@objectstack/platform-objects 14.8.0 → 15.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/index.d.mts +2 -0
- package/dist/apps/index.d.ts +2 -0
- package/dist/apps/index.js +1316 -136
- package/dist/apps/index.js.map +1 -1
- package/dist/apps/index.mjs +1316 -136
- package/dist/apps/index.mjs.map +1 -1
- package/dist/audit/index.d.mts +933 -578
- package/dist/audit/index.d.ts +933 -578
- package/dist/audit/index.js +6 -19
- package/dist/audit/index.js.map +1 -1
- package/dist/audit/index.mjs +6 -19
- package/dist/audit/index.mjs.map +1 -1
- package/dist/identity/index.d.mts +15025 -2760
- package/dist/identity/index.d.ts +15025 -2760
- package/dist/identity/index.js +381 -27
- package/dist/identity/index.js.map +1 -1
- package/dist/identity/index.mjs +379 -28
- package/dist/identity/index.mjs.map +1 -1
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1859 -197
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +1857 -198
- package/dist/index.mjs.map +1 -1
- package/dist/metadata-translations/index.js +64 -0
- package/dist/metadata-translations/index.js.map +1 -1
- package/dist/metadata-translations/index.mjs +64 -0
- package/dist/metadata-translations/index.mjs.map +1 -1
- package/dist/pages/index.js +77 -0
- package/dist/pages/index.js.map +1 -1
- package/dist/pages/index.mjs +77 -0
- package/dist/pages/index.mjs.map +1 -1
- package/dist/plugin.js +1380 -136
- package/dist/plugin.js.map +1 -1
- package/dist/plugin.mjs +1380 -136
- package/dist/plugin.mjs.map +1 -1
- package/dist/system/index.d.mts +240 -24
- package/dist/system/index.d.ts +240 -24
- package/package.json +3 -3
package/dist/identity/index.mjs
CHANGED
|
@@ -51,7 +51,7 @@ var SysUser = ObjectSchema.create({
|
|
|
51
51
|
// "add a teammate" affordance — the Users list is always reachable —
|
|
52
52
|
// and every add flows through better-auth invitations, never bespoke
|
|
53
53
|
// sys_user CRUD.
|
|
54
|
-
|
|
54
|
+
requiresFeature: "organization",
|
|
55
55
|
successMessage: "Invitation sent",
|
|
56
56
|
refreshAfter: true,
|
|
57
57
|
params: [
|
|
@@ -62,9 +62,11 @@ var SysUser = ObjectSchema.create({
|
|
|
62
62
|
// ── Platform admin operations (require better-auth `admin` plugin) ─
|
|
63
63
|
//
|
|
64
64
|
// These actions hit /api/v1/auth/admin/* endpoints that are only
|
|
65
|
-
// wired when `auth.plugins.admin` is enabled
|
|
66
|
-
//
|
|
67
|
-
//
|
|
65
|
+
// wired when `auth.plugins.admin` is enabled, so each one is gated on
|
|
66
|
+
// `requiresFeature: 'admin'` (#2874) — when the plugin is off the UI
|
|
67
|
+
// hides them instead of rendering buttons that 404. SCIM deployments
|
|
68
|
+
// keep them: SCIM forces the admin plugin (and `features.admin`) on
|
|
69
|
+
// (ADR-0071). UI surfaces them under the row menu AND the
|
|
68
70
|
// record-detail header (`record_header`, overflowing into the ⋯
|
|
69
71
|
// "More" menu) so platform admins can manage an account from either
|
|
70
72
|
// the Users list or an open user record — without dropping to SQL or
|
|
@@ -77,6 +79,7 @@ var SysUser = ObjectSchema.create({
|
|
|
77
79
|
locations: ["list_item", "record_header"],
|
|
78
80
|
type: "api",
|
|
79
81
|
target: "/api/v1/auth/admin/ban-user",
|
|
82
|
+
requiresFeature: "admin",
|
|
80
83
|
recordIdParam: "userId",
|
|
81
84
|
successMessage: "User banned",
|
|
82
85
|
refreshAfter: true,
|
|
@@ -93,6 +96,7 @@ var SysUser = ObjectSchema.create({
|
|
|
93
96
|
locations: ["list_item", "record_header"],
|
|
94
97
|
type: "api",
|
|
95
98
|
target: "/api/v1/auth/admin/unban-user",
|
|
99
|
+
requiresFeature: "admin",
|
|
96
100
|
recordIdParam: "userId",
|
|
97
101
|
successMessage: "User unbanned",
|
|
98
102
|
refreshAfter: true
|
|
@@ -108,6 +112,7 @@ var SysUser = ObjectSchema.create({
|
|
|
108
112
|
locations: ["list_item", "record_header"],
|
|
109
113
|
type: "api",
|
|
110
114
|
target: "/api/v1/auth/admin/unlock-user",
|
|
115
|
+
requiresFeature: "admin",
|
|
111
116
|
recordIdParam: "userId",
|
|
112
117
|
successMessage: "Account unlocked",
|
|
113
118
|
refreshAfter: true
|
|
@@ -127,7 +132,7 @@ var SysUser = ObjectSchema.create({
|
|
|
127
132
|
locations: ["list_toolbar"],
|
|
128
133
|
type: "api",
|
|
129
134
|
target: "/api/v1/auth/admin/create-user",
|
|
130
|
-
|
|
135
|
+
requiresFeature: "admin",
|
|
131
136
|
successMessage: "User created",
|
|
132
137
|
refreshAfter: true,
|
|
133
138
|
params: [
|
|
@@ -144,7 +149,7 @@ var SysUser = ObjectSchema.create({
|
|
|
144
149
|
// otherwise the create-user endpoint rejects a phone with
|
|
145
150
|
// "Phone numbers require the phoneNumber auth plugin". `features.phoneNumber`
|
|
146
151
|
// is served in /api/v1/auth/config (getPublicConfig).
|
|
147
|
-
|
|
152
|
+
requiresFeature: "phoneNumber"
|
|
148
153
|
},
|
|
149
154
|
{ field: "name", required: false },
|
|
150
155
|
{
|
|
@@ -186,6 +191,7 @@ var SysUser = ObjectSchema.create({
|
|
|
186
191
|
// legacy role scalar), can mint a temporary password, and stamps
|
|
187
192
|
// must_change_password.
