@logto/schemas 1.32.0 → 1.34.0

package/alterations/1.33.0-1760427166-add-applications-type-index.ts

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index applications__type
+      on applications (tenant_id, type);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index applications__type;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.33.0-1760427167-add-roles-type-index.ts

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index roles__type
+      on roles (tenant_id, type);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index roles__type;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.33.0-1761283464-add-hide-logto-branding-column.ts

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column hide_logto_branding boolean not null default false;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column hide_logto_branding;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.34.0-1762338508-add-organization-roles-type-index.ts

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index organization_roles__type
+      on organization_roles (tenant_id, type);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index organization_roles__type;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.34.0-1764164658-add-applications-roles-include-indexes.ts

@@ -0,0 +1,38 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index applications__include_type_is_third_party
+      on applications (tenant_id) include (type, is_third_party);
+    `);
+
+    // Update table statistics to help query planner use the new index efficiently
+    await pool.query(sql`
+      analyze applications;
+    `);
+
+    await pool.query(sql`
+      create index roles__include_type_name
+      on roles (tenant_id) include (type, name);
+    `);
+
+    // Update table statistics to help query planner use the new index efficiently
+    await pool.query(sql`
+      analyze roles;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index if exists applications__include_type_is_third_party;
+    `);
+
+    await pool.query(sql`
+      drop index if exists roles__include_type_name;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.34.0-1764236036-remove-applications-roles-include-indexes.ts

@@ -0,0 +1,38 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      drop index if exists applications__include_type_is_third_party;
+    `);
+
+    await pool.query(sql`
+      drop index if exists roles__include_type_name;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      create index applications__include_type_is_third_party
+      on applications (tenant_id) include (type, is_third_party);
+    `);
+
+    // Update table statistics to help query planner use the new index efficiently
+    await pool.query(sql`
+      analyze applications;
+    `);
+
+    await pool.query(sql`
+      create index roles__include_type_name
+      on roles (tenant_id) include (type, name);
+    `);
+
+    // Update table statistics to help query planner use the new index efficiently
+    await pool.query(sql`
+      analyze roles;
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.33.0-1760427166-add-applications-type-index.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index applications__type
+      on applications (tenant_id, type);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index applications__type;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.33.0-1760427167-add-roles-type-index.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index roles__type
+      on roles (tenant_id, type);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index roles__type;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.33.0-1761283464-add-hide-logto-branding-column.js

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column hide_logto_branding boolean not null default false;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column hide_logto_branding;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.34.0-1762338508-add-organization-roles-type-index.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index organization_roles__type
+      on organization_roles (tenant_id, type);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index organization_roles__type;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.34.0-1764164658-add-applications-roles-include-indexes.js

@@ -0,0 +1,30 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index applications__include_type_is_third_party
+      on applications (tenant_id) include (type, is_third_party);
+    `);
+        // Update table statistics to help query planner use the new index efficiently
+        await pool.query(sql `
+      analyze applications;
+    `);
+        await pool.query(sql `
+      create index roles__include_type_name
+      on roles (tenant_id) include (type, name);
+    `);
+        // Update table statistics to help query planner use the new index efficiently
+        await pool.query(sql `
+      analyze roles;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index if exists applications__include_type_is_third_party;
+    `);
+        await pool.query(sql `
+      drop index if exists roles__include_type_name;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.34.0-1764236036-remove-applications-roles-include-indexes.js

@@ -0,0 +1,30 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      drop index if exists applications__include_type_is_third_party;
+    `);
+        await pool.query(sql `
+      drop index if exists roles__include_type_name;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      create index applications__include_type_is_third_party
+      on applications (tenant_id) include (type, is_third_party);
+    `);
+        // Update table statistics to help query planner use the new index efficiently
+        await pool.query(sql `
+      analyze applications;
+    `);
+        await pool.query(sql `
+      create index roles__include_type_name
+      on roles (tenant_id) include (type, name);
+    `);
+        // Update table statistics to help query planner use the new index efficiently
+        await pool.query(sql `
+      analyze roles;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/index.d.ts

