@logto/schemas 1.39.0 → 1.40.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/alterations/1.40.0-1776516232-add-account-center-profile-fields.ts +20 -0
- package/alterations/1.40.0-1778318116-add-custom-ui-csp-to-sie.ts +20 -0
- package/alterations/1.40.0-1778500000-add-organization-user-relations-user-id-index.ts +41 -0
- package/alterations/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.ts +43 -0
- package/alterations/1.40.0-1779421396-add-application-access-control-schema.ts +90 -0
- package/alterations-js/1.40.0-1776516232-add-account-center-profile-fields.js +16 -0
- package/alterations-js/1.40.0-1778318116-add-custom-ui-csp-to-sie.js +16 -0
- package/alterations-js/1.40.0-1778500000-add-organization-user-relations-user-id-index.js +37 -0
- package/alterations-js/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.js +39 -0
- package/alterations-js/1.40.0-1779421396-add-application-access-control-schema.js +82 -0
- package/lib/consts/application.d.ts +1 -0
- package/lib/consts/application.js +1 -0
- package/lib/consts/index.d.ts +1 -0
- package/lib/consts/index.js +1 -0
- package/lib/db-entries/account-center.d.ts +6 -2
- package/lib/db-entries/account-center.js +5 -1
- package/lib/db-entries/application-access-control-org-role-relation.d.ts +22 -0
- package/lib/db-entries/application-access-control-org-role-relation.js +33 -0
- package/lib/db-entries/application-access-control-organization-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-organization-relation.js +29 -0
- package/lib/db-entries/application-access-control-user-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-user-relation.js +29 -0
- package/lib/db-entries/application-access-control-user-role-relation.d.ts +20 -0
- package/lib/db-entries/application-access-control-user-role-relation.js +29 -0
- package/lib/db-entries/application.d.ts +3 -1
- package/lib/db-entries/application.js +4 -0
- package/lib/db-entries/index.d.ts +4 -0
- package/lib/db-entries/index.js +4 -0
- package/lib/db-entries/sign-in-experience.d.ts +4 -2
- package/lib/db-entries/sign-in-experience.js +5 -1
- package/lib/foundations/jsonb-types/account-centers.d.ts +26 -0
- package/lib/foundations/jsonb-types/account-centers.js +4 -0
- package/lib/foundations/jsonb-types/applications.d.ts +3 -0
- package/lib/foundations/jsonb-types/applications.js +4 -0
- package/lib/foundations/jsonb-types/applications.test.d.ts +1 -0
- package/lib/foundations/jsonb-types/applications.test.js +23 -0
- package/lib/foundations/jsonb-types/sign-in-experience.d.ts +1 -1
- package/lib/foundations/jsonb-types/sign-in-experience.js +1 -0
- package/lib/foundations/jsonb-types/sign-in-experience.test.d.ts +1 -0
- package/lib/foundations/jsonb-types/sign-in-experience.test.js +18 -0
- package/lib/seeds/application.js +2 -0
- package/lib/seeds/sign-in-experience.d.ts +13 -1
- package/lib/seeds/sign-in-experience.js +10 -1
- package/lib/seeds/sign-in-experience.test.d.ts +1 -0
- package/lib/seeds/sign-in-experience.test.js +27 -0
- package/lib/types/application.d.ts +99 -0
- package/lib/types/application.js +55 -0
- package/lib/types/application.test.d.ts +1 -0
- package/lib/types/application.test.js +120 -0
- package/lib/types/consent.d.ts +6 -0
- package/lib/types/logto-config/index.d.ts +38 -0
- package/lib/types/logto-config/jwt-customizer.d.ts +65 -0
- package/lib/types/saml-application.d.ts +3 -0
- package/lib/types/sign-in-experience.d.ts +14 -0
- package/lib/types/sign-in-experience.js +1 -0
- package/lib/types/system.d.ts +46 -7
- package/lib/types/system.js +9 -0
- package/lib/types/user-assets.d.ts +1 -1
- package/lib/types/user-sessions.d.ts +2516 -0
