@logto/schemas 1.38.0 → 1.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/alterations/1.39.0-1774752400-add-delete-account-url.ts +20 -0
- package/alterations/1.39.0-1774770686-add-account-center-custom-css.ts +20 -0
- package/alterations/1.39.0-1776502301-add-sign-up-profile-fields.ts +20 -0
- package/alterations/1.40.0-1776516232-add-account-center-profile-fields.ts +20 -0
- package/alterations/1.40.0-1778318116-add-custom-ui-csp-to-sie.ts +20 -0
- package/alterations/1.40.0-1778500000-add-organization-user-relations-user-id-index.ts +41 -0
- package/alterations/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.ts +43 -0
- package/alterations/1.40.0-1779421396-add-application-access-control-schema.ts +90 -0
- package/alterations-js/1.39.0-1774752400-add-delete-account-url.js +16 -0
- package/alterations-js/1.39.0-1774770686-add-account-center-custom-css.js +16 -0
- package/alterations-js/1.39.0-1776502301-add-sign-up-profile-fields.js +16 -0
- package/alterations-js/1.40.0-1776516232-add-account-center-profile-fields.js +16 -0
- package/alterations-js/1.40.0-1778318116-add-custom-ui-csp-to-sie.js +16 -0
- package/alterations-js/1.40.0-1778500000-add-organization-user-relations-user-id-index.js +37 -0
- package/alterations-js/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.js +39 -0
- package/alterations-js/1.40.0-1779421396-add-application-access-control-schema.js +82 -0
- package/lib/consts/application.d.ts +1 -0
- package/lib/consts/application.js +1 -0
- package/lib/consts/index.d.ts +1 -0
- package/lib/consts/index.js +1 -0
- package/lib/db-entries/account-center.d.ts +14 -2
- package/lib/db-entries/account-center.js +13 -1
- package/lib/db-entries/application-access-control-org-role-relation.d.ts +22 -0
- package/lib/db-entries/application-access-control-org-role-relation.js +33 -0
- package/lib/db-entries/application-access-control-organization-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-organization-relation.js +29 -0
- package/lib/db-entries/application-access-control-user-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-user-relation.js +29 -0
- package/lib/db-entries/application-access-control-user-role-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-user-role-relation.js +29 -0
- package/lib/db-entries/application.d.ts +3 -1
- package/lib/db-entries/application.js +4 -0
- package/lib/db-entries/index.d.ts +4 -0
- package/lib/db-entries/index.js +4 -0
- package/lib/db-entries/sign-in-experience.d.ts +8 -2
- package/lib/db-entries/sign-in-experience.js +9 -1
- package/lib/foundations/jsonb-types/account-centers.d.ts +27 -0
- package/lib/foundations/jsonb-types/account-centers.js +12 -0
- package/lib/foundations/jsonb-types/applications.d.ts +3 -0
- package/lib/foundations/jsonb-types/applications.js +4 -0
- package/lib/foundations/jsonb-types/applications.test.d.ts +1 -0
- package/lib/foundations/jsonb-types/applications.test.js +23 -0
- package/lib/foundations/jsonb-types/sign-in-experience.d.ts +27 -1
- package/lib/foundations/jsonb-types/sign-in-experience.js +5 -0
- package/lib/foundations/jsonb-types/sign-in-experience.test.d.ts +1 -0
- package/lib/foundations/jsonb-types/sign-in-experience.test.js +18 -0
- package/lib/seeds/application.js +2 -0
- package/lib/seeds/sign-in-experience.d.ts +13 -1
- package/lib/seeds/sign-in-experience.js +10 -1
- package/lib/seeds/sign-in-experience.test.d.ts +1 -0
- package/lib/seeds/sign-in-experience.test.js +27 -0
- package/lib/types/alteration.d.ts +5 -0
- package/lib/types/application.d.ts +101 -2
- package/lib/types/application.js +55 -0
- package/lib/types/application.test.d.ts +1 -0
- package/lib/types/application.test.js +120 -0
- package/lib/types/consent.d.ts +6 -0
- package/lib/types/custom-profile-fields.d.ts +7 -13
- package/lib/types/custom-profile-fields.js +6 -13
- package/lib/types/logto-config/index.d.ts +93 -2
- package/lib/types/logto-config/index.js +22 -4
- package/lib/types/logto-config/index.test.d.ts +1 -0
