@logto/schemas 1.40.0 → 1.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/alterations/1.41.0-1779864280-add-password-expiration-policy.ts +23 -0
  2. package/alterations/1.41.0-1779864281-add-is-password-expired-to-users.ts +18 -0
  3. package/alterations/1.41.0-1780358400-drop-oidc-model-instances-legacy-grant-id-index.ts +25 -0
  4. package/alterations/1.41.0-1780381219-add-username-policy.ts +41 -0
  5. package/alterations/1.41.0-1780643665-set-sign-up-profile-fields-default.ts +20 -0
  6. package/alterations/1.41.0-1780906060-add-verification-code-policy.ts +19 -0
  7. package/alterations/1.41.0-1781689400-add-sentinel-activities-created-at-index.ts +25 -0
  8. package/alterations/1.41.0-1782354362-set-admin-account-center-profile-fields.ts +28 -0
  9. package/alterations/1.41.0-1782375106-cover-service-logs-tenant-type-index-with-created-at.ts +36 -0
  10. package/alterations-js/1.41.0-1779864280-add-password-expiration-policy.js +19 -0
  11. package/alterations-js/1.41.0-1779864281-add-is-password-expired-to-users.js +14 -0
  12. package/alterations-js/1.41.0-1780358400-drop-oidc-model-instances-legacy-grant-id-index.js +21 -0
  13. package/alterations-js/1.41.0-1780381219-add-username-policy.js +37 -0
  14. package/alterations-js/1.41.0-1780643665-set-sign-up-profile-fields-default.js +16 -0
  15. package/alterations-js/1.41.0-1780906060-add-verification-code-policy.js +15 -0
  16. package/alterations-js/1.41.0-1781689400-add-sentinel-activities-created-at-index.js +21 -0
  17. package/alterations-js/1.41.0-1782354362-set-admin-account-center-profile-fields.js +23 -0
  18. package/alterations-js/1.41.0-1782375106-cover-service-logs-tenant-type-index-with-created-at.js +32 -0
  19. package/lib/consts/experience.d.ts +2 -0
  20. package/lib/consts/experience.js +2 -0
  21. package/lib/consts/index.d.ts +2 -0
  22. package/lib/consts/index.js +2 -0
  23. package/lib/consts/message-rate-limit.d.ts +65 -0
  24. package/lib/consts/message-rate-limit.js +29 -0
  25. package/lib/consts/message-rate-limit.test.d.ts +1 -0
  26. package/lib/consts/message-rate-limit.test.js +20 -0
  27. package/lib/consts/verification-code.d.ts +10 -0
  28. package/lib/consts/verification-code.js +10 -0
  29. package/lib/db-entries/sign-in-experience.d.ts +10 -4
  30. package/lib/db-entries/sign-in-experience.js +13 -1
  31. package/lib/db-entries/user.d.ts +5 -1
  32. package/lib/db-entries/user.js +8 -0
  33. package/lib/foundations/jsonb-types/account-centers.d.ts +3 -0
  34. package/lib/foundations/jsonb-types/account-centers.js +1 -0
  35. package/lib/foundations/jsonb-types/hooks.d.ts +4 -4
  36. package/lib/foundations/jsonb-types/hooks.js +1 -0
  37. package/lib/foundations/jsonb-types/sentinel.d.ts +16 -1
  38. package/lib/foundations/jsonb-types/sentinel.js +15 -0
  39. package/lib/foundations/jsonb-types/sign-in-experience.d.ts +74 -2
  40. package/lib/foundations/jsonb-types/sign-in-experience.js +19 -0
  41. package/lib/foundations/jsonb-types/sign-in-experience.test.js +49 -1
  42. package/lib/foundations/jsonb-types/users.d.ts +9 -0
  43. package/lib/foundations/jsonb-types/users.js +1 -0
  44. package/lib/seeds/account-center.js +1 -0
  45. package/lib/seeds/sign-in-experience.js +1 -0
  46. package/lib/seeds/sign-in-experience.test.js +5 -1
  47. package/lib/types/consent.d.ts +8 -0
  48. package/lib/types/custom-profile-fields.d.ts +4 -0
  49. package/lib/types/hook.d.ts +2 -2
  50. package/lib/types/interactions.js +3 -1
  51. package/lib/types/logto-config/index.d.ts +69 -4
  52. package/lib/types/logto-config/index.js +12 -0
  53. package/lib/types/logto-config/index.test.js +25 -1
  54. package/lib/types/logto-config/inline-hook.d.ts +76 -0
  55. package/lib/types/logto-config/inline-hook.js +25 -0
  56. package/lib/types/logto-config/jwt-customizer.d.ts +133 -1
  57. package/lib/types/logto-config/jwt-customizer.js +14 -0
  58. package/lib/types/saml-application.d.ts +3 -0
  59. package/lib/types/saml-application.js +3 -0
  60. package/lib/types/sign-in-experience.d.ts +9 -0
  61. package/lib/types/ssr.d.ts +11 -0
  62. package/lib/types/user-assets.d.ts +10 -0
  63. package/lib/types/user-assets.js +17 -0
  64. package/lib/types/user-sessions.d.ts +231 -5
  65. package/lib/types/user-sessions.js +5 -0
  66. package/lib/types/user.d.ts +15 -0
  67. package/lib/types/user.js +1 -0
  68. package/package.json +8 -8
  69. package/tables/oidc_model_instances.sql +0 -8
  70. package/tables/sentinel_activities.sql +4 -0
  71. package/tables/service_logs.sql +2 -2
  72. package/tables/sign_in_experiences.sql +15 -2
  73. package/tables/users.sql +7 -0
@@ -111,6 +111,19 @@ export const jwtCustomizerUserInteractionContextGuard = z.object({
111
111
  export const jwtCustomizerApplicationContextGuard = Applications.guard.omit({
112
112
  secret: true,
113
113
  });
114
+ /**
115
+ * The target organization context for organization (API resource) access tokens.
