diff --git a/.changeset/brown-adults-speak.md b/.changeset/brown-adults-speak.md new file mode 100644 index 000000000..34b15e13b --- /dev/null +++ b/.changeset/brown-adults-speak.md @@ -0,0 +1,5 @@ +--- +"@logto/cli": patch +--- + +improve translate prompt diff --git a/.changeset/smart-icons-move.md b/.changeset/smart-icons-move.md new file mode 100644 index 000000000..9594e9dbb --- /dev/null +++ b/.changeset/smart-icons-move.md @@ -0,0 +1,13 @@ +--- +"@logto/console": minor +"@logto/core": minor +"@logto/integration-tests": minor +"@logto/schemas": minor +"@logto/phrases": patch +--- + +various application improvements + +- Show OpenID Provider configuration endpoint in Console +- Configure "Rotate Refresh Token" in Console +- Configure "Refresh Token TTL" in Console diff --git a/packages/cli/src/commands/translate/prompts.ts b/packages/cli/src/commands/translate/prompts.ts index df575d6db..5554bbb3d 100644 --- a/packages/cli/src/commands/translate/prompts.ts +++ b/packages/cli/src/commands/translate/prompts.ts @@ -20,9 +20,9 @@ export const getTranslationPromptMessages = ({ }: GetTranslationPromptProperties) => [ { role: 'assistant', - content: `You are a translate assistant of a Typescript engenieer, when you receive a code snippet that contains an object, translate those values that are marked with comment "// UNTRANSLATED" into the language ${ + content: `You are a translate assistant of a Typescript engineer, when you receive a code snippet that contains an object, translate and ONLY translate those values that are marked with comment "// UNTRANSLATED" into the language ${ languages[targetLanguage] - }, keep all object keys original, output ts code only, the code format should be strictly consistent, and should not contain the given code snippet. ${conditionalString( + }, remove the "// UNTRANSLATED" mark, keep all object keys original, output ts code only, the code format should be strictly consistent, and should not contain the given code snippet. ${conditionalString( extraPrompt )} diff --git a/packages/console/src/consts/oidc.ts b/packages/console/src/consts/oidc.ts new file mode 100644 index 000000000..8764ccbad --- /dev/null +++ b/packages/console/src/consts/oidc.ts @@ -0,0 +1 @@ +export const openIdProviderConfigPath = 'oidc/.well-known/openid-configuration'; diff --git a/packages/console/src/pages/ApplicationDetails/components/AdvancedSettings.tsx b/packages/console/src/pages/ApplicationDetails/components/AdvancedSettings.tsx index 5b2fd725a..c9170145d 100644 --- a/packages/console/src/pages/ApplicationDetails/components/AdvancedSettings.tsx +++ b/packages/console/src/pages/ApplicationDetails/components/AdvancedSettings.tsx @@ -1,5 +1,11 @@ -import type { Application, SnakeCaseOidcConfig } from '@logto/schemas'; -import { ApplicationType } from '@logto/schemas'; +import { + type Application, + type SnakeCaseOidcConfig, + ApplicationType, + customClientMetadataGuard, +} from '@logto/schemas'; +import { appendPath } from '@silverhand/essentials'; +import { useContext } from 'react'; import { useFormContext } from 'react-hook-form'; import { Trans, useTranslation } from 'react-i18next'; @@ -7,7 +13,10 @@ import CopyToClipboard from '@/components/CopyToClipboard'; import FormCard from '@/components/FormCard'; import FormField from '@/components/FormField'; import Switch from '@/components/Switch'; +import TextInput from '@/components/TextInput'; import TextLink from '@/components/TextLink'; +import { openIdProviderConfigPath } from '@/consts/oidc'; +import { AppEndpointsContext } from '@/contexts/AppEndpointsProvider'; import * as styles from '../index.module.scss'; @@ -17,8 +26,20 @@ type Props = { }; function AdvancedSettings({ applicationType, oidcConfig }: Props) { - const { register } = useFormContext(); + const { userEndpoint } = useContext(AppEndpointsContext); + const { + register, + formState: { errors }, + } = useFormContext(); const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' }); + const { minValue, maxValue } = + customClientMetadataGuard.shape.refreshTokenTtlInDays._def.innerType; + const minTtl = minValue ?? Number.NEGATIVE_INFINITY; + const maxTtl = maxValue ?? Number.POSITIVE_INFINITY; + const ttlErrorMessage = t('errors.number_should_be_between_inclusive', { + min: minTtl, + max: maxTtl, + }); return ( + {userEndpoint && ( + + + + )} ( @@ -72,6 +102,54 @@ function AdvancedSettings({ applicationType, oidcConfig }: Props) { /> )} + {[ApplicationType.Traditional, ApplicationType.Native].includes(applicationType) && ( + <> + + + ), + }} + > + {t('application_details.rotate_refresh_token_label')} + + } + {...register('customClientMetadata.rotateRefreshToken')} + /> + + + + value === undefined || + Number.isInteger(value) || + t('errors.should_be_an_integer'), + })} + placeholder="14" + // Confirm if we need a customized message here + error={errors.customClientMetadata?.refreshTokenTtlInDays?.message} + /> + + + )} {applicationType === ApplicationType.MachineToMachine && ( ('oidc/.well-known/openid-configuration'); + } = useSWR(openIdProviderConfigPath); const isLoading = (!data && !error) || (!oidcConfig && !fetchOidcConfigError); const requestError = error ?? fetchOidcConfigError; const [isReadmeOpen, setIsReadmeOpen] = useState(false); @@ -63,7 +69,9 @@ function ApplicationDetails() { const [isDeleted, setIsDeleted] = useState(false); const api = useApi(); const navigate = useNavigate(); - const formMethods = useForm(); + const formMethods = useForm({ + defaultValues: { customClientMetadata: customClientMetadataDefault }, + }); const { getDocumentationUrl } = useDocumentationUrl(); const { diff --git a/packages/core/src/env-set/oidc.ts b/packages/core/src/env-set/oidc.ts index a796f8e78..539ee4e72 100644 --- a/packages/core/src/env-set/oidc.ts +++ b/packages/core/src/env-set/oidc.ts @@ -28,8 +28,6 @@ const loadOidcValues = async (issuer: string, configs: LogtoOidcConfigType) => { jwkSigningAlg, localJWKSet, issuer, - defaultIdTokenTtl: 60 * 60, - defaultRefreshTokenTtl: 14 * 24 * 60 * 60, }); }; diff --git a/packages/core/src/oidc/defaults.ts b/packages/core/src/oidc/defaults.ts new file mode 100644 index 000000000..c7388310d --- /dev/null +++ b/packages/core/src/oidc/defaults.ts @@ -0,0 +1,46 @@ +import type Provider from 'oidc-provider'; +import { type KoaContextWithOIDC } from 'oidc-provider'; + +/** + * Keep the default pre-checks from oidc-provider. + * + * @see {@link https://github.com/panva/node-oidc-provider/blob/d6edf2a0b9efc777081e6f9cc358a0677ccd9897/docs/README.md#ttl | ttl's default value} + */ +const refreshTokenTtl = ( + ...