@logto/schemas 1.38.0 → 1.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/alterations/1.39.0-1774752400-add-delete-account-url.ts +20 -0
- package/alterations/1.39.0-1774770686-add-account-center-custom-css.ts +20 -0
- package/alterations/1.39.0-1776502301-add-sign-up-profile-fields.ts +20 -0
- package/alterations/1.40.0-1776516232-add-account-center-profile-fields.ts +20 -0
- package/alterations/1.40.0-1778318116-add-custom-ui-csp-to-sie.ts +20 -0
- package/alterations/1.40.0-1778500000-add-organization-user-relations-user-id-index.ts +41 -0
- package/alterations/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.ts +43 -0
- package/alterations/1.40.0-1779421396-add-application-access-control-schema.ts +90 -0
- package/alterations-js/1.39.0-1774752400-add-delete-account-url.js +16 -0
- package/alterations-js/1.39.0-1774770686-add-account-center-custom-css.js +16 -0
- package/alterations-js/1.39.0-1776502301-add-sign-up-profile-fields.js +16 -0
- package/alterations-js/1.40.0-1776516232-add-account-center-profile-fields.js +16 -0
- package/alterations-js/1.40.0-1778318116-add-custom-ui-csp-to-sie.js +16 -0
- package/alterations-js/1.40.0-1778500000-add-organization-user-relations-user-id-index.js +37 -0
- package/alterations-js/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.js +39 -0
- package/alterations-js/1.40.0-1779421396-add-application-access-control-schema.js +82 -0
- package/lib/consts/application.d.ts +1 -0
- package/lib/consts/application.js +1 -0
- package/lib/consts/index.d.ts +1 -0
- package/lib/consts/index.js +1 -0
- package/lib/db-entries/account-center.d.ts +14 -2
- package/lib/db-entries/account-center.js +13 -1
- package/lib/db-entries/application-access-control-org-role-relation.d.ts +22 -0
- package/lib/db-entries/application-access-control-org-role-relation.js +33 -0
- package/lib/db-entries/application-access-control-organization-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-organization-relation.js +29 -0
- package/lib/db-entries/application-access-control-user-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-user-relation.js +29 -0
- package/lib/db-entries/application-access-control-user-role-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-user-role-relation.js +29 -0
- package/lib/db-entries/application.d.ts +3 -1
- package/lib/db-entries/application.js +4 -0
- package/lib/db-entries/index.d.ts +4 -0
- package/lib/db-entries/index.js +4 -0
- package/lib/db-entries/sign-in-experience.d.ts +8 -2
- package/lib/db-entries/sign-in-experience.js +9 -1
- package/lib/foundations/jsonb-types/account-centers.d.ts +27 -0
- package/lib/foundations/jsonb-types/account-centers.js +12 -0
- package/lib/foundations/jsonb-types/applications.d.ts +3 -0
- package/lib/foundations/jsonb-types/applications.js +4 -0
- package/lib/foundations/jsonb-types/applications.test.d.ts +1 -0
- package/lib/foundations/jsonb-types/applications.test.js +23 -0
- package/lib/foundations/jsonb-types/sign-in-experience.d.ts +27 -1
- package/lib/foundations/jsonb-types/sign-in-experience.js +5 -0
- package/lib/foundations/jsonb-types/sign-in-experience.test.d.ts +1 -0
- package/lib/foundations/jsonb-types/sign-in-experience.test.js +18 -0
- package/lib/seeds/application.js +2 -0
- package/lib/seeds/sign-in-experience.d.ts +13 -1
- package/lib/seeds/sign-in-experience.js +10 -1
- package/lib/seeds/sign-in-experience.test.d.ts +1 -0
- package/lib/seeds/sign-in-experience.test.js +27 -0
- package/lib/types/alteration.d.ts +5 -0
- package/lib/types/application.d.ts +101 -2
- package/lib/types/application.js +55 -0
- package/lib/types/application.test.d.ts +1 -0
- package/lib/types/application.test.js +120 -0
- package/lib/types/consent.d.ts +6 -0
- package/lib/types/custom-profile-fields.d.ts +7 -13
- package/lib/types/custom-profile-fields.js +6 -13
- package/lib/types/logto-config/index.d.ts +93 -2
- package/lib/types/logto-config/index.js +22 -4
- package/lib/types/logto-config/index.test.d.ts +1 -0
- package/lib/types/logto-config/index.test.js +29 -0
- package/lib/types/logto-config/jwt-customizer.d.ts +74 -0
- package/lib/types/logto-config/jwt-customizer.js +1 -0
- package/lib/types/logto-config/jwt-customizer.test.js +14 -2
- package/lib/types/onboarding.d.ts +93 -1
- package/lib/types/onboarding.js +22 -1
- package/lib/types/saml-application.d.ts +3 -0
- package/lib/types/sign-in-experience.d.ts +23 -2
- package/lib/types/sign-in-experience.js +1 -0
- package/lib/types/system.d.ts +46 -7
- package/lib/types/system.js +9 -0
- package/lib/types/user-assets.d.ts +1 -1
- package/lib/types/user-logto-config.d.ts +11 -0
- package/lib/types/user-logto-config.js +6 -0
- package/lib/types/user-sessions.d.ts +2516 -0
- package/lib/types/user-sessions.js +21 -0
- package/lib/utils/index.d.ts +1 -0
