@logto/schemas 1.40.1 → 1.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/alterations/1.41.0-1779864280-add-password-expiration-policy.ts +23 -0
  2. package/alterations/1.41.0-1779864281-add-is-password-expired-to-users.ts +18 -0
  3. package/alterations/1.41.0-1780358400-drop-oidc-model-instances-legacy-grant-id-index.ts +25 -0
  4. package/alterations/1.41.0-1780381219-add-username-policy.ts +41 -0
  5. package/alterations/1.41.0-1780643665-set-sign-up-profile-fields-default.ts +20 -0
  6. package/alterations/1.41.0-1780906060-add-verification-code-policy.ts +19 -0
  7. package/alterations/1.41.0-1781689400-add-sentinel-activities-created-at-index.ts +25 -0
  8. package/alterations/1.41.0-1782354362-set-admin-account-center-profile-fields.ts +28 -0
  9. package/alterations/1.41.0-1782375106-cover-service-logs-tenant-type-index-with-created-at.ts +36 -0
  10. package/alterations-js/1.41.0-1779864280-add-password-expiration-policy.js +19 -0
  11. package/alterations-js/1.41.0-1779864281-add-is-password-expired-to-users.js +14 -0
  12. package/alterations-js/1.41.0-1780358400-drop-oidc-model-instances-legacy-grant-id-index.js +21 -0
  13. package/alterations-js/1.41.0-1780381219-add-username-policy.js +37 -0
  14. package/alterations-js/1.41.0-1780643665-set-sign-up-profile-fields-default.js +16 -0
  15. package/alterations-js/1.41.0-1780906060-add-verification-code-policy.js +15 -0
  16. package/alterations-js/1.41.0-1781689400-add-sentinel-activities-created-at-index.js +21 -0
  17. package/alterations-js/1.41.0-1782354362-set-admin-account-center-profile-fields.js +23 -0
  18. package/alterations-js/1.41.0-1782375106-cover-service-logs-tenant-type-index-with-created-at.js +32 -0
  19. package/lib/consts/experience.d.ts +2 -0
  20. package/lib/consts/experience.js +2 -0
  21. package/lib/consts/index.d.ts +2 -0
  22. package/lib/consts/index.js +2 -0
  23. package/lib/consts/message-rate-limit.d.ts +65 -0
  24. package/lib/consts/message-rate-limit.js +29 -0
  25. package/lib/consts/message-rate-limit.test.d.ts +1 -0
  26. package/lib/consts/message-rate-limit.test.js +20 -0
  27. package/lib/consts/verification-code.d.ts +10 -0
  28. package/lib/consts/verification-code.js +10 -0
  29. package/lib/db-entries/sign-in-experience.d.ts +10 -4
  30. package/lib/db-entries/sign-in-experience.js +13 -1
  31. package/lib/db-entries/user.d.ts +5 -1
  32. package/lib/db-entries/user.js +8 -0
  33. package/lib/foundations/jsonb-types/account-centers.d.ts +3 -0
  34. package/lib/foundations/jsonb-types/account-centers.js +1 -0
  35. package/lib/foundations/jsonb-types/hooks.d.ts +4 -4
  36. package/lib/foundations/jsonb-types/hooks.js +1 -0
  37. package/lib/foundations/jsonb-types/sentinel.d.ts +16 -1
  38. package/lib/foundations/jsonb-types/sentinel.js +15 -0
  39. package/lib/foundations/jsonb-types/sign-in-experience.d.ts +74 -2
  40. package/lib/foundations/jsonb-types/sign-in-experience.js +19 -0
  41. package/lib/foundations/jsonb-types/sign-in-experience.test.js +49 -1
  42. package/lib/foundations/jsonb-types/users.d.ts +9 -0
  43. package/lib/foundations/jsonb-types/users.js +1 -0
  44. package/lib/seeds/account-center.js +1 -0
  45. package/lib/seeds/sign-in-experience.js +1 -0
  46. package/lib/seeds/sign-in-experience.test.js +5 -1
  47. package/lib/types/consent.d.ts +8 -0
  48. package/lib/types/custom-profile-fields.d.ts +4 -0
  49. package/lib/types/hook.d.ts +2 -2
  50. package/lib/types/interactions.js +3 -1
  51. package/lib/types/logto-config/index.d.ts +69 -4
  52. package/lib/types/logto-config/index.js +12 -0
  53. package/lib/types/logto-config/index.test.js +25 -1
  54. package/lib/types/logto-config/inline-hook.d.ts +76 -0
  55. package/lib/types/logto-config/inline-hook.js +25 -0
  56. package/lib/types/logto-config/jwt-customizer.d.ts +133 -1
  57. package/lib/types/logto-config/jwt-customizer.js +14 -0
  58. package/lib/types/saml-application.d.ts +3 -0
  59. package/lib/types/saml-application.js +3 -0
  60. package/lib/types/sign-in-experience.d.ts +9 -0
  61. package/lib/types/ssr.d.ts +11 -0
  62. package/lib/types/user-assets.d.ts +10 -0
  63. package/lib/types/user-assets.js +17 -0
  64. package/lib/types/user-sessions.d.ts +231 -5
  65. package/lib/types/user-sessions.js +5 -0
  66. package/lib/types/user.d.ts +15 -0
  67. package/lib/types/user.js +1 -0
