@logto/schemas 1.8.0 → 1.9.0

package/lib/db-entries/role.js

@@ -1,16 +1,19 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
+import { RoleType } from './custom-types.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
     id: z.string().min(1).max(21),
     name: z.string().min(1).max(128),
     description: z.string().min(1).max(128),
+    type: z.nativeEnum(RoleType).optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
     id: z.string().min(1).max(21),
     name: z.string().min(1).max(128),
     description: z.string().min(1).max(128),
+    type: z.nativeEnum(RoleType),
 });
 export const Roles = Object.freeze({
     table: 'roles',
@@ -20,12 +23,14 @@ export const Roles = Object.freeze({
         id: 'id',
         name: 'name',
         description: 'description',
+        type: 'type',
     },
     fieldKeys: [
         'tenantId',
         'id',
         'name',
         'description',
+        'type',
     ],
     createGuard,
     guard,

package/lib/db-entries/sign-in-experience.d.ts

@@ -1,4 +1,4 @@
-import { Color, Branding, LanguageInfo, SignIn, SignUp, ConnectorTargets, CustomContent, GeneratedSchema } from './../foundations/index.js';
+import { Color, Branding, LanguageInfo, SignIn, SignUp, ConnectorTargets, CustomContent, PartialPasswordPolicy, Mfa, GeneratedSchema } from './../foundations/index.js';
 import { SignInMode } from './custom-types.js';
 export type CreateSignInExperience = {
     tenantId?: string;
@@ -14,6 +14,8 @@ export type CreateSignInExperience = {
     signInMode?: SignInMode;
     customCss?: string | null;
     customContent?: CustomContent;
+    passwordPolicy?: PartialPasswordPolicy;
+    mfa?: Mfa;
 };
 export type SignInExperience = {
     tenantId: string;
@@ -29,5 +31,7 @@ export type SignInExperience = {
     signInMode: SignInMode;
     customCss: string | null;
     customContent: CustomContent;
+    passwordPolicy: PartialPasswordPolicy;
+    mfa: Mfa;
 };
 export declare const SignInExperiences: GeneratedSchema<CreateSignInExperience, SignInExperience>;

package/lib/db-entries/sign-in-experience.js

@@ -1,6 +1,6 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
-import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, connectorTargetsGuard, customContentGuard } from './../foundations/index.js';
+import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, connectorTargetsGuard, customContentGuard, partialPasswordPolicyGuard, mfaGuard } from './../foundations/index.js';
 import { SignInMode } from './custom-types.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
@@ -16,6 +16,8 @@ const createGuard = z.object({
     signInMode: z.nativeEnum(SignInMode).optional(),
     customCss: z.string().nullable().optional(),
     customContent: customContentGuard.optional(),
+    passwordPolicy: partialPasswordPolicyGuard.optional(),
+    mfa: mfaGuard.optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
@@ -31,6 +33,8 @@ const guard = z.object({
     signInMode: z.nativeEnum(SignInMode),
     customCss: z.string().nullable(),
     customContent: customContentGuard,
+    passwordPolicy: partialPasswordPolicyGuard,
+    mfa: mfaGuard,
 });
 export const SignInExperiences = Object.freeze({
     table: 'sign_in_experiences',
@@ -49,6 +53,8 @@ export const SignInExperiences = Object.freeze({
         signInMode: 'sign_in_mode',
         customCss: 'custom_css',
         customContent: 'custom_content',
+        passwordPolicy: 'password_policy',
+        mfa: 'mfa',
     },
     fieldKeys: [
         'tenantId',
@@ -64,6 +70,8 @@ export const SignInExperiences = Object.freeze({
         'signInMode',
         'customCss',
         'customContent',
+        'passwordPolicy',
+        'mfa',
     ],
     createGuard,
     guard,

package/lib/db-entries/user.d.ts

@@ -1,4 +1,4 @@
-import { Identities, JsonObject, GeneratedSchema } from './../foundations/index.js';
+import { Identities, JsonObject, MfaVerifications, GeneratedSchema } from './../foundations/index.js';
 import { UsersPasswordEncryptionMethod } from './custom-types.js';
 export type CreateUser = {
     tenantId?: string;
@@ -13,6 +13,7 @@ export type CreateUser = {
     applicationId?: string | null;
     identities?: Identities;
     customData?: JsonObject;
+    mfaVerifications?: MfaVerifications;
     isSuspended?: boolean;
     lastSignInAt?: number | null;
     createdAt?: number;
@@ -30,6 +31,7 @@ export type User = {
     applicationId: string | null;
     identities: Identities;
     customData: JsonObject;
+    mfaVerifications: MfaVerifications;
     isSuspended: boolean;
     lastSignInAt: number | null;
     createdAt: number;

