@logto/schemas 1.40.1 → 1.41.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/alterations/1.41.0-1779864280-add-password-expiration-policy.ts +23 -0
- package/alterations/1.41.0-1779864281-add-is-password-expired-to-users.ts +18 -0
- package/alterations/1.41.0-1780358400-drop-oidc-model-instances-legacy-grant-id-index.ts +25 -0
- package/alterations/1.41.0-1780381219-add-username-policy.ts +41 -0
- package/alterations/1.41.0-1780643665-set-sign-up-profile-fields-default.ts +20 -0
- package/alterations/1.41.0-1780906060-add-verification-code-policy.ts +19 -0
- package/alterations/1.41.0-1781689400-add-sentinel-activities-created-at-index.ts +25 -0
- package/alterations/1.41.0-1782354362-set-admin-account-center-profile-fields.ts +28 -0
- package/alterations/1.41.0-1782375106-cover-service-logs-tenant-type-index-with-created-at.ts +36 -0
- package/alterations-js/1.41.0-1779864280-add-password-expiration-policy.js +19 -0
- package/alterations-js/1.41.0-1779864281-add-is-password-expired-to-users.js +14 -0
- package/alterations-js/1.41.0-1780358400-drop-oidc-model-instances-legacy-grant-id-index.js +21 -0
- package/alterations-js/1.41.0-1780381219-add-username-policy.js +37 -0
- package/alterations-js/1.41.0-1780643665-set-sign-up-profile-fields-default.js +16 -0
- package/alterations-js/1.41.0-1780906060-add-verification-code-policy.js +15 -0
- package/alterations-js/1.41.0-1781689400-add-sentinel-activities-created-at-index.js +21 -0
- package/alterations-js/1.41.0-1782354362-set-admin-account-center-profile-fields.js +23 -0
- package/alterations-js/1.41.0-1782375106-cover-service-logs-tenant-type-index-with-created-at.js +32 -0
- package/lib/consts/experience.d.ts +2 -0
- package/lib/consts/experience.js +2 -0
- package/lib/consts/index.d.ts +2 -0
- package/lib/consts/index.js +2 -0
- package/lib/consts/message-rate-limit.d.ts +65 -0
- package/lib/consts/message-rate-limit.js +29 -0
- package/lib/consts/message-rate-limit.test.d.ts +1 -0
- package/lib/consts/message-rate-limit.test.js +20 -0
- package/lib/consts/verification-code.d.ts +10 -0
- package/lib/consts/verification-code.js +10 -0
- package/lib/db-entries/sign-in-experience.d.ts +10 -4
- package/lib/db-entries/sign-in-experience.js +13 -1
- package/lib/db-entries/user.d.ts +5 -1
- package/lib/db-entries/user.js +8 -0
- package/lib/foundations/jsonb-types/account-centers.d.ts +3 -0
- package/lib/foundations/jsonb-types/account-centers.js +1 -0
- package/lib/foundations/jsonb-types/hooks.d.ts +4 -4
- package/lib/foundations/jsonb-types/hooks.js +1 -0
- package/lib/foundations/jsonb-types/sentinel.d.ts +16 -1
- package/lib/foundations/jsonb-types/sentinel.js +15 -0
- package/lib/foundations/jsonb-types/sign-in-experience.d.ts +74 -2
- package/lib/foundations/jsonb-types/sign-in-experience.js +19 -0
- package/lib/foundations/jsonb-types/sign-in-experience.test.js +49 -1
- package/lib/foundations/jsonb-types/users.d.ts +9 -0
- package/lib/foundations/jsonb-types/users.js +1 -0
- package/lib/seeds/account-center.js +1 -0
- package/lib/seeds/sign-in-experience.js +1 -0
- package/lib/seeds/sign-in-experience.test.js +5 -1
- package/lib/types/consent.d.ts +8 -0
- package/lib/types/custom-profile-fields.d.ts +4 -0
- package/lib/types/hook.d.ts +2 -2
- package/lib/types/interactions.js +3 -1
- package/lib/types/logto-config/index.d.ts +69 -4
- package/lib/types/logto-config/index.js +12 -0
- package/lib/types/logto-config/index.test.js +25 -1
- package/lib/types/logto-config/inline-hook.d.ts +76 -0
- package/lib/types/logto-config/inline-hook.js +25 -0
- package/lib/types/logto-config/jwt-customizer.d.ts +133 -1
- package/lib/types/logto-config/jwt-customizer.js +14 -0
- package/lib/types/saml-application.d.ts +3 -0
- package/lib/types/saml-application.js +3 -0
- package/lib/types/sign-in-experience.d.ts +9 -0
- package/lib/types/ssr.d.ts +11 -0
- package/lib/types/user-assets.d.ts +10 -0
- package/lib/types/user-assets.js +17 -0
- package/lib/types/user-sessions.d.ts +231 -5
- package/lib/types/user-sessions.js +5 -0
- package/lib/types/user.d.ts +15 -0
- package/lib/types/user.js +1 -0
- package/package.json +8 -8
- package/tables/oidc_model_instances.sql +0 -8
- package/tables/sentinel_activities.sql +4 -0
- package/tables/service_logs.sql +2 -2
- package/tables/sign_in_experiences.sql +15 -2
- package/tables/users.sql +7 -0
|
@@ -2471,6 +2471,7 @@ export declare const signInIdentifierKeyGuard: z.ZodObject<Pick<{
|
|
|
2471
2471
|
id: string;
|
