chore: add changeset files for IdP feature (#5380)

* chore: add changeset files for IdP feature add changeset files for IdP feature * refactor: apply suggestions from code review --------- Co-authored-by: Gao Sun <gao@silverhand.io>
2024-12-30 20:33:54 -05:00 · 2024-02-08 11:13:24 +08:00 · 2024-02-08 11:13:24 +08:00 · 32df9acde3
commit 32df9acde3
parent 7e3bc419d6
5 changed files with 61 additions and 0 deletions
--- a/.changeset/light-impalas-suffer.md
+++ b/.changeset/light-impalas-suffer.md
@ -0,0 +1,9 @@
+---
+"@logto/experience": minor
+---
+
+update user consent page to support the new third-party application feature
+
+- Only show the user consent page if current application is a third-party application, otherwise auto-consent the requested scopes.
+- Add the new fetching API to get the user consent context. Including the application detail, authenticated user info, all the requested scopes and user organizations info (if requested scopes include the organization scope).
+- Add the new user consent interaction API and authorize button. User have to manually authorize the requested scopes for the third-party application before continue the authentication flow.
--- a/.changeset/serious-schools-whisper.md
+++ b/.changeset/serious-schools-whisper.md
@ -0,0 +1,12 @@
+---
+"@logto/console": minor
+---
+
+add third-party application management pages
+
+- Add the new application category `Third-party` to the application creation page.
+- Add the new application framework `OIDC IdP` to the application creation page.
+- Add new tab `Third-party apps` to the applications management page. Split the existing applications list into `My apps` and `Third-party apps` two different tab for better management.
+- Reorg the application details page form. Remove the `Advance settings` tab and merge all the OIDC configuration fields into the `Settings` tab.
+- Add new `Permissions` tab to the third-party application details page. Display the user consent resource, organization, and user scopes. And allow the user to manage the user granted organizations for the third-party application.
+- Add new `Branding` tab to the third-party application details page. Allow the user to manage the application level sign-in experiences for the third-party application.
--- a/.changeset/six-carrots-join.md
+++ b/.changeset/six-carrots-join.md
@ -0,0 +1,10 @@
+---
+"@logto/phrases": minor
+"@logto/phrases-experience": minor
+---
+
+add all third-party related console, experience phrases
+
+- Add new i18n phrases for the third-party application management pages on the Admin Console.
+- Add new i18n phrases for the user consent page.
+- Add new i18n phrases for the user scopes as the description for all the Logto user claim scopes. Will be displayed on the user consent page.
--- a/.changeset/six-pens-hope.md
+++ b/.changeset/six-pens-hope.md
@ -0,0 +1,18 @@
+---
+"@logto/core": minor
+---
+
+implement Logto core API to support the new third-party application feature, and user consent interaction flow
+
+### Management API
+
+- Add new endpoint `/applications/sign-in-experiences` with `PUT`, `GET` methods to manage the application level sign-in experiences.
+- Add new endpoint `/applications/:id/users/:userId/consent-organizations` with `PUT`, `GET`, `POST`, `DELETE` methods to manage the user granted organizations for the third-party application.
+- Add new endpoint `/applications/:id/user-consent-scopes` with `GET`, `POST`, `DELETE` methods to manage the user consent resource, organization, and user scopes for the third-party application.
+- Update the `/applications` endpoint to include the new `is_third_party` field. Support create third-party applications, and query by `is_third_party` field.
+
+### Interaction API
+
+- Add the `koaAutoConsent` to support the auto-consent interaction flow for the first-party application. If is the first-party application we can auto-consent the requested scopes. If is the third-party application we need to redirect the user to the consent page to get the user consent manually.
+- Add the `GET /interaction/consent` endpoint to support fetching the consent context for the user consent page. Including the application detail, authenticated user info, all the requested scopes and user organizations info (if requested scopes include the organization scope).
+- Update the `POST /interaction/consent` endpoint to support the user consent interaction flow. Including grant all the missing scopes, and update the user granted organizations for the third-party application.
--- a/.changeset/tame-keys-itch.md
+++ b/.changeset/tame-keys-itch.md
@ -0,0 +1,12 @@
+---
+"@logto/schemas": minor
+---
+
+update Logto application schemas to support the new third-party application feature (Logto as IdP)
+
+- Applications table alteration. Add new column `is_third_party` to indicate if the application is a third-party application.
+- Create new table `application_user_consent_resource_scopes` to store the enabled user consent resource scopes for the third-party application.
+- Create new table `application_user_consent_organization_scopes` to store the enabled user consent organization scopes for the third-party application.
+- Create new table `application_user_consent_user_scopes` to store the enabled user consent user scopes for the third-party application.
+- Create new table `application_user_consent_organizations` to store the user granted organizations for the third-party application.
+- Create new table `application_sign_in_experiences` to store the application level sign-in experiences for the third-party application.