package/lib/db-entries/user.js

@@ -1,6 +1,6 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
-import { identitiesGuard, jsonObjectGuard } from './../foundations/index.js';
+import { identitiesGuard, jsonObjectGuard, mfaVerificationsGuard } from './../foundations/index.js';
 import { UsersPasswordEncryptionMethod } from './custom-types.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
@@ -15,6 +15,7 @@ const createGuard = z.object({
     applicationId: z.string().max(21).nullable().optional(),
     identities: identitiesGuard.optional(),
     customData: jsonObjectGuard.optional(),
+    mfaVerifications: mfaVerificationsGuard.optional(),
     isSuspended: z.boolean().optional(),
     lastSignInAt: z.number().nullable().optional(),
     createdAt: z.number().optional(),
@@ -32,6 +33,7 @@ const guard = z.object({
     applicationId: z.string().max(21).nullable(),
     identities: identitiesGuard,
     customData: jsonObjectGuard,
+    mfaVerifications: mfaVerificationsGuard,
     isSuspended: z.boolean(),
     lastSignInAt: z.number().nullable(),
     createdAt: z.number(),
@@ -52,6 +54,7 @@ export const Users = Object.freeze({
         applicationId: 'application_id',
         identities: 'identities',
         customData: 'custom_data',
+        mfaVerifications: 'mfa_verifications',
         isSuspended: 'is_suspended',
         lastSignInAt: 'last_sign_in_at',
         createdAt: 'created_at',
@@ -69,6 +72,7 @@ export const Users = Object.freeze({
         'applicationId',
         'identities',
         'customData',
+        'mfaVerifications',
         'isSuspended',
         'lastSignInAt',
         'createdAt',