116
+ *
117
+ * Only populated when the token is being issued for a specific organization (i.e. the
118
+ * `organization_id` request parameter is present), letting the customizer attach per-org
119
+ * claims without embedding every organization the user belongs to.
120
+ */
121
+ export const jwtCustomizerOrganizationContextGuard = Organizations.guard.pick({
122
+ id: true,
123
+ name: true,
124
+ description: true,
125
+ customData: true,
126
+ });
114
127
  export const accessTokenJwtCustomizerGuard = jwtCustomizerGuard
115
128
  .extend({
116
129
  // Use partial token guard since users customization may not rely on all fields.
@@ -121,6 +134,7 @@ export const accessTokenJwtCustomizerGuard = jwtCustomizerGuard
121
134
  grant: jwtCustomizerGrantContextGuard.partial().optional(),
122
135
  interaction: jwtCustomizerUserInteractionContextGuard.partial().optional(),
123
136
  application: jwtCustomizerApplicationContextGuard.partial().optional(),
137
+ organization: jwtCustomizerOrganizationContextGuard.partial().optional(),
124
138
  })
125
139
  .optional(),
126
140
  })
@@ -50,6 +50,7 @@ export declare const samlApplicationPatchGuard: z.ZodObject<{
50
50
  name: z.ZodOptional<z.ZodType<string, z.ZodTypeDef, string>>;
51
51
  customData: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>>>;
52
52
  description: z.ZodOptional<z.ZodOptional<z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>>>;
53
+ appLevelAccessControlEnabled: z.ZodOptional<z.ZodType<boolean, z.ZodTypeDef, boolean>>;
53
54
  attributeMapping: z.ZodOptional<z.ZodType<Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>>, z.ZodTypeDef, Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>>>>;
54
55
  entityId: z.ZodOptional<z.ZodType<string | null, z.ZodTypeDef, string | null>>;
55
56
  acsUrl: z.ZodOptional<z.ZodType<import("../foundations/index.js").SamlAcsUrl | null, z.ZodTypeDef, import("../foundations/index.js").SamlAcsUrl | null>>;
@@ -68,6 +69,7 @@ export declare const samlApplicationPatchGuard: z.ZodObject<{
68
69
  name?: string | undefined;
69
70
  customData?: import("@withtyped/server/lib/types.js").JsonObject;
70
71
  description?: string | null;
72
+ appLevelAccessControlEnabled?: boolean;
71
73
  attributeMapping?: Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>> | undefined;
72
74
  entityId?: string | null | undefined;
73
75
  acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
@@ -81,6 +83,7 @@ export declare const samlApplicationPatchGuard: z.ZodObject<{
81
83
  name?: string | undefined;
82
84
  customData?: import("@withtyped/server/lib/types.js").JsonObject;
83
85
  description?: string | null;
86
+ appLevelAccessControlEnabled?: boolean;
84
87
  attributeMapping?: Partial<Record<"name" | "username" | "email" | "sub" | "nickname" | "profile" | "website" | "gender" | "birthdate" | "zoneinfo" | "locale" | "address" | "given_name" | "family_name" | "middle_name" | "preferred_username" | "picture" | "email_verified" | "phone_number" | "phone_number_verified" | "updated_at" | "created_at" | "custom_data" | "identities" | "sso_identities" | "roles" | "organizations" | "organization_data" | "organization_roles", string>> | undefined;
85
88
  entityId?: string | null | undefined;
86
89
  acsUrl?: import("../foundations/index.js").SamlAcsUrl | null | undefined;
@@ -26,6 +26,9 @@ export const samlApplicationPatchGuard = applicationPatchGuard
26
26
  description: true,
27
27
  customData: true,
28
28
  })
29
+ .merge(Applications.createGuard.pick({
30
+ appLevelAccessControlEnabled: true,
31
+ }))
29
32
  // The reason for encapsulating attributeMapping and spMetadata into an object within the config field is that you cannot provide only one of `attributeMapping` or `spMetadata`. Due to the structure of the `saml_application_configs` table, both must be not null.
