@logto/schemas 1.36.0 → 1.37.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/alterations/1.37.0-1770295353-add-default-id-token-config.ts +30 -0
- package/alterations/1.37.0-1770361004-add-oidc-model-instances-session-account-id-indexes.ts +37 -0
- package/alterations/1.37.0-1770362227-add-client-id-column-to-oidc-session-extensions-table.ts +20 -0
- package/alterations-js/1.37.0-1770295353-add-default-id-token-config.js +23 -0
- package/alterations-js/1.37.0-1770361004-add-oidc-model-instances-session-account-id-indexes.js +31 -0
- package/alterations-js/1.37.0-1770362227-add-client-id-column-to-oidc-session-extensions-table.js +16 -0
- package/lib/db-entries/oidc-session-extension.d.ts +3 -1
- package/lib/db-entries/oidc-session-extension.js +4 -0
- package/lib/foundations/jsonb-types/account-centers.d.ts +5 -2
- package/lib/foundations/jsonb-types/account-centers.js +1 -0
- package/lib/foundations/jsonb-types/custom-profile-fields.d.ts +8 -8
- package/lib/foundations/jsonb-types/hooks.d.ts +4 -3
- package/lib/foundations/jsonb-types/hooks.js +2 -0
- package/lib/foundations/jsonb-types/logs.d.ts +0 -3
- package/lib/foundations/jsonb-types/logs.js +0 -1
- package/lib/foundations/jsonb-types/oidc-module.d.ts +328 -0
- package/lib/foundations/jsonb-types/oidc-module.js +42 -0
- package/lib/foundations/jsonb-types/saml-application-configs.d.ts +1 -1
- package/lib/foundations/jsonb-types/sentinel.d.ts +1 -1
- package/lib/foundations/jsonb-types/sentinel.js +1 -1
- package/lib/seeds/logto-config.d.ts +6 -1
- package/lib/seeds/logto-config.js +11 -0
- package/lib/types/custom-profile-fields.d.ts +39 -39
- package/lib/types/index.d.ts +1 -0
- package/lib/types/index.js +1 -0
- package/lib/types/interactions.d.ts +2 -2
- package/lib/types/logto-config/index.d.ts +1181 -82
- package/lib/types/logto-config/index.js +9 -0
- package/lib/types/logto-config/jwt-customizer.d.ts +2039 -116
- package/lib/types/logto-config/jwt-customizer.js +22 -2
- package/lib/types/logto-config/jwt-customizer.test.js +27 -1
- package/lib/types/logto-config/oidc-provider.d.ts +8 -8
- package/lib/types/saml-application.d.ts +7 -7
- package/lib/types/user-logto-config.d.ts +49 -0
- package/lib/types/user-logto-config.js +23 -0
- package/lib/types/user-sessions.d.ts +3208 -0
- package/lib/types/user-sessions.js +26 -0
- package/lib/types/verification-records/verification-type.d.ts +1 -0
- package/lib/types/verification-records/verification-type.js +1 -0
- package/lib/types/verification-records/web-authn-verification.d.ts +145 -8
- package/lib/types/verification-records/web-authn-verification.js +17 -3
- package/package.json +2 -2
- package/tables/oidc_model_instances.sql +7 -0
- package/tables/oidc_session_extensions.sql +1 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { jsonGuard, jsonObjectGuard, socialUserInfoGuard } from '@logto/connector-kit';
|
|
2
2
|
import { z } from 'zod';
|
|
3
|
-
import { Organizations, Roles, UserSsoIdentities, } from '../../db-entries/index.js';
|
|
3
|
+
import { Applications, Organizations, Roles, UserSsoIdentities, } from '../../db-entries/index.js';
|
|
4
4
|
import { mfaFactorsGuard } from '../../foundations/index.js';
|
|
5
5
|
import { InteractionEvent } from '../interactions.js';
|
|
6
6
|
import { GrantType } from '../oidc-config.js';
|
|
@@ -14,7 +14,7 @@ import { oneTimeTokenVerificationRecordDataGuard } from '../verification-records
|
|
|
14
14
|
import { passwordVerificationRecordDataGuard } from '../verification-records/password-verification.js';
|
|
15
15
|
import { socialVerificationRecordDataGuard } from '../verification-records/social-verification.js';
|
|
16
16
|
