@logto/schemas 1.9.2 → 1.10.1

package/lib/foundations/jsonb-types/logs.d.ts

@@ -0,0 +1,106 @@
+import { type PasswordPolicy } from '@logto/core-kit';
+import { type DeepPartial } from '@silverhand/essentials';
+import { z } from 'zod';
+export declare enum LogResult {
+    Success = "Success",
+    Error = "Error"
+}
+export declare const logContextPayloadGuard: z.ZodObject<{
+    key: z.ZodString;
+    result: z.ZodNativeEnum<typeof LogResult>;
+    error: z.ZodOptional<z.ZodUnion<[z.ZodRecord<z.ZodString, z.ZodUnknown>, z.ZodString]>>;
+    ip: z.ZodOptional<z.ZodString>;
+    userAgent: z.ZodOptional<z.ZodString>;
+    userId: z.ZodOptional<z.ZodString>;
+    applicationId: z.ZodOptional<z.ZodString>;
+    sessionId: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodUnknown, z.objectOutputType<{
+    key: z.ZodString;
+    result: z.ZodNativeEnum<typeof LogResult>;
+    error: z.ZodOptional<z.ZodUnion<[z.ZodRecord<z.ZodString, z.ZodUnknown>, z.ZodString]>>;
+    ip: z.ZodOptional<z.ZodString>;
+    userAgent: z.ZodOptional<z.ZodString>;
+    userId: z.ZodOptional<z.ZodString>;
+    applicationId: z.ZodOptional<z.ZodString>;
+    sessionId: z.ZodOptional<z.ZodString>;
+}, z.ZodUnknown, "strip">, z.objectInputType<{
+    key: z.ZodString;
+    result: z.ZodNativeEnum<typeof LogResult>;
+    error: z.ZodOptional<z.ZodUnion<[z.ZodRecord<z.ZodString, z.ZodUnknown>, z.ZodString]>>;
+    ip: z.ZodOptional<z.ZodString>;
+    userAgent: z.ZodOptional<z.ZodString>;
+    userId: z.ZodOptional<z.ZodString>;
+    applicationId: z.ZodOptional<z.ZodString>;
+    sessionId: z.ZodOptional<z.ZodString>;
+}, z.ZodUnknown, "strip">>;
+export type PartialPasswordPolicy = DeepPartial<PasswordPolicy>;
+export declare const partialPasswordPolicyGuard: z.ZodObject<{
+    length: z.ZodOptional<z.ZodDefault<z.ZodObject<{
+        min: z.ZodDefault<z.ZodNumber>;
+        max: z.ZodDefault<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        min: number;
+        max: number;
+    }, {
+        min?: number | undefined;
+        max?: number | undefined;
+    }>>>;
+    characterTypes: z.ZodOptional<z.ZodDefault<z.ZodObject<{
+        min: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    }, "strip", z.ZodTypeAny, {
+        min: number;
+    }, {
+        min?: number | undefined;
+    }>>>;
+    rejects: z.ZodOptional<z.ZodDefault<z.ZodObject<{
+        pwned: z.ZodDefault<z.ZodBoolean>;
+        repetitionAndSequence: z.ZodDefault<z.ZodBoolean>;
+        userInfo: z.ZodDefault<z.ZodBoolean>;
+        words: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        pwned: boolean;
+        repetitionAndSequence: boolean;
+        userInfo: boolean;
+        words: string[];
+    }, {
+        pwned?: boolean | undefined;
+        repetitionAndSequence?: boolean | undefined;
+        userInfo?: boolean | undefined;
+        words?: string[] | undefined;
+    }>>>;
+}, "strip", z.ZodTypeAny, {
+    length?: {
+        min: number;
+        max: number;
+    } | undefined;
+    characterTypes?: {
+        min: number;
+    } | undefined;
+    rejects?: {
+        pwned: boolean;
+        repetitionAndSequence: boolean;
+        userInfo: boolean;
+        words: string[];
+    } | undefined;
+}, {
+    length?: {
+        min?: number | undefined;
+        max?: number | undefined;
+    } | undefined;
+    characterTypes?: {
+        min?: number | undefined;
+    } | undefined;
+    rejects?: {
+        pwned?: boolean | undefined;
+        repetitionAndSequence?: boolean | undefined;
+        userInfo?: boolean | undefined;
+        words?: string[] | undefined;
+    } | undefined;
+}>;
+/**
+ * The basic log context type. It's more about a type hint instead of forcing the log shape.
+ *
+ * Note when setting up a log function, the type of log key in function arguments should be `LogKey`.
+ * Here we use `string` to make it compatible with the Zod guard.
+ **/
+export type LogContextPayload = z.infer<typeof logContextPayloadGuard>;