30
33
  .merge(samlAppConfigGuard.partial())
31
34
  .extend({ nameIdFormat: nameIdFormatGuard.optional() });
@@ -150,6 +150,7 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
150
150
  }>;
151
151
  sentinelPolicy: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy>;
152
152
  emailBlocklistPolicy: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").EmailBlocklistPolicy, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").EmailBlocklistPolicy>;
153
+ verificationCodePolicy: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").VerificationCodePolicy, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").VerificationCodePolicy>;
153
154
  forgotPasswordMethods: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").ForgotPasswordMethod[] | null, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").ForgotPasswordMethod[] | null>;
154
155
  passkeySignIn: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").PasskeySignIn, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").PasskeySignIn>;
155
156
  signUpProfileFields: z.ZodType<{
@@ -157,6 +158,8 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
157
158
  }[] | null, z.ZodTypeDef, {
158
159
  name: string;
159
160
  }[] | null>;
161
+ passwordExpiration: z.ZodType<import("../foundations/jsonb-types/sign-in-experience.js").PasswordExpirationPolicy, z.ZodTypeDef, import("../foundations/jsonb-types/sign-in-experience.js").PasswordExpirationPolicy>;
162
+ usernamePolicy: z.ZodType<import("../foundations/jsonb-types/index.js").UsernamePolicy, z.ZodTypeDef, import("../foundations/jsonb-types/index.js").UsernamePolicy>;
160
163
  }, "forgotPasswordMethods"> & {
161
164
  socialConnectors: z.ZodArray<z.ZodObject<Omit<{
162
165
  id: z.ZodString;
@@ -738,8 +741,11 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
738
741
  captchaPolicy: import("../foundations/jsonb-types/sign-in-experience.js").CaptchaPolicy;
739
742
  sentinelPolicy: import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy;
740
743
  emailBlocklistPolicy: import("../foundations/jsonb-types/sign-in-experience.js").EmailBlocklistPolicy;
744
+ verificationCodePolicy: import("../foundations/jsonb-types/sign-in-experience.js").VerificationCodePolicy;
741
745
  passkeySignIn: import("../foundations/jsonb-types/sign-in-experience.js").PasskeySignIn;
742
746
  signUpProfileFields: import("../foundations/jsonb-types/sign-in-experience.js").SignUpProfileFields | null;
747
+ passwordExpiration: import("../foundations/jsonb-types/sign-in-experience.js").PasswordExpirationPolicy;
748
+ usernamePolicy: import("../foundations/jsonb-types/index.js").UsernamePolicy;
743
749
  socialConnectors: {
744
750
  name: {
745
751
  en: string;
@@ -938,8 +944,11 @@ export declare const fullSignInExperienceGuard: z.ZodObject<Omit<{
938
944
  captchaPolicy: import("../foundations/jsonb-types/sign-in-experience.js").CaptchaPolicy;
939
945
  sentinelPolicy: import("../foundations/jsonb-types/sign-in-experience.js").SentinelPolicy;
940
946
  emailBlocklistPolicy: import("../foundations/jsonb-types/sign-in-experience.js").EmailBlocklistPolicy;
947
+ verificationCodePolicy: import("../foundations/jsonb-types/sign-in-experience.js").VerificationCodePolicy;
941
948
  passkeySignIn: import("../foundations/jsonb-types/sign-in-experience.js").PasskeySignIn;
942
949
  signUpProfileFields: import("../foundations/jsonb-types/sign-in-experience.js").SignUpProfileFields | null;
950
+ passwordExpiration: import("../foundations/jsonb-types/sign-in-experience.js").PasswordExpirationPolicy;
951
+ usernamePolicy: import("../foundations/jsonb-types/index.js").UsernamePolicy;
943
952
  socialConnectors: {
944
953
  name: {
945
954
  en: string;
@@ -1,4 +1,5 @@
1
1
  import { type LocalePhrase } from '@logto/phrases-experience';
2
+ import { type SignInExperience } from '../db-entries/index.js';
2
3
  import { type FullSignInExperience } from './sign-in-experience.js';
3
4
  /**
4
5
  * The server-side rendering data type for **experience**.
@@ -15,6 +16,16 @@ export type SsrData = {
15
16
  data: LocalePhrase;
16
17
  };
17
18
  };
19
+ /**
20
+ * The server-side rendering data type for **account center**. Only sign-in experience color/theme
21
+ * data is needed for theme flash prevention.
22
+ */
23
+ export type AccountCenterSsrSignInExperience = Pick<SignInExperience, 'color'>;
24
+ export type AccountCenterSsrData = {
25
+ signInExperience: {
26
+ data: AccountCenterSsrSignInExperience;
27
+ };
28
+ };
18
29
  /**
19
30
  * Variable placeholder for **experience** server-side rendering. The value should be replaced by
20
31
  * the server.