[ctx, token, client]: Parameters>> +) => { + if ( + ctx.oidc.entities.RotatedRefreshToken && + client.applicationType === 'web' && + client.clientAuthMethod === 'none' && + !token.isSenderConstrained() + ) { + // Non-Sender Constrained SPA RefreshTokens do not have infinite expiration through rotation + return ctx.oidc.entities.RotatedRefreshToken.remainingTTL; + } +}; + +/** @see {@link https://github.com/panva/node-oidc-provider/blob/d6edf2a0b9efc777081e6f9cc358a0677ccd9897/docs/README.md#rotaterefreshtoken | rotateRefreshToken's default value} */ +const rotateRefreshToken = (ctx: KoaContextWithOIDC) => { + const { RefreshToken: refreshToken, Client: client } = ctx.oidc.entities; + + if (!refreshToken || !client) { + return false; + } + + // Cap the maximum amount of time a refresh token can be + // rotated for up to 1 year, afterwards its TTL is final + if (refreshToken.totalLifetime() >= 365.25 * 24 * 60 * 60) { + return false; + } + // Rotate non sender-constrained public client refresh tokens + if (client.clientAuthMethod === 'none' && !refreshToken.isSenderConstrained()) { + return true; + } + // Rotate if the token is nearing expiration (it's beyond 70% of its lifetime) + return refreshToken.ttlPercentagePassed() >= 70; +}; + +const defaults = { refreshTokenTtl, rotateRefreshToken }; + +export default defaults; diff --git a/packages/core/src/oidc/init.ts b/packages/core/src/oidc/init.ts index 11a880cad..fc3b3486f 100644 --- a/packages/core/src/oidc/init.ts +++ b/packages/core/src/oidc/init.ts @@ -5,8 +5,10 @@ import { readFileSync } from 'node:fs'; import { userClaims } from '@logto/core-kit'; import type { I18nKey } from '@logto/phrases'; import { + customClientMetadataDefault, CustomClientMetadataKey, demoAppApplicationId, + inSeconds, logtoCookieKey, type LogtoUiCookie, } from '@logto/schemas'; @@ -27,6 +29,7 @@ import type Libraries from '#src/tenants/Libraries.js'; import type Queries from '#src/tenants/Queries.js'; import { consoleLog } from '#src/utils/console.js'; +import defaults from './defaults.js'; import { getUserClaimData, getUserClaims } from './scope.js'; import { OIDCExtraParametersKey, InteractionMode } from './type.js'; @@ -39,14 +42,7 @@ export default function initOidc( queries: Queries, libraries: Libraries ): Provider { - const { - issuer, - cookieKeys, - privateJwks, - jwkSigningAlg, - defaultIdTokenTtl, - defaultRefreshTokenTtl, - } = envSet.oidc; + const { issuer, cookieKeys, privateJwks, jwkSigningAlg } = envSet.oidc; const { resources: { findResourceByIndicator, findDefaultResource }, users: { findUserById }, @@ -252,12 +248,25 @@ export default function initOidc( IdToken: (_ctx, _token, client) => { const { idTokenTtl } = client.metadata(); - return idTokenTtl ?? defaultIdTokenTtl; + return idTokenTtl ?? customClientMetadataDefault.idTokenTtl; }, - RefreshToken: (_ctx, _token, client) => { - const { refreshTokenTtl } = client.metadata(); + RefreshToken: (ctx, token, client) => { + const defaultTtl = defaults.refreshTokenTtl(ctx, token, client); - return refreshTokenTtl ?? defaultRefreshTokenTtl; + if (defaultTtl !== undefined) { + return defaultTtl; + } + + /** Customized logic for Refresh Token TTL */ + const { refreshTokenTtlInDays, refreshTokenTtl } = client.metadata(); + + if (refreshTokenTtlInDays !== undefined) { + return refreshTokenTtlInDays * inSeconds.oneDay; + } + + return ( + refreshTokenTtl ?? customClientMetadataDefault.refreshTokenTtlInDays * inSeconds.oneDay + ); }, AccessToken: (ctx, token) => { if (token.resourceServer) { @@ -270,6 +279,18 @@ export default function initOidc( Session: 1_209_600 /* 14 days in seconds */, Grant: 1_209_600 /* 14 days in seconds */, }, + rotateRefreshToken: (ctx) => { + const { Client: client } = ctx.oidc.entities; + + // Directly return false only when `rotateRefreshToken` has been explicitly set to `false`. + if ( + !(client?.metadata()?.rotateRefreshToken ?? customClientMetadataDefault.rotateRefreshToken) + ) { + return false; + } + + return defaults.rotateRefreshToken(ctx); + }, pkce: { required: (ctx, client) => { return client.clientAuthMethod !== 'client_secret_basic'; diff --git a/packages/integration-tests/src/tests/api/application.test.ts b/packages/integration-tests/src/tests/api/application.test.ts index ec0881da8..8752e45a6 100644 --- a/packages/integration-tests/src/tests/api/application.test.ts +++ b/packages/integration-tests/src/tests/api/application.test.ts @@ -38,12 +38,17 @@ describe('admin console application', () => { oidcClientMetadata: { redirectUris: newRedirectUris, }, + customClientMetadata: { rotateRefreshToken: true, refreshTokenTtlInDays: 10 }, }); const updatedApplication = await getApplication(application.id); expect(updatedApplication.description).toBe(newApplicationDescription); expect(updatedApplication.oidcClientMetadata.redirectUris).toEqual(newRedirectUris); + expect(updatedApplication.customClientMetadata).toStrictEqual({ + rotateRefreshToken: true, + refreshTokenTtlInDays: 10, + }); }); it('should update application "admin" successfully', async () => { diff --git a/packages/phrases/src/locales/de/translation/admin-console/application-details.ts b/packages/phrases/src/locales/de/translation/admin-console/application-details.ts index d2a4f88e9..d6dcb8532 100644 --- a/packages/phrases/src/locales/de/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/de/translation/admin-console/application-details.ts @@ -12,9 +12,10 @@ const application_details = { application_name_placeholder: 'Meine App', description: 'Beschreibung', description_placeholder: 'Gib eine Beschreibung ein', + config_endpoint: 'OpenID Provider Konfigurations-Endpunkt', authorization_endpoint: 'Autorisierungs-Endpoint', authorization_endpoint_tip: - 'Der Endpoint, der für die Authentifizierung und Autorisierung via OpenID Connect verwendet wird.', + 'Der Endpoint, der für die Authentifizierung und Authorisierung via OpenID Connect verwendet wird.', application_id: 'App ID', application_id_tip: 'Die eindeutige Anwendungs-ID, die normalerweise von Logto generiert wird. Es steht auch für "client_id" in OpenID Connect.', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: 'Immer den Refresh Token ausgeben', always_issue_refresh_token_label: 'Durch Aktivieren dieser Konfiguration kann Logto immer Refresh Tokens ausgeben, unabhängig davon, ob in der Authentifizierungsanforderung "prompt=consent" angegeben ist. Diese Praxis wird jedoch nur dann empfohlen, wenn es notwendig ist, da sie nicht mit OpenID Connect kompatibel ist und möglicherweise Probleme verursacht.', + refresh_token_ttl: 'Ablaufzeit des Refresh Tokens in Tagen', + refresh_token_ttl_tip: + 'Die Dauer, für die ein Refresh Token verwendet werden kann, um neue Zugriffstoken anzufordern, bevor es abläuft und ungültig wird. Token-Anfragen erweitern die Verfallszeit des Refresh Tokens auf diesen Wert.', + rotate_refresh_token: 'Refresh Token drehen', + rotate_refresh_token_label: + 'Wenn diese Option aktiviert ist, wird Logto für Tokenanfragen ein neues Refresh Token ausgeben, wenn 70% der ursprünglichen Zeit bis zur Ausführung (TTL) verstrichen sind oder bestimmte Bedingungen erfüllt sind. Erfahren Sie mehr', delete_description: 'Diese Aktion kann nicht rückgängig gemacht werden. Die Anwendung wird permanent gelöscht. Bitte gib den Anwendungsnamen {{name}} zur Bestätigung ein.', enter_your_application_name: 'Gib einen Anwendungsnamen ein', diff --git a/packages/phrases/src/locales/de/translation/admin-console/errors.ts b/packages/phrases/src/locales/de/translation/admin-console/errors.ts