  68. package/package.json +8 -8
  69. package/tables/oidc_model_instances.sql +0 -8
  70. package/tables/sentinel_activities.sql +4 -0
  71. package/tables/service_logs.sql +2 -2
  72. package/tables/sign_in_experiences.sql +15 -2
  73. package/tables/users.sql +7 -0
@@ -2471,6 +2471,7 @@ export declare const signInIdentifierKeyGuard: z.ZodObject<Pick<{
2471
2471
  id: string;
2472
2472
  key: string;
2473
2473
  createdAt: string;
2474
+ lastUsedTimeStep?: number | undefined;
2474
2475
  lastUsedAt?: string | undefined;
2475
2476
  } | {
2476
2477
  type: import("../foundations/index.js").MfaFactor.WebAuthn;
@@ -2498,6 +2499,7 @@ export declare const signInIdentifierKeyGuard: z.ZodObject<Pick<{
2498
2499
  id: string;
2499
2500
  key: string;
2500
2501
  createdAt: string;
2502
+ lastUsedTimeStep?: number | undefined;
2501
2503
  lastUsedAt?: string | undefined;
2502
2504
  } | {
2503
2505
  type: import("../foundations/index.js").MfaFactor.WebAuthn;
@@ -2522,7 +2524,9 @@ export declare const signInIdentifierKeyGuard: z.ZodObject<Pick<{
2522
2524
  lastUsedAt?: string | undefined;
2523
2525
  })[]>>;
2524
2526
  isSuspended: z.ZodOptional<z.ZodType<boolean, z.ZodTypeDef, boolean>>;
2527
+ isPasswordExpired: z.ZodOptional<z.ZodType<boolean, z.ZodTypeDef, boolean>>;
2525
2528
  lastSignInAt: z.ZodOptional<z.ZodType<number | null, z.ZodTypeDef, number | null>>;
2529
+ passwordUpdatedAt: z.ZodOptional<z.ZodType<number | null, z.ZodTypeDef, number | null>>;
2526
2530
  createdAt: z.ZodOptional<z.ZodType<number, z.ZodTypeDef, number>>;
2527
2531
  updatedAt: z.ZodOptional<z.ZodType<number, z.ZodTypeDef, number>>;
2528
2532
  }, "username" | "primaryEmail" | "primaryPhone"> & {
@@ -18,8 +18,8 @@ export declare const hookResponseGuard: z.ZodObject<{
18
18
  tenantId: z.ZodType<string, z.ZodTypeDef, string>;
19
19
  id: z.ZodType<string, z.ZodTypeDef, string>;
20
20
  name: z.ZodType<string, z.ZodTypeDef, string>;
21
- event: z.ZodType<"User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | "Identifier.Lockout" | null, z.ZodTypeDef, "User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | "Identifier.Lockout" | null>;
22
- events: z.ZodType<("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | "Identifier.Lockout")[], z.ZodTypeDef, ("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | InteractionHookEvent | "Identifier.Lockout")[]>;
21
+ event: z.ZodType<"User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | "Identifier.Lockout" | "Message.RateLimited" | InteractionHookEvent | null, z.ZodTypeDef, "User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | "Identifier.Lockout" | "Message.RateLimited" | InteractionHookEvent | null>;
22
+ events: z.ZodType<("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | "Identifier.Lockout" | "Message.RateLimited" | InteractionHookEvent)[], z.ZodTypeDef, ("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | "Identifier.Lockout" | "Message.RateLimited" | InteractionHookEvent)[]>;
23
23
  config: z.ZodType<{
24
24
  url: string;
25
25
  headers?: Record<string, string> | undefined;
@@ -24,7 +24,9 @@ export const interactionIdentifierGuard = z.object({
24
24
  export const verificationCodeIdentifierGuard = z.discriminatedUnion('type', [
25
25
  z.object({
26
26
  type: z.literal(SignInIdentifier.Email),
27
- value: z.string().regex(emailRegEx),
27
+ // `.max(256)` caps the input length as defense-in-depth for downstream email processing
28
+ // (a valid address is at most 254 chars per RFC 5321).
29
+ value: z.string().max(256).regex(emailRegEx),
28
30
  }),
29
31
  z.object({
30
32
  type: z.literal(SignInIdentifier.Phone),
@@ -2,9 +2,12 @@ import { extendedIdTokenClaims } from '@logto/core-kit';
2
2
  import { type Nullable, type Optional } from '@silverhand/essentials';
3
3
  import type { ZodType } from 'zod';
4
4
  import { z } from 'zod';
5
+ import { type MessageRateLimitOverride } from '../../consts/message-rate-limit.js';
6
+ import { type InlineHook, LogtoInlineHookKey } from './inline-hook.js';
5
7
  import { type AccessTokenJwtCustomizer, type ClientCredentialsJwtCustomizer } from './jwt-customizer.js';
6
8
  export * from './oidc-provider.js';
7
9
  export * from './jwt-customizer.js';
10
+ export * from './inline-hook.js';
8
11
  /**
9
12
  * Logto OIDC signing key types, used mainly in REST API routes.