@@ -7,14 +7,18 @@ export declare const userAssetsServiceStatusGuard: z.ZodObject<{
7
7
  status: z.ZodUnion<[z.ZodLiteral<"ready">, z.ZodLiteral<"not_configured">]>;
8
8
  allowUploadMimeTypes: z.ZodOptional<z.ZodArray<z.ZodEnum<["image/jpeg", "image/png", "image/gif", "image/vnd.microsoft.icon", "image/x-icon", "image/svg+xml", "image/tiff", "image/webp", "image/bmp", "application/zip"]>, "many">>;
9
9
  maxUploadFileSize: z.ZodOptional<z.ZodNumber>;
10
+ /** Whether Experience avatar upload during sign-up is available on this server. */
11
+ isExperienceAvatarUploadEnabled: z.ZodOptional<z.ZodBoolean>;
10
12
  }, "strip", z.ZodTypeAny, {
11
13
  status: "ready" | "not_configured";
12
14
  allowUploadMimeTypes?: ("image/jpeg" | "image/png" | "image/gif" | "image/vnd.microsoft.icon" | "image/x-icon" | "image/svg+xml" | "image/tiff" | "image/webp" | "image/bmp" | "application/zip")[] | undefined;
13
15
  maxUploadFileSize?: number | undefined;
16
+ isExperienceAvatarUploadEnabled?: boolean | undefined;
14
17
  }, {
15
18
  status: "ready" | "not_configured";
16
19
  allowUploadMimeTypes?: ("image/jpeg" | "image/png" | "image/gif" | "image/vnd.microsoft.icon" | "image/x-icon" | "image/svg+xml" | "image/tiff" | "image/webp" | "image/bmp" | "application/zip")[] | undefined;
17
20
  maxUploadFileSize?: number | undefined;
21
+ isExperienceAvatarUploadEnabled?: boolean | undefined;
18
22
  }>;
19
23
  export type UserAssetsServiceStatus = z.infer<typeof userAssetsServiceStatusGuard>;
20
24
  export declare const userAssetsGuard: z.ZodObject<{
@@ -45,4 +49,10 @@ type MimeTypeToFileExtensionMappings = {
45
49
  [key in AllowedUploadMimeType]: readonly [string, ...string[]];
46
50
  };
47
51
  export declare const mimeTypeToFileExtensionMappings: MimeTypeToFileExtensionMappings;
52
+ /** MIME types allowed for avatar uploads (Experience, Account Center, Console). */
53
+ export declare const avatarMimeTypes: readonly ["image/jpeg", "image/png", "image/gif", "image/webp", "image/bmp"];
54
+ export type AvatarMimeType = (typeof avatarMimeTypes)[number];
55
+ export declare const isAvatarMimeType: (mimeType: string) => mimeType is AvatarMimeType;
56
+ export declare const avatarFileAccept: string;
57
+ export declare const avatarFileExtensionsLabel: string;
48
58
  export {};
@@ -18,6 +18,8 @@ export const userAssetsServiceStatusGuard = z.object({
18
18
  status: z.union([z.literal('ready'), z.literal('not_configured')]),
19
19
  allowUploadMimeTypes: z.array(allowUploadMimeTypeGuard).optional(),
20
20
  maxUploadFileSize: z.number().optional(),
21
+ /** Whether Experience avatar upload during sign-up is available on this server. */
22
+ isExperienceAvatarUploadEnabled: z.boolean().optional(),
21
23
  });
22
24
  export const userAssetsGuard = z.object({
23
25
  url: z.string(),
@@ -40,3 +42,18 @@ export const mimeTypeToFileExtensionMappings = Object.freeze({
40
42
  'image/bmp': ['bmp'],
41
43
  'application/zip': ['zip'],
42
44
  });
45
+ /** MIME types allowed for avatar uploads (Experience, Account Center, Console). */
46
+ export const avatarMimeTypes = [
47
+ 'image/jpeg',
48
+ 'image/png',
49
+ 'image/gif',
50
+ 'image/webp',
51
+ 'image/bmp',
52
+ ];
53
+ const avatarMimeTypeSet = new Set(avatarMimeTypes);
54
+ export const isAvatarMimeType = (mimeType) => avatarMimeTypeSet.has(mimeType);
55
+ export const avatarFileAccept = avatarMimeTypes.join(',');
56
+ const formatAvatarExtensionLabel = (extension) => extension === 'webp' ? 'WebP' : extension.toUpperCase();
57
+ export const avatarFileExtensionsLabel = avatarMimeTypes
58
+ .map((mimeType) => formatAvatarExtensionLabel(mimeTypeToFileExtensionMappings[mimeType][0]))
59
+ .join(', ');
@@ -621,7 +621,7 @@ export declare const userExtendedSessionGuard: z.ZodObject<{
621
621
  type: import("../foundations/index.js").SignInIdentifier;
622
622
  }>;
623
623
  passwordEncrypted: z.ZodOptional<z.ZodString>;
624
- passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../index.js").UsersPasswordEncryptionMethod.Argon2i>>;
624
+ passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../db-entries/custom-types.js").UsersPasswordEncryptionMethod.Argon2i>>;
625
625
  }, "passwordEncrypted" | "passwordEncryptionMethod">, "strip", z.ZodTypeAny, {
626
626
  type: import("./index.js").VerificationType.NewPasswordIdentity;
627
627
  id: string;
@@ -1725,7 +1725,7 @@ export declare const getUserSessionsResponseGuard: z.ZodObject<{
1725
1725
  type: import("../foundations/index.js").SignInIdentifier;
1726
1726
  }>;
1727
1727
  passwordEncrypted: z.ZodOptional<z.ZodString>;