|
2472
2472
|
key: string;
|
|
2473
2473
|
createdAt: string;
|
|
2474
|
+
lastUsedTimeStep?: number | undefined;
|
|
2474
2475
|
lastUsedAt?: string | undefined;
|
|
2475
2476
|
} | {
|
|
2476
2477
|
type: import("../foundations/index.js").MfaFactor.WebAuthn;
|
|
@@ -2498,6 +2499,7 @@ export declare const signInIdentifierKeyGuard: z.ZodObject<Pick<{
|
|
|
2498
2499
|
id: string;
|
|
2499
2500
|
key: string;
|
|
2500
2501
|
createdAt: string;
|
|
2502
|
+
lastUsedTimeStep?: number | undefined;
|
|
2501
2503
|
lastUsedAt?: string | undefined;
|
|
2502
2504
|
} | {
|
|
2503
2505
|
type: import("../foundations/index.js").MfaFactor.WebAuthn;
|
|
@@ -2522,7 +2524,9 @@ export declare const signInIdentifierKeyGuard: z.ZodObject<Pick<{
|
|
|
2522
2524
|
lastUsedAt?: string | undefined;
|
|
2523
2525
|
})[]>>;
|
|
2524
2526
|
isSuspended: z.ZodOptional<z.ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
2527
|
+
isPasswordExpired: z.ZodOptional<z.ZodType<boolean, z.ZodTypeDef, boolean>>;
|
|
2525
2528
|
lastSignInAt: z.ZodOptional<z.ZodType<number | null, z.ZodTypeDef, number | null>>;
|
|
2529
|
+
passwordUpdatedAt: z.ZodOptional<z.ZodType<number | null, z.ZodTypeDef, number | null>>;
|
|
2526
2530
|
createdAt: z.ZodOptional<z.ZodType<number, z.ZodTypeDef, number>>;
|
|
2527
2531
|
updatedAt: z.ZodOptional<z.ZodType<number, z.ZodTypeDef, number>>;
|
|
2528
2532
|
}, "username" | "primaryEmail" | "primaryPhone"> & {
|
package/lib/types/hook.d.ts
CHANGED
|
@@ -18,8 +18,8 @@ export declare const hookResponseGuard: z.ZodObject<{
|
|
|
18
18
|
tenantId: z.ZodType<string, z.ZodTypeDef, string>;
|
|
19
19
|
id: z.ZodType<string, z.ZodTypeDef, string>;
|
|
20
20
|
name: z.ZodType<string, z.ZodTypeDef, string>;
|
|
21
|
-
event: z.ZodType<"User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" |
|
|
22
|
-
events: z.ZodType<("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" |
|
|
21
|
+
event: z.ZodType<"User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | "Identifier.Lockout" | "Message.RateLimited" | InteractionHookEvent | null, z.ZodTypeDef, "User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | "Identifier.Lockout" | "Message.RateLimited" | InteractionHookEvent | null>;
|
|
22
|
+
events: z.ZodType<("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | "Identifier.Lockout" | "Message.RateLimited" | InteractionHookEvent)[], z.ZodTypeDef, ("User.Created" | "User.Deleted" | "Role.Created" | "Role.Deleted" | "Scope.Created" | "Scope.Deleted" | "Organization.Created" | "Organization.Deleted" | "OrganizationRole.Created" | "OrganizationRole.Deleted" | "OrganizationScope.Created" | "OrganizationScope.Deleted" | "User.Data.Updated" | "Role.Data.Updated" | "Scope.Data.Updated" | "Organization.Data.Updated" | "OrganizationRole.Data.Updated" | "OrganizationScope.Data.Updated" | "User.SuspensionStatus.Updated" | "Role.Scopes.Updated" | "Organization.Membership.Updated" | "OrganizationRole.Scopes.Updated" | "Identifier.Lockout" | "Message.RateLimited" | InteractionHookEvent)[]>;
|
|
23
23
|
config: z.ZodType<{
|
|
24
24
|
url: string;
|
|
25
25
|
headers?: Record<string, string> | undefined;
|
|
@@ -24,7 +24,9 @@ export const interactionIdentifierGuard = z.object({
|
|
|
24
24
|
export const verificationCodeIdentifierGuard = z.discriminatedUnion('type', [
|
|
25
25
|
z.object({
|
|
26
26
|
type: z.literal(SignInIdentifier.Email),
|
|
27
|
-
|
|
27
|
+
// `.max(256)` caps the input length as defense-in-depth for downstream email processing
|
|
28
|
+
// (a valid address is at most 254 chars per RFC 5321).
|
|
29
|
+
value: z.string().max(256).regex(emailRegEx),
|
|
28
30
|
}),
|
|
29
31
|
z.object({
|
|
30
32
|
type: z.literal(SignInIdentifier.Phone),
|
|
@@ -2,9 +2,12 @@ import { extendedIdTokenClaims } from '@logto/core-kit';
|
|
|
2
2
|
import { type Nullable, type Optional } from '@silverhand/essentials';
|
|
3
3
|
import type { ZodType } from 'zod';
|
|
4
4
|
import { z } from 'zod';
|
|
5
|
+
import { type MessageRateLimitOverride } from '../../consts/message-rate-limit.js';
|
|
6
|
+
import { type InlineHook, LogtoInlineHookKey } from './inline-hook.js';
|
|
5
7
|
import { type AccessTokenJwtCustomizer, type ClientCredentialsJwtCustomizer } from './jwt-customizer.js';
|
|
6
8
|
export * from './oidc-provider.js';
|
|
7
9
|
export * from './jwt-customizer.js';
|
|
10
|
+
export * from './inline-hook.js';
|
|
8
11
|
/**
|
|
9
12
|
* Logto OIDC signing key types, used mainly in REST API routes.