- package/lib/utils/index.js +1 -0
- package/lib/utils/oidc-private-key.d.ts +88 -0
- package/lib/utils/oidc-private-key.js +163 -0
- package/lib/utils/oidc-private-key.test.d.ts +1 -0
- package/lib/utils/oidc-private-key.test.js +128 -0
- package/package.json +6 -6
- package/tables/account_centers.sql +6 -0
- package/tables/application_access_control_org_role_relations.sql +16 -0
- package/tables/application_access_control_organization_relations.sql +12 -0
- package/tables/application_access_control_user_relations.sql +12 -0
- package/tables/application_access_control_user_role_relations.sql +14 -0
- package/tables/applications.sql +1 -0
- package/tables/organization_role_user_relations.sql +3 -0
- package/tables/organization_user_relations.sql +3 -0
- package/tables/sign_in_experiences.sql +3 -0
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
const createGuard = z.object({
|
|
4
|
+
tenantId: z.string().max(21).optional(),
|
|
5
|
+
applicationId: z.string().min(1).max(21),
|
|
6
|
+
organizationId: z.string().min(1).max(21),
|
|
7
|
+
organizationRoleId: z.string().min(1).max(21),
|
|
8
|
+
});
|
|
9
|
+
const guard = z.object({
|
|
10
|
+
tenantId: z.string().max(21),
|
|
11
|
+
applicationId: z.string().min(1).max(21),
|
|
12
|
+
organizationId: z.string().min(1).max(21),
|
|
13
|
+
organizationRoleId: z.string().min(1).max(21),
|
|
14
|
+
});
|
|
15
|
+
export const ApplicationAccessControlOrgRoleRelations = Object.freeze({
|
|
16
|
+
table: 'application_access_control_org_role_relations',
|
|
17
|
+
tableSingular: 'application_access_control_org_role_relation',
|
|
18
|
+
fields: {
|
|
19
|
+
tenantId: 'tenant_id',
|
|
20
|
+
applicationId: 'application_id',
|
|
21
|
+
organizationId: 'organization_id',
|
|
22
|
+
organizationRoleId: 'organization_role_id',
|
|
23
|
+
},
|
|
24
|
+
fieldKeys: [
|
|
25
|
+
'tenantId',
|
|
26
|
+
'applicationId',
|
|
27
|
+
'organizationId',
|
|
28
|
+
'organizationRoleId',
|
|
29
|
+
],
|
|
30
|
+
createGuard,
|
|
31
|
+
guard,
|
|
32
|
+
updateGuard: guard.partial(),
|
|
33
|
+
});
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { GeneratedSchema } from './../foundations/index.js';
|
|
2
|
+
/**
|
|
3
|
+
* The organization membership allow relations for application-level access control.
|
|
4
|
+
*
|
|
5
|
+
* @remarks This is a type for database creation.
|
|
6
|
+
* @see {@link ApplicationAccessControlOrganizationRelation} for the original type.
|
|
7
|
+
*/
|
|
8
|
+
export type CreateApplicationAccessControlOrganizationRelation = {
|
|
9
|
+
tenantId?: string;
|
|
10
|
+
applicationId: string;
|
|
11
|
+
organizationId: string;
|
|
12
|
+
};
|
|
13
|
+
/** The organization membership allow relations for application-level access control. */
|
|
14
|
+
export type ApplicationAccessControlOrganizationRelation = {
|
|
15
|
+
tenantId: string;
|
|
16
|
+
applicationId: string;
|
|
17
|
+
organizationId: string;
|
|
18
|
+
};
|
|
19
|
+
export type ApplicationAccessControlOrganizationRelationKeys = 'tenantId' | 'applicationId' | 'organizationId';
|
|
20
|
+
export declare const ApplicationAccessControlOrganizationRelations: GeneratedSchema<ApplicationAccessControlOrganizationRelationKeys, CreateApplicationAccessControlOrganizationRelation, ApplicationAccessControlOrganizationRelation, 'application_access_control_organization_relations', 'application_access_control_organization_relation'>;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
const createGuard = z.object({
|
|
4
|
+
tenantId: z.string().max(21).optional(),
|
|
5
|
+
applicationId: z.string().min(1).max(21),
|
|
6
|
+
organizationId: z.string().min(1).max(21),
|
|
7
|
+
});
|
|
8
|
+
const guard = z.object({
|
|
9
|
+
tenantId: z.string().max(21),
|
|
10
|
+
applicationId: z.string().min(1).max(21),
|
|
11
|
+
organizationId: z.string().min(1).max(21),
|
|
12
|
+
});
|
|
13
|
+
export const ApplicationAccessControlOrganizationRelations = Object.freeze({
|
|
14
|
+
table: 'application_access_control_organization_relations',
|
|
15
|
+
tableSingular: 'application_access_control_organization_relation',
|
|
16
|
+
fields: {
|
|
17
|
+
tenantId: 'tenant_id',
|
|
18
|
+
applicationId: 'application_id',
|
|
19
|
+
organizationId: 'organization_id',
|
|
20
|
+
},
|
|
21
|
+
fieldKeys: [
|
|
22
|
+
'tenantId',
|
|
23
|
+
'applicationId',
|
|
24
|
+
'organizationId',
|
|
25
|
+
],
|
|
26
|
+
createGuard,
|
|
27
|
+
guard,
|
|
28
|
+
updateGuard: guard.partial(),
|
|
29
|
+
});
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { GeneratedSchema } from './../foundations/index.js';
|
|
2
|
+
/**
|
|
3
|
+
* The direct user allow relations for application-level access control.
|
|
4
|
+
*
|
|
5
|
+
* @remarks This is a type for database creation.
|
|
6
|
+
* @see {@link ApplicationAccessControlUserRelation} for the original type.