@@ -6,3 +6,4 @@ export * from './tenant.js';
 export * from './subscriptions.js';
 export * from './experience.js';
 export * from './sentinel.js';
+export * from './product-event.js';

package/lib/consts/index.js

@@ -6,3 +6,4 @@ export * from './tenant.js';
 export * from './subscriptions.js';
 export * from './experience.js';
 export * from './sentinel.js';
+export * from './product-event.js';

package/lib/consts/product-event.d.ts

@@ -0,0 +1,99 @@
+/**
+ * The product events that Logto Cloud uses for analytics and auditing.
+ *
+ * - All events should be in past tense, with the format of `<noun> <verb>`.
+ * - Unless otherwise specified, all events should contain tenant ID as the
+ *   `tenant` group distinct ID.
+ *
+ * @remarks
+ * Events that are tracked in the cloud service will be marked with `@cloud`.
+ */
+export declare enum ProductEvent {
+    /** @cloud */
+    TenantCreated = "tenant created",
+    /** @cloud */
+    TenantDeleted = "tenant deleted",
+    /**
+     * One or more collaborators have been invited to the Logto Cloud tenant.
+     *
+     * @cloud
+     */
+    CollaboratorInvited = "collaborator invited",
+    /**
+     * The Logto Cloud tenant has subscribed to the Pro plan. It may be the first time subscribing,
+     * switching from the Free plan, or converting from a dev tenant, etc.
+     *
+     * @cloud
+     */
+    ProPlanSubscribed = "pro plan subscribed",
+    /**
+     * The Logto Cloud tenant has canceled the Pro plan.
+     *
+     * @cloud
+     */
+    ProPlanCanceled = "pro plan canceled",
+    /**
+     * The Logto Cloud tenant has subscribed to the Free plan. This may happen when a tenant
+     * newly created or downgrading from the Pro plan.
+     *
+     * @cloud
+     */
+    FreePlanSubscribed = "free plan subscribed",
+    /**
+     * A user has been created in the admin tenant. Interactive and non-interactive creations are
+     * both included.
+     */
+    DeveloperCreated = "developer created",
+    /** A user has been deleted in the admin tenant. */
+    DeveloperDeleted = "developer deleted",
+    AccessTokenIssued = "access token issued",
+    AppCreated = "app created",
+    AppDeleted = "app deleted",
+    RoleCreated = "role created",
+    RoleDeleted = "role deleted",
+    ApiResourceCreated = "api resource created",
+    ApiResourceDeleted = "api resource deleted",
+    OrganizationCreated = "organization created",
+    OrganizationDeleted = "organization deleted",
+    OrganizationRoleCreated = "organization role created",
+    OrganizationRoleDeleted = "organization role deleted",
+    SsoConnectorCreated = "sso connector created",
+    SsoConnectorDeleted = "sso connector deleted",
+    PasswordlessConnectorUpdated = "passwordless connector updated",
+    SocialConnectorCreated = "connector created",
+    SocialConnectorDeleted = "connector deleted",
+    WebhookCreated = "webhook created",
+    WebhookDeleted = "webhook deleted",
+    CustomJwtDeployed = "custom jwt deployed",
+    MfaEnabled = "mfa enabled",
+    MfaDisabled = "mfa disabled",
+    CustomDomainCreated = "custom domain created",
+    CustomDomainDeleted = "custom domain deleted"
+}
+/** The PostHog groups for product events. */
+export declare enum EventGroup {
+    Tenant = "tenant"
+}
+/**
+ * The static distinct ID for tenant-level events. This is used when the event is not
+ * associated with a specific user.
+ *
+ * @see {@link https://posthog.com/docs/product-analytics/group-analytics#advanced-server-side-only-capturing-group-events-without-a-user}
+ */
+export declare const tenantEventDistinctId = "TENANT_EVENT";
+/**
+ * The header that carries the cloud user ID in a request from Logto Cloud. This is useful for
+ * identifying the user who initiated the Management API request proxied by the cloud service.
+ */
+export declare const cloudUserIdHeader = "logto-cloud-user-id";
+/**
+ * The types of access tokens issued by Logto.
+ *
+ * Note that this is for internal use only and is different from other technical definitions of
+ * token types.
+ */
+export declare enum ProductAccessTokenType {
+    Unknown = "unknown",
+    User = "user",
+    ClientCredentials = "client_credentials"
+}