|
|
10
13
|
*/
|
|
@@ -91,6 +94,13 @@ export type JwtCustomizerType = {
|
|
|
91
94
|
export declare const jwtCustomizerConfigGuard: Readonly<{
|
|
92
95
|
[key in LogtoJwtTokenKey]: ZodType<JwtCustomizerType[key]>;
|
|
93
96
|
}>;
|
|
97
|
+
export type InlineHookType = {
|
|
98
|
+
[LogtoInlineHookKey.PostFirstFactorVerification]: InlineHook;
|
|
99
|
+
[LogtoInlineHookKey.PostSignIn]: InlineHook;
|
|
100
|
+
};
|
|
101
|
+
export declare const inlineHookConfigGuard: Readonly<{
|
|
102
|
+
[key in LogtoInlineHookKey]: ZodType<InlineHookType[key]>;
|
|
103
|
+
}>;
|
|
94
104
|
export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [z.ZodObject<{
|
|
95
105
|
key: z.ZodLiteral<LogtoJwtTokenKey.AccessToken>;
|
|
96
106
|
value: z.ZodObject<{
|
|
@@ -1431,6 +1441,22 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1431
1441
|
isThirdParty?: boolean | undefined;
|
|
1432
1442
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1433
1443
|
}>>;
|
|
1444
|
+
organization: z.ZodOptional<z.ZodObject<{
|
|
1445
|
+
name: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
|
|
1446
|
+
id: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
|
|
1447
|
+
customData: z.ZodOptional<ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>>;
|
|
1448
|
+
description: z.ZodOptional<ZodType<string | null, z.ZodTypeDef, string | null>>;
|
|
1449
|
+
}, "strip", z.ZodTypeAny, {
|
|
1450
|
+
name?: string | undefined;
|
|
1451
|
+
id?: string | undefined;
|
|
1452
|
+
customData?: import("@withtyped/server").JsonObject | undefined;
|
|
1453
|
+
description?: string | null | undefined;
|
|
1454
|
+
}, {
|
|
1455
|
+
name?: string | undefined;
|
|
1456
|
+
id?: string | undefined;
|
|
1457
|
+
customData?: import("@withtyped/server").JsonObject | undefined;
|
|
1458
|
+
description?: string | null | undefined;
|
|
1459
|
+
}>>;
|
|
1434
1460
|
}, "strip", z.ZodTypeAny, {
|
|
1435
1461
|
user: {
|
|
1436
1462
|
name?: string | null | undefined;
|
|
@@ -1554,6 +1580,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1554
1580
|
isThirdParty?: boolean | undefined;
|
|
1555
1581
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1556
1582
|
} | undefined;
|
|
1583
|
+
organization?: {
|
|
1584
|
+
name?: string | undefined;
|
|
1585
|
+
id?: string | undefined;
|
|
1586
|
+
customData?: import("@withtyped/server").JsonObject | undefined;
|
|
1587
|
+
description?: string | null | undefined;
|
|
1588
|
+
} | undefined;
|
|
1557
1589
|
grant?: {
|
|
1558
1590
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
1559
1591
|
subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
|
|
@@ -1796,6 +1828,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
1796
1828
|
isThirdParty?: boolean | undefined;
|
|
1797
1829
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
1798
1830
|
} | undefined;
|
|
1831
|
+
organization?: {
|
|
1832
|
+
name?: string | undefined;
|
|
1833
|
+
id?: string | undefined;
|
|
1834
|
+
customData?: import("@withtyped/server").JsonObject | undefined;
|
|
1835
|
+
description?: string | null | undefined;
|
|
1836
|
+
} | undefined;
|
|
1799
1837
|
grant?: {
|
|
1800
1838
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
1801
1839
|
subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
|
|
@@ -2042,6 +2080,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2042
2080
|
isThirdParty?: boolean | undefined;
|
|
2043
2081
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2044
2082
|
} | undefined;
|
|
2083
|
+
organization?: {
|
|
2084
|
+
name?: string | undefined;
|
|
2085
|
+
id?: string | undefined;
|
|
2086
|
+
customData?: import("@withtyped/server").JsonObject | undefined;
|
|
2087
|
+
description?: string | null | undefined;
|
|
2088
|
+
} | undefined;
|
|
2045
2089
|
grant?: {
|
|
2046
2090
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
2047
2091
|
subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
|
|
@@ -2302,6 +2346,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2302
2346
|
isThirdParty?: boolean | undefined;
|
|
2303
2347
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2304
2348
|
} | undefined;
|
|
2349
|
+
organization?: {
|
|
2350
|
+
name?: string | undefined;
|
|
2351
|
+
id?: string | undefined;
|
|
2352
|
+
customData?: import("@withtyped/server").JsonObject | undefined;
|
|
2353
|
+
description?: string | null | undefined;
|
|
2354
|
+
} | undefined;
|
|
2305
2355
|
grant?: {
|
|
2306
2356
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
2307
2357
|
subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
|
|
@@ -2564,6 +2614,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2564
2614
|
isThirdParty?: boolean | undefined;
|
|
2565
2615
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2566
2616
|
} | undefined;
|
|
2617
|
+
organization?: {
|
|
2618
|
+
name?: string | undefined;
|
|
2619
|
+
id?: string | undefined;
|
|
2620
|
+
customData?: import("@withtyped/server").JsonObject | undefined;
|
|
2621
|
+
description?: string | null | undefined;
|
|
2622
|
+
} | undefined;
|
|
2567
2623
|
grant?: {
|
|
2568
2624
