@logto/schemas 1.30.1 → 1.32.0

package/alterations/1.31.0-1753689065-add-forgot-password-methods-to-sie-table.ts

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column forgot_password_methods jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column forgot_password_methods;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.32.0-1756370721-align-app-and-org-sign-in-exp-configs.ts

@@ -0,0 +1,28 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table organizations
+        add column color jsonb not null default '{}'::jsonb,
+        add column custom_css text;
+    `);
+    await pool.query(sql`
+      alter table application_sign_in_experiences add column custom_css text;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table organizations
+        drop column color,
+        drop column custom_css;
+    `);
+    await pool.query(sql`
+      alter table application_sign_in_experiences drop column custom_css;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.32.0-1756954492-add-default-to-forgot-password-methods.ts

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Set default value for new rows, but keep the column nullable
+    // to preserve existing null values as migration markers
+    await pool.query(sql`
+      alter table sign_in_experiences
+        alter column forgot_password_methods set default '[]'::jsonb;
+    `);
+
+    // Update default and admin tenant to [], bypass the alter comparison
+    await pool.query(sql`
+      update sign_in_experiences
+      set forgot_password_methods = '[]'::jsonb
+      where forgot_password_methods is null and (tenant_id = 'admin' or tenant_id = 'default');
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        alter column forgot_password_methods drop default;
+    `);
+
+    await pool.query(sql`
+      update sign_in_experiences
+      set forgot_password_methods = null
+      where forgot_password_methods = '[]'::jsonb and (tenant_id = 'admin' or tenant_id = 'default');
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.32.0-1759041888-add-tenant-date-index-to-daily-active-users-table.ts

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index daily_active_users__date
+      on daily_active_users (tenant_id, date);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index daily_active_users__date;
+    `);
+  },
+};
+export default alteration;

package/alterations-js/1.31.0-1753689065-add-forgot-password-methods-to-sie-table.js

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column forgot_password_methods jsonb;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column forgot_password_methods;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.32.0-1756370721-align-app-and-org-sign-in-exp-configs.js

@@ -0,0 +1,24 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table organizations
+        add column color jsonb not null default '{}'::jsonb,
+        add column custom_css text;
+    `);
+        await pool.query(sql `
+      alter table application_sign_in_experiences add column custom_css text;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table organizations
+        drop column color,
+        drop column custom_css;
+    `);
+        await pool.query(sql `
+      alter table application_sign_in_experiences drop column custom_css;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.32.0-1756954492-add-default-to-forgot-password-methods.js

@@ -0,0 +1,29 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        // Set default value for new rows, but keep the column nullable
+        // to preserve existing null values as migration markers
+        await pool.query(sql `
+      alter table sign_in_experiences
+        alter column forgot_password_methods set default '[]'::jsonb;
+    `);
+        // Update default and admin tenant to [], bypass the alter comparison
+        await pool.query(sql `
+      update sign_in_experiences
+      set forgot_password_methods = '[]'::jsonb
+      where forgot_password_methods is null and (tenant_id = 'admin' or tenant_id = 'default');
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        alter column forgot_password_methods drop default;
+    `);
+        await pool.query(sql `
+      update sign_in_experiences
+      set forgot_password_methods = null
+      where forgot_password_methods = '[]'::jsonb and (tenant_id = 'admin' or tenant_id = 'default');
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.32.0-1759041888-add-tenant-date-index-to-daily-active-users-table.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index daily_active_users__date
+      on daily_active_users (tenant_id, date);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index daily_active_users__date;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/oidc.d.ts