package/lib/foundations/jsonb-types/logs.js

@@ -0,0 +1,20 @@
+import { passwordPolicyGuard } from '@logto/core-kit';
+import { z } from 'zod';
+export var LogResult;
+(function (LogResult) {
+    LogResult["Success"] = "Success";
+    LogResult["Error"] = "Error";
+})(LogResult || (LogResult = {}));
+export const logContextPayloadGuard = z
+    .object({
+    key: z.string(),
+    result: z.nativeEnum(LogResult),
+    error: z.record(z.string(), z.unknown()).or(z.string()).optional(),
+    ip: z.string().optional(),
+    userAgent: z.string().optional(),
+    userId: z.string().optional(),
+    applicationId: z.string().optional(),
+    sessionId: z.string().optional(),
+})
+    .catchall(z.unknown());
+export const partialPasswordPolicyGuard = passwordPolicyGuard.deepPartial();

package/lib/foundations/jsonb-types/oidc-module.d.ts

@@ -0,0 +1,80 @@
+import { z } from 'zod';
+export declare const oidcModelInstancePayloadGuard: z.ZodObject<{
+    userCode: z.ZodOptional<z.ZodString>;
+    uid: z.ZodOptional<z.ZodString>;
+    grantId: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodUnknown, z.objectOutputType<{
+    userCode: z.ZodOptional<z.ZodString>;
+    uid: z.ZodOptional<z.ZodString>;
+    grantId: z.ZodOptional<z.ZodString>;
+}, z.ZodUnknown, "strip">, z.objectInputType<{
+    userCode: z.ZodOptional<z.ZodString>;
+    uid: z.ZodOptional<z.ZodString>;
+    grantId: z.ZodOptional<z.ZodString>;
+}, z.ZodUnknown, "strip">>;
+export type OidcModelInstancePayload = z.infer<typeof oidcModelInstancePayloadGuard>;
+export declare const oidcClientMetadataGuard: z.ZodObject<{
+    redirectUris: z.ZodArray<z.ZodUnion<[z.ZodEffects<z.ZodString, string, string>, z.ZodEffects<z.ZodString, string, string>]>, "many">;
+    postLogoutRedirectUris: z.ZodArray<z.ZodString, "many">;
+    logoUri: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    redirectUris: string[];
+    postLogoutRedirectUris: string[];
+    logoUri?: string | undefined;
+}, {
+    redirectUris: string[];
+    postLogoutRedirectUris: string[];
+    logoUri?: string | undefined;
+}>;
+export type OidcClientMetadata = z.infer<typeof oidcClientMetadataGuard>;
+export declare enum CustomClientMetadataKey {
+    CorsAllowedOrigins = "corsAllowedOrigins",
+    IdTokenTtl = "idTokenTtl",
+    /** @deprecated Use {@link RefreshTokenTtlInDays} instead. */
+    RefreshTokenTtl = "refreshTokenTtl",
+    RefreshTokenTtlInDays = "refreshTokenTtlInDays",
+    TenantId = "tenantId",
+    /**
+     * Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request.
+     *
+     * It only works for web applications when the client allowed grant types includes `refresh_token`.
+     *
+     * This config is for the third-party integrations that do not strictly follow OpenID Connect standards due to some reasons (e.g. they only know OAuth, but requires a Refresh Token to be returned anyway).
+     */
+    AlwaysIssueRefreshToken = "alwaysIssueRefreshToken",
+    /**
+     * When enabled (default), Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed.
+     *
+     * It can be turned off for only traditional web apps for enhanced security.
+     */
+    RotateRefreshToken = "rotateRefreshToken"
+}
+export declare const customClientMetadataGuard: z.ZodObject<{
+    corsAllowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    idTokenTtl: z.ZodOptional<z.ZodNumber>;
+    refreshTokenTtl: z.ZodOptional<z.ZodNumber>;
+    refreshTokenTtlInDays: z.ZodOptional<z.ZodNumber>;
+    tenantId: z.ZodOptional<z.ZodString>;
+    alwaysIssueRefreshToken: z.ZodOptional<z.ZodBoolean>;
+    rotateRefreshToken: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    corsAllowedOrigins?: string[] | undefined;
+    idTokenTtl?: number | undefined;
+    refreshTokenTtl?: number | undefined;
+    refreshTokenTtlInDays?: number | undefined;
+    tenantId?: string | undefined;
+    alwaysIssueRefreshToken?: boolean | undefined;
+    rotateRefreshToken?: boolean | undefined;
+}, {
+    corsAllowedOrigins?: string[] | undefined;
+    idTokenTtl?: number | undefined;
+    refreshTokenTtl?: number | undefined;
+    refreshTokenTtlInDays?: number | undefined;
+    tenantId?: string | undefined;
+    alwaysIssueRefreshToken?: boolean | undefined;
+    rotateRefreshToken?: boolean | undefined;
+}>;
+/**
+ * @see {@link CustomClientMetadataKey} for key descriptions.
+ */
+export type CustomClientMetadata = z.infer<typeof customClientMetadataGuard>;