- package/lib/types/logto-config/index.test.js +29 -0
- package/lib/types/logto-config/jwt-customizer.d.ts +74 -0
- package/lib/types/logto-config/jwt-customizer.js +1 -0
- package/lib/types/logto-config/jwt-customizer.test.js +14 -2
- package/lib/types/onboarding.d.ts +93 -1
- package/lib/types/onboarding.js +22 -1
- package/lib/types/saml-application.d.ts +3 -0
- package/lib/types/sign-in-experience.d.ts +23 -2
- package/lib/types/sign-in-experience.js +1 -0
- package/lib/types/system.d.ts +46 -7
- package/lib/types/system.js +9 -0
- package/lib/types/user-assets.d.ts +1 -1
- package/lib/types/user-logto-config.d.ts +11 -0
- package/lib/types/user-logto-config.js +6 -0
- package/lib/types/user-sessions.d.ts +2516 -0
- package/lib/types/user-sessions.js +21 -0
- package/lib/utils/index.d.ts +1 -0
- package/lib/utils/index.js +1 -0
- package/lib/utils/oidc-private-key.d.ts +88 -0
- package/lib/utils/oidc-private-key.js +163 -0
- package/lib/utils/oidc-private-key.test.d.ts +1 -0
- package/lib/utils/oidc-private-key.test.js +128 -0
- package/package.json +6 -6
- package/tables/account_centers.sql +6 -0
- package/tables/application_access_control_org_role_relations.sql +16 -0
- package/tables/application_access_control_organization_relations.sql +12 -0
- package/tables/application_access_control_user_relations.sql +12 -0
- package/tables/application_access_control_user_role_relations.sql +14 -0
- package/tables/applications.sql +1 -0
- package/tables/organization_role_user_relations.sql +3 -0
- package/tables/organization_user_relations.sql +3 -0
- package/tables/sign_in_experiences.sql +3 -0
|
@@ -41,6 +41,29 @@ export declare const oidcConfigKeyGuard: z.ZodObject<{
|
|
|
41
41
|
createdAt: number;
|
|
42
42
|
}>;
|
|
43
43
|
export type OidcConfigKey = z.infer<typeof oidcConfigKeyGuard>;
|
|
44
|
+
export declare enum OidcSigningKeyStatus {
|
|
45
|
+
Next = "Next",
|
|
46
|
+
Current = "Current",
|
|
47
|
+
Previous = "Previous"
|
|
48
|
+
}
|
|
49
|
+
export declare const oidcPrivateKeyGuard: z.ZodObject<{
|
|
50
|
+
id: z.ZodString;
|
|
51
|
+
value: z.ZodString;
|
|
52
|
+
createdAt: z.ZodNumber;
|
|
53
|
+
} & {
|
|
54
|
+
status: z.ZodOptional<z.ZodNativeEnum<typeof OidcSigningKeyStatus>>;
|
|
55
|
+
}, "strip", z.ZodTypeAny, {
|
|
56
|
+
value: string;
|
|
57
|
+
id: string;
|
|
58
|
+
createdAt: number;
|
|
59
|
+
status?: OidcSigningKeyStatus | undefined;
|
|
60
|
+
}, {
|
|
61
|
+
value: string;
|
|
62
|
+
id: string;
|
|
63
|
+
createdAt: number;
|
|
64
|
+
status?: OidcSigningKeyStatus | undefined;
|
|
65
|
+
}>;
|
|
66
|
+
export type OidcPrivateKey = z.infer<typeof oidcPrivateKeyGuard>;
|
|
44
67
|
export declare const oidcSessionConfigGuard: z.ZodObject<{
|
|
45
68
|
ttl: z.ZodOptional<z.ZodNumber>;
|
|
46
69
|
}, "strip", z.ZodTypeAny, {
|
|
@@ -50,7 +73,7 @@ export declare const oidcSessionConfigGuard: z.ZodObject<{
|
|
|
50
73
|
}>;
|
|
51
74
|
export type OidcSessionConfig = z.infer<typeof oidcSessionConfigGuard>;
|
|
52
75
|
export type LogtoOidcConfigType = {
|
|
53
|
-
[LogtoOidcConfigKey.PrivateKeys]:
|
|
76
|
+
[LogtoOidcConfigKey.PrivateKeys]: OidcPrivateKey[];
|
|
54
77
|
[LogtoOidcConfigKey.CookieKeys]: OidcConfigKey[];
|
|
55
78
|
[LogtoOidcConfigKey.Session]: OidcSessionConfig;
|
|
56
79
|
};
|
|
@@ -73,6 +96,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
73
96
|
value: z.ZodObject<{
|
|
74
97
|
script: z.ZodString;
|
|
75
98
|
environmentVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
99
|
+
blockIssuanceOnError: z.ZodOptional<z.ZodBoolean>;
|
|
76
100
|
} & {
|
|
77
101
|
tokenSample: z.ZodOptional<z.ZodObject<{
|
|
78
102
|
accountId: z.ZodOptional<z.ZodString>;
|
|
@@ -1246,6 +1270,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1246
1270
|
pageRules: {
|
|
1247
1271
|
path: string;
|
|
1248
1272
|
}[];
|
|
1273
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1249
1274
|
customDomains?: {
|
|
1250
1275
|
status: import("../../index.js").DomainStatus;
|
|
1251
1276
|
domain: string;
|
|