import { totpVerificationRecordDataGuard } from '../verification-records/totp-verification.js';
|
|
17
|
-
import { webAuthnVerificationRecordDataGuard } from '../verification-records/web-authn-verification.js';
|
|
17
|
+
import { webAuthnVerificationRecordDataGuard, signInWebAuthnVerificationRecordDataGuard, } from '../verification-records/web-authn-verification.js';
|
|
18
18
|
import { accessTokenPayloadGuard, clientCredentialsPayloadGuard } from './oidc-provider.js';
|
|
19
19
|
export const jwtCustomizerGuard = z.object({
|
|
20
20
|
script: z.string(),
|
|
@@ -85,6 +85,12 @@ const jwtCustomizerUserInteractionVerificationRecordGuard = z.discriminatedUnion
|
|
|
85
85
|
authenticationChallenge: true,
|
|
86
86
|
registrationInfo: true,
|
|
87
87
|
}),
|
|
88
|
+
signInWebAuthnVerificationRecordDataGuard.omit({
|
|
89
|
+
registrationChallenge: true,
|
|
90
|
+
authenticationChallenge: true,
|
|
91
|
+
registrationInfo: true,
|
|
92
|
+
authenticationRpId: true,
|
|
93
|
+
}),
|
|
88
94
|
oneTimeTokenVerificationRecordDataGuard,
|
|
89
95
|
newPasswordIdentityVerificationRecordDataGuard.omit({
|
|
90
96
|
passwordEncrypted: true,
|
|
@@ -95,6 +101,10 @@ export const jwtCustomizerUserInteractionContextGuard = z.object({
|
|
|
95
101
|
interactionEvent: z.nativeEnum(InteractionEvent),
|
|
96
102
|
userId: z.string(),
|
|
97
103
|
verificationRecords: jwtCustomizerUserInteractionVerificationRecordGuard.array(),
|
|
104
|
+
signInContext: z.record(z.string(), z.string()).optional(),
|
|
105
|
+
});
|
|
106
|
+
export const jwtCustomizerApplicationContextGuard = Applications.guard.omit({
|
|
107
|
+
secret: true,
|
|
98
108
|
});
|
|
99
109
|
export const accessTokenJwtCustomizerGuard = jwtCustomizerGuard
|
|
100
110
|
.extend({
|
|
@@ -105,6 +115,7 @@ export const accessTokenJwtCustomizerGuard = jwtCustomizerGuard
|
|
|
105
115
|
user: jwtCustomizerUserContextGuard.partial(),
|
|
106
116
|
grant: jwtCustomizerGrantContextGuard.partial().optional(),
|
|
107
117
|
interaction: jwtCustomizerUserInteractionContextGuard.partial().optional(),
|
|
118
|
+
application: jwtCustomizerApplicationContextGuard.partial().optional(),
|
|
108
119
|
})
|
|
109
120
|
.optional(),
|
|
110
121
|
})
|
|
@@ -113,6 +124,11 @@ export const clientCredentialsJwtCustomizerGuard = jwtCustomizerGuard
|
|
|
113
124
|
.extend({
|
|
114
125
|
// Use partial token guard since users customization may not rely on all fields.
|
|
115
126
|
tokenSample: clientCredentialsPayloadGuard.partial().optional(),
|
|
127
|
+
contextSample: z
|
|
128
|
+
.object({
|
|
129
|
+
application: jwtCustomizerApplicationContextGuard.partial().optional(),
|
|
130
|
+
})
|
|
131
|
+
.optional(),
|
|
116
132
|
})
|
|
117
133
|
.strict();
|
|
118
134
|
/**
|
|
@@ -133,6 +149,7 @@ export const jwtCustomizerTestRequestBodyGuard = z.discriminatedUnion('tokenType
|
|
|
133
149
|
tokenType: z.literal(LogtoJwtTokenKeyType.ClientCredentials),
|
|
134
150
|
...clientCredentialsJwtCustomizerGuard.pick({ environmentVariables: true, script: true }).shape,
|
|
135
151
|
token: clientCredentialsJwtCustomizerGuard.required().shape.tokenSample,
|
|
152
|
+
context: clientCredentialsJwtCustomizerGuard.required().shape.contextSample,
|
|
136
153
|
}),
|
|
137
154
|
]);
|
|
138
155
|
/**
|
|
@@ -153,6 +170,9 @@ export const customJwtFetcherGuard = z.discriminatedUnion('tokenType', [
|
|
|
153
170
|
}),
|
|
154
171
|
commonJwtCustomizerGuard.extend({
|
|
155
172
|
tokenType: z.literal(LogtoJwtTokenKeyType.ClientCredentials),
|
|
173
|
+
// TODO: @xiaoyijun Make `context` required once the application context feature is fully launched
|
|
174
|
+
// and all core instances are sending `context` for client credentials requests.