|
|
188
193
|
target: "/api/v1/auth/admin/set-user-password",
|
|
194
|
+
requiresFeature: "admin",
|
|
189
195
|
recordIdParam: "userId",
|
|
190
196
|
successMessage: "Password updated",
|
|
191
197
|
refreshAfter: false,
|
|
@@ -223,6 +229,7 @@ var SysUser = ObjectSchema.create({
|
|
|
223
229
|
locations: ["list_item", "record_header"],
|
|
224
230
|
type: "api",
|
|
225
231
|
target: "/api/v1/auth/admin/set-role",
|
|
232
|
+
requiresFeature: "admin",
|
|
226
233
|
recordIdParam: "userId",
|
|
227
234
|
successMessage: "Role updated",
|
|
228
235
|
refreshAfter: true,
|
|
@@ -238,6 +245,7 @@ var SysUser = ObjectSchema.create({
|
|
|
238
245
|
locations: ["list_item", "record_header"],
|
|
239
246
|
type: "api",
|
|
240
247
|
target: "/api/v1/auth/admin/impersonate-user",
|
|
248
|
+
requiresFeature: "admin",
|
|
241
249
|
recordIdParam: "userId",
|
|
242
250
|
successMessage: "Now impersonating user",
|
|
243
251
|
refreshAfter: true,
|
|
@@ -355,6 +363,7 @@ var SysUser = ObjectSchema.create({
|
|
|
355
363
|
type: "api",
|
|
356
364
|
target: "/api/v1/auth/two-factor/enable",
|
|
357
365
|
visible: "record.id == ctx.user.id && record.two_factor_enabled != true",
|
|
366
|
+
requiresFeature: "twoFactor",
|
|
358
367
|
successMessage: "Two-factor authentication enabled. Scan the QR code or paste the otpauth URI into your authenticator app, then verify a code to complete setup.",
|
|
359
368
|
refreshAfter: true,
|
|
360
369
|
params: [
|
|
@@ -370,6 +379,7 @@ var SysUser = ObjectSchema.create({
|
|
|
370
379
|
type: "api",
|
|
371
380
|
target: "/api/v1/auth/two-factor/disable",
|
|
372
381
|
visible: "record.id == ctx.user.id && record.two_factor_enabled == true",
|
|
382
|
+
requiresFeature: "twoFactor",
|
|
373
383
|
confirmText: "Turn off two-factor authentication? Your account will be less secure.",
|
|
374
384
|
successMessage: "Two-factor authentication disabled.",
|
|
375
385
|
refreshAfter: true,
|
|
@@ -386,6 +396,7 @@ var SysUser = ObjectSchema.create({
|
|
|
386
396
|
type: "api",
|
|
387
397
|
target: "/api/v1/auth/two-factor/generate-backup-codes",
|
|
388
398
|
visible: "record.id == ctx.user.id && record.two_factor_enabled == true",
|
|
399
|
+
requiresFeature: "twoFactor",
|
|
389
400
|
confirmText: "Generate a new set of backup codes? Any previously generated codes will stop working.",
|
|
390
401
|
successMessage: "New backup codes generated \u2014 save them somewhere safe.",
|
|
391
402
|
refreshAfter: false,
|
|
@@ -1193,7 +1204,7 @@ var SysOrganization = ObjectSchema.create({
|
|
|
1193
1204
|
// populated by the console/account shells from `/auth/config`;
|
|
1194
1205
|
// we default to visible when the flag is undefined so we don't
|
|
1195
1206
|
// accidentally hide the button while auth config is still loading.
|
|
1196
|
-
|
|
1207
|
+
requiresFeature: "multiOrgEnabled",
|
|
1197
1208
|
params: [
|
|
1198
1209
|
{ field: "name", required: true },
|
|
1199
1210
|
{ field: "slug", required: true },
|
|
@@ -1214,7 +1225,7 @@ var SysOrganization = ObjectSchema.create({
|
|
|
1214
1225
|
// Org-admin actions are multi-org-only; hide them in single-org for
|
|
1215
1226
|
// consistency with `create_organization` (the org list is empty there,
|
|
1216
1227
|
// but this also guards direct record-URL access).
|
|
1217
|
-
|
|
1228
|
+
requiresFeature: "multiOrgEnabled",
|
|
1218
1229
|
successMessage: "Organization updated",
|
|
1219
1230
|
refreshAfter: true,
|
|
1220
1231
|
params: [
|
|
@@ -1233,7 +1244,7 @@ var SysOrganization = ObjectSchema.create({
|
|
|
1233
1244
|
type: "api",
|
|
1234
1245
|
target: "/api/v1/auth/organization/delete",
|
|
1235
1246
|
recordIdParam: "organizationId",
|
|
1236
|
-
|
|
1247
|
+
requiresFeature: "multiOrgEnabled",
|
|
1237
1248
|
confirmText: "Delete this organization? All members will lose access immediately. This cannot be undone.",
|
|
1238
1249
|
successMessage: "Organization deleted",
|
|
1239
1250
|
refreshAfter: true
|
|
@@ -1252,7 +1263,7 @@ var SysOrganization = ObjectSchema.create({
|
|
|
1252
1263
|
type: "api",
|
|
1253
1264
|
target: "/api/v1/auth/organization/set-active",
|
|
1254
1265
|
recordIdParam: "organizationId",
|
|
1255
|
-
|
|
1266
|
+
requiresFeature: "multiOrgEnabled",
|
|
1256
1267
|
successMessage: "Active organization switched",
|
|
1257
1268
|
refreshAfter: true
|
|
1258
1269
|
},
|
|
@@ -1269,7 +1280,7 @@ var SysOrganization = ObjectSchema.create({
|
|
|
1269
1280
|
type: "api",
|
|
1270
1281
|
target: "/api/v1/auth/organization/leave",
|
|
1271
1282
|
recordIdParam: "organizationId",
|
|
1272
|
-
|
|
1283
|
+
requiresFeature: "multiOrgEnabled",
|
|
1273
1284
|
confirmText: "Leave this organization? You will lose access to all of its resources.",
|
|
1274
1285
|
successMessage: "You have left the organization",
|
|
1275
1286
|
refreshAfter: true
|
|
@@ -1291,7 +1302,7 @@ var SysOrganization = ObjectSchema.create({
|
|
|
1291
1302
|
type: "api",
|
|
1292
1303
|
target: "/api/v1/cloud/organizations/{id}/change-slug",
|
|
1293
1304
|
method: "POST",
|
|
1294
|
-
|
|
1305
|
+
requiresFeature: "multiOrgEnabled",
|
|
1295
1306
|
confirmText: "Renaming the slug rewrites every platform subdomain for this org and parks the old slug for 90 days. Continue?",
|
|
1296
1307
|
successMessage: "Organization slug changed",
|
|
1297
1308
|
refreshAfter: true,
|
|
@@ -1429,7 +1440,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1429
1440
|
// better-auth endpoints resolve the session's active org, which
|
|
1430
1441
|
// single-org mode now guarantees via plugin-auth's default-org
|
|
1431
1442
|
// bootstrap. Same gate on every membership mutation below.
