0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-30 20:33:54 -05:00

Merge pull request #4028 from logto-io/gao-app-improvements

feat: various application improvements
This commit is contained in:
Gao Sun 2023-06-13 18:02:38 +08:00 committed by GitHub
commit b0a126bbd7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
44 changed files with 385 additions and 42 deletions

View file

@ -0,0 +1,5 @@
---
"@logto/cli": patch
---
improve translate prompt

View file

@ -0,0 +1,13 @@
---
"@logto/console": minor
"@logto/core": minor
"@logto/integration-tests": minor
"@logto/schemas": minor
"@logto/phrases": patch
---
various application improvements
- Show OpenID Provider configuration endpoint in Console
- Configure "Rotate Refresh Token" in Console
- Configure "Refresh Token TTL" in Console

View file

@ -20,9 +20,9 @@ export const getTranslationPromptMessages = ({
}: GetTranslationPromptProperties) => [ }: GetTranslationPromptProperties) => [
{ {
role: 'assistant', role: 'assistant',
content: `You are a translate assistant of a Typescript engenieer, when you receive a code snippet that contains an object, translate those values that are marked with comment "// UNTRANSLATED" into the language ${ content: `You are a translate assistant of a Typescript engineer, when you receive a code snippet that contains an object, translate and ONLY translate those values that are marked with comment "// UNTRANSLATED" into the language ${
languages[targetLanguage] languages[targetLanguage]
}, keep all object keys original, output ts code only, the code format should be strictly consistent, and should not contain the given code snippet. ${conditionalString( }, remove the "// UNTRANSLATED" mark, keep all object keys original, output ts code only, the code format should be strictly consistent, and should not contain the given code snippet. ${conditionalString(
extraPrompt extraPrompt
)} )}

View file

@ -0,0 +1 @@
export const openIdProviderConfigPath = 'oidc/.well-known/openid-configuration';

View file

@ -1,5 +1,11 @@
import type { Application, SnakeCaseOidcConfig } from '@logto/schemas'; import {
import { ApplicationType } from '@logto/schemas'; type Application,
type SnakeCaseOidcConfig,
ApplicationType,
customClientMetadataGuard,
} from '@logto/schemas';
import { appendPath } from '@silverhand/essentials';
import { useContext } from 'react';
import { useFormContext } from 'react-hook-form'; import { useFormContext } from 'react-hook-form';
import { Trans, useTranslation } from 'react-i18next'; import { Trans, useTranslation } from 'react-i18next';
@ -7,7 +13,10 @@ import CopyToClipboard from '@/components/CopyToClipboard';
import FormCard from '@/components/FormCard'; import FormCard from '@/components/FormCard';
import FormField from '@/components/FormField'; import FormField from '@/components/FormField';
import Switch from '@/components/Switch'; import Switch from '@/components/Switch';
import TextInput from '@/components/TextInput';
import TextLink from '@/components/TextLink'; import TextLink from '@/components/TextLink';
import { openIdProviderConfigPath } from '@/consts/oidc';
import { AppEndpointsContext } from '@/contexts/AppEndpointsProvider';
import * as styles from '../index.module.scss'; import * as styles from '../index.module.scss';
@ -17,8 +26,20 @@ type Props = {
}; };
function AdvancedSettings({ applicationType, oidcConfig }: Props) { function AdvancedSettings({ applicationType, oidcConfig }: Props) {
const { register } = useFormContext<Application & { isAdmin?: boolean }>(); const { userEndpoint } = useContext(AppEndpointsContext);
const {
register,
formState: { errors },
} = useFormContext<Application & { isAdmin?: boolean }>();
const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' }); const { t } = useTranslation(undefined, { keyPrefix: 'admin_console' });
const { minValue, maxValue } =
customClientMetadataGuard.shape.refreshTokenTtlInDays._def.innerType;
const minTtl = minValue ?? Number.NEGATIVE_INFINITY;
const maxTtl = maxValue ?? Number.POSITIVE_INFINITY;
const ttlErrorMessage = t('errors.number_should_be_between_inclusive', {
min: minTtl,
max: maxTtl,
});
return ( return (
<FormCard <FormCard
@ -26,6 +47,15 @@ function AdvancedSettings({ applicationType, oidcConfig }: Props) {
description="application_details.advanced_settings_description" description="application_details.advanced_settings_description"
learnMoreLink="https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint" learnMoreLink="https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint"
> >
{userEndpoint && (
<FormField title="application_details.config_endpoint">
<CopyToClipboard
className={styles.textField}
value={appendPath(userEndpoint, openIdProviderConfigPath).href}
variant="border"
/>
</FormField>
)}
<FormField <FormField
title="application_details.authorization_endpoint" title="application_details.authorization_endpoint"
tip={(closeTipHandler) => ( tip={(closeTipHandler) => (
@ -72,6 +102,54 @@ function AdvancedSettings({ applicationType, oidcConfig }: Props) {
/> />
</FormField> </FormField>
)} )}
{[ApplicationType.Traditional, ApplicationType.Native].includes(applicationType) && (
<>
<FormField title="application_details.rotate_refresh_token">
<Switch
label={
<Trans
components={{
a: (
<TextLink
href="https://docs.logto.io/docs/references/applications/#rotate-refresh-token"
target="_blank"
/>
),
}}
>
{t('application_details.rotate_refresh_token_label')}
</Trans>
}
{...register('customClientMetadata.rotateRefreshToken')}
/>
</FormField>
<FormField
title="application_details.refresh_token_ttl"
tip={t('application_details.refresh_token_ttl_tip')}
>
<TextInput
{...register('customClientMetadata.refreshTokenTtlInDays', {
min: {
value: minTtl,
message: ttlErrorMessage,
},
max: {
value: maxTtl,
message: ttlErrorMessage,
},
valueAsNumber: true,
validate: (value) =>
value === undefined ||
Number.isInteger(value) ||
t('errors.should_be_an_integer'),
})}
placeholder="14"
// Confirm if we need a customized message here
error={errors.customClientMetadata?.refreshTokenTtlInDays?.message}
/>
</FormField>
</>
)}
{applicationType === ApplicationType.MachineToMachine && ( {applicationType === ApplicationType.MachineToMachine && (
<FormField title="application_details.enable_admin_access"> <FormField title="application_details.enable_admin_access">
<Switch <Switch