@@ -38,6 +38,13 @@ export declare enum ExtraParamsKey {
      * This can be used to pre-fill the identifier field **only on the first screen** of the sign-in/sign-up flow.
      */
     LoginHint = "login_hint",
+    /**
+     * The end-users preferred languages to use for the client application, represented as a space-separated list of BCP47 language tags.
+     * E.g. `en` or `en-US` or `en-US en`.
+     *
+     * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.13.2.1}
+     */
+    UiLocales = "ui_locales",
     /**
      * Specifies the identifier used in the identifier sign-in or identifier register page.
      *
@@ -80,6 +87,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     direct_sign_in: z.ZodOptional<z.ZodString>;
     organization_id: z.ZodOptional<z.ZodString>;
     login_hint: z.ZodOptional<z.ZodString>;
+    ui_locales: z.ZodOptional<z.ZodString>;
     identifier: z.ZodOptional<z.ZodString>;
     one_time_token: z.ZodOptional<z.ZodString>;
     google_one_tap_credential: z.ZodOptional<z.ZodString>;
@@ -89,6 +97,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     direct_sign_in?: string | undefined;
     organization_id?: string | undefined;
     login_hint?: string | undefined;
+    ui_locales?: string | undefined;
     identifier?: string | undefined;
     one_time_token?: string | undefined;
     google_one_tap_credential?: string | undefined;
@@ -98,6 +107,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     direct_sign_in?: string | undefined;
     organization_id?: string | undefined;
     login_hint?: string | undefined;
+    ui_locales?: string | undefined;
     identifier?: string | undefined;
     one_time_token?: string | undefined;
     google_one_tap_credential?: string | undefined;
@@ -108,6 +118,7 @@ export type ExtraParamsObject = Partial<{
     [ExtraParamsKey.DirectSignIn]: string;
     [ExtraParamsKey.OrganizationId]: string;
     [ExtraParamsKey.LoginHint]: string;
+    [ExtraParamsKey.UiLocales]: string;
     [ExtraParamsKey.Identifier]: string;
     [ExtraParamsKey.OneTimeToken]: string;
     [ExtraParamsKey.GoogleOneTapCredential]: string;

package/lib/consts/oidc.js

@@ -40,6 +40,13 @@ export var ExtraParamsKey;
      * This can be used to pre-fill the identifier field **only on the first screen** of the sign-in/sign-up flow.
      */
     ExtraParamsKey["LoginHint"] = "login_hint";
+    /**
+     * The end-users preferred languages to use for the client application, represented as a space-separated list of BCP47 language tags.
+     * E.g. `en` or `en-US` or `en-US en`.
+     *
+     * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.13.2.1}
+     */
+    ExtraParamsKey["UiLocales"] = "ui_locales";
     /**
      * Specifies the identifier used in the identifier sign-in or identifier register page.
      *
@@ -85,6 +92,7 @@ export const extraParamsObjectGuard = z
     [ExtraParamsKey.DirectSignIn]: z.string(),
     [ExtraParamsKey.OrganizationId]: z.string(),
     [ExtraParamsKey.LoginHint]: z.string(),
+    [ExtraParamsKey.UiLocales]: z.string(),
     [ExtraParamsKey.Identifier]: z.string(),
     [ExtraParamsKey.OneTimeToken]: z.string(),
     [ExtraParamsKey.GoogleOneTapCredential]: z.string(),

package/lib/consts/subscriptions.d.ts

@@ -19,9 +19,15 @@ export declare enum ReservedPlanId {
      */
     Admin = "admin",
     /**
-     * The latest Pro plan ID applied from 2024-11.
+     * @deprecated
+     * Grandfathered Pro plan ID deprecated from 2025-09.
+     * Use {@link Pro202509} instead.
+     */
+    Pro202411 = "pro-202411",
+    /**
+     * Latest Pro plan ID applied from 2025-09.
      */
-    Pro202411 = "pro-202411"
+    Pro202509 = "pro-202509"
 }
 /**
  * Tenant subscription related Redis cache keys.

package/lib/consts/subscriptions.js

@@ -20,9 +20,15 @@ export var ReservedPlanId;
      */
     ReservedPlanId["Admin"] = "admin";
     /**
-     * The latest Pro plan ID applied from 2024-11.
+     * @deprecated
+     * Grandfathered Pro plan ID deprecated from 2025-09.
+     * Use {@link Pro202509} instead.
      */
     ReservedPlanId["Pro202411"] = "pro-202411";
+    /**
+     * Latest Pro plan ID applied from 2025-09.
+     */
+    ReservedPlanId["Pro202509"] = "pro-202509";
 })(ReservedPlanId || (ReservedPlanId = {}));
 /**
  * Tenant subscription related Redis cache keys.