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
2569
2625
|
subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
|
|
@@ -2827,6 +2883,12 @@ export declare const jwtCustomizerConfigsGuard: z.ZodDiscriminatedUnion<"key", [
|
|
|
2827
2883
|
isThirdParty?: boolean | undefined;
|
|
2828
2884
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2829
2885
|
} | undefined;
|
|
2886
|
+
organization?: {
|
|
2887
|
+
name?: string | undefined;
|
|
2888
|
+
id?: string | undefined;
|
|
2889
|
+
customData?: import("@withtyped/server").JsonObject | undefined;
|
|
2890
|
+
description?: string | null | undefined;
|
|
2891
|
+
} | undefined;
|
|
2830
2892
|
grant?: {
|
|
2831
2893
|
type?: import("../oidc-config.js").GrantType.TokenExchange | undefined;
|
|
2832
2894
|
subjectTokenContext?: Record<string, import("@withtyped/server").Json> | undefined;
|
|
@@ -3687,7 +3749,9 @@ export declare enum LogtoTenantConfigKey {
|
|
|
3687
3749
|
/** ID token configuration for extended claims. */
|
|
3688
3750
|
IdToken = "idToken",
|
|
3689
3751
|
/** Tenant-scoped rotation state for staged private signing key activation. */
|
|
3690
|
-
SigningKeyRotationState = "signingKeyRotationState"
|
|
3752
|
+
SigningKeyRotationState = "signingKeyRotationState",
|
|
3753
|
+
/** Internal, ops-only override of the system message send-rate-limit policy. Not exposed by any API. */
|
|
3754
|
+
MessageRateLimitOverride = "messageRateLimitOverride"
|
|
3691
3755
|
}
|
|
3692
3756
|
export type LogtoTenantConfigType = {
|
|
3693
3757
|
[LogtoTenantConfigKey.AdminConsole]: AdminConsoleData;
|
|
@@ -3697,13 +3761,14 @@ export type LogtoTenantConfigType = {
|
|
|
3697
3761
|
};
|
|
3698
3762
|
[LogtoTenantConfigKey.IdToken]: IdTokenConfig;
|
|
3699
3763
|
[LogtoTenantConfigKey.SigningKeyRotationState]: SigningKeyRotationState;
|
|
3764
|
+
[LogtoTenantConfigKey.MessageRateLimitOverride]: MessageRateLimitOverride;
|
|
3700
3765
|
};
|
|
3701
3766
|
export declare const logtoTenantConfigGuard: Readonly<{
|
|
3702
3767
|
[key in LogtoTenantConfigKey]: ZodType<LogtoTenantConfigType[key]>;
|
|
3703
3768
|
}>;
|
|
3704
|
-
export type LogtoConfigKey = LogtoOidcConfigKey | LogtoJwtTokenKey | LogtoTenantConfigKey;
|
|
3705
|
-
export type LogtoConfigType = LogtoOidcConfigType | JwtCustomizerType | LogtoTenantConfigType;
|
|
3706
|
-
export type LogtoConfigGuard = typeof logtoOidcConfigGuard & typeof jwtCustomizerConfigGuard & typeof logtoTenantConfigGuard;
|
|
3769
|
+
export type LogtoConfigKey = LogtoOidcConfigKey | LogtoJwtTokenKey | LogtoInlineHookKey | LogtoTenantConfigKey;
|
|
3770
|
+
export type LogtoConfigType = LogtoOidcConfigType | JwtCustomizerType | InlineHookType | LogtoTenantConfigType;
|
|
3771
|
+
export type LogtoConfigGuard = typeof logtoOidcConfigGuard & typeof jwtCustomizerConfigGuard & typeof inlineHookConfigGuard & typeof logtoTenantConfigGuard;
|
|
3707
3772
|
export declare const logtoConfigKeys: readonly LogtoConfigKey[];
|
|
3708
3773
|
export declare const logtoConfigGuards: LogtoConfigGuard;
|
|
3709
3774
|
export declare const oidcConfigKeysResponseGuard: z.ZodObject<Omit<{
|
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
import { extendedIdTokenClaims } from '@logto/core-kit';
|
|
2
2
|
import { z } from 'zod';
|
|
3
|
+
import { messageRateLimitOverrideGuard, } from '../../consts/message-rate-limit.js';
|
|
4
|
+
import { LogtoInlineHookKey, inlineHookGuard } from './inline-hook.js';
|
|
3
5
|
import { accessTokenJwtCustomizerGuard, clientCredentialsJwtCustomizerGuard, } from './jwt-customizer.js';
|
|
4
6
|
export * from './oidc-provider.js';
|
|
5
7
|
export * from './jwt-customizer.js';
|
|
8
|
+
export * from './inline-hook.js';
|
|
6
9
|
/**
|
|
7
10
|
* Logto OIDC signing key types, used mainly in REST API routes.
|
|
8
11
|
*/
|
|
@@ -60,6 +63,10 @@ export const jwtCustomizerConfigGuard = Object.freeze({
|
|
|
60
63
|
[LogtoJwtTokenKey.AccessToken]: accessTokenJwtCustomizerGuard,
|
|
61
64
|
[LogtoJwtTokenKey.ClientCredentials]: clientCredentialsJwtCustomizerGuard,
|
|
62
65
|
});
|
|
66
|
+
export const inlineHookConfigGuard = Object.freeze({
|
|
67
|
+
[LogtoInlineHookKey.PostFirstFactorVerification]: inlineHookGuard,
|
|
68
|
+
[LogtoInlineHookKey.PostSignIn]: inlineHookGuard,
|
|
69
|
+
});
|
|
63
70
|
export const jwtCustomizerConfigsGuard = z.discriminatedUnion('key', [
|
|
64
71
|
z.object({
|
|
65
72
|
key: z.literal(LogtoJwtTokenKey.AccessToken),
|
|
@@ -119,6 +126,8 @@ export var LogtoTenantConfigKey;
|
|
|
119
126
|
LogtoTenantConfigKey["IdToken"] = "idToken";
|
|
120
127
|
/** Tenant-scoped rotation state for staged private signing key activation. */
|
|
121
128
|
LogtoTenantConfigKey["SigningKeyRotationState"] = "signingKeyRotationState";
|
|
129
|
+
/** Internal, ops-only override of the system message send-rate-limit policy. Not exposed by any API. */
|
|
130
|
+
LogtoTenantConfigKey["MessageRateLimitOverride"] = "messageRateLimitOverride";
|
|
122
131
|
})(LogtoTenantConfigKey || (LogtoTenantConfigKey = {}));
|
|
123
132
|
export const logtoTenantConfigGuard = Object.freeze({
|
|
