@logto/schemas 1.37.1 → 1.39.0

package/lib/types/logto-config/jwt-customizer.js

@@ -7,19 +7,20 @@ import { GrantType } from '../oidc-config.js';
 import { scopeResponseGuard } from '../scope.js';
 import { userInfoGuard } from '../user.js';
 import { backupCodeVerificationRecordDataGuard } from '../verification-records/backup-code-verification.js';
-import { emailCodeVerificationRecordDataGuard, phoneCodeVerificationRecordDataGuard, } from '../verification-records/code-verification.js';
+import { emailCodeVerificationRecordDataGuard, mfaEmailCodeVerificationRecordDataGuard, mfaPhoneCodeVerificationRecordDataGuard, phoneCodeVerificationRecordDataGuard, } from '../verification-records/code-verification.js';
 import { enterpriseSsoVerificationRecordDataGuard } from '../verification-records/enterprise-sso-verification.js';
 import { newPasswordIdentityVerificationRecordDataGuard } from '../verification-records/new-password-identity-verification.js';
 import { oneTimeTokenVerificationRecordDataGuard } from '../verification-records/one-time-token-verification.js';
 import { passwordVerificationRecordDataGuard } from '../verification-records/password-verification.js';
 import { socialVerificationRecordDataGuard } from '../verification-records/social-verification.js';
 import { totpVerificationRecordDataGuard } from '../verification-records/totp-verification.js';
-import { webAuthnVerificationRecordDataGuard, signInWebAuthnVerificationRecordDataGuard, } from '../verification-records/web-authn-verification.js';
+import { webAuthnVerificationRecordDataGuard, signInPasskeyVerificationRecordDataGuard, } from '../verification-records/web-authn-verification.js';
 import { accessTokenPayloadGuard, clientCredentialsPayloadGuard } from './oidc-provider.js';
 export const jwtCustomizerGuard = z.object({
     script: z.string(),
     environmentVariables: z.record(z.string()).optional(),
     contextSample: jsonObjectGuard.optional(),
+    blockIssuanceOnError: z.boolean().optional(),
 });
 export var LogtoJwtTokenKeyType;
 (function (LogtoJwtTokenKeyType) {
@@ -59,6 +60,8 @@ const jwtCustomizerUserInteractionVerificationRecordGuard = z.discriminatedUnion
     passwordVerificationRecordDataGuard,
     emailCodeVerificationRecordDataGuard,
     phoneCodeVerificationRecordDataGuard,
+    mfaEmailCodeVerificationRecordDataGuard,
+    mfaPhoneCodeVerificationRecordDataGuard,
     socialVerificationRecordDataGuard.omit({
         connectorSession: true,
         encryptedTokenSet: true,
@@ -85,7 +88,7 @@ const jwtCustomizerUserInteractionVerificationRecordGuard = z.discriminatedUnion
         authenticationChallenge: true,
         registrationInfo: true,
     }),
-    signInWebAuthnVerificationRecordDataGuard.omit({
+    signInPasskeyVerificationRecordDataGuard.omit({
         registrationChallenge: true,
         authenticationChallenge: true,
         registrationInfo: true,
@@ -97,6 +100,8 @@ const jwtCustomizerUserInteractionVerificationRecordGuard = z.discriminatedUnion
         passwordEncryptionMethod: true,
     }),
 ]);
+// This is to ensure that all the verification types are covered in the `jwtCustomizerUserInteractionVerificationRecordGuard`.
+const _jwtCustomizerUserInteractionVerificationRecordTypeCoverage = true;
 export const jwtCustomizerUserInteractionContextGuard = z.object({
     interactionEvent: z.nativeEnum(InteractionEvent),
     userId: z.string(),

