@logto/schemas 1.37.0 → 1.38.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/alterations/1.38.0-1772615848-add-oidc-model-instances-grant-id-partial-index.ts +26 -0
  2. package/alterations/1.38.0-1772619963-tune-oidc-model-instances-autovacuum.ts +28 -0
  3. package/alterations/1.38.0-1772621060-add-oidc-model-instances-grant-account-id-index.ts +26 -0
  4. package/alterations-js/1.38.0-1772615848-add-oidc-model-instances-grant-id-partial-index.js +22 -0
  5. package/alterations-js/1.38.0-1772619963-tune-oidc-model-instances-autovacuum.js +24 -0
  6. package/alterations-js/1.38.0-1772621060-add-oidc-model-instances-grant-account-id-index.js +22 -0
  7. package/lib/consts/cookie.d.ts +1 -0
  8. package/lib/consts/cookie.js +1 -0
  9. package/lib/consts/experience.d.ts +1 -0
  10. package/lib/consts/experience.js +1 -0
  11. package/lib/consts/oidc.d.ts +3 -0
  12. package/lib/consts/oidc.js +3 -0
  13. package/lib/consts/system.d.ts +4 -0
  14. package/lib/consts/system.js +4 -0
  15. package/lib/foundations/jsonb-types/oidc-module.d.ts +26 -7
  16. package/lib/foundations/jsonb-types/oidc-module.js +16 -1
  17. package/lib/foundations/jsonb-types/sign-in-experience.d.ts +10 -6
  18. package/lib/foundations/jsonb-types/sign-in-experience.js +6 -2
  19. package/lib/seeds/application.d.ts +3 -1
  20. package/lib/seeds/application.js +26 -1
  21. package/lib/types/application.d.ts +12 -0
  22. package/lib/types/connector.d.ts +8 -0
  23. package/lib/types/consent.d.ts +11 -3
  24. package/lib/types/consent.js +2 -1
  25. package/lib/types/log/interaction.d.ts +4 -2
  26. package/lib/types/log/interaction.js +2 -0
  27. package/lib/types/log/token.d.ts +5 -3
  28. package/lib/types/log/token.js +2 -0
  29. package/lib/types/logto-config/index.d.ts +276 -13
  30. package/lib/types/logto-config/index.js +6 -0
  31. package/lib/types/logto-config/jwt-customizer.d.ts +778 -253
  32. package/lib/types/logto-config/jwt-customizer.js +7 -3
  33. package/lib/types/oidc-config.d.ts +2 -1
  34. package/lib/types/oidc-config.js +1 -0
  35. package/lib/types/sign-in-experience.d.ts +6 -2
  36. package/lib/types/user-logto-config.d.ts +38 -0
  37. package/lib/types/user-logto-config.js +13 -0
  38. package/lib/types/user-sessions.d.ts +712 -112
  39. package/lib/types/user-sessions.js +33 -2
  40. package/lib/types/verification-records/verification-type.d.ts +1 -1
  41. package/lib/types/verification-records/verification-type.js +1 -1
  42. package/lib/types/verification-records/web-authn-verification.d.ts +11 -11
  43. package/lib/types/verification-records/web-authn-verification.js +3 -3
  44. package/package.json +9 -8
  45. package/tables/oidc_model_instances.sql +16 -0
package/lib/types/logto-config/index.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import { extendedIdTokenClaims } from '@logto/core-kit';
2
+ import { type Nullable, type Optional } from '@silverhand/essentials';
2
3
  import type { ZodType } from 'zod';
3
4
  import { z } from 'zod';
4
5
  import { type AccessTokenJwtCustomizer, type ClientCredentialsJwtCustomizer } from './jwt-customizer.js';
@@ -16,7 +17,8 @@ export declare enum LogtoOidcConfigKeyType {
16
17
  */
17
18
  export declare enum LogtoOidcConfigKey {
18
19
  PrivateKeys = "oidc.privateKeys",
19
- CookieKeys = "oidc.cookieKeys"
20
+ CookieKeys = "oidc.cookieKeys",
21
+ Session = "oidc.session"
20
22
  }
21
23
  /**
22
24
  * Logto supported signing key algorithms for OIDC private keys that sign JWT tokens.