@@ -1274,6 +1299,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1274
1299
|
pageRules: {
|
|
1275
1300
|
path: string;
|
|
1276
1301
|
}[];
|
|
1302
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1277
1303
|
customDomains?: {
|
|
1278
1304
|
status: import("../../index.js").DomainStatus;
|
|
1279
1305
|
domain: string;
|
|
@@ -1297,6 +1323,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1297
1323
|
}[] | undefined;
|
|
1298
1324
|
} | null>>;
|
|
1299
1325
|
isThirdParty: z.ZodOptional<ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
1326
|
+
appLevelAccessControlEnabled: z.ZodOptional<ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
1300
1327
|
}, "strip", z.ZodTypeAny, {
|
|
1301
1328
|
type?: import("../../index.js").ApplicationType | undefined;
|
|
1302
1329
|
name?: string | undefined;
|
|
@@ -1325,6 +1352,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1325
1352
|
pageRules: {
|
|
1326
1353
|
path: string;
|
|
1327
1354
|
}[];
|
|
1355
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1328
1356
|
customDomains?: {
|
|
1329
1357
|
status: import("../../index.js").DomainStatus;
|
|
1330
1358
|
domain: string;
|
|
@@ -1348,6 +1376,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1348
1376
|
}[] | undefined;
|
|
1349
1377
|
} | null | undefined;
|
|
1350
1378
|
isThirdParty?: boolean | undefined;
|
|
1379
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1351
1380
|
}, {
|
|
1352
1381
|
type?: import("../../index.js").ApplicationType | undefined;
|
|
1353
1382
|
name?: string | undefined;
|
|
@@ -1376,6 +1405,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1376
1405
|
pageRules: {
|
|
1377
1406
|
path: string;
|
|
1378
1407
|
}[];
|
|
1408
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1379
1409
|
customDomains?: {
|
|
1380
1410
|
status: import("../../index.js").DomainStatus;
|
|
1381
1411
|
domain: string;
|
|
@@ -1399,6 +1429,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1399
1429
|
}[] | undefined;
|
|
1400
1430
|
} | null | undefined;
|
|
1401
1431
|
isThirdParty?: boolean | undefined;
|
|
1432
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1402
1433
|
}>>;
|
|
1403
1434
|
}, "strip", z.ZodTypeAny, {
|
|
1404
1435
|
user: {
|
|
@@ -1497,6 +1528,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1497
1528
|
pageRules: {
|
|
1498
1529
|
path: string;
|
|
1499
1530
|
}[];
|
|
1531
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1500
1532
|
customDomains?: {
|
|
1501
1533
|
status: import("../../index.js").DomainStatus;
|
|
1502
1534
|
domain: string;
|
|
@@ -1520,6 +1552,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1520
1552
|
}[] | undefined;
|
|
1521
1553
|
} | null | undefined;
|
|
1522
1554
|
isThirdParty?: boolean | undefined;
|
|
1555
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1523
1556
|
} | undefined;
|
|
1524
1557
|
grant?: {
|
|
1525
1558
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -1737,6 +1770,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1737
1770
|
pageRules: {
|
|
1738
1771
|
path: string;
|
|
1739
1772
|
}[];
|
|
1773
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1740
1774
|
customDomains?: {
|
|
1741
1775
|
status: import("../../index.js").DomainStatus;
|
|
1742
1776
|
domain: string;
|
|
@@ -1760,6 +1794,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1760
1794
|
}[] | undefined;
|
|
1761
1795
|
} | null | undefined;
|
|
1762
1796
|
isThirdParty?: boolean | undefined;
|
|
1797
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1763
1798
|
} | undefined;
|
|
1764
1799
|
grant?: {
|
|
1765
1800
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -1981,6 +2016,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1981
2016
|
pageRules: {
|
|
1982
2017
|
path: string;
|
|
1983
2018
|
}[];
|
|
2019
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1984
2020
|
customDomains?: {
|
|
1985
2021
|
status: import("../../index.js").DomainStatus;
|
|
1986
2022
|
domain: string;
|
|