package/lib/consts/product-event.js

@@ -0,0 +1,102 @@
+/**
+ * The product events that Logto Cloud uses for analytics and auditing.
+ *
+ * - All events should be in past tense, with the format of `<noun> <verb>`.
+ * - Unless otherwise specified, all events should contain tenant ID as the
+ *   `tenant` group distinct ID.
+ *
+ * @remarks
+ * Events that are tracked in the cloud service will be marked with `@cloud`.
+ */
+export var ProductEvent;
+(function (ProductEvent) {
+    /** @cloud */
+    ProductEvent["TenantCreated"] = "tenant created";
+    /** @cloud */
+    ProductEvent["TenantDeleted"] = "tenant deleted";
+    /**
+     * One or more collaborators have been invited to the Logto Cloud tenant.
+     *
+     * @cloud
+     */
+    ProductEvent["CollaboratorInvited"] = "collaborator invited";
+    /**
+     * The Logto Cloud tenant has subscribed to the Pro plan. It may be the first time subscribing,
+     * switching from the Free plan, or converting from a dev tenant, etc.
+     *
+     * @cloud
+     */
+    ProductEvent["ProPlanSubscribed"] = "pro plan subscribed";
+    /**
+     * The Logto Cloud tenant has canceled the Pro plan.
+     *
+     * @cloud
+     */
+    ProductEvent["ProPlanCanceled"] = "pro plan canceled";
+    /**
+     * The Logto Cloud tenant has subscribed to the Free plan. This may happen when a tenant
+     * newly created or downgrading from the Pro plan.
+     *
+     * @cloud
+     */
+    ProductEvent["FreePlanSubscribed"] = "free plan subscribed";
+    /**
+     * A user has been created in the admin tenant. Interactive and non-interactive creations are
+     * both included.
+     */
+    ProductEvent["DeveloperCreated"] = "developer created";
+    /** A user has been deleted in the admin tenant. */
+    ProductEvent["DeveloperDeleted"] = "developer deleted";
+    ProductEvent["AccessTokenIssued"] = "access token issued";
+    ProductEvent["AppCreated"] = "app created";
+    ProductEvent["AppDeleted"] = "app deleted";
+    ProductEvent["RoleCreated"] = "role created";
+    ProductEvent["RoleDeleted"] = "role deleted";
+    ProductEvent["ApiResourceCreated"] = "api resource created";
+    ProductEvent["ApiResourceDeleted"] = "api resource deleted";
+    ProductEvent["OrganizationCreated"] = "organization created";
+    ProductEvent["OrganizationDeleted"] = "organization deleted";
+    ProductEvent["OrganizationRoleCreated"] = "organization role created";
+    ProductEvent["OrganizationRoleDeleted"] = "organization role deleted";
+    ProductEvent["SsoConnectorCreated"] = "sso connector created";
+    ProductEvent["SsoConnectorDeleted"] = "sso connector deleted";
+    ProductEvent["PasswordlessConnectorUpdated"] = "passwordless connector updated";
+    ProductEvent["SocialConnectorCreated"] = "connector created";
+    ProductEvent["SocialConnectorDeleted"] = "connector deleted";
+    ProductEvent["WebhookCreated"] = "webhook created";
+    ProductEvent["WebhookDeleted"] = "webhook deleted";
+    ProductEvent["CustomJwtDeployed"] = "custom jwt deployed";
+    ProductEvent["MfaEnabled"] = "mfa enabled";
+    ProductEvent["MfaDisabled"] = "mfa disabled";
+    ProductEvent["CustomDomainCreated"] = "custom domain created";
+    ProductEvent["CustomDomainDeleted"] = "custom domain deleted";
+})(ProductEvent || (ProductEvent = {}));
+/** The PostHog groups for product events. */
+export var EventGroup;
+(function (EventGroup) {
+    EventGroup["Tenant"] = "tenant";
+})(EventGroup || (EventGroup = {}));
+/**
+ * The static distinct ID for tenant-level events. This is used when the event is not
+ * associated with a specific user.
+ *
+ * @see {@link https://posthog.com/docs/product-analytics/group-analytics#advanced-server-side-only-capturing-group-events-without-a-user}
+ */
+export const tenantEventDistinctId = 'TENANT_EVENT';
+/**
+ * The header that carries the cloud user ID in a request from Logto Cloud. This is useful for
+ * identifying the user who initiated the Management API request proxied by the cloud service.
+ */
+export const cloudUserIdHeader = 'logto-cloud-user-id';
+/**
+ * The types of access tokens issued by Logto.
+ *
+ * Note that this is for internal use only and is different from other technical definitions of
+ * token types.
+ */
+export var ProductAccessTokenType;
+(function (ProductAccessTokenType) {
+    ProductAccessTokenType["Unknown"] = "unknown";
+    ProductAccessTokenType["User"] = "user";
+    ProductAccessTokenType["ClientCredentials"] = "client_credentials";
+})(ProductAccessTokenType || (ProductAccessTokenType = {}));

