-
-
Notifications
You must be signed in to change notification settings - Fork 423
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
14 changed files
with
138 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
"@logto/core": minor | ||
"@logto/phrases": patch | ||
"@logto/schemas": patch | ||
--- | ||
|
||
support Google One Tap | ||
|
||
- core: `GET /api/.well-known/sign-in-exp` now returns `googleOneTap` field with the configuration when available | ||
- core: add Google Sign-In (GSI) url to the security headers | ||
- core: verify Google One Tap CSRF token in `verifySocialIdentity()` | ||
- phrases: add Google One Tap phrases | ||
- schemas: migrate sign-in experience types from core to schemas |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
import { | ||
connectorMetadataGuard, | ||
type ConnectorMetadata, | ||
type GoogleOneTapConfig, | ||
googleOneTapConfigGuard, | ||
} from '@logto/connector-kit'; | ||
import { z } from 'zod'; | ||
|
||
import { type SignInExperience, SignInExperiences } from '../db-entries/index.js'; | ||
import { type ToZodObject } from '../utils/zod.js'; | ||
|
||
import { type SsoConnectorMetadata, ssoConnectorMetadataGuard } from './sso-connector.js'; | ||
|
||
type ForgotPassword = { | ||
phone: boolean; | ||
email: boolean; | ||
}; | ||
|
||
/** | ||
* Basic information about a social connector for sign-in experience rendering. This type can avoid | ||
* the need to load the full connector metadata that is not needed for rendering. | ||
*/ | ||
export type ExperienceSocialConnector = Omit< | ||
ConnectorMetadata, | ||
'description' | 'configTemplate' | 'formItems' | 'readme' | 'customData' | ||
>; | ||
|
||
export type FullSignInExperience = SignInExperience & { | ||
socialConnectors: ExperienceSocialConnector[]; | ||
ssoConnectors: SsoConnectorMetadata[]; | ||
forgotPassword: ForgotPassword; | ||
isDevelopmentTenant: boolean; | ||
/** | ||
* The Google One Tap configuration if the Google connector is enabled and configured. | ||
* | ||
* @remarks | ||
* We need to use a standalone property for the Google One Tap configuration because it needs | ||
* data from database entries that other connectors don't need. Thus we manually extract the | ||
* minimal data needed here. | ||
*/ | ||
googleOneTap?: GoogleOneTapConfig & { clientId: string; connectorId: string }; | ||
}; | ||
|
||
export const guardFullSignInExperience = SignInExperiences.guard.extend({ | ||
socialConnectors: connectorMetadataGuard | ||
.omit({ | ||
description: true, | ||
configTemplate: true, | ||
formItems: true, | ||
readme: true, | ||
customData: true, | ||
}) | ||
.array(), | ||
ssoConnectors: ssoConnectorMetadataGuard.array(), | ||
forgotPassword: z.object({ phone: z.boolean(), email: z.boolean() }), | ||
isDevelopmentTenant: z.boolean(), | ||
googleOneTap: googleOneTapConfigGuard | ||
.extend({ clientId: z.string(), connectorId: z.string() }) | ||
.optional(), | ||
}) satisfies ToZodObject<FullSignInExperience>; |