@@ -2004,6 +2040,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2004
2040
|
}[] | undefined;
|
|
2005
2041
|
} | null | undefined;
|
|
2006
2042
|
isThirdParty?: boolean | undefined;
|
|
2043
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2007
2044
|
} | undefined;
|
|
2008
2045
|
grant?: {
|
|
2009
2046
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -2125,6 +2162,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2125
2162
|
signInContext?: Record<string, string> | undefined;
|
|
2126
2163
|
} | undefined;
|
|
2127
2164
|
} | undefined;
|
|
2165
|
+
blockIssuanceOnError?: boolean | undefined;
|
|
2128
2166
|
tokenSample?: {
|
|
2129
2167
|
grantId?: string | undefined;
|
|
2130
2168
|
sid?: string | undefined;
|
|
@@ -2238,6 +2276,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2238
2276
|
pageRules: {
|
|
2239
2277
|
path: string;
|
|
2240
2278
|
}[];
|
|
2279
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
2241
2280
|
customDomains?: {
|
|
2242
2281
|
status: import("../../index.js").DomainStatus;
|
|
2243
2282
|
domain: string;
|
|
@@ -2261,6 +2300,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2261
2300
|
}[] | undefined;
|
|
2262
2301
|
} | null | undefined;
|
|
2263
2302
|
isThirdParty?: boolean | undefined;
|
|
2303
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2264
2304
|
} | undefined;
|
|
2265
2305
|
grant?: {
|
|
2266
2306
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -2382,6 +2422,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2382
2422
|
signInContext?: Record<string, string> | undefined;
|
|
2383
2423
|
} | undefined;
|
|
2384
2424
|
} | undefined;
|
|
2425
|
+
blockIssuanceOnError?: boolean | undefined;
|
|
2385
2426
|
tokenSample?: {
|
|
2386
2427
|
grantId?: string | undefined;
|
|
2387
2428
|
sid?: string | undefined;
|
|
@@ -2497,6 +2538,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2497
2538
|
pageRules: {
|
|
2498
2539
|
path: string;
|
|
2499
2540
|
}[];
|
|
2541
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
2500
2542
|
customDomains?: {
|
|
2501
2543
|
status: import("../../index.js").DomainStatus;
|
|
2502
2544
|
domain: string;
|
|
@@ -2520,6 +2562,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2520
2562
|
}[] | undefined;
|
|
2521
2563
|
} | null | undefined;
|
|
2522
2564
|
isThirdParty?: boolean | undefined;
|
|
2565
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2523
2566
|
} | undefined;
|
|
2524
2567
|
grant?: {
|
|
2525
2568
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -2641,6 +2684,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2641
2684
|
signInContext?: Record<string, string> | undefined;
|
|
2642
2685
|
} | undefined;
|
|
2643
2686
|
} | undefined;
|
|
2687
|
+
blockIssuanceOnError?: boolean | undefined;
|
|
2644
2688
|
tokenSample?: {
|
|
2645
2689
|
grantId?: string | undefined;
|
|
2646
2690
|
sid?: string | undefined;
|
|
@@ -2757,6 +2801,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2757
2801
|
pageRules: {
|
|
2758
2802
|
path: string;
|
|
2759
2803
|
}[];
|
|
2804
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
2760
2805
|
customDomains?: {
|
|
2761
2806
|
status: import("../../index.js").DomainStatus;
|
|
2762
2807
|
domain: string;
|
|
@@ -2780,6 +2825,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2780
2825
|
}[] | undefined;
|
|
2781
2826
|
} | null | undefined;
|
|
2782
2827
|
isThirdParty?: boolean | undefined;
|
|
2828
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2783
2829
|
} | undefined;
|
|
2784
2830
|
grant?: {
|
|
2785
2831
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -2901,6 +2947,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2901
2947
|
signInContext?: Record<string, string> | undefined;
|
|
2902
2948
|
} | undefined;
|
|
2903
2949
|
} | undefined;
|
|
2950
|
+
blockIssuanceOnError?: boolean | undefined;
|
|
2904
2951
|
tokenSample?: {
|
|
2905
2952
|
grantId?: string | undefined;
|
|
2906
2953
|
sid?: string | undefined;
|
|