|
|
7
|
+
*/
|
|
8
|
+
export type CreateApplicationAccessControlUserRelation = {
|
|
9
|
+
tenantId?: string;
|
|
10
|
+
applicationId: string;
|
|
11
|
+
userId: string;
|
|
12
|
+
};
|
|
13
|
+
/** The direct user allow relations for application-level access control. */
|
|
14
|
+
export type ApplicationAccessControlUserRelation = {
|
|
15
|
+
tenantId: string;
|
|
16
|
+
applicationId: string;
|
|
17
|
+
userId: string;
|
|
18
|
+
};
|
|
19
|
+
export type ApplicationAccessControlUserRelationKeys = 'tenantId' | 'applicationId' | 'userId';
|
|
20
|
+
export declare const ApplicationAccessControlUserRelations: GeneratedSchema<ApplicationAccessControlUserRelationKeys, CreateApplicationAccessControlUserRelation, ApplicationAccessControlUserRelation, 'application_access_control_user_relations', 'application_access_control_user_relation'>;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
const createGuard = z.object({
|
|
4
|
+
tenantId: z.string().max(21).optional(),
|
|
5
|
+
applicationId: z.string().min(1).max(21),
|
|
6
|
+
userId: z.string().min(1).max(21),
|
|
7
|
+
});
|
|
8
|
+
const guard = z.object({
|
|
9
|
+
tenantId: z.string().max(21),
|
|
10
|
+
applicationId: z.string().min(1).max(21),
|
|
11
|
+
userId: z.string().min(1).max(21),
|
|
12
|
+
});
|
|
13
|
+
export const ApplicationAccessControlUserRelations = Object.freeze({
|
|
14
|
+
table: 'application_access_control_user_relations',
|
|
15
|
+
tableSingular: 'application_access_control_user_relation',
|
|
16
|
+
fields: {
|
|
17
|
+
tenantId: 'tenant_id',
|
|
18
|
+
applicationId: 'application_id',
|
|
19
|
+
userId: 'user_id',
|
|
20
|
+
},
|
|
21
|
+
fieldKeys: [
|
|
22
|
+
'tenantId',
|
|
23
|
+
'applicationId',
|
|
24
|
+
'userId',
|
|
25
|
+
],
|
|
26
|
+
createGuard,
|
|
27
|
+
guard,
|
|
28
|
+
updateGuard: guard.partial(),
|
|
29
|
+
});
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { GeneratedSchema } from './../foundations/index.js';
|
|
2
|
+
/**
|
|
3
|
+
* The user role allow relations for application-level access control.
|
|
4
|
+
*
|
|
5
|
+
* @remarks This is a type for database creation.
|
|
6
|
+
* @see {@link ApplicationAccessControlUserRoleRelation} for the original type.
|
|
7
|
+
*/
|
|
8
|
+
export type CreateApplicationAccessControlUserRoleRelation = {
|
|
9
|
+
tenantId?: string;
|
|
10
|
+
applicationId: string;
|
|
11
|
+
roleId: string;
|
|
12
|
+
};
|
|
13
|
+
/** The user role allow relations for application-level access control. */
|
|
14
|
+
export type ApplicationAccessControlUserRoleRelation = {
|
|
15
|
+
tenantId: string;
|
|
16
|
+
applicationId: string;
|
|
17
|
+
roleId: string;
|
|
18
|
+
};
|
|
19
|
+
export type ApplicationAccessControlUserRoleRelationKeys = 'tenantId' | 'applicationId' | 'roleId';
|
|
20
|
+
export declare const ApplicationAccessControlUserRoleRelations: GeneratedSchema<ApplicationAccessControlUserRoleRelationKeys, CreateApplicationAccessControlUserRoleRelation, ApplicationAccessControlUserRoleRelation, 'application_access_control_user_role_relations', 'application_access_control_user_role_relation'>;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
const createGuard = z.object({
|
|
4
|
+
tenantId: z.string().max(21).optional(),
|
|
5
|
+
applicationId: z.string().min(1).max(21),
|
|
6
|
+
roleId: z.string().min(1).max(21),
|
|
7
|
+
});
|
|
8
|
+
const guard = z.object({
|
|
9
|
+
tenantId: z.string().max(21),
|
|
10
|
+
applicationId: z.string().min(1).max(21),
|
|
11
|
+
roleId: z.string().min(1).max(21),
|
|
12
|
+
});
|
|
13
|
+
export const ApplicationAccessControlUserRoleRelations = Object.freeze({
|
|
14
|
+
table: 'application_access_control_user_role_relations',
|
|
15
|
+
tableSingular: 'application_access_control_user_role_relation',
|
|
16
|
+
fields: {
|
|
17
|
+
tenantId: 'tenant_id',
|
|
18
|
+
applicationId: 'application_id',
|
|
19
|
+
roleId: 'role_id',
|
|
20
|
+
},
|
|
21
|
+
fieldKeys: [
|
|
22
|
+
'tenantId',
|
|
23
|
+
'applicationId',
|
|
24
|
+
'roleId',
|
|
25
|
+
],
|
|
26
|
+
createGuard,
|
|
27
|
+
guard,
|
|
28
|
+
updateGuard: guard.partial(),
|
|
29
|
+
});
|
|
@@ -18,6 +18,7 @@ export type CreateApplication = {
|
|
|
18
18
|
protectedAppMetadata?: ProtectedAppMetadata | null;
|
|
19
19
|
customData?: JsonObject;
