Merge branch 'logto-io:master' into feat-connector-kook

.changeset/clever-lemons-yawn.md

@@ -0,0 +1,12 @@
+---
+"@logto/schemas": minor
+"@logto/core": minor
+---
+
+add `custom_data` to applications
+
+Introduce a new property `custom_data` to the `Application` schema. This property is an arbitrary object that can be used to store custom data for an application.
+
+Added a new API to update the custom data of an application:
+
+- `PATCH /applications/:applicationId/custom-data`

.changeset/cool-otters-unite.md

@@ -0,0 +1,5 @@
+---
+"@logto/console": patch
+---
+
+fix Google connector `scope` field can not be reset bug

.changeset/fast-rats-talk.md

@@ -0,0 +1,14 @@
+---
+"@logto/core": patch
+---
+
+fix the status code 404 error in webhook events payload
+
+Impact webhook events:
+
+- `Role.Scopes.Updated`
+- `Organizations.Membership.Updates`
+
+Issue: These webhook event payloads were returning a API response status code of 404 when the webhook was triggered.
+Expected: A status code of 200 should be returned, as we only trigger the webhook when the request is successful.
+Fix: All webhook event contexts should be created and inserted into the webhook pipeline after the response body and status code are properly set.

.changeset/polite-plums-tease.md

@@ -0,0 +1,12 @@
+---
+"@logto/console": minor
+"@logto/core": minor
+"@logto/experience": minor
+"@logto/integration-tests": patch
+---
+
+support app-level branding
+
+You can now set logos, favicons, and colors for your app. These settings will be used in the sign-in experience when the app initiates the authentication flow. For apps that have no branding settings, the omni sign-in experience branding will be used.
+
+If `organization_id` is provided in the authentication request, the app-level branding settings will be overridden by the organization's branding settings, if available.

.changeset/seven-comics-tan.md

@@ -0,0 +1,26 @@
+---
+"@logto/core": minor
+---
+
+implement token exchange for user impersonation
+
+Added support for user impersonation via token exchange:
+
+1. New endpoint: `POST /subject-tokens` (Management API)
+ - Request body: `{ "userId": "<user-id>" }`
+ - Returns a subject token
+
+2. Enhanced `POST /oidc/token` endpoint (OIDC API)
+ - Supports new grant type: `urn:ietf:params:oauth:grant-type:token-exchange`
+ - Request body:
+ ```json
+ {
+ "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
+ "subject_token": "<subject-token>",
+ "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
+ "client_id": "<client-id>"
+ }
+ ```
+ - Returns an impersonated access token
+
+Refer to documentation for usage examples and the [Token Exchange RFC](https://tools.ietf.org/html/rfc8693) for more details.

.changeset/shy-baboons-occur.md

@@ -0,0 +1,13 @@
+---
+"@logto/experience": minor
+"@logto/schemas": minor
+"@logto/core": minor
+"@logto/integration-tests": patch
+---
+
+support experience data server-side rendering
+
+Logto now injects the sign-in experience settings and phrases into the `index.html` file for better first-screen performance. The experience app will still fetch the settings and phrases from the server if:
+
+- The server didn't inject the settings and phrases.
+- The parameters in the URL are different from server-rendered data.

.changeset/slow-boxes-greet.md

@@ -0,0 +1,5 @@
+---
+"@logto/connector-smtp": minor
+---
+
+enable static custom headers for SMTP connector

.changeset/sour-windows-wave.md

@@ -0,0 +1,12 @@
+---
+"@logto/experience": minor
+"@logto/demo-app": minor
+"@logto/console": minor
+---
+
+use Vite for transpilation and bundling
+
+Removed ParcelJS and replaced with Vite. No breaking changes should be expected, but use a minor version bump to catch your attention.
+
+> [!Important]
+> The browserlist configuration for `@logto/experience` and been synced with what is stated in README.md.