View file

@ -1,6 +1,11 @@
import { withAppInsights } from '@logto/app-insights/react'; import { withAppInsights } from '@logto/app-insights/react';
import type { Application, ApplicationResponse, SnakeCaseOidcConfig } from '@logto/schemas'; import {
import { ApplicationType } from '@logto/schemas'; type Application,
type ApplicationResponse,
type SnakeCaseOidcConfig,
ApplicationType,
customClientMetadataDefault,
} from '@logto/schemas';
import { useEffect, useState } from 'react'; import { useEffect, useState } from 'react';
import { FormProvider, useForm } from 'react-hook-form'; import { FormProvider, useForm } from 'react-hook-form';
import { toast } from 'react-hot-toast'; import { toast } from 'react-hot-toast';
@ -23,6 +28,7 @@ import PageMeta from '@/components/PageMeta';
import TabNav, { TabNavItem } from '@/components/TabNav'; import TabNav, { TabNavItem } from '@/components/TabNav';
import Tag from '@/components/Tag'; import Tag from '@/components/Tag';
import UnsavedChangesAlertModal from '@/components/UnsavedChangesAlertModal'; import UnsavedChangesAlertModal from '@/components/UnsavedChangesAlertModal';
import { openIdProviderConfigPath } from '@/consts/oidc';
import type { RequestError } from '@/hooks/use-api'; import type { RequestError } from '@/hooks/use-api';
import useApi from '@/hooks/use-api'; import useApi from '@/hooks/use-api';
import useDocumentationUrl from '@/hooks/use-documentation-url'; import useDocumentationUrl from '@/hooks/use-documentation-url';
@ -54,7 +60,7 @@ function ApplicationDetails() {
data: oidcConfig, data: oidcConfig,
error: fetchOidcConfigError, error: fetchOidcConfigError,
mutate: mutateOidcConfig, mutate: mutateOidcConfig,
} = useSWR<SnakeCaseOidcConfig, RequestError>('oidc/.well-known/openid-configuration'); } = useSWR<SnakeCaseOidcConfig, RequestError>(openIdProviderConfigPath);
const isLoading = (!data && !error) || (!oidcConfig && !fetchOidcConfigError); const isLoading = (!data && !error) || (!oidcConfig && !fetchOidcConfigError);
const requestError = error ?? fetchOidcConfigError; const requestError = error ?? fetchOidcConfigError;
const [isReadmeOpen, setIsReadmeOpen] = useState(false); const [isReadmeOpen, setIsReadmeOpen] = useState(false);
@ -63,7 +69,9 @@ function ApplicationDetails() {
const [isDeleted, setIsDeleted] = useState(false); const [isDeleted, setIsDeleted] = useState(false);
const api = useApi(); const api = useApi();
const navigate = useNavigate(); const navigate = useNavigate();
const formMethods = useForm<Application & { isAdmin: boolean }>(); const formMethods = useForm<Application & { isAdmin: boolean }>({
defaultValues: { customClientMetadata: customClientMetadataDefault },
});
const { getDocumentationUrl } = useDocumentationUrl(); const { getDocumentationUrl } = useDocumentationUrl();
const { const {