- package/lib/types/user-sessions.js +21 -0
- package/package.json +5 -5
- package/tables/account_centers.sql +2 -0
- package/tables/application_access_control_org_role_relations.sql +16 -0
- package/tables/application_access_control_organization_relations.sql +12 -0
- package/tables/application_access_control_user_relations.sql +12 -0
- package/tables/application_access_control_user_role_relations.sql +14 -0
- package/tables/applications.sql +1 -0
- package/tables/organization_role_user_relations.sql +3 -0
- package/tables/organization_user_relations.sql +3 -0
- package/tables/sign_in_experiences.sql +1 -0
package/lib/types/application.js
CHANGED
|
@@ -9,6 +9,7 @@ export const featuredApplicationGuard = Applications.guard.pick({
|
|
|
9
9
|
});
|
|
10
10
|
export const applicationCreateGuard = Applications.createGuard
|
|
11
11
|
.omit({
|
|
12
|
+
appLevelAccessControlEnabled: true,
|
|
12
13
|
id: true,
|
|
13
14
|
createdAt: true,
|
|
14
15
|
secret: true,
|
|
@@ -20,6 +21,60 @@ export const applicationPatchGuard = applicationCreateGuard.partial().omit({
|
|
|
20
21
|
type: true,
|
|
21
22
|
isThirdParty: true,
|
|
22
23
|
});
|
|
24
|
+
const applicationAccessControlRuleLimit = 1000;
|
|
25
|
+
const applicationAccessControlRawRuleLimit = applicationAccessControlRuleLimit * 2;
|
|
26
|
+
const uniqueStringArrayGuard = z
|
|
27
|
+
.array(z.string())
|
|
28
|
+
.max(applicationAccessControlRawRuleLimit)
|
|
29
|
+
.transform((values) => [...new Set(values)])
|
|
30
|
+
.pipe(z.array(z.string()).max(applicationAccessControlRuleLimit));
|
|
31
|
+
/** The guard for one organization role access-control rule group. */
|
|
32
|
+
export const applicationAccessControlOrganizationRoleRuleGuard = z.object({
|
|
33
|
+
organizationId: z.string(),
|
|
34
|
+
organizationRoleIds: uniqueStringArrayGuard,
|
|
35
|
+
});
|
|
36
|
+
/** The guard for application-level access control rule payloads. */
|
|
37
|
+
export const applicationAccessControlGuard = z
|
|
38
|
+
.object({
|
|
39
|
+
userIds: uniqueStringArrayGuard,
|
|
40
|
+
userRoleIds: uniqueStringArrayGuard,
|
|
41
|
+
organizationIds: uniqueStringArrayGuard,
|
|
42
|
+
organizationRoleRules: z
|
|
43
|
+
.array(applicationAccessControlOrganizationRoleRuleGuard)
|
|
44
|
+
.max(applicationAccessControlRawRuleLimit),
|
|
45
|
+
})
|
|
46
|
+
.transform(({ organizationRoleRules, ...rest }) => {
|
|
47
|
+
const organizationRoleRulesMap = new Map();
|
|
48
|
+
for (const { organizationId, organizationRoleIds } of organizationRoleRules) {
|
|
49
|
+
const roleIds = organizationRoleRulesMap.get(organizationId) ?? new Set();
|
|
50
|
+
for (const roleId of organizationRoleIds) {
|
|
51
|
+
roleIds.add(roleId);
|
|
52
|
+
}
|
|
53
|
+
organizationRoleRulesMap.set(organizationId, roleIds);
|
|
54
|
+
}
|
|
55
|
+
return {
|
|
56
|
+
...rest,
|
|
57
|
+
organizationRoleRules: [...organizationRoleRulesMap.entries()].map(([organizationId, organizationRoleIds]) => ({
|
|
58
|
+
organizationId,
|
|
59
|
+
organizationRoleIds: [...organizationRoleIds],
|
|
60
|
+
})),
|
|
61
|
+
};
|
|
62
|
+
})
|
|
63
|
+
.pipe(z.object({
|
|
64
|
+
userIds: z.array(z.string()).max(applicationAccessControlRuleLimit),
|
|
65
|
+
userRoleIds: z.array(z.string()).max(applicationAccessControlRuleLimit),
|
|
66
|
+
organizationIds: z.array(z.string()).max(applicationAccessControlRuleLimit),
|
|
67
|
+
organizationRoleRules: z
|
|
68
|
+
.array(applicationAccessControlOrganizationRoleRuleGuard)
|
|
69
|
+
.max(applicationAccessControlRuleLimit),
|
|
70
|
+
}));
|
|
71
|
+
/** Create an empty application-level access control rule set. */
|
|
72
|
+
export const createDefaultApplicationAccessControl = () => ({