10
13
  */
@@ -91,6 +94,13 @@ export type JwtCustomizerType = {
91
94
  export declare const jwtCustomizerConfigGuard: Readonly<{
92
95
  [key in LogtoJwtTokenKey]: ZodType<JwtCustomizerType[key]>;
93
96
  }>;
97
+ export type InlineHookType = {
98
+ [LogtoInlineHookKey.PostFirstFactorVerification]: InlineHook;
99
+ [LogtoInlineHookKey.PostSignIn]: InlineHook;
100
+ };
101
+ export declare const inlineHookConfigGuard: Readonly<{
102
+ [key in LogtoInlineHookKey]: ZodType<InlineHookType[key]>;
103
+ }>;
94
104
  export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [z.ZodObject<{
95
105
  key: z.ZodLiteral<LogtoJwtTokenKey.AccessToken>;
96
106
  value: z.ZodObject<{
@@ -1431,6 +1441,22 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1431
1441
  isThirdParty?: boolean | undefined;
1432
1442
  appLevelAccessControlEnabled?: boolean | undefined;
1433
1443
  }>>;
1444
+ organization: z.ZodOptional<z.ZodObject<{
1445
+ name: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
1446
+ id: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
1447
+ customData: z.ZodOptional<ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>>;
1448
+ description: z.ZodOptional<ZodType<string | null, z.ZodTypeDef, string | null>>;
1449
+ }, "strip", z.ZodTypeAny, {
1450
+ name?: string | undefined;
1451
+ id?: string | undefined;
1452
+ customData?: import("@withtyped/server").JsonObject | undefined;
1453
+ description?: string | null | undefined;
1454
+ }, {
1455
+ name?: string | undefined;
1456
+ id?: string | undefined;
1457
+ customData?: import("@withtyped/server").JsonObject | undefined;
1458
+ description?: string | null | undefined;
1459
+ }>>;
1434
1460
  }, "strip", z.ZodTypeAny, {
1435
1461
  user: {
1436
1462
  name?: string | null | undefined;
@@ -1554,6 +1580,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1554
1580
  isThirdParty?: boolean | undefined;
1555
1581
  appLevelAccessControlEnabled?: boolean | undefined;
1556
1582
  } | undefined;
1583
+ organization?: {
1584
+ name?: string | undefined;
1585
+ id?: string | undefined;
1586
+ customData?: import("@withtyped/server").JsonObject | undefined;
1587
+ description?: string | null | undefined;
1588
+ } | undefined;
1557
1589
  grant?: {
1558
1590
  type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
1559
1591
  subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
@@ -1796,6 +1828,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
1796
1828
  isThirdParty?: boolean | undefined;
1797
1829
  appLevelAccessControlEnabled?: boolean | undefined;
1798
1830
  } | undefined;
1831
+ organization?: {
1832
+ name?: string | undefined;
1833
+ id?: string | undefined;
1834
+ customData?: import("@withtyped/server").JsonObject | undefined;
1835
+ description?: string | null | undefined;
1836
+ } | undefined;
1799
1837
  grant?: {
1800
1838
  type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
1801
1839
  subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
@@ -2042,6 +2080,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2042
2080
  isThirdParty?: boolean | undefined;
2043
2081
  appLevelAccessControlEnabled?: boolean | undefined;
2044
2082
  } | undefined;
2083
+ organization?: {
2084
+ name?: string | undefined;
2085
+ id?: string | undefined;
2086
+ customData?: import("@withtyped/server").JsonObject | undefined;
2087
+ description?: string | null | undefined;
2088
+ } | undefined;
2045
2089
  grant?: {
2046
2090
  type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
2047
2091
  subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
@@ -2302,6 +2346,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2302
2346
  isThirdParty?: boolean | undefined;
2303
2347
  appLevelAccessControlEnabled?: boolean | undefined;
2304
2348
  } | undefined;
2349
+ organization?: {
2350
+ name?: string | undefined;
2351
+ id?: string | undefined;
2352
+ customData?: import("@withtyped/server").JsonObject | undefined;
2353
+ description?: string | null | undefined;
2354
+ } | undefined;
2305
2355
  grant?: {
2306
