@logto/schemas 1.37.1 → 1.38.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/alterations/1.38.0-1772615848-add-oidc-model-instances-grant-id-partial-index.ts +26 -0
- package/alterations/1.38.0-1772619963-tune-oidc-model-instances-autovacuum.ts +28 -0
- package/alterations/1.38.0-1772621060-add-oidc-model-instances-grant-account-id-index.ts +26 -0
- package/alterations-js/1.38.0-1772615848-add-oidc-model-instances-grant-id-partial-index.js +22 -0
- package/alterations-js/1.38.0-1772619963-tune-oidc-model-instances-autovacuum.js +24 -0
- package/alterations-js/1.38.0-1772621060-add-oidc-model-instances-grant-account-id-index.js +22 -0
- package/lib/consts/cookie.d.ts +1 -0
- package/lib/consts/cookie.js +1 -0
- package/lib/consts/experience.d.ts +1 -0
- package/lib/consts/experience.js +1 -0
- package/lib/consts/oidc.d.ts +3 -0
- package/lib/consts/oidc.js +3 -0
- package/lib/consts/system.d.ts +4 -0
- package/lib/consts/system.js +4 -0
- package/lib/foundations/jsonb-types/oidc-module.d.ts +26 -7
- package/lib/foundations/jsonb-types/oidc-module.js +16 -1
- package/lib/foundations/jsonb-types/sign-in-experience.d.ts +10 -6
- package/lib/foundations/jsonb-types/sign-in-experience.js +6 -2
- package/lib/seeds/application.d.ts +3 -1
- package/lib/seeds/application.js +26 -1
- package/lib/types/application.d.ts +12 -0
- package/lib/types/connector.d.ts +8 -0
- package/lib/types/consent.d.ts +11 -3
- package/lib/types/consent.js +2 -1
- package/lib/types/log/interaction.d.ts +4 -2
- package/lib/types/log/interaction.js +2 -0
- package/lib/types/log/token.d.ts +5 -3
- package/lib/types/log/token.js +2 -0
- package/lib/types/logto-config/index.d.ts +276 -13
- package/lib/types/logto-config/index.js +6 -0
- package/lib/types/logto-config/jwt-customizer.d.ts +778 -253
- package/lib/types/logto-config/jwt-customizer.js +7 -3
- package/lib/types/oidc-config.d.ts +2 -1
- package/lib/types/oidc-config.js +1 -0
- package/lib/types/sign-in-experience.d.ts +6 -2
- package/lib/types/user-logto-config.d.ts +38 -0
- package/lib/types/user-logto-config.js +13 -0
- package/lib/types/user-sessions.d.ts +712 -112
- package/lib/types/user-sessions.js +33 -2
- package/lib/types/verification-records/verification-type.d.ts +1 -1
- package/lib/types/verification-records/verification-type.js +1 -1
- package/lib/types/verification-records/web-authn-verification.d.ts +11 -11
- package/lib/types/verification-records/web-authn-verification.js +3 -3
- package/package.json +8 -7
- package/tables/oidc_model_instances.sql +16 -0
|
@@ -7,14 +7,14 @@ import { GrantType } from '../oidc-config.js';
|
|
|
7
7
|
import { scopeResponseGuard } from '../scope.js';
|
|
8
8
|
import { userInfoGuard } from '../user.js';
|
|
9
9
|