@@ -39,12 +41,21 @@ export declare const oidcConfigKeyGuard: z.ZodObject<{
39
41
  createdAt: number;
40
42
  }>;
41
43
  export type OidcConfigKey = z.infer<typeof oidcConfigKeyGuard>;
44
+ export declare const oidcSessionConfigGuard: z.ZodObject<{
45
+ ttl: z.ZodOptional<z.ZodNumber>;
46
+ }, "strip", z.ZodTypeAny, {
47
+ ttl?: number | undefined;
48
+ }, {
49
+ ttl?: number | undefined;
50
+ }>;
51
+ export type OidcSessionConfig = z.infer<typeof oidcSessionConfigGuard>;
42
52
  export type LogtoOidcConfigType = {
43
53
  [LogtoOidcConfigKey.PrivateKeys]: OidcConfigKey[];
44
54
  [LogtoOidcConfigKey.CookieKeys]: OidcConfigKey[];
55
+ [LogtoOidcConfigKey.Session]: OidcSessionConfig;
45
56
  };
46
57
  export declare const logtoOidcConfigGuard: Readonly<{
47
- [key in LogtoOidcConfigKey]: ZodType<LogtoOidcConfigType[key]>;
58
+ [key in LogtoOidcConfigKey]: ZodType<LogtoOidcConfigType[key], z.ZodTypeDef, Optional<Nullable<LogtoOidcConfigType[key]>>>;
48
59
  }>;
49
60
  export declare enum LogtoJwtTokenKey {
50
61
  AccessToken = "jwt.accessToken",
@@ -533,6 +544,74 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
533
544
  };
534
545
  templateType: import("@logto/connector-kit").TemplateType;
535
546
  verified: boolean;
547
+ }>, z.ZodObject<{
548
+ id: z.ZodString;
549
+ templateType: z.ZodNativeEnum<typeof import("@logto/connector-kit").TemplateType>;
550
+ verified: z.ZodBoolean;
551
+ } & {
552
+ type: z.ZodLiteral<import("../index.js").VerificationType.MfaEmailVerificationCode>;
553
+ identifier: z.ZodObject<{
554
+ type: z.ZodLiteral<import("../../index.js").SignInIdentifier.Email>;
555
+ value: z.ZodString;
556
+ }, "strip", z.ZodTypeAny, {
557
+ value: string;
558
+ type: import("../../index.js").SignInIdentifier.Email;
559
+ }, {
560
+ value: string;
561
+ type: import("../../index.js").SignInIdentifier.Email;
562
+ }>;
563
+ }, "strip", z.ZodTypeAny, {
564
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
565
+ id: string;
566
+ identifier: {
567
+ value: string;
568
+ type: import("../../index.js").SignInIdentifier.Email;
569
+ };
570
+ templateType: import("@logto/connector-kit").TemplateType;
571
+ verified: boolean;
572
+ }, {
573
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
574
+ id: string;
575
+ identifier: {
576
+ value: string;
577
+ type: import("../../index.js").SignInIdentifier.Email;
578
+ };
579
+ templateType: import("@logto/connector-kit").TemplateType;
580
+ verified: boolean;
581
+ }>, z.ZodObject<{
582
+ id: z.ZodString;
583
+ templateType: z.ZodNativeEnum<typeof import("@logto/connector-kit").TemplateType>;
584
+ verified: z.ZodBoolean;
585
+ } & {
586
+ type: z.ZodLiteral<import("../index.js").VerificationType.MfaPhoneVerificationCode>;
587
+ identifier: z.ZodObject<{
588
+ type: z.ZodLiteral<import("../../index.js").SignInIdentifier.Phone>;
589
+ value: z.ZodString;
590
+ }, "strip", z.ZodTypeAny, {
591
+ value: string;
592
+ type: import("../../index.js").SignInIdentifier.Phone;
593
+ }, {
594
+ value: string;
595
+ type: import("../../index.js").SignInIdentifier.Phone;
596
+ }>;
597
+ }, "strip", z.ZodTypeAny, {
598
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
599
+ id: string;
600
+ identifier: {
601
+ value: string;
602
+ type: import("../../index.js").SignInIdentifier.Phone;
603
+ };
604
+ templateType: import("@logto/connector-kit").TemplateType;
605
+ verified: boolean;
606
+ }, {
607
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
608
+ id: string;
609
+ identifier: {
610
+ value: string;
611
+ type: import("../../index.js").SignInIdentifier.Phone;