|
|
175
|
+
context: jsonObjectGuard.optional(),
|
|
156
176
|
}),
|
|
157
177
|
]);
|
|
158
178
|
export var CustomJwtErrorCode;
|
|
@@ -7,7 +7,12 @@ const optionalFields = ['environmentVariables', 'contextSample', 'tokenSample'];
|
|
|
7
7
|
const testClientCredentialsTokenPayload = {
|
|
8
8
|
script: '',
|
|
9
9
|
environmentVariables: {},
|
|
10
|
-
contextSample: {
|
|
10
|
+
contextSample: {
|
|
11
|
+
application: {
|
|
12
|
+
id: 'my-app',
|
|
13
|
+
name: 'My M2M App',
|
|
14
|
+
},
|
|
15
|
+
},
|
|
11
16
|
tokenSample: {},
|
|
12
17
|
};
|
|
13
18
|
const testAccessTokenPayload = {
|
|
@@ -75,4 +80,25 @@ describe('test token sample guard', () => {
|
|
|
75
80
|
});
|
|
76
81
|
expect(result.success).toBe(false);
|
|
77
82
|
});
|
|
83
|
+
it('should allow access token sample without interaction context', () => {
|
|
84
|
+
const result = accessTokenJwtCustomizerGuard.safeParse(testAccessTokenPayload);
|
|
85
|
+
expect(result.success).toBe(true);
|
|
86
|
+
});
|
|
87
|
+
it('should keep sign-in context in interaction context sample', () => {
|
|
88
|
+
const interactionContext = {
|
|
89
|
+
signInContext: { country: 'US' },
|
|
90
|
+
};
|
|
91
|
+
const result = accessTokenJwtCustomizerGuard.safeParse({
|
|
92
|
+
...testAccessTokenPayload,
|
|
93
|
+
contextSample: {
|
|
94
|
+
...testAccessTokenPayload.contextSample,
|
|
95
|
+
interaction: interactionContext,
|
|
96
|
+
},
|
|
97
|
+
});
|
|
98
|
+
expect(result.success).toBe(true);
|
|
99
|
+
if (!result.success) {
|
|
100
|
+
return;
|
|
101
|
+
}
|
|
102
|
+
expect(result.data.contextSample?.interaction).toEqual(expect.objectContaining(interactionContext));
|
|
103
|
+
});
|
|
78
104
|
});
|
|
@@ -21,28 +21,28 @@ export declare const accessTokenPayloadGuard: z.ZodObject<{
|
|
|
21
21
|
clientId: z.ZodOptional<z.ZodString>;
|
|
22
22
|
}, "strict", z.ZodTypeAny, {
|
|
23
23
|
grantId: string;
|
|
24
|
-
accountId: string;
|
|
25
24
|
jti: string;
|
|
26
|
-
gty: string;
|
|
27
25
|
kind: "AccessToken";
|
|
26
|
+
accountId: string;
|
|
27
|
+
gty: string;
|
|
28
28
|
aud: string | string[];
|
|
29
|
+
sid?: string | undefined;
|
|
29
30
|
scope?: string | undefined;
|
|
30
31
|
sessionUid?: string | undefined;
|
|
31
|
-
expiresWithSession?: boolean | undefined;
|
|
32
|
-
sid?: string | undefined;
|
|
33
32
|
clientId?: string | undefined;
|
|
33
|
+
expiresWithSession?: boolean | undefined;
|
|
34
34
|
}, {
|
|
35
35
|
grantId: string;
|
|
36
|
-
accountId: string;
|
|
37
36
|
jti: string;
|
|
38
|
-
gty: string;
|
|
39
37
|
kind: "AccessToken";
|
|
38
|
+
accountId: string;
|
|
39
|
+
gty: string;
|
|
40
40
|
aud: string | string[];
|
|
41
|
+
sid?: string | undefined;
|
|
41
42
|
scope?: string | undefined;
|
|
42
43
|
sessionUid?: string | undefined;
|
|
43
|
-
expiresWithSession?: boolean | undefined;
|
|
44
|
-
sid?: string | undefined;
|
|
45
44
|
clientId?: string | undefined;
|
|
45
|
+
expiresWithSession?: boolean | undefined;
|
|
46
46
|
}>;
|
|
47
47
|
export type AccessTokenPayload = z.infer<typeof accessTokenPayloadGuard>;
|
|
48
48
|
export declare const clientCredentialsPayloadGuard: z.ZodObject<{
|
|
@@ -4,7 +4,7 @@ export declare const samlApplicationCreateGuard: z.ZodObject<{
|
|
|
4
4
|
name: z.ZodType<string, z.ZodTypeDef, string>;
|
|
5
5
|
customData: z.ZodOptional<z.ZodOptional<z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>>;
|
|
6
6
|