package/lib/db-entries/sign-in-experience.d.ts

@@ -10,6 +10,7 @@ export type CreateSignInExperience = {
     id: string;
     color: Color;
     branding: Branding;
+    hideLogtoBranding?: boolean;
     languageInfo: LanguageInfo;
     termsOfUseUrl?: string | null;
     privacyPolicyUrl?: string | null;
@@ -39,6 +40,7 @@ export type SignInExperience = {
     id: string;
     color: Color;
     branding: Branding;
+    hideLogtoBranding: boolean;
     languageInfo: LanguageInfo;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
@@ -63,5 +65,5 @@ export type SignInExperience = {
     emailBlocklistPolicy: EmailBlocklistPolicy;
     forgotPasswordMethods: ForgotPasswordMethods | null;
 };
-export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy' | 'emailBlocklistPolicy' | 'forgotPasswordMethods';
+export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'hideLogtoBranding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy' | 'emailBlocklistPolicy' | 'forgotPasswordMethods';
 export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;

package/lib/db-entries/sign-in-experience.js

@@ -7,6 +7,7 @@ const createGuard = z.object({
     id: z.string().min(1).max(21),
     color: colorGuard,
     branding: brandingGuard,
+    hideLogtoBranding: z.boolean().optional(),
     languageInfo: languageInfoGuard,
     termsOfUseUrl: z.string().max(2048).nullable().optional(),
     privacyPolicyUrl: z.string().max(2048).nullable().optional(),
@@ -35,6 +36,7 @@ const guard = z.object({
     id: z.string().min(1).max(21),
     color: colorGuard,
     branding: brandingGuard,
+    hideLogtoBranding: z.boolean(),
     languageInfo: languageInfoGuard,
     termsOfUseUrl: z.string().max(2048).nullable(),
     privacyPolicyUrl: z.string().max(2048).nullable(),
@@ -66,6 +68,7 @@ export const SignInExperiences = Object.freeze({
         id: 'id',
         color: 'color',
         branding: 'branding',
+        hideLogtoBranding: 'hide_logto_branding',
         languageInfo: 'language_info',
         termsOfUseUrl: 'terms_of_use_url',
         privacyPolicyUrl: 'privacy_policy_url',
@@ -94,6 +97,7 @@ export const SignInExperiences = Object.freeze({
         'id',
         'color',
         'branding',
+        'hideLogtoBranding',
         'languageInfo',
         'termsOfUseUrl',
         'privacyPolicyUrl',