612
+ };
613
+ templateType: import("@logto/connector-kit").TemplateType;
614
+ verified: boolean;
536
615
  }>, z.ZodObject<Omit<{
537
616
  id: z.ZodString;
538
617
  connectorId: z.ZodString;
@@ -810,17 +889,17 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
810
889
  name?: string | undefined;
811
890
  }>>;
812
891
  } & {
813
- type: z.ZodLiteral<import("../index.js").VerificationType.SignInWebAuthn>;
892
+ type: z.ZodLiteral<import("../index.js").VerificationType.SignInPasskey>;
814
893
  userId: z.ZodOptional<z.ZodString>;
815
894
  authenticationRpId: z.ZodOptional<z.ZodString>;
816
895
  }, "registrationChallenge" | "authenticationChallenge" | "registrationInfo" | "authenticationRpId">, "strip", z.ZodTypeAny, {
817
- type: import("../index.js").VerificationType.SignInWebAuthn;
896
+ type: import("../index.js").VerificationType.SignInPasskey;
818
897
  id: string;
819
898
  verified: boolean;
820
899
  userId?: string | undefined;
821
900
  registrationRpId?: string | undefined;
822
901
  }, {
823
- type: import("../index.js").VerificationType.SignInWebAuthn;
902
+ type: import("../index.js").VerificationType.SignInPasskey;
824
903
  id: string;
825
904
  verified: boolean;
826
905
  userId?: string | undefined;
@@ -925,6 +1004,24 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
925
1004
  };
926
1005
  templateType: import("@logto/connector-kit").TemplateType;
927
1006
  verified: boolean;
1007
+ } | {
1008
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
1009
+ id: string;
1010
+ identifier: {
1011
+ value: string;
1012
+ type: import("../../index.js").SignInIdentifier.Email;
1013
+ };
1014
+ templateType: import("@logto/connector-kit").TemplateType;
1015
+ verified: boolean;
1016
+ } | {
1017
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
1018
+ id: string;
1019
+ identifier: {
1020
+ value: string;
1021
+ type: import("../../index.js").SignInIdentifier.Phone;
1022
+ };
1023
+ templateType: import("@logto/connector-kit").TemplateType;
1024
+ verified: boolean;
928
1025
  } | {
929
1026
  type: import("../index.js").VerificationType.NewPasswordIdentity;
930
1027
  id: string;
@@ -988,7 +1085,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
988
1085
  verified: boolean;
989
1086
  registrationRpId?: string | undefined;
990
1087
  } | {
991
- type: import("../index.js").VerificationType.SignInWebAuthn;
1088
+ type: import("../index.js").VerificationType.SignInPasskey;
992
1089
  id: string;
993
1090
  verified: boolean;
994
1091
  userId?: string | undefined;
@@ -1021,6 +1118,24 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1021
1118
  };
1022
1119
  templateType: import("@logto/connector-kit").TemplateType;
1023
1120
  verified: boolean;
1121
+ } | {
1122
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
1123
+ id: string;
1124
+ identifier: {
1125
+ value: string;
1126
+ type: import("../../index.js").SignInIdentifier.Email;
1127
+ };
1128
+ templateType: import("@logto/connector-kit").TemplateType;
1129
+ verified: boolean;
1130
+ } | {
1131
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
1132
+ id: string;
1133
+ identifier: {
1134
+ value: string;
1135
+ type: import("../../index.js").SignInIdentifier.Phone;
1136
+ };
1137
+ templateType: import("@logto/connector-kit").TemplateType;
1138
+ verified: boolean;
1024
1139
  } | {
1025
1140
  type: import("../index.js").VerificationType.NewPasswordIdentity;
1026
1141
  id: string;
@@ -1084,7 +1199,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1084
1199
  verified: boolean;