|
|
20
20
|
isThirdParty?: boolean;
|
|
21
|
+
appLevelAccessControlEnabled?: boolean;
|
|
21
22
|
createdAt?: number;
|
|
22
23
|
};
|
|
23
24
|
export type Application = {
|
|
@@ -33,7 +34,8 @@ export type Application = {
|
|
|
33
34
|
protectedAppMetadata: ProtectedAppMetadata | null;
|
|
34
35
|
customData: JsonObject;
|
|
35
36
|
isThirdParty: boolean;
|
|
37
|
+
appLevelAccessControlEnabled: boolean;
|
|
36
38
|
createdAt: number;
|
|
37
39
|
};
|
|
38
|
-
export type ApplicationKeys = 'tenantId' | 'id' | 'name' | 'secret' | 'description' | 'type' | 'oidcClientMetadata' | 'customClientMetadata' | 'protectedAppMetadata' | 'customData' | 'isThirdParty' | 'createdAt';
|
|
40
|
+
export type ApplicationKeys = 'tenantId' | 'id' | 'name' | 'secret' | 'description' | 'type' | 'oidcClientMetadata' | 'customClientMetadata' | 'protectedAppMetadata' | 'customData' | 'isThirdParty' | 'appLevelAccessControlEnabled' | 'createdAt';
|
|
39
41
|
export declare const Applications: GeneratedSchema<ApplicationKeys, CreateApplication, Application, 'applications', 'application'>;
|
|
@@ -14,6 +14,7 @@ const createGuard = z.object({
|
|
|
14
14
|
protectedAppMetadata: protectedAppMetadataGuard.nullable().optional(),
|
|
15
15
|
customData: jsonObjectGuard.optional(),
|
|
16
16
|
isThirdParty: z.boolean().optional(),
|
|
17
|
+
appLevelAccessControlEnabled: z.boolean().optional(),
|
|
17
18
|
createdAt: z.number().optional(),
|
|
18
19
|
});
|
|
19
20
|
const guard = z.object({
|
|
@@ -28,6 +29,7 @@ const guard = z.object({
|
|
|
28
29
|
protectedAppMetadata: protectedAppMetadataGuard.nullable(),
|
|
29
30
|
customData: jsonObjectGuard,
|
|
30
31
|
isThirdParty: z.boolean(),
|
|
32
|
+
appLevelAccessControlEnabled: z.boolean(),
|
|
31
33
|
createdAt: z.number(),
|
|
32
34
|
});
|
|
33
35
|
export const Applications = Object.freeze({
|
|
@@ -45,6 +47,7 @@ export const Applications = Object.freeze({
|
|
|
45
47
|
protectedAppMetadata: 'protected_app_metadata',
|
|
46
48
|
customData: 'custom_data',
|
|
47
49
|
isThirdParty: 'is_third_party',
|
|
50
|
+
appLevelAccessControlEnabled: 'app_level_access_control_enabled',
|
|
48
51
|
createdAt: 'created_at',
|
|
49
52
|
},
|
|
50
53
|
fieldKeys: [
|
|
@@ -59,6 +62,7 @@ export const Applications = Object.freeze({
|
|
|
59
62
|
'protectedAppMetadata',
|
|
60
63
|
'customData',
|
|
61
64
|
'isThirdParty',
|
|
65
|
+
'appLevelAccessControlEnabled',
|
|
62
66
|
'createdAt',
|
|
63
67
|
],
|
|
64
68
|
createGuard,
|
|
@@ -5,6 +5,10 @@ export * from './-before-all.js';
|
|
|
5
5
|
export * from './-function.js';
|
|
6
6
|
export * from './account-center.js';
|
|
7
7
|
export * from './aggregated-daily-active-user.js';
|
|
8
|
+
export * from './application-access-control-org-role-relation.js';
|
|
9
|
+
export * from './application-access-control-organization-relation.js';
|
|
10
|
+
export * from './application-access-control-user-relation.js';
|
|
11
|
+
export * from './application-access-control-user-role-relation.js';
|
|
8
12
|
export * from './application-secret.js';
|
|
9
13
|
export * from './application-sign-in-experience.js';
|
|
10
14
|
export * from './application-user-consent-organization-resource-scope.js';
|
package/lib/db-entries/index.js
CHANGED
|
@@ -6,6 +6,10 @@ export * from './-before-all.js';
|
|
|
6
6
|
export * from './-function.js';
|
|
7
7
|
export * from './account-center.js';
|
|
8
8
|
export * from './aggregated-daily-active-user.js';
|
|
9
|
+
export * from './application-access-control-org-role-relation.js';
|
|
10
|
+
export * from './application-access-control-organization-relation.js';
|
|
11
|
+
export * from './application-access-control-user-relation.js';
|
|
12
|
+
export * from './application-access-control-user-role-relation.js';
|
|
9
13
|
export * from './application-secret.js';
|
|
10
14
|
export * from './application-sign-in-experience.js';
|
|
11
15
|
export * from './application-user-consent-organization-resource-scope.js';
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, AdaptiveMfa, CaptchaPolicy, SentinelPolicy, EmailBlocklistPolicy, ForgotPasswordMethods, PasskeySignIn, GeneratedSchema } from './../foundations/index.js';
|
|
1
|
+
