@logto/schemas 1.31.0 → 1.33.0

package/alterations/1.32.0-1756370721-align-app-and-org-sign-in-exp-configs.ts

@@ -0,0 +1,28 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table organizations
+        add column color jsonb not null default '{}'::jsonb,
+        add column custom_css text;
+    `);
+    await pool.query(sql`
+      alter table application_sign_in_experiences add column custom_css text;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table organizations
+        drop column color,
+        drop column custom_css;
+    `);
+    await pool.query(sql`
+      alter table application_sign_in_experiences drop column custom_css;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.32.0-1756954492-add-default-to-forgot-password-methods.ts

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Set default value for new rows, but keep the column nullable
+    // to preserve existing null values as migration markers
+    await pool.query(sql`
+      alter table sign_in_experiences
+        alter column forgot_password_methods set default '[]'::jsonb;
+    `);
+
+    // Update default and admin tenant to [], bypass the alter comparison
+    await pool.query(sql`
+      update sign_in_experiences
+      set forgot_password_methods = '[]'::jsonb
+      where forgot_password_methods is null and (tenant_id = 'admin' or tenant_id = 'default');
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        alter column forgot_password_methods drop default;
+    `);
+
+    await pool.query(sql`
+      update sign_in_experiences
+      set forgot_password_methods = null
+      where forgot_password_methods = '[]'::jsonb and (tenant_id = 'admin' or tenant_id = 'default');
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.32.0-1759041888-add-tenant-date-index-to-daily-active-users-table.ts

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index daily_active_users__date
+      on daily_active_users (tenant_id, date);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index daily_active_users__date;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.33.0-1760427166-add-applications-type-index.ts

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index applications__type
+      on applications (tenant_id, type);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index applications__type;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.33.0-1760427167-add-roles-type-index.ts

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index roles__type
+      on roles (tenant_id, type);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index roles__type;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.33.0-1761283464-add-hide-logto-branding-column.ts

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column hide_logto_branding boolean not null default false;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column hide_logto_branding;
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.32.0-1756370721-align-app-and-org-sign-in-exp-configs.js

@@ -0,0 +1,24 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table organizations
+        add column color jsonb not null default '{}'::jsonb,
+        add column custom_css text;
+    `);
+        await pool.query(sql `
+      alter table application_sign_in_experiences add column custom_css text;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table organizations
+        drop column color,
+        drop column custom_css;
+    `);
+        await pool.query(sql `
+      alter table application_sign_in_experiences drop column custom_css;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.32.0-1756954492-add-default-to-forgot-password-methods.js

@@ -0,0 +1,29 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        // Set default value for new rows, but keep the column nullable
+        // to preserve existing null values as migration markers
+        await pool.query(sql `
+      alter table sign_in_experiences
+        alter column forgot_password_methods set default '[]'::jsonb;
+    `);
+        // Update default and admin tenant to [], bypass the alter comparison
+        await pool.query(sql `
+      update sign_in_experiences
+      set forgot_password_methods = '[]'::jsonb
+      where forgot_password_methods is null and (tenant_id = 'admin' or tenant_id = 'default');
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        alter column forgot_password_methods drop default;
+    `);
+        await pool.query(sql `
+      update sign_in_experiences
+      set forgot_password_methods = null
+      where forgot_password_methods = '[]'::jsonb and (tenant_id = 'admin' or tenant_id = 'default');
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.32.0-1759041888-add-tenant-date-index-to-daily-active-users-table.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index daily_active_users__date
+      on daily_active_users (tenant_id, date);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index daily_active_users__date;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.33.0-1760427166-add-applications-type-index.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index applications__type
+      on applications (tenant_id, type);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index applications__type;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.33.0-1760427167-add-roles-type-index.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index roles__type
+      on roles (tenant_id, type);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index roles__type;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.33.0-1761283464-add-hide-logto-branding-column.js

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column hide_logto_branding boolean not null default false;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column hide_logto_branding;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/index.d.ts