1085
1200
  registrationRpId?: string | undefined;
1086
1201
  } | {
1087
- type: import("../index.js").VerificationType.SignInWebAuthn;
1202
+ type: import("../index.js").VerificationType.SignInPasskey;
1088
1203
  id: string;
1089
1204
  verified: boolean;
1090
1205
  userId?: string | undefined;
@@ -1110,6 +1225,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1110
1225
  alwaysIssueRefreshToken?: boolean | undefined;
1111
1226
  rotateRefreshToken?: boolean | undefined;
1112
1227
  allowTokenExchange?: boolean | undefined;
1228
+ isDeviceFlow?: boolean | undefined;
1229
+ maxAllowedGrants?: number | undefined;
1113
1230
  }, z.ZodTypeDef, {
1114
1231
  corsAllowedOrigins?: string[] | undefined;
1115
1232
  idTokenTtl?: number | undefined;
@@ -1119,6 +1236,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1119
1236
  alwaysIssueRefreshToken?: boolean | undefined;
1120
1237
  rotateRefreshToken?: boolean | undefined;
1121
1238
  allowTokenExchange?: boolean | undefined;
1239
+ isDeviceFlow?: boolean | undefined;
1240
+ maxAllowedGrants?: number | undefined;
1122
1241
  }>>;
1123
1242
  protectedAppMetadata: z.ZodOptional<ZodType<{
1124
1243
  host: string;
@@ -1196,6 +1315,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1196
1315
  alwaysIssueRefreshToken?: boolean | undefined;
1197
1316
  rotateRefreshToken?: boolean | undefined;
1198
1317
  allowTokenExchange?: boolean | undefined;
1318
+ isDeviceFlow?: boolean | undefined;
1319
+ maxAllowedGrants?: number | undefined;
1199
1320
  } | undefined;
1200
1321
  protectedAppMetadata?: {
1201
1322
  host: string;
@@ -1245,6 +1366,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1245
1366
  alwaysIssueRefreshToken?: boolean | undefined;
1246
1367
  rotateRefreshToken?: boolean | undefined;
1247
1368
  allowTokenExchange?: boolean | undefined;
1369
+ isDeviceFlow?: boolean | undefined;
1370
+ maxAllowedGrants?: number | undefined;
1248
1371
  } | undefined;
1249
1372
  protectedAppMetadata?: {
1250
1373
  host: string;
@@ -1364,6 +1487,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1364
1487
  alwaysIssueRefreshToken?: boolean | undefined;
1365
1488
  rotateRefreshToken?: boolean | undefined;
1366
1489
  allowTokenExchange?: boolean | undefined;
1490
+ isDeviceFlow?: boolean | undefined;
1491
+ maxAllowedGrants?: number | undefined;
1367
1492
  } | undefined;
1368
1493
  protectedAppMetadata?: {
1369
1494
  host: string;
@@ -1426,6 +1551,24 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1426
1551
  };
1427
1552
  templateType: import("@logto/connector-kit").TemplateType;
1428
1553
  verified: boolean;
1554
+ } | {
1555
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
1556
+ id: string;
1557
+ identifier: {
1558
+ value: string;
1559
+ type: import("../../index.js").SignInIdentifier.Email;
1560
+ };
1561
+ templateType: import("@logto/connector-kit").TemplateType;
1562
+ verified: boolean;
1563
+ } | {
1564
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
1565
+ id: string;
1566
+ identifier: {
1567
+ value: string;
1568
+ type: import("../../index.js").SignInIdentifier.Phone;
1569
+ };
1570
+ templateType: import("@logto/connector-kit").TemplateType;
1571
+ verified: boolean;
1429
1572
  } | {
1430
1573
  type: import("../index.js").VerificationType.NewPasswordIdentity;
1431
1574
  id: string;
@@ -1489,7 +1632,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1489
1632
  verified: boolean;
1490
1633
  registrationRpId?: string | undefined;
1491
1634
  } | {
1492
- type: import("../index.js").VerificationType.SignInWebAuthn;