package/lib/foundations/jsonb-types/hooks.d.ts

@@ -1,9 +1,10 @@
 import { z } from 'zod';
 /**
- * We categorize the hook events into two types:
+ * We categorize the hook events into three types:
  *
  * InteractionHookEvent: The hook events that are triggered by user interactions.
  * DataHookEvent: The hook events that are triggered by Logto data mutations.
+ * ExceptionHookEvent: The hook events that are triggered on exceptions.
  */
 export declare enum InteractionHookEvent {
     PostRegister = "PostRegister",
@@ -28,13 +29,14 @@ declare enum DataHookDetailMutationType {
 type BasicDataHookEvent = `${DataHookSchema}.${DataHookBasicMutationType}`;
 type CustomDataHookMutableSchema = `${DataHookSchema}.Data` | `${DataHookSchema.User}.SuspensionStatus` | `${DataHookSchema.Role}.Scopes` | `${DataHookSchema.Organization}.Membership` | `${DataHookSchema.OrganizationRole}.Scopes`;
 type DataHookPropertyUpdateEvent = `${CustomDataHookMutableSchema}.${DataHookDetailMutationType.Updated}`;
+export type ExceptionHookEvent = 'Identifier.Lockout';
 export type DataHookEvent = BasicDataHookEvent | DataHookPropertyUpdateEvent;
 /** The hook event values that can be registered. */
-export declare const hookEvents: readonly [InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated"];
+export declare const hookEvents: readonly [InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated", "Identifier.Lockout"];
 /** The type of hook event values that can be registered. */
 export type HookEvent = (typeof hookEvents)[number];
-export declare const hookEventGuard: z.ZodEnum<[InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated"]>;
-export declare const hookEventsGuard: z.ZodArray<z.ZodEnum<[InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated"]>, "many">;
+export declare const hookEventGuard: z.ZodEnum<[InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated", "Identifier.Lockout"]>;
+export declare const hookEventsGuard: z.ZodArray<z.ZodEnum<[InteractionHookEvent.PostRegister, InteractionHookEvent.PostSignIn, InteractionHookEvent.PostResetPassword, "User.Created", "User.Deleted", "User.Data.Updated", "User.SuspensionStatus.Updated", "Role.Created", "Role.Deleted", "Role.Data.Updated", "Role.Scopes.Updated", "Scope.Created", "Scope.Deleted", "Scope.Data.Updated", "Organization.Created", "Organization.Deleted", "Organization.Data.Updated", "Organization.Membership.Updated", "OrganizationRole.Created", "OrganizationRole.Deleted", "OrganizationRole.Data.Updated", "OrganizationRole.Scopes.Updated", "OrganizationScope.Created", "OrganizationScope.Deleted", "OrganizationScope.Data.Updated", "Identifier.Lockout"]>, "many">;
 export type HookEvents = z.infer<typeof hookEventsGuard>;
 export declare const interactionHookEventGuard: z.ZodNativeEnum<typeof InteractionHookEvent>;
 /**

package/lib/foundations/jsonb-types/hooks.js

@@ -1,9 +1,10 @@
 import { z } from 'zod';
 /**
- * We categorize the hook events into two types:
+ * We categorize the hook events into three types:
  *
  * InteractionHookEvent: The hook events that are triggered by user interactions.
  * DataHookEvent: The hook events that are triggered by Logto data mutations.
+ * ExceptionHookEvent: The hook events that are triggered on exceptions.
  */
 // InteractionHookEvent
 export var InteractionHookEvent;
@@ -58,6 +59,7 @@ export const hookEvents = Object.freeze([
     'OrganizationScope.Created',
     'OrganizationScope.Deleted',
     'OrganizationScope.Data.Updated',
+    'Identifier.Lockout',
 ]);
 export const hookEventGuard = z.enum(hookEvents);
 export const hookEventsGuard = hookEventGuard.array();