View file

@ -28,8 +28,6 @@ const loadOidcValues = async (issuer: string, configs: LogtoOidcConfigType) => {
jwkSigningAlg, jwkSigningAlg,
localJWKSet, localJWKSet,
issuer, issuer,
defaultIdTokenTtl: 60 * 60,
defaultRefreshTokenTtl: 14 * 24 * 60 * 60,
}); });
}; };

View file

@ -0,0 +1,46 @@
import type Provider from 'oidc-provider';
import { type KoaContextWithOIDC } from 'oidc-provider';
/**
* Keep the default pre-checks from oidc-provider.
*
* @see {@link https://github.com/panva/node-oidc-provider/blob/d6edf2a0b9efc777081e6f9cc358a0677ccd9897/docs/README.md#ttl | ttl's default value}
*/
const refreshTokenTtl = (
...[ctx, token, client]: Parameters<Provider.TTLFunction<InstanceType<Provider['RefreshToken']>>>
) => {
if (
ctx.oidc.entities.RotatedRefreshToken &&
client.applicationType === 'web' &&
client.clientAuthMethod === 'none' &&
!token.isSenderConstrained()
) {
// Non-Sender Constrained SPA RefreshTokens do not have infinite expiration through rotation
return ctx.oidc.entities.RotatedRefreshToken.remainingTTL;
}
};
/** @see {@link https://github.com/panva/node-oidc-provider/blob/d6edf2a0b9efc777081e6f9cc358a0677ccd9897/docs/README.md#rotaterefreshtoken | rotateRefreshToken's default value} */
const rotateRefreshToken = (ctx: KoaContextWithOIDC) => {
const { RefreshToken: refreshToken, Client: client } = ctx.oidc.entities;
if (!refreshToken || !client) {
return false;
}
// Cap the maximum amount of time a refresh token can be
// rotated for up to 1 year, afterwards its TTL is final
if (refreshToken.totalLifetime() >= 365.25 * 24 * 60 * 60) {
return false;
}
// Rotate non sender-constrained public client refresh tokens
if (client.clientAuthMethod === 'none' && !refreshToken.isSenderConstrained()) {
return true;
}
// Rotate if the token is nearing expiration (it's beyond 70% of its lifetime)
return refreshToken.ttlPercentagePassed() >= 70;
};
const defaults = { refreshTokenTtl, rotateRefreshToken };
export default defaults;