|
|
73
|
+
userIds: [],
|
|
74
|
+
userRoleIds: [],
|
|
75
|
+
organizationIds: [],
|
|
76
|
+
organizationRoleRules: [],
|
|
77
|
+
});
|
|
23
78
|
const resourceScopesGuard = z.array(z.object({
|
|
24
79
|
resource: Resources.guard.pick({ id: true, name: true, indicator: true }),
|
|
25
80
|
scopes: z.array(Scopes.guard.pick({ id: true, name: true, description: true })),
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
import { describe, expect, it } from 'vitest';
|
|
2
|
+
import { applicationAccessControlGuard, createDefaultApplicationAccessControl, } from './application.js';
|
|
3
|
+
describe('applicationAccessControlGuard', () => {
|
|
4
|
+
it('deduplicates direct user and role rules', () => {
|
|
5
|
+
expect(applicationAccessControlGuard.parse({
|
|
6
|
+
userIds: ['user-1', 'user-2', 'user-1'],
|
|
7
|
+
userRoleIds: ['role-1', 'role-1', 'role-2'],
|
|
8
|
+
organizationIds: ['organization-1', 'organization-1', 'organization-2'],
|
|
9
|
+
organizationRoleRules: [],
|
|
10
|
+
})).toMatchObject({
|
|
11
|
+
userIds: ['user-1', 'user-2'],
|
|
12
|
+
userRoleIds: ['role-1', 'role-2'],
|
|
13
|
+
organizationIds: ['organization-1', 'organization-2'],
|
|
14
|
+
organizationRoleRules: [],
|
|
15
|
+
});
|
|
16
|
+
});
|
|
17
|
+
it('merges organization role rules by organization', () => {
|
|
18
|
+
expect(applicationAccessControlGuard.parse({
|
|
19
|
+
userIds: [],
|
|
20
|
+
userRoleIds: [],
|
|
21
|
+
organizationIds: [],
|
|
22
|
+
organizationRoleRules: [
|
|
23
|
+
{
|
|
24
|
+
organizationId: 'organization-1',
|
|
25
|
+
organizationRoleIds: ['organization-role-1', 'organization-role-2'],
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
organizationId: 'organization-1',
|
|
29
|
+
organizationRoleIds: ['organization-role-1', 'organization-role-3'],
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
organizationId: 'organization-2',
|
|
33
|
+
organizationRoleIds: ['organization-role-1'],
|
|
34
|
+
},
|
|
35
|
+
],
|
|
36
|
+
})).toMatchObject({
|
|
37
|
+
userIds: [],
|
|
38
|
+
userRoleIds: [],
|
|
39
|
+
organizationIds: [],
|
|
40
|
+
organizationRoleRules: [
|
|
41
|
+
{
|
|
42
|
+
organizationId: 'organization-1',
|
|
43
|
+
organizationRoleIds: [
|
|
44
|
+
'organization-role-1',
|
|
45
|
+
'organization-role-2',
|
|
46
|
+
'organization-role-3',
|
|
47
|
+
],
|
|
48
|
+
},
|
|
49
|
+
{
|
|
50
|
+
organizationId: 'organization-2',
|
|
51
|
+
organizationRoleIds: ['organization-role-1'],
|
|
52
|
+
},
|
|
53
|
+
],
|
|
54
|
+
});
|
|
55
|
+
});
|
|
56
|
+
it('creates a fresh default rule set', () => {
|
|
57
|
+
const first = createDefaultApplicationAccessControl();
|
|
58
|
+
const second = createDefaultApplicationAccessControl();
|
|
59
|
+
expect(first).not.toBe(second);
|
|
60
|
+
expect(first.userIds).not.toBe(second.userIds);
|
|
61
|
+
expect(first.userRoleIds).not.toBe(second.userRoleIds);
|
|
62
|
+
expect(first.organizationIds).not.toBe(second.organizationIds);
|
|
63
|
+
expect(first.organizationRoleRules).not.toBe(second.organizationRoleRules);
|
|
64
|
+
});
|
|
65
|
+
it('rejects oversized rule lists', () => {
|
|
66
|
+
const oversizedIds = Array.from({ length: 1001 }, (_, index) => `id-${index}`);
|
|
67
|
+
const emptyAccessControl = createDefaultApplicationAccessControl();
|
|
68
|
+
expect(() => applicationAccessControlGuard.parse({ ...emptyAccessControl, userIds: oversizedIds })).toThrow();
|
|
69
|
+
expect(() => applicationAccessControlGuard.parse({
|
|
70
|
+
...emptyAccessControl,
|
|
71
|
+
organizationRoleRules: oversizedIds.map((organizationId) => ({
|
|
72
|
+
organizationId,
|
|
73
|
+
organizationRoleIds: [],