package/lib/types/logto-config/jwt-customizer.test.js

@@ -1,9 +1,20 @@
 import { pick } from '@silverhand/essentials';
 import { describe, expect, it } from 'vitest';
 import { accessTokenJwtCustomizerGuard, clientCredentialsJwtCustomizerGuard, } from './jwt-customizer.js';
-const allFields = ['script', 'environmentVariables', 'contextSample', 'tokenSample'];
+const allFields = [
+    'script',
+    'environmentVariables',
+    'contextSample',
+    'tokenSample',
+    'blockIssuanceOnError',
+];
 const requiredFields = ['script'];
-const optionalFields = ['environmentVariables', 'contextSample', 'tokenSample'];
+const optionalFields = [
+    'environmentVariables',
+    'contextSample',
+    'tokenSample',
+    'blockIssuanceOnError',
+];
 const testClientCredentialsTokenPayload = {
     script: '',
     environmentVariables: {},
@@ -14,6 +25,7 @@ const testClientCredentialsTokenPayload = {
         },
     },
     tokenSample: {},
+    blockIssuanceOnError: false,
 };
 const testAccessTokenPayload = {
     ...testClientCredentialsTokenPayload,

package/lib/types/oidc-config.d.ts

@@ -9,5 +9,6 @@ export declare enum GrantType {
     AuthorizationCode = "authorization_code",
     RefreshToken = "refresh_token",
     ClientCredentials = "client_credentials",
-    TokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange"
+    TokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange",
+    DeviceCode = "urn:ietf:params:oauth:grant-type:device_code"
 }

package/lib/types/oidc-config.js

@@ -4,4 +4,5 @@ export var GrantType;
     GrantType["RefreshToken"] = "refresh_token";
     GrantType["ClientCredentials"] = "client_credentials";
     GrantType["TokenExchange"] = "urn:ietf:params:oauth:grant-type:token-exchange";
+    GrantType["DeviceCode"] = "urn:ietf:params:oauth:grant-type:device_code";
 })(GrantType || (GrantType = {}));