import { backupCodeVerificationRecordDataGuard } from '../verification-records/backup-code-verification.js';
|
|
10
|
-
import { emailCodeVerificationRecordDataGuard, phoneCodeVerificationRecordDataGuard, } from '../verification-records/code-verification.js';
|
|
10
|
+
import { emailCodeVerificationRecordDataGuard, mfaEmailCodeVerificationRecordDataGuard, mfaPhoneCodeVerificationRecordDataGuard, phoneCodeVerificationRecordDataGuard, } from '../verification-records/code-verification.js';
|
|
11
11
|
import { enterpriseSsoVerificationRecordDataGuard } from '../verification-records/enterprise-sso-verification.js';
|
|
12
12
|
import { newPasswordIdentityVerificationRecordDataGuard } from '../verification-records/new-password-identity-verification.js';
|
|
13
13
|
import { oneTimeTokenVerificationRecordDataGuard } from '../verification-records/one-time-token-verification.js';
|
|
14
14
|
import { passwordVerificationRecordDataGuard } from '../verification-records/password-verification.js';
|
|
15
15
|
import { socialVerificationRecordDataGuard } from '../verification-records/social-verification.js';
|
|
16
16
|
import { totpVerificationRecordDataGuard } from '../verification-records/totp-verification.js';
|
|
17
|
-
import { webAuthnVerificationRecordDataGuard,
|
|
17
|
+
import { webAuthnVerificationRecordDataGuard, signInPasskeyVerificationRecordDataGuard, } from '../verification-records/web-authn-verification.js';
|
|
18
18
|
import { accessTokenPayloadGuard, clientCredentialsPayloadGuard } from './oidc-provider.js';
|
|
19
19
|
export const jwtCustomizerGuard = z.object({
|
|
20
20
|
script: z.string(),
|
|
@@ -59,6 +59,8 @@ const jwtCustomizerUserInteractionVerificationRecordGuard = z.discriminatedUnion
|
|
|
59
59
|
passwordVerificationRecordDataGuard,
|
|
60
60
|
emailCodeVerificationRecordDataGuard,
|
|
61
61
|
phoneCodeVerificationRecordDataGuard,
|
|
62
|
+
mfaEmailCodeVerificationRecordDataGuard,
|
|
63
|
+
mfaPhoneCodeVerificationRecordDataGuard,
|
|
62
64
|
socialVerificationRecordDataGuard.omit({
|
|
63
65
|
connectorSession: true,
|
|
64
66
|
encryptedTokenSet: true,
|
|
@@ -85,7 +87,7 @@ const jwtCustomizerUserInteractionVerificationRecordGuard = z.discriminatedUnion
|
|
|
85
87
|
authenticationChallenge: true,
|
|
86
88
|
registrationInfo: true,
|
|
87
89
|
}),
|
|
88
|
-
|
|
90
|
+
signInPasskeyVerificationRecordDataGuard.omit({
|
|
89
91
|
registrationChallenge: true,
|
|
90
92
|
authenticationChallenge: true,
|
|
91
93
|
registrationInfo: true,
|
|
@@ -97,6 +99,8 @@ const jwtCustomizerUserInteractionVerificationRecordGuard = z.discriminatedUnion
|
|
|
97
99
|
passwordEncryptionMethod: true,
|
|
98
100
|
}),
|
|
99
101
|
]);
|
|
102
|
+
// This is to ensure that all the verification types are covered in the `jwtCustomizerUserInteractionVerificationRecordGuard`.