@@ -6,3 +6,4 @@ export * from './tenant.js';
 export * from './subscriptions.js';
 export * from './experience.js';
 export * from './sentinel.js';
+export * from './product-event.js';

package/lib/consts/index.js

@@ -6,3 +6,4 @@ export * from './tenant.js';
 export * from './subscriptions.js';
 export * from './experience.js';
 export * from './sentinel.js';
+export * from './product-event.js';

package/lib/consts/oidc.d.ts

@@ -38,6 +38,13 @@ export declare enum ExtraParamsKey {
      * This can be used to pre-fill the identifier field **only on the first screen** of the sign-in/sign-up flow.
      */
     LoginHint = "login_hint",
+    /**
+     * The end-users preferred languages to use for the client application, represented as a space-separated list of BCP47 language tags.
+     * E.g. `en` or `en-US` or `en-US en`.
+     *
+     * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.13.2.1}
+     */
+    UiLocales = "ui_locales",
     /**
      * Specifies the identifier used in the identifier sign-in or identifier register page.
      *
@@ -80,6 +87,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     direct_sign_in: z.ZodOptional<z.ZodString>;
     organization_id: z.ZodOptional<z.ZodString>;
     login_hint: z.ZodOptional<z.ZodString>;
+    ui_locales: z.ZodOptional<z.ZodString>;
     identifier: z.ZodOptional<z.ZodString>;
     one_time_token: z.ZodOptional<z.ZodString>;
     google_one_tap_credential: z.ZodOptional<z.ZodString>;
@@ -89,6 +97,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     direct_sign_in?: string | undefined;
     organization_id?: string | undefined;
     login_hint?: string | undefined;
+    ui_locales?: string | undefined;
     identifier?: string | undefined;
     one_time_token?: string | undefined;
     google_one_tap_credential?: string | undefined;
@@ -98,6 +107,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     direct_sign_in?: string | undefined;
     organization_id?: string | undefined;
     login_hint?: string | undefined;
+    ui_locales?: string | undefined;
     identifier?: string | undefined;
     one_time_token?: string | undefined;
     google_one_tap_credential?: string | undefined;
@@ -108,6 +118,7 @@ export type ExtraParamsObject = Partial<{
     [ExtraParamsKey.DirectSignIn]: string;
     [ExtraParamsKey.OrganizationId]: string;
     [ExtraParamsKey.LoginHint]: string;
+    [ExtraParamsKey.UiLocales]: string;
     [ExtraParamsKey.Identifier]: string;
     [ExtraParamsKey.OneTimeToken]: string;
     [ExtraParamsKey.GoogleOneTapCredential]: string;

package/lib/consts/oidc.js

@@ -40,6 +40,13 @@ export var ExtraParamsKey;
      * This can be used to pre-fill the identifier field **only on the first screen** of the sign-in/sign-up flow.
      */
     ExtraParamsKey["LoginHint"] = "login_hint";
+    /**
+     * The end-users preferred languages to use for the client application, represented as a space-separated list of BCP47 language tags.
+     * E.g. `en` or `en-US` or `en-US en`.
+     *
+     * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.13.2.1}
+     */
+    ExtraParamsKey["UiLocales"] = "ui_locales";
     /**
      * Specifies the identifier used in the identifier sign-in or identifier register page.
      *
@@ -85,6 +92,7 @@ export const extraParamsObjectGuard = z
     [ExtraParamsKey.DirectSignIn]: z.string(),
     [ExtraParamsKey.OrganizationId]: z.string(),
     [ExtraParamsKey.LoginHint]: z.string(),
+    [ExtraParamsKey.UiLocales]: z.string(),
     [ExtraParamsKey.Identifier]: z.string(),
     [ExtraParamsKey.OneTimeToken]: z.string(),
     [ExtraParamsKey.GoogleOneTapCredential]: z.string(),