|
|
74
|
+
})),
|
|
75
|
+
})).toThrow();
|
|
76
|
+
expect(() => applicationAccessControlGuard.parse({
|
|
77
|
+
...emptyAccessControl,
|
|
78
|
+
organizationRoleRules: [
|
|
79
|
+
{ organizationId: 'organization-1', organizationRoleIds: oversizedIds },
|
|
80
|
+
],
|
|
81
|
+
})).toThrow();
|
|
82
|
+
});
|
|
83
|
+
it('enforces rule list limits after normalization', () => {
|
|
84
|
+
const emptyAccessControl = createDefaultApplicationAccessControl();
|
|
85
|
+
const duplicateHeavyIds = Array.from({ length: 1001 }, () => 'user-1');
|
|
86
|
+
const mergedOrganizationRoleRules = [
|
|
87
|
+
{
|
|
88
|
+
organizationId: 'organization-1',
|
|
89
|
+
organizationRoleIds: Array.from({ length: 1000 }, (_, index) => `role-${index}`),
|
|
90
|
+
},
|
|
91
|
+
{
|
|
92
|
+
organizationId: 'organization-1',
|
|
93
|
+
organizationRoleIds: ['role-1000'],
|
|
94
|
+
},
|
|
95
|
+
];
|
|
96
|
+
expect(applicationAccessControlGuard.parse({ ...emptyAccessControl, userIds: duplicateHeavyIds })).toMatchObject({ userIds: ['user-1'] });
|
|
97
|
+
expect(() => applicationAccessControlGuard.parse({
|
|
98
|
+
...emptyAccessControl,
|
|
99
|
+
organizationRoleRules: mergedOrganizationRoleRules,
|
|
100
|
+
})).toThrow();
|
|
101
|
+
});
|
|
102
|
+
it('rejects overly large raw rule inputs before normalization', () => {
|
|
103
|
+
const emptyAccessControl = createDefaultApplicationAccessControl();
|
|
104
|
+
const oversizedDuplicateIds = Array.from({ length: 2001 }, () => 'id-1');
|
|
105
|
+
expect(() => applicationAccessControlGuard.parse({ ...emptyAccessControl, userIds: oversizedDuplicateIds })).toThrow();
|
|
106
|
+
expect(() => applicationAccessControlGuard.parse({
|
|
107
|
+
...emptyAccessControl,
|
|
108
|
+
organizationRoleRules: oversizedDuplicateIds.map(() => ({
|
|
109
|
+
organizationId: 'organization-1',
|
|
110
|
+
organizationRoleIds: [],
|
|
111
|
+
})),
|
|
112
|
+
})).toThrow();
|
|
113
|
+
expect(() => applicationAccessControlGuard.parse({
|
|
114
|
+
...emptyAccessControl,
|
|
115
|
+
organizationRoleRules: [
|
|
116
|
+
{ organizationId: 'organization-1', organizationRoleIds: oversizedDuplicateIds },
|
|
117
|
+
],
|
|
118
|
+
})).toThrow();
|
|
119
|
+
});
|
|
120
|
+
});
|
package/lib/types/consent.d.ts
CHANGED
|
@@ -179,6 +179,7 @@ export declare const publicApplicationGuard: z.ZodObject<Pick<{
|
|
|
179
179
|
pageRules: {
|
|
180
180
|
path: string;
|
|
181
181
|
}[];
|
|
182
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
182
183
|
customDomains?: {
|
|
183
184
|
status: import("../index.js").DomainStatus;
|
|
184
185
|
domain: string;
|
|
@@ -207,6 +208,7 @@ export declare const publicApplicationGuard: z.ZodObject<Pick<{
|
|
|
207
208
|
pageRules: {
|
|
208
209
|
path: string;
|
|
209
210
|
}[];
|
|
211
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
210
212
|
customDomains?: {
|
|
211
213
|
status: import("../index.js").DomainStatus;
|
|
212
214
|
domain: string;
|
|
@@ -231,6 +233,7 @@ export declare const publicApplicationGuard: z.ZodObject<Pick<{
|
|
|
231
233
|
} | null>;
|
|
232
234
|
customData: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
|
|
233
235
|
isThirdParty: z.ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
236
|
+
appLevelAccessControlEnabled: z.ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
234
237
|
createdAt: z.ZodType<number, z.ZodTypeDef, number>;
|
|
235
238
|
}, "name" | "id">, "strip", z.ZodTypeAny, {
|
|
236
239
|
name: string;
|
|
@@ -502,6 +505,7 @@ export declare const consentInfoResponseGuard: z.ZodObject<{
|
|
|
502
505
|
pageRules: {
|
|
503
506
|
path: string;
|
|
504
507
|
}[];
|
|
508