|
|
103
|
+
const _jwtCustomizerUserInteractionVerificationRecordTypeCoverage = true;
|
|
100
104
|
export const jwtCustomizerUserInteractionContextGuard = z.object({
|
|
101
105
|
interactionEvent: z.nativeEnum(InteractionEvent),
|
|
102
106
|
userId: z.string(),
|
|
@@ -9,5 +9,6 @@ export declare enum GrantType {
|
|
|
9
9
|
AuthorizationCode = "authorization_code",
|
|
10
10
|
RefreshToken = "refresh_token",
|
|
11
11
|
ClientCredentials = "client_credentials",
|
|
12
|
-
TokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange"
|
|
12
|
+
TokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange",
|
|
13
|
+
DeviceCode = "urn:ietf:params:oauth:grant-type:device_code"
|
|
13
14
|
}
|
package/lib/types/oidc-config.js
CHANGED
|
@@ -4,4 +4,5 @@ export var GrantType;
|
|
|
4
4
|
GrantType["RefreshToken"] = "refresh_token";
|
|
5
5
|
GrantType["ClientCredentials"] = "client_credentials";
|
|
6
6
|
GrantType["TokenExchange"] = "urn:ietf:params:oauth:grant-type:token-exchange";
|
|
7
|
+
GrantType["DeviceCode"] = "urn:ietf:params:oauth:grant-type:device_code";
|
|
7
8
|
})(GrantType || (GrantType = {}));
|
|
@@ -63,10 +63,10 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
|
|
|
63
63
|
hideLogtoBranding: z.ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
64
64
|
languageInfo: z.ZodType<{
|
|
65
65
|
autoDetect: boolean;
|
|
66
|
-
fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
|
|
66
|
+
fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
|
|
67
67
|
}, z.ZodTypeDef, {
|
|
68
68
|
autoDetect: boolean;
|
|
69
|
-
fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
|
|
69
|
+
fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
|
|
70
70
|
}>;
|
|
71
71
|
termsOfUseUrl: z.ZodType<string | null, z.ZodTypeDef, string | null>;
|
|
72
72
|
privacyPolicyUrl: z.ZodType<string | null, z.ZodTypeDef, string | null>;
|
|
@@ -362,6 +362,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
|
|
|
362
362
|
"ca-ES"?: string | undefined;
|
|
363
363
|
"cb-IQ"?: string | undefined;
|
|
364
364
|
"co-FR"?: string | undefined;
|
|
365
|
+
cs?: string | undefined;
|
|
365
366
|
"cs-CZ"?: string | undefined;
|
|
366
367
|
"cx-PH"?: string | undefined;
|
|
367
368
|
"cy-GB"?: string | undefined;
|
|
@@ -502,6 +503,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
|
|
|
502
503
|
"ca-ES"?: string | undefined;
|
|
503
504
|
"cb-IQ"?: string | undefined;
|
|
504
505
|
"co-FR"?: string | undefined;
|
|
506
|
+
cs?: string | undefined;
|
|
505
507
|
"cs-CZ"?: string | undefined;
|
|
506
508
|
"cx-PH"?: string | undefined;
|
|
507
509
|
"cy-GB"?: string | undefined;
|
|
@@ -739,6 +741,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
|
|
|
739
741
|
"ca-ES"?: string | undefined;
|
|
740
742
|
"cb-IQ"?: string | undefined;
|
|
741
743
|
"co-FR"?: string | undefined;
|
|
744
|
+
cs?: string | undefined;
|
|
742
745
|
"cs-CZ"?: string | undefined;
|
|
743
746
|
"cx-PH"?: string | undefined;
|
|
744
747
|
"cy-GB"?: string | undefined;
|
|
@@ -935,6 +938,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
|
|
|
935
938
|
"ca-ES"?: string | undefined;
|
|
936
939
|
"cb-IQ"?: string | undefined;
|
|
937
940
|
"co-FR"?: string | undefined;
|
|
941
|
+
cs?: string | undefined;
|
|
938
942
|
"cs-CZ"?: string | undefined;
|
|
939
943
|
"cx-PH"?: string | undefined;
|
|
940
944
|
"cy-GB"?: string | undefined;
|
|
@@ -8,10 +8,23 @@ export declare const userPasskeySignInDataKey = "passkey_sign_in";
|
|
|
8
8
|
* Schema for MFA-related data stored in user's logto_config
|
|
9
9
|
*/
|
|
10
10
|
export declare const userMfaDataGuard: z.ZodObject<{
|
|
11
|
+
/**
|
|
12
|
+
* Whether the user has actively enabled/bound MFA factors
|
|
13
|
+
*
|
|
14
|
+
* Note: The `undefined` value indicates that a new user has never made a choice on enabling the optional MFA; or an
|
|
15
|
+
* existing user data was created before the introduction of this field, so the MFA enabled state is unknown. We need
|
|
16
|
+
* to check extra conditions to determine it when the user submits the experience interaction.
