npm - @logto/schemas - Versions diffs - 1.37.1 → 1.39.0 - Mend

@logto/schemas 1.37.1 → 1.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

package/alterations/1.38.0-1772615848-add-oidc-model-instances-grant-id-partial-index.ts +26 -0
package/alterations/1.38.0-1772619963-tune-oidc-model-instances-autovacuum.ts +28 -0
package/alterations/1.38.0-1772621060-add-oidc-model-instances-grant-account-id-index.ts +26 -0
package/alterations/1.39.0-1774752400-add-delete-account-url.ts +20 -0
package/alterations/1.39.0-1774770686-add-account-center-custom-css.ts +20 -0
package/alterations/1.39.0-1776502301-add-sign-up-profile-fields.ts +20 -0
package/alterations-js/1.38.0-1772615848-add-oidc-model-instances-grant-id-partial-index.js +22 -0
package/alterations-js/1.38.0-1772619963-tune-oidc-model-instances-autovacuum.js +24 -0
package/alterations-js/1.38.0-1772621060-add-oidc-model-instances-grant-account-id-index.js +22 -0
package/alterations-js/1.39.0-1774752400-add-delete-account-url.js +16 -0
package/alterations-js/1.39.0-1774770686-add-account-center-custom-css.js +16 -0
package/alterations-js/1.39.0-1776502301-add-sign-up-profile-fields.js +16 -0
package/lib/consts/cookie.d.ts +1 -0
package/lib/consts/cookie.js +1 -0
package/lib/consts/experience.d.ts +1 -0
package/lib/consts/experience.js +1 -0
package/lib/consts/oidc.d.ts +3 -0
package/lib/consts/oidc.js +3 -0
package/lib/consts/system.d.ts +4 -0
package/lib/consts/system.js +4 -0
package/lib/db-entries/account-center.d.ts +9 -1
package/lib/db-entries/account-center.js +8 -0
package/lib/db-entries/sign-in-experience.d.ts +6 -2
package/lib/db-entries/sign-in-experience.js +5 -1
package/lib/foundations/jsonb-types/account-centers.d.ts +1 -0
package/lib/foundations/jsonb-types/account-centers.js +8 -0
package/lib/foundations/jsonb-types/oidc-module.d.ts +26 -7
package/lib/foundations/jsonb-types/oidc-module.js +16 -1
package/lib/foundations/jsonb-types/sign-in-experience.d.ts +36 -6
package/lib/foundations/jsonb-types/sign-in-experience.js +10 -2
package/lib/seeds/application.d.ts +3 -1
package/lib/seeds/application.js +26 -1
package/lib/types/alteration.d.ts +5 -0
package/lib/types/application.d.ts +14 -2
package/lib/types/connector.d.ts +8 -0
package/lib/types/consent.d.ts +11 -3
package/lib/types/consent.js +2 -1
package/lib/types/custom-profile-fields.d.ts +7 -13
package/lib/types/custom-profile-fields.js +6 -13
package/lib/types/log/interaction.d.ts +4 -2
package/lib/types/log/interaction.js +2 -0
package/lib/types/log/token.d.ts +5 -3
package/lib/types/log/token.js +2 -0
package/lib/types/logto-config/index.d.ts +331 -15
package/lib/types/logto-config/index.js +28 -4
package/lib/types/logto-config/index.test.d.ts +1 -0
package/lib/types/logto-config/index.test.js +29 -0
package/lib/types/logto-config/jwt-customizer.d.ts +787 -253
package/lib/types/logto-config/jwt-customizer.js +8 -3
package/lib/types/logto-config/jwt-customizer.test.js +14 -2
package/lib/types/oidc-config.d.ts +2 -1
package/lib/types/oidc-config.js +1 -0
package/lib/types/onboarding.d.ts +93 -1
package/lib/types/onboarding.js +22 -1
package/lib/types/sign-in-experience.d.ts +15 -4
package/lib/types/user-logto-config.d.ts +49 -0
package/lib/types/user-logto-config.js +19 -0
package/lib/types/user-sessions.d.ts +712 -112
package/lib/types/user-sessions.js +33 -2
package/lib/types/verification-records/verification-type.d.ts +1 -1
package/lib/types/verification-records/verification-type.js +1 -1
package/lib/types/verification-records/web-authn-verification.d.ts +11 -11
package/lib/types/verification-records/web-authn-verification.js +3 -3
package/lib/utils/index.d.ts +1 -0
package/lib/utils/index.js +1 -0
package/lib/utils/oidc-private-key.d.ts +88 -0
package/lib/utils/oidc-private-key.js +163 -0
package/lib/utils/oidc-private-key.test.d.ts +1 -0
package/lib/utils/oidc-private-key.test.js +128 -0
package/package.json +9 -8
package/tables/account_centers.sql +4 -0
package/tables/oidc_model_instances.sql +16 -0
package/tables/sign_in_experiences.sql +2 -0