2356
  type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
2307
2357
  subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
@@ -2564,6 +2614,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2564
2614
  isThirdParty?: boolean | undefined;
2565
2615
  appLevelAccessControlEnabled?: boolean | undefined;
2566
2616
  } | undefined;
2617
+ organization?: {
2618
+ name?: string | undefined;
2619
+ id?: string | undefined;
2620
+ customData?: import("@withtyped/server").JsonObject | undefined;
2621
+ description?: string | null | undefined;
2622
+ } | undefined;
2567
2623
  grant?: {
2568
2624
  type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
2569
2625
  subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
@@ -2827,6 +2883,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
2827
2883
  isThirdParty?: boolean | undefined;
2828
2884
  appLevelAccessControlEnabled?: boolean | undefined;
2829
2885
  } | undefined;
2886
+ organization?: {
2887
+ name?: string | undefined;
2888
+ id?: string | undefined;
2889
+ customData?: import("@withtyped/server").JsonObject | undefined;
2890
+ description?: string | null | undefined;
2891
+ } | undefined;
2830
2892
  grant?: {
2831
2893
  type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
2832
2894
  subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
@@ -3687,7 +3749,9 @@ export declare enum LogtoTenantConfigKey {
3687
3749
  /** ID token configuration for extended claims. */
3688
3750
  IdToken = "idToken",
3689
3751
  /** Tenant-scoped rotation state for staged private signing key activation. */
3690
- SigningKeyRotationState = "signingKeyRotationState"
3752
+ SigningKeyRotationState = "signingKeyRotationState",
3753
+ /** Internal, ops-only override of the system message send-rate-limit policy. Not exposed by any API. */
3754
+ MessageRateLimitOverride = "messageRateLimitOverride"
3691
3755
  }
3692
3756
  export type LogtoTenantConfigType = {
3693
3757
  [LogtoTenantConfigKey.AdminConsole]: AdminConsoleData;
@@ -3697,13 +3761,14 @@ export type LogtoTenantConfigType = {
3697
3761
  };
3698
3762
  [LogtoTenantConfigKey.IdToken]: IdTokenConfig;
3699
3763
  [LogtoTenantConfigKey.SigningKeyRotationState]: SigningKeyRotationState;
3764
+ [LogtoTenantConfigKey.MessageRateLimitOverride]: MessageRateLimitOverride;
3700
3765
  };
3701
3766
  export declare const logtoTenantConfigGuard: Readonly<{
3702
3767
  [key in LogtoTenantConfigKey]: ZodType<LogtoTenantConfigType[key]>;
3703
3768
  }>;
3704
- export type LogtoConfigKey = LogtoOidcConfigKey | LogtoJwtTokenKey | LogtoTenantConfigKey;
3705
- export type LogtoConfigType = LogtoOidcConfigType | JwtCustomizerType | LogtoTenantConfigType;
3706
- export type LogtoConfigGuard = typeof logtoOidcConfigGuard & typeof jwtCustomizerConfigGuard & typeof logtoTenantConfigGuard;
3769
+ export type LogtoConfigKey = LogtoOidcConfigKey | LogtoJwtTokenKey | LogtoInlineHookKey | LogtoTenantConfigKey;
3770
+ export type LogtoConfigType = LogtoOidcConfigType | JwtCustomizerType | InlineHookType | LogtoTenantConfigType;
3771
+ export type LogtoConfigGuard = typeof logtoOidcConfigGuard & typeof jwtCustomizerConfigGuard & typeof inlineHookConfigGuard & typeof logtoTenantConfigGuard;
3707
3772
  export declare const logtoConfigKeys: readonly LogtoConfigKey[];
3708
3773
  export declare const logtoConfigGuards: LogtoConfigGuard;
3709
3774
  export declare const oidcConfigKeysResponseGuard: z.ZodObject<Omit<{
@@ -1,8 +1,11 @@
1
1
  import { extendedIdTokenClaims } from '@logto/core-kit';
2
2
  import { z } from 'zod';
3
+ import { messageRateLimitOverrideGuard, } from '../../consts/message-rate-limit.js';
4
+ import { LogtoInlineHookKey, inlineHookGuard } from './inline-hook.js';
3
5
  import { accessTokenJwtCustomizerGuard, clientCredentialsJwtCustomizerGuard, } from './jwt-customizer.js';
4
6
  export * from './oidc-provider.js';
5
7
  export * from './jwt-customizer.js';
8
+ export * from './inline-hook.js';
6
9
  /**
7
10
  * Logto OIDC signing key types, used mainly in REST API routes.