import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, CustomUiCsp, PartialPasswordPolicy, Mfa, AdaptiveMfa, CaptchaPolicy, SentinelPolicy, EmailBlocklistPolicy, ForgotPasswordMethods, PasskeySignIn, SignUpProfileFields, GeneratedSchema } from './../foundations/index.js';
|
|
2
2
|
import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
|
|
3
3
|
/**
|
|
4
4
|
*
|
|
@@ -24,6 +24,7 @@ export type CreateSignInExperience = {
|
|
|
24
24
|
customCss?: string | null;
|
|
25
25
|
customContent?: CustomContent;
|
|
26
26
|
customUiAssets?: CustomUiAssets | null;
|
|
27
|
+
customUiCsp?: CustomUiCsp;
|
|
27
28
|
passwordPolicy?: PartialPasswordPolicy;
|
|
28
29
|
mfa?: Mfa;
|
|
29
30
|
adaptiveMfa?: AdaptiveMfa;
|
|
@@ -36,6 +37,8 @@ export type CreateSignInExperience = {
|
|
|
36
37
|
emailBlocklistPolicy?: EmailBlocklistPolicy;
|
|
37
38
|
forgotPasswordMethods?: ForgotPasswordMethods | null;
|
|
38
39
|
passkeySignIn?: PasskeySignIn;
|
|
40
|
+
/** Nullable by design: null keeps legacy full-catalog behavior and [] collects no custom profile fields. */
|
|
41
|
+
signUpProfileFields?: SignUpProfileFields | null;
|
|
39
42
|
};
|
|
40
43
|
export type SignInExperience = {
|
|
41
44
|
tenantId: string;
|
|
@@ -56,6 +59,7 @@ export type SignInExperience = {
|
|
|
56
59
|
customCss: string | null;
|
|
57
60
|
customContent: CustomContent;
|
|
58
61
|
customUiAssets: CustomUiAssets | null;
|
|
62
|
+
customUiCsp: CustomUiCsp;
|
|
59
63
|
passwordPolicy: PartialPasswordPolicy;
|
|
60
64
|
mfa: Mfa;
|
|
61
65
|
adaptiveMfa: AdaptiveMfa;
|
|
@@ -68,6 +72,8 @@ export type SignInExperience = {
|
|
|
68
72
|
emailBlocklistPolicy: EmailBlocklistPolicy;
|
|
69
73
|
forgotPasswordMethods: ForgotPasswordMethods | null;
|
|
70
74
|
passkeySignIn: PasskeySignIn;
|
|
75
|
+
/** Nullable by design: null keeps legacy full-catalog behavior and [] collects no custom profile fields. */
|
|
76
|
+
signUpProfileFields: SignUpProfileFields | null;
|
|
71
77
|
};
|
|
72
|
-
export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'hideLogtoBranding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'adaptiveMfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy' | 'emailBlocklistPolicy' | 'forgotPasswordMethods' | 'passkeySignIn';
|
|
78
|
+
export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'hideLogtoBranding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'customUiCsp' | 'passwordPolicy' | 'mfa' | 'adaptiveMfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy' | 'emailBlocklistPolicy' | 'forgotPasswordMethods' | 'passkeySignIn' | 'signUpProfileFields';
|
|
73
79
|
export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
|
|
2
2
|
import { z } from 'zod';
|
|
3
|
-
import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard, adaptiveMfaGuard, captchaPolicyGuard, sentinelPolicyGuard, emailBlocklistPolicyGuard, forgotPasswordMethodsGuard, passkeySignInGuard } from './../foundations/index.js';
|
|
3
|
+
import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, customUiCspGuard, partialPasswordPolicyGuard, mfaGuard, adaptiveMfaGuard, captchaPolicyGuard, sentinelPolicyGuard, emailBlocklistPolicyGuard, forgotPasswordMethodsGuard, passkeySignInGuard, signUpProfileFieldsGuard } from './../foundations/index.js';
|
|
4
4
|
import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
|
|
5
5
|
const createGuard = z.object({
|
|
6
6
|
tenantId: z.string().max(21).optional(),
|
|
@@ -20,6 +20,7 @@ const createGuard = z.object({
|
|
|
20
20
|
customCss: z.string().nullable().optional(),
|
|
21
21
|
customContent: customContentGuard.optional(),
|
|
22
22
|
customUiAssets: customUiAssetsGuard.nullable().optional(),
|
|
23
|
+
customUiCsp: customUiCspGuard.optional(),
|
|
23
24
|
passwordPolicy: partialPasswordPolicyGuard.optional(),
|
|
24
25
|
mfa: mfaGuard.optional(),
|
|
25
26
|
adaptiveMfa: adaptiveMfaGuard.optional(),
|
|
@@ -32,6 +33,7 @@ const createGuard = z.object({
|
|
|
32
33
|
emailBlocklistPolicy: emailBlocklistPolicyGuard.optional(),
|
|
33
34
|
forgotPasswordMethods: forgotPasswordMethodsGuard.nullable().optional(),
|
|
34
35
|
passkeySignIn: passkeySignInGuard.optional(),
|
|
36
|
+
signUpProfileFields: signUpProfileFieldsGuard.nullable().optional(),
|
|
35
37
|
});
|
|
36
38
|
const guard = z.object({
|
|
37
39
|
tenantId: z.string().max(21),
|
|