package/lib/foundations/jsonb-types/oidc-module.js

@@ -0,0 +1,54 @@
+import { validateRedirectUrl } from '@logto/core-kit';
+import { z } from 'zod';
+export const oidcModelInstancePayloadGuard = z
+    .object({
+    userCode: z.string().optional(),
+    uid: z.string().optional(),
+    grantId: z.string().optional(),
+})
+    /**
+     * Try to use `.passthrough()` if type has been fixed.
+     * https://github.com/colinhacks/zod/issues/452
+     */
+    .catchall(z.unknown());
+export const oidcClientMetadataGuard = z.object({
+    redirectUris: z
+        .string()
+        .refine((url) => validateRedirectUrl(url, 'web'))
+        .or(z.string().refine((url) => validateRedirectUrl(url, 'mobile')))
+        .array(),
+    postLogoutRedirectUris: z.string().url().array(),
+    logoUri: z.string().optional(),
+});
+export var CustomClientMetadataKey;
+(function (CustomClientMetadataKey) {
+    CustomClientMetadataKey["CorsAllowedOrigins"] = "corsAllowedOrigins";
+    CustomClientMetadataKey["IdTokenTtl"] = "idTokenTtl";
+    /** @deprecated Use {@link RefreshTokenTtlInDays} instead. */
+    CustomClientMetadataKey["RefreshTokenTtl"] = "refreshTokenTtl";
+    CustomClientMetadataKey["RefreshTokenTtlInDays"] = "refreshTokenTtlInDays";
+    CustomClientMetadataKey["TenantId"] = "tenantId";
+    /**
+     * Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request.
+     *
+     * It only works for web applications when the client allowed grant types includes `refresh_token`.
+     *
+     * This config is for the third-party integrations that do not strictly follow OpenID Connect standards due to some reasons (e.g. they only know OAuth, but requires a Refresh Token to be returned anyway).
+     */
+    CustomClientMetadataKey["AlwaysIssueRefreshToken"] = "alwaysIssueRefreshToken";
+    /**
+     * When enabled (default), Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed.
+     *
+     * It can be turned off for only traditional web apps for enhanced security.
+     */
+    CustomClientMetadataKey["RotateRefreshToken"] = "rotateRefreshToken";
+})(CustomClientMetadataKey || (CustomClientMetadataKey = {}));
+export const customClientMetadataGuard = z.object({
+    [CustomClientMetadataKey.CorsAllowedOrigins]: z.string().min(1).array().optional(),
+    [CustomClientMetadataKey.IdTokenTtl]: z.number().optional(),
+    [CustomClientMetadataKey.RefreshTokenTtl]: z.number().optional(),
+    [CustomClientMetadataKey.RefreshTokenTtlInDays]: z.number().int().min(1).max(90).optional(),
+    [CustomClientMetadataKey.TenantId]: z.string().optional(),
+    [CustomClientMetadataKey.AlwaysIssueRefreshToken]: z.boolean().optional(),
+    [CustomClientMetadataKey.RotateRefreshToken]: z.boolean().optional(),
+});

package/lib/foundations/jsonb-types/phrases.d.ts

@@ -0,0 +1,5 @@
+import { z } from 'zod';
+export type Translation = {
+    [key: string]: string | Translation;
+};
+export declare const translationGuard: z.ZodType<Translation>;

package/lib/foundations/jsonb-types/phrases.js

@@ -0,0 +1,2 @@
+import { z } from 'zod';
+export const translationGuard = z.lazy(() => z.record(z.string().or(translationGuard)));