1635
+ type: import("../index.js").VerificationType.SignInPasskey;
1493
1636
  id: string;
1494
1637
  verified: boolean;
1495
1638
  userId?: string | undefined;
@@ -1584,6 +1727,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1584
1727
  alwaysIssueRefreshToken?: boolean | undefined;
1585
1728
  rotateRefreshToken?: boolean | undefined;
1586
1729
  allowTokenExchange?: boolean | undefined;
1730
+ isDeviceFlow?: boolean | undefined;
1731
+ maxAllowedGrants?: number | undefined;
1587
1732
  } | undefined;
1588
1733
  protectedAppMetadata?: {
1589
1734
  host: string;
@@ -1646,6 +1791,24 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1646
1791
  };
1647
1792
  templateType: import("@logto/connector-kit").TemplateType;
1648
1793
  verified: boolean;
1794
+ } | {
1795
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
1796
+ id: string;
1797
+ identifier: {
1798
+ value: string;
1799
+ type: import("../../index.js").SignInIdentifier.Email;
1800
+ };
1801
+ templateType: import("@logto/connector-kit").TemplateType;
1802
+ verified: boolean;
1803
+ } | {
1804
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
1805
+ id: string;
1806
+ identifier: {
1807
+ value: string;
1808
+ type: import("../../index.js").SignInIdentifier.Phone;
1809
+ };
1810
+ templateType: import("@logto/connector-kit").TemplateType;
1811
+ verified: boolean;
1649
1812
  } | {
1650
1813
  type: import("../index.js").VerificationType.NewPasswordIdentity;
1651
1814
  id: string;
@@ -1709,7 +1872,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1709
1872
  verified: boolean;
1710
1873
  registrationRpId?: string | undefined;
1711
1874
  } | {
1712
- type: import("../index.js").VerificationType.SignInWebAuthn;
1875
+ type: import("../index.js").VerificationType.SignInPasskey;
1713
1876
  id: string;
1714
1877
  verified: boolean;
1715
1878
  userId?: string | undefined;
@@ -1808,6 +1971,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1808
1971
  alwaysIssueRefreshToken?: boolean | undefined;
1809
1972
  rotateRefreshToken?: boolean | undefined;
1810
1973
  allowTokenExchange?: boolean | undefined;
1974
+ isDeviceFlow?: boolean | undefined;
1975
+ maxAllowedGrants?: number | undefined;
1811
1976
  } | undefined;
1812
1977
  protectedAppMetadata?: {
1813
1978
  host: string;
@@ -1870,6 +2035,24 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1870
2035
  };
1871
2036
  templateType: import("@logto/connector-kit").TemplateType;
1872
2037
  verified: boolean;
2038
+ } | {
2039
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
2040
+ id: string;
2041
+ identifier: {
2042
+ value: string;
2043
+ type: import("../../index.js").SignInIdentifier.Email;
2044
+ };
2045
+ templateType: import("@logto/connector-kit").TemplateType;
2046
+ verified: boolean;
2047
+ } | {
2048
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
2049
+ id: string;
2050
+ identifier: {
2051
+ value: string;
2052
+ type: import("../../index.js").SignInIdentifier.Phone;
2053
+ };
2054
+ templateType: import("@logto/connector-kit").TemplateType;
2055
+ verified: boolean;
1873
2056
  } | {
1874
2057
  type: import("../index.js").VerificationType.NewPasswordIdentity;
1875
2058
  id: string;
@@ -1933,7 +2116,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1933
2116
  verified: boolean;
1934
2117
  registrationRpId?: string | undefined;
1935
2118
  } | {
1936
- type: import("../index.js").VerificationType.SignInWebAuthn;
2119
+ type: import("../index.js").VerificationType.SignInPasskey;
1937
2120
  id: string;
1938
2121