1728
- passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../index.js").UsersPasswordEncryptionMethod.Argon2i>>;
1728
+ passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../db-entries/custom-types.js").UsersPasswordEncryptionMethod.Argon2i>>;
1729
1729
  }, "passwordEncrypted" | "passwordEncryptionMethod">, "strip", z.ZodTypeAny, {
1730
1730
  type: import("./index.js").VerificationType.NewPasswordIdentity;
1731
1731
  id: string;
@@ -3105,7 +3105,7 @@ export declare const getUserSessionResponseGuard: z.ZodObject<{
3105
3105
  type: import("../foundations/index.js").SignInIdentifier;
3106
3106
  }>;
3107
3107
  passwordEncrypted: z.ZodOptional<z.ZodString>;
3108
- passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../index.js").UsersPasswordEncryptionMethod.Argon2i>>;
3108
+ passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../db-entries/custom-types.js").UsersPasswordEncryptionMethod.Argon2i>>;
3109
3109
  }, "passwordEncrypted" | "passwordEncryptionMethod">, "strip", z.ZodTypeAny, {
3110
3110
  type: import("./index.js").VerificationType.NewPasswordIdentity;
3111
3111
  id: string;
@@ -4218,7 +4218,7 @@ export declare const accountUserExtendedSessionGuard: z.ZodObject<{
4218
4218
  type: import("../foundations/index.js").SignInIdentifier;
4219
4219
  }>;
4220
4220
  passwordEncrypted: z.ZodOptional<z.ZodString>;
4221
- passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../index.js").UsersPasswordEncryptionMethod.Argon2i>>;
4221
+ passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../db-entries/custom-types.js").UsersPasswordEncryptionMethod.Argon2i>>;
4222
4222
  }, "passwordEncrypted" | "passwordEncryptionMethod">, "strip", z.ZodTypeAny, {
4223
4223
  type: import("./index.js").VerificationType.NewPasswordIdentity;
4224
4224
  id: string;
@@ -5333,7 +5333,7 @@ export declare const getAccountUserSessionsResponseGuard: z.ZodObject<{
5333
5333
  type: import("../foundations/index.js").SignInIdentifier;
5334
5334
  }>;
5335
5335
  passwordEncrypted: z.ZodOptional<z.ZodString>;
5336
- passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../index.js").UsersPasswordEncryptionMethod.Argon2i>>;
5336
+ passwordEncryptionMethod: z.ZodOptional<z.ZodLiteral<import("../db-entries/custom-types.js").UsersPasswordEncryptionMethod.Argon2i>>;
5337
5337
  }, "passwordEncrypted" | "passwordEncryptionMethod">, "strip", z.ZodTypeAny, {
5338
5338
  type: import("./index.js").VerificationType.NewPasswordIdentity;
5339
5339
  id: string;
@@ -6203,9 +6203,114 @@ export declare const userApplicationGrantGuard: z.ZodObject<{
6203
6203
  accountId: z.ZodString;
6204
6204
  }, z.ZodUnknown, "strip">>;
6205
6205
  expiresAt: z.ZodNumber;
6206
+ application: z.ZodObject<Pick<{
6207
+ tenantId: z.ZodType<string, z.ZodTypeDef, string>;
6208
+ id: z.ZodType<string, z.ZodTypeDef, string>;
6209
+ name: z.ZodType<string, z.ZodTypeDef, string>;
6210
+ secret: z.ZodType<string, z.ZodTypeDef, string>;
6211
+ description: z.ZodType<string | null, z.ZodTypeDef, string | null>;
6212
+ type: z.ZodType<import("../db-entries/custom-types.js").ApplicationType, z.ZodTypeDef, import("../db-entries/custom-types.js").ApplicationType>;
6213
+ oidcClientMetadata: z.ZodType<import("../foundations/index.js").OidcClientMetadata, z.ZodTypeDef, import("../foundations/index.js").OidcClientMetadata>;
6214
+ customClientMetadata: z.ZodType<{
6215
+ corsAllowedOrigins?: string[] | undefined;
6216
+ idTokenTtl?: number | undefined;
6217
+ refreshTokenTtl?: number | undefined;
6218
+ refreshTokenTtlInDays?: number | undefined;
6219
+ tenantId?: string | undefined;
6220
+ alwaysIssueRefreshToken?: boolean | undefined;
6221
+ rotateRefreshToken?: boolean | undefined;
6222
+ allowTokenExchange?: boolean | undefined;
6223
+ isDeviceFlow?: boolean | undefined;
6224
+ maxAllowedGrants?: number | undefined;
6225
+ }, z.ZodTypeDef, {
6226
+ corsAllowedOrigins?: string[] | undefined;
6227
+ idTokenTtl?: number | undefined;
6228
+ refreshTokenTtl?: number | undefined;
6229
+ refreshTokenTtlInDays?: number | undefined;
6230
+ tenantId?: string | undefined;
6231
+ alwaysIssueRefreshToken?: boolean | undefined;
6232
+ rotateRefreshToken?: boolean | undefined;
6233
+ allowTokenExchange?: boolean | undefined;
6234
+ isDeviceFlow?: boolean | undefined;
6235
+ maxAllowedGrants?: number | undefined;
6236
+ }>;
6237
+ protectedAppMetadata: z.ZodType<{
6238
+ host: string;
6239
+ origin: string;
6240
+ sessionDuration: number;
6241
+ pageRules: {
6242
+ path: string;
6243
+ }[];
6244
+ additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