|
|
1432
|
-
|
|
1443
|
+
requiresFeature: "organization",
|
|
1433
1444
|
successMessage: "Member added",
|
|
1434
1445
|
refreshAfter: true,
|
|
1435
1446
|
params: [
|
|
@@ -1447,7 +1458,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1447
1458
|
type: "api",
|
|
1448
1459
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1449
1460
|
recordIdParam: "memberId",
|
|
1450
|
-
|
|
1461
|
+
requiresFeature: "organization",
|
|
1451
1462
|
successMessage: "Member role updated",
|
|
1452
1463
|
refreshAfter: true,
|
|
1453
1464
|
params: [
|
|
@@ -1464,7 +1475,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1464
1475
|
type: "api",
|
|
1465
1476
|
target: "/api/v1/auth/organization/remove-member",
|
|
1466
1477
|
recordIdParam: "memberIdOrEmail",
|
|
1467
|
-
|
|
1478
|
+
requiresFeature: "organization",
|
|
1468
1479
|
confirmText: "Remove this member from the organization? They will lose access to all org resources.",
|
|
1469
1480
|
successMessage: "Member removed",
|
|
1470
1481
|
refreshAfter: true
|
|
@@ -1486,7 +1497,10 @@ var SysMember = ObjectSchema.create({
|
|
|
1486
1497
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1487
1498
|
recordIdParam: "memberId",
|
|
1488
1499
|
bodyExtra: { role: "owner" },
|
|
1489
|
-
|
|
1500
|
+
// The residual row predicate stays hand-written; the feature gate is
|
|
1501
|
+
// AND-composed onto it by the requiresFeature lowering.
|
|
1502
|
+
visible: "record.role != 'owner'",
|
|
1503
|
+
requiresFeature: "organization",
|
|
1490
1504
|
confirmText: "Transfer ownership of this organization to the selected member? You will be demoted to admin and lose owner-only privileges.",
|
|
1491
1505
|
successMessage: "Ownership transferred",
|
|
1492
1506
|
refreshAfter: true
|
|
@@ -1594,7 +1608,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1594
1608
|
// sys_organization.create_organization). The recipient-side
|
|
1595
1609
|
// accept/reject actions below stay record-gated — they are
|
|
1596
1610
|
// unreachable in single-org anyway (no invitation rows exist).
|
|
1597
|
-
|
|
1611
|
+
requiresFeature: "organization",
|
|
1598
1612
|
successMessage: "Invitation sent",
|
|
1599
1613
|
refreshAfter: true,
|
|
1600
1614
|
params: [
|
|
@@ -1612,7 +1626,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1612
1626
|
type: "api",
|
|
1613
1627
|
target: "/api/v1/auth/organization/cancel-invitation",
|
|
1614
1628
|
recordIdParam: "invitationId",
|
|
1615
|
-
|
|
1629
|
+
requiresFeature: "organization",
|
|
1616
1630
|
confirmText: "Cancel this invitation? The recipient will no longer be able to accept it.",
|
|
1617
1631
|
successMessage: "Invitation canceled",
|
|
1618
1632
|
refreshAfter: true
|
|
@@ -1626,7 +1640,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1626
1640
|
type: "api",
|
|
1627
1641
|
target: "/api/v1/auth/organization/invite-member",
|
|
1628
1642
|
bodyExtra: { resend: true },
|
|
1629
|
-
|
|
1643
|
+
requiresFeature: "organization",
|
|
1630
1644
|
successMessage: "Invitation resent",
|
|
1631
1645
|
refreshAfter: true,
|
|
1632
1646
|
params: [
|
|
@@ -1816,7 +1830,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1816
1830
|
// Teams are nested inside organizations — a multi-org-only concept.
|
|
1817
1831
|
// Gate every team mutation on the multi-org flag so the affordances
|
|
1818
1832
|
// disappear in single-org (mirrors sys_organization.create_organization).
|
|
1819
|
-
|
|
1833
|
+
requiresFeature: "organization",
|
|
1820
1834
|
successMessage: "Team created",
|
|
1821
1835
|
refreshAfter: true,
|
|
1822
1836
|
params: [
|
|
@@ -1837,7 +1851,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1837
1851
|
target: "/api/v1/auth/organization/update-team",
|
|
1838
1852
|
recordIdParam: "teamId",
|
|
1839
1853
|
bodyShape: { wrap: "data" },
|
|
1840
|
-
|
|
1854
|
+
requiresFeature: "organization",
|
|
1841
1855
|
successMessage: "Team updated",
|
|
1842
1856
|
refreshAfter: true,
|
|
1843
1857
|
params: [
|
|
@@ -1856,7 +1870,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1856
1870
|
type: "api",
|
|
1857
1871
|
target: "/api/v1/auth/organization/remove-team",
|
|
1858
1872
|
recordIdParam: "teamId",
|
|
1859
|
-
|
|
1873
|
+
requiresFeature: "organization",
|
|
1860
1874
|
confirmText: "Delete this team? Members will lose any team-scoped access. This cannot be undone.",
|
|
1861
1875
|
successMessage: "Team deleted",
|
|
1862
1876
|
refreshAfter: true
|
|
@@ -1970,7 +1984,7 @@ var SysTeamMember = ObjectSchema.create({
|
|
|
1970
1984
|
// Team membership lives under organizations — multi-org-only. Gate
|
|
1971
1985
|
// both mutations so they vanish in single-org (mirrors
|
|
1972
1986
|
// sys_organization.create_organization).