8
11
  */
@@ -60,6 +63,10 @@ export const jwtCustomizerConfigGuard = Object.freeze({
60
63
  [LogtoJwtTokenKey.AccessToken]: accessTokenJwtCustomizerGuard,
61
64
  [LogtoJwtTokenKey.ClientCredentials]: clientCredentialsJwtCustomizerGuard,
62
65
  });
66
+ export const inlineHookConfigGuard = Object.freeze({
67
+ [LogtoInlineHookKey.PostFirstFactorVerification]: inlineHookGuard,
68
+ [LogtoInlineHookKey.PostSignIn]: inlineHookGuard,
69
+ });
63
70
  export const jwtCustomizerConfigsGuard = z.discriminatedUnion('key', [
64
71
  z.object({
65
72
  key: z.literal(LogtoJwtTokenKey.AccessToken),
@@ -119,6 +126,8 @@ export var LogtoTenantConfigKey;
119
126
  LogtoTenantConfigKey["IdToken"] = "idToken";
120
127
  /** Tenant-scoped rotation state for staged private signing key activation. */
121
128
  LogtoTenantConfigKey["SigningKeyRotationState"] = "signingKeyRotationState";
129
+ /** Internal, ops-only override of the system message send-rate-limit policy. Not exposed by any API. */
130
+ LogtoTenantConfigKey["MessageRateLimitOverride"] = "messageRateLimitOverride";
122
131
  })(LogtoTenantConfigKey || (LogtoTenantConfigKey = {}));
123
132
  export const logtoTenantConfigGuard = Object.freeze({
124
133
  [LogtoTenantConfigKey.AdminConsole]: adminConsoleDataGuard,
@@ -126,15 +135,18 @@ export const logtoTenantConfigGuard = Object.freeze({
126
135
  [LogtoTenantConfigKey.SessionNotFoundRedirectUrl]: z.object({ url: z.string() }),
127
136
  [LogtoTenantConfigKey.IdToken]: idTokenConfigGuard,
128
137
  [LogtoTenantConfigKey.SigningKeyRotationState]: signingKeyRotationStateGuard,
138
+ [LogtoTenantConfigKey.MessageRateLimitOverride]: messageRateLimitOverrideGuard,
129
139
  });
130
140
  export const logtoConfigKeys = Object.freeze([
131
141
  ...Object.values(LogtoOidcConfigKey),
132
142
  ...Object.values(LogtoJwtTokenKey),
143
+ ...Object.values(LogtoInlineHookKey),
133
144
  ...Object.values(LogtoTenantConfigKey),
134
145
  ]);
135
146
  export const logtoConfigGuards = Object.freeze({
136
147
  ...logtoOidcConfigGuard,
137
148
  ...jwtCustomizerConfigGuard,
149
+ ...inlineHookConfigGuard,
138
150
  ...logtoTenantConfigGuard,
139
151
  });
140
152
  export const oidcConfigKeysResponseGuard = oidcConfigKeyGuard.omit({ value: true }).merge(z.object({
@@ -1,5 +1,5 @@
1
1
  import { describe, expect, it } from 'vitest';
2
- import { LogtoOidcConfigKey, LogtoTenantConfigKey, OidcSigningKeyStatus, logtoOidcConfigGuard, logtoTenantConfigGuard, oidcConfigKeysResponseGuard, } from './index.js';
2
+ import { LogtoInlineHookKey, LogtoOidcConfigKey, LogtoTenantConfigKey, OidcSigningKeyStatus, inlineHookConfigGuard, logtoOidcConfigGuard, logtoConfigGuards, logtoConfigKeys, logtoTenantConfigGuard, oidcConfigKeysResponseGuard, } from './index.js';
3
3
  describe('logto config guards', () => {
4
4
  it('accepts legacy private keys without status', () => {
5
5
  const privateKeys = [
@@ -26,4 +26,28 @@ describe('logto config guards', () => {
26
26
  });
27
27
  expect(result.success).toBe(true);
28
28
  });
29
+ it('accepts inline hook configs', () => {
30
+ const result = inlineHookConfigGuard[LogtoInlineHookKey.PostFirstFactorVerification].safeParse({
31
+ script: 'export default async () => ({ action: "createUser" });',
32
+ environmentVariables: {
33
+ endpoint: 'https://example.com',
34
+ },
35
+ contextSample: ['json', { value: true }],
36
+ enabled: true,
37
+ onExecutionError: 'block',
38
+ });
39
+ expect(result.success).toBe(true);
40
+ });
41
+ it('rejects invalid inline hook execution error policy', () => {
42
+ const result = inlineHookConfigGuard[LogtoInlineHookKey.PostSignIn].safeParse({
43
+ script: 'export default async () => ({ action: "updateUser" });',
44
+ onExecutionError: 'ignore',
45
+ });
46
+ expect(result.success).toBe(false);
47
+ });
48
+ it('includes inline hook keys in the logto config summary guards', () => {
49
+ expect(logtoConfigKeys).toContain(LogtoInlineHookKey.PostFirstFactorVerification);
50
+ expect(logtoConfigKeys).toContain(LogtoInlineHookKey.PostSignIn);
51
+ expect(logtoConfigGuards[LogtoInlineHookKey.PostSignIn]).toBe(inlineHookConfigGuard[LogtoInlineHookKey.PostSignIn]);
52
+ });
29
53
  });
@@ -0,0 +1,76 @@
1
+ import { z } from 'zod';
2
+ import type { Json } from '../../foundations/index.js';
3
+ import type { InteractionEvent, InteractionIdentifier } from '../interactions.js';
4
+ import type { UserInfo } from '../user.js';
5
+ export declare enum LogtoInlineHookKey {
6
+ PostFirstFactorVerification = "inlineHook.postFirstFactorVerification",
7
+ PostSignIn = "inlineHook.postSignIn"
8
+ }
9
+ export declare const inlineHookExecutionErrorPolicies: readonly ["block", "allow"];
10
+ export type InlineHookExecutionErrorPolicy = (typeof inlineHookExecutionErrorPolicies)[number];
11
+ export type InlineHook = {
12
+ script: string;
13
+ environmentVariables?: Record<string, string>;
14
+ contextSample?: Json;
15
+ enabled?: boolean;
16
+ onExecutionError?: InlineHookExecutionErrorPolicy;
17
+ };
18
+ export declare const inlineHookGuard: z.ZodObject<{
19
+ script: z.ZodString;
20
+ environmentVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