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
505
509
|
customDomains?: {
|
|
506
510
|
status: import("../index.js").DomainStatus;
|
|
507
511
|
domain: string;
|
|
@@ -530,6 +534,7 @@ export declare const consentInfoResponseGuard: z.ZodObject<{
|
|
|
530
534
|
pageRules: {
|
|
531
535
|
path: string;
|
|
532
536
|
}[];
|
|
537
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
533
538
|
customDomains?: {
|
|
534
539
|
status: import("../index.js").DomainStatus;
|
|
535
540
|
domain: string;
|
|
@@ -554,6 +559,7 @@ export declare const consentInfoResponseGuard: z.ZodObject<{
|
|
|
554
559
|
} | null>;
|
|
555
560
|
customData: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
|
|
556
561
|
isThirdParty: z.ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
562
|
+
appLevelAccessControlEnabled: z.ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
557
563
|
createdAt: z.ZodType<number, z.ZodTypeDef, number>;
|
|
558
564
|
}, "name" | "id"> & {
|
|
559
565
|
displayName: z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>;
|
|
@@ -1270,6 +1270,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1270
1270
|
pageRules: {
|
|
1271
1271
|
path: string;
|
|
1272
1272
|
}[];
|
|
1273
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1273
1274
|
customDomains?: {
|
|
1274
1275
|
status: import("../../index.js").DomainStatus;
|
|
1275
1276
|
domain: string;
|
|
@@ -1298,6 +1299,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1298
1299
|
pageRules: {
|
|
1299
1300
|
path: string;
|
|
1300
1301
|
}[];
|
|
1302
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1301
1303
|
customDomains?: {
|
|
1302
1304
|
status: import("../../index.js").DomainStatus;
|
|
1303
1305
|
domain: string;
|
|
@@ -1321,6 +1323,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1321
1323
|
}[] | undefined;
|
|
1322
1324
|
} | null>>;
|
|
1323
1325
|
isThirdParty: z.ZodOptional<ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
1326
|
+
appLevelAccessControlEnabled: z.ZodOptional<ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
1324
1327
|
}, "strip", z.ZodTypeAny, {
|
|
1325
1328
|
type?: import("../../index.js").ApplicationType | undefined;
|
|
1326
1329
|
name?: string | undefined;
|
|
@@ -1349,6 +1352,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1349
1352
|
pageRules: {
|
|
1350
1353
|
path: string;
|
|
1351
1354
|
}[];
|
|
1355
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1352
1356
|
customDomains?: {
|
|
1353
1357
|
status: import("../../index.js").DomainStatus;
|
|
1354
1358
|
domain: string;
|
|
@@ -1372,6 +1376,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1372
1376
|
}[] | undefined;
|
|
1373
1377
|
} | null | undefined;
|
|
1374
1378
|
isThirdParty?: boolean | undefined;
|
|
1379
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1375
1380
|
}, {
|
|
1376
1381
|
type?: import("../../index.js").ApplicationType | undefined;
|
|
1377
1382
|
name?: string | undefined;
|
|
@@ -1400,6 +1405,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1400
1405
|
pageRules: {
|
|
1401
1406
|
path: string;
|
|
1402
1407
|
}[];
|
|
1408
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1403
1409
|
customDomains?: {
|
|
1404
1410
|
status: import("../../index.js").DomainStatus;
|
|
1405
1411
|
domain: string;
|
|
@@ -1423,6 +1429,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1423
1429
|
}[] | undefined;
|
|
1424
1430
|
} | null | undefined;
|
|
1425
1431
|
isThirdParty?: boolean | undefined;
|
|
1432
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1426
1433
|
}>>;
|
|
1427
1434
|
}, "strip", z.ZodTypeAny, {
|
|
1428
1435
|
user: {
|
|
@@ -1521,6 +1528,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1521