package/lib/types/onboarding.d.ts

@@ -1,5 +1,6 @@
 import { z } from 'zod';
 export declare const userOnboardingDataKey = "onboarding";
+export declare const ossUserOnboardingDataKey = "ossOnboarding";
 export declare enum Project {
     Personal = "personal",
     Company = "company"
@@ -18,7 +19,6 @@ export declare enum Title {
     Product = "product",
     Others = "others"
 }
-/** @deprecated */
 export declare enum CompanySize {
     Scale1 = "1",
     Scale2 = "2-49",
@@ -81,6 +81,52 @@ declare const questionnaireGuard: z.ZodObject<{
     additionalFeatures?: AdditionalFeatures[] | undefined;
 }>;
 export type Questionnaire = z.infer<typeof questionnaireGuard>;
+declare const ossQuestionnaireGuard: z.ZodObject<{
+    emailAddress: z.ZodOptional<z.ZodString>;
+    newsletter: z.ZodOptional<z.ZodBoolean>;
+    project: z.ZodOptional<z.ZodNativeEnum<typeof Project>>;
+    projectName: z.ZodOptional<z.ZodString>;
+    companyName: z.ZodOptional<z.ZodString>;
+    companySize: z.ZodOptional<z.ZodNativeEnum<typeof CompanySize>>;
+}, "strip", z.ZodTypeAny, {
+    project?: Project | undefined;
+    companyName?: string | undefined;
+    companySize?: CompanySize | undefined;
+    emailAddress?: string | undefined;
+    newsletter?: boolean | undefined;
+    projectName?: string | undefined;
+}, {
+    project?: Project | undefined;
+    companyName?: string | undefined;
+    companySize?: CompanySize | undefined;
+    emailAddress?: string | undefined;
+    newsletter?: boolean | undefined;
+    projectName?: string | undefined;
+}>;
+export type OssQuestionnaire = z.infer<typeof ossQuestionnaireGuard>;
+export declare const ossSurveyReportPayloadGuard: z.ZodObject<{
+    emailAddress: z.ZodString;
+    newsletter: z.ZodOptional<z.ZodBoolean>;
+    project: z.ZodNativeEnum<typeof Project>;
+    projectName: z.ZodOptional<z.ZodString>;
+    companyName: z.ZodOptional<z.ZodString>;
+    companySize: z.ZodOptional<z.ZodNativeEnum<typeof CompanySize>>;
+}, "strip", z.ZodTypeAny, {
+    project: Project;
+    emailAddress: string;
+    companyName?: string | undefined;
+    companySize?: CompanySize | undefined;
+    newsletter?: boolean | undefined;
+    projectName?: string | undefined;
+}, {
+    project: Project;
+    emailAddress: string;
+    companyName?: string | undefined;
+    companySize?: CompanySize | undefined;
+    newsletter?: boolean | undefined;
+    projectName?: string | undefined;
+}>;
+export type OssSurveyReportPayload = z.infer<typeof ossSurveyReportPayloadGuard>;
 export declare const userOnboardingDataGuard: z.ZodObject<{
     questionnaire: z.ZodOptional<z.ZodObject<{
         project: z.ZodOptional<z.ZodNativeEnum<typeof Project>>;
@@ -141,4 +187,50 @@ export declare const userOnboardingDataGuard: z.ZodObject<{
     isOnboardingDone?: boolean | undefined;
 }>;
 export type UserOnboardingData = z.infer<typeof userOnboardingDataGuard>;
+export declare const ossUserOnboardingDataGuard: z.ZodObject<{
+    questionnaire: z.ZodOptional<z.ZodObject<{
+        emailAddress: z.ZodOptional<z.ZodString>;
+        newsletter: z.ZodOptional<z.ZodBoolean>;
+        project: z.ZodOptional<z.ZodNativeEnum<typeof Project>>;
+        projectName: z.ZodOptional<z.ZodString>;
+        companyName: z.ZodOptional<z.ZodString>;
+        companySize: z.ZodOptional<z.ZodNativeEnum<typeof CompanySize>>;
+    }, "strip", z.ZodTypeAny, {
+        project?: Project | undefined;
+        companyName?: string | undefined;
+        companySize?: CompanySize | undefined;
+        emailAddress?: string | undefined;
+        newsletter?: boolean | undefined;
+        projectName?: string | undefined;
+    }, {
+        project?: Project | undefined;
+        companyName?: string | undefined;
+        companySize?: CompanySize | undefined;
+        emailAddress?: string | undefined;
+        newsletter?: boolean | undefined;
+        projectName?: string | undefined;
+    }>>;
+    isOnboardingDone: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    questionnaire?: {
+        project?: Project | undefined;
+        companyName?: string | undefined;
+        companySize?: CompanySize | undefined;
+        emailAddress?: string | undefined;
+        newsletter?: boolean | undefined;
+        projectName?: string | undefined;
+    } | undefined;
+    isOnboardingDone?: boolean | undefined;
+}, {
+    questionnaire?: {
+        project?: Project | undefined;
+        companyName?: string | undefined;
+        companySize?: CompanySize | undefined;
+        emailAddress?: string | undefined;
+        newsletter?: boolean | undefined;
+        projectName?: string | undefined;
+    } | undefined;
+    isOnboardingDone?: boolean | undefined;
+}>;
+export type OssUserOnboardingData = z.infer<typeof ossUserOnboardingDataGuard>;
 export {};

package/lib/types/onboarding.js

@@ -1,5 +1,6 @@
 import { z } from 'zod';
 export const userOnboardingDataKey = 'onboarding';
+export const ossUserOnboardingDataKey = 'ossOnboarding';
 export var Project;
 (function (Project) {
     Project["Personal"] = "personal";
@@ -21,7 +22,6 @@ export var Title;
     Title["Product"] = "product";
     Title["Others"] = "others";
 })(Title || (Title = {}));
-/** @deprecated */
 export var CompanySize;
 (function (CompanySize) {
     CompanySize["Scale1"] = "1";
@@ -30,6 +30,7 @@ export var CompanySize;
     CompanySize["Scale4"] = "200-999";
     CompanySize["Scale5"] = "1000+";
 })(CompanySize || (CompanySize = {}));
+// Kept as a shared enum for OSS onboarding and existing questionnaire payloads.
 /** @deprecated */
 export var Reason;
 (function (Reason) {
@@ -69,7 +70,27 @@ const questionnaireGuard = z.object({
     stage: z.nativeEnum(Stage).optional(),
     additionalFeatures: z.array(z.nativeEnum(AdditionalFeatures)).optional(),
 });
+const ossQuestionnaireGuard = z.object({
+    emailAddress: z.string().optional(),
+    newsletter: z.boolean().optional(),
+    project: z.nativeEnum(Project).optional(),
+    projectName: z.string().max(200).optional(),
+    companyName: z.string().optional(),
+    companySize: z.nativeEnum(CompanySize).optional(),
+});
+export const ossSurveyReportPayloadGuard = z.object({
+    emailAddress: z.string().email().max(320),
+    newsletter: z.boolean().optional(),
+    project: z.nativeEnum(Project),
+    projectName: z.string().max(200).optional(),
+    companyName: z.string().max(200).optional(),
+    companySize: z.nativeEnum(CompanySize).optional(),
+});
 export const userOnboardingDataGuard = z.object({
     questionnaire: questionnaireGuard.optional(),
     isOnboardingDone: z.boolean().optional(),
 });
+export const ossUserOnboardingDataGuard = z.object({
+    questionnaire: ossQuestionnaireGuard.optional(),
+    isOnboardingDone: z.boolean().optional(),
+});