View file

@ -5,8 +5,10 @@ import { readFileSync } from 'node:fs';
import { userClaims } from '@logto/core-kit'; import { userClaims } from '@logto/core-kit';
import type { I18nKey } from '@logto/phrases'; import type { I18nKey } from '@logto/phrases';
import { import {
customClientMetadataDefault,
CustomClientMetadataKey, CustomClientMetadataKey,
demoAppApplicationId, demoAppApplicationId,
inSeconds,
logtoCookieKey, logtoCookieKey,
type LogtoUiCookie, type LogtoUiCookie,
} from '@logto/schemas'; } from '@logto/schemas';
@ -27,6 +29,7 @@ import type Libraries from '#src/tenants/Libraries.js';
import type Queries from '#src/tenants/Queries.js'; import type Queries from '#src/tenants/Queries.js';
import { consoleLog } from '#src/utils/console.js'; import { consoleLog } from '#src/utils/console.js';
import defaults from './defaults.js';
import { getUserClaimData, getUserClaims } from './scope.js'; import { getUserClaimData, getUserClaims } from './scope.js';
import { OIDCExtraParametersKey, InteractionMode } from './type.js'; import { OIDCExtraParametersKey, InteractionMode } from './type.js';
@ -39,14 +42,7 @@ export default function initOidc(
queries: Queries, queries: Queries,
libraries: Libraries libraries: Libraries
): Provider { ): Provider {
const { const { issuer, cookieKeys, privateJwks, jwkSigningAlg } = envSet.oidc;
issuer,
cookieKeys,
privateJwks,
jwkSigningAlg,
defaultIdTokenTtl,
defaultRefreshTokenTtl,
} = envSet.oidc;
const { const {
resources: { findResourceByIndicator, findDefaultResource }, resources: { findResourceByIndicator, findDefaultResource },
users: { findUserById }, users: { findUserById },
@ -252,12 +248,25 @@ export default function initOidc(
IdToken: (_ctx, _token, client) => { IdToken: (_ctx, _token, client) => {
const { idTokenTtl } = client.metadata(); const { idTokenTtl } = client.metadata();
return idTokenTtl ?? defaultIdTokenTtl; return idTokenTtl ?? customClientMetadataDefault.idTokenTtl;
}, },
RefreshToken: (_ctx, _token, client) => { RefreshToken: (ctx, token, client) => {
const { refreshTokenTtl } = client.metadata(); const defaultTtl = defaults.refreshTokenTtl(ctx, token, client);
return refreshTokenTtl ?? defaultRefreshTokenTtl; if (defaultTtl !== undefined) {
return defaultTtl;
}
/** Customized logic for Refresh Token TTL */
const { refreshTokenTtlInDays, refreshTokenTtl } = client.metadata();
if (refreshTokenTtlInDays !== undefined) {
return refreshTokenTtlInDays * inSeconds.oneDay;
}
return (
refreshTokenTtl ?? customClientMetadataDefault.refreshTokenTtlInDays * inSeconds.oneDay
);
}, },
AccessToken: (ctx, token) => { AccessToken: (ctx, token) => {
if (token.resourceServer) { if (token.resourceServer) {
@ -270,6 +279,18 @@ export default function initOidc(
Session: 1_209_600 /* 14 days in seconds */, Session: 1_209_600 /* 14 days in seconds */,
Grant: 1_209_600 /* 14 days in seconds */, Grant: 1_209_600 /* 14 days in seconds */,
}, },
rotateRefreshToken: (ctx) => {
const { Client: client } = ctx.oidc.entities;
// Directly return false only when `rotateRefreshToken` has been explicitly set to `false`.
if (
!(client?.metadata()?.rotateRefreshToken ?? customClientMetadataDefault.rotateRefreshToken)
) {
return false;
}
return defaults.rotateRefreshToken(ctx);
},
pkce: { pkce: {
required: (ctx, client) => { required: (ctx, client) => {
return client.clientAuthMethod !== 'client_secret_basic'; return client.clientAuthMethod !== 'client_secret_basic';

View file

@ -38,12 +38,17 @@ describe('admin console application', () => {
oidcClientMetadata: { oidcClientMetadata: {
redirectUris: newRedirectUris, redirectUris: newRedirectUris,
}, },
customClientMetadata: { rotateRefreshToken: true, refreshTokenTtlInDays: 10 },
}); });
const updatedApplication = await getApplication(application.id); const updatedApplication = await getApplication(application.id);
expect(updatedApplication.description).toBe(newApplicationDescription); expect(updatedApplication.description).toBe(newApplicationDescription);
expect(updatedApplication.oidcClientMetadata.redirectUris).toEqual(newRedirectUris); expect(updatedApplication.oidcClientMetadata.redirectUris).toEqual(newRedirectUris);
expect(updatedApplication.customClientMetadata).toStrictEqual({
rotateRefreshToken: true,
refreshTokenTtlInDays: 10,
});
}); });
it('should update application "admin" successfully', async () => { it('should update application "admin" successfully', async () => {