1528
|
pageRules: {
|
|
1522
1529
|
path: string;
|
|
1523
1530
|
}[];
|
|
1531
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1524
1532
|
customDomains?: {
|
|
1525
1533
|
status: import("../../index.js").DomainStatus;
|
|
1526
1534
|
domain: string;
|
|
@@ -1544,6 +1552,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1544
1552
|
}[] | undefined;
|
|
1545
1553
|
} | null | undefined;
|
|
1546
1554
|
isThirdParty?: boolean | undefined;
|
|
1555
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1547
1556
|
} | undefined;
|
|
1548
1557
|
grant?: {
|
|
1549
1558
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -1761,6 +1770,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1761
1770
|
pageRules: {
|
|
1762
1771
|
path: string;
|
|
1763
1772
|
}[];
|
|
1773
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
1764
1774
|
customDomains?: {
|
|
1765
1775
|
status: import("../../index.js").DomainStatus;
|
|
1766
1776
|
domain: string;
|
|
@@ -1784,6 +1794,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1784
1794
|
}[] | undefined;
|
|
1785
1795
|
} | null | undefined;
|
|
1786
1796
|
isThirdParty?: boolean | undefined;
|
|
1797
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1787
1798
|
} | undefined;
|
|
1788
1799
|
grant?: {
|
|
1789
1800
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -2005,6 +2016,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2005
2016
|
pageRules: {
|
|
2006
2017
|
path: string;
|
|
2007
2018
|
}[];
|
|
2019
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
2008
2020
|
customDomains?: {
|
|
2009
2021
|
status: import("../../index.js").DomainStatus;
|
|
2010
2022
|
domain: string;
|
|
@@ -2028,6 +2040,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2028
2040
|
}[] | undefined;
|
|
2029
2041
|
} | null | undefined;
|
|
2030
2042
|
isThirdParty?: boolean | undefined;
|
|
2043
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2031
2044
|
} | undefined;
|
|
2032
2045
|
grant?: {
|
|
2033
2046
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -2263,6 +2276,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2263
2276
|
pageRules: {
|
|
2264
2277
|
path: string;
|
|
2265
2278
|
}[];
|
|
2279
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
2266
2280
|
customDomains?: {
|
|
2267
2281
|
status: import("../../index.js").DomainStatus;
|
|
2268
2282
|
domain: string;
|
|
@@ -2286,6 +2300,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2286
2300
|
}[] | undefined;
|
|
2287
2301
|
} | null | undefined;
|
|
2288
2302
|
isThirdParty?: boolean | undefined;
|
|
2303
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2289
2304
|
} | undefined;
|
|
2290
2305
|
grant?: {
|
|
2291
2306
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -2523,6 +2538,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2523
2538
|
pageRules: {
|
|
2524
2539
|
path: string;
|
|
2525
2540
|
}[];
|
|
2541
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
2526
2542
|
customDomains?: {
|
|
2527
2543
|
status: import("../../index.js").DomainStatus;
|
|
2528
2544
|
domain: string;
|
|
@@ -2546,6 +2562,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2546
2562
|
}[] | undefined;
|
|
2547
2563
|
} | null | undefined;
|
|
2548
2564
|
isThirdParty?: boolean | undefined;
|
|
2565
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2549
2566
|
} | undefined;
|
|
2550
2567
|
grant?: {
|
|
2551
2568
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -2784,6 +2801,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2784
2801
|
pageRules: {
|
|
2785
2802
|
path: string;
|
|
2786
2803
|
}[];
|
|
2804
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