  verified: boolean;
1939
2122
  userId?: string | undefined;
@@ -2045,6 +2228,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2045
2228
  alwaysIssueRefreshToken?: boolean | undefined;
2046
2229
  rotateRefreshToken?: boolean | undefined;
2047
2230
  allowTokenExchange?: boolean | undefined;
2231
+ isDeviceFlow?: boolean | undefined;
2232
+ maxAllowedGrants?: number | undefined;
2048
2233
  } | undefined;
2049
2234
  protectedAppMetadata?: {
2050
2235
  host: string;
@@ -2107,6 +2292,24 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2107
2292
  };
2108
2293
  templateType: import("@logto/connector-kit").TemplateType;
2109
2294
  verified: boolean;
2295
+ } | {
2296
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
2297
+ id: string;
2298
+ identifier: {
2299
+ value: string;
2300
+ type: import("../../index.js").SignInIdentifier.Email;
2301
+ };
2302
+ templateType: import("@logto/connector-kit").TemplateType;
2303
+ verified: boolean;
2304
+ } | {
2305
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
2306
+ id: string;
2307
+ identifier: {
2308
+ value: string;
2309
+ type: import("../../index.js").SignInIdentifier.Phone;
2310
+ };
2311
+ templateType: import("@logto/connector-kit").TemplateType;
2312
+ verified: boolean;
2110
2313
  } | {
2111
2314
  type: import("../index.js").VerificationType.NewPasswordIdentity;
2112
2315
  id: string;
@@ -2170,7 +2373,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2170
2373
  verified: boolean;
2171
2374
  registrationRpId?: string | undefined;
2172
2375
  } | {
2173
- type: import("../index.js").VerificationType.SignInWebAuthn;
2376
+ type: import("../index.js").VerificationType.SignInPasskey;
2174
2377
  id: string;
2175
2378
  verified: boolean;
2176
2379
  userId?: string | undefined;
@@ -2284,6 +2487,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2284
2487
  alwaysIssueRefreshToken?: boolean | undefined;
2285
2488
  rotateRefreshToken?: boolean | undefined;
2286
2489
  allowTokenExchange?: boolean | undefined;
2490
+ isDeviceFlow?: boolean | undefined;
2491
+ maxAllowedGrants?: number | undefined;
2287
2492
  } | undefined;
2288
2493
  protectedAppMetadata?: {
2289
2494
  host: string;
@@ -2346,6 +2551,24 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2346
2551
  };
2347
2552
  templateType: import("@logto/connector-kit").TemplateType;
2348
2553
  verified: boolean;
2554
+ } | {
2555
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
2556
+ id: string;
2557
+ identifier: {
2558
+ value: string;
2559
+ type: import("../../index.js").SignInIdentifier.Email;
2560
+ };
2561
+ templateType: import("@logto/connector-kit").TemplateType;
2562
+ verified: boolean;
2563
+ } | {
2564
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
2565
+ id: string;
2566
+ identifier: {
2567
+ value: string;
2568
+ type: import("../../index.js").SignInIdentifier.Phone;
2569
+ };
2570
+ templateType: import("@logto/connector-kit").TemplateType;
2571
+ verified: boolean;
2349
2572
  } | {
2350
2573
  type: import("../index.js").VerificationType.NewPasswordIdentity;
2351
2574
  id: string;
@@ -2409,7 +2632,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2409
2632
  verified: boolean;
2410
2633
  registrationRpId?: string | undefined;
2411
2634
  } | {
2412
- type: import("../index.js").VerificationType.SignInWebAuthn;
2635
+ type: import("../index.js").VerificationType.SignInPasskey;
2413
2636
  id: string;
2414
2637
  verified: boolean;
2415
2638
  userId?: string | undefined;
@@ -2524,6 +2747,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2524