index c2247a2f6..4d9c61a67 100644 --- a/packages/phrases/src/locales/de/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/de/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 not found', create_internal_role_violation: 'Sie erstellen eine neue interne Rolle, die von Logto verboten ist. Versuchen Sie einen anderen Namen, der nicht mit "#internal:" beginnt.', + should_be_an_integer: 'Sollte eine Ganzzahl sein.', + number_should_be_between_inclusive: + 'Die Zahl sollte zwischen {{min}} und {{max}} (beide inklusive) liegen.', }; export default errors; diff --git a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts index fdf1e3bb5..62cfef71a 100644 --- a/packages/phrases/src/locales/en/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/en/translation/admin-console/application-details.ts @@ -12,6 +12,7 @@ const application_details = { application_name_placeholder: 'My App', description: 'Description', description_placeholder: 'Enter your application description', + config_endpoint: 'OpenID Provider configuration endpoint', authorization_endpoint: 'Authorization Endpoint', authorization_endpoint_tip: "The endpoint to perform authentication and authorization. It's used for OpenID Connect Authentication.", @@ -43,7 +44,13 @@ const application_details = { 'Enable or disable the access to Management API. Once enabled, you can use access tokens to call Management API on behalf on this application.', always_issue_refresh_token: 'Always issue Refresh Token', always_issue_refresh_token_label: - 'Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request. However, this practice is discouraged unless necessary, as it is not compatible with OpenID Connect and may potentially cause issues.', + 'When enabled, Logto will always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request. However, this practice is discouraged unless necessary, as it is not compatible with OpenID Connect and may potentially cause issues.', + refresh_token_ttl: 'Refresh Token Time to Live (TTL) in days', + refresh_token_ttl_tip: + 'The duration for which a Refresh Token can be used to request new access tokens before it expires and becomes invalid. Token requests will extend the TTL of the Refresh Token to this value.', + rotate_refresh_token: 'Rotate Refresh Token', + rotate_refresh_token_label: + 'When enabled, Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed or certain conditions are met. Learn more', delete_description: 'This action cannot be undone. It will permanently delete the application. Please enter the application name {{name}} to confirm.', enter_your_application_name: 'Enter your application name', diff --git a/packages/phrases/src/locales/en/translation/admin-console/errors.ts b/packages/phrases/src/locales/en/translation/admin-console/errors.ts index 1d91d080f..1bbd7cc5f 100644 --- a/packages/phrases/src/locales/en/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/en/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 not found', create_internal_role_violation: 'You are creating a new internal role which is forbidden by Logto. Try another name that does not start with "#internal:".', + should_be_an_integer: 'Should be an integer.', + number_should_be_between_inclusive: + 'Then number should be between {{min}} and {{max}} (both inclusive).', }; export default errors; diff --git a/packages/phrases/src/locales/es/translation/admin-console/application-details.ts b/packages/phrases/src/locales/es/translation/admin-console/application-details.ts index 8990386c7..324427057 100644 --- a/packages/phrases/src/locales/es/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/es/translation/admin-console/application-details.ts @@ -12,6 +12,7 @@ const detalles_aplicacion = { application_name_placeholder: 'Mi App', description: 'Descripción', description_placeholder: 'Ingresa la descripción de tu aplicación', + config_endpoint: 'Endpoint de configuración del proveedor OpenID', // Endpoint de configuración del proveedor OpenID authorization_endpoint: 'Endpoint de Autorización', authorization_endpoint_tip: 'El endpoint para la autenticación y autorización. Se utiliza para OpenID Connect Autenticación.', @@ -19,21 +20,21 @@ const detalles_aplicacion = { application_id_tip: 'El identificador de aplicación único normalmente generado por Logto. También se conoce como “client_id” en OpenID Connect.', application_secret: 'Aplicación Secreta', - redirect_uri: 'URI de Redirección', - redirect_uris: 'URIs de Redirección', + redirect_uri: 'URI de Redireccionamiento', + redirect_uris: 'URIs de Redireccionamiento', redirect_uri_placeholder: 'https://tu.pagina.com/app', redirect_uri_placeholder_native: 'io.logto://callback', redirect_uri_tip: 'El URI hacia donde se redirecciona después de que un usuario inicie sesión (correctamente o no). Consulta OpenID Connect AuthRequest para más información.', - post_sign_out_redirect_uri: 'Post Sign-out Redirect URI', - post_sign_out_redirect_uris: 'Post Sign-out Redirect URIs', + post_sign_out_redirect_uri: 'Post Sign-out URI de Redireccionamiento', + post_sign_out_redirect_uris: 'Post Sign-out URIs de Redireccionamiento', post_sign_out_redirect_uri_placeholder: 'https://tu.pagina.com/home', post_sign_out_redirect_uri_tip: 'El URI hacia donde se redirecciona después de que un usuario cierre sesión (opcional). Puede que no tenga efecto para algunos tipos de aplicaciones.', cors_allowed_origins: 'Orígenes permitidos CORS', cors_allowed_origins_placeholder: 'https://tu.pagina.com', cors_allowed_origins_tip: - 'Por defecto, se permitirán todos los orígenes de los URIs de Redirección. Normalmente no es necesario hacer nada en este campo. Consulta la documentación de MDN para obtener información detallada.', + 'Por defecto, se permitirán todos los orígenes de los URIs de Redireccionamiento. Normalmente no es necesario hacer nada en este campo. Consulta la documentación de MDN para obtener información detallada.', id_token_expiration: 'Vencimiento del Token ID', refresh_token_expiration: 'Vencimiento del Token de Refresco', token_endpoint: 'Endpoint del Token', @@ -44,11 +45,17 @@ const detalles_aplicacion = { always_issue_refresh_token: 'Siempre emitir Token de Refresco', always_issue_refresh_token_label: 'Al habilitar esta configuración, Logto siempre emitirá Tokens de Refresco, independientemente de si se presenta o no “prompt=consent” en la solicitud de autenticación. Sin embargo, esta práctica no está recomendada a menos que sea necesario, ya que no es compatible con OpenID Connect y puede causar problemas potenciales.', + refresh_token_ttl: 'Tiempo de vida útil del Token de refresco (TTL) en días', + refresh_token_ttl_tip: + 'La duración durante la cual un token de refresco puede ser utilizado para solicitar nuevos tokens de acceso antes de que expire y se vuelva inválido. Las solicitudes de tokens extenderán el TTL del token de refresco a este valor.', + rotate_refresh_token: 'Rotar el token de refresco', + rotate_refresh_token_label: + 'Cuando está habilitado, Logto emitirá un nuevo token de refresco para las solicitudes de token cuando ha