View file

@ -12,9 +12,10 @@ const application_details = {
application_name_placeholder: 'Meine App', application_name_placeholder: 'Meine App',
description: 'Beschreibung', description: 'Beschreibung',
description_placeholder: 'Gib eine Beschreibung ein', description_placeholder: 'Gib eine Beschreibung ein',
config_endpoint: 'OpenID Provider Konfigurations-Endpunkt',
authorization_endpoint: 'Autorisierungs-Endpoint', authorization_endpoint: 'Autorisierungs-Endpoint',
authorization_endpoint_tip: authorization_endpoint_tip:
'Der Endpoint, der für die Authentifizierung und <a>Autorisierung</a> via OpenID Connect verwendet wird.', 'Der Endpoint, der für die Authentifizierung und <a>Authorisierung</a> via OpenID Connect verwendet wird.',
application_id: 'App ID', application_id: 'App ID',
application_id_tip: application_id_tip:
'Die eindeutige Anwendungs-ID, die normalerweise von Logto generiert wird. Es steht auch für "<a>client_id</a>" in OpenID Connect.', 'Die eindeutige Anwendungs-ID, die normalerweise von Logto generiert wird. Es steht auch für "<a>client_id</a>" in OpenID Connect.',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: 'Immer den Refresh Token ausgeben', always_issue_refresh_token: 'Immer den Refresh Token ausgeben',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'Durch Aktivieren dieser Konfiguration kann Logto immer Refresh Tokens ausgeben, unabhängig davon, ob in der Authentifizierungsanforderung "prompt=consent" angegeben ist. Diese Praxis wird jedoch nur dann empfohlen, wenn es notwendig ist, da sie nicht mit OpenID Connect kompatibel ist und möglicherweise Probleme verursacht.', 'Durch Aktivieren dieser Konfiguration kann Logto immer Refresh Tokens ausgeben, unabhängig davon, ob in der Authentifizierungsanforderung "prompt=consent" angegeben ist. Diese Praxis wird jedoch nur dann empfohlen, wenn es notwendig ist, da sie nicht mit OpenID Connect kompatibel ist und möglicherweise Probleme verursacht.',
refresh_token_ttl: 'Ablaufzeit des Refresh Tokens in Tagen',
refresh_token_ttl_tip:
'Die Dauer, für die ein Refresh Token verwendet werden kann, um neue Zugriffstoken anzufordern, bevor es abläuft und ungültig wird. Token-Anfragen erweitern die Verfallszeit des Refresh Tokens auf diesen Wert.',
rotate_refresh_token: 'Refresh Token drehen',
rotate_refresh_token_label:
'Wenn diese Option aktiviert ist, wird Logto für Tokenanfragen ein neues Refresh Token ausgeben, wenn 70% der ursprünglichen Zeit bis zur Ausführung (TTL) verstrichen sind oder bestimmte Bedingungen erfüllt sind. <a>Erfahren Sie mehr</a>',
delete_description: delete_description:
'Diese Aktion kann nicht rückgängig gemacht werden. Die Anwendung wird permanent gelöscht. Bitte gib den Anwendungsnamen <span>{{name}}</span> zur Bestätigung ein.', 'Diese Aktion kann nicht rückgängig gemacht werden. Die Anwendung wird permanent gelöscht. Bitte gib den Anwendungsnamen <span>{{name}}</span> zur Bestätigung ein.',
enter_your_application_name: 'Gib einen Anwendungsnamen ein', enter_your_application_name: 'Gib einen Anwendungsnamen ein',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 not found', not_found: '404 not found',
create_internal_role_violation: create_internal_role_violation:
'Sie erstellen eine neue interne Rolle, die von Logto verboten ist. Versuchen Sie einen anderen Namen, der nicht mit "#internal:" beginnt.', 'Sie erstellen eine neue interne Rolle, die von Logto verboten ist. Versuchen Sie einen anderen Namen, der nicht mit "#internal:" beginnt.',
should_be_an_integer: 'Sollte eine Ganzzahl sein.',
number_should_be_between_inclusive:
'Die Zahl sollte zwischen {{min}} und {{max}} (beide inklusive) liegen.',
}; };
export default errors; export default errors;