.changeset/stale-planets-sneeze.md

@@ -0,0 +1,18 @@
+---
+"@logto/console": minor
+"@logto/schemas": minor
+"@logto/core": minor
+"@logto/integration-tests": patch
+"@logto/phrases": patch
+---
+
+support multiple app secrets with expiration
+
+Now secure apps (machine-to-machine, traditional web, Protected) can have multiple app secrets with expiration. This allows for secret rotation and provides an even safer experience.
+
+To manage your application secrets, go to Logto Console -> Applications -> Application Details -> Endpoints & Credentials.
+
+We've also added a set of Management APIs (`/api/applications/{id}/secrets`) for this purpose.
+
+> [!Important]
+> You can still use existing app secrets for client authentication, but it is recommended to delete the old ones and create new secrets with expiration for enhanced security.

.changeset/swift-stingrays-tap.md

@@ -0,0 +1,9 @@
+---
+"@logto/console": minor
+"@logto/experience": minor
+"@logto/schemas": minor
+---
+
+support dark favicon
+
+The favicon for the dark theme now can be set in the sign-in experience branding settings.

.changeset/violet-phones-occur.md

@@ -0,0 +1,46 @@
+---
+"@logto/connector-mock-standard-email": minor
+"@logto/connector-logto-social-demo": minor
+"@logto/connector-sendgrid-email": minor
+"@logto/connector-alipay-native": minor
+"@logto/connector-wechat-native": minor
+"@logto/connector-dingtalk-web": minor
+"@logto/connector-huggingface": minor
+"@logto/connector-logto-email": minor
+"@logto/connector-mock-social": minor
+"@logto/connector-tencent-sms": minor
+"@logto/connector-alipay-web": minor
+"@logto/connector-aliyun-sms": minor
+"@logto/connector-feishu-web": minor
+"@logto/connector-mock-email": minor
+"@logto/connector-twilio-sms": minor
+"@logto/connector-wechat-web": minor
+"@logto/connector-aliyun-dm": minor
+"@logto/connector-logto-sms": minor
+"@logto/connector-facebook": minor
+"@logto/connector-mock-sms": minor
+"@logto/connector-aws-ses": minor
+"@logto/connector-azuread": minor
+"@logto/connector-discord": minor
+"@logto/connector-mailgun": minor
+"@logto/connector-smsaero": minor
+"@logto/connector-github": minor
+"@logto/connector-google": minor
+"@logto/connector-oauth": minor
+"@logto/connector-apple": minor
+"@logto/connector-kakao": minor
+"@logto/connector-naver": minor
+"@logto/connector-wecom": minor
+"@logto/connector-oidc": minor
+"@logto/connector-saml": minor
+"@logto/connector-smtp": minor
+"@logto/integration-tests": minor
+"@logto/schemas": minor
+"@logto/core": minor
+---
+
+use tsup for building
+
+We've updated some of the packages to use `tsup` for building. This will make the build process faster, and should not affect the functionality of the packages.
+
+Use minor version bump to catch your attention.

.dockerignore

@@ -33,5 +33,4 @@ dump.rdb
 .devcontainer
 .github
 .husky
-.parcel-cache
 .vscode

.github/workflows/alteration-compatibility-integration-test.yml

@@ -91,3 +91,11 @@ jobs:
  GH_TOKEN: ${{ github.token }}
  GH_DEBUG: api
  run: gh workflow run rerun.yml -F run_id=${{ github.run_id }}
+
+ alteration-compatibility-conclusion:
+ needs: run-logto
+ runs-on: ubuntu-latest
+ if: always() && (needs.run-logto.result == 'success' || needs.run-logto.result == 'skipped')
+ steps:
+ - name: Conclusion
+ run: echo "Alteration compatibility integration test completed successfully"

.github/workflows/main.yml

@@ -20,12 +20,25 @@ jobs:
 
  - name: Setup Node and pnpm
  uses: silverhand-io/actions-node-pnpm-run-steps@v5
- with:
- pnpm-version: 9
 