package/lib/foundations/jsonb-types/sentinel.d.ts

@@ -0,0 +1,27 @@
+import { z } from 'zod';
+/** The action target type of a sentinel activity. */
+export declare enum SentinelActivityTargetType {
+    User = "User",
+    App = "App"
+}
+export declare const sentinelActivityTargetTypeGuard: z.ZodNativeEnum<typeof SentinelActivityTargetType>;
+/** The action type of a sentinel activity. */
+export declare enum SentinelActivityAction {
+    /**
+     * The subject tries to pass a verification by inputting a password.
+     *
+     * For example, a user (subject) who inputted a password (action) to authenticate themselves
+     * (target).
+     */
+    Password = "Password",
+    /**
+     * The subject tries to pass a verification by inputting a verification code.
+     *
+     * For example, a user (subject) who inputted a verification code (action) to authenticate
+     * themselves (target).
+     */
+    VerificationCode = "VerificationCode"
+}
+export declare const sentinelActivityActionGuard: z.ZodNativeEnum<typeof SentinelActivityAction>;
+export type SentinelActivityPayload = Record<string, unknown>;
+export declare const sentinelActivityPayloadGuard: z.ZodRecord<z.ZodString, z.ZodUnknown>;

package/lib/foundations/jsonb-types/sentinel.js

@@ -0,0 +1,28 @@
+import { z } from 'zod';
+/** The action target type of a sentinel activity. */
+export var SentinelActivityTargetType;
+(function (SentinelActivityTargetType) {
+    SentinelActivityTargetType["User"] = "User";
+    SentinelActivityTargetType["App"] = "App";
+})(SentinelActivityTargetType || (SentinelActivityTargetType = {}));
+export const sentinelActivityTargetTypeGuard = z.nativeEnum(SentinelActivityTargetType);
+/** The action type of a sentinel activity. */
+export var SentinelActivityAction;
+(function (SentinelActivityAction) {
+    /**
+     * The subject tries to pass a verification by inputting a password.
+     *
+     * For example, a user (subject) who inputted a password (action) to authenticate themselves
+     * (target).
+     */
+    SentinelActivityAction["Password"] = "Password";
+    /**
+     * The subject tries to pass a verification by inputting a verification code.
+     *
+     * For example, a user (subject) who inputted a verification code (action) to authenticate
+     * themselves (target).
+     */
+    SentinelActivityAction["VerificationCode"] = "VerificationCode";
+})(SentinelActivityAction || (SentinelActivityAction = {}));
+export const sentinelActivityActionGuard = z.nativeEnum(SentinelActivityAction);
+export const sentinelActivityPayloadGuard = z.record(z.unknown());