2787
2805
|
customDomains?: {
|
|
2788
2806
|
status: import("../../index.js").DomainStatus;
|
|
2789
2807
|
domain: string;
|
|
@@ -2807,6 +2825,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2807
2825
|
}[] | undefined;
|
|
2808
2826
|
} | null | undefined;
|
|
2809
2827
|
isThirdParty?: boolean | undefined;
|
|
2828
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2810
2829
|
} | undefined;
|
|
2811
2830
|
grant?: {
|
|
2812
2831
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
@@ -3010,6 +3029,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3010
3029
|
pageRules: {
|
|
3011
3030
|
path: string;
|
|
3012
3031
|
}[];
|
|
3032
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3013
3033
|
customDomains?: {
|
|
3014
3034
|
status: import("../../index.js").DomainStatus;
|
|
3015
3035
|
domain: string;
|
|
@@ -3038,6 +3058,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3038
3058
|
pageRules: {
|
|
3039
3059
|
path: string;
|
|
3040
3060
|
}[];
|
|
3061
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3041
3062
|
customDomains?: {
|
|
3042
3063
|
status: import("../../index.js").DomainStatus;
|
|
3043
3064
|
domain: string;
|
|
@@ -3061,6 +3082,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3061
3082
|
}[] | undefined;
|
|
3062
3083
|
} | null>>;
|
|
3063
3084
|
isThirdParty: z.ZodOptional<ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
3085
|
+
appLevelAccessControlEnabled: z.ZodOptional<ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
3064
3086
|
}, "strip", z.ZodTypeAny, {
|
|
3065
3087
|
type?: import("../../index.js").ApplicationType | undefined;
|
|
3066
3088
|
name?: string | undefined;
|
|
@@ -3089,6 +3111,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3089
3111
|
pageRules: {
|
|
3090
3112
|
path: string;
|
|
3091
3113
|
}[];
|
|
3114
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3092
3115
|
customDomains?: {
|
|
3093
3116
|
status: import("../../index.js").DomainStatus;
|
|
3094
3117
|
domain: string;
|
|
@@ -3112,6 +3135,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3112
3135
|
}[] | undefined;
|
|
3113
3136
|
} | null | undefined;
|
|
3114
3137
|
isThirdParty?: boolean | undefined;
|
|
3138
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3115
3139
|
}, {
|
|
3116
3140
|
type?: import("../../index.js").ApplicationType | undefined;
|
|
3117
3141
|
name?: string | undefined;
|
|
@@ -3140,6 +3164,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3140
3164
|
pageRules: {
|
|
3141
3165
|
path: string;
|
|
3142
3166
|
}[];
|
|
3167
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3143
3168
|
customDomains?: {
|
|
3144
3169
|
status: import("../../index.js").DomainStatus;
|
|
3145
3170
|
domain: string;
|
|
@@ -3163,6 +3188,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3163
3188
|
}[] | undefined;
|
|
3164
3189
|
} | null | undefined;
|
|
3165
3190
|
isThirdParty?: boolean | undefined;
|
|
3191
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3166
3192
|
}>>;
|
|
3167
3193
|
}, "strip", z.ZodTypeAny, {
|
|
3168
3194
|
application?: {
|
|
@@ -3193,6 +3219,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3193
3219
|
pageRules: {
|
|
3194
3220
|
path: string;
|
|
3195
3221
|
}[];
|
|
3222
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3196
3223
|
customDomains?: {
|
|
3197
3224
|
status: import("../../index.js").DomainStatus;
|
|
3198
3225
|
domain: string;
|
|
@@ -3216,6 +3243,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3216
3243
|
}[] | undefined;
|
|
3217
3244
|
} | null | undefined;
|
|
3218
3245
|
isThirdParty?: boolean | undefined;
|
|
3246