description: z.ZodOptional<z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>>;
|
|
7
|
-
attributeMapping: z.ZodOptional<z.ZodType<Partial<Record<"name" | "
|
|
7
|
+
attributeMapping: z.ZodOptional<z.ZodType<Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>>, z.ZodTypeDef, Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>>>>;
|
|
8
8
|
entityId: z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>;
|
|
9
9
|
acsUrl: z.ZodOptional<z.ZodType<import("../foundations/index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../foundations/index.js").SamlAcsUrl | null>>;
|
|
10
10
|
encryption: z.ZodOptional<z.ZodType<{
|
|
@@ -23,7 +23,7 @@ export declare const samlApplicationCreateGuard: z.ZodObject<{
|
|
|
23
23
|
nameIdFormat: NameIdFormat;
|
|
24
24
|
customData?: import("@withtyped/server/lib/types.js").JsonObject;
|
|
25
25
|
description?: string | null;
|
|
26
|
-
attributeMapping?: Partial<Record<"name" | "
|
|
26
|
+
attributeMapping?: Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>> | undefined;
|
|
27
27
|
entityId?: string | null | undefined;
|
|
28
28
|
acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
|
|
29
29
|
encryption?: {
|
|
@@ -35,7 +35,7 @@ export declare const samlApplicationCreateGuard: z.ZodObject<{
|
|
|
35
35
|
name: string;
|
|
36
36
|
customData?: import("@withtyped/server/lib/types.js").JsonObject;
|
|
37
37
|
description?: string | null;
|
|
38
|
-
attributeMapping?: Partial<Record<"name" | "
|
|
38
|
+
attributeMapping?: Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>> | undefined;
|
|
39
39
|
entityId?: string | null | undefined;
|
|
40
40
|
acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
|
|
41
41
|
encryption?: {
|
|
@@ -50,7 +50,7 @@ export declare const samlApplicationPatchGuard: z.ZodObject<{
|
|
|
50
50
|
name: z.ZodOptional<z.ZodType<string, z.ZodTypeDef, string>>;
|
|
51
51
|
customData: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>>>;
|
|
52
52
|
description: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>>>;
|
|
53
|
-
attributeMapping: z.ZodOptional<z.ZodType<Partial<Record<"name" | "
|
|
53
|
+
attributeMapping: z.ZodOptional<z.ZodType<Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>>, z.ZodTypeDef, Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>>>>;
|
|
54
54
|
entityId: z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>;
|
|
55
55
|
acsUrl: z.ZodOptional<z.ZodType<import("../foundations/index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../foundations/index.js").SamlAcsUrl | null>>;
|
|
56
56
|
encryption: z.ZodOptional<z.ZodType<{
|
|
@@ -68,7 +68,7 @@ export declare const samlApplicationPatchGuard: z.ZodObject<{
|
|
|
68
68
|
name?: string | undefined;
|
|
69
69
|
customData?: import("@withtyped/server/lib/types.js").JsonObject;
|
|
70
70
|
description?: string | null;
|
|
71
|
-
attributeMapping?: Partial<Record<"name" | "
|
|
71
|
+
attributeMapping?: Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>> | undefined;
|
|
72
72
|
entityId?: string | null | undefined;
|
|
73
73
|
acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
|
|
74
74
|
encryption?: {
|
|
@@ -81,7 +81,7 @@ export declare const samlApplicationPatchGuard: z.ZodObject<{
|
|
|
81
81
|
name?: string | undefined;
|
|
82
82
|
customData?: import("@withtyped/server/lib/types.js").JsonObject;
|
|
83
83
|
description?: string | null;
|
|
84
|
-
attributeMapping?: Partial<Record<"name" | "
|
|
84
|
+