|
|
1973
|
-
|
|
1987
|
+
requiresFeature: "organization",
|
|
1974
1988
|
successMessage: "Team member added",
|
|
1975
1989
|
refreshAfter: true,
|
|
1976
1990
|
params: [
|
|
@@ -1991,7 +2005,7 @@ var SysTeamMember = ObjectSchema.create({
|
|
|
1991
2005
|
locations: ["list_item"],
|
|
1992
2006
|
type: "api",
|
|
1993
2007
|
target: "/api/v1/auth/organization/remove-team-member",
|
|
1994
|
-
|
|
2008
|
+
requiresFeature: "organization",
|
|
1995
2009
|
confirmText: "Remove this user from the team? They will lose any team-scoped access.",
|
|
1996
2010
|
successMessage: "Team member removed",
|
|
1997
2011
|
refreshAfter: true,
|
|
@@ -2547,6 +2561,7 @@ var SysTwoFactor = ObjectSchema.create({
|
|
|
2547
2561
|
locations: ["list_toolbar"],
|
|
2548
2562
|
type: "api",
|
|
2549
2563
|
target: "/api/v1/auth/two-factor/enable",
|
|
2564
|
+
requiresFeature: "twoFactor",
|
|
2550
2565
|
refreshAfter: true,
|
|
2551
2566
|
params: [
|
|
2552
2567
|
{ name: "password", label: "Current Password", type: "text", required: true }
|
|
@@ -2569,6 +2584,7 @@ var SysTwoFactor = ObjectSchema.create({
|
|
|
2569
2584
|
locations: ["list_toolbar"],
|
|
2570
2585
|
type: "api",
|
|
2571
2586
|
target: "/api/v1/auth/two-factor/disable",
|
|
2587
|
+
requiresFeature: "twoFactor",
|
|
2572
2588
|
confirmText: "Disable two-factor authentication on your account?",
|
|
2573
2589
|
successMessage: "2FA disabled",
|
|
2574
2590
|
refreshAfter: true,
|
|
@@ -2584,6 +2600,7 @@ var SysTwoFactor = ObjectSchema.create({
|
|
|
2584
2600
|
locations: ["list_toolbar", "list_item"],
|
|
2585
2601
|
type: "api",
|
|
2586
2602
|
target: "/api/v1/auth/two-factor/generate-backup-codes",
|
|
2603
|
+
requiresFeature: "twoFactor",
|
|
2587
2604
|
confirmText: "Regenerate backup codes? All previous backup codes will stop working immediately.",
|
|
2588
2605
|
refreshAfter: true,
|
|
2589
2606
|
params: [
|
|
@@ -2898,6 +2915,7 @@ var SysOauthApplication = ObjectSchema.create({
|
|
|
2898
2915
|
type: "api",
|
|
2899
2916
|
method: "POST",
|
|
2900
2917
|
target: "/api/v1/auth/admin/oauth2/toggle-disabled",
|
|
2918
|
+
requiresFeature: "oidcProvider",
|
|
2901
2919
|
confirmText: "Disable this OAuth application? Active access/refresh tokens issued to it will continue to be rejected at the token, authorize, and introspect endpoints. Existing integrations will stop working immediately.",
|
|
2902
2920
|
successMessage: "OAuth application disabled",
|
|
2903
2921
|
refreshAfter: true,
|
|
@@ -2917,6 +2935,7 @@ var SysOauthApplication = ObjectSchema.create({
|
|
|
2917
2935
|
type: "api",
|
|
2918
2936
|
method: "POST",
|
|
2919
2937
|
target: "/api/v1/auth/admin/oauth2/toggle-disabled",
|
|
2938
|
+
requiresFeature: "oidcProvider",
|
|
2920
2939
|
confirmText: "Re-enable this OAuth application? Token issuance, authorization, and introspection will resume immediately.",
|
|
2921
2940
|
successMessage: "OAuth application enabled",
|
|
2922
2941
|
refreshAfter: true,
|
|
@@ -2936,6 +2955,7 @@ var SysOauthApplication = ObjectSchema.create({
|
|
|
2936
2955
|
type: "api",
|
|
2937
2956
|
method: "POST",
|
|
2938
2957
|
target: "/api/v1/auth/sys-oauth-application/register",
|
|
2958
|
+
requiresFeature: "oidcProvider",
|
|
2939
2959
|
refreshAfter: true,
|
|
2940
2960
|
params: [
|
|
2941
2961
|
{ name: "name", label: "Application Name", type: "text", required: true },
|
|
@@ -2967,6 +2987,7 @@ var SysOauthApplication = ObjectSchema.create({
|
|
|
2967
2987
|
type: "api",
|
|
2968
2988
|
method: "POST",
|
|
2969
2989
|
target: "/api/v1/auth/oauth2/client/rotate-secret",
|
|
2990
|
+
requiresFeature: "oidcProvider",
|
|
2970
2991
|
confirmText: "Rotate this OAuth client's secret? The previous secret will stop working immediately and any integrations using it will break until they are updated with the new secret. The new secret is shown only once.",
|
|
2971
2992
|
refreshAfter: true,
|
|
2972
2993
|
params: [
|
|
@@ -2991,6 +3012,7 @@ var SysOauthApplication = ObjectSchema.create({
|
|
|
2991
3012
|
type: "api",
|
|
2992
3013
|
method: "POST",
|
|
2993
3014
|
target: "/api/v1/auth/oauth2/delete-client",
|
|
3015
|
+
requiresFeature: "oidcProvider",
|
|
2994
3016
|
confirmText: "Permanently delete this OAuth application? All issued tokens and consents will be invalidated and integrations using this client_id will stop working immediately. This cannot be undone.",