21
+ contextSample: z.ZodOptional<z.ZodType<Json, z.ZodTypeDef, Json>>;
22
+ enabled: z.ZodOptional<z.ZodBoolean>;
23
+ onExecutionError: z.ZodOptional<z.ZodEnum<["block", "allow"]>>;
24
+ }, "strict", z.ZodTypeAny, {
25
+ script: string;
26
+ enabled?: boolean | undefined;
27
+ environmentVariables?: Record<string, string> | undefined;
28
+ contextSample?: Json | undefined;
29
+ onExecutionError?: "block" | "allow" | undefined;
30
+ }, {
31
+ script: string;
32
+ enabled?: boolean | undefined;
33
+ environmentVariables?: Record<string, string> | undefined;
34
+ contextSample?: Json | undefined;
35
+ onExecutionError?: "block" | "allow" | undefined;
36
+ }>;
37
+ export declare const inlineHookTestRequestBodyGuard: z.ZodObject<{
38
+ script: z.ZodString;
39
+ hookType: z.ZodNativeEnum<typeof LogtoInlineHookKey>;
40
+ event: z.ZodType<Json, z.ZodTypeDef, Json>;
41
+ environmentVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
42
+ }, "strict", z.ZodTypeAny, {
43
+ event: Json;
44
+ script: string;
45
+ hookType: LogtoInlineHookKey;
46
+ environmentVariables?: Record<string, string> | undefined;
47
+ }, {
48
+ event: Json;
49
+ script: string;
50
+ hookType: LogtoInlineHookKey;
51
+ environmentVariables?: Record<string, string> | undefined;
52
+ }>;
53
+ export type InlineHookTestRequestBody = z.infer<typeof inlineHookTestRequestBodyGuard>;
54
+ export type HookUser = Pick<UserInfo, 'id' | 'username' | 'primaryEmail' | 'primaryPhone' | 'name' | 'avatar' | 'customData' | 'profile' | 'applicationId' | 'isSuspended'>;
55
+ export type HookUserPatch = Partial<Omit<HookUser, 'id'>>;
56
+ export type PostFirstFactorVerificationEvent = {
57
+ key: LogtoInlineHookKey.PostFirstFactorVerification;
58
+ interactionEvent: InteractionEvent.SignIn;
59
+ identifier: InteractionIdentifier;
60
+ /** Sensitive credential provided for inline hook controlled password verification. */
61
+ password: string;
62
+ };
63
+ export type PostSignInEvent = {
64
+ key: LogtoInlineHookKey.PostSignIn;
65
+ interactionEvent: InteractionEvent.SignIn;
66
+ user: HookUser;
67
+ };
68
+ export type PostFirstFactorVerificationResult = {
69
+ action: 'createUser' | 'updateUser';
70
+ user: HookUserPatch;
71
+ passwordVerified: true;
72
+ };
73
+ export type PostSignInResult = {
74
+ action: 'updateUser';
75
+ user?: HookUserPatch;
76
+ };
@@ -0,0 +1,25 @@
1
+ import { jsonGuard } from '@logto/connector-kit';
2
+ import { z } from 'zod';
3
+ export var LogtoInlineHookKey;
4
+ (function (LogtoInlineHookKey) {
5
+ LogtoInlineHookKey["PostFirstFactorVerification"] = "inlineHook.postFirstFactorVerification";
6
+ LogtoInlineHookKey["PostSignIn"] = "inlineHook.postSignIn";
7
+ })(LogtoInlineHookKey || (LogtoInlineHookKey = {}));
8
+ export const inlineHookExecutionErrorPolicies = Object.freeze(['block', 'allow']);
9
+ export const inlineHookGuard = z
10
+ .object({
11
+ script: z.string(),
12
+ environmentVariables: z.record(z.string()).optional(),
13
+ contextSample: jsonGuard.optional(),
14
+ enabled: z.boolean().optional(),
15
+ onExecutionError: z.enum(inlineHookExecutionErrorPolicies).optional(),
16
+ })
17
+ .strict();
18
+ export const inlineHookTestRequestBodyGuard = z
19
+ .object({
20
+ script: z.string(),
21
+ hookType: z.nativeEnum(LogtoInlineHookKey),
22
+ event: jsonGuard,
23
+ environmentVariables: z.record(z.string()).optional(),
24
+ })
25
+ .strict();
@@ -106,6 +106,7 @@ export declare const jwtCustomizerUserContextGuard: z.ZodObject<Pick<{
106
106
  id: string;
107
107
  key: string;
108
108
  createdAt: string;
109
+ lastUsedTimeStep?: number | undefined;
109
110
  lastUsedAt?: string | undefined;
110
111
  } | {
111
112
  type: import("../../foundations/index.js").MfaFactor.WebAuthn;
@@ -133,6 +134,7 @@ export declare const jwtCustomizerUserContextGuard: z.ZodObject<Pick<{
133
134
  id: string;
134
135
  key: string;
135
136
  createdAt: string;
137
+ lastUsedTimeStep?: number | undefined;
136
138
  lastUsedAt?: string | undefined;
137
139
  } | {
138
140
  type: import("../../foundations/index.js").MfaFactor.WebAuthn;
@@ -157,7 +159,9 @@ export declare const jwtCustomizerUserContextGuard: z.ZodObject<Pick<{
157
159
  lastUsedAt?: string | undefined;
158
160
  })[]>;
159
161
  isSuspended: ZodType<boolean, z.ZodTypeDef, boolean>;
162
+ isPasswordExpired: ZodType<boolean, z.ZodTypeDef, boolean>;
160
163
  lastSignInAt: ZodType<number | null, z.ZodTypeDef, number | null>;
164
+ passwordUpdatedAt: ZodType<number | null, z.ZodTypeDef, number | null>;
161
165
  createdAt: ZodType<number, z.ZodTypeDef, number>;
162
166
  updatedAt: ZodType<number, z.ZodTypeDef, number>;
163
167
  }, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "identities" | "updatedAt" | "lastSignInAt" | "primaryEmail" | "primaryPhone" | "isSuspended"> & {
@@ -1273,6 +1277,54 @@ export declare const jwtCustomizerApplicationContextGuard: z.ZodObject<Omit<{
1273
1277
  isThirdParty: boolean;
1274
1278
  appLevelAccessControlEnabled: boolean;
1275
1279
  }>;
1280
+ /**
1281
+ * The target organization context for organization (API resource) access tokens.