View file

@ -12,6 +12,7 @@ const application_details = {
application_name_placeholder: 'My App', application_name_placeholder: 'My App',
description: 'Description', description: 'Description',
description_placeholder: 'Enter your application description', description_placeholder: 'Enter your application description',
config_endpoint: 'OpenID Provider configuration endpoint',
authorization_endpoint: 'Authorization Endpoint', authorization_endpoint: 'Authorization Endpoint',
authorization_endpoint_tip: authorization_endpoint_tip:
"The endpoint to perform authentication and authorization. It's used for OpenID Connect <a>Authentication</a>.", "The endpoint to perform authentication and authorization. It's used for OpenID Connect <a>Authentication</a>.",
@ -43,7 +44,13 @@ const application_details = {
'Enable or disable the access to Management API. Once enabled, you can use access tokens to call Management API on behalf on this application.', 'Enable or disable the access to Management API. Once enabled, you can use access tokens to call Management API on behalf on this application.',
always_issue_refresh_token: 'Always issue Refresh Token', always_issue_refresh_token: 'Always issue Refresh Token',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request. However, this practice is discouraged unless necessary, as it is not compatible with OpenID Connect and may potentially cause issues.', 'When enabled, Logto will always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request. However, this practice is discouraged unless necessary, as it is not compatible with OpenID Connect and may potentially cause issues.',
refresh_token_ttl: 'Refresh Token Time to Live (TTL) in days',
refresh_token_ttl_tip:
'The duration for which a Refresh Token can be used to request new access tokens before it expires and becomes invalid. Token requests will extend the TTL of the Refresh Token to this value.',
rotate_refresh_token: 'Rotate Refresh Token',
rotate_refresh_token_label:
'When enabled, Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed or certain conditions are met. <a>Learn more</a>',
delete_description: delete_description:
'This action cannot be undone. It will permanently delete the application. Please enter the application name <span>{{name}}</span> to confirm.', 'This action cannot be undone. It will permanently delete the application. Please enter the application name <span>{{name}}</span> to confirm.',
enter_your_application_name: 'Enter your application name', enter_your_application_name: 'Enter your application name',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 not found', not_found: '404 not found',
create_internal_role_violation: create_internal_role_violation:
'You are creating a new internal role which is forbidden by Logto. Try another name that does not start with "#internal:".', 'You are creating a new internal role which is forbidden by Logto. Try another name that does not start with "#internal:".',
should_be_an_integer: 'Should be an integer.',
number_should_be_between_inclusive:
'Then number should be between {{min}} and {{max}} (both inclusive).',
}; };
export default errors; export default errors;