|
|
2995
3017
|
successMessage: "OAuth application deleted",
|
|
2996
3018
|
refreshAfter: true,
|
|
@@ -3170,6 +3192,25 @@ var SysOauthApplication = ObjectSchema.create({
|
|
|
3170
3192
|
description: "OIDC subject type (e.g. public, pairwise)",
|
|
3171
3193
|
group: "Credentials"
|
|
3172
3194
|
}),
|
|
3195
|
+
jwks: Field.textarea({
|
|
3196
|
+
label: "JWKS",
|
|
3197
|
+
required: false,
|
|
3198
|
+
description: "Client JSON Web Key Set (for private_key_jwt / signed-request verification)",
|
|
3199
|
+
group: "Credentials"
|
|
3200
|
+
}),
|
|
3201
|
+
jwks_uri: Field.url({
|
|
3202
|
+
label: "JWKS URI",
|
|
3203
|
+
required: false,
|
|
3204
|
+
description: "URL of the client JSON Web Key Set",
|
|
3205
|
+
group: "Credentials"
|
|
3206
|
+
}),
|
|
3207
|
+
dpop_bound_access_tokens: Field.boolean({
|
|
3208
|
+
label: "DPoP-bound Access Tokens",
|
|
3209
|
+
required: false,
|
|
3210
|
+
defaultValue: false,
|
|
3211
|
+
description: "Require access tokens issued to this client to be DPoP-bound (RFC 9449)",
|
|
3212
|
+
group: "Credentials"
|
|
3213
|
+
}),
|
|
3173
3214
|
// ── Behaviour flags ──────────────────────────────────────────
|
|
3174
3215
|
disabled: Field.boolean({
|
|
3175
3216
|
label: "Disabled",
|
|
@@ -3189,6 +3230,18 @@ var SysOauthApplication = ObjectSchema.create({
|
|
|
3189
3230
|
description: "Allow the client to call the OIDC end-session endpoint",
|
|
3190
3231
|
group: "Behaviour"
|
|
3191
3232
|
}),
|
|
3233
|
+
backchannel_logout_uri: Field.url({
|
|
3234
|
+
label: "Back-channel Logout URI",
|
|
3235
|
+
required: false,
|
|
3236
|
+
description: "OIDC back-channel logout endpoint of the client",
|
|
3237
|
+
group: "Behaviour"
|
|
3238
|
+
}),
|
|
3239
|
+
backchannel_logout_session_required: Field.boolean({
|
|
3240
|
+
label: "Back-channel Logout Session Required",
|
|
3241
|
+
required: false,
|
|
3242
|
+
description: "Whether the back-channel logout token must include a sid claim",
|
|
3243
|
+
group: "Behaviour"
|
|
3244
|
+
}),
|
|
3192
3245
|
// ── Software statement (RFC 7591 §2.3) ───────────────────────
|
|
3193
3246
|
software_id: Field.text({
|
|
3194
3247
|
label: "Software ID",
|
|
@@ -3314,6 +3367,22 @@ var SysOauthAccessToken = ObjectSchema.create({
|
|
|
3314
3367
|
maxLength: 255,
|
|
3315
3368
|
description: "Caller-supplied correlation identifier"
|
|
3316
3369
|
}),
|
|
3370
|
+
authorization_code_id: Field.text({
|
|
3371
|
+
label: "Authorization Code ID",
|
|
3372
|
+
required: false,
|
|
3373
|
+
maxLength: 255,
|
|
3374
|
+
description: "ID of the authorization-code grant this token originates from"
|
|
3375
|
+
}),
|
|
3376
|
+
resources: Field.textarea({
|
|
3377
|
+
label: "Resources",
|
|
3378
|
+
required: false,
|
|
3379
|
+
description: "JSON-serialized list of RFC 8707 resource indicators bound to this token"
|
|
3380
|
+
}),
|
|
3381
|
+
requested_user_info_claims: Field.textarea({
|
|
3382
|
+
label: "Requested UserInfo Claims",
|
|
3383
|
+
required: false,
|
|
3384
|
+
description: "JSON-serialized list of OIDC claims requested for the userinfo endpoint"
|
|
3385
|
+
}),
|
|
3317
3386
|
scopes: Field.textarea({
|
|
3318
3387
|
label: "Scopes",
|
|
3319
3388
|
required: true,
|
|
@@ -3327,6 +3396,16 @@ var SysOauthAccessToken = ObjectSchema.create({
|
|
|
3327
3396
|
label: "Created At",
|
|
3328
3397
|
defaultValue: "NOW()",
|
|
3329
3398
|
readonly: true
|
|
3399
|
+
}),
|
|
3400
|
+
revoked: Field.datetime({
|
|
3401
|
+
label: "Revoked At",
|
|
3402
|
+
required: false,
|
|
3403
|
+
description: "Timestamp at which this access token was revoked"
|
|
3404
|
+
}),
|
|
3405
|
+
confirmation: Field.textarea({
|
|
3406
|
+
label: "Confirmation",
|
|
3407
|
+
required: false,
|
|
3408
|
+
description: "JSON RFC 7800 cnf claim (e.g. DPoP key thumbprint) binding this token to a key"
|
|
3330
3409
|
})
|
|
3331
3410
|
},
|
|
3332
3411
|
indexes: [
|
|
@@ -3334,7 +3413,8 @@ var SysOauthAccessToken = ObjectSchema.create({
|
|
|
3334
3413
|
{ fields: ["client_id"] },
|
|
3335
3414
|
{ fields: ["session_id"] },
|
|
3336
3415
|
{ fields: ["user_id"] },
|
|
3337
|
-
{ fields: ["refresh_id"] }
|
|
3416
|
+
{ fields: ["refresh_id"] },
|
|
3417
|
+
{ fields: ["authorization_code_id"] }
|