package/lib/types/sign-in-experience.d.ts

@@ -63,10 +63,10 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     hideLogtoBranding: z.ZodType<boolean, z.ZodTypeDef, boolean>;
     languageInfo: z.ZodType<{
         autoDetect: boolean;
-        fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
+        fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
     }, z.ZodTypeDef, {
         autoDetect: boolean;
-        fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
+        fallbackLanguage: "af-ZA" | "am-ET" | "ar" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
     }>;
     termsOfUseUrl: z.ZodType<string | null, z.ZodTypeDef, string | null>;
     privacyPolicyUrl: z.ZodType<string | null, z.ZodTypeDef, string | null>;
@@ -143,6 +143,11 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     emailBlocklistPolicy: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").EmailBlocklistPolicy, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").EmailBlocklistPolicy>;
     forgotPasswordMethods: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").ForgotPasswordMethod[] | null, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").ForgotPasswordMethod[] | null>;
     passkeySignIn: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").PasskeySignIn, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").PasskeySignIn>;
+    signUpProfileFields: z.ZodType<{
+        name: string;
+    }[] | null, z.ZodTypeDef, {
+        name: string;
+    }[] | null>;
 }, "forgotPasswordMethods"> & {
     socialConnectors: z.ZodArray<z.ZodObject<Omit<{
         id: z.ZodString;
@@ -362,6 +367,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
             "ca-ES"?: string | undefined;
             "cb-IQ"?: string | undefined;
             "co-FR"?: string | undefined;
+            cs?: string | undefined;
             "cs-CZ"?: string | undefined;
             "cx-PH"?: string | undefined;
             "cy-GB"?: string | undefined;
@@ -502,6 +508,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
             "ca-ES"?: string | undefined;
             "cb-IQ"?: string | undefined;
             "co-FR"?: string | undefined;
+            cs?: string | undefined;
             "cs-CZ"?: string | undefined;
             "cx-PH"?: string | undefined;
             "cy-GB"?: string | undefined;
@@ -696,9 +703,9 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     id: string;
     tenantId: string;
     mfa: import("../foundations/jsonb-types/sign-in-experience.js").Mfa;
+    customCss: string | null;
     color: import("../foundations/jsonb-types/sign-in-experience.js").Color;
     branding: import("../foundations/jsonb-types/sign-in-experience.js").Branding;
-    customCss: string | null;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
     hideLogtoBranding: boolean;
@@ -721,6 +728,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     sentinelPolicy: import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy;
     emailBlocklistPolicy: import("../foundations/jsonb-types/sign-in-experience.js").EmailBlocklistPolicy;
     passkeySignIn: import("../foundations/jsonb-types/sign-in-experience.js").PasskeySignIn;
+    signUpProfileFields: import("../foundations/jsonb-types/sign-in-experience.js").SignUpProfileFields | null;
     socialConnectors: {
         name: {
             en: string;
@@ -739,6 +747,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
             "ca-ES"?: string | undefined;
             "cb-IQ"?: string | undefined;
             "co-FR"?: string | undefined;
+            cs?: string | undefined;
             "cs-CZ"?: string | undefined;
             "cx-PH"?: string | undefined;
             "cy-GB"?: string | undefined;
@@ -892,9 +901,9 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     id: string;
     tenantId: string;
     mfa: import("../foundations/jsonb-types/sign-in-experience.js").Mfa;
+    customCss: string | null;
     color: import("../foundations/jsonb-types/sign-in-experience.js").Color;
     branding: import("../foundations/jsonb-types/sign-in-experience.js").Branding;
-    customCss: string | null;
     termsOfUseUrl: string | null;
     privacyPolicyUrl: string | null;
     hideLogtoBranding: boolean;
@@ -917,6 +926,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
     sentinelPolicy: import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy;
     emailBlocklistPolicy: import("../foundations/jsonb-types/sign-in-experience.js").EmailBlocklistPolicy;
     passkeySignIn: import("../foundations/jsonb-types/sign-in-experience.js").PasskeySignIn;
+    signUpProfileFields: import("../foundations/jsonb-types/sign-in-experience.js").SignUpProfileFields | null;
     socialConnectors: {
         name: {
             en: string;
@@ -935,6 +945,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
             "ca-ES"?: string | undefined;
             "cb-IQ"?: string | undefined;
             "co-FR"?: string | undefined;
+            cs?: string | undefined;
             "cs-CZ"?: string | undefined;
             "cx-PH"?: string | undefined;
             "cy-GB"?: string | undefined;