package/lib/foundations/jsonb-types/oidc-module.js

@@ -49,7 +49,7 @@ export const customClientMetadataGuard = z.object({
     [CustomClientMetadataKey.CorsAllowedOrigins]: z.string().min(1).array().optional(),
     [CustomClientMetadataKey.IdTokenTtl]: z.number().optional(),
     [CustomClientMetadataKey.RefreshTokenTtl]: z.number().optional(),
-    [CustomClientMetadataKey.RefreshTokenTtlInDays]: z.number().int().min(1).max(90).optional(),
+    [CustomClientMetadataKey.RefreshTokenTtlInDays]: z.number().int().min(1).max(180).optional(),
     [CustomClientMetadataKey.TenantId]: z.string().optional(),
     [CustomClientMetadataKey.AlwaysIssueRefreshToken]: z.boolean().optional(),
     [CustomClientMetadataKey.RotateRefreshToken]: z.boolean().optional(),

package/lib/seeds/application.d.ts

@@ -6,7 +6,13 @@ import type { Application, CreateApplication, CreateApplicationsRole } from '../
  */
 export declare const adminConsoleApplicationId = "admin-console";
 export declare const demoAppApplicationId = "demo-app";
+export declare const accountCenterApplicationId = "account-center";
 export declare const buildDemoAppDataForTenant: (tenantId: string) => Application;
+export declare const buildAccountCenterAppDataForTenant: (tenantId: string) => Application;
+export type BuiltInApplicationId = typeof demoAppApplicationId | typeof accountCenterApplicationId;
+export declare const isBuiltInApplicationId: (applicationId: string) => applicationId is BuiltInApplicationId;
+export declare const isBuiltInClientId: (applicationId: string) => applicationId is BuiltInApplicationId;
+export declare const buildBuiltInApplicationDataForTenant: (tenantId: string, applicationId: BuiltInApplicationId) => Application;
 export declare const createDefaultAdminConsoleApplication: () => Readonly<CreateApplication>;
 export declare const createTenantMachineToMachineApplication: (tenantId: string) => Readonly<CreateApplication>;
 /** Create an entry to assign a role to an application in the admin tenant. */

package/lib/seeds/application.js

@@ -8,12 +8,13 @@ import { adminTenantId } from './tenant.js';
  */
 export const adminConsoleApplicationId = 'admin-console';
 export const demoAppApplicationId = 'demo-app';
-export const buildDemoAppDataForTenant = (tenantId) => ({
+export const accountCenterApplicationId = 'account-center';
+const buildSpaApplicationData = (tenantId, { id, name, description, }) => ({
     tenantId,
-    id: demoAppApplicationId,
-    name: 'Live Preview',
+    id,
+    name,
     secret: 'N/A',
-    description: 'Preview for Sign-in Experience.',
+    description,
     type: ApplicationType.SPA,
     oidcClientMetadata: { redirectUris: [], postLogoutRedirectUris: [] },
     customClientMetadata: {},
@@ -22,6 +23,24 @@ export const buildDemoAppDataForTenant = (tenantId) => ({
     createdAt: 0,
     customData: {},
 });
+export const buildDemoAppDataForTenant = (tenantId) => buildSpaApplicationData(tenantId, {
+    id: demoAppApplicationId,
+    name: 'Live Preview',
+    description: 'Preview for Sign-in Experience.',
+});
+export const buildAccountCenterAppDataForTenant = (tenantId) => buildSpaApplicationData(tenantId, {
+    id: accountCenterApplicationId,
+    name: 'Account Center',
+    description: 'Placeholder application for Account Center.',
+});
+export const isBuiltInApplicationId = (applicationId) => applicationId === demoAppApplicationId || applicationId === accountCenterApplicationId;
+export const isBuiltInClientId = isBuiltInApplicationId;
+export const buildBuiltInApplicationDataForTenant = (tenantId, applicationId) => {
+    if (applicationId === demoAppApplicationId) {
+        return buildDemoAppDataForTenant(tenantId);
+    }
+    return buildAccountCenterAppDataForTenant(tenantId);
+};
 export const createDefaultAdminConsoleApplication = () => Object.freeze({
     tenantId: adminTenantId,
     id: adminConsoleApplicationId,