package/lib/foundations/jsonb-types/sign-in-experience.d.ts

@@ -0,0 +1,118 @@
+import { z } from 'zod';
+export declare const colorGuard: z.ZodObject<{
+    primaryColor: z.ZodString;
+    isDarkModeEnabled: z.ZodBoolean;
+    darkPrimaryColor: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    primaryColor: string;
+    isDarkModeEnabled: boolean;
+    darkPrimaryColor: string;
+}, {
+    primaryColor: string;
+    isDarkModeEnabled: boolean;
+    darkPrimaryColor: string;
+}>;
+export type Color = z.infer<typeof colorGuard>;
+export declare const brandingGuard: z.ZodObject<{
+    logoUrl: z.ZodOptional<z.ZodString>;
+    darkLogoUrl: z.ZodOptional<z.ZodString>;
+    favicon: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    logoUrl?: string | undefined;
+    darkLogoUrl?: string | undefined;
+    favicon?: string | undefined;
+}, {
+    logoUrl?: string | undefined;
+    darkLogoUrl?: string | undefined;
+    favicon?: string | undefined;
+}>;
+export type Branding = z.infer<typeof brandingGuard>;
+export declare const languageInfoGuard: z.ZodObject<{
+    autoDetect: z.ZodBoolean;
+    fallbackLanguage: z.ZodType<"af-ZA" | "am-ET" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR", z.ZodTypeDef, "af-ZA" | "am-ET" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR">;
+}, "strip", z.ZodTypeAny, {
+    autoDetect: boolean;
+    fallbackLanguage: "af-ZA" | "am-ET" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
+}, {
+    autoDetect: boolean;
+    fallbackLanguage: "af-ZA" | "am-ET" | "ar-AR" | "as-IN" | "az-AZ" | "be-BY" | "bg-BG" | "bn-IN" | "br-FR" | "bs-BA" | "ca-ES" | "cb-IQ" | "co-FR" | "cs-CZ" | "cx-PH" | "cy-GB" | "da-DK" | "de" | "de-DE" | "el-GR" | "en" | "en-GB" | "en-US" | "eo-EO" | "es" | "es-ES" | "es-419" | "et-EE" | "eu-ES" | "fa-IR" | "ff-NG" | "fi-FI" | "fo-FO" | "fr" | "fr-CA" | "fr-FR" | "fy-NL" | "ga-IE" | "gl-ES" | "gn-PY" | "gu-IN" | "ha-NG" | "he-IL" | "hi-IN" | "hr-HR" | "ht-HT" | "hu-HU" | "hy-AM" | "id-ID" | "ik-US" | "is-IS" | "it" | "it-IT" | "iu-CA" | "ja" | "ja-JP" | "ja-KS" | "jv-ID" | "ka-GE" | "kk-KZ" | "km-KH" | "kn-IN" | "ko" | "ko-KR" | "ku-TR" | "ky-KG" | "lo-LA" | "lt-LT" | "lv-LV" | "mg-MG" | "mk-MK" | "ml-IN" | "mn-MN" | "mr-IN" | "ms-MY" | "mt-MT" | "my-MM" | "nb-NO" | "ne-NP" | "nl-BE" | "nl-NL" | "nn-NO" | "or-IN" | "pa-IN" | "pl-PL" | "ps-AF" | "pt" | "pt-BR" | "pt-PT" | "ro-RO" | "ru" | "ru-RU" | "rw-RW" | "sc-IT" | "si-LK" | "sk-SK" | "sl-SI" | "sn-ZW" | "sq-AL" | "sr-RS" | "sv-SE" | "sw-KE" | "sy-SY" | "sz-PL" | "ta-IN" | "te-IN" | "tg-TJ" | "th-TH" | "tl-PH" | "tr" | "tr-TR" | "tt-RU" | "tz-MA" | "uk-UA" | "ur-PK" | "uz-UZ" | "vi-VN" | "zh" | "zh-CN" | "zh-HK" | "zh-MO" | "zh-TW" | "zz-TR";
+}>;
+export type LanguageInfo = z.infer<typeof languageInfoGuard>;
+export declare enum SignInIdentifier {
+    Username = "username",
+    Email = "email",
+    Phone = "phone"
+}
+export declare const signUpGuard: z.ZodObject<{
+    identifiers: z.ZodArray<z.ZodNativeEnum<typeof SignInIdentifier>, "many">;
+    password: z.ZodBoolean;
+    verify: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    identifiers: SignInIdentifier[];
+    password: boolean;
+    verify: boolean;
+}, {
+    identifiers: SignInIdentifier[];
+    password: boolean;
+    verify: boolean;
+}>;
+export type SignUp = z.infer<typeof signUpGuard>;
+export declare const signInGuard: z.ZodObject<{
+    methods: z.ZodArray<z.ZodObject<{
+        identifier: z.ZodNativeEnum<typeof SignInIdentifier>;
+        password: z.ZodBoolean;
+        verificationCode: z.ZodBoolean;
+        isPasswordPrimary: z.ZodBoolean;
+    }, "strip", z.ZodTypeAny, {
+        password: boolean;
+        identifier: SignInIdentifier;
+        verificationCode: boolean;
+        isPasswordPrimary: boolean;
+    }, {
+        password: boolean;
+        identifier: SignInIdentifier;
+        verificationCode: boolean;
+        isPasswordPrimary: boolean;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    methods: {
+        password: boolean;
+        identifier: SignInIdentifier;
+        verificationCode: boolean;
+        isPasswordPrimary: boolean;
+    }[];
+}, {
+    methods: {
+        password: boolean;
+        identifier: SignInIdentifier;
+        verificationCode: boolean;
+        isPasswordPrimary: boolean;
+    }[];
+}>;
+export type SignIn = z.infer<typeof signInGuard>;
+export declare const connectorTargetsGuard: z.ZodArray<z.ZodString, "many">;
+export type ConnectorTargets = z.infer<typeof connectorTargetsGuard>;
+export declare const customContentGuard: z.ZodRecord<z.ZodString, z.ZodString>;
+export type CustomContent = z.infer<typeof customContentGuard>;
+export declare enum MfaFactor {
+    TOTP = "Totp",
+    WebAuthn = "WebAuthn",
+    BackupCode = "BackupCode"
+}
+export declare const mfaFactorsGuard: z.ZodArray<z.ZodNativeEnum<typeof MfaFactor>, "many">;
+export type MfaFactors = z.infer<typeof mfaFactorsGuard>;
+export declare enum MfaPolicy {
+    UserControlled = "UserControlled",
+    Mandatory = "Mandatory"
+}
+export declare const mfaGuard: z.ZodObject<{
+    factors: z.ZodArray<z.ZodNativeEnum<typeof MfaFactor>, "many">;
+    policy: z.ZodNativeEnum<typeof MfaPolicy>;
+}, "strip", z.ZodTypeAny, {
+    factors: MfaFactor[];
+    policy: MfaPolicy;
+}, {
+    factors: MfaFactor[];
+    policy: MfaPolicy;
+}>;
+export type Mfa = z.infer<typeof mfaGuard>;