@@ -51,6 +53,7 @@ const guard = z.object({
|
|
|
51
53
|
customCss: z.string().nullable(),
|
|
52
54
|
customContent: customContentGuard,
|
|
53
55
|
customUiAssets: customUiAssetsGuard.nullable(),
|
|
56
|
+
customUiCsp: customUiCspGuard,
|
|
54
57
|
passwordPolicy: partialPasswordPolicyGuard,
|
|
55
58
|
mfa: mfaGuard,
|
|
56
59
|
adaptiveMfa: adaptiveMfaGuard,
|
|
@@ -63,6 +66,7 @@ const guard = z.object({
|
|
|
63
66
|
emailBlocklistPolicy: emailBlocklistPolicyGuard,
|
|
64
67
|
forgotPasswordMethods: forgotPasswordMethodsGuard.nullable(),
|
|
65
68
|
passkeySignIn: passkeySignInGuard,
|
|
69
|
+
signUpProfileFields: signUpProfileFieldsGuard.nullable(),
|
|
66
70
|
});
|
|
67
71
|
export const SignInExperiences = Object.freeze({
|
|
68
72
|
table: 'sign_in_experiences',
|
|
@@ -85,6 +89,7 @@ export const SignInExperiences = Object.freeze({
|
|
|
85
89
|
customCss: 'custom_css',
|
|
86
90
|
customContent: 'custom_content',
|
|
87
91
|
customUiAssets: 'custom_ui_assets',
|
|
92
|
+
customUiCsp: 'custom_ui_csp',
|
|
88
93
|
passwordPolicy: 'password_policy',
|
|
89
94
|
mfa: 'mfa',
|
|
90
95
|
adaptiveMfa: 'adaptive_mfa',
|
|
@@ -97,6 +102,7 @@ export const SignInExperiences = Object.freeze({
|
|
|
97
102
|
emailBlocklistPolicy: 'email_blocklist_policy',
|
|
98
103
|
forgotPasswordMethods: 'forgot_password_methods',
|
|
99
104
|
passkeySignIn: 'passkey_sign_in',
|
|
105
|
+
signUpProfileFields: 'sign_up_profile_fields',
|
|
100
106
|
},
|
|
101
107
|
fieldKeys: [
|
|
102
108
|
'tenantId',
|
|
@@ -116,6 +122,7 @@ export const SignInExperiences = Object.freeze({
|
|
|
116
122
|
'customCss',
|
|
117
123
|
'customContent',
|
|
118
124
|
'customUiAssets',
|
|
125
|
+
'customUiCsp',
|
|
119
126
|
'passwordPolicy',
|
|
120
127
|
'mfa',
|
|
121
128
|
'adaptiveMfa',
|
|
@@ -128,6 +135,7 @@ export const SignInExperiences = Object.freeze({
|
|
|
128
135
|
'emailBlocklistPolicy',
|
|
129
136
|
'forgotPasswordMethods',
|
|
130
137
|
'passkeySignIn',
|
|
138
|
+
'signUpProfileFields',
|
|
131
139
|
],
|
|
132
140
|
createGuard,
|
|
133
141
|
guard,
|
|
@@ -49,3 +49,30 @@ export declare const accountCenterFieldControlGuard: z.ZodObject<{
|
|
|
49
49
|
export type AccountCenterFieldControl = z.infer<typeof accountCenterFieldControlGuard>;
|
|
50
50
|
export declare const webauthnRelatedOriginsGuard: z.ZodArray<z.ZodString, "many">;
|
|
51
51
|
export type WebauthnRelatedOrigins = z.infer<typeof webauthnRelatedOriginsGuard>;
|
|
52
|
+
/**
|
|
53
|
+
* Configuration for which custom profile fields are exposed in the prebuilt account center and
|
|
54
|
+
* in which order. Each entry references an existing field by name in the `custom_profile_fields`
|
|
55
|
+
* catalog; fields in the catalog but not in this list are not shown in the account center.
|
|
56
|
+
*
|
|
57
|
+
* Kept separate from `signUpProfileFields` so the sign-up and account-center surfaces can be
|
|
58
|
+
* configured independently against the same catalog.
|
|
59
|
+
*/
|
|
60
|
+
export type AccountCenterProfileFieldItem = {
|
|
61
|
+
name: string;
|
|
62
|
+
};
|
|
63
|
+
export declare const accountCenterProfileFieldItemGuard: z.ZodObject<{
|
|
64
|
+
name: z.ZodString;
|
|
65
|
+
}, "strip", z.ZodTypeAny, {
|
|
66
|
+
name: string;
|
|
67
|
+
}, {
|
|
68
|
+
name: string;
|
|
69
|
+
}>;
|
|
70
|
+
export declare const accountCenterProfileFieldsGuard: z.ZodArray<z.ZodObject<{
|
|
71
|
+
name: z.ZodString;
|
|
72
|
+
}, "strip", z.ZodTypeAny, {
|
|
73
|
+
name: string;
|
|
74
|
+
}, {
|
|
75
|
+
name: string;
|
|
76
|
+
}>, "many">;
|
|
77
|
+
export type AccountCenterProfileFields = z.infer<typeof accountCenterProfileFieldsGuard>;
|
|
78
|
+
export declare const deleteAccountUrlGuard: z.ZodEffects<z.ZodString, string, string>;
|
|
@@ -26,3 +26,15 @@ export const accountCenterFieldControlGuard = z
|
|
|
26
26
|
})
|
|
27
27
|
.partial();
|
|
28
28
|
export const webauthnRelatedOriginsGuard = z.array(z.string());
|
|
29
|
+
export const accountCenterProfileFieldItemGuard = z.object({
|
|
30
|
+
name: z.string(),
|
|
31
|
+
});
|
|
32
|
+
export const accountCenterProfileFieldsGuard = z.array(accountCenterProfileFieldItemGuard);
|
|
33
|
+
export const deleteAccountUrlGuard = z
|
|
34
|
+
.string()
|
|
35
|
+
.max(2048)
|
|
36
|
+
.refine((value) => value === '' ||