124
133
|
[LogtoTenantConfigKey.AdminConsole]: adminConsoleDataGuard,
|
|
@@ -126,15 +135,18 @@ export const logtoTenantConfigGuard = Object.freeze({
|
|
|
126
135
|
[LogtoTenantConfigKey.SessionNotFoundRedirectUrl]: z.object({ url: z.string() }),
|
|
127
136
|
[LogtoTenantConfigKey.IdToken]: idTokenConfigGuard,
|
|
128
137
|
[LogtoTenantConfigKey.SigningKeyRotationState]: signingKeyRotationStateGuard,
|
|
138
|
+
[LogtoTenantConfigKey.MessageRateLimitOverride]: messageRateLimitOverrideGuard,
|
|
129
139
|
});
|
|
130
140
|
export const logtoConfigKeys = Object.freeze([
|
|
131
141
|
...Object.values(LogtoOidcConfigKey),
|
|
132
142
|
...Object.values(LogtoJwtTokenKey),
|
|
143
|
+
...Object.values(LogtoInlineHookKey),
|
|
133
144
|
...Object.values(LogtoTenantConfigKey),
|
|
134
145
|
]);
|
|
135
146
|
export const logtoConfigGuards = Object.freeze({
|
|
136
147
|
...logtoOidcConfigGuard,
|
|
137
148
|
...jwtCustomizerConfigGuard,
|
|
149
|
+
...inlineHookConfigGuard,
|
|
138
150
|
...logtoTenantConfigGuard,
|
|
139
151
|
});
|
|
140
152
|
export const oidcConfigKeysResponseGuard = oidcConfigKeyGuard.omit({ value: true }).merge(z.object({
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { describe, expect, it } from 'vitest';
|
|
2
|
-
import { LogtoOidcConfigKey, LogtoTenantConfigKey, OidcSigningKeyStatus, logtoOidcConfigGuard, logtoTenantConfigGuard, oidcConfigKeysResponseGuard, } from './index.js';
|
|
2
|
+
import { LogtoInlineHookKey, LogtoOidcConfigKey, LogtoTenantConfigKey, OidcSigningKeyStatus, inlineHookConfigGuard, logtoOidcConfigGuard, logtoConfigGuards, logtoConfigKeys, logtoTenantConfigGuard, oidcConfigKeysResponseGuard, } from './index.js';
|
|
3
3
|
describe('logto config guards', () => {
|
|
4
4
|
it('accepts legacy private keys without status', () => {
|
|
5
5
|
const privateKeys = [
|
|
@@ -26,4 +26,28 @@ describe('logto config guards', () => {
|
|
|
26
26
|
});
|
|
27
27
|
expect(result.success).toBe(true);
|
|
28
28
|
});
|
|
29
|
+
it('accepts inline hook configs', () => {
|
|
30
|
+
const result = inlineHookConfigGuard[LogtoInlineHookKey.PostFirstFactorVerification].safeParse({
|
|
31
|
+
script: 'export default async () => ({ action: "createUser" });',
|
|
32
|
+
environmentVariables: {
|
|
33
|
+
endpoint: 'https://example.com',
|
|
34
|
+
},
|
|
35
|
+
contextSample: ['json', { value: true }],
|
|
36
|
+
enabled: true,
|
|
37
|
+
onExecutionError: 'block',
|
|
38
|
+
});
|
|
39
|
+
expect(result.success).toBe(true);
|
|
40
|
+
});
|
|
41
|
+
it('rejects invalid inline hook execution error policy', () => {
|
|
42
|
+
const result = inlineHookConfigGuard[LogtoInlineHookKey.PostSignIn].safeParse({
|
|
43
|
+
script: 'export default async () => ({ action: "updateUser" });',
|
|
44
|
+
onExecutionError: 'ignore',
|
|
45
|
+
});
|
|
46
|
+
expect(result.success).toBe(false);
|
|
47
|
+
});
|
|
48
|
+
it('includes inline hook keys in the logto config summary guards', () => {
|
|
49
|
+
expect(logtoConfigKeys).toContain(LogtoInlineHookKey.PostFirstFactorVerification);
|
|
50
|
+
expect(logtoConfigKeys).toContain(LogtoInlineHookKey.PostSignIn);
|
|
51
|
+
expect(logtoConfigGuards[LogtoInlineHookKey.PostSignIn]).toBe(inlineHookConfigGuard[LogtoInlineHookKey.PostSignIn]);
|
|
52
|
+
});
|
|
29
53
|
});
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import type { Json } from '../../foundations/index.js';
|
|
3
|
+
import type { InteractionEvent, InteractionIdentifier } from '../interactions.js';
|
|
4
|
+
import type { UserInfo } from '../user.js';
|
|
5
|
+
export declare enum LogtoInlineHookKey {
|
|
6
|
+
PostFirstFactorVerification = "inlineHook.postFirstFactorVerification",
|
|
7
|
+
PostSignIn = "inlineHook.postSignIn"
|
|
8
|
+
}
|
|
9
|
+
export declare const inlineHookExecutionErrorPolicies: readonly ["block", "allow"];
|
|
10
|
+
export type InlineHookExecutionErrorPolicy = (typeof inlineHookExecutionErrorPolicies)[number];
|
|
11
|
+
export type InlineHook = {
|
|
12
|
+
script: string;
|
|
13
|
+
environmentVariables?: Record<string, string>;
|
|
14
|
+
contextSample?: Json;
|
|
15
|
+
enabled?: boolean;
|
|
16
|
+
onExecutionError?: InlineHookExecutionErrorPolicy;
|
|
17
|
+
};
|
|
18
|
+
export declare const inlineHookGuard: z.ZodObject<{
|
|
19
|
+
script: z.ZodString;
|
|
20
|
+
environmentVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
21
|
+
contextSample: z.ZodOptional<z.ZodType<Json, z.ZodTypeDef, Json>>;
|
|
22
|
+
enabled: z.ZodOptional<z.ZodBoolean>;
|
|
23
|
+
onExecutionError: z.ZodOptional<z.ZodEnum<["block", "allow"]>>;
|
|
24
|
+
}, "strict", z.ZodTypeAny, {
|
|
25
|
+
script: string;
|
|
26
|
+
enabled?: boolean | undefined;
|
|
27
|
+
environmentVariables?: Record<string, string> | undefined;
|
|
28
|
+
contextSample?: Json | undefined;
|
|
29
|
+
onExecutionError?: "block" | "allow" | undefined;
|
|
30
|
+
}, {
|
|
31
|
+
script: string;
|
|
32
|
+
enabled?: boolean | undefined;
|
|
33
|
+
environmentVariables?: Record<string, string> | undefined;
|
|
34
|
+
contextSample?: Json | undefined;
|
|
35
|
+
onExecutionError?: "block" | "allow" | undefined;