package/lib/consts/product-event.d.ts

@@ -0,0 +1,99 @@
+/**
+ * The product events that Logto Cloud uses for analytics and auditing.
+ *
+ * - All events should be in past tense, with the format of `<noun> <verb>`.
+ * - Unless otherwise specified, all events should contain tenant ID as the
+ *   `tenant` group distinct ID.
+ *
+ * @remarks
+ * Events that are tracked in the cloud service will be marked with `@cloud`.
+ */
+export declare enum ProductEvent {
+    /** @cloud */
+    TenantCreated = "tenant created",
+    /** @cloud */
+    TenantDeleted = "tenant deleted",
+    /**
+     * One or more collaborators have been invited to the Logto Cloud tenant.
+     *
+     * @cloud
+     */
+    CollaboratorInvited = "collaborator invited",
+    /**
+     * The Logto Cloud tenant has subscribed to the Pro plan. It may be the first time subscribing,
+     * switching from the Free plan, or converting from a dev tenant, etc.
+     *
+     * @cloud
+     */
+    ProPlanSubscribed = "pro plan subscribed",
+    /**
+     * The Logto Cloud tenant has canceled the Pro plan.
+     *
+     * @cloud
+     */
+    ProPlanCanceled = "pro plan canceled",
+    /**
+     * The Logto Cloud tenant has subscribed to the Free plan. This may happen when a tenant
+     * newly created or downgrading from the Pro plan.
+     *
+     * @cloud
+     */
+    FreePlanSubscribed = "free plan subscribed",
+    /**
+     * A user has been created in the admin tenant. Interactive and non-interactive creations are
+     * both included.
+     */
+    DeveloperCreated = "developer created",
+    /** A user has been deleted in the admin tenant. */
+    DeveloperDeleted = "developer deleted",
+    AccessTokenIssued = "access token issued",
+    AppCreated = "app created",
+    AppDeleted = "app deleted",
+    RoleCreated = "role created",
+    RoleDeleted = "role deleted",
+    ApiResourceCreated = "api resource created",
+    ApiResourceDeleted = "api resource deleted",
+    OrganizationCreated = "organization created",
+    OrganizationDeleted = "organization deleted",
+    OrganizationRoleCreated = "organization role created",
+    OrganizationRoleDeleted = "organization role deleted",
+    SsoConnectorCreated = "sso connector created",
+    SsoConnectorDeleted = "sso connector deleted",
+    PasswordlessConnectorUpdated = "passwordless connector updated",
+    SocialConnectorCreated = "connector created",
+    SocialConnectorDeleted = "connector deleted",
+    WebhookCreated = "webhook created",
+    WebhookDeleted = "webhook deleted",
+    CustomJwtDeployed = "custom jwt deployed",
+    MfaEnabled = "mfa enabled",
+    MfaDisabled = "mfa disabled",
+    CustomDomainCreated = "custom domain created",
+    CustomDomainDeleted = "custom domain deleted"
+}
+/** The PostHog groups for product events. */
+export declare enum EventGroup {
+    Tenant = "tenant"
+}
+/**
+ * The static distinct ID for tenant-level events. This is used when the event is not
+ * associated with a specific user.
+ *
+ * @see {@link https://posthog.com/docs/product-analytics/group-analytics#advanced-server-side-only-capturing-group-events-without-a-user}
+ */
+export declare const tenantEventDistinctId = "TENANT_EVENT";
+/**
+ * The header that carries the cloud user ID in a request from Logto Cloud. This is useful for
+ * identifying the user who initiated the Management API request proxied by the cloud service.
+ */
+export declare const cloudUserIdHeader = "logto-cloud-user-id";
+/**
+ * The types of access tokens issued by Logto.
+ *
+ * Note that this is for internal use only and is different from other technical definitions of
+ * token types.
+ */
+export declare enum ProductAccessTokenType {
+    Unknown = "unknown",
+    User = "user",
+    ClientCredentials = "client_credentials"
+}