1282
+ *
1283
+ * Only populated when the token is being issued for a specific organization (i.e. the
1284
+ * `organization_id` request parameter is present), letting the customizer attach per-org
1285
+ * claims without embedding every organization the user belongs to.
1286
+ */
1287
+ export declare const jwtCustomizerOrganizationContextGuard: z.ZodObject<Pick<{
1288
+ tenantId: ZodType<string, z.ZodTypeDef, string>;
1289
+ id: ZodType<string, z.ZodTypeDef, string>;
1290
+ name: ZodType<string, z.ZodTypeDef, string>;
1291
+ description: ZodType<string | null, z.ZodTypeDef, string | null>;
1292
+ customData: ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
1293
+ isMfaRequired: ZodType<boolean, z.ZodTypeDef, boolean>;
1294
+ color: ZodType<Partial<{
1295
+ primaryColor: string;
1296
+ isDarkModeEnabled: boolean;
1297
+ darkPrimaryColor: string;
1298
+ }>, z.ZodTypeDef, Partial<{
1299
+ primaryColor: string;
1300
+ isDarkModeEnabled: boolean;
1301
+ darkPrimaryColor: string;
1302
+ }>>;
1303
+ branding: ZodType<{
1304
+ logoUrl?: string | undefined;
1305
+ darkLogoUrl?: string | undefined;
1306
+ favicon?: string | undefined;
1307
+ darkFavicon?: string | undefined;
1308
+ }, z.ZodTypeDef, {
1309
+ logoUrl?: string | undefined;
1310
+ darkLogoUrl?: string | undefined;
1311
+ favicon?: string | undefined;
1312
+ darkFavicon?: string | undefined;
1313
+ }>;
1314
+ customCss: ZodType<string | null, z.ZodTypeDef, string | null>;
1315
+ createdAt: ZodType<number, z.ZodTypeDef, number>;
1316
+ }, "name" | "id" | "customData" | "description">, "strip", z.ZodTypeAny, {
1317
+ name: string;
1318
+ id: string;
1319
+ customData: import("@withtyped/server/lib/types.js").JsonObject;
1320
+ description: string | null;
1321
+ }, {
1322
+ name: string;
1323
+ id: string;
1324
+ customData: import("@withtyped/server/lib/types.js").JsonObject;
1325
+ description: string | null;
1326
+ }>;
1327
+ export type JwtCustomizerOrganizationContext = z.infer<typeof jwtCustomizerOrganizationContextGuard>;
1276
1328
  export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
1277
1329
  script: z.ZodString;
1278
1330
  environmentVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
@@ -2611,6 +2663,22 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
2611
2663
  isThirdParty?: boolean | undefined;
2612
2664
  appLevelAccessControlEnabled?: boolean | undefined;
2613
2665
  }>>;
2666
+ organization: z.ZodOptional<z.ZodObject<{
2667
+ name: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
2668
+ id: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
2669
+ customData: z.ZodOptional<ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>;
2670
+ description: z.ZodOptional<ZodType<string | null, z.ZodTypeDef, string | null>>;
2671
+ }, "strip", z.ZodTypeAny, {
2672
+ name?: string | undefined;
2673
+ id?: string | undefined;
2674
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
2675
+ description?: string | null | undefined;
2676
+ }, {
2677
+ name?: string | undefined;
2678
+ id?: string | undefined;
2679
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
2680
+ description?: string | null | undefined;
2681
+ }>>;
2614
2682
  }, "strip", z.ZodTypeAny, {
2615
2683
  user: {
2616
2684
  name?: string | null | undefined;
@@ -2734,6 +2802,12 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
2734
2802
  isThirdParty?: boolean | undefined;
2735
2803
  appLevelAccessControlEnabled?: boolean | undefined;
2736
2804
  } | undefined;
2805
+ organization?: {
2806
+ name?: string | undefined;
2807
+ id?: string | undefined;
2808
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
2809
+ description?: string | null | undefined;
2810
+ } | undefined;
2737
2811
  grant?: {
2738
2812
  type?: GrantType.TokenExchange | undefined;
2739
2813
  subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -2976,6 +3050,12 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
2976
3050
  isThirdParty?: boolean | undefined;
2977
3051
  appLevelAccessControlEnabled?: boolean | undefined;
2978
3052
  } | undefined;
3053
+ organization?: {
3054
+ name?: string | undefined;
3055
+ id?: string | undefined;
3056
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
3057
+ description?: string | null | undefined;
3058
+ } | undefined;
2979
3059
  grant?: {
2980
3060
  type?: GrantType.TokenExchange | undefined;
2981
3061
  subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -3222,6 +3302,12 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
3222
3302
  isThirdParty?: boolean | undefined;
3223
3303
  appLevelAccessControlEnabled?: boolean | undefined;
3224
3304
  } | undefined;
3305
+ organization?: {
3306
+ name?: string | undefined;
3307