package/lib/foundations/jsonb-types.d.ts

@@ -1,3 +1,5 @@
+import { type PasswordPolicy } from '@logto/core-kit';
+import { type DeepPartial } from '@silverhand/essentials';
 import type { Json } from '@withtyped/server';
 import { z } from 'zod';
 export { configurableConnectorMetadataGuard, type ConfigurableConnectorMetadata, } from '@logto/connector-kit';
@@ -20,9 +22,6 @@ export declare const oidcModelInstancePayloadGuard: z.ZodObject<{
     grantId?: string | undefined;
 }>;
 export type OidcModelInstancePayload = z.infer<typeof oidcModelInstancePayloadGuard>;
-export declare const webRedirectUriProtocolRegEx: RegExp;
-export declare const mobileUriSchemeProtocolRegEx: RegExp;
-export declare const validateRedirectUrl: (urlString: string, type: 'web' | 'mobile') => boolean;
 export declare const oidcClientMetadataGuard: z.ZodObject<{
     redirectUris: z.ZodArray<z.ZodUnion<[z.ZodEffects<z.ZodString, string, string>, z.ZodEffects<z.ZodString, string, string>]>, "many">;
     postLogoutRedirectUris: z.ZodArray<z.ZodString, "many">;
@@ -88,29 +87,6 @@ export declare const customClientMetadataGuard: z.ZodObject<{
  * @see {@link CustomClientMetadataKey} for key descriptions.
  */
 export type CustomClientMetadata = z.infer<typeof customClientMetadataGuard>;
-export declare const roleNamesGuard: z.ZodArray<z.ZodString, "many">;
-declare const identityGuard: z.ZodObject<{
-    userId: z.ZodString;
-    details: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
-}, "strip", z.ZodTypeAny, {
-    details?: {} | undefined;
-    userId: string;
-}, {
-    details?: {} | undefined;
-    userId: string;
-}>;
-export declare const identitiesGuard: z.ZodRecord<z.ZodString, z.ZodObject<{
-    userId: z.ZodString;
-    details: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
-}, "strip", z.ZodTypeAny, {
-    details?: {} | undefined;
-    userId: string;
-}, {
-    details?: {} | undefined;
-    userId: string;
-}>>;
-export type Identity = z.infer<typeof identityGuard>;
-export type Identities = z.infer<typeof identitiesGuard>;
 export declare const colorGuard: z.ZodObject<{
     primaryColor: z.ZodString;
     isDarkModeEnabled: z.ZodBoolean;
@@ -206,6 +182,173 @@ export declare const connectorTargetsGuard: z.ZodArray<z.ZodString, "many">;
 export type ConnectorTargets = z.infer<typeof connectorTargetsGuard>;
 export declare const customContentGuard: z.ZodRecord<z.ZodString, z.ZodString>;
 export type CustomContent = z.infer<typeof customContentGuard>;
+export declare enum MfaFactor {
+    TOTP = "TOTP",
+    WebAuthn = "WebAuthn",
+    BackupCode = "BackupCode"
+}
+export declare const mfaFactorsGuard: z.ZodArray<z.ZodNativeEnum<typeof MfaFactor>, "many">;
+export type MfaFactors = z.infer<typeof mfaFactorsGuard>;
+export declare enum MfaPolicy {
+    UserControlled = "UserControlled",
+    Mandatory = "Mandatory"
+}
+export declare const mfaGuard: z.ZodObject<{
+    factors: z.ZodArray<z.ZodNativeEnum<typeof MfaFactor>, "many">;
+    policy: z.ZodNativeEnum<typeof MfaPolicy>;
+}, "strip", z.ZodTypeAny, {
+    factors: MfaFactor[];
+    policy: MfaPolicy;
+}, {
+    factors: MfaFactor[];
+    policy: MfaPolicy;
+}>;
+export type Mfa = z.infer<typeof mfaGuard>;
+export declare const roleNamesGuard: z.ZodArray<z.ZodString, "many">;
+declare const identityGuard: z.ZodObject<{
+    userId: z.ZodString;
+    details: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
+}, "strip", z.ZodTypeAny, {
+    details?: {} | undefined;
+    userId: string;
+}, {
+    details?: {} | undefined;
+    userId: string;
+}>;
+export declare const identitiesGuard: z.ZodRecord<z.ZodString, z.ZodObject<{
+    userId: z.ZodString;
+    details: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
+}, "strip", z.ZodTypeAny, {
+    details?: {} | undefined;
+    userId: string;
+}, {
+    details?: {} | undefined;
+    userId: string;
+}>>;
+export type Identity = z.infer<typeof identityGuard>;
+export type Identities = z.infer<typeof identitiesGuard>;
+export declare const baseMfaVerification: {
+    id: z.ZodString;
+    createdAt: z.ZodString;
+};
+export declare const mfaVerificationGuard: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
+    key: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    type: z.ZodLiteral<MfaFactor.TOTP>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.TOTP;
+    key: string;
+    id: string;
+    createdAt: string;
+}, {
+    type: MfaFactor.TOTP;
+    key: string;
+    id: string;
+    createdAt: string;
+}>, z.ZodObject<{