@@ -2921,6 +2968,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2921
2968
|
value: z.ZodObject<{
|
|
2922
2969
|
script: z.ZodString;
|
|
2923
2970
|
environmentVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
2971
|
+
blockIssuanceOnError: z.ZodOptional<z.ZodBoolean>;
|
|
2924
2972
|
} & {
|
|
2925
2973
|
tokenSample: z.ZodOptional<z.ZodObject<{
|
|
2926
2974
|
kind: z.ZodOptional<z.ZodLiteral<"ClientCredentials">>;
|
|
@@ -2981,6 +3029,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2981
3029
|
pageRules: {
|
|
2982
3030
|
path: string;
|
|
2983
3031
|
}[];
|
|
3032
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
2984
3033
|
customDomains?: {
|
|
2985
3034
|
status: import("../../index.js").DomainStatus;
|
|
2986
3035
|
domain: string;
|
|
@@ -3009,6 +3058,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3009
3058
|
pageRules: {
|
|
3010
3059
|
path: string;
|
|
3011
3060
|
}[];
|
|
3061
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3012
3062
|
customDomains?: {
|
|
3013
3063
|
status: import("../../index.js").DomainStatus;
|
|
3014
3064
|
domain: string;
|
|
@@ -3032,6 +3082,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3032
3082
|
}[] | undefined;
|
|
3033
3083
|
} | null>>;
|
|
3034
3084
|
isThirdParty: z.ZodOptional<ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
3085
|
+
appLevelAccessControlEnabled: z.ZodOptional<ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
3035
3086
|
}, "strip", z.ZodTypeAny, {
|
|
3036
3087
|
type?: import("../../index.js").ApplicationType | undefined;
|
|
3037
3088
|
name?: string | undefined;
|
|
@@ -3060,6 +3111,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3060
3111
|
pageRules: {
|
|
3061
3112
|
path: string;
|
|
3062
3113
|
}[];
|
|
3114
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3063
3115
|
customDomains?: {
|
|
3064
3116
|
status: import("../../index.js").DomainStatus;
|
|
3065
3117
|
domain: string;
|
|
@@ -3083,6 +3135,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3083
3135
|
}[] | undefined;
|
|
3084
3136
|
} | null | undefined;
|
|
3085
3137
|
isThirdParty?: boolean | undefined;
|
|
3138
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3086
3139
|
}, {
|
|
3087
3140
|
type?: import("../../index.js").ApplicationType | undefined;
|
|
3088
3141
|
name?: string | undefined;
|
|
@@ -3111,6 +3164,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3111
3164
|
pageRules: {
|
|
3112
3165
|
path: string;
|
|
3113
3166
|
}[];
|
|
3167
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3114
3168
|
customDomains?: {
|
|
3115
3169
|
status: import("../../index.js").DomainStatus;
|
|
3116
3170
|
domain: string;
|
|
@@ -3134,6 +3188,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3134
3188
|
}[] | undefined;
|
|
3135
3189
|
} | null | undefined;
|
|
3136
3190
|
isThirdParty?: boolean | undefined;
|
|
3191
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3137
3192
|
}>>;
|
|
3138
3193
|
}, "strip", z.ZodTypeAny, {
|
|
3139
3194
|
application?: {
|
|
@@ -3164,6 +3219,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3164
3219
|
pageRules: {
|
|
3165
3220
|
path: string;
|
|
3166
3221
|
}[];
|
|
3222
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3167
3223
|
customDomains?: {
|
|
3168
3224
|
status: import("../../index.js").DomainStatus;
|
|
3169
3225
|
domain: string;
|
|
@@ -3187,6 +3243,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3187
3243
|
}[] | undefined;
|
|
3188
3244
|
} | null | undefined;
|
|
3189
3245
|
isThirdParty?: boolean | undefined;
|
|
3246
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3190
3247
|
} | undefined;
|
|
3191
3248
|
}, {
|
|
3192
3249
|
application?: {
|
|
@@ -3217,6 +3274,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3217
3274
|
pageRules: {
|
|
3218
3275
|
path: string;
|
|
3219
3276
|
}[];
|
|
3277
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3220
3278
|
customDomains?: {
|
|
3221
3279
|
status: import("../../index.js").DomainStatus;
|
|
3222
3280
|
domain: string;
|
|