package/lib/db-entries/application-sign-in-experience.d.ts

@@ -10,6 +10,7 @@ export type CreateApplicationSignInExperience = {
     applicationId: string;
     color?: PartialColor;
     branding?: Branding;
+    customCss?: string | null;
     termsOfUseUrl?: string | null;
     privacyPolicyUrl?: string | null;
     displayName?: string | null;
@@ -20,9 +21,10 @@ export type ApplicationSignInExperience = {
     applicationId: string;
     color: PartialColor;
     branding: Branding;
+    customCss: string | null;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
     displayName: string | null;
 };
-export type ApplicationSignInExperienceKeys = 'tenantId' | 'applicationId' | 'color' | 'branding' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'displayName';
+export type ApplicationSignInExperienceKeys = 'tenantId' | 'applicationId' | 'color' | 'branding' | 'customCss' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'displayName';
 export declare const ApplicationSignInExperiences: GeneratedSchema<ApplicationSignInExperienceKeys, CreateApplicationSignInExperience, ApplicationSignInExperience, 'application_sign_in_experiences', 'application_sign_in_experience'>;

package/lib/db-entries/application-sign-in-experience.js

@@ -6,6 +6,7 @@ const createGuard = z.object({
     applicationId: z.string().min(1).max(21),
     color: partialColorGuard.optional(),
     branding: brandingGuard.optional(),
+    customCss: z.string().nullable().optional(),
     termsOfUseUrl: z.string().max(2048).nullable().optional(),
     privacyPolicyUrl: z.string().max(2048).nullable().optional(),
     displayName: z.string().max(256).nullable().optional(),
@@ -15,6 +16,7 @@ const guard = z.object({
     applicationId: z.string().min(1).max(21),
     color: partialColorGuard,
     branding: brandingGuard,
+    customCss: z.string().nullable(),
     termsOfUseUrl: z.string().max(2048).nullable(),
     privacyPolicyUrl: z.string().max(2048).nullable(),
     displayName: z.string().max(256).nullable(),
@@ -27,6 +29,7 @@ export const ApplicationSignInExperiences = Object.freeze({
         applicationId: 'application_id',
         color: 'color',
         branding: 'branding',
+        customCss: 'custom_css',
         termsOfUseUrl: 'terms_of_use_url',
         privacyPolicyUrl: 'privacy_policy_url',
         displayName: 'display_name',
@@ -36,6 +39,7 @@ export const ApplicationSignInExperiences = Object.freeze({
         'applicationId',
         'color',
         'branding',
+        'customCss',
         'termsOfUseUrl',
         'privacyPolicyUrl',
         'displayName',

package/lib/db-entries/organization.d.ts

@@ -1,4 +1,4 @@
-import { JsonObject, Branding, GeneratedSchema } from './../foundations/index.js';
+import { JsonObject, PartialColor, Branding, GeneratedSchema } from './../foundations/index.js';
 /**
  * Organizations defined by [RFC 0001](https://github.com/logto-io/rfcs/blob/HEAD/active/0001-organization.md).
  *
@@ -17,8 +17,12 @@ export type CreateOrganization = {
     customData?: JsonObject;
     /** Whether multi-factor authentication configuration is required for the members of the organization. */
     isMfaRequired?: boolean;
+    /** The organization's branding color configuration. */
+    color?: PartialColor;
     /** The organization's branding configuration. */
     branding?: Branding;
+    /** The custom CSS of the organization. */
+    customCss?: string | null;
     /** When the organization was created. */
     createdAt?: number;
 };
@@ -35,10 +39,14 @@ export type Organization = {
     customData: JsonObject;
     /** Whether multi-factor authentication configuration is required for the members of the organization. */
     isMfaRequired: boolean;
+    /** The organization's branding color configuration. */
+    color: PartialColor;
     /** The organization's branding configuration. */
     branding: Branding;
+    /** The custom CSS of the organization. */
+    customCss: string | null;
     /** When the organization was created. */
     createdAt: number;
 };
-export type OrganizationKeys = 'tenantId' | 'id' | 'name' | 'description' | 'customData' | 'isMfaRequired' | 'branding' | 'createdAt';
+export type OrganizationKeys = 'tenantId' | 'id' | 'name' | 'description' | 'customData' | 'isMfaRequired' | 'color' | 'branding' | 'customCss' | 'createdAt';
 export declare const Organizations: GeneratedSchema<OrganizationKeys, CreateOrganization, Organization, 'organizations', 'organization'>;