+    credentialId: z.ZodString;
+    publicKey: z.ZodString;
+    counter: z.ZodNumber;
+    agent: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    type: z.ZodLiteral<MfaFactor.WebAuthn>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+}, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+}>, z.ZodObject<{
+    code: z.ZodString;
+    usedAt: z.ZodOptional<z.ZodDate>;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    type: z.ZodLiteral<MfaFactor.BackupCode>;
+}, "strip", z.ZodTypeAny, {
+    usedAt?: Date | undefined;
+    code: string;
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+}, {
+    usedAt?: Date | undefined;
+    code: string;
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+}>]>;
+export type MfaVerification = z.infer<typeof mfaVerificationGuard>;
+export declare const mfaVerificationsGuard: z.ZodArray<z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
+    key: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    type: z.ZodLiteral<MfaFactor.TOTP>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.TOTP;
+    key: string;
+    id: string;
+    createdAt: string;
+}, {
+    type: MfaFactor.TOTP;
+    key: string;
+    id: string;
+    createdAt: string;
+}>, z.ZodObject<{
+    credentialId: z.ZodString;
+    publicKey: z.ZodString;
+    counter: z.ZodNumber;
+    agent: z.ZodString;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    type: z.ZodLiteral<MfaFactor.WebAuthn>;
+}, "strip", z.ZodTypeAny, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+}, {
+    type: MfaFactor.WebAuthn;
+    id: string;
+    createdAt: string;
+    credentialId: string;
+    publicKey: string;
+    counter: number;
+    agent: string;
+}>, z.ZodObject<{
+    code: z.ZodString;
+    usedAt: z.ZodOptional<z.ZodDate>;
+    id: z.ZodString;
+    createdAt: z.ZodString;
+    type: z.ZodLiteral<MfaFactor.BackupCode>;
+}, "strip", z.ZodTypeAny, {
+    usedAt?: Date | undefined;
+    code: string;
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+}, {
+    usedAt?: Date | undefined;
+    code: string;
+    type: MfaFactor.BackupCode;
+    id: string;
+    createdAt: string;
+}>]>, "many">;
+export type MfaVerifications = z.infer<typeof mfaVerificationsGuard>;
 export type Translation = {
     [key: string]: string | Translation;
 };
@@ -244,6 +387,70 @@ export declare const logContextPayloadGuard: z.ZodObject<{
     key: string;
     result: LogResult;
 }>;
+export type PartialPasswordPolicy = DeepPartial<PasswordPolicy>;
+export declare const partialPasswordPolicyGuard: z.ZodObject<{
+    length: z.ZodOptional<z.ZodDefault<z.ZodObject<{
+        min: z.ZodDefault<z.ZodNumber>;
+        max: z.ZodDefault<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        min: number;
+        max: number;
+    }, {
+        min?: number | undefined;
+        max?: number | undefined;
+    }>>>;
+    characterTypes: z.ZodOptional<z.ZodDefault<z.ZodObject<{
+        min: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    }, "strip", z.ZodTypeAny, {
+        min: number;
+    }, {
+        min?: number | undefined;
+    }>>>;
+    rejects: z.ZodOptional<z.ZodDefault<z.ZodObject<{
+        pwned: z.ZodDefault<z.ZodBoolean>;
+        repetitionAndSequence: z.ZodDefault<z.ZodBoolean>;
+        userInfo: z.ZodDefault<z.ZodBoolean>;
+        words: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        pwned: boolean;
+        repetitionAndSequence: boolean;
+        userInfo: boolean;
+        words: string[];
+    }, {
+        pwned?: boolean | undefined;
+        repetitionAndSequence?: boolean | undefined;
+        userInfo?: boolean | undefined;
+        words?: string[] | undefined;
+    }>>>;
+}, "strip", z.ZodTypeAny, {
+    length?: {
+        min: number;
+        max: number;
+    } | undefined;
+    characterTypes?: {
+        min: number;
+    } | undefined;
+    rejects?: {
+        pwned: boolean;
+        repetitionAndSequence: boolean;
+        userInfo: boolean;
+        words: string[];
+    } | undefined;
+}, {
+    length?: {
+        min?: number | undefined;
+        max?: number | undefined;
+    } | undefined;
+    characterTypes?: {
+        min?: number | undefined;
+    } | undefined;
+    rejects?: {
+        pwned?: boolean | undefined;
+        repetitionAndSequence?: boolean | undefined;
+        userInfo?: boolean | undefined;
+        words?: string[] | undefined;
+    } | undefined;
+}>;
 /**
  * The basic log context type. It's more about a type hint instead of forcing the log shape.
  *