@@ -3240,6 +3298,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3240
3298
|
}[] | undefined;
|
|
3241
3299
|
} | null | undefined;
|
|
3242
3300
|
isThirdParty?: boolean | undefined;
|
|
3301
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3243
3302
|
} | undefined;
|
|
3244
3303
|
}>>;
|
|
3245
3304
|
}, "strict", z.ZodTypeAny, {
|
|
@@ -3274,6 +3333,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3274
3333
|
pageRules: {
|
|
3275
3334
|
path: string;
|
|
3276
3335
|
}[];
|
|
3336
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3277
3337
|
customDomains?: {
|
|
3278
3338
|
status: import("../../index.js").DomainStatus;
|
|
3279
3339
|
domain: string;
|
|
@@ -3297,8 +3357,10 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3297
3357
|
}[] | undefined;
|
|
3298
3358
|
} | null | undefined;
|
|
3299
3359
|
isThirdParty?: boolean | undefined;
|
|
3360
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3300
3361
|
} | undefined;
|
|
3301
3362
|
} | undefined;
|
|
3363
|
+
blockIssuanceOnError?: boolean | undefined;
|
|
3302
3364
|
tokenSample?: {
|
|
3303
3365
|
jti?: string | undefined;
|
|
3304
3366
|
kind?: "ClientCredentials" | undefined;
|
|
@@ -3338,6 +3400,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3338
3400
|
pageRules: {
|
|
3339
3401
|
path: string;
|
|
3340
3402
|
}[];
|
|
3403
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3341
3404
|
customDomains?: {
|
|
3342
3405
|
status: import("../../index.js").DomainStatus;
|
|
3343
3406
|
domain: string;
|
|
@@ -3361,8 +3424,10 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3361
3424
|
}[] | undefined;
|
|
3362
3425
|
} | null | undefined;
|
|
3363
3426
|
isThirdParty?: boolean | undefined;
|
|
3427
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3364
3428
|
} | undefined;
|
|
3365
3429
|
} | undefined;
|
|
3430
|
+
blockIssuanceOnError?: boolean | undefined;
|
|
3366
3431
|
tokenSample?: {
|
|
3367
3432
|
jti?: string | undefined;
|
|
3368
3433
|
kind?: "ClientCredentials" | undefined;
|
|
@@ -3404,6 +3469,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3404
3469
|
pageRules: {
|
|
3405
3470
|
path: string;
|
|
3406
3471
|
}[];
|
|
3472
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3407
3473
|
customDomains?: {
|
|
3408
3474
|
status: import("../../index.js").DomainStatus;
|
|
3409
3475
|
domain: string;
|
|
@@ -3427,8 +3493,10 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3427
3493
|
}[] | undefined;
|
|
3428
3494
|
} | null | undefined;
|
|
3429
3495
|
isThirdParty?: boolean | undefined;
|
|
3496
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3430
3497
|
} | undefined;
|
|
3431
3498
|
} | undefined;
|
|
3499
|
+
blockIssuanceOnError?: boolean | undefined;
|
|
3432
3500
|
tokenSample?: {
|
|
3433
3501
|
jti?: string | undefined;
|
|
3434
3502
|
kind?: "ClientCredentials" | undefined;
|
|
@@ -3471,6 +3539,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3471
3539
|
pageRules: {
|
|
3472
3540
|
path: string;
|
|
3473
3541
|
}[];
|
|
3542
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3474
3543
|
customDomains?: {
|
|
3475
3544
|
status: import("../../index.js").DomainStatus;
|
|
3476
3545
|
domain: string;
|
|
@@ -3494,8 +3563,10 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3494
3563
|
}[] | undefined;
|
|
3495
3564
|
} | null | undefined;
|
|
3496
3565
|
isThirdParty?: boolean | undefined;
|
|
3566
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3497
3567
|
} | undefined;
|
|
3498
3568
|
} | undefined;
|
|
3569
|
+
blockIssuanceOnError?: boolean | undefined;
|
|
3499
3570
|
tokenSample?: {
|
|
3500
3571
|
jti?: string | undefined;
|
|
3501
3572
|
kind?: "ClientCredentials" | undefined;
|
|
@@ -3597,13 +3668,26 @@ export declare const idTokenConfigGuard: z.ZodObject<{
|
|
|
3597
3668
|
enabledExtendedClaims?: ("custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles")[] | undefined;
|
|
3598
3669
|
}>;
|
|
3599
3670
|
export type IdTokenConfig = z.infer<typeof idTokenConfigGuard>;
|
|
3671