|
|
17
|
+
* @see {@link @logto/core/packages/core/src/routes/experience/classes/mfa.ts#assertOptionalMfaEnablement}
|
|
18
|
+
*/
|
|
19
|
+
enabled: z.ZodOptional<z.ZodBoolean>;
|
|
11
20
|
/**
|
|
12
21
|
* Whether the user has skipped MFA binding flow
|
|
13
22
|
*/
|
|
14
23
|
skipped: z.ZodOptional<z.ZodBoolean>;
|
|
24
|
+
/**
|
|
25
|
+
* Whether the user has skipped optional additional MFA binding suggestion
|
|
26
|
+
*/
|
|
27
|
+
additionalBindingSuggestionSkipped: z.ZodOptional<z.ZodBoolean>;
|
|
15
28
|
/**
|
|
16
29
|
* Whether the user has skipped MFA verification on sign-in
|
|
17
30
|
*
|
|
@@ -20,10 +33,14 @@ export declare const userMfaDataGuard: z.ZodObject<{
|
|
|
20
33
|
*/
|
|
21
34
|
skipMfaOnSignIn: z.ZodOptional<z.ZodBoolean>;
|
|
22
35
|
}, "strip", z.ZodTypeAny, {
|
|
36
|
+
enabled?: boolean | undefined;
|
|
23
37
|
skipped?: boolean | undefined;
|
|
38
|
+
additionalBindingSuggestionSkipped?: boolean | undefined;
|
|
24
39
|
skipMfaOnSignIn?: boolean | undefined;
|
|
25
40
|
}, {
|
|
41
|
+
enabled?: boolean | undefined;
|
|
26
42
|
skipped?: boolean | undefined;
|
|
43
|
+
additionalBindingSuggestionSkipped?: boolean | undefined;
|
|
27
44
|
skipMfaOnSignIn?: boolean | undefined;
|
|
28
45
|
}>;
|
|
29
46
|
export type UserMfaData = z.infer<typeof userMfaDataGuard>;
|
|
@@ -46,10 +63,23 @@ export type UserPasskeySignInData = z.infer<typeof userPasskeySignInDataGuard>;
|
|
|
46
63
|
*/
|
|
47
64
|
export declare const userLogtoConfigGuard: z.ZodObject<{
|
|
48
65
|
mfa: z.ZodOptional<z.ZodObject<{
|
|
66
|
+
/**
|
|
67
|
+
* Whether the user has actively enabled/bound MFA factors
|
|
68
|
+
*
|
|
69
|
+
* Note: The `undefined` value indicates that a new user has never made a choice on enabling the optional MFA; or an
|
|
70
|
+
* existing user data was created before the introduction of this field, so the MFA enabled state is unknown. We need
|
|
71
|
+
* to check extra conditions to determine it when the user submits the experience interaction.