|
|
37
|
+
((value.startsWith('https://') || value.startsWith('http://')) &&
|
|
38
|
+
z.string().url().safeParse(value).success), {
|
|
39
|
+
message: 'deleteAccountUrl must be a valid http(s) URL',
|
|
40
|
+
});
|
|
@@ -217,6 +217,7 @@ export declare const protectedAppMetadataGuard: z.ZodObject<{
|
|
|
217
217
|
}, {
|
|
218
218
|
path: string;
|
|
219
219
|
}>, "many">;
|
|
220
|
+
additionalScopes: z.ZodOptional<z.ZodArray<z.ZodEnum<[import("@logto/core-kit").UserScope.CustomData, import("@logto/core-kit").UserScope.Identities, import("@logto/core-kit").UserScope.Roles, import("@logto/core-kit").UserScope.Organizations, import("@logto/core-kit").UserScope.OrganizationRoles]>, "many">>;
|
|
220
221
|
customDomains: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
221
222
|
domain: z.ZodString;
|
|
222
223
|
status: z.ZodNativeEnum<typeof import("./custom-domain.js").DomainStatus>;
|
|
@@ -327,6 +328,7 @@ export declare const protectedAppMetadataGuard: z.ZodObject<{
|
|
|
327
328
|
pageRules: {
|
|
328
329
|
path: string;
|
|
329
330
|
}[];
|
|
331
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
330
332
|
customDomains?: {
|
|
331
333
|
status: import("./custom-domain.js").DomainStatus;
|
|
332
334
|
domain: string;
|
|
@@ -355,6 +357,7 @@ export declare const protectedAppMetadataGuard: z.ZodObject<{
|
|
|
355
357
|
pageRules: {
|
|
356
358
|
path: string;
|
|
357
359
|
}[];
|
|
360
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
358
361
|
customDomains?: {
|
|
359
362
|
status: import("./custom-domain.js").DomainStatus;
|
|
360
363
|
domain: string;
|
|
@@ -1,5 +1,7 @@
|
|
|
1
|
+
import { protectedAppAdditionalScopes } from '@logto/core-kit';
|
|
1
2
|
import { z } from 'zod';
|
|
2
3
|
import { cloudflareDataGuard, domainDnsRecordsGuard, domainStatusGuard } from './custom-domain.js';
|
|
4
|
+
const protectedAppAdditionalScopeGuard = z.enum(protectedAppAdditionalScopes);
|
|
3
5
|
export const customDomainGuard = z.object({
|
|
4
6
|
/* The domain name, e.g app.example.com */
|
|
5
7
|
domain: z.string(),
|
|
@@ -24,6 +26,8 @@ export const protectedAppMetadataGuard = z.object({
|
|
|
24
26
|
/* The path pattern (regex) to match */
|
|
25
27
|
path: z.string(),
|
|
26
28
|
})),
|
|
29
|
+
/* Additional scopes requested by protected app sign-in */
|
|
30
|
+
additionalScopes: z.array(protectedAppAdditionalScopeGuard).optional(),
|
|
27
31
|
/* Custom domain */
|
|
28
32
|
customDomains: customDomainsGuard.optional(),
|
|
29
33
|
});
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { UserScope } from '@logto/core-kit';
|
|
2
|
+
import { describe, expect, it } from 'vitest';
|
|
3
|
+
import { protectedAppMetadataGuard } from './applications.js';
|
|
4
|
+
const protectedAppMetadata = {
|
|
5
|
+
host: 'example.com',
|
|
6
|
+
origin: 'https://example.com',
|
|
7
|
+
sessionDuration: 3600,
|
|
8
|
+
pageRules: [],
|
|
9
|
+
};
|
|
10
|
+
describe('protectedAppMetadataGuard', () => {
|
|
11
|
+
it('accepts additional scopes with extended ID token claims', () => {
|
|
12
|
+
expect(protectedAppMetadataGuard.safeParse({
|
|
13
|
+
...protectedAppMetadata,
|
|
14
|
+
additionalScopes: [UserScope.CustomData],
|
|
15
|
+
}).success).toBe(true);
|
|
16
|
+
});
|
|
17
|
+
it('rejects additional scopes without extended ID token claims', () => {
|
|
18
|
+
expect(protectedAppMetadataGuard.safeParse({
|
|
19
|
+
...protectedAppMetadata,
|
|
20
|
+
additionalScopes: [UserScope.Sessions],
|
|
21
|
+
}).success).toBe(false);
|
|
22
|
+
});
|
|
23
|
+
});
|
|
@@ -415,4 +415,30 @@ export declare const passkeySignInGuard: z.ZodObject<{
|
|
|
415
415
|
showPasskeyButton?: boolean | undefined;
|
|
416
416
|
allowAutofill?: boolean | undefined;
|
|
417
417
|
}>;
|
|
418
|
-
|
|
418
|
+
/**
|
|
419
|
+
* Configuration for which custom profile fields are shown on the sign-up page and in which order.
|
|
420
|
+
*
|
|
421
|
+
* The list is a pure projection over the catalog in `custom_profile_fields` — each entry references
|
|
422
|
+
* an existing field by name. Fields in the catalog but not in this list are not collected during
|
|
423
|
+
* sign-up. This enables reusing the same catalog for other surfaces (e.g. account center) without
|
|
424
|
+
* affecting sign-up.