package/lib/foundations/jsonb-types.js

@@ -1,4 +1,4 @@
-import { hexColorRegEx } from '@logto/core-kit';
+import { hexColorRegEx, passwordPolicyGuard, validateRedirectUrl, } from '@logto/core-kit';
 import { languageTagGuard } from '@logto/language-kit';
 import { z } from 'zod';
 export { configurableConnectorMetadataGuard, } from '@logto/connector-kit';
@@ -19,19 +19,6 @@ export const oidcModelInstancePayloadGuard = z
      * https://github.com/colinhacks/zod/issues/452
      */
     .catchall(z.unknown());
-// Import from @logto/core-kit later, pending for new version publish
-export const webRedirectUriProtocolRegEx = /^https?:$/;
-export const mobileUriSchemeProtocolRegEx = /^[a-z][\d_a-z]*(\.[\d_a-z]+)+:$/;
-export const validateRedirectUrl = (urlString, type) => {
-    try {
-        const { protocol } = new URL(urlString);
-        const protocolRegEx = type === 'mobile' ? mobileUriSchemeProtocolRegEx : webRedirectUriProtocolRegEx;
-        return protocolRegEx.test(protocol);
-    }
-    catch {
-        return false;
-    }
-};
 export const oidcClientMetadataGuard = z.object({
     redirectUris: z
         .string()
@@ -73,13 +60,6 @@ export const customClientMetadataGuard = z.object({
     [CustomClientMetadataKey.AlwaysIssueRefreshToken]: z.boolean().optional(),
     [CustomClientMetadataKey.RotateRefreshToken]: z.boolean().optional(),
 });
-/* === Users === */
-export const roleNamesGuard = z.string().array();
-const identityGuard = z.object({
-    userId: z.string(),
-    details: z.object({}).optional(), // Connector's userinfo details, schemaless
-});
-export const identitiesGuard = z.record(identityGuard);
 /* === SignIn Experiences === */
 export const colorGuard = z.object({
     primaryColor: z.string().regex(hexColorRegEx),
@@ -118,6 +98,55 @@ export const signInGuard = z.object({
 });
 export const connectorTargetsGuard = z.string().array();
 export const customContentGuard = z.record(z.string());
+export var MfaFactor;
+(function (MfaFactor) {
+    MfaFactor["TOTP"] = "TOTP";
+    MfaFactor["WebAuthn"] = "WebAuthn";
+    MfaFactor["BackupCode"] = "BackupCode";
+})(MfaFactor || (MfaFactor = {}));
+export const mfaFactorsGuard = z.nativeEnum(MfaFactor).array();
+export var MfaPolicy;
+(function (MfaPolicy) {
+    MfaPolicy["UserControlled"] = "UserControlled";
+    MfaPolicy["Mandatory"] = "Mandatory";
+})(MfaPolicy || (MfaPolicy = {}));
+export const mfaGuard = z.object({
+    factors: mfaFactorsGuard,
+    policy: z.nativeEnum(MfaPolicy),
+});
+/* === Users === */
+export const roleNamesGuard = z.string().array();
+const identityGuard = z.object({
+    userId: z.string(),
+    details: z.object({}).optional(), // Connector's userinfo details, schemaless
+});
+export const identitiesGuard = z.record(identityGuard);
+export const baseMfaVerification = {
+    id: z.string(),
+    createdAt: z.string(),
+};
+export const mfaVerificationGuard = z.discriminatedUnion('type', [
+    z.object({
+        type: z.literal(MfaFactor.TOTP),
+        ...baseMfaVerification,
+        key: z.string(),
+    }),
+    z.object({
+        type: z.literal(MfaFactor.WebAuthn),
+        ...baseMfaVerification,
+        credentialId: z.string(),
+        publicKey: z.string(),
+        counter: z.number(),
+        agent: z.string(),
+    }),
+    z.object({
+        type: z.literal(MfaFactor.BackupCode),
+        ...baseMfaVerification,
+        code: z.string(),
+        usedAt: z.date().optional(),
+    }),
+]);
+export const mfaVerificationsGuard = mfaVerificationGuard.array();
 export const translationGuard = z.lazy(() => z.record(z.string().or(translationGuard)));
 /* === Logs === */
 export var LogResult;
@@ -137,6 +166,7 @@ export const logContextPayloadGuard = z
     sessionId: z.string().optional(),
 })
     .catchall(z.unknown());
+export const partialPasswordPolicyGuard = passwordPolicyGuard.deepPartial();
 /* === Hooks === */
 export var HookEvent;
 (function (HookEvent) {

package/lib/models/tenants.d.ts

@@ -13,7 +13,7 @@ export declare const Tenants: import("@withtyped/server/model").default<"tenants
     tag: TenantTag;
     createdAt: Date;
     isSuspended: boolean;
-}, "name" | "createdAt" | "isSuspended" | "tag", "createdAt">;
+}, "createdAt" | "name" | "isSuspended" | "tag", "createdAt">;
 export type TenantModel = InferModelType<typeof Tenants>;
 export declare const tenantInfoGuard: z.ZodObject<z.extendShape<Pick<{
     id: z.ZodType<string, z.ZodTypeDef, string>;
@@ -23,17 +23,17 @@ export declare const tenantInfoGuard: z.ZodObject<z.extendShape<Pick<{
     tag: z.ZodType<TenantTag, z.ZodTypeDef, TenantTag>;
     createdAt: z.ZodType<Date, z.ZodTypeDef, Date>;
     isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
-}, "name" | "id" | "isSuspended" | "tag">, {
+}, "id" | "name" | "isSuspended" | "tag">, {
     indicator: z.ZodString;
 }>, "strip", z.ZodTypeAny, {
-    name: string;
     id: string;
+    name: string;
     indicator: string;
     isSuspended: boolean;
     tag: TenantTag;
 }, {
-    name: string;
     id: string;
+    name: string;
     indicator: string;
     isSuspended: boolean;
     tag: TenantTag;