6245
+ customDomains?: {
6246
+ status: import("../foundations/index.js").DomainStatus;
6247
+ domain: string;
6248
+ errorMessage: string | null;
6249
+ dnsRecords: {
6250
+ value: string;
6251
+ type: string;
6252
+ name: string;
6253
+ }[];
6254
+ cloudflareData: {
6255
+ status: string;
6256
+ id: string;
6257
+ ssl: {
6258
+ status: string;
6259
+ validation_errors?: {
6260
+ message: string;
6261
+ }[] | undefined;
6262
+ };
6263
+ verification_errors?: string[] | undefined;
6264
+ } | null;
6265
+ }[] | undefined;
6266
+ } | null, z.ZodTypeDef, {
6267
+ host: string;
6268
+ origin: string;
6269
+ sessionDuration: number;
6270
+ pageRules: {
6271
+ path: string;
6272
+ }[];
6273
+ additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
6274
+ customDomains?: {
6275
+ status: import("../foundations/index.js").DomainStatus;
6276
+ domain: string;
6277
+ errorMessage: string | null;
6278
+ dnsRecords: {
6279
+ value: string;
6280
+ type: string;
6281
+ name: string;
6282
+ }[];
6283
+ cloudflareData: {
6284
+ status: string;
6285
+ id: string;
6286
+ ssl: {
6287
+ status: string;
6288
+ validation_errors?: {
6289
+ message: string;
6290
+ }[] | undefined;
6291
+ };
6292
+ verification_errors?: string[] | undefined;
6293
+ } | null;
6294
+ }[] | undefined;
6295
+ } | null>;
6296
+ customData: z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
6297
+ isThirdParty: z.ZodType<boolean, z.ZodTypeDef, boolean>;
6298
+ appLevelAccessControlEnabled: z.ZodType<boolean, z.ZodTypeDef, boolean>;
6299
+ createdAt: z.ZodType<number, z.ZodTypeDef, number>;
6300
+ }, "name" | "id">, "strip", z.ZodTypeAny, {
6301
+ name: string;
6302
+ id: string;
6303
+ }, {
6304
+ name: string;
6305
+ id: string;
6306
+ }>;
6206
6307
  }, "strip", z.ZodTypeAny, {
6207
6308
  id: string;
6208
6309
  expiresAt: number;
6310
+ application: {
6311
+ name: string;
6312
+ id: string;
6313
+ };
6209
6314
  payload: {
6210
6315
  exp: number;
6211
6316
  iat: number;
@@ -6219,6 +6324,10 @@ export declare const userApplicationGrantGuard: z.ZodObject<{
6219
6324
  }, {
6220
6325
  id: string;
6221
6326
  expiresAt: number;
6327
+ application: {
6328
+ name: string;
6329
+ id: string;
6330
+ };
6222
6331
  payload: {
6223
6332
  exp: number;
6224
6333
  iat: number;
@@ -6263,9 +6372,114 @@ export declare const getUserApplicationGrantsResponseGuard: z.ZodObject<{
6263
6372
  accountId: z.ZodString;
6264
6373
  }, z.ZodUnknown, "strip">>;
6265
6374
  expiresAt: z.ZodNumber;
6375
+ application: z.ZodObject<Pick<{
6376
+ tenantId: z.ZodType<string, z.ZodTypeDef, string>;
6377
+ id: z.ZodType<string, z.ZodTypeDef, string>;
6378
+ name: z.ZodType<string, z.ZodTypeDef, string>;
6379
+ secret: z.ZodType<string, z.ZodTypeDef, string>;
6380
+ description: z.ZodType<string | null, z.ZodTypeDef, string | null>;
6381
+ type: z.ZodType<import("../db-entries/custom-types.js").ApplicationType, z.ZodTypeDef, import("../db-entries/custom-types.js").ApplicationType>;
6382
+ oidcClientMetadata: z.ZodType<import("../foundations/index.js").OidcClientMetadata, z.ZodTypeDef, import("../foundations/index.js").OidcClientMetadata>;
6383
+ customClientMetadata: z.ZodType<{
6384
+ corsAllowedOrigins?: string[] | undefined;
6385
+ idTokenTtl?: number | undefined;
6386
+ refreshTokenTtl?: number | undefined;
6387
+ refreshTokenTtlInDays?: number | undefined;
6388
+ tenantId?: string | undefined;
6389
+ alwaysIssueRefreshToken?: boolean | undefined;
6390
+ rotateRefreshToken?: boolean | undefined;
6391
+ allowTokenExchange?: boolean | undefined;
6392
+ isDeviceFlow?: boolean | undefined;
6393
+ maxAllowedGrants?: number | undefined;
6394
+ }, z.ZodTypeDef, {
6395
+ corsAllowedOrigins?: string[] | undefined;
6396
+ idTokenTtl?: number | undefined;
6397
+ refreshTokenTtl?: number | undefined;
6398
+ refreshTokenTtlInDays?: number | undefined;
6399
+ tenantId?: string | undefined;
6400
+ alwaysIssueRefreshToken?: boolean | undefined;
6401
+ rotateRefreshToken?: boolean | undefined;
6402
+ allowTokenExchange?: boolean | undefined;
6403
+ isDeviceFlow?: boolean | undefined;
6404
+ maxAllowedGrants?: number | undefined;
6405
+ }>;
6406
+ protectedAppMetadata: z.ZodType<{
6407
+ host: string;
6408
+ origin: string;
6409
+ sessionDuration: number;
6410
+ pageRules: {
6411
+ path: string;
6412
+ }[];
6413
+ additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
6414
+ customDomains?: {
6415
+ status: import("../foundations/index.js").DomainStatus;
6416
+ domain: string;
6417
+ errorMessage: string | null;
6418
+ dnsRecords: {
6419
+ value: string;