package/lib/seeds/sign-in-experience.js

@@ -15,6 +15,7 @@ export const createDefaultSignInExperience = (forTenantId, isCloud) => Object.fr
         logoUrl: isCloud ? undefined : 'https://logto.io/logo.svg',
         darkLogoUrl: isCloud ? undefined : 'https://logto.io/logo-dark.svg',
     },
+    hideLogtoBranding: false,
     languageInfo: {
         autoDetect: true,
         fallbackLanguage: 'en',

package/lib/types/domain.d.ts

@@ -1,5 +1,5 @@
 import { type z } from 'zod';
-export declare const domainSelectFields: readonly ["id", "domain", "status", "errorMessage", "dnsRecords"];
+export declare const domainSelectFields: readonly ["id", "domain", "status", "errorMessage", "dnsRecords", "createdAt"];
 export declare const domainResponseGuard: z.ZodObject<Pick<{
     tenantId: z.ZodType<string, z.ZodTypeDef, string>;
     id: z.ZodType<string, z.ZodTypeDef, string>;
@@ -38,15 +38,17 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
     } | null>;
     updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
     createdAt: z.ZodType<number, z.ZodTypeDef, number>;
-}, "status" | "id" | "domain" | "errorMessage" | "dnsRecords">, "strip", z.ZodTypeAny, {
+}, "status" | "id" | "createdAt" | "domain" | "errorMessage" | "dnsRecords">, "strip", z.ZodTypeAny, {
     status: import("../index.js").DomainStatus;
     id: string;
+    createdAt: number;
     domain: string;
     errorMessage: string | null;
     dnsRecords: import("../index.js").DomainDnsRecords;
 }, {
     status: import("../index.js").DomainStatus;
     id: string;
+    createdAt: number;
     domain: string;
     errorMessage: string | null;
     dnsRecords: import("../index.js").DomainDnsRecords;

package/lib/types/domain.js

@@ -5,6 +5,7 @@ export const domainSelectFields = Object.freeze([
     'status',
     'errorMessage',
     'dnsRecords',
+    'createdAt',
 ]);
 export const domainResponseGuard = Domains.guard.pick({
     id: true,
@@ -12,4 +13,5 @@ export const domainResponseGuard = Domains.guard.pick({
     status: true,
     errorMessage: true,
     dnsRecords: true,
+    createdAt: true,
 });

package/lib/types/hook.d.ts

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 import { type Application, type User } from '../db-entries/index.js';
-import { type DataHookEvent, type InteractionHookEvent } from '../foundations/index.js';
+import { type ExceptionHookEvent, type DataHookEvent, type InteractionHookEvent } from '../foundations/index.js';
 import { type InteractionEvent } from './interactions.js';
 import { type userInfoSelectFields } from './user.js';
 declare const hookExecutionStatsGuard: z.ZodObject<{
@@ -18,8 +18,8 @@ export declare const hookResponseGuard: z.ZodObject<{
     tenantId: z.ZodType<string, z.ZodTypeDef, string>;
     id: z.ZodType<string, z.ZodTypeDef, string>;
     name: z.ZodType<string, z.ZodTypeDef, string>;
-    event: z.ZodType<"User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | null, z.ZodTypeDef, "User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | null>;
-    events: z.ZodType<("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent)[], z.ZodTypeDef, ("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent)[]>;
+    event: z.ZodType<"User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | "Identifier.Lockout" | null, z.ZodTypeDef, "User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | "Identifier.Lockout" | null>;
+    events: z.ZodType<("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | "Identifier.Lockout")[], z.ZodTypeDef, ("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | "Identifier.Lockout")[]>;
     config: z.ZodType<{
         url: string;
         headers?: Record<string, string> | undefined;
@@ -140,5 +140,8 @@ export type DataHookEventPayload = {
     userAgent?: string;
     data?: unknown;
 } & Partial<InteractionApiContextPayload> & Partial<ManagementApiContext> & Record<string, unknown>;
-export type HookEventPayload = InteractionHookEventPayload | DataHookEventPayload;
+export type ExceptionHookEventPayload = Omit<DataHookEventPayload, 'event'> & {
+    event: ExceptionHookEvent;
+};
+export type HookEventPayload = InteractionHookEventPayload | DataHookEventPayload | ExceptionHookEventPayload;
 export {};