package/lib/seeds/cloud-api.d.ts

@@ -1,4 +1,4 @@
-import type { CreateScope, Role } from '../index.js';
+import type { CreateScope, Role } from '../db-entries/index.js';
 import type { UpdateAdminData } from './management-api.js';
 /** The API Resource Indicator for Logto Cloud. It's only useful when domain-based multi-tenancy is enabled. */
 export declare const cloudApiIndicator = "https://cloud.logto.io/api";

package/lib/seeds/cloud-api.js

@@ -1,4 +1,5 @@
 import { generateStandardId } from '@logto/shared/universal';
+import { RoleType } from '../db-entries/index.js';
 import { AdminTenantRole } from '../types/index.js';
 import { adminTenantId } from './tenant.js';
 /** The API Resource Indicator for Logto Cloud. It's only useful when domain-based multi-tenancy is enabled. */
@@ -56,4 +57,5 @@ export const createTenantApplicationRole = () => ({
     id: generateStandardId(),
     name: AdminTenantRole.TenantApplication,
     description: 'The role for M2M applications that represent a user tenant and send requests to Logto Cloud.',
+    type: RoleType.MachineToMachine,
 });

package/lib/seeds/logto-config.js

@@ -4,14 +4,7 @@ export const createDefaultAdminConsoleConfig = (forTenantId) => Object.freeze({
     tenantId: forTenantId,
     key: LogtoTenantConfigKey.AdminConsole,
     value: {
-        livePreviewChecked: false,
-        applicationCreated: false,
         signInExperienceCustomized: false,
-        passwordlessConfigured: false,
-        furtherReadingsChecked: false,
-        roleCreated: false,
-        communityChecked: false,
-        m2mApplicationCreated: false,
     },
 });
 export const createCloudConnectionConfig = (forTenantId, appId, appSecret) => Object.freeze({

package/lib/seeds/management-api.d.ts

@@ -1,4 +1,4 @@
-import type { CreateResource, CreateRole, CreateScope } from '../db-entries/index.js';
+import { RoleType, type CreateResource, type CreateRole, type CreateScope } from '../db-entries/index.js';
 import { PredefinedScope, InternalRole } from '../types/index.js';
 export type AdminData = {
     resource: CreateResource;
@@ -38,6 +38,7 @@ export declare const defaultManagementApi: Readonly<{
         id: string;
         name: InternalRole;
         description: string;
+        type: RoleType.MachineToMachine;
     };
 }>;
 export declare function getManagementApiResourceIndicator<TenantId extends string>(tenantId: TenantId): `https://${TenantId}.logto.app/api`;

package/lib/seeds/management-api.js

@@ -1,4 +1,5 @@
 import { generateStandardId } from '@logto/shared/universal';
+import { RoleType, } from '../db-entries/index.js';
 import { PredefinedScope, InternalRole, AdminTenantRole } from '../types/index.js';
 import { adminTenantId, defaultTenantId } from './tenant.js';
 // Consider remove the dependency of IDs
@@ -36,6 +37,7 @@ export const defaultManagementApi = Object.freeze({
         id: 'admin-role',
         name: InternalRole.Admin,
         description: `Internal admin role for Logto tenant ${defaultTenantId}.`,
+        type: RoleType.MachineToMachine,
     },
 });
 export function getManagementApiResourceIndicator(tenantId, path = 'api') {
@@ -66,6 +68,7 @@ export const createAdminData = (tenantId) => {
             id: generateStandardId(),
             name: InternalRole.Admin,
             description: `Internal admin role for Logto tenant ${defaultTenantId}.`,
+            type: RoleType.MachineToMachine,
         },
     });
 };
@@ -93,6 +96,7 @@ export const createAdminDataInAdminTenant = (tenantId) => {
             id: generateStandardId(),
             name: getManagementApiAdminName(tenantId),
             description: `Admin tenant admin role for Logto tenant ${tenantId}.`,
+            type: RoleType.User,
         },
     });
 };
@@ -119,6 +123,7 @@ export const createMeApiInAdminTenant = () => {
             id: generateStandardId(),
             name: AdminTenantRole.User,
             description: 'Default role for admin tenant.',
+            type: RoleType.User,
         },
     });
 };