package/lib/consts/product-event.js

@@ -0,0 +1,102 @@
+/**
+ * The product events that Logto Cloud uses for analytics and auditing.
+ *
+ * - All events should be in past tense, with the format of `<noun> <verb>`.
+ * - Unless otherwise specified, all events should contain tenant ID as the
+ *   `tenant` group distinct ID.
+ *
+ * @remarks
+ * Events that are tracked in the cloud service will be marked with `@cloud`.
+ */
+export var ProductEvent;
+(function (ProductEvent) {
+    /** @cloud */
+    ProductEvent["TenantCreated"] = "tenant created";
+    /** @cloud */
+    ProductEvent["TenantDeleted"] = "tenant deleted";
+    /**
+     * One or more collaborators have been invited to the Logto Cloud tenant.
+     *
+     * @cloud
+     */
+    ProductEvent["CollaboratorInvited"] = "collaborator invited";
+    /**
+     * The Logto Cloud tenant has subscribed to the Pro plan. It may be the first time subscribing,
+     * switching from the Free plan, or converting from a dev tenant, etc.
+     *
+     * @cloud
+     */
+    ProductEvent["ProPlanSubscribed"] = "pro plan subscribed";
+    /**
+     * The Logto Cloud tenant has canceled the Pro plan.
+     *
+     * @cloud
+     */
+    ProductEvent["ProPlanCanceled"] = "pro plan canceled";
+    /**
+     * The Logto Cloud tenant has subscribed to the Free plan. This may happen when a tenant
+     * newly created or downgrading from the Pro plan.
+     *
+     * @cloud
+     */
+    ProductEvent["FreePlanSubscribed"] = "free plan subscribed";
+    /**
+     * A user has been created in the admin tenant. Interactive and non-interactive creations are
+     * both included.
+     */
+    ProductEvent["DeveloperCreated"] = "developer created";
+    /** A user has been deleted in the admin tenant. */
+    ProductEvent["DeveloperDeleted"] = "developer deleted";
+    ProductEvent["AccessTokenIssued"] = "access token issued";
+    ProductEvent["AppCreated"] = "app created";
+    ProductEvent["AppDeleted"] = "app deleted";
+    ProductEvent["RoleCreated"] = "role created";
+    ProductEvent["RoleDeleted"] = "role deleted";
+    ProductEvent["ApiResourceCreated"] = "api resource created";
+    ProductEvent["ApiResourceDeleted"] = "api resource deleted";
+    ProductEvent["OrganizationCreated"] = "organization created";
+    ProductEvent["OrganizationDeleted"] = "organization deleted";
+    ProductEvent["OrganizationRoleCreated"] = "organization role created";
+    ProductEvent["OrganizationRoleDeleted"] = "organization role deleted";
+    ProductEvent["SsoConnectorCreated"] = "sso connector created";
+    ProductEvent["SsoConnectorDeleted"] = "sso connector deleted";
+    ProductEvent["PasswordlessConnectorUpdated"] = "passwordless connector updated";
+    ProductEvent["SocialConnectorCreated"] = "connector created";
+    ProductEvent["SocialConnectorDeleted"] = "connector deleted";
+    ProductEvent["WebhookCreated"] = "webhook created";
+    ProductEvent["WebhookDeleted"] = "webhook deleted";
+    ProductEvent["CustomJwtDeployed"] = "custom jwt deployed";
+    ProductEvent["MfaEnabled"] = "mfa enabled";
+    ProductEvent["MfaDisabled"] = "mfa disabled";
+    ProductEvent["CustomDomainCreated"] = "custom domain created";
+    ProductEvent["CustomDomainDeleted"] = "custom domain deleted";
+})(ProductEvent || (ProductEvent = {}));
+/** The PostHog groups for product events. */
+export var EventGroup;
+(function (EventGroup) {
+    EventGroup["Tenant"] = "tenant";
+})(EventGroup || (EventGroup = {}));
+/**
+ * The static distinct ID for tenant-level events. This is used when the event is not
+ * associated with a specific user.
+ *
+ * @see {@link https://posthog.com/docs/product-analytics/group-analytics#advanced-server-side-only-capturing-group-events-without-a-user}
+ */
+export const tenantEventDistinctId = 'TENANT_EVENT';
+/**
+ * The header that carries the cloud user ID in a request from Logto Cloud. This is useful for
+ * identifying the user who initiated the Management API request proxied by the cloud service.
+ */
+export const cloudUserIdHeader = 'logto-cloud-user-id';
+/**
+ * The types of access tokens issued by Logto.
+ *
+ * Note that this is for internal use only and is different from other technical definitions of
+ * token types.
+ */
+export var ProductAccessTokenType;
+(function (ProductAccessTokenType) {
+    ProductAccessTokenType["Unknown"] = "unknown";
+    ProductAccessTokenType["User"] = "user";
+    ProductAccessTokenType["ClientCredentials"] = "client_credentials";
+})(ProductAccessTokenType || (ProductAccessTokenType = {}));