  - name: Build
  run: pnpm ci:build
 
+ main-check:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Setup Node and pnpm
+ uses: silverhand-io/actions-node-pnpm-run-steps@v5
+
+ - name: Prepack
+ run: pnpm prepack
+
+ - name: Check
+ run: pnpm -r check
+
  main-lint:
  runs-on: ubuntu-latest
 
@@ -34,8 +47,6 @@ jobs:
 
  - name: Setup Node and pnpm
  uses: silverhand-io/actions-node-pnpm-run-steps@v5
- with:
- pnpm-version: 9
 
  - name: Prepack
  run: pnpm prepack
@@ -54,8 +65,6 @@ jobs:
 
  - name: Setup Node and pnpm
  uses: silverhand-io/actions-node-pnpm-run-steps@v5
- with:
- pnpm-version: 9
 
  - name: Build for test
  run: pnpm -r build:test
@@ -122,7 +131,6 @@ jobs:
  - name: Setup Node and pnpm
  uses: silverhand-io/actions-node-pnpm-run-steps@v5
  with:
- pnpm-version: 9
  run-install: false
 
  # ** Prepack packages **

.scripts/compare-database.js

@@ -42,14 +42,14 @@ const queryDatabaseManifest = async (database) => {
  `);
 
  const { rows: constraints } = await pool.query(/* sql */`
- select conrelid::regclass AS table, con.*, pg_get_constraintdef(con.oid)
+ select conrelid::regclass as r_table, con.*, pg_get_constraintdef(con.oid) as def
  from pg_catalog.pg_constraint con
  inner join pg_catalog.pg_class rel
  on rel.oid = con.conrelid
  inner join pg_catalog.pg_namespace nsp
  on nsp.oid = connamespace
  where nsp.nspname = 'public'
- order by conname asc;
+ order by conname asc, def asc;
  `);
 
  const { rows: indexes } = await pool.query(/* sql */`

.scripts/package.sh

@@ -18,7 +18,7 @@ fi
 
 # Some node packages use `src` as their dist folder, so ignore them from the rm list in the end
 find \
-.git .changeset .devcontainer .github .husky .parcel-cache .scripts .vscode pnpm-*.yaml *.js \
+.git .changeset .devcontainer .github .husky .scripts .vscode pnpm-*.yaml *.js \
 packages/**/src \
 packages/**/*.config.js packages/**/*.config.ts packages/**/tsconfig*.json \
 ! -path '**/node_modules/**' \

.vscode/tsx.code-snippets

@@ -10,7 +10,7 @@
  "scope": "javascriptreact,typescriptreact",
  "prefix": "isc",
  "body": [
- "import * as styles from './index.module.scss';",
+ "import styles from './index.module.scss';",
  "$0"
  ],
  "description": "Import SCSS styles from the same directory."

AWESOME.md

@@ -0,0 +1,11 @@
+# Logto awesome
+
+Here's the list of awesome community-contributed resources for Logto. Feel free to add yours by submitting a pull request.
+
+## Account
+
+- [Logto Account Dashboard](https://github.com/t2vee/Logto-Account-Dashboard) by @t2vee
+
+## API
+
+- [Go API client for logto](https://github.com/mostafa/go-api-client) by @mostafa

Dockerfile

@@ -14,7 +14,6 @@ RUN apk add --no-cache python3 make g++ rsync
 COPY . .
 
 ### Install dependencies and build ###
-RUN node .scripts/update-parcelrc.js
 RUN pnpm i
 
 ### Set if dev features enabled ###
@@ -35,7 +34,7 @@ RUN rm -rf node_modules packages/**/node_modules
 RUN NODE_ENV=production pnpm i
 
 ### Clean up ###
-RUN rm -rf .scripts .parcel-cache pnpm-*.yaml packages/cloud
+RUN rm -rf .scripts pnpm-*.yaml packages/cloud
 
 ###### [STAGE] Seal ######
 FROM node:20-alpine as app

README.md

@@ -25,6 +25,7 @@ Logto[^info] is an Auth0 alternative designed for modern apps and SaaS products.
 - Enables OIDC-based authentication with Logto SDKs.
 - Supports passwordless sign-in, along with various options like email, phone number, username, Google, Facebook, and other social sign-in methods.
 - Offers beautiful UI components with customizable CSS to suit your business needs.
+- Has an open community with many warm-hearted contributors and users. Check out our [awesome list](./AWESOME.md) of community-contributed resources.
 