attributeMapping?: Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>> | undefined;
|
|
85
85
|
entityId?: string | null | undefined;
|
|
86
86
|
acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
|
|
87
87
|
encryption?: {
|
|
@@ -101,7 +101,7 @@ export declare const samlApplicationResponseGuard: z.ZodObject<{
|
|
|
101
101
|
customData: z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
|
|
102
102
|
description: z.ZodType<string | null, z.ZodTypeDef, string | null>;
|
|
103
103
|
isThirdParty: z.ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
104
|
-
attributeMapping: z.ZodType<Partial<Record<"name" | "
|
|
104
|
+
attributeMapping: z.ZodType<Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>>, z.ZodTypeDef, Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>>>;
|
|
105
105
|
entityId: z.ZodType<string | null, z.ZodTypeDef, string | null>;
|
|
106
106
|
acsUrl: z.ZodType<import("../foundations/index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../foundations/index.js").SamlAcsUrl | null>;
|
|
107
107
|
encryption: z.ZodType<{
|
|
@@ -3,11 +3,21 @@ import { z } from 'zod';
|
|
|
3
3
|
* The key for MFA-related data in user's logto_config
|
|
4
4
|
*/
|
|
5
5
|
export declare const userMfaDataKey = "mfa";
|
|
6
|
+
export declare const userPasskeySignInDataKey = "passkey_sign_in";
|
|
6
7
|
/**
|
|
7
8
|
* Schema for MFA-related data stored in user's logto_config
|
|
8
9
|
*/
|
|
9
10
|
export declare const userMfaDataGuard: z.ZodObject<{
|
|
11
|
+
/**
|
|
12
|
+
* Whether the user has skipped MFA binding flow
|
|
13
|
+
*/
|
|
10
14
|
skipped: z.ZodOptional<z.ZodBoolean>;
|
|
15
|
+
/**
|
|
16
|
+
* Whether the user has skipped MFA verification on sign-in
|
|
17
|
+
*
|
|
18
|
+
* Users can manually disable MFA verification requirement for sign-in,
|
|
19
|
+
* but if the MFA policy is set to mandatory, this setting will be ignored.
|
|
20
|
+
*/
|
|
11
21
|
skipMfaOnSignIn: z.ZodOptional<z.ZodBoolean>;
|
|
12
22
|
}, "strip", z.ZodTypeAny, {
|
|
13
23
|
skipped?: boolean | undefined;
|
|
@@ -17,12 +27,35 @@ export declare const userMfaDataGuard: z.ZodObject<{
|
|
|
17
27
|
skipMfaOnSignIn?: boolean | undefined;
|
|
18
28
|
}>;
|
|
19
29
|
export type UserMfaData = z.infer<typeof userMfaDataGuard>;
|
|
30
|
+
/**
|
|
31
|
+
* Schema for passkey sign-in related data stored in user's logto_config
|
|
32
|
+
*/
|
|
33
|
+
export declare const userPasskeySignInDataGuard: z.ZodObject<{
|
|
34
|
+
/**
|
|
35
|
+
* Whether the user has skipped binding passkey for sign-in persistently
|
|
36
|
+
*/
|
|
37
|
+
skipped: z.ZodOptional<z.ZodBoolean>;
|
|
38
|
+
}, "strip", z.ZodTypeAny, {
|
|
39
|
+
skipped?: boolean | undefined;
|
|
40
|
+
}, {
|
|
41
|
+
skipped?: boolean | undefined;
|
|
42
|
+
}>;
|
|
43
|
+
export type UserPasskeySignInData = z.infer<typeof userPasskeySignInDataGuard>;
|
|
20
44
|
/**
|
|
21
45
|
* Schema for user's logto_config field
|
|
22
46
|
*/
|
|
23
47
|
export declare const userLogtoConfigGuard: z.ZodObject<{
|
|
24
48
|
mfa: z.ZodOptional<z.ZodObject<{
|
|
49
|
+
/**
|
|
50
|
+
* Whether the user has skipped MFA binding flow
|
|
51
|
+
*/
|
|
25
52
|
skipped: z.ZodOptional<z.ZodBoolean>;
|
|
53
|
+
/**
|
|
54
|
+
* Whether the user has skipped MFA verification on sign-in
|
|
55
|
+
*
|
|
56
|
+
* Users can manually disable MFA verification requirement for sign-in,
|
|
57
|
+
* but if the MFA policy is set to mandatory, this setting will be ignored.