|
3338
3418
|
],
|
|
3339
3419
|
enable: {
|
|
3340
3420
|
trackHistory: false,
|
|
@@ -3400,6 +3480,22 @@ var SysOauthRefreshToken = ObjectSchema.create({
|
|
|
3400
3480
|
maxLength: 255,
|
|
3401
3481
|
description: "Caller-supplied correlation identifier"
|
|
3402
3482
|
}),
|
|
3483
|
+
authorization_code_id: Field.text({
|
|
3484
|
+
label: "Authorization Code ID",
|
|
3485
|
+
required: false,
|
|
3486
|
+
maxLength: 255,
|
|
3487
|
+
description: "ID of the authorization-code grant this token chain originates from"
|
|
3488
|
+
}),
|
|
3489
|
+
resources: Field.textarea({
|
|
3490
|
+
label: "Resources",
|
|
3491
|
+
required: false,
|
|
3492
|
+
description: "JSON-serialized list of RFC 8707 resource indicators bound to this token"
|
|
3493
|
+
}),
|
|
3494
|
+
requested_user_info_claims: Field.textarea({
|
|
3495
|
+
label: "Requested UserInfo Claims",
|
|
3496
|
+
required: false,
|
|
3497
|
+
description: "JSON-serialized list of OIDC claims requested for the userinfo endpoint"
|
|
3498
|
+
}),
|
|
3403
3499
|
scopes: Field.textarea({
|
|
3404
3500
|
label: "Scopes",
|
|
3405
3501
|
required: true,
|
|
@@ -3419,17 +3515,38 @@ var SysOauthRefreshToken = ObjectSchema.create({
|
|
|
3419
3515
|
required: false,
|
|
3420
3516
|
description: "Timestamp at which this refresh token was revoked"
|
|
3421
3517
|
}),
|
|
3518
|
+
rotated_at: Field.datetime({
|
|
3519
|
+
label: "Rotated At",
|
|
3520
|
+
required: false,
|
|
3521
|
+
description: "Timestamp at which this token was rotated (superseded by a new row)"
|
|
3522
|
+
}),
|
|
3523
|
+
rotation_replay_response: Field.textarea({
|
|
3524
|
+
label: "Rotation Replay Response",
|
|
3525
|
+
required: false,
|
|
3526
|
+
description: "Cached token response replayed when the old token is re-presented within the reuse interval"
|
|
3527
|
+
}),
|
|
3528
|
+
rotation_replay_expires_at: Field.datetime({
|
|
3529
|
+
label: "Rotation Replay Expires At",
|
|
3530
|
+
required: false,
|
|
3531
|
+
description: "End of the post-rotation reuse interval during which the replay response is served"
|
|
3532
|
+
}),
|
|
3422
3533
|
auth_time: Field.datetime({
|
|
3423
3534
|
label: "Auth Time",
|
|
3424
3535
|
required: false,
|
|
3425
3536
|
description: "When the user originally authenticated for this token chain"
|
|
3537
|
+
}),
|
|
3538
|
+
confirmation: Field.textarea({
|
|
3539
|
+
label: "Confirmation",
|
|
3540
|
+
required: false,
|
|
3541
|
+
description: "JSON RFC 7800 cnf claim (e.g. DPoP key thumbprint) binding this token to a key"
|
|
3426
3542
|
})
|
|
3427
3543
|
},
|
|
3428
3544
|
indexes: [
|
|
3429
3545
|
{ fields: ["token"], unique: true },
|
|
3430
3546
|
{ fields: ["client_id"] },
|
|
3431
3547
|
{ fields: ["session_id"] },
|
|
3432
|
-
{ fields: ["user_id"] }
|
|
3548
|
+
{ fields: ["user_id"] },
|
|
3549
|
+
{ fields: ["authorization_code_id"] }
|
|
3433
3550
|
],
|
|
3434
3551
|
enable: {
|
|
3435
3552
|
trackHistory: false,
|
|
@@ -3479,6 +3596,16 @@ var SysOauthConsent = ObjectSchema.create({
|
|
|
3479
3596
|
maxLength: 255,
|
|
3480
3597
|
description: "Caller-supplied correlation identifier"
|
|
3481
3598
|
}),
|
|
3599
|
+
resources: Field.textarea({
|
|
3600
|
+
label: "Resources",
|
|
3601
|
+
required: false,
|
|
3602
|
+
description: "JSON-serialized list of RFC 8707 resource indicators the consent covers"
|
|
3603
|
+
}),
|
|
3604
|
+
requested_user_info_claims: Field.textarea({
|
|
3605
|
+
label: "Requested UserInfo Claims",
|
|
3606
|
+
required: false,
|
|
3607
|
+
description: "JSON-serialized list of OIDC claims the user consented to expose"
|
|
3608
|
+
}),
|
|
3482
3609
|
scopes: Field.textarea({
|
|
3483
3610
|
label: "Scopes",
|
|
3484
3611
|
required: true,
|
|
@@ -3508,6 +3635,215 @@ var SysOauthConsent = ObjectSchema.create({
|
|
|
3508
3635
|
mru: false
|
|
3509
3636
|
}
|
|
3510
3637
|
});
|
|
3638
|
+
var SysOauthResource = ObjectSchema.create({
|
|
3639
|
+
name: "sys_oauth_resource",
|
|
3640
|
+
label: "OAuth Resource",
|
|
3641
|
+
pluralLabel: "OAuth Resources",
|
|
3642
|
+
icon: "server",
|
|
3643
|
+
isSystem: true,
|
|
3644
|
+
managedBy: "better-auth",
|
|
3645
|
+
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3646
|
+
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3647
|
+
// forbid sys_metadata overlays entirely.