 📦 **Out-of-the-box infrastructure**
 
@@ -37,12 +38,12 @@ Logto[^info] is an Auth0 alternative designed for modern apps and SaaS products.
 - Implements role-based access control (RBAC) for scalable role authorization, catering to a wide range of use cases.
 - Facilitates user management and provides audit logs for understanding identity-related user information and maintaining security.
 - Enables single sign-on (SSO) and multi-factor authentication (MFA) without extra coding.
-- Leverages Logto Organizations to build multi-tenancy apps with ease.
+- Leverages Logto organizations to build multi-tenancy apps with ease.
 
 In a more approachable way, we refer to this solution as "[Customer Identity Access Management (CIAM)](https://en.wikipedia.org/wiki/Customer_identity_access_management)" or simply, the "Customer Identity Solution."
 
-[Subscribe to us](https://logto.io/subscribe/?utm_source=github&utm_medium=repo_logto) now to stay updated with the latest information about the Logto Cloud (SaaS) and receive feature updates in real-time.
-
+> [!IMPORTANT]
+> [Subscribe to us](https://logto.io/subscribe/?utm_source=github&utm_medium=repo_logto) now to stay updated with the latest information about the Logto Cloud (SaaS) and receive feature updates in real-time.
 
 ## Get started
 

commitlint.config.ts

@@ -7,7 +7,7 @@ const config: UserConfig = {
  extends: ['@commitlint/config-conventional'],
  rules: {
  'type-enum': [2, 'always', [...conventional.rules['type-enum'][2], 'api', 'release']],
- 'scope-enum': [2, 'always', ['connector', 'console', 'core', 'demo-app', 'test', 'phrases', 'schemas', 'shared', 'experience', 'deps', 'deps-dev', 'cli', 'toolkit', 'cloud', 'app-insights']],
+ 'scope-enum': [2, 'always', ['connector', 'console', 'core', 'demo-app', 'test', 'phrases', 'schemas', 'shared', 'experience', 'deps', 'deps-dev', 'cli', 'toolkit', 'cloud', 'app-insights', 'elements']],
  // Slightly increase the tolerance to allow the appending PR number
  ...(isCi && { 'header-max-length': [2, 'always', 110] }),
  'body-max-line-length': [2, 'always', 110],

package.json

@@ -31,7 +31,9 @@
  "@types/pg": "^8.6.6",
  "husky": "^9.0.0",
  "pg": "^8.8.0",
- "typescript": "^5.0.0"
+ "tsup": "^8.1.0",
+ "typescript": "^5.0.0",
+ "vite": "^5.3.4"
  },
  "engines": {
  "node": "^20.9.0",
@@ -51,9 +53,5 @@
  },
  "dependencies": {
  "@logto/cli": "workspace:^1.1.0"
- },
- "//": "@see https://parceljs.org/features/dependency-resolution/#package-exports",
- "@parcel/resolver-default": {
- "packageExports": true
  }
 }

packages/app-insights/package.json

@@ -32,12 +32,12 @@
  "@silverhand/eslint-config": "6.0.1",
  "@silverhand/ts-config": "6.0.0",
  "@types/node": "^20.9.5",
- "@vitest/coverage-v8": "^1.4.0",
+ "@vitest/coverage-v8": "^2.0.0",
  "eslint": "^8.56.0",
  "lint-staged": "^15.0.0",
  "prettier": "^3.0.0",
- "typescript": "^5.3.3",
- "vitest": "^1.4.0"
+ "typescript": "^5.5.3",
+ "vitest": "^2.0.0"
  },
  "engines": {
  "node": "^20.9.0"