package/lib/foundations/jsonb-types/sign-in-experience.js

@@ -0,0 +1,56 @@
+import { hexColorRegEx } from '@logto/core-kit';
+import { languageTagGuard } from '@logto/language-kit';
+import { z } from 'zod';
+export const colorGuard = z.object({
+    primaryColor: z.string().regex(hexColorRegEx),
+    isDarkModeEnabled: z.boolean(),
+    darkPrimaryColor: z.string().regex(hexColorRegEx),
+});
+export const brandingGuard = z.object({
+    logoUrl: z.string().url().optional(),
+    darkLogoUrl: z.string().url().optional(),
+    favicon: z.string().url().optional(),
+});
+export const languageInfoGuard = z.object({
+    autoDetect: z.boolean(),
+    fallbackLanguage: languageTagGuard,
+});
+export var SignInIdentifier;
+(function (SignInIdentifier) {
+    SignInIdentifier["Username"] = "username";
+    SignInIdentifier["Email"] = "email";
+    SignInIdentifier["Phone"] = "phone";
+})(SignInIdentifier || (SignInIdentifier = {}));
+export const signUpGuard = z.object({
+    identifiers: z.nativeEnum(SignInIdentifier).array(),
+    password: z.boolean(),
+    verify: z.boolean(),
+});
+export const signInGuard = z.object({
+    methods: z
+        .object({
+        identifier: z.nativeEnum(SignInIdentifier),
+        password: z.boolean(),
+        verificationCode: z.boolean(),
+        isPasswordPrimary: z.boolean(),
+    })
+        .array(),
+});
+export const connectorTargetsGuard = z.string().array();
+export const customContentGuard = z.record(z.string());
+export var MfaFactor;
+(function (MfaFactor) {
+    MfaFactor["TOTP"] = "Totp";
+    MfaFactor["WebAuthn"] = "WebAuthn";
+    MfaFactor["BackupCode"] = "BackupCode";
+})(MfaFactor || (MfaFactor = {}));
+export const mfaFactorsGuard = z.nativeEnum(MfaFactor).array();
+export var MfaPolicy;
+(function (MfaPolicy) {
+    MfaPolicy["UserControlled"] = "UserControlled";
+    MfaPolicy["Mandatory"] = "Mandatory";
+})(MfaPolicy || (MfaPolicy = {}));
+export const mfaGuard = z.object({
+    factors: mfaFactorsGuard,
+    policy: z.nativeEnum(MfaPolicy),
+});

package/lib/foundations/jsonb-types/sso-connector.d.ts

@@ -0,0 +1,14 @@
+import { z } from 'zod';
+export declare const ssoDomainsGuard: z.ZodArray<z.ZodString, "many">;
+export type SsoDomains = z.infer<typeof ssoDomainsGuard>;
+export declare const ssoBrandingGuard: z.ZodObject<{
+    logo: z.ZodOptional<z.ZodString>;
+    darkLogo: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    logo?: string | undefined;
+    darkLogo?: string | undefined;
+}, {
+    logo?: string | undefined;
+    darkLogo?: string | undefined;
+}>;
+export type SsoBranding = z.infer<typeof ssoBrandingGuard>;

package/lib/foundations/jsonb-types/sso-connector.js

@@ -0,0 +1,6 @@
+import { z } from 'zod';
+export const ssoDomainsGuard = z.array(z.string());
+export const ssoBrandingGuard = z.object({
+    logo: z.string().optional(),
+    darkLogo: z.string().optional(),
+});