|
|
3648
|
+
protection: {
|
|
3649
|
+
lock: "full",
|
|
3650
|
+
reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
|
|
3651
|
+
docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
|
|
3652
|
+
},
|
|
3653
|
+
description: "Registered OAuth protected resources (RFC 8707 resource indicators)",
|
|
3654
|
+
displayNameField: "name",
|
|
3655
|
+
nameField: "name",
|
|
3656
|
+
highlightFields: ["name", "identifier", "disabled"],
|
|
3657
|
+
fields: {
|
|
3658
|
+
id: Field.text({
|
|
3659
|
+
label: "ID",
|
|
3660
|
+
required: true,
|
|
3661
|
+
readonly: true
|
|
3662
|
+
}),
|
|
3663
|
+
identifier: Field.text({
|
|
3664
|
+
label: "Identifier",
|
|
3665
|
+
required: true,
|
|
3666
|
+
maxLength: 1024,
|
|
3667
|
+
description: "Resource indicator URI presented in the RFC 8707 resource parameter"
|
|
3668
|
+
}),
|
|
3669
|
+
name: Field.text({
|
|
3670
|
+
label: "Name",
|
|
3671
|
+
required: true,
|
|
3672
|
+
maxLength: 255
|
|
3673
|
+
}),
|
|
3674
|
+
access_token_ttl: Field.number({
|
|
3675
|
+
label: "Access Token TTL",
|
|
3676
|
+
required: false,
|
|
3677
|
+
description: "Access-token lifetime in seconds for this resource (overrides the server default)"
|
|
3678
|
+
}),
|
|
3679
|
+
refresh_token_ttl: Field.number({
|
|
3680
|
+
label: "Refresh Token TTL",
|
|
3681
|
+
required: false,
|
|
3682
|
+
description: "Refresh-token lifetime in seconds for this resource (overrides the server default)"
|
|
3683
|
+
}),
|
|
3684
|
+
signing_algorithm: Field.text({
|
|
3685
|
+
label: "Signing Algorithm",
|
|
3686
|
+
required: false,
|
|
3687
|
+
maxLength: 32,
|
|
3688
|
+
description: "JWS algorithm used to sign access tokens for this resource"
|
|
3689
|
+
}),
|
|
3690
|
+
signing_key_id: Field.text({
|
|
3691
|
+
label: "Signing Key ID",
|
|
3692
|
+
required: false,
|
|
3693
|
+
maxLength: 255,
|
|
3694
|
+
description: "Key id (kid) used to sign access tokens for this resource"
|
|
3695
|
+
}),
|
|
3696
|
+
allowed_scopes: Field.textarea({
|
|
3697
|
+
label: "Allowed Scopes",
|
|
3698
|
+
required: false,
|
|
3699
|
+
description: "JSON-serialized list of scopes clients may request for this resource"
|
|
3700
|
+
}),
|
|
3701
|
+
custom_claims: Field.textarea({
|
|
3702
|
+
label: "Custom Claims",
|
|
3703
|
+
required: false,
|
|
3704
|
+
description: "JSON object of extra claims stamped on access tokens for this resource"
|
|
3705
|
+
}),
|
|
3706
|
+
dpop_bound_access_tokens_required: Field.boolean({
|
|
3707
|
+
label: "DPoP Required",
|
|
3708
|
+
required: false,
|
|
3709
|
+
defaultValue: false,
|
|
3710
|
+
description: "Require access tokens for this resource to be DPoP-bound (RFC 9449)"
|
|
3711
|
+
}),
|
|
3712
|
+
disabled: Field.boolean({
|
|
3713
|
+
label: "Disabled",
|
|
3714
|
+
required: false,
|
|
3715
|
+
defaultValue: false
|
|
3716
|
+
}),
|
|
3717
|
+
policy_version: Field.number({
|
|
3718
|
+
label: "Policy Version",
|
|
3719
|
+
required: false,
|
|
3720
|
+
defaultValue: 1,
|
|
3721
|
+
description: "Monotonic version of the resource token policy"
|
|
3722
|
+
}),
|
|
3723
|
+
metadata: Field.textarea({
|
|
3724
|
+
label: "Metadata",
|
|
3725
|
+
required: false,
|
|
3726
|
+
description: "JSON object of additional resource metadata"
|
|
3727
|
+
}),
|
|
3728
|
+
created_at: Field.datetime({
|
|
3729
|
+
label: "Created At",
|
|
3730
|
+
defaultValue: "NOW()",
|
|
3731
|
+
readonly: true
|
|
3732
|
+
}),
|
|
3733
|
+
updated_at: Field.datetime({
|
|
3734
|
+
label: "Updated At",
|
|
3735
|
+
defaultValue: "NOW()",
|
|
3736
|
+
readonly: true
|
|
3737
|
+
})
|
|
3738
|
+
},
|
|
3739
|
+
indexes: [
|
|
3740
|
+
{ fields: ["identifier"], unique: true }
|
|
3741
|
+
],
|
|
3742
|
+
enable: {
|
|
3743
|
+
trackHistory: false,
|
|
3744
|
+
searchable: false,
|
|
3745
|
+
apiEnabled: false,
|
|
3746
|
+
apiMethods: [],
|
|
3747
|
+
trash: false,
|
|
3748
|
+
mru: false
|
|
3749
|
+
}
|
|
3750
|
+
});
|
|
3751
|
+
var SysOauthClientResource = ObjectSchema.create({
|
|
3752
|
+
name: "sys_oauth_client_resource",
|
|
3753
|
+
label: "OAuth Client Resource",
|
|
3754
|
+
pluralLabel: "OAuth Client Resources",
|
|
3755
|
+
icon: "link",
|
|
3756
|
+
isSystem: true,
|
|
3757
|
+
managedBy: "better-auth",
|
|
3758
|
+
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3759
|
+
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3760
|
+
// forbid sys_metadata overlays entirely.
|
|
3761
|
+
protection: {
|
|
3762
|
+
lock: "full",
|
|
3763
|
+
reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
|
|
3764
|
+
docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
|
|
3765
|
+
},
|
|
3766
|
+
description: "Grants allowing an OAuth client to request tokens for a protected resource",
|
|
3767
|
+
highlightFields: ["client_id", "resource_id"],
|
|
3768
|
+
fields: {
|
|
3769
|
+
id: Field.text({
|
|
3770
|
+
label: "ID",
|
|
3771
|
+
required: true,
|
|
3772
|
+
readonly: true
|
|
3773
|
+
}),
|
|
3774
|
+
client_id: Field.text({
|
|
3775
|
+
label: "Client ID",
|
|
3776
|
+
required: true,
|
|
3777
|
+
description: "Foreign key to sys_oauth_application.client_id"
|
|
3778
|
+
}),
|
|
3779
|
+
resource_id: Field.text({
|
|
3780
|
+
label: "Resource ID",
|
|
3781
|
+
required: true,
|
|
3782
|
+
maxLength: 1024,
|
|
3783
|
+
description: "Foreign key to sys_oauth_resource.identifier"
|
|
3784
|
+
}),
|
|
3785
|
+
metadata: Field.textarea({
|
|
3786
|
+
label: "Metadata",
|
|
3787
|
+
required: false,
|
|
3788
|
+
description: "JSON object of additional grant metadata"
|
|
3789
|
+
}),
|
|
3790
|
+
created_at: Field.datetime({
|
|
3791
|
+
label: "Created At",
|
|
3792
|
+
defaultValue: "NOW()",
|
|
3793
|
+
readonly: true
|
|
3794
|
+
})
|
|
3795
|
+
},
|
|
3796
|
+
indexes: [
|
|
3797
|
+
{ fields: ["client_id"] },
|
|
3798
|
+
{ fields: ["resource_id"] }
|
|
3799
|
+
],
|
|
3800
|
+
enable: {
|
|
3801
|
+
trackHistory: false,
|
|
3802
|
+
searchable: false,
|
|
3803
|
+
apiEnabled: false,
|
|
3804
|
+
apiMethods: [],
|
|
3805
|
+
trash: false,
|
|
3806
|
+
mru: false
|
|
3807
|
+
}
|
|
3808
|
+
});
|
|
3809
|
+
var SysOauthClientAssertion = ObjectSchema.create({
|
|
3810
|
+
name: "sys_oauth_client_assertion",
|
|
3811
|
+
label: "OAuth Client Assertion",
|
|
3812
|
+
pluralLabel: "OAuth Client Assertions",
|
|
3813
|
+
icon: "shield-check",
|
|
3814
|
+
isSystem: true,
|
|
3815
|
+
managedBy: "better-auth",
|
|
3816
|
+
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3817
|
+
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3818
|
+
// forbid sys_metadata overlays entirely.