|
+
export declare const signingKeyRotationStateGuard: z.ZodObject<{
|
|
3672
|
+
tenantCacheExpiresAt: z.ZodOptional<z.ZodNumber>;
|
|
3673
|
+
signingKeyRotationAt: z.ZodOptional<z.ZodNumber>;
|
|
3674
|
+
}, "strip", z.ZodTypeAny, {
|
|
3675
|
+
tenantCacheExpiresAt?: number | undefined;
|
|
3676
|
+
signingKeyRotationAt?: number | undefined;
|
|
3677
|
+
}, {
|
|
3678
|
+
tenantCacheExpiresAt?: number | undefined;
|
|
3679
|
+
signingKeyRotationAt?: number | undefined;
|
|
3680
|
+
}>;
|
|
3681
|
+
export type SigningKeyRotationState = z.infer<typeof signingKeyRotationStateGuard>;
|
|
3600
3682
|
export declare enum LogtoTenantConfigKey {
|
|
3601
3683
|
AdminConsole = "adminConsole",
|
|
3602
3684
|
CloudConnection = "cloudConnection",
|
|
3603
3685
|
/** The URL to redirect when session not found in Sign-in Experience. */
|
|
3604
3686
|
SessionNotFoundRedirectUrl = "sessionNotFoundRedirectUrl",
|
|
3605
3687
|
/** ID token configuration for extended claims. */
|
|
3606
|
-
IdToken = "idToken"
|
|
3688
|
+
IdToken = "idToken",
|
|
3689
|
+
/** Tenant-scoped rotation state for staged private signing key activation. */
|
|
3690
|
+
SigningKeyRotationState = "signingKeyRotationState"
|
|
3607
3691
|
}
|
|
3608
3692
|
export type LogtoTenantConfigType = {
|
|
3609
3693
|
[LogtoTenantConfigKey.AdminConsole]: AdminConsoleData;
|
|
@@ -3612,6 +3696,7 @@ export type LogtoTenantConfigType = {
|
|
|
3612
3696
|
url: string;
|
|
3613
3697
|
};
|
|
3614
3698
|
[LogtoTenantConfigKey.IdToken]: IdTokenConfig;
|
|
3699
|
+
[LogtoTenantConfigKey.SigningKeyRotationState]: SigningKeyRotationState;
|
|
3615
3700
|
};
|
|
3616
3701
|
export declare const logtoTenantConfigGuard: Readonly<{
|
|
3617
3702
|
[key in LogtoTenantConfigKey]: ZodType<LogtoTenantConfigType[key]>;
|
|
@@ -3627,13 +3712,19 @@ export declare const oidcConfigKeysResponseGuard: z.ZodObject<Omit<{
|
|
|
3627
3712
|
createdAt: z.ZodNumber;
|
|
3628
3713
|
}, "value"> & {
|
|
3629
3714
|
signingKeyAlgorithm: z.ZodOptional<z.ZodNativeEnum<typeof SupportedSigningKeyAlgorithm>>;
|
|
3715
|
+
status: z.ZodOptional<z.ZodNativeEnum<typeof OidcSigningKeyStatus>>;
|
|
3716
|
+
effectiveAt: z.ZodOptional<z.ZodNumber>;
|
|
3630
3717
|
}, "strip", z.ZodTypeAny, {
|
|
3631
3718
|
id: string;
|
|
3632
3719
|
createdAt: number;
|
|
3720
|
+
status?: OidcSigningKeyStatus | undefined;
|
|
3633
3721
|
signingKeyAlgorithm?: SupportedSigningKeyAlgorithm | undefined;
|
|
3722
|
+
effectiveAt?: number | undefined;
|
|
3634
3723
|
}, {
|
|
3635
3724
|
id: string;
|
|
3636
3725
|
createdAt: number;
|
|
3726
|
+
status?: OidcSigningKeyStatus | undefined;
|
|
3637
3727
|
signingKeyAlgorithm?: SupportedSigningKeyAlgorithm | undefined;
|
|
3728
|
+
effectiveAt?: number | undefined;
|
|
3638
3729
|
}>;
|
|
3639
3730
|
export type OidcConfigKeysResponse = z.infer<typeof oidcConfigKeysResponseGuard>;
|
|
@@ -33,11 +33,20 @@ export const oidcConfigKeyGuard = z.object({
|
|
|
33
33
|
value: z.string(),
|
|
34
34
|
createdAt: z.number(),
|
|
35
35
|
});
|
|
36
|
+
export var OidcSigningKeyStatus;
|
|
37
|
+
(function (OidcSigningKeyStatus) {
|
|
38
|
+
OidcSigningKeyStatus["Next"] = "Next";
|
|
39
|
+
OidcSigningKeyStatus["Current"] = "Current";
|
|
40
|
+
OidcSigningKeyStatus["Previous"] = "Previous";
|
|
41
|
+
})(OidcSigningKeyStatus || (OidcSigningKeyStatus = {}));
|
|
42
|
+
export const oidcPrivateKeyGuard = oidcConfigKeyGuard.extend({
|
|
43
|
+
status: z.nativeEnum(OidcSigningKeyStatus).optional(),
|
|
44
|
+
});
|
|
36
45
|
export const oidcSessionConfigGuard = z.object({
|
|
37
46
|
ttl: z.number().int().min(1).max(31_536_000).optional(),
|
|
38
47
|
});
|
|
39
48
|
export const logtoOidcConfigGuard = Object.freeze({
|
|
40
|
-
[LogtoOidcConfigKey.PrivateKeys]:
|
|
49
|
+
[LogtoOidcConfigKey.PrivateKeys]: oidcPrivateKeyGuard.array(),
|
|
41
50
|
[LogtoOidcConfigKey.CookieKeys]: oidcConfigKeyGuard.array(),
|
|
42
51
|
// Session config is optional, if not set, it will fallback to default value in core.