|
|
36
|
+
}>;
|
|
37
|
+
export declare const inlineHookTestRequestBodyGuard: z.ZodObject<{
|
|
38
|
+
script: z.ZodString;
|
|
39
|
+
hookType: z.ZodNativeEnum<typeof LogtoInlineHookKey>;
|
|
40
|
+
event: z.ZodType<Json, z.ZodTypeDef, Json>;
|
|
41
|
+
environmentVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
42
|
+
}, "strict", z.ZodTypeAny, {
|
|
43
|
+
event: Json;
|
|
44
|
+
script: string;
|
|
45
|
+
hookType: LogtoInlineHookKey;
|
|
46
|
+
environmentVariables?: Record<string, string> | undefined;
|
|
47
|
+
}, {
|
|
48
|
+
event: Json;
|
|
49
|
+
script: string;
|
|
50
|
+
hookType: LogtoInlineHookKey;
|
|
51
|
+
environmentVariables?: Record<string, string> | undefined;
|
|
52
|
+
}>;
|
|
53
|
+
export type InlineHookTestRequestBody = z.infer<typeof inlineHookTestRequestBodyGuard>;
|
|
54
|
+
export type HookUser = Pick<UserInfo, 'id' | 'username' | 'primaryEmail' | 'primaryPhone' | 'name' | 'avatar' | 'customData' | 'profile' | 'applicationId' | 'isSuspended'>;
|
|
55
|
+
export type HookUserPatch = Partial<Omit<HookUser, 'id'>>;
|
|
56
|
+
export type PostFirstFactorVerificationEvent = {
|
|
57
|
+
key: LogtoInlineHookKey.PostFirstFactorVerification;
|
|
58
|
+
interactionEvent: InteractionEvent.SignIn;
|
|
59
|
+
identifier: InteractionIdentifier;
|
|
60
|
+
/** Sensitive credential provided for inline hook controlled password verification. */
|
|
61
|
+
password: string;
|
|
62
|
+
};
|
|
63
|
+
export type PostSignInEvent = {
|
|
64
|
+
key: LogtoInlineHookKey.PostSignIn;
|
|
65
|
+
interactionEvent: InteractionEvent.SignIn;
|
|
66
|
+
user: HookUser;
|
|
67
|
+
};
|
|
68
|
+
export type PostFirstFactorVerificationResult = {
|
|
69
|
+
action: 'createUser' | 'updateUser';
|
|
70
|
+
user: HookUserPatch;
|
|
71
|
+
passwordVerified: true;
|
|
72
|
+
};
|
|
73
|
+
export type PostSignInResult = {
|
|
74
|
+
action: 'updateUser';
|
|
75
|
+
user?: HookUserPatch;
|
|
76
|
+
};
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { jsonGuard } from '@logto/connector-kit';
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
export var LogtoInlineHookKey;
|
|
4
|
+
(function (LogtoInlineHookKey) {
|
|
5
|
+
LogtoInlineHookKey["PostFirstFactorVerification"] = "inlineHook.postFirstFactorVerification";
|
|
6
|
+
LogtoInlineHookKey["PostSignIn"] = "inlineHook.postSignIn";
|
|
7
|
+
})(LogtoInlineHookKey || (LogtoInlineHookKey = {}));
|
|
8
|
+
export const inlineHookExecutionErrorPolicies = Object.freeze(['block', 'allow']);
|
|
9
|
+
export const inlineHookGuard = z
|
|
10
|
+
.object({
|
|
11
|
+
script: z.string(),
|
|
12
|
+
environmentVariables: z.record(z.string()).optional(),
|
|
13
|
+
contextSample: jsonGuard.optional(),
|
|
14
|
+
enabled: z.boolean().optional(),
|
|
15
|
+
onExecutionError: z.enum(inlineHookExecutionErrorPolicies).optional(),
|
|
16
|
+
})
|
|
17
|
+
.strict();
|
|
18
|
+
export const inlineHookTestRequestBodyGuard = z
|
|
19
|
+
.object({
|
|
20
|
+
script: z.string(),
|
|
21
|
+
hookType: z.nativeEnum(LogtoInlineHookKey),
|
|
22
|
+
event: jsonGuard,
|
|
23
|
+
environmentVariables: z.record(z.string()).optional(),
|
|
24
|
+
})
|
|
25
|
+
.strict();
|
|
@@ -106,6 +106,7 @@ export declare const jwtCustomizerUserContextGuard: z.ZodObject<Pick<{
|
|
|
106
106
|
id: string;
|
|
107
107
|
key: string;
|
|
108
108
|
createdAt: string;
|
|
109
|
+
lastUsedTimeStep?: number | undefined;
|
|
109
110
|
lastUsedAt?: string | undefined;
|
|
110
111
|
} | {
|
|
111
112
|
type: import("../../foundations/index.js").MfaFactor.WebAuthn;
|
|
@@ -133,6 +134,7 @@ export declare const jwtCustomizerUserContextGuard: z.ZodObject<Pick<{
|
|
|
133
134
|
id: string;
|
|
134
135
|
key: string;
|
|
135
136
|
createdAt: string;
|
|
137
|
+
lastUsedTimeStep?: number | undefined;
|
|
136
138
|
lastUsedAt?: string | undefined;
|
|
137
139
|
} | {
|
|
138
140
|
type: import("../../foundations/index.js").MfaFactor.WebAuthn;
|
|
@@ -157,7 +159,9 @@ export declare const jwtCustomizerUserContextGuard: z.ZodObject<Pick<{
|
|
|
157
159
|
lastUsedAt?: string | undefined;
|
|
158
160
|
})[]>;
|
|
159
161
|
isSuspended: ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
162
|
+
isPasswordExpired: ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
160
163
|
lastSignInAt: ZodType<number | null, z.ZodTypeDef, number | null>;
|
|
164
|
+
passwordUpdatedAt: ZodType<number | null, z.ZodTypeDef, number | null>;
|
|
161
165
|
createdAt: ZodType<number, z.ZodTypeDef, number>;
|
|
162
166
|
updatedAt: ZodType<number, z.ZodTypeDef, number>;
|
|
163
167
|
}, "name" | "id" | "applicationId" | "username" | "createdAt" | "profile" | "avatar" | "customData" | "identities" | "updatedAt" | "lastSignInAt" | "primaryEmail" | "primaryPhone" | "isSuspended"> & {
|
|
@@ -1273,6 +1277,54 @@ export declare const jwtCustomizerApplicationContextGuard: z.ZodObject<Omit<{
|
|
|
1273
1277
|
isThirdParty: boolean;
|
|
1274
1278
|
appLevelAccessControlEnabled: boolean;
|
|
1275
1279
|
}>;
|
|
1280
|
+
/**
|
|
1281
|
+
* The target organization context for organization (API resource) access tokens.