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3219
3247
|
} | undefined;
|
|
3220
3248
|
}, {
|
|
3221
3249
|
application?: {
|
|
@@ -3246,6 +3274,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3246
3274
|
pageRules: {
|
|
3247
3275
|
path: string;
|
|
3248
3276
|
}[];
|
|
3277
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3249
3278
|
customDomains?: {
|
|
3250
3279
|
status: import("../../index.js").DomainStatus;
|
|
3251
3280
|
domain: string;
|
|
@@ -3269,6 +3298,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3269
3298
|
}[] | undefined;
|
|
3270
3299
|
} | null | undefined;
|
|
3271
3300
|
isThirdParty?: boolean | undefined;
|
|
3301
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3272
3302
|
} | undefined;
|
|
3273
3303
|
}>>;
|
|
3274
3304
|
}, "strict", z.ZodTypeAny, {
|
|
@@ -3303,6 +3333,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3303
3333
|
pageRules: {
|
|
3304
3334
|
path: string;
|
|
3305
3335
|
}[];
|
|
3336
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3306
3337
|
customDomains?: {
|
|
3307
3338
|
status: import("../../index.js").DomainStatus;
|
|
3308
3339
|
domain: string;
|
|
@@ -3326,6 +3357,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3326
3357
|
}[] | undefined;
|
|
3327
3358
|
} | null | undefined;
|
|
3328
3359
|
isThirdParty?: boolean | undefined;
|
|
3360
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3329
3361
|
} | undefined;
|
|
3330
3362
|
} | undefined;
|
|
3331
3363
|
blockIssuanceOnError?: boolean | undefined;
|
|
@@ -3368,6 +3400,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3368
3400
|
pageRules: {
|
|
3369
3401
|
path: string;
|
|
3370
3402
|
}[];
|
|
3403
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3371
3404
|
customDomains?: {
|
|
3372
3405
|
status: import("../../index.js").DomainStatus;
|
|
3373
3406
|
domain: string;
|
|
@@ -3391,6 +3424,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3391
3424
|
}[] | undefined;
|
|
3392
3425
|
} | null | undefined;
|
|
3393
3426
|
isThirdParty?: boolean | undefined;
|
|
3427
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3394
3428
|
} | undefined;
|
|
3395
3429
|
} | undefined;
|
|
3396
3430
|
blockIssuanceOnError?: boolean | undefined;
|
|
@@ -3435,6 +3469,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3435
3469
|
pageRules: {
|
|
3436
3470
|
path: string;
|
|
3437
3471
|
}[];
|
|
3472
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3438
3473
|
customDomains?: {
|
|
3439
3474
|
status: import("../../index.js").DomainStatus;
|
|
3440
3475
|
domain: string;
|
|
@@ -3458,6 +3493,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3458
3493
|
}[] | undefined;
|
|
3459
3494
|
} | null | undefined;
|
|
3460
3495
|
isThirdParty?: boolean | undefined;
|
|
3496
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3461
3497
|
} | undefined;
|
|
3462
3498
|
} | undefined;
|
|
3463
3499
|
blockIssuanceOnError?: boolean | undefined;
|
|
@@ -3503,6 +3539,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3503
3539
|
pageRules: {
|
|
3504
3540
|
path: string;
|
|
3505
3541
|
}[];
|
|
3542
|
+
additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
|
|
3506
3543
|
customDomains?: {
|
|
3507
3544
|
status: import("../../index.js").DomainStatus;
|
|
3508
3545
|
domain: string;
|
|
@@ -3526,6 +3563,7 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
3526
3563
|
}[] | undefined;
|
|
3527
3564
|
} | null | undefined;
|
|
3528
3565
|
isThirdParty?: boolean | undefined;
|
|
3566
|
+
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3529
3567
|
} | undefined;
|
|
3530
3568
|
} | undefined;
|
|
3531
3569
|
blockIssuanceOnError?: boolean | undefined;
|