|
|
3819
|
+
protection: {
|
|
3820
|
+
lock: "full",
|
|
3821
|
+
reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
|
|
3822
|
+
docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
|
|
3823
|
+
},
|
|
3824
|
+
description: "Consumed OAuth client-assertion JTIs (RFC 7523 replay prevention)",
|
|
3825
|
+
highlightFields: ["expires_at"],
|
|
3826
|
+
fields: {
|
|
3827
|
+
id: Field.text({
|
|
3828
|
+
label: "ID",
|
|
3829
|
+
required: true,
|
|
3830
|
+
readonly: true
|
|
3831
|
+
}),
|
|
3832
|
+
expires_at: Field.datetime({
|
|
3833
|
+
label: "Expires At",
|
|
3834
|
+
required: true,
|
|
3835
|
+
description: "Assertion expiry \u2014 rows past this instant are safe to prune"
|
|
3836
|
+
})
|
|
3837
|
+
},
|
|
3838
|
+
enable: {
|
|
3839
|
+
trackHistory: false,
|
|
3840
|
+
searchable: false,
|
|
3841
|
+
apiEnabled: false,
|
|
3842
|
+
apiMethods: [],
|
|
3843
|
+
trash: false,
|
|
3844
|
+
mru: false
|
|
3845
|
+
}
|
|
3846
|
+
});
|
|
3511
3847
|
var SysJwks = ObjectSchema.create({
|
|
3512
3848
|
name: "sys_jwks",
|
|
3513
3849
|
label: "JWKS Key",
|
|
@@ -3549,6 +3885,21 @@ var SysJwks = ObjectSchema.create({
|
|
|
3549
3885
|
required: true,
|
|
3550
3886
|
description: "JSON-serialized JWK private key (encrypted at rest)"
|
|
3551
3887
|
}),
|
|
3888
|
+
// better-auth 1.7 records the key's signing algorithm and (for EdDSA/EC
|
|
3889
|
+
// keys) its curve alongside the key material, so tokens can advertise the
|
|
3890
|
+
// correct `alg`/`crv` in the JWKS response. Both are optional — legacy rows
|
|
3891
|
+
// minted before 1.7 leave them null and better-auth falls back to the
|
|
3892
|
+
// configured `keyPairConfig.alg` (default `EdDSA`).
|
|
3893
|
+
alg: Field.text({
|
|
3894
|
+
label: "Algorithm",
|
|
3895
|
+
required: false,
|
|
3896
|
+
description: "JWK signing algorithm, e.g. `EdDSA` (better-auth 1.7+)"
|
|
3897
|
+
}),
|
|
3898
|
+
crv: Field.text({
|
|
3899
|
+
label: "Curve",
|
|
3900
|
+
required: false,
|
|
3901
|
+
description: "JWK curve for EdDSA/EC keys, e.g. `Ed25519` (better-auth 1.7+)"
|
|
3902
|
+
}),
|
|
3552
3903
|
created_at: Field.datetime({
|
|
3553
3904
|
label: "Created At",
|
|
3554
3905
|
required: true,
|
|
@@ -3591,7 +3942,7 @@ var SysSsoProvider = ObjectSchema.create({
|
|
|
3591
3942
|
// Together: admins see all env providers; non-admins get 403. better-auth's
|
|
3592
3943
|
// own endpoints already read via a system context. (Env-only object — no
|
|
3593
3944
|
// control-plane cross-tenant risk.)
|
|
3594
|
-
tenancy: { enabled: false
|
|
3945
|
+
tenancy: { enabled: false },
|
|
3595
3946
|
requiredPermissions: ["manage_platform_settings"],
|
|
3596
3947
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema.
|
|
3597
3948
|
protection: {
|
|
@@ -3923,6 +4274,6 @@ var SysScimProvider = ObjectSchema.create({
|
|
|
3923
4274
|
}
|
|
3924
4275
|
});
|
|
3925
4276
|
|
|
3926
|
-
export { SysAccount, SysApiKey, SysBusinessUnit, SysBusinessUnitMember, SysDeviceCode, SysInvitation, SysJwks, SysMember, SysOauthAccessToken, SysOauthApplication, SysOauthConsent, SysOauthRefreshToken, SysOrganization, SysScimProvider, SysSession, SysSsoProvider, SysTeam, SysTeamMember, SysTwoFactor, SysUser, SysUserPreference, SysVerification };
|
|
4277
|
+
export { SysAccount, SysApiKey, SysBusinessUnit, SysBusinessUnitMember, SysDeviceCode, SysInvitation, SysJwks, SysMember, SysOauthAccessToken, SysOauthApplication, SysOauthClientAssertion, SysOauthClientResource, SysOauthConsent, SysOauthRefreshToken, SysOauthResource, SysOrganization, SysScimProvider, SysSession, SysSsoProvider, SysTeam, SysTeamMember, SysTwoFactor, SysUser, SysUserPreference, SysVerification };
|
|
3927
4278
|
//# sourceMappingURL=index.mjs.map
|
|
3928
4279
|
//# sourceMappingURL=index.mjs.map
|