2747
  alwaysIssueRefreshToken?: boolean | undefined;
2525
2748
  rotateRefreshToken?: boolean | undefined;
2526
2749
  allowTokenExchange?: boolean | undefined;
2750
+ isDeviceFlow?: boolean | undefined;
2751
+ maxAllowedGrants?: number | undefined;
2527
2752
  } | undefined;
2528
2753
  protectedAppMetadata?: {
2529
2754
  host: string;
@@ -2586,6 +2811,24 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2586
2811
  };
2587
2812
  templateType: import("@logto/connector-kit").TemplateType;
2588
2813
  verified: boolean;
2814
+ } | {
2815
+ type: import("../index.js").VerificationType.MfaEmailVerificationCode;
2816
+ id: string;
2817
+ identifier: {
2818
+ value: string;
2819
+ type: import("../../index.js").SignInIdentifier.Email;
2820
+ };
2821
+ templateType: import("@logto/connector-kit").TemplateType;
2822
+ verified: boolean;
2823
+ } | {
2824
+ type: import("../index.js").VerificationType.MfaPhoneVerificationCode;
2825
+ id: string;
2826
+ identifier: {
2827
+ value: string;
2828
+ type: import("../../index.js").SignInIdentifier.Phone;
2829
+ };
2830
+ templateType: import("@logto/connector-kit").TemplateType;
2831
+ verified: boolean;
2589
2832
  } | {
2590
2833
  type: import("../index.js").VerificationType.NewPasswordIdentity;
2591
2834
  id: string;
@@ -2649,7 +2892,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2649
2892
  verified: boolean;
2650
2893
  registrationRpId?: string | undefined;
2651
2894
  } | {
2652
- type: import("../index.js").VerificationType.SignInWebAuthn;
2895
+ type: import("../index.js").VerificationType.SignInPasskey;
2653
2896
  id: string;
2654
2897
  verified: boolean;
2655
2898
  userId?: string | undefined;
@@ -2717,6 +2960,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2717
2960
  alwaysIssueRefreshToken?: boolean | undefined;
2718
2961
  rotateRefreshToken?: boolean | undefined;
2719
2962
  allowTokenExchange?: boolean | undefined;
2963
+ isDeviceFlow?: boolean | undefined;
2964
+ maxAllowedGrants?: number | undefined;
2720
2965
  }, z.ZodTypeDef, {
2721
2966
  corsAllowedOrigins?: string[] | undefined;
2722
2967
  idTokenTtl?: number | undefined;
@@ -2726,6 +2971,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2726
2971
  alwaysIssueRefreshToken?: boolean | undefined;
2727
2972
  rotateRefreshToken?: boolean | undefined;
2728
2973
  allowTokenExchange?: boolean | undefined;
2974
+ isDeviceFlow?: boolean | undefined;
2975
+ maxAllowedGrants?: number | undefined;
2729
2976
  }>>;
2730
2977
  protectedAppMetadata: z.ZodOptional<ZodType<{
2731
2978
  host: string;
@@ -2803,6 +3050,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2803
3050
  alwaysIssueRefreshToken?: boolean | undefined;
2804
3051
  rotateRefreshToken?: boolean | undefined;
2805
3052
  allowTokenExchange?: boolean | undefined;
3053
+ isDeviceFlow?: boolean | undefined;
3054
+ maxAllowedGrants?: number | undefined;
2806
3055
  } | undefined;
2807
3056
  protectedAppMetadata?: {
2808
3057
  host: string;
@@ -2852,6 +3101,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2852
3101
  alwaysIssueRefreshToken?: boolean | undefined;
2853
3102
  rotateRefreshToken?: boolean | undefined;
2854
3103
  allowTokenExchange?: boolean | undefined;
3104
+ isDeviceFlow?: boolean | undefined;
3105
+ maxAllowedGrants?: number | undefined;
2855
3106
  } | undefined;
2856
3107
  protectedAppMetadata?: {
2857
3108
  host: string;
@@ -2903,6 +3154,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2903
3154
  alwaysIssueRefreshToken?: boolean | undefined;
2904
3155