|
|
425
|
+
*/
|
|
426
|
+
export type SignUpProfileFieldItem = {
|
|
427
|
+
name: string;
|
|
428
|
+
};
|
|
429
|
+
export declare const signUpProfileFieldItemGuard: z.ZodObject<{
|
|
430
|
+
name: z.ZodString;
|
|
431
|
+
}, "strip", z.ZodTypeAny, {
|
|
432
|
+
name: string;
|
|
433
|
+
}, {
|
|
434
|
+
name: string;
|
|
435
|
+
}>;
|
|
436
|
+
export declare const signUpProfileFieldsGuard: z.ZodArray<z.ZodObject<{
|
|
437
|
+
name: z.ZodString;
|
|
438
|
+
}, "strip", z.ZodTypeAny, {
|
|
439
|
+
name: string;
|
|
440
|
+
}, {
|
|
441
|
+
name: string;
|
|
442
|
+
}>, "many">;
|
|
443
|
+
export type SignUpProfileFields = z.infer<typeof signUpProfileFieldsGuard>;
|
|
444
|
+
export { customUiCspGuard, type CustomUiCsp } from '@logto/core-kit';
|
|
@@ -138,3 +138,8 @@ export const passkeySignInGuard = z
|
|
|
138
138
|
allowAutofill: z.boolean(),
|
|
139
139
|
})
|
|
140
140
|
.partial();
|
|
141
|
+
export const signUpProfileFieldItemGuard = z.object({
|
|
142
|
+
name: z.string(),
|
|
143
|
+
});
|
|
144
|
+
export const signUpProfileFieldsGuard = z.array(signUpProfileFieldItemGuard);
|
|
145
|
+
export { customUiCspGuard } from '@logto/core-kit';
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { describe, expect, it } from 'vitest';
|
|
2
|
+
import { customUiCspGuard } from './sign-in-experience.js';
|
|
3
|
+
describe('customUiCspGuard', () => {
|
|
4
|
+
it.each([
|
|
5
|
+
{},
|
|
6
|
+
{ scriptSrc: ['https://example.com'] },
|
|
7
|
+
{ connectSrc: ['https://api.example.com'] },
|
|
8
|
+
{
|
|
9
|
+
scriptSrc: ['https://example.com'],
|
|
10
|
+
connectSrc: ['https://api.example.com'],
|
|
11
|
+
},
|
|
12
|
+
])('accepts %p', (value) => {
|
|
13
|
+
expect(customUiCspGuard.safeParse(value).success).toBe(true);
|
|
14
|
+
});
|
|
15
|
+
it('rejects unsupported directives', () => {
|
|
16
|
+
expect(customUiCspGuard.safeParse({ imgSrc: ['https://example.com'] }).success).toBe(false);
|
|
17
|
+
});
|
|
18
|
+
});
|
package/lib/seeds/application.js
CHANGED
|
@@ -21,6 +21,7 @@ const buildSpaApplicationData = (tenantId, { id, name, description, }) => ({
|
|
|
21
21
|
customClientMetadata: {},
|
|
22
22
|
protectedAppMetadata: null,
|
|
23
23
|
isThirdParty: false,
|
|
24
|
+
appLevelAccessControlEnabled: false,
|
|
24
25
|
createdAt: 0,
|
|
25
26
|
customData: {},
|
|
26
27
|
});
|
|
@@ -45,6 +46,7 @@ const buildNativeApplicationData = (tenantId, { id, name, description, }) => ({
|
|
|
45
46
|
customClientMetadata: { isDeviceFlow: true },
|
|
46
47
|
protectedAppMetadata: null,
|
|
47
48
|
isThirdParty: false,
|
|
49
|
+
appLevelAccessControlEnabled: false,
|
|
48
50
|
createdAt: 0,
|
|
49
51
|
customData: {},
|
|
50
52
|
});
|
|
@@ -3,4 +3,16 @@ export declare const defaultPrimaryColor = "#6139F6";
|
|
|
3
3
|
export declare const createDefaultSignInExperience: (forTenantId: string, isCloud: boolean) => Readonly<CreateSignInExperience>;
|
|
4
4
|
/** @deprecated Use `createDefaultSignInExperience()` instead. */
|
|
5
5
|
export declare const defaultSignInExperience: Readonly<CreateSignInExperience>;
|
|
6
|
-
export
|
|
6
|
+
export type AdminSignInExperienceSeedOptions = {
|
|
7
|
+
/**
|
|
8
|
+
* When true, the seeded admin-tenant `passwordPolicy` explicitly disables the
|
|
9
|
+
* HaveIBeenPwned (HIBP) breach check by setting `rejects.pwned = false`. Intended
|
|
10
|
+
* for air-gapped or offline OSS deployments where `api.pwnedpasswords.com` is
|
|
11
|
+
* unreachable; otherwise the first admin sign-up will hang on the breach check.
|
|
12
|
+
*
|
|
13
|
+
* Defaults to `false`, which preserves the historical seeded value (`{}`) and lets
|
|
14
|
+
* the runtime fall back to the default policy (HIBP check enabled).
|
|
15
|
+
*/
|
|
16
|
+
disablePwnedPasswordCheck?: boolean;
|
|
17
|
+
};
|
|
18
|
+
export declare const createAdminTenantSignInExperience: (options?: AdminSignInExperienceSeedOptions) => Readonly<CreateSignInExperience>;
|
|
@@ -50,7 +50,7 @@ export const createDefaultSignInExperience = (forTenantId, isCloud) => Object.fr
|
|
|
50
50
|
});
|
|
51
51
|
/** @deprecated Use `createDefaultSignInExperience()` instead. */
|
|
52
52
|
export const defaultSignInExperience = createDefaultSignInExperience(defaultTenantId, false);
|
|
53
|
-
export const createAdminTenantSignInExperience = () => Object.freeze({
|
|
53
|
+
export const createAdminTenantSignInExperience = (options = {}) => Object.freeze({
|
|
54
54
|
...defaultSignInExperience,
|
|
55
55
|
tenantId: adminTenantId,
|
|
56
56
|
color: {
|
|
@@ -62,6 +62,15 @@ export const createAdminTenantSignInExperience = () => Object.freeze({
|
|
|
62
62
|
logoUrl: 'https://logto.io/logo.svg',
|
|
63
63
|
darkLogoUrl: 'https://logto.io/logo-dark.svg',
|
|
64
64
|
},
|
|
65
|
+
passwordPolicy: options.disablePwnedPasswordCheck
|
|
66
|
+
? {
|
|
67
|
+
...defaultSignInExperience.passwordPolicy,
|
|
68
|
+
rejects: {
|
|
69
|
+
...defaultSignInExperience.passwordPolicy?.rejects,
|
|
70
|
+
pwned: false,
|
|
71
|
+
},
|
|
72
|
+
}
|
|
73
|
+
: defaultSignInExperience.passwordPolicy,
|
|
65
74
|
mfa: {
|
|
66
75
|
factors: [MfaFactor.TOTP, MfaFactor.WebAuthn, MfaFactor.BackupCode],
|
|
67
76
|
policy: MfaPolicy.NoPrompt,
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|