pasado el 70 % del tiempo de vida útil (TTL) original o se cumplen ciertas condiciones. Más información', delete_description: 'Esta acción no se puede deshacer. Eliminará permanentemente la aplicación. Ingresa el nombre de la aplicación {{name}} para confirmar.', enter_your_application_name: 'Ingresa el nombre de tu aplicación', application_deleted: 'Se ha eliminado exitosamente la aplicación {{name}}', - redirect_uri_required: 'Debes ingresar al menos un URI de Redirección', + redirect_uri_required: 'Debes ingresar al menos un URI de Redireccionamiento', }; export default detalles_aplicacion; diff --git a/packages/phrases/src/locales/es/translation/admin-console/errors.ts b/packages/phrases/src/locales/es/translation/admin-console/errors.ts index 3c04d0ab5..71387c671 100644 --- a/packages/phrases/src/locales/es/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/es/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 no encontrado', create_internal_role_violation: 'Estás creando un nuevo rol interno que está prohibido por Logto. Prueba con otro nombre que no comience con "#intern:".', + should_be_an_integer: 'Debe ser un número entero.', + number_should_be_between_inclusive: + 'Entonces el número debe estar entre {{min}} y {{max}} (ambos inclusive).', }; export default errors; diff --git a/packages/phrases/src/locales/fr/translation/admin-console/application-details.ts b/packages/phrases/src/locales/fr/translation/admin-console/application-details.ts index 4f31622c3..b45fff3fa 100644 --- a/packages/phrases/src/locales/fr/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/fr/translation/admin-console/application-details.ts @@ -12,6 +12,7 @@ const application_details = { application_name_placeholder: 'Mon App', description: 'Description', description_placeholder: 'Entrez la description de votre application', + config_endpoint: 'Point de configuration du fournisseur OpenID', authorization_endpoint: "Point de terminaison d'autorisation", authorization_endpoint_tip: "Le point de terminaison pour effectuer l'authentification et l'autorisation. Il est utilisé pour l'authentification OpenID Connect.", @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: 'Toujours émettre le Refresh Token.', always_issue_refresh_token_label: "En activant cette configuration, Logto pourra toujours émettre des Refresh Tokens, indépendamment de la présentation ou non de la demande d'authentification `prompt=consent`. Cependant, cette pratique est découragée sauf si nécessaire, car elle n'est pas compatible avec OpenID Connect et peut potentiellement causer des problèmes.", + refresh_token_ttl: 'Durée de vie du rafraîchissement du jeton en jours', + refresh_token_ttl_tip: + "La durée pendant laquelle un Refresh Token peut être utilisé pour demander de nouveaux jetons d'accès avant qu'il n'expire et devienne invalide. Les demandes de jeton étendront la durée de vie du Refresh Token à cette valeur.", + rotate_refresh_token: 'Tourner le Refresh Token', + rotate_refresh_token_label: + "Lorsqu'elle est activée, Logto émettra un nouveau Refresh Token pour les demandes de jeton lorsque 70% de la durée de vie (TTL) d'origine est écoulée ou que certaines conditions sont remplies. En savoir plus", delete_description: "Cette action ne peut être annulée. Elle supprimera définitivement l'application. Veuillez entrer le nom de l'application {{nom}} pour confirmer.", enter_your_application_name: 'Entrez le nom de votre application', diff --git a/packages/phrases/src/locales/fr/translation/admin-console/errors.ts b/packages/phrases/src/locales/fr/translation/admin-console/errors.ts index c3c7fa857..3af1d90f7 100644 --- a/packages/phrases/src/locales/fr/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/fr/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 non trouvé', create_internal_role_violation: 'Vous créez un nouveau rôle interne qui est interdit par Logto. Essayez un autre nom qui ne commence pas par "#internal:".', + should_be_an_integer: 'Doit être un entier.', + number_should_be_between_inclusive: + 'Le nombre doit être compris entre {{min}} et {{max}} (inclusivement).', }; export default errors; diff --git a/packages/phrases/src/locales/it/translation/admin-console/application-details.ts b/packages/phrases/src/locales/it/translation/admin-console/application-details.ts index 58874ef21..bb15aa3ee 100644 --- a/packages/phrases/src/locales/it/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/it/translation/admin-console/application-details.ts @@ -12,10 +12,11 @@ const application_details = { application_name_placeholder: 'La mia app', description: 'Descrizione', description_placeholder: 'Inserisci la descrizione della tua applicazione', - authorization_endpoint: 'Authorization Endpoint', + config_endpoint: 'Endpoint di configurazione OpenID Provider', + authorization_endpoint: 'Endpoint di autorizzazione', authorization_endpoint_tip: "L'endpoint per effettuare l'autenticazione e l'autorizzazione. Viene utilizzato per la connessione OpenID autenticazione.", - application_id: 'ID Applicazione', + application_id: 'App ID', application_id_tip: 'L\'identificatore univoco dell\'applicazione generato normalmente da Logto. Sta anche per "client_id" in OpenID Connect.', application_secret: 'App Segreta', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: 'Rilascia sempre il token di aggiornamento', always_issue_refresh_token_label: 'Abilitando questa configurazione, Logto potrà rilasciare sempre token di aggiornamento, anche se `prompt=consent` non viene presentata nella richiesta di autenticazione. Tuttavia, questa pratica è scoraggiata a meno che non sia necessaria, in quanto non è compatibile con OpenID Connect e potrebbe potenzialmente causare problemi.', + refresh_token_ttl: 'Tempo di vita del token di aggiornamento in giorni', + refresh_token_ttl_tip: + 'La durata per cui un token di aggiornamento può essere utilizzato per richiedere nuovi access token prima che scada e diventa non valido, le richieste di token estenderanno il TTL del token di aggiornamento a questo valore.', + rotate_refresh_token: 'Ruota token di aggiornamento', + rotate_refresh_token_label: + 'Quando abilitato, Logto emetterà un nuovo token di aggiornamento per le richieste di token quando è passato il 70% del Tempo di vita (TTL) originale o sono soddisfatte determinate condizioni. Ulteriori informazioni', delete_description: "Questa azione non può essere annullata. Eliminerà definitivamente l'applicazione. Inserisci il nome dell'applicazione {{name}} per confermare.", enter_your_application_name: 'Inserisci il nome della tua applicazione', diff --git a/packages/phrases/src/locales/it/translation/admin-console/errors.ts b/packages/phrases/src/locales/it/translation/admin-console/errors.ts index 29b7835a7..170590e2c 100644 --- a/packages/phrases/src/locales/it/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/it/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 non trovato', create_internal_role_violation: "Stai creando un nuovo ruolo interno che è proibito da Logto. Prova un altro nome che non inizi con '#internal:'.", + should_be_an_integer: 'Deve essere un numero intero.', + number_should_be_between_inclusive: + 'Il numero deve essere compreso tra {{min}} e {{max}} (inclusi).', }; export default errors; diff --git a/packages/phrases/src/locales/ja/translation/admin-console/application-details.ts b/packages/phrases/src/locales/ja/translation/admin-console/application-details.ts index a8d9d73fe..a57cb60dd 100644 --- a/packages/phrases/src/locales/ja/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/ja/translation/admin-console/application-details.ts @@ -12,12 +12,13 @@ const application_details = { application_name_placeholder: '私のアプリ', description: '説明', description_placeholder: 'アプリケーションの説明を入力してください', + config_endpoint: 'OpenID Providerの構成エンドポイント', authorization_endpoint: '認可エンドポイント', authorization_endpoint_tip: - '認証と認可を実行するエンドポイントです。 