseSsoTokenSetSecretGuard, desensitizedSocialTokenSetSecretGuard, } from './secrets.js';
4
5
  export const userInfoSelectFields = Object.freeze([
5
6
  'id',
6
7
  'username',
@@ -67,3 +68,15 @@ export const featuredUserGuard = Users.guard.pick({
67
68
  });
68
69
  export const consoleUserPreferenceKey = 'adminConsolePreferences';
69
70
  export const guideRequestsKey = 'guideRequests';
71
+ export const getUserSocialIdentityResponseGuard = z.object({
72
+ identity: identityGuard,
73
+ tokenSecret: desensitizedSocialTokenSetSecretGuard.optional(),
74
+ });
75
+ export const getUserSsoIdentityResponseGuard = z.object({
76
+ ssoIdentity: UserSsoIdentities.guard,
77
+ tokenSecret: desensitizedEnterpriseSsoTokenSetSecretGuard.optional(),
78
+ });
79
+ export const getUserAllIdentitiesResponseGuard = z.object({
80
+ socialIdentities: getUserSocialIdentityResponseGuard.extend({ target: z.string() }).array(),
81
+ ssoIdentities: getUserSsoIdentityResponseGuard.extend({ ssoConnectorId: z.string() }).array(),
82
+ });
package/lib/types/verification-records/backup-code-verification.d.ts CHANGED
@@ -27,3 +27,21 @@ export declare const backupCodeVerificationRecordDataGuard: z.ZodObject<{
27
27
  code?: string | undefined;
28
28
  backupCodes?: string[] | undefined;
29
29
  }>;
30
+ export type SanitizedBackupCodeVerificationRecordData = Omit<BackupCodeVerificationRecordData, 'backupCodes'>;
31
+ export declare const sanitizedBackupCodeVerificationRecordDataGuard: z.ZodObject<Omit<{
32
+ id: z.ZodString;
33
+ type: z.ZodLiteral<VerificationType.BackupCode>;
34
+ userId: z.ZodString;
35
+ code: z.ZodOptional<z.ZodString>;
36
+ backupCodes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
37
+ }, "backupCodes">, "strip", z.ZodTypeAny, {
38
+ type: VerificationType.BackupCode;
39
+ id: string;
40
+ userId: string;
41
+ code?: string | undefined;
42
+ }, {
43
+ type: VerificationType.BackupCode;
44
+ id: string;
45
+ userId: string;
46
+ code?: string | undefined;
47
+ }>;