package/lib/types/logto-config/index.js CHANGED Viewed

@@ -18,6 +18,7 @@ export var LogtoOidcConfigKey;
 (function (LogtoOidcConfigKey) {
     LogtoOidcConfigKey["PrivateKeys"] = "oidc.privateKeys";
     LogtoOidcConfigKey["CookieKeys"] = "oidc.cookieKeys";
+    LogtoOidcConfigKey["Session"] = "oidc.session";
 })(LogtoOidcConfigKey || (LogtoOidcConfigKey = {}));
 /**
  * Logto supported signing key algorithms for OIDC private keys that sign JWT tokens.
@@ -32,9 +33,23 @@ export const oidcConfigKeyGuard = z.object({
     value: z.string(),
     createdAt: z.number(),
 });
+export var OidcSigningKeyStatus;
+(function (OidcSigningKeyStatus) {
+    OidcSigningKeyStatus["Next"] = "Next";
+    OidcSigningKeyStatus["Current"] = "Current";
+    OidcSigningKeyStatus["Previous"] = "Previous";
+})(OidcSigningKeyStatus || (OidcSigningKeyStatus = {}));
+export const oidcPrivateKeyGuard = oidcConfigKeyGuard.extend({
+    status: z.nativeEnum(OidcSigningKeyStatus).optional(),
+});
+export const oidcSessionConfigGuard = z.object({
+    ttl: z.number().int().min(1).max(31_536_000).optional(),
+});
 export const logtoOidcConfigGuard = Object.freeze({
-    [LogtoOidcConfigKey.PrivateKeys]: oidcConfigKeyGuard.array(),
+    [LogtoOidcConfigKey.PrivateKeys]: oidcPrivateKeyGuard.array(),
     [LogtoOidcConfigKey.CookieKeys]: oidcConfigKeyGuard.array(),
+    // Session config is optional, if not set, it will fallback to default value in core.
+    [LogtoOidcConfigKey.Session]: oidcSessionConfigGuard.nullish().transform((data) => data ?? {}),
 });
 export var LogtoJwtTokenKey;
 (function (LogtoJwtTokenKey) {
@@ -90,6 +105,10 @@ export const extendedIdTokenClaimsGuard = z.enum(extendedIdTokenClaims);
 export const idTokenConfigGuard = z.object({
     enabledExtendedClaims: extendedIdTokenClaimsGuard.array().optional(),
 });
+export const signingKeyRotationStateGuard = z.object({
+    tenantCacheExpiresAt: z.number().optional(),
+    signingKeyRotationAt: z.number().optional(),
+});
 export var LogtoTenantConfigKey;
 (function (LogtoTenantConfigKey) {
     LogtoTenantConfigKey["AdminConsole"] = "adminConsole";
@@ -98,12 +117,15 @@ export var LogtoTenantConfigKey;
     LogtoTenantConfigKey["SessionNotFoundRedirectUrl"] = "sessionNotFoundRedirectUrl";
     /** ID token configuration for extended claims. */
     LogtoTenantConfigKey["IdToken"] = "idToken";
+    /** Tenant-scoped rotation state for staged private signing key activation. */
+    LogtoTenantConfigKey["SigningKeyRotationState"] = "signingKeyRotationState";
 })(LogtoTenantConfigKey || (LogtoTenantConfigKey = {}));
 export const logtoTenantConfigGuard = Object.freeze({
     [LogtoTenantConfigKey.AdminConsole]: adminConsoleDataGuard,
     [LogtoTenantConfigKey.CloudConnection]: cloudConnectionDataGuard,
     [LogtoTenantConfigKey.SessionNotFoundRedirectUrl]: z.object({ url: z.string() }),
     [LogtoTenantConfigKey.IdToken]: idTokenConfigGuard,
+    [LogtoTenantConfigKey.SigningKeyRotationState]: signingKeyRotationStateGuard,
 });
 export const logtoConfigKeys = Object.freeze([
     ...Object.values(LogtoOidcConfigKey),
@@ -115,6 +137,8 @@ export const logtoConfigGuards = Object.freeze({
     ...jwtCustomizerConfigGuard,
     ...logtoTenantConfigGuard,
 });
-export const oidcConfigKeysResponseGuard = oidcConfigKeyGuard
-    .omit({ value: true })
-    .merge(z.object({ signingKeyAlgorithm: z.nativeEnum(SupportedSigningKeyAlgorithm).optional() }));
+export const oidcConfigKeysResponseGuard = oidcConfigKeyGuard.omit({ value: true }).merge(z.object({
+    signingKeyAlgorithm: z.nativeEnum(SupportedSigningKeyAlgorithm).optional(),
+    status: z.nativeEnum(OidcSigningKeyStatus).optional(),
+    effectiveAt: z.number().optional(),
+}));

package/lib/types/logto-config/index.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/lib/types/logto-config/index.test.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { describe, expect, it } from 'vitest';
+import { LogtoOidcConfigKey, LogtoTenantConfigKey, OidcSigningKeyStatus, logtoOidcConfigGuard, logtoTenantConfigGuard, oidcConfigKeysResponseGuard, } from './index.js';
+describe('logto config guards', () => {
+    it('accepts legacy private keys without status', () => {
+        const privateKeys = [
+            {
+                id: 'key_1',
+                value: 'private-key-1',
+                createdAt: 1_710_000_000_000,
+            },
+        ];
+        const result = logtoOidcConfigGuard[LogtoOidcConfigKey.PrivateKeys].safeParse(privateKeys);
+        expect(result.success).toBe(true);
+    });
+    it('accepts signing key status in OIDC key responses', () => {
+        const result = oidcConfigKeysResponseGuard.safeParse({
+            id: 'key_1',
+            createdAt: 1_710_000_000_000,
+            status: OidcSigningKeyStatus.Current,
+        });
+        expect(result.success).toBe(true);
+    });
+    it('accepts partial signing key rotation state', () => {
+        const result = logtoTenantConfigGuard[LogtoTenantConfigKey.SigningKeyRotationState].safeParse({
+            signingKeyRotationAt: 1_710_000_000_000,
+        });
+        expect(result.success).toBe(true);
+    });
+});