6420
+ type: string;
6421
+ name: string;
6422
+ }[];
6423
+ cloudflareData: {
6424
+ status: string;
6425
+ id: string;
6426
+ ssl: {
6427
+ status: string;
6428
+ validation_errors?: {
6429
+ message: string;
6430
+ }[] | undefined;
6431
+ };
6432
+ verification_errors?: string[] | undefined;
6433
+ } | null;
6434
+ }[] | undefined;
6435
+ } | null, z.ZodTypeDef, {
6436
+ host: string;
6437
+ origin: string;
6438
+ sessionDuration: number;
6439
+ pageRules: {
6440
+ path: string;
6441
+ }[];
6442
+ additionalScopes?: (import("@logto/core-kit").UserScope.CustomData | import("@logto/core-kit").UserScope.Identities | import("@logto/core-kit").UserScope.Roles | import("@logto/core-kit").UserScope.Organizations | import("@logto/core-kit").UserScope.OrganizationRoles)[] | undefined;
6443
+ customDomains?: {
6444
+ status: import("../foundations/index.js").DomainStatus;
6445
+ domain: string;
6446
+ errorMessage: string | null;
6447
+ dnsRecords: {
6448
+ value: string;
6449
+ type: string;
6450
+ name: string;
6451
+ }[];
6452
+ cloudflareData: {
6453
+ status: string;
6454
+ id: string;
6455
+ ssl: {
6456
+ status: string;
6457
+ validation_errors?: {
6458
+ message: string;
6459
+ }[] | undefined;
6460
+ };
6461
+ verification_errors?: string[] | undefined;
6462
+ } | null;
6463
+ }[] | undefined;
6464
+ } | null>;
6465
+ customData: z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
6466
+ isThirdParty: z.ZodType<boolean, z.ZodTypeDef, boolean>;
6467
+ appLevelAccessControlEnabled: z.ZodType<boolean, z.ZodTypeDef, boolean>;
6468
+ createdAt: z.ZodType<number, z.ZodTypeDef, number>;
6469
+ }, "name" | "id">, "strip", z.ZodTypeAny, {
6470
+ name: string;
6471
+ id: string;
6472
+ }, {
6473
+ name: string;
6474
+ id: string;
6475
+ }>;
6266
6476
  }, "strip", z.ZodTypeAny, {
6267
6477
  id: string;
6268
6478
  expiresAt: number;
6479
+ application: {
6480
+ name: string;
6481
+ id: string;
6482
+ };
6269
6483
  payload: {
6270
6484
  exp: number;
6271
6485
  iat: number;
@@ -6279,6 +6493,10 @@ export declare const getUserApplicationGrantsResponseGuard: z.ZodObject<{
6279
6493
  }, {
6280
6494
  id: string;
6281
6495
  expiresAt: number;
6496
+ application: {
6497
+ name: string;
6498
+ id: string;
6499
+ };
6282
6500
  payload: {
6283
6501
  exp: number;
6284
6502
  iat: number;
@@ -6294,6 +6512,10 @@ export declare const getUserApplicationGrantsResponseGuard: z.ZodObject<{
6294
6512
  grants: {
6295
6513
  id: string;
6296
6514
  expiresAt: number;
6515
+ application: {
6516
+ name: string;
6517
+ id: string;
6518
+ };
6297
6519
  payload: {
6298
6520
  exp: number;
6299
6521
  iat: number;
@@ -6309,6 +6531,10 @@ export declare const getUserApplicationGrantsResponseGuard: z.ZodObject<{
6309
6531
  grants: {
6310
6532
  id: string;
6311
6533
  expiresAt: number;
6534
+ application: {
6535
+ name: string;
6536
+ id: string;
6537
+ };
6312
6538
  payload: {
6313
6539
  exp: number;
6314
6540
  iat: number;
@@ -1,4 +1,5 @@
1
1
  import { z } from 'zod';
2
+ import { Applications } from '../db-entries/index.js';
2
3
  import { oidcSessionInstancePayloadGuard } from '../foundations/index.js';
3
4
  import { jwtCustomizerUserInteractionContextGuard } from './logto-config/jwt-customizer.js';
4
5
  export const userSessionSignInContextGuard = z
@@ -72,6 +73,10 @@ export const userApplicationGrantGuard = z.object({
72
73
  id: z.string(),
73
74
  payload: userApplicationGrantPayloadGuard,
74
75
  expiresAt: z.number(),
76
+ application: Applications.guard.pick({
77
+ id: true,
78
+ name: true,
79
+ }),
75
80
  });
76
81
  export const getUserApplicationGrantsResponseGuard = z.object({
77
82
  grants: z.array(userApplicationGrantGuard),
@@ -68,6 +68,7 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
68
68
  id: string;
69
69
  key: string;
70
70
  createdAt: string;
71
+ lastUsedTimeStep?: number | undefined;
71
72
  lastUsedAt?: string | undefined;
72
73
  } | {
73
74
  type: MfaFactor.WebAuthn;
@@ -95,6 +96,7 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
95
96
  id: string;
96
97
  key: string;
97
98
  createdAt: string;
99
+ lastUsedTimeStep?: number | undefined;
98
100
  lastUsedAt?: string | undefined;
99
101
  } | {
100
102
  type: MfaFactor.WebAuthn;
@@ -119,7 +121,9 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
119
121
  lastUsedAt?: string | undefined;
120
122
  })[]>;
121
123
  isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
124
+ isPasswordExpired: z.ZodType<boolean, z.ZodTypeDef, boolean>;
122
125
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
126
+ passwordUpdatedAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
123
127
  createdAt: z.ZodType<number, z.ZodTypeDef, number>;
124
128
  updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
125
129
  }, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "identities" | "updatedAt" | "lastSignInAt" | "primaryEmail" | "primaryPhone" | "isSuspended">, "strip", z.ZodTypeAny, {
@@ -220,6 +224,7 @@ export declare const userProfileResponseGuard: z.ZodObject<Pick<{
220
224
  id: string;
221
225
  key: string;
222
226
  createdAt: string;
227
+ lastUsedTimeStep?: number | undefined;
223
228
  lastUsedAt?: string | undefined;
224
229
  } | {
225
230
  type: MfaFactor.WebAuthn;
@@ -247,6 +252,7 @@ export declare const userProfileResponseGuard: z.ZodObject<Pick<{
247
252
  id: string;
248
253
  key: string;
249
254
  createdAt: string;
255
+ lastUsedTimeStep?: number | undefined;
250
256
  lastUsedAt?: string | undefined;
251
257
  } | {
252
258
  type: MfaFactor.WebAuthn;
@@ -271,11 +277,14 @@ export declare const userProfileResponseGuard: z.ZodObject<Pick<{
271
277
  lastUsedAt?: string | undefined;
272
278
  })[]>;
273
279
  isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
280
+ isPasswordExpired: z.ZodType<boolean, z.ZodTypeDef, boolean>;
274
281
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
282
+ passwordUpdatedAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
275
283
  createdAt: z.ZodType<number, z.ZodTypeDef, number>;
276
284
  updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
277
285
  }, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "identities" | "updatedAt" | "lastSignInAt" | "primaryEmail" | "primaryPhone" | "isSuspended"> & {
278
286
  hasPassword: z.ZodOptional<z.ZodBoolean>;
287
+ hasSecurityVerificationMethod: z.ZodOptional<z.ZodBoolean>;
279
288
  ssoIdentities: z.ZodOptional<z.ZodArray<import("../foundations/schemas.js").Guard<import("../db-entries/user-sso-identity.js").UserSsoIdentity>, "many">>;
280
289
  }, "strip", z.ZodTypeAny, {
281
290
  name: string | null;
@@ -293,6 +302,7 @@ export declare const userProfileResponseGuard: z.ZodObject<Pick<{
293
302
  primaryPhone: string | null;
294
303
  isSuspended: boolean;
295
304
  hasPassword?: boolean | undefined;
305
+ hasSecurityVerificationMethod?: boolean | undefined;
296
306
  ssoIdentities?: import("../db-entries/user-sso-identity.js").UserSsoIdentity[] | undefined;
297
307
  }, {
298
308
  name: string | null;
@@ -310,6 +320,7 @@ export declare const userProfileResponseGuard: z.ZodObject<Pick<{
310
320
  primaryPhone: string | null;
311
321
  isSuspended: boolean;
312
322
  hasPassword?: boolean | undefined;
323
+ hasSecurityVerificationMethod?: boolean | undefined;
313
324
  ssoIdentities?: import("../db-entries/user-sso-identity.js").UserSsoIdentity[] | undefined;
314
325
  }>;
315
326
  export type UserProfileResponse = z.infer<typeof userProfileResponseGuard>;
@@ -433,6 +444,7 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
433
444
  id: string;
434
445
  key: string;
435
446
  createdAt: string;
447
+ lastUsedTimeStep?: number | undefined;
436
448
  lastUsedAt?: string | undefined;
437
449
  } | {
438
450
  type: MfaFactor.WebAuthn;
@@ -460,6 +472,7 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
460
472
  id: string;
461
473
  key: string;
462
474
  createdAt: string;
475
+ lastUsedTimeStep?: number | undefined;
463
476
  lastUsedAt?: string | undefined;
464
477
  } | {
465
478
  type: MfaFactor.WebAuthn;
@@ -484,7 +497,9 @@ export declare const featuredUserGuard: z.ZodObject<Pick<{
484
497
  lastUsedAt?: string | undefined;
485
498
  })[]>;
486
499
  isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
500
+ isPasswordExpired: z.ZodType<boolean, z.ZodTypeDef, boolean>;
487
501
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
502
+ passwordUpdatedAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
488
503
  createdAt: z.ZodType<number, z.ZodTypeDef, number>;
489
504
  updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
490
505
  }, "name" | "id" | "avatar">, "strip", z.ZodTypeAny, {
package/lib/types/user.js CHANGED
@@ -23,6 +23,7 @@ export const userInfoGuard = Users.guard.pick(
23
23
  Object.fromEntries(userInfoSelectFields.map((field) => [field, true])));
24
24
  export const userProfileResponseGuard = userInfoGuard.extend({
25
25
  hasPassword: z.boolean().optional(),
26
+ hasSecurityVerificationMethod: z.boolean().optional(),
26
27
  ssoIdentities: z.array(UserSsoIdentities.guard).optional(),
27
28
  });
28
29
  export const userMfaVerificationResponseGuard = z