View file

@ -12,6 +12,7 @@ const detalles_aplicacion = {
application_name_placeholder: 'Mi App', application_name_placeholder: 'Mi App',
description: 'Descripción', description: 'Descripción',
description_placeholder: 'Ingresa la descripción de tu aplicación', description_placeholder: 'Ingresa la descripción de tu aplicación',
config_endpoint: 'Endpoint de configuración del proveedor OpenID', // Endpoint de configuración del proveedor OpenID
authorization_endpoint: 'Endpoint de Autorización', authorization_endpoint: 'Endpoint de Autorización',
authorization_endpoint_tip: authorization_endpoint_tip:
'El endpoint para la autenticación y autorización. Se utiliza para OpenID Connect <a>Autenticación</a>.', 'El endpoint para la autenticación y autorización. Se utiliza para OpenID Connect <a>Autenticación</a>.',
@ -19,21 +20,21 @@ const detalles_aplicacion = {
application_id_tip: application_id_tip:
'El identificador de aplicación único normalmente generado por Logto. También se conoce como “<a>client_id</a>” en OpenID Connect.', 'El identificador de aplicación único normalmente generado por Logto. También se conoce como “<a>client_id</a>” en OpenID Connect.',
application_secret: 'Aplicación Secreta', application_secret: 'Aplicación Secreta',
redirect_uri: 'URI de Redirección', redirect_uri: 'URI de Redireccionamiento',
redirect_uris: 'URIs de Redirección', redirect_uris: 'URIs de Redireccionamiento',
redirect_uri_placeholder: 'https://tu.pagina.com/app', redirect_uri_placeholder: 'https://tu.pagina.com/app',
redirect_uri_placeholder_native: 'io.logto://callback', redirect_uri_placeholder_native: 'io.logto://callback',
redirect_uri_tip: redirect_uri_tip:
'El URI hacia donde se redirecciona después de que un usuario inicie sesión (correctamente o no). Consulta OpenID Connect <a>AuthRequest</a> para más información.', 'El URI hacia donde se redirecciona después de que un usuario inicie sesión (correctamente o no). Consulta OpenID Connect <a>AuthRequest</a> para más información.',
post_sign_out_redirect_uri: 'Post Sign-out Redirect URI', post_sign_out_redirect_uri: 'Post Sign-out URI de Redireccionamiento',
post_sign_out_redirect_uris: 'Post Sign-out Redirect URIs', post_sign_out_redirect_uris: 'Post Sign-out URIs de Redireccionamiento',
post_sign_out_redirect_uri_placeholder: 'https://tu.pagina.com/home', post_sign_out_redirect_uri_placeholder: 'https://tu.pagina.com/home',
post_sign_out_redirect_uri_tip: post_sign_out_redirect_uri_tip:
'El URI hacia donde se redirecciona después de que un usuario cierre sesión (opcional). Puede que no tenga efecto para algunos tipos de aplicaciones.', 'El URI hacia donde se redirecciona después de que un usuario cierre sesión (opcional). Puede que no tenga efecto para algunos tipos de aplicaciones.',
cors_allowed_origins: 'Orígenes permitidos CORS', cors_allowed_origins: 'Orígenes permitidos CORS',
cors_allowed_origins_placeholder: 'https://tu.pagina.com', cors_allowed_origins_placeholder: 'https://tu.pagina.com',
cors_allowed_origins_tip: cors_allowed_origins_tip:
'Por defecto, se permitirán todos los orígenes de los URIs de Redirección. Normalmente no es necesario hacer nada en este campo. Consulta la <a>documentación de MDN</a> para obtener información detallada.', 'Por defecto, se permitirán todos los orígenes de los URIs de Redireccionamiento. Normalmente no es necesario hacer nada en este campo. Consulta la <a>documentación de MDN</a> para obtener información detallada.',
id_token_expiration: 'Vencimiento del Token ID', id_token_expiration: 'Vencimiento del Token ID',
refresh_token_expiration: 'Vencimiento del Token de Refresco', refresh_token_expiration: 'Vencimiento del Token de Refresco',
token_endpoint: 'Endpoint del Token', token_endpoint: 'Endpoint del Token',
@ -44,11 +45,17 @@ const detalles_aplicacion = {
always_issue_refresh_token: 'Siempre emitir Token de Refresco', always_issue_refresh_token: 'Siempre emitir Token de Refresco',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'Al habilitar esta configuración, Logto siempre emitirá Tokens de Refresco, independientemente de si se presenta o no “prompt=consent” en la solicitud de autenticación. Sin embargo, esta práctica no está recomendada a menos que sea necesario, ya que no es compatible con OpenID Connect y puede causar problemas potenciales.', 'Al habilitar esta configuración, Logto siempre emitirá Tokens de Refresco, independientemente de si se presenta o no “prompt=consent” en la solicitud de autenticación. Sin embargo, esta práctica no está recomendada a menos que sea necesario, ya que no es compatible con OpenID Connect y puede causar problemas potenciales.',
refresh_token_ttl: 'Tiempo de vida útil del Token de refresco (TTL) en días',
refresh_token_ttl_tip:
'La duración durante la cual un token de refresco puede ser utilizado para solicitar nuevos tokens de acceso antes de que expire y se vuelva inválido. Las solicitudes de tokens extenderán el TTL del token de refresco a este valor.',
rotate_refresh_token: 'Rotar el token de refresco',
rotate_refresh_token_label:
'Cuando está habilitado, Logto emitirá un nuevo token de refresco para las solicitudes de token cuando ha pasado el 70 % del tiempo de vida útil (TTL) original o se cumplen ciertas condiciones. <a>Más información</a>',
delete_description: delete_description:
'Esta acción no se puede deshacer. Eliminará permanentemente la aplicación. Ingresa el nombre de la aplicación <span>{{name}}</span> para confirmar.', 'Esta acción no se puede deshacer. Eliminará permanentemente la aplicación. Ingresa el nombre de la aplicación <span>{{name}}</span> para confirmar.',
enter_your_application_name: 'Ingresa el nombre de tu aplicación', enter_your_application_name: 'Ingresa el nombre de tu aplicación',
application_deleted: 'Se ha eliminado exitosamente la aplicación {{name}}', application_deleted: 'Se ha eliminado exitosamente la aplicación {{name}}',
redirect_uri_required: 'Debes ingresar al menos un URI de Redirección', redirect_uri_required: 'Debes ingresar al menos un URI de Redireccionamiento',
}; };
export default detalles_aplicacion; export default detalles_aplicacion;