OpenID Connectの認証に使用されます。', + '認証と認可を実行するエンドポイントです。OpenID Connectの認証に使用されます。', application_id: 'アプリID', application_id_tip: - '通常Logtoによって生成される一意のアプリケーション識別子です。 OpenID Connectでは「client_id」とも呼ばれます。', + '通常Logtoによって生成される一意のアプリケーション識別子です。OpenID Connectでは「client_id」とも呼ばれます。', application_secret: 'アプリのシークレット', redirect_uri: 'リダイレクトURI', redirect_uris: 'リダイレクトURI', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: '常にRefresh Tokenを発行する', always_issue_refresh_token_label: 'この設定を有効にすると、Logtoは、認証要求に「prompt = consent」が提示されたかどうかにかかわらず、常にRefresh Tokenを発行することができます。ただし、OpenID Connectと互換性がないため、必要でない限りこのプラクティスは推奨されず、問題が発生する可能性があります。', + refresh_token_ttl: 'リフレッシュトークンの有効期限(日単位)', + refresh_token_ttl_tip: + 'リフレッシュトークンが期限切れになるまでの期間です。トークンリクエストは、リフレッシュトークンのTTLをこの値に延長します。', + rotate_refresh_token: 'Refresh Tokenを切り替える', + rotate_refresh_token_label: + '有効にすると、Logtoは、元のTTLの70%が経過したときまたは特定の条件が満たされた場合、トークン要求で新しいRefresh Tokenを発行します。詳細を見る', delete_description: 'この操作は元に戻すことはできません。アプリケーション名「{{name}}」を入力して確認してください。', enter_your_application_name: 'アプリケーション名を入力してください', diff --git a/packages/phrases/src/locales/ja/translation/admin-console/errors.ts b/packages/phrases/src/locales/ja/translation/admin-console/errors.ts index c72f3f8aa..8c8eb7ce6 100644 --- a/packages/phrases/src/locales/ja/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/ja/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404が見つかりません', create_internal_role_violation: '新しい内部ロールを作成しているため、Logtoによって禁止されています。 「#internal:」で始まらない別の名前を試してください。', + should_be_an_integer: '整数である必要があります。', + number_should_be_between_inclusive: + '{{min}}から{{max}}(両方含む)までの数値である必要があります。', }; export default errors; diff --git a/packages/phrases/src/locales/ko/translation/admin-console/application-details.ts b/packages/phrases/src/locales/ko/translation/admin-console/application-details.ts index 50bd80746..2ff750d9f 100644 --- a/packages/phrases/src/locales/ko/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/ko/translation/admin-console/application-details.ts @@ -12,7 +12,8 @@ const application_details = { application_name_placeholder: '나의 앱', description: '설명', description_placeholder: '어플리케이션 설명을 적어주세요.', - authorization_endpoint: '인증 End-Point', + config_endpoint: 'OpenID Provider 구성 endpoint', + authorization_endpoint: '인증 Endpoint', authorization_endpoint_tip: '인증 및 권한 부여를 진행할 End-Point예요. OpenID Connect 인증에서 사용되던 값이에요.', application_id: '앱 ID', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: '항상 Refresh Token을 발급하세요', always_issue_refresh_token_label: '다음 구성을 활성화하면 Logto가 인증 요청에 `prompt=consent`가 제시되었는지 여부와 상관없이 항상 Refresh Token을 발급할 수 있게 됩니다. 그러나 OpenID Connect와 호환되지 않으며 문제가 발생할 수 있으므로 필요하지 않은 경우에는 이러한 방법을 권장하지 않습니다. ', + refresh_token_ttl: 'Refresh Token Time to Live (TTL) (일)', + refresh_token_ttl_tip: + 'Refresh Token이 새로운 엑세스 토큰을 요청할 수 있는 기간입니다. 토큰 요청이 이루어지면 Refresh Token의 TTL이 이 값으로 연장됩니다.', + rotate_refresh_token: 'Refresh Token 회전', + rotate_refresh_token_label: + '활성화하면, 원래의 TTL 중 70%가 지난 후 또는 특정 조건이 충족되면 Refresh Token 요청에 대해 새로운 Refresh Token을 발행합니다. 자세히 보기', delete_description: '이 행동은 취소될 수 없어요. 어플리케이션을 영원히 삭제할 거에요. 삭제를 진행하기 위해 {{name}} 를 입력해주세요.', enter_your_application_name: '어플리케이션 이름을 입력해 주세요.', diff --git a/packages/phrases/src/locales/ko/translation/admin-console/errors.ts b/packages/phrases/src/locales/ko/translation/admin-console/errors.ts index 751cd6cd0..e9f337de2 100644 --- a/packages/phrases/src/locales/ko/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/ko/translation/admin-console/errors.ts @@ -21,6 +21,8 @@ const errors = { not_found: '404 찾을 수 없음', create_internal_role_violation: 'Logto에 의해 금지된 내부 역할을 생성하려고 하고 있어요. "#internal:"로 시작하지 않는 다른 이름을 사용하세요.', + should_be_an_integer: '정수이어야 합니다.', + number_should_be_between_inclusive: '숫자는 {{min}} 이상 {{max}} 이하이어야 합니다.', }; export default errors; diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/application-details.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/application-details.ts index f2fe89ce3..337ef9841 100644 --- a/packages/phrases/src/locales/pl-pl/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/application-details.ts @@ -1,6 +1,6 @@ const application_details = { page_title: 'Szczegóły aplikacji', - back_to_applications: 'Powrót do Aplikacji', + back_to_applications: 'Powrót do aplikacji', check_guide: 'Sprawdź przewodnik', settings: 'Ustawienia', settings_description: @@ -12,6 +12,7 @@ const application_details = { application_name_placeholder: 'Moja aplikacja', description: 'Opis', description_placeholder: 'Wpisz opis swojej aplikacji', + config_endpoint: 'Konfiguracja punktu końcowego OpenID Provider', authorization_endpoint: 'Endpoint autoryzacji', authorization_endpoint_tip: 'Endpoint wykorzystywany do autentykacji i autoryzacji. Używany jest dla OpenID Connect Autentykacji.', @@ -35,7 +36,7 @@ const application_details = { cors_allowed_origins_tip: 'Domyślnie dozwolone będą wszystkie źródła z adresów URL przekierowania. Zazwyczaj nie wymaga to żadnych działań. Zobacz dokumentację MDN dla szczegółowych informacji.', id_token_expiration: 'Ważność ID Token', - refresh_token_expiration: 'Ważność Token odświeżania', + refresh_token_expiration: 'Ważność Tokena odświeżania', token_endpoint: 'Endpoint Tokena', user_info_endpoint: 'Endpoint Informacji o użytkowniku', enable_admin_access: 'Włącz dostęp administratora', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: 'Zawsze wydawaj Refresh Token', always_issue_refresh_token_label: 'Rozwiazanie tej konfiguracji pozwoli Logto zawsze wydawac cwiecze tokeny, bez wzgledu na to, czy w zadaniu autoryzacji zostal przedstawiony `prompt=consent`. Jednak ta praktyka jest odstraszana, chyba ze konieczne, jak nie jest w pelni kompatybilna z OpenID Connect i moze potencjalnie powodowac problemy.', + refresh_token_ttl: 'Czas życia tokena odświeżania w dniach', + refresh_token_ttl_tip: + 'Okres, przez który Token odświeżania można używać do żądania nowych tokenów dostępu, zanim wygaśnie i zostanie unieważniony. Wymaga to przedłużenia czasu życia tokenów żądania. ', + rotate_refresh_token: 'Obróć token odświeżania', + rotate_refresh_token_label: + 'Po włączeniu tej opcji Logto wydaje nowy Token odświeżania dla żądań tokenów, gdy upłynęło 