package/lib/types/sign-in-experience.d.ts

@@ -58,6 +58,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
         favicon?: string | undefined;
         darkFavicon?: string | undefined;
     }>;
+    hideLogtoBranding: z.ZodType<boolean, z.ZodTypeDef, boolean>;
     languageInfo: z.ZodType<{
         autoDetect: boolean;
         fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
@@ -690,6 +691,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     customCss: string | null;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
+    hideLogtoBranding: boolean;
     languageInfo: import("../foundations/jsonb-types/sign-in-experience.js").LanguageInfo;
     agreeToTermsPolicy: import("../db-entries/custom-types.js").AgreeToTermsPolicy;
     signIn: import("../foundations/jsonb-types/sign-in-experience.js").SignIn;
@@ -881,6 +883,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     customCss: string | null;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
+    hideLogtoBranding: boolean;
     languageInfo: import("../foundations/jsonb-types/sign-in-experience.js").LanguageInfo;
     agreeToTermsPolicy: import("../db-entries/custom-types.js").AgreeToTermsPolicy;
     signIn: import("../foundations/jsonb-types/sign-in-experience.js").SignIn;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.32.0",
+  "version": "1.34.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -65,12 +65,12 @@
   "dependencies": {
     "@withtyped/server": "^0.14.0",
     "nanoid": "^5.0.9",
-    "@logto/core-kit": "^2.6.1",
     "@logto/connector-kit": "^4.6.0",
+    "@logto/core-kit": "^2.6.1",
+    "@logto/language-kit": "^1.2.0",
+    "@logto/phrases": "^1.23.0",
     "@logto/phrases-experience": "^1.12.0",
-    "@logto/phrases": "^1.21.0",
-    "@logto/shared": "^3.3.0",
-    "@logto/language-kit": "^1.2.0"
+    "@logto/shared": "^3.3.0"
   },
   "peerDependencies": {
     "zod": "3.24.3"

package/tables/applications.sql

@@ -26,6 +26,9 @@ create index applications__id
 create index applications__is_third_party
   on applications (tenant_id, is_third_party);
 
+create index applications__type
+  on applications (tenant_id, type);
+
 create unique index applications__protected_app_metadata_host
   on applications (
     (protected_app_metadata->>'host')

package/tables/organization_roles.sql

@@ -20,6 +20,9 @@ create table organization_roles (
 create index organization_roles__id
   on organization_roles (tenant_id, id);
 
+create index organization_roles__type
+  on organization_roles (tenant_id, type);
+
 create function check_organization_role_type(role_id varchar(21), target_type role_type) returns boolean as
 $$ begin
   return (select type from organization_roles where id = role_id) = target_type;

package/tables/roles.sql

@@ -19,6 +19,9 @@ create table roles (
 create index roles__id
   on roles (tenant_id, id);
 
+create index roles__type
+  on roles (tenant_id, type);
+
 create function public.check_role_type(role_id varchar(21), target_type role_type) returns boolean as
 $$ begin
   return (select type from public.roles where id = role_id) = target_type;

package/tables/sign_in_experiences.sql

@@ -7,6 +7,7 @@ create table sign_in_experiences (
   id varchar(21) not null,
   color jsonb /* @use Color */ not null,
   branding jsonb /* @use Branding */ not null,
+  hide_logto_branding boolean not null default false,
   language_info jsonb /* @use LanguageInfo */ not null,
   terms_of_use_url varchar(2048),
   privacy_policy_url varchar(2048),