  rotateRefreshToken?: boolean | undefined;
2905
3156
  allowTokenExchange?: boolean | undefined;
3157
+ isDeviceFlow?: boolean | undefined;
3158
+ maxAllowedGrants?: number | undefined;
2906
3159
  } | undefined;
2907
3160
  protectedAppMetadata?: {
2908
3161
  host: string;
@@ -2954,6 +3207,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2954
3207
  alwaysIssueRefreshToken?: boolean | undefined;
2955
3208
  rotateRefreshToken?: boolean | undefined;
2956
3209
  allowTokenExchange?: boolean | undefined;
3210
+ isDeviceFlow?: boolean | undefined;
3211
+ maxAllowedGrants?: number | undefined;
2957
3212
  } | undefined;
2958
3213
  protectedAppMetadata?: {
2959
3214
  host: string;
@@ -3009,6 +3264,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
3009
3264
  alwaysIssueRefreshToken?: boolean | undefined;
3010
3265
  rotateRefreshToken?: boolean | undefined;
3011
3266
  allowTokenExchange?: boolean | undefined;
3267
+ isDeviceFlow?: boolean | undefined;
3268
+ maxAllowedGrants?: number | undefined;
3012
3269
  } | undefined;
3013
3270
  protectedAppMetadata?: {
3014
3271
  host: string;
@@ -3071,6 +3328,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
3071
3328
  alwaysIssueRefreshToken?: boolean | undefined;
3072
3329
  rotateRefreshToken?: boolean | undefined;
3073
3330
  allowTokenExchange?: boolean | undefined;
3331
+ isDeviceFlow?: boolean | undefined;
3332
+ maxAllowedGrants?: number | undefined;
3074
3333
  } | undefined;
3075
3334
  protectedAppMetadata?: {
3076
3335
  host: string;
@@ -3135,6 +3394,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
3135
3394
  alwaysIssueRefreshToken?: boolean | undefined;
3136
3395
  rotateRefreshToken?: boolean | undefined;
3137
3396
  allowTokenExchange?: boolean | undefined;
3397
+ isDeviceFlow?: boolean | undefined;
3398
+ maxAllowedGrants?: number | undefined;
3138
3399
  } | undefined;
3139
3400
  protectedAppMetadata?: {
3140
3401
  host: string;
@@ -3200,6 +3461,8 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
3200
3461
  alwaysIssueRefreshToken?: boolean | undefined;
3201
3462
  rotateRefreshToken?: boolean | undefined;
3202
3463
  allowTokenExchange?: boolean | undefined;
3464
+ isDeviceFlow?: boolean | undefined;
3465
+ maxAllowedGrants?: number | undefined;
3203
3466
  } | undefined;
3204
3467
  protectedAppMetadata?: {
3205
3468
  host: string;
package/lib/types/logto-config/index.js CHANGED
@@ -18,6 +18,7 @@ export var LogtoOidcConfigKey;
18
18
  (function (LogtoOidcConfigKey) {
19
19
  LogtoOidcConfigKey["PrivateKeys"] = "oidc.privateKeys";
20
20
  LogtoOidcConfigKey["CookieKeys"] = "oidc.cookieKeys";
21
+ LogtoOidcConfigKey["Session"] = "oidc.session";
21
22
  })(LogtoOidcConfigKey || (LogtoOidcConfigKey = {}));
22
23
  /**
23
24
  * Logto supported signing key algorithms for OIDC private keys that sign JWT tokens.
@@ -32,9 +33,14 @@ export const oidcConfigKeyGuard = z.object({
32
33
  value: z.string(),
33
34
  createdAt: z.number(),
34
35
  });
36
+ export const oidcSessionConfigGuard = z.object({
37
+ ttl: z.number().int().min(1).max(31_536_000).optional(),
38
+ });
35
39
  export const logtoOidcConfigGuard = Object.freeze({
36
40
  [LogtoOidcConfigKey.PrivateKeys]: oidcConfigKeyGuard.array(),
37
41
  [LogtoOidcConfigKey.CookieKeys]: oidcConfigKeyGuard.array(),
42
+ // Session config is optional, if not set, it will fallback to default value in core.
43
+ [LogtoOidcConfigKey.Session]: oidcSessionConfigGuard.nullish().transform((data) => data ?? {}),
38
44
  });
39
45
  export var LogtoJwtTokenKey;
40
46
  (function (LogtoJwtTokenKey) {