70% oryginalnego czasu życia (TTL) lub spełnione są pewne warunki. Dowiedz się więcej', delete_description: 'Ta operacja nie może zostać cofnięta. Skutkuje ona trwałym usunięciem aplikacji. Aby potwierdzić, wpisz nazwę aplikacji {{name}}.', enter_your_application_name: 'Wpisz nazwę swojej aplikacji', diff --git a/packages/phrases/src/locales/pl-pl/translation/admin-console/errors.ts b/packages/phrases/src/locales/pl-pl/translation/admin-console/errors.ts index 5a61994df..98fa5f772 100644 --- a/packages/phrases/src/locales/pl-pl/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/pl-pl/translation/admin-console/errors.ts @@ -21,7 +21,10 @@ const errors = { unexpected_error: 'Wystąpił nieoczekiwany błąd.', not_found: '404 nie znaleziono', create_internal_role_violation: - 'Tworzysz nową wewnętrzną rolę, co jest zabronione przez Logto. Spróbuj użyć innego nazwy, która nie zaczyna się od "# internal:".', + 'Tworzysz nową wewnętrzną rolę, co jest zabronione przez Logto. Spróbuj użyć innego nazwy, która nie zaczyna się od "#internal:".', + should_be_an_integer: 'Powinno być liczbą całkowitą.', + number_should_be_between_inclusive: + 'Następnie liczba powinna być między {{min}} a {{max}} (włącznie).', }; export default errors; diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/application-details.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/application-details.ts index f623310d4..9bced16e4 100644 --- a/packages/phrases/src/locales/pt-br/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/pt-br/translation/admin-console/application-details.ts @@ -12,6 +12,7 @@ const application_details = { application_name_placeholder: 'Meu aplicativo', description: 'Descrição', description_placeholder: 'Digite a descrição do seu aplicativo', + config_endpoint: 'OpenID Provider configuração endpoint', authorization_endpoint: 'Endpoint de autorização', authorization_endpoint_tip: 'O endpoint para executar autenticação e autorização. É usado para autenticação OpenID Connect.', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: 'Emitir sempre o token de refresh', always_issue_refresh_token_label: 'Ativar esta configuração permitirá que a Logto emita sempre tokens de Refresh, independentemente de "prompt=consent" ser apresentado na solicitação de autenticação. No entanto, essa prática é desencorajada, a menos que seja necessária, pois não é compatível com o OpenID Connect e pode potencialmente causar problemas.', + refresh_token_ttl: 'Tempo de vida do Refresh Token em dias', + refresh_token_ttl_tip: + 'A duração para a qual um Refresh Token pode ser usado para solicitar novos tokens de acesso antes que expire e se torne inválido. As solicitações de token estenderão o TTL do Refresh Token para este valor.', + rotate_refresh_token: 'Rotacionar Refresh Token', + rotate_refresh_token_label: + 'Quando ativado, a Logto emitirá um novo Refresh Token para solicitações de token quando 70% do tempo de vida original (TTL) tenha passado ou certas condições sejam atendidas. Saiba mais', delete_description: 'Essa ação não pode ser desfeita. Isso excluirá permanentemente o aplicativo. Insira o nome do aplicativo {{name}} para confirmar.', enter_your_application_name: 'Digite o nome do seu aplicativo', diff --git a/packages/phrases/src/locales/pt-br/translation/admin-console/errors.ts b/packages/phrases/src/locales/pt-br/translation/admin-console/errors.ts index 4ed327c67..cee1b9d6b 100644 --- a/packages/phrases/src/locales/pt-br/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/pt-br/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 não encontrado', create_internal_role_violation: 'Você está criando uma nova função interna que é proibida pela Logto. Tente outro nome que não comece com "#internal:".', + should_be_an_integer: 'Deveria ser um inteiro.', + number_should_be_between_inclusive: + 'Então o número deve estar entre {{min}} e {{max}} (ambos inclusive).', }; export default errors; diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/application-details.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/application-details.ts index 147238cb1..d5068e633 100644 --- a/packages/phrases/src/locales/pt-pt/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/application-details.ts @@ -12,6 +12,7 @@ const application_details = { application_name_placeholder: 'Ex: Site da Empresa', description: 'Descrição', description_placeholder: 'Insira a descrição da sua aplicação', + config_endpoint: 'OpenID Provedor endpoint de configuração', authorization_endpoint: 'Endpoint de autorização', authorization_endpoint_tip: 'O endpoint para realizar a autenticação e autorização. É usado para autenticação OpenID Connect.', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: 'Sempre emitir Refresh Token', always_issue_refresh_token_label: 'Ao ativar essa configuração, a Logto sempre emitirá tokens de atualização, independentemente de `prompt=consent`ser apresentado na solicitação de autenticação. No entanto, essa prática é desencorajada, a menos que seja necessária, pois não é compatível com OpenID Connect e pode causar problemas.', + refresh_token_ttl: 'Tempo de vida do token de atualização em dias', + refresh_token_ttl_tip: + 'O tempo pelo qual um token de atualização pode ser usado para solicitar novos tokens de acesso antes de expirar e se tornar inválido. As solicitações de token estenderão o TTL do token de atualização para esse valor.', + rotate_refresh_token: 'Rodar o Token de Atualização', + rotate_refresh_token_label: + 'Quando ativado, o Logto emitirá um novo Token de Atualização para solicitações de token quando 70% do tempo de vida original (TTL) tiver passado ou certas condições forem atendidas. Learn more', delete_description: 'Esta ação não pode ser revertida. Esta ação irá eliminar permanentemente a aplicação. Insira o nome da aplicação {{name}} para confirmar.', enter_your_application_name: 'Insira o nome da aplicação', diff --git a/packages/phrases/src/locales/pt-pt/translation/admin-console/errors.ts b/packages/phrases/src/locales/pt-pt/translation/admin-console/errors.ts index f212ed501..eeda3ffd2 100644 --- a/packages/phrases/src/locales/pt-pt/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/pt-pt/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 not found', create_internal_role_violation: 'Está a criar uma nova função interna que é proibida pelo Logto. Tente outro nome que não comece com "#internal:".', + should_be_an_integer: 'Deve ser um inteiro.', + number_should_be_between_inclusive: + 'Então o número deve estar entre {{min}} e {{max}} (ambos inclusivos).', }; export default errors; diff --git a/packages/phrases/src/locales/ru/translation/admin-console/application-details.ts b/packages/phrases/src/locales/ru/translation/admin-console/application-details.ts index 510eafdcc..217c77d18 100644 --- a/packages/phrases/src/locales/ru/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/ru/translation/admin-console/application-details.ts @@ -12,6 +12,7 @@ const application_details = { application_name_placeholder: 'Мое приложение', description: 