package/lib/types/user-logto-config.d.ts

@@ -8,10 +8,23 @@ export declare const userPasskeySignInDataKey = "passkey_sign_in";
  * Schema for MFA-related data stored in user's logto_config
  */
 export declare const userMfaDataGuard: z.ZodObject<{
+    /**
+     * Whether the user has actively enabled/bound MFA factors
+     *
+     * Note: The `undefined` value indicates that a new user has never made a choice on enabling the optional MFA; or an
+     * existing user data was created before the introduction of this field, so the MFA enabled state is unknown. We need
+     * to check extra conditions to determine it when the user submits the experience interaction.
+     * @see {@link @logto/core/packages/core/src/routes/experience/classes/mfa.ts#assertOptionalMfaEnablement}
+     */
+    enabled: z.ZodOptional<z.ZodBoolean>;
     /**
      * Whether the user has skipped MFA binding flow
      */
     skipped: z.ZodOptional<z.ZodBoolean>;
+    /**
+     * Whether the user has skipped optional additional MFA binding suggestion
+     */
+    additionalBindingSuggestionSkipped: z.ZodOptional<z.ZodBoolean>;
     /**
      * Whether the user has skipped MFA verification on sign-in
      *
@@ -20,10 +33,14 @@ export declare const userMfaDataGuard: z.ZodObject<{
      */
     skipMfaOnSignIn: z.ZodOptional<z.ZodBoolean>;
 }, "strip", z.ZodTypeAny, {
+    enabled?: boolean | undefined;
     skipped?: boolean | undefined;
+    additionalBindingSuggestionSkipped?: boolean | undefined;
     skipMfaOnSignIn?: boolean | undefined;
 }, {
+    enabled?: boolean | undefined;
     skipped?: boolean | undefined;
+    additionalBindingSuggestionSkipped?: boolean | undefined;
     skipMfaOnSignIn?: boolean | undefined;
 }>;
 export type UserMfaData = z.infer<typeof userMfaDataGuard>;
@@ -41,15 +58,39 @@ export declare const userPasskeySignInDataGuard: z.ZodObject<{
     skipped?: boolean | undefined;
 }>;
 export type UserPasskeySignInData = z.infer<typeof userPasskeySignInDataGuard>;
+/**
+ * Schema for the MFA settings API response (GET/PATCH /api/my-account/mfa-settings)
+ */
+export declare const userMfaSettingsResponseGuard: z.ZodObject<{
+    skipMfaOnSignIn: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    skipMfaOnSignIn: boolean;
+}, {
+    skipMfaOnSignIn: boolean;
+}>;
+export type UserMfaSettingsResponse = z.infer<typeof userMfaSettingsResponseGuard>;
 /**
  * Schema for user's logto_config field
  */
 export declare const userLogtoConfigGuard: z.ZodObject<{
     mfa: z.ZodOptional<z.ZodObject<{
+        /**
+         * Whether the user has actively enabled/bound MFA factors
+         *
+         * Note: The `undefined` value indicates that a new user has never made a choice on enabling the optional MFA; or an
+         * existing user data was created before the introduction of this field, so the MFA enabled state is unknown. We need
+         * to check extra conditions to determine it when the user submits the experience interaction.
+         * @see {@link @logto/core/packages/core/src/routes/experience/classes/mfa.ts#assertOptionalMfaEnablement}
+         */
+        enabled: z.ZodOptional<z.ZodBoolean>;
         /**
          * Whether the user has skipped MFA binding flow
          */
         skipped: z.ZodOptional<z.ZodBoolean>;
+        /**
+         * Whether the user has skipped optional additional MFA binding suggestion
+         */
+        additionalBindingSuggestionSkipped: z.ZodOptional<z.ZodBoolean>;
         /**
          * Whether the user has skipped MFA verification on sign-in
          *
@@ -58,10 +99,14 @@ export declare const userLogtoConfigGuard: z.ZodObject<{
          */
         skipMfaOnSignIn: z.ZodOptional<z.ZodBoolean>;
     }, "strip", z.ZodTypeAny, {
+        enabled?: boolean | undefined;
         skipped?: boolean | undefined;
+        additionalBindingSuggestionSkipped?: boolean | undefined;
         skipMfaOnSignIn?: boolean | undefined;
     }, {
+        enabled?: boolean | undefined;
         skipped?: boolean | undefined;
+        additionalBindingSuggestionSkipped?: boolean | undefined;
         skipMfaOnSignIn?: boolean | undefined;
     }>>;
     passkey_sign_in: z.ZodOptional<z.ZodObject<{
@@ -76,7 +121,9 @@ export declare const userLogtoConfigGuard: z.ZodObject<{
     }>>;
 }, "strip", z.ZodTypeAny, {
     mfa?: {
+        enabled?: boolean | undefined;
         skipped?: boolean | undefined;
+        additionalBindingSuggestionSkipped?: boolean | undefined;
         skipMfaOnSignIn?: boolean | undefined;
     } | undefined;
     passkey_sign_in?: {
@@ -84,7 +131,9 @@ export declare const userLogtoConfigGuard: z.ZodObject<{
     } | undefined;
 }, {
     mfa?: {
+        enabled?: boolean | undefined;
         skipped?: boolean | undefined;
+        additionalBindingSuggestionSkipped?: boolean | undefined;
         skipMfaOnSignIn?: boolean | undefined;
     } | undefined;
     passkey_sign_in?: {