|
|
1282
|
+
*
|
|
1283
|
+
* Only populated when the token is being issued for a specific organization (i.e. the
|
|
1284
|
+
* `organization_id` request parameter is present), letting the customizer attach per-org
|
|
1285
|
+
* claims without embedding every organization the user belongs to.
|
|
1286
|
+
*/
|
|
1287
|
+
export declare const jwtCustomizerOrganizationContextGuard: z.ZodObject<Pick<{
|
|
1288
|
+
tenantId: ZodType<string, z.ZodTypeDef, string>;
|
|
1289
|
+
id: ZodType<string, z.ZodTypeDef, string>;
|
|
1290
|
+
name: ZodType<string, z.ZodTypeDef, string>;
|
|
1291
|
+
description: ZodType<string | null, z.ZodTypeDef, string | null>;
|
|
1292
|
+
customData: ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
|
|
1293
|
+
isMfaRequired: ZodType<boolean, z.ZodTypeDef, boolean>;
|
|
1294
|
+
color: ZodType<Partial<{
|
|
1295
|
+
primaryColor: string;
|
|
1296
|
+
isDarkModeEnabled: boolean;
|
|
1297
|
+
darkPrimaryColor: string;
|
|
1298
|
+
}>, z.ZodTypeDef, Partial<{
|
|
1299
|
+
primaryColor: string;
|
|
1300
|
+
isDarkModeEnabled: boolean;
|
|
1301
|
+
darkPrimaryColor: string;
|
|
1302
|
+
}>>;
|
|
1303
|
+
branding: ZodType<{
|
|
1304
|
+
logoUrl?: string | undefined;
|
|
1305
|
+
darkLogoUrl?: string | undefined;
|
|
1306
|
+
favicon?: string | undefined;
|
|
1307
|
+
darkFavicon?: string | undefined;
|
|
1308
|
+
}, z.ZodTypeDef, {
|
|
1309
|
+
logoUrl?: string | undefined;
|
|
1310
|
+
darkLogoUrl?: string | undefined;
|
|
1311
|
+
favicon?: string | undefined;
|
|
1312
|
+
darkFavicon?: string | undefined;
|
|
1313
|
+
}>;
|
|
1314
|
+
customCss: ZodType<string | null, z.ZodTypeDef, string | null>;
|
|
1315
|
+
createdAt: ZodType<number, z.ZodTypeDef, number>;
|
|
1316
|
+
}, "name" | "id" | "customData" | "description">, "strip", z.ZodTypeAny, {
|
|
1317
|
+
name: string;
|
|
1318
|
+
id: string;
|
|
1319
|
+
customData: import("@withtyped/server/lib/types.js").JsonObject;
|
|
1320
|
+
description: string | null;
|
|
1321
|
+
}, {
|
|
1322
|
+
name: string;
|
|
1323
|
+
id: string;
|
|
1324
|
+
customData: import("@withtyped/server/lib/types.js").JsonObject;
|
|
1325
|
+
description: string | null;
|
|
1326
|
+
}>;
|
|
1327
|
+
export type JwtCustomizerOrganizationContext = z.infer<typeof jwtCustomizerOrganizationContextGuard>;
|
|
1276
1328
|
export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
|
|
1277
1329
|
script: z.ZodString;
|
|
1278
1330
|
environmentVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
@@ -2611,6 +2663,22 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
|
|
|
2611
2663
|
isThirdParty?: boolean | undefined;
|
|
2612
2664
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2613
2665
|
}>>;
|
|
2666
|
+
organization: z.ZodOptional<z.ZodObject<{
|
|
2667
|
+
name: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
|
|
2668
|
+
id: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
|
|
2669
|
+
customData: z.ZodOptional<ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>;
|
|
2670
|
+
description: z.ZodOptional<ZodType<string | null, z.ZodTypeDef, string | null>>;
|
|
2671
|
+
}, "strip", z.ZodTypeAny, {
|
|
2672
|
+
name?: string | undefined;
|
|
2673
|
+
id?: string | undefined;
|
|
2674
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
2675
|
+
description?: string | null | undefined;
|
|
2676
|
+
}, {
|
|
2677
|
+
name?: string | undefined;
|
|
2678
|
+
id?: string | undefined;
|
|
2679
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
2680
|
+
description?: string | null | undefined;
|
|
2681
|
+
}>>;
|
|
2614
2682
|
}, "strip", z.ZodTypeAny, {
|
|
2615
2683
|
user: {
|
|
2616
2684
|
name?: string | null | undefined;
|
|
@@ -2734,6 +2802,12 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
|
|
|
2734
2802
|
isThirdParty?: boolean | undefined;
|
|
2735
2803
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2736
2804
|
} | undefined;
|
|
2805
|
+
organization?: {
|
|
2806
|
+
name?: string | undefined;
|
|
2807
|
+
id?: string | undefined;
|
|
2808
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
2809
|
+
description?: string | null | undefined;
|
|
2810
|
+
} | undefined;
|
|
2737
2811
|
grant?: {
|
|
2738
2812
|
type?: GrantType.TokenExchange | undefined;
|
|
2739
2813
|
subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
|
|
@@ -2976,6 +3050,12 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
|
|
|
2976
3050
|
isThirdParty?: boolean | undefined;
|
|
2977
3051
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
2978
3052
|
} | undefined;
|
|
3053
|
+
organization?: {
|
|
3054
|
+
name?: string | undefined;
|
|
3055
|
+
id?: string | undefined;
|
|
3056
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
3057
|
+
description?: string | null | undefined;
|
|
3058
|
+
} | undefined;
|
|
2979
3059
|
grant?: {
|
|
2980
3060
|
type?: GrantType.TokenExchange | undefined;
|
|
2981
3061
|
subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
|
|
@@ -3222,6 +3302,12 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
|
|
|
3222
3302
|
isThirdParty?: boolean | undefined;
|
|
3223
3303
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3224
3304
|
} | undefined;
|
|
3305
|
+
organization?: {
|
|
3306
|
+
name?: string | undefined;
|
|
3307
|
+