package/lib/db-entries/organization.js

@@ -1,6 +1,6 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
-import { jsonObjectGuard, brandingGuard } from './../foundations/index.js';
+import { jsonObjectGuard, partialColorGuard, brandingGuard } from './../foundations/index.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
     id: z.string().min(1).max(21),
@@ -8,7 +8,9 @@ const createGuard = z.object({
     description: z.string().max(256).nullable().optional(),
     customData: jsonObjectGuard.optional(),
     isMfaRequired: z.boolean().optional(),
+    color: partialColorGuard.optional(),
     branding: brandingGuard.optional(),
+    customCss: z.string().nullable().optional(),
     createdAt: z.number().optional(),
 });
 const guard = z.object({
@@ -18,7 +20,9 @@ const guard = z.object({
     description: z.string().max(256).nullable(),
     customData: jsonObjectGuard,
     isMfaRequired: z.boolean(),
+    color: partialColorGuard,
     branding: brandingGuard,
+    customCss: z.string().nullable(),
     createdAt: z.number(),
 });
 export const Organizations = Object.freeze({
@@ -31,7 +35,9 @@ export const Organizations = Object.freeze({
         description: 'description',
         customData: 'custom_data',
         isMfaRequired: 'is_mfa_required',
+        color: 'color',
         branding: 'branding',
+        customCss: 'custom_css',
         createdAt: 'created_at',
     },
     fieldKeys: [
@@ -41,7 +47,9 @@ export const Organizations = Object.freeze({
         'description',
         'customData',
         'isMfaRequired',
+        'color',
         'branding',
+        'customCss',
         'createdAt',
     ],
     createGuard,

package/lib/db-entries/sign-in-experience.d.ts

@@ -1,4 +1,4 @@
-import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, CaptchaPolicy, SentinelPolicy, EmailBlocklistPolicy, GeneratedSchema } from './../foundations/index.js';
+import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, CaptchaPolicy, SentinelPolicy, EmailBlocklistPolicy, ForgotPasswordMethods, GeneratedSchema } from './../foundations/index.js';
 import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
 /**
  *
@@ -32,6 +32,7 @@ export type CreateSignInExperience = {
     captchaPolicy?: CaptchaPolicy;
     sentinelPolicy?: SentinelPolicy;
     emailBlocklistPolicy?: EmailBlocklistPolicy;
+    forgotPasswordMethods?: ForgotPasswordMethods | null;
 };
 export type SignInExperience = {
     tenantId: string;
@@ -60,6 +61,7 @@ export type SignInExperience = {
     captchaPolicy: CaptchaPolicy;
     sentinelPolicy: SentinelPolicy;
     emailBlocklistPolicy: EmailBlocklistPolicy;
+    forgotPasswordMethods: ForgotPasswordMethods | null;
 };
-export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy' | 'emailBlocklistPolicy';
+export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy' | 'emailBlocklistPolicy' | 'forgotPasswordMethods';
 export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;

package/lib/db-entries/sign-in-experience.js

@@ -1,6 +1,6 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
-import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard, captchaPolicyGuard, sentinelPolicyGuard, emailBlocklistPolicyGuard } from './../foundations/index.js';
+import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard, captchaPolicyGuard, sentinelPolicyGuard, emailBlocklistPolicyGuard, forgotPasswordMethodsGuard } from './../foundations/index.js';
 import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
@@ -28,6 +28,7 @@ const createGuard = z.object({
     captchaPolicy: captchaPolicyGuard.optional(),
     sentinelPolicy: sentinelPolicyGuard.optional(),
     emailBlocklistPolicy: emailBlocklistPolicyGuard.optional(),
+    forgotPasswordMethods: forgotPasswordMethodsGuard.nullable().optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
@@ -55,6 +56,7 @@ const guard = z.object({
     captchaPolicy: captchaPolicyGuard,
     sentinelPolicy: sentinelPolicyGuard,
     emailBlocklistPolicy: emailBlocklistPolicyGuard,
+    forgotPasswordMethods: forgotPasswordMethodsGuard.nullable(),
 });
 export const SignInExperiences = Object.freeze({
     table: 'sign_in_experiences',
@@ -85,6 +87,7 @@ export const SignInExperiences = Object.freeze({
         captchaPolicy: 'captcha_policy',
         sentinelPolicy: 'sentinel_policy',
         emailBlocklistPolicy: 'email_blocklist_policy',
+        forgotPasswordMethods: 'forgot_password_methods',
     },
     fieldKeys: [
         'tenantId',
@@ -112,6 +115,7 @@ export const SignInExperiences = Object.freeze({
         'captchaPolicy',
         'sentinelPolicy',
         'emailBlocklistPolicy',
+        'forgotPasswordMethods',
     ],
     createGuard,
     guard,