package/lib/types/user-logto-config.js

@@ -11,10 +11,23 @@ export const userPasskeySignInDataKey = 'passkey_sign_in';
  * Schema for MFA-related data stored in user's logto_config
  */
 export const userMfaDataGuard = z.object({
+    /**
+     * Whether the user has actively enabled/bound MFA factors
+     *
+     * Note: The `undefined` value indicates that a new user has never made a choice on enabling the optional MFA; or an
+     * existing user data was created before the introduction of this field, so the MFA enabled state is unknown. We need
+     * to check extra conditions to determine it when the user submits the experience interaction.
+     * @see {@link @logto/core/packages/core/src/routes/experience/classes/mfa.ts#assertOptionalMfaEnablement}
+     */
+    enabled: z.boolean().optional(),
     /**
      * Whether the user has skipped MFA binding flow
      */
     skipped: z.boolean().optional(),
+    /**
+     * Whether the user has skipped optional additional MFA binding suggestion
+     */
+    additionalBindingSuggestionSkipped: z.boolean().optional(),
     /**
      * Whether the user has skipped MFA verification on sign-in
      *
@@ -32,6 +45,12 @@ export const userPasskeySignInDataGuard = z.object({
      */
     skipped: z.boolean().optional(),
 });
+/**
+ * Schema for the MFA settings API response (GET/PATCH /api/my-account/mfa-settings)
+ */
+export const userMfaSettingsResponseGuard = z.object({
+    skipMfaOnSignIn: z.boolean(),
+});
 /**
  * Schema for user's logto_config field
  */