|
|
58
|
+
*/
|
|
26
59
|
skipMfaOnSignIn: z.ZodOptional<z.ZodBoolean>;
|
|
27
60
|
}, "strip", z.ZodTypeAny, {
|
|
28
61
|
skipped?: boolean | undefined;
|
|
@@ -31,15 +64,31 @@ export declare const userLogtoConfigGuard: z.ZodObject<{
|
|
|
31
64
|
skipped?: boolean | undefined;
|
|
32
65
|
skipMfaOnSignIn?: boolean | undefined;
|
|
33
66
|
}>>;
|
|
67
|
+
passkey_sign_in: z.ZodOptional<z.ZodObject<{
|
|
68
|
+
/**
|
|
69
|
+
* Whether the user has skipped binding passkey for sign-in persistently
|
|
70
|
+
*/
|
|
71
|
+
skipped: z.ZodOptional<z.ZodBoolean>;
|
|
72
|
+
}, "strip", z.ZodTypeAny, {
|
|
73
|
+
skipped?: boolean | undefined;
|
|
74
|
+
}, {
|
|
75
|
+
skipped?: boolean | undefined;
|
|
76
|
+
}>>;
|
|
34
77
|
}, "strip", z.ZodTypeAny, {
|
|
35
78
|
mfa?: {
|
|
36
79
|
skipped?: boolean | undefined;
|
|
37
80
|
skipMfaOnSignIn?: boolean | undefined;
|
|
38
81
|
} | undefined;
|
|
82
|
+
passkey_sign_in?: {
|
|
83
|
+
skipped?: boolean | undefined;
|
|
84
|
+
} | undefined;
|
|
39
85
|
}, {
|
|
40
86
|
mfa?: {
|
|
41
87
|
skipped?: boolean | undefined;
|
|
42
88
|
skipMfaOnSignIn?: boolean | undefined;
|
|
43
89
|
} | undefined;
|
|
90
|
+
passkey_sign_in?: {
|
|
91
|
+
skipped?: boolean | undefined;
|
|
92
|
+
} | undefined;
|
|
44
93
|
}>;
|
|
45
94
|
export type UserLogtoConfig = z.infer<typeof userLogtoConfigGuard>;
|
|
@@ -3,16 +3,39 @@ import { z } from 'zod';
|
|
|
3
3
|
* The key for MFA-related data in user's logto_config
|
|
4
4
|
*/
|
|
5
5
|
export const userMfaDataKey = 'mfa';
|
|
6
|
+
/*
|
|
7
|
+
* The key for passkey sign-in data in user's logto_config
|
|
8
|
+
*/
|
|
9
|
+
export const userPasskeySignInDataKey = 'passkey_sign_in';
|
|
6
10
|
/**
|
|
7
11
|
* Schema for MFA-related data stored in user's logto_config
|
|
8
12
|
*/
|
|
9
13
|
export const userMfaDataGuard = z.object({
|
|
14
|
+
/**
|
|
15
|
+
* Whether the user has skipped MFA binding flow
|
|
16
|
+
*/
|
|
10
17
|
skipped: z.boolean().optional(),
|
|
18
|
+
/**
|
|
19
|
+
* Whether the user has skipped MFA verification on sign-in
|
|
20
|
+
*
|
|
21
|
+
* Users can manually disable MFA verification requirement for sign-in,
|
|
22
|
+
* but if the MFA policy is set to mandatory, this setting will be ignored.
|
|
23
|
+
*/
|
|
11
24
|
skipMfaOnSignIn: z.boolean().optional(),
|
|
12
25
|
});
|
|
26
|
+
/**
|
|
27
|
+
* Schema for passkey sign-in related data stored in user's logto_config
|
|
28
|
+
*/
|
|
29
|
+
export const userPasskeySignInDataGuard = z.object({
|
|
30
|
+
/**
|
|
31
|
+
* Whether the user has skipped binding passkey for sign-in persistently
|
|
32
|
+
*/
|
|
33
|
+
skipped: z.boolean().optional(),
|
|
34
|
+
});
|
|
13
35
|
/**
|
|
14
36
|
* Schema for user's logto_config field
|
|
15
37
|
*/
|
|
16
38
|
export const userLogtoConfigGuard = z.object({
|
|
17
39
|
[userMfaDataKey]: userMfaDataGuard.optional(),
|
|
40
|
+
[userPasskeySignInDataKey]: userPasskeySignInDataGuard.optional(),
|
|
18
41
|
});
|