id?: string | undefined;
|
|
3308
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
3309
|
+
description?: string | null | undefined;
|
|
3310
|
+
} | undefined;
|
|
3225
3311
|
grant?: {
|
|
3226
3312
|
type?: GrantType.TokenExchange | undefined;
|
|
3227
3313
|
subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
|
|
@@ -3482,6 +3568,12 @@ export declare const accessTokenJwtCustomizerGuard: z.ZodObject<{
|
|
|
3482
3568
|
isThirdParty?: boolean | undefined;
|
|
3483
3569
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
3484
3570
|
} | undefined;
|
|
3571
|
+
organization?: {
|
|
3572
|
+
name?: string | undefined;
|
|
3573
|
+
id?: string | undefined;
|
|
3574
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
3575
|
+
description?: string | null | undefined;
|
|
3576
|
+
} | undefined;
|
|
3485
3577
|
grant?: {
|
|
3486
3578
|
type?: GrantType.TokenExchange | undefined;
|
|
3487
3579
|
subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
|
|
@@ -5431,6 +5523,22 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
|
|
|
5431
5523
|
isThirdParty?: boolean | undefined;
|
|
5432
5524
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
5433
5525
|
}>>;
|
|
5526
|
+
organization: z.ZodOptional<z.ZodObject<{
|
|
5527
|
+
name: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
|
|
5528
|
+
id: z.ZodOptional<ZodType<string, z.ZodTypeDef, string>>;
|
|
5529
|
+
customData: z.ZodOptional<ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>>;
|
|
5530
|
+
description: z.ZodOptional<ZodType<string | null, z.ZodTypeDef, string | null>>;
|
|
5531
|
+
}, "strip", z.ZodTypeAny, {
|
|
5532
|
+
name?: string | undefined;
|
|
5533
|
+
id?: string | undefined;
|
|
5534
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
5535
|
+
description?: string | null | undefined;
|
|
5536
|
+
}, {
|
|
5537
|
+
name?: string | undefined;
|
|
5538
|
+
id?: string | undefined;
|
|
5539
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
5540
|
+
description?: string | null | undefined;
|
|
5541
|
+
}>>;
|
|
5434
5542
|
}, "strip", z.ZodTypeAny, {
|
|
5435
5543
|
user: {
|
|
5436
5544
|
name?: string | null | undefined;
|
|
@@ -5554,6 +5662,12 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
|
|
|
5554
5662
|
isThirdParty?: boolean | undefined;
|
|
5555
5663
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
5556
5664
|
} | undefined;
|
|
5665
|
+
organization?: {
|
|
5666
|
+
name?: string | undefined;
|
|
5667
|
+
id?: string | undefined;
|
|
5668
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
5669
|
+
description?: string | null | undefined;
|
|
5670
|
+
} | undefined;
|
|
5557
5671
|
grant?: {
|
|
5558
5672
|
type?: GrantType.TokenExchange | undefined;
|
|
5559
5673
|
subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
|
|
@@ -5796,6 +5910,12 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
|
|
|
5796
5910
|
isThirdParty?: boolean | undefined;
|
|
5797
5911
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
5798
5912
|
} | undefined;
|
|
5913
|
+
organization?: {
|
|
5914
|
+
name?: string | undefined;
|
|
5915
|
+
id?: string | undefined;
|
|
5916
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
5917
|
+
description?: string | null | undefined;
|
|
5918
|
+
} | undefined;
|
|
5799
5919
|
grant?: {
|
|
5800
5920
|
type?: GrantType.TokenExchange | undefined;
|
|
5801
5921
|
subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
|
|
@@ -6056,6 +6176,12 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
|
|
|
6056
6176
|
isThirdParty?: boolean | undefined;
|
|
6057
6177
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
6058
6178
|
} | undefined;
|
|
6179
|
+
organization?: {
|
|
6180
|
+
name?: string | undefined;
|
|
6181
|
+
id?: string | undefined;
|
|
6182
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
6183
|
+
description?: string | null | undefined;
|
|
6184
|
+
} | undefined;
|
|
6059
6185
|
grant?: {
|
|
6060
6186
|
type?: GrantType.TokenExchange | undefined;
|
|
6061
6187
|
subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
|
|
@@ -6316,6 +6442,12 @@ export declare const jwtCustomizerTestRequestBodyGuard: z.ZodDiscriminatedUnion<
|
|
|
6316
6442
|
isThirdParty?: boolean | undefined;
|
|
6317
6443
|
appLevelAccessControlEnabled?: boolean | undefined;
|
|
6318
6444
|
} | undefined;
|
|
6445
|
+
organization?: {
|
|
6446
|
+
name?: string | undefined;
|
|
6447
|
+
id?: string | undefined;
|
|
6448
|
+
customData?: import("@withtyped/server/lib/types.js").JsonObject | undefined;
|
|
6449
|
+
description?: string | null | undefined;
|
|
6450
|
+
} | undefined;
|
|
6319
6451
|
grant?: {
|
|
6320
6452
|
type?: GrantType.TokenExchange | undefined;
|
|
6321
6453
|
subjectTokenContext?: Record<string, import("@withtyped/server/lib/types.js").Json> | undefined;
|
|
@@ -6977,7 +7109,7 @@ export declare const customJwtErrorBodyGuard: z.ZodObject<{
|
|
|
6977
7109
|
export type CustomJwtErrorBody = z.infer<typeof customJwtErrorBodyGuard>;
|
|
6978
7110
|
export type CustomJwtApiContext = {
|
|
6979
7111
|
/**
|
|
6980
|
-
* Reject the
|
|
7112
|
+
* Reject the current token request.
|
|
6981
7113
|
*
|
|
6982
7114
|
* @remarks
|
|
6983
7115
|
* By calling this function, the current token request will be rejected,
|