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 no encontrado', not_found: '404 no encontrado',
create_internal_role_violation: create_internal_role_violation:
'Estás creando un nuevo rol interno que está prohibido por Logto. Prueba con otro nombre que no comience con "#intern:".', 'Estás creando un nuevo rol interno que está prohibido por Logto. Prueba con otro nombre que no comience con "#intern:".',
should_be_an_integer: 'Debe ser un número entero.',
number_should_be_between_inclusive:
'Entonces el número debe estar entre {{min}} y {{max}} (ambos inclusive).',
}; };
export default errors; export default errors;

View file

@ -12,6 +12,7 @@ const application_details = {
application_name_placeholder: 'Mon App', application_name_placeholder: 'Mon App',
description: 'Description', description: 'Description',
description_placeholder: 'Entrez la description de votre application', description_placeholder: 'Entrez la description de votre application',
config_endpoint: 'Point de configuration du fournisseur OpenID',
authorization_endpoint: "Point de terminaison d'autorisation", authorization_endpoint: "Point de terminaison d'autorisation",
authorization_endpoint_tip: authorization_endpoint_tip:
"Le point de terminaison pour effectuer l'authentification et l'autorisation. Il est utilisé pour <a>l'authentification</a> OpenID Connect.", "Le point de terminaison pour effectuer l'authentification et l'autorisation. Il est utilisé pour <a>l'authentification</a> OpenID Connect.",
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: 'Toujours émettre le Refresh Token.', always_issue_refresh_token: 'Toujours émettre le Refresh Token.',
always_issue_refresh_token_label: always_issue_refresh_token_label:
"En activant cette configuration, Logto pourra toujours émettre des Refresh Tokens, indépendamment de la présentation ou non de la demande d'authentification `prompt=consent`. Cependant, cette pratique est découragée sauf si nécessaire, car elle n'est pas compatible avec OpenID Connect et peut potentiellement causer des problèmes.", "En activant cette configuration, Logto pourra toujours émettre des Refresh Tokens, indépendamment de la présentation ou non de la demande d'authentification `prompt=consent`. Cependant, cette pratique est découragée sauf si nécessaire, car elle n'est pas compatible avec OpenID Connect et peut potentiellement causer des problèmes.",
refresh_token_ttl: 'Durée de vie du rafraîchissement du jeton en jours',
refresh_token_ttl_tip:
"La durée pendant laquelle un Refresh Token peut être utilisé pour demander de nouveaux jetons d'accès avant qu'il n'expire et devienne invalide. Les demandes de jeton étendront la durée de vie du Refresh Token à cette valeur.",
rotate_refresh_token: 'Tourner le Refresh Token',
rotate_refresh_token_label:
"Lorsqu'elle est activée, Logto émettra un nouveau Refresh Token pour les demandes de jeton lorsque 70% de la durée de vie (TTL) d'origine est écoulée ou que certaines conditions sont remplies. <a>En savoir plus</a>",
delete_description: delete_description:
"Cette action ne peut être annulée. Elle supprimera définitivement l'application. Veuillez entrer le nom de l'application <span>{{nom}}</span> pour confirmer.", "Cette action ne peut être annulée. Elle supprimera définitivement l'application. Veuillez entrer le nom de l'application <span>{{nom}}</span> pour confirmer.",
enter_your_application_name: 'Entrez le nom de votre application', enter_your_application_name: 'Entrez le nom de votre application',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 non trouvé', not_found: '404 non trouvé',
create_internal_role_violation: create_internal_role_violation:
'Vous créez un nouveau rôle interne qui est interdit par Logto. Essayez un autre nom qui ne commence