|
|
43
52
|
[LogtoOidcConfigKey.Session]: oidcSessionConfigGuard.nullish().transform((data) => data ?? {}),
|
|
@@ -96,6 +105,10 @@ export const extendedIdTokenClaimsGuard = z.enum(extendedIdTokenClaims);
|
|
|
96
105
|
export const idTokenConfigGuard = z.object({
|
|
97
106
|
enabledExtendedClaims: extendedIdTokenClaimsGuard.array().optional(),
|
|
98
107
|
});
|
|
108
|
+
export const signingKeyRotationStateGuard = z.object({
|
|
109
|
+
tenantCacheExpiresAt: z.number().optional(),
|
|
110
|
+
signingKeyRotationAt: z.number().optional(),
|
|
111
|
+
});
|
|
99
112
|
export var LogtoTenantConfigKey;
|
|
100
113
|
(function (LogtoTenantConfigKey) {
|
|
101
114
|
LogtoTenantConfigKey["AdminConsole"] = "adminConsole";
|
|
@@ -104,12 +117,15 @@ export var LogtoTenantConfigKey;
|
|
|
104
117
|
LogtoTenantConfigKey["SessionNotFoundRedirectUrl"] = "sessionNotFoundRedirectUrl";
|
|
105
118
|
/** ID token configuration for extended claims. */
|
|
106
119
|
LogtoTenantConfigKey["IdToken"] = "idToken";
|
|
120
|
+
/** Tenant-scoped rotation state for staged private signing key activation. */
|
|
121
|
+
LogtoTenantConfigKey["SigningKeyRotationState"] = "signingKeyRotationState";
|
|
107
122
|
})(LogtoTenantConfigKey || (LogtoTenantConfigKey = {}));
|
|
108
123
|
export const logtoTenantConfigGuard = Object.freeze({
|
|
109
124
|
[LogtoTenantConfigKey.AdminConsole]: adminConsoleDataGuard,
|
|
110
125
|
[LogtoTenantConfigKey.CloudConnection]: cloudConnectionDataGuard,
|
|
111
126
|
[LogtoTenantConfigKey.SessionNotFoundRedirectUrl]: z.object({ url: z.string() }),
|
|
112
127
|
[LogtoTenantConfigKey.IdToken]: idTokenConfigGuard,
|
|
128
|
+
[LogtoTenantConfigKey.SigningKeyRotationState]: signingKeyRotationStateGuard,
|
|
113
129
|
});
|
|
114
130
|
export const logtoConfigKeys = Object.freeze([
|
|
115
131
|
...Object.values(LogtoOidcConfigKey),
|
|
@@ -121,6 +137,8 @@ export const logtoConfigGuards = Object.freeze({
|
|
|
121
137
|
...jwtCustomizerConfigGuard,
|
|
122
138
|
...logtoTenantConfigGuard,
|
|
123
139
|
});
|
|
124
|
-
export const oidcConfigKeysResponseGuard = oidcConfigKeyGuard
|
|
125
|
-
.
|
|
126
|
-
|
|
140
|
+
export const oidcConfigKeysResponseGuard = oidcConfigKeyGuard.omit({ value: true }).merge(z.object({
|
|
141
|
+
signingKeyAlgorithm: z.nativeEnum(SupportedSigningKeyAlgorithm).optional(),
|
|
142
|
+
status: z.nativeEnum(OidcSigningKeyStatus).optional(),
|
|
143
|
+
effectiveAt: z.number().optional(),
|
|
144
|
+
}));
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { describe, expect, it } from 'vitest';
|
|
2
|
+
import { LogtoOidcConfigKey, LogtoTenantConfigKey, OidcSigningKeyStatus, logtoOidcConfigGuard, logtoTenantConfigGuard, oidcConfigKeysResponseGuard, } from './index.js';
|
|
3
|
+
describe('logto config guards', () => {
|
|
4
|
+
it('accepts legacy private keys without status', () => {
|
|
5
|
+
const privateKeys = [
|
|
6
|
+
{
|
|
7
|
+
id: 'key_1',
|
|
8
|
+
value: 'private-key-1',
|
|
9
|
+
createdAt: 1_710_000_000_000,
|
|
10
|
+
},
|
|
11
|
+
];
|
|
12
|
+
const result = logtoOidcConfigGuard[LogtoOidcConfigKey.PrivateKeys].safeParse(privateKeys);
|
|
13
|
+
expect(result.success).toBe(true);
|
|
14
|
+
});
|
|
15
|
+
it('accepts signing key status in OIDC key responses', () => {
|
|
16
|
+
const result = oidcConfigKeysResponseGuard.safeParse({
|
|
17
|
+
id: 'key_1',
|
|
18
|
+
createdAt: 1_710_000_000_000,
|
|
19
|
+
status: OidcSigningKeyStatus.Current,
|
|
20
|
+
});
|
|
21
|
+
expect(result.success).toBe(true);
|
|
22
|
+
});
|
|
23
|
+
it('accepts partial signing key rotation state', () => {
|
|
24
|
+
const result = logtoTenantConfigGuard[LogtoTenantConfigKey.SigningKeyRotationState].safeParse({
|
|
25
|
+
signingKeyRotationAt: 1_710_000_000_000,
|
|
26
|
+
});
|
|
27
|
+
expect(result.success).toBe(true);
|
|
28
|
+
});
|
|
29
|
+
});
|