+ id?: string | undefined;
3308
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
3309
+ description?: string | null | undefined;
3310
+ } | undefined;
3225
3311
  grant?: {
3226
3312
  type?: GrantType.TokenExchange | undefined;
3227
3313
  subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -3482,6 +3568,12 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
3482
3568
  isThirdParty?: boolean | undefined;
3483
3569
  appLevelAccessControlEnabled?: boolean | undefined;
3484
3570
  } | undefined;
3571
+ organization?: {
3572
+ name?: string | undefined;
3573
+ id?: string | undefined;
3574
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
3575
+ description?: string | null | undefined;
3576
+ } | undefined;
3485
3577
  grant?: {
3486
3578
  type?: GrantType.TokenExchange | undefined;
3487
3579
  subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -5431,6 +5523,22 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
5431
5523
  isThirdParty?: boolean | undefined;
5432
5524
  appLevelAccessControlEnabled?: boolean | undefined;
5433
5525
  }>>;
5526
+ organization: z.ZodOptional<z.ZodObject<{
5527
+ name: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
5528
+ id: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
5529
+ customData: z.ZodOptional<ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>;
5530
+ description: z.ZodOptional<ZodType<string | null, z.ZodTypeDef, string | null>>;
5531
+ }, "strip", z.ZodTypeAny, {
5532
+ name?: string | undefined;
5533
+ id?: string | undefined;
5534
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
5535
+ description?: string | null | undefined;
5536
+ }, {
5537
+ name?: string | undefined;
5538
+ id?: string | undefined;
5539
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
5540
+ description?: string | null | undefined;
5541
+ }>>;
5434
5542
  }, "strip", z.ZodTypeAny, {
5435
5543
  user: {
5436
5544
  name?: string | null | undefined;
@@ -5554,6 +5662,12 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
5554
5662
  isThirdParty?: boolean | undefined;
5555
5663
  appLevelAccessControlEnabled?: boolean | undefined;
5556
5664
  } | undefined;
5665
+ organization?: {
5666
+ name?: string | undefined;
5667
+ id?: string | undefined;
5668
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
5669
+ description?: string | null | undefined;
5670
+ } | undefined;
5557
5671
  grant?: {
5558
5672
  type?: GrantType.TokenExchange | undefined;
5559
5673
  subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -5796,6 +5910,12 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
5796
5910
  isThirdParty?: boolean | undefined;
5797
5911
  appLevelAccessControlEnabled?: boolean | undefined;
5798
5912
  } | undefined;
5913
+ organization?: {
5914
+ name?: string | undefined;
5915
+ id?: string | undefined;
5916
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
5917
+ description?: string | null | undefined;
5918
+ } | undefined;
5799
5919
  grant?: {
5800
5920
  type?: GrantType.TokenExchange | undefined;
5801
5921
  subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -6056,6 +6176,12 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
6056
6176
  isThirdParty?: boolean | undefined;
6057
6177
  appLevelAccessControlEnabled?: boolean | undefined;
6058
6178
  } | undefined;
6179
+ organization?: {
6180
+ name?: string | undefined;
6181
+ id?: string | undefined;
6182
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
6183
+ description?: string | null | undefined;
6184
+ } | undefined;
6059
6185
  grant?: {
6060
6186
  type?: GrantType.TokenExchange | undefined;
6061
6187
  subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -6316,6 +6442,12 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
6316
6442
  isThirdParty?: boolean | undefined;
6317
6443
  appLevelAccessControlEnabled?: boolean | undefined;
6318
6444
  } | undefined;
6445
+ organization?: {
6446
+ name?: string | undefined;
6447
+ id?: string | undefined;
6448
+ customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
6449
+ description?: string | null | undefined;
6450
+ } | undefined;
6319
6451
  grant?: {
6320
6452
  type?: GrantType.TokenExchange | undefined;
6321
6453
  subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
@@ -6977,7 +7109,7 @@ export declare const customJwtErrorBodyGuard: z.ZodObject<{
6977
7109
  export type CustomJwtErrorBody = z.infer<typeof customJwtErrorBodyGuard>;
6978
7110
  export type CustomJwtApiContext = {
6979
7111
  /**
6980
- * Reject the the current token request.
7112
+ * Reject the current token request.
6981
7113
  *
6982
7114
  * @remarks
6983
7115
  * By calling this function, the current token request will be rejected,