|
|
72
|
+
* @see {@link @logto/core/packages/core/src/routes/experience/classes/mfa.ts#assertOptionalMfaEnablement}
|
|
73
|
+
*/
|
|
74
|
+
enabled: z.ZodOptional<z.ZodBoolean>;
|
|
49
75
|
/**
|
|
50
76
|
* Whether the user has skipped MFA binding flow
|
|
51
77
|
*/
|
|
52
78
|
skipped: z.ZodOptional<z.ZodBoolean>;
|
|
79
|
+
/**
|
|
80
|
+
* Whether the user has skipped optional additional MFA binding suggestion
|
|
81
|
+
*/
|
|
82
|
+
additionalBindingSuggestionSkipped: z.ZodOptional<z.ZodBoolean>;
|
|
53
83
|
/**
|
|
54
84
|
* Whether the user has skipped MFA verification on sign-in
|
|
55
85
|
*
|
|
@@ -58,10 +88,14 @@ export declare const userLogtoConfigGuard: z.ZodObject<{
|
|
|
58
88
|
*/
|
|
59
89
|
skipMfaOnSignIn: z.ZodOptional<z.ZodBoolean>;
|
|
60
90
|
}, "strip", z.ZodTypeAny, {
|
|
91
|
+
enabled?: boolean | undefined;
|
|
61
92
|
skipped?: boolean | undefined;
|
|
93
|
+
additionalBindingSuggestionSkipped?: boolean | undefined;
|
|
62
94
|
skipMfaOnSignIn?: boolean | undefined;
|
|
63
95
|
}, {
|
|
96
|
+
enabled?: boolean | undefined;
|
|
64
97
|
skipped?: boolean | undefined;
|
|
98
|
+
additionalBindingSuggestionSkipped?: boolean | undefined;
|
|
65
99
|
skipMfaOnSignIn?: boolean | undefined;
|
|
66
100
|
}>>;
|
|
67
101
|
passkey_sign_in: z.ZodOptional<z.ZodObject<{
|
|
@@ -76,7 +110,9 @@ export declare const userLogtoConfigGuard: z.ZodObject<{
|
|
|
76
110
|
}>>;
|
|
77
111
|
}, "strip", z.ZodTypeAny, {
|
|
78
112
|
mfa?: {
|
|
113
|
+
enabled?: boolean | undefined;
|
|
79
114
|
skipped?: boolean | undefined;
|
|
115
|
+
additionalBindingSuggestionSkipped?: boolean | undefined;
|
|
80
116
|
skipMfaOnSignIn?: boolean | undefined;
|
|
81
117
|
} | undefined;
|
|
82
118
|
passkey_sign_in?: {
|
|
@@ -84,7 +120,9 @@ export declare const userLogtoConfigGuard: z.ZodObject<{
|
|
|
84
120
|
} | undefined;
|
|
85
121
|
}, {
|
|
86
122
|
mfa?: {
|
|
123
|
+
enabled?: boolean | undefined;
|
|
87
124
|
skipped?: boolean | undefined;
|
|
125
|
+
additionalBindingSuggestionSkipped?: boolean | undefined;
|
|
88
126
|
skipMfaOnSignIn?: boolean | undefined;
|
|
89
127
|
} | undefined;
|
|
90
128
|
passkey_sign_in?: {
|
|
@@ -11,10 +11,23 @@ export const userPasskeySignInDataKey = 'passkey_sign_in';
|
|
|
11
11
|
* Schema for MFA-related data stored in user's logto_config
|
|
12
12
|
*/
|
|
13
13
|
export const userMfaDataGuard = z.object({
|
|
14
|
+
/**
|
|
15
|
+
* Whether the user has actively enabled/bound MFA factors
|
|
16
|
+
*
|
|
17
|
+
* Note: The `undefined` value indicates that a new user has never made a choice on enabling the optional MFA; or an
|
|
18
|
+
* existing user data was created before the introduction of this field, so the MFA enabled state is unknown. We need
|
|
19
|
+
* to check extra conditions to determine it when the user submits the experience interaction.
|
|
20
|
+
* @see {@link @logto/core/packages/core/src/routes/experience/classes/mfa.ts#assertOptionalMfaEnablement}
|
|
21
|
+
*/
|
|
22
|
+
enabled: z.boolean().optional(),
|
|
14
23
|
/**
|
|
15
24
|
* Whether the user has skipped MFA binding flow
|
|
16
25
|
*/
|
|
17
26
|
skipped: z.boolean().optional(),
|
|
27
|
+
/**
|
|
28
|
+
* Whether the user has skipped optional additional MFA binding suggestion
|
|
29
|
+
*/
|
|
30
|
+
additionalBindingSuggestionSkipped: z.boolean().optional(),
|
|
18
31
|
/**
|
|
19
32
|
* Whether the user has skipped MFA verification on sign-in
|
|
20
33
|
*
|