package/lib/db-entries/application-sign-in-experience.d.ts

@@ -10,6 +10,7 @@ export type CreateApplicationSignInExperience = {
     applicationId: string;
     color?: PartialColor;
     branding?: Branding;
+    customCss?: string | null;
     termsOfUseUrl?: string | null;
     privacyPolicyUrl?: string | null;
     displayName?: string | null;
@@ -20,9 +21,10 @@ export type ApplicationSignInExperience = {
     applicationId: string;
     color: PartialColor;
     branding: Branding;
+    customCss: string | null;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
     displayName: string | null;
 };
-export type ApplicationSignInExperienceKeys = 'tenantId' | 'applicationId' | 'color' | 'branding' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'displayName';
+export type ApplicationSignInExperienceKeys = 'tenantId' | 'applicationId' | 'color' | 'branding' | 'customCss' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'displayName';
 export declare const ApplicationSignInExperiences: GeneratedSchema<ApplicationSignInExperienceKeys, CreateApplicationSignInExperience, ApplicationSignInExperience, 'application_sign_in_experiences', 'application_sign_in_experience'>;

package/lib/db-entries/application-sign-in-experience.js

@@ -6,6 +6,7 @@ const createGuard = z.object({
     applicationId: z.string().min(1).max(21),
     color: partialColorGuard.optional(),
     branding: brandingGuard.optional(),
+    customCss: z.string().nullable().optional(),
     termsOfUseUrl: z.string().max(2048).nullable().optional(),
     privacyPolicyUrl: z.string().max(2048).nullable().optional(),
     displayName: z.string().max(256).nullable().optional(),
@@ -15,6 +16,7 @@ const guard = z.object({
     applicationId: z.string().min(1).max(21),
     color: partialColorGuard,
     branding: brandingGuard,
+    customCss: z.string().nullable(),
     termsOfUseUrl: z.string().max(2048).nullable(),
     privacyPolicyUrl: z.string().max(2048).nullable(),
     displayName: z.string().max(256).nullable(),
@@ -27,6 +29,7 @@ export const ApplicationSignInExperiences = Object.freeze({
         applicationId: 'application_id',
         color: 'color',
         branding: 'branding',
+        customCss: 'custom_css',
         termsOfUseUrl: 'terms_of_use_url',
         privacyPolicyUrl: 'privacy_policy_url',
         displayName: 'display_name',
@@ -36,6 +39,7 @@ export const ApplicationSignInExperiences = Object.freeze({
         'applicationId',
         'color',
         'branding',
+        'customCss',
         'termsOfUseUrl',
         'privacyPolicyUrl',
         'displayName',

package/lib/db-entries/organization.d.ts

@@ -1,4 +1,4 @@
-import { JsonObject, Branding, GeneratedSchema } from './../foundations/index.js';
+import { JsonObject, PartialColor, Branding, GeneratedSchema } from './../foundations/index.js';
 /**
  * Organizations defined by [RFC 0001](https://github.com/logto-io/rfcs/blob/HEAD/active/0001-organization.md).
  *
@@ -17,8 +17,12 @@ export type CreateOrganization = {
     customData?: JsonObject;
     /** Whether multi-factor authentication configuration is required for the members of the organization. */
     isMfaRequired?: boolean;
+    /** The organization's branding color configuration. */
+    color?: PartialColor;
     /** The organization's branding configuration. */
     branding?: Branding;
+    /** The custom CSS of the organization. */
+    customCss?: string | null;
     /** When the organization was created. */
     createdAt?: number;
 };
@@ -35,10 +39,14 @@ export type Organization = {
     customData: JsonObject;
     /** Whether multi-factor authentication configuration is required for the members of the organization. */
     isMfaRequired: boolean;
+    /** The organization's branding color configuration. */
+    color: PartialColor;
     /** The organization's branding configuration. */
     branding: Branding;
+    /** The custom CSS of the organization. */
+    customCss: string | null;
     /** When the organization was created. */
     createdAt: number;
 };
-export type OrganizationKeys = 'tenantId' | 'id' | 'name' | 'description' | 'customData' | 'isMfaRequired' | 'branding' | 'createdAt';
+export type OrganizationKeys = 'tenantId' | 'id' | 'name' | 'description' | 'customData' | 'isMfaRequired' | 'color' | 'branding' | 'customCss' | 'createdAt';
 export declare const Organizations: GeneratedSchema<OrganizationKeys, CreateOrganization, Organization, 'organizations', 'organization'>;