'Описание', description_placeholder: 'Введите описание своего приложения', + config_endpoint: 'Конечная точка конфигурации OpenID Provider', authorization_endpoint: 'Конечная точка авторизации', authorization_endpoint_tip: 'Конечная точка для аутентификации и авторизации. Он используется для аутентификации OpenID Connect .', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: 'Всегда выдавать Refresh Token', always_issue_refresh_token_label: 'Включение этой настройки позволит Logto всегда выдавать Refresh Tokens, независимо от того, была ли в запросе на аутентификацию предложена команда `prompt=consent`. Однако данная практика не рекомендуется, если это необходимо, поскольку она несовместима с OpenID Connect и может вызвать проблемы.', + refresh_token_ttl: 'Time to Live (TTL) Refresh Token в днях', + refresh_token_ttl_tip: + 'Продолжительность, на протяжении которой Refresh Token может использоваться для запроса новых токенов доступа, прежде чем он истечет и станет недействительным. Запросы токенов будут продлевать TTL Refresh Token до этого значения.', + rotate_refresh_token: 'Поворот Refresh Token', + rotate_refresh_token_label: + 'При включении Logto будет выдавать новый Refresh Token для запросов токенов, когда пройдет 70% изначального Time to Live (TTL) или будут выполнены определенные условия. Узнать больше', delete_description: 'Это действие нельзя отменить. Оно навсегда удалит приложение. Введите название приложения {{name}} , чтобы подтвердить.', enter_your_application_name: 'Введите название своего приложения', diff --git a/packages/phrases/src/locales/ru/translation/admin-console/errors.ts b/packages/phrases/src/locales/ru/translation/admin-console/errors.ts index 4185de4e2..0baefb2bf 100644 --- a/packages/phrases/src/locales/ru/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/ru/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 не найдено', create_internal_role_violation: 'Вы создаете новую внутреннюю роль, что запрещено Logto. Попробуйте другое имя, которое не начинается с "#internal:".', + should_be_an_integer: 'Должно быть целым числом.', + number_should_be_between_inclusive: + 'Тогда число должно быть между {{min}} и {{max}} (включительно).', }; export default errors; diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/application-details.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/application-details.ts index e1c0d2956..e470b2fb0 100644 --- a/packages/phrases/src/locales/tr-tr/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/application-details.ts @@ -12,6 +12,7 @@ const application_details = { application_name_placeholder: 'Uygulamam', description: 'Açıklama', description_placeholder: 'Uygulama açıklamasını giriniz', + config_endpoint: 'OpenID Provider yapılandırma bitiş noktası', authorization_endpoint: 'Yetkilendirme bitiş noktası', authorization_endpoint_tip: 'Kimlik doğrulama ve yetkilendirme gerçekleştirmek için bitiş noktası. OpenID Connect Authentication için kullanılır.', @@ -44,6 +45,12 @@ const application_details = { always_issue_refresh_token: 'Her zaman Refresh Token ver', always_issue_refresh_token_label: "Bu yapılandırmayı etkinleştirmek, Logto'nun OpenID Connect ile uyumlu olmayan ve olası sorunlara neden olabilecek her zaman Refresh Token çıkarmasına izin verir `prompt=consent` kimlik doğrulama isteğinin sunulup sunulmadığına bakılmaksızın. Ancak, bu uygulama yalnızca zorunlu olduğunda caydırılmayan bir uygulamadır.", + refresh_token_ttl: 'Refresh Token süresi (gün cinsinden)', + refresh_token_ttl_tip: + 'Yeni erişim belirteği istekleri için Refresh Belirteği kullanılabilecek süre. Belirteğin süresi dolmadan önce yapılan talepler belirteğin ömrünü uzatacaktır.', + rotate_refresh_token: 'Refresh Tokenı değiştir', + rotate_refresh_token_label: + 'Bu seçenek etkinleştirildiğinde, Logto Token Bitiş Süresinin %70'i geçildiğinde veya belli koşullar sağlandığında yeni bir Refresh Token verecektir. Daha fazlası için tıklayın', delete_description: 'Bu eylem geri alınamaz. Uygulama kalıcı olarak silinecektir. Lütfen onaylamak için uygulama adı {{name}} girin.', enter_your_application_name: 'Uygulama adı giriniz', diff --git a/packages/phrases/src/locales/tr-tr/translation/admin-console/errors.ts b/packages/phrases/src/locales/tr-tr/translation/admin-console/errors.ts index 851ebfc21..128beb4fa 100644 --- a/packages/phrases/src/locales/tr-tr/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/tr-tr/translation/admin-console/errors.ts @@ -22,6 +22,9 @@ const errors = { not_found: '404 bulunamadı', create_internal_role_violation: 'Yeni bir dahili rol oluşturuyorsunuz, bu Logto tarafından yasaklanmıştır. "#internal:" ile başlamayan başka bir ad deneyin.', + should_be_an_integer: 'Tamsayı olmalıdır.', + number_should_be_between_inclusive: + 'Sayı {{min}} ve {{max}} arasında (her ikisi de dahil) olmalıdır.', }; export default errors; diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/application-details.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/application-details.ts index b74873c40..dc818741d 100644 --- a/packages/phrases/src/locales/zh-cn/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/application-details.ts @@ -11,6 +11,7 @@ const application_details = { application_name_placeholder: '我的应用', description: '描述', description_placeholder: '请输入应用描述', + config_endpoint: 'OpenID Provider 配置端点', authorization_endpoint: '授权端点', authorization_endpoint_tip: '进行鉴权与授权的端点。用于 OpenID Connect 中的 鉴权 流程。', application_id: '应用 ID', @@ -42,6 +43,12 @@ const application_details = { always_issue_refresh_token: '总是颁发 Refresh Token', always_issue_refresh_token_label: '启用此配置将允许 Logto 始终颁发 Refresh Token,无论身份验证请求中是否呈现 `prompt=consent`。 然而,除非必要,否则不推荐这样做,因为它与 OpenID Connect 不兼容,可能会导致问题。', + refresh_token_ttl: 'Refresh Token 有效期(天)', + refresh_token_ttl_tip: + '可用于请求新访问令牌的 Refresh Token 在过期之前的时间段。访问令牌请求将把 Refresh Token 的时效延长到此值。', + rotate_refresh_token: '轮换 Refresh Token', + rotate_refresh_token_label: + '启用后,当原先的 Refresh Token 的时效已经过去 70%,或者满足一定条件时,Logto 将会为访问令牌请求发放新的 Refresh Token。了解更多', delete_description: '本操作会永久性地删除该应用,且不可撤销。输入 {{name}} 确认。', enter_your_application_name: '输入你的应用名称', application_deleted: '应用 {{name}} 成功删除。', diff --git a/packages/phrases/src/locales/zh-cn/translation/admin-console/errors.ts b/packages/phrases/src/locales/zh-cn/translation/admin-console/errors.ts index 8d1c4369b..41f192f2c 100644 --- a/packages/phrases/src/locales/zh-cn/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/zh-cn/translation/admin-console/errors.ts @@ -20,6 +20,8 @@ const errors = { not_found: '404 找不到资源', create_internal_role_violation: '你正在创建一个被 Logto 禁止内部角色。尝试使用不以 "#internal:" 开头的其他名称。', + should_be_an_integer: '应该是整数。', + number_should_be_between_inclusive: '然后数字应该在 {{min}} 到 {{max}} 之间(两端都包括)。', }; export default errors; diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/application-details.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/application-details.ts index 153b0cbdf..fe37b7037 100644 --- a/packages/phrases/src/locales/zh-hk/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/application-details.ts @@ -11,6 +11,7 @@ const application_details = { application_name_placeholder: '我的應用程式', description: '描述', description_placeholder: '請輸入應用程式描述', + config_endpoint: 'OpenID Provider 配置端點', authorization_endpoint: '授權端點', authorization_endpoint_tip: '進行驗證和授權的端點。用於 OpenID Connect 中的 驗證 流程。', application_id: '應用程式 ID', @@ -41,7 +42,13 @@ const application_details = { '啟用或禁用對管理 API 的訪問。啟用後,你可以使用訪問權杖代表該應用程式調用管理 API。', always_issue_refresh_token: '始終發放 Refresh Token', always_issue_refresh_token_label: - '啟用此配置將允許 Logto 始終發行 Refresh Token,無論是否在驗證請求中呈現 `prompt=consent`。但是,除非必要,否則不建議這樣做,因為它不兼容 OpenID Connect,可能會引起問題。', + '啟用此配置將允許 Logto 始麼發行 Refresh Token,無論是否在驗證請求中呈現 `prompt=consent`。但是,除非必要,否則不建議這樣做,因為它不兼容 OpenID Connect,可能會引起問題。', + refresh_token_ttl: 'Refresh Token 的有效期(天)', + refresh_token_ttl_tip: + 'Refresh Token 可用來在其過期之前請求新的訪問權杖的持續時間。訪問令牌將將缺省的 TTL 延長到此值。', + rotate_refresh_token: '旋轉 Refresh Token', + rotate_refresh_token_label: + '啟用後,當原始 TTL 達到 70% 或滿足某些條件時就可以在令牌請求中為 Refresh Token 發行新的 Refresh Token。 瞭解更多。', delete_description: '本操作會永久性地刪除該應用,且不可撤銷。輸入 {{name}} 確認。', enter_your_application_name: '輸入你的應用程式名稱', application_deleted: '應用 {{name}} 成功刪除。', diff --git a/packages/phrases/src/locales/zh-hk/translation/admin-console/errors.ts b/packages/phrases/src/locales/zh-hk/translation/admin-console/errors.ts index a1dddf86b..e8700e0c6 100644 --- a/packages/phrases/src/locales/zh-hk/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/zh-hk/translation/admin-console/errors.ts @@ -20,6 +20,8 @@ const errors = { not_found: '404 找不到資源', create_internal_role_violation: '你正在創建一個被 Logto 禁止內部角色。嘗試使用不以 "#internal:" 開頭的其他名稱。', + should_be_an_integer: '必须为整数。', + number_should_be_between_inclusive: '数值必须在{{min}}和{{max}}之间(包括{{min}}和{{max}})。', }; export default errors; diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/application-details.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/application-details.ts index 8f1084087..6d93e85db 100644 --- a/packages/phrases/src/locales/zh-tw/translation/admin-console/application-details.ts +++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/application-details.ts @@ -11,12 +11,13 @@ const application_details = { application_name_placeholder: '我的應用程式', description: '說明', description_placeholder: '請輸入應用程式說明', + config_endpoint: 'OpenID Provider 配置端點', authorization_endpoint: '授權端點', authorization_endpoint_tip: '進行驗證與授權的端點。用於 OpenID Connect 中的 驗證 流程。', application_id: '應用程式 ID', application_id_tip: '應用程式的唯一標識,通常由 Logto 生成。相當於 OpenID Connect 中的 client_id。', - application_secret: '應用程式密鑰', + application_secret: '應用程式秘鑰', redirect_uri: '重定向 URI', redirect_uris: '重定向 URIs', redirect_uri_placeholder: 'https://your.website.com/app', @@ -42,6 +43,12 @@ const application_details = { always_issue_refresh_token: '始終發放 Refresh Token', always_issue_refresh_token_label: '啟用此配置將使 Logto 無論在驗證請求中是否提供 prompt=consent,都能始終發放 Refresh Token。然而,除非必要,否則不鼓勵這種做法,因為它與 OpenID Connect 不相容並可能引起問題。', + refresh_token_ttl: 'Refresh Token 有效期(天數)', + refresh_token_ttl_tip: + 'Refresh Token 可用來獲取新的訪問令牌,失效日期之前可用。獲取訪問令牌時,該令牌的期限將被延長至此值。', + rotate_refresh_token: '旋轉 Refresh Token', + rotate_refresh_token_label: + '啟用此配置將使 Logto 当 Refresh Token 的原始有效期剩下 70% 时或当满足某些条件时,授予新的 Refresh Token 以获取新的 Access Token。了解更多', delete_description: '本操作會永久性地刪除該應用程式,且不可撤銷。輸入 {{name}} 確認。', enter_your_application_name: '輸入你的應用程式姓名', diff --git a/packages/phrases/src/locales/zh-tw/translation/admin-console/errors.ts b/packages/phrases/src/locales/zh-tw/translation/admin-console/errors.ts index 2da5f8a20..c829529d5 100644 --- a/packages/phrases/src/locales/zh-tw/translation/admin-console/errors.ts +++ b/packages/phrases/src/locales/zh-tw/translation/admin-console/errors.ts @@ -20,6 +20,8 @@ const errors = { not_found: '404 找不到資源', create_internal_role_violation: '你正在創建一個被 Logto 禁止的內部角色。嘗試使用不以 "#internal:" 開頭的其他名稱。', + should_be_an_integer: '應該是整數。', + number_should_be_between_inclusive: '數字應該在 {{min}} 和 {{max}} 之間(均包含)。', }; export default errors; diff --git a/packages/schemas/src/consts/date.ts b/packages/schemas/src/consts/date.ts new file mode 100644 index 000000000..778f2930d --- /dev/null +++ b/packages/schemas/src/consts/date.ts @@ -0,0 +1 @@ +export const inSeconds = Object.freeze({ oneMinute: 60, oneHour: 60 * 60, oneDay: 24 * 60 * 60 }); diff --git a/packages/schemas/src/consts/index.ts b/packages/schemas/src/consts/index.ts index 8fbbffb3b..ed37e9ae6 100644 --- a/packages/schemas/src/consts/index.ts +++ b/packages/schemas/src/consts/index.ts @@ -1,3 +1,4 @@ export * from './cookie.js'; export * from './system.js'; export * from './oidc.js'; +export * from './date.js'; diff --git a/packages/schemas/src/consts/oidc.ts b/packages/schemas/src/consts/oidc.ts index 7131ee772..f94fd6c63 100644 --- a/packages/schemas/src/consts/oidc.ts +++ b/packages/schemas/src/consts/oidc.ts @@ -1 +1,11 @@ +import { type CustomClientMetadata } from '../foundations/jsonb-types.js'; + +import { inSeconds } from './date.js'; + export const tenantIdKey = 'tenant_id'; + +export const customClientMetadataDefault = Object.freeze({ + idTokenTtl: inSeconds.oneHour, + refreshTokenTtlInDays: 14, + rotateRefreshToken: true, +} as const satisfies Partial); diff --git a/packages/schemas/src/foundations/jsonb-types.ts b/packages/schemas/src/foundations/jsonb-types.ts index 82aa4eccf..7b4c5336e 100644 --- a/packages/schemas/src/foundations/jsonb-types.ts +++ b/packages/schemas/src/foundations/jsonb-types.ts @@ -67,7 +67,9 @@ export type OidcClientMetadata = z.infer; export enum CustomClientMetadataKey { CorsAllowedOrigins = 'corsAllowedOrigins', IdTokenTtl = 'idTokenTtl', + /** @deprecated Use {@link RefreshTokenTtlInDays} instead. */ RefreshTokenTtl = 'refreshTokenTtl', + RefreshTokenTtlInDays = 'refreshTokenTtlInDays', TenantId = 'tenantId', /** * Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request. @@ -77,15 +79,23 @@ export enum CustomClientMetadataKey { * This config is for the third-party integrations that do not strictly follow OpenID Connect standards due to some reasons (e.g. they only know OAuth, but requires a Refresh Token to be returned anyway). */ AlwaysIssueRefreshToken = 'alwaysIssueRefreshToken', + /** + * When enabled (default), Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed. + * + * It can be turned off for only traditional web apps for enhanced security. + */ + RotateRefreshToken = 'rotateRefreshToken', } export const customClientMetadataGuard = z.object({ [CustomClientMetadataKey.CorsAllowedOrigins]: z.string().url().array().optional(), [CustomClientMetadataKey.IdTokenTtl]: z.number().optional(), [CustomClientMetadataKey.RefreshTokenTtl]: z.number().optional(), + [CustomClientMetadataKey.RefreshTokenTtlInDays]: z.number().int().min(1).max(90).optional(), [CustomClientMetadataKey.TenantId]: z.string().optional(), [CustomClientMetadataKey.AlwaysIssueRefreshToken]: z.boolean().optional(), -}); + [CustomClientMetadataKey.RotateRefreshToken]: z.boolean().optional(), +} satisfies Record); /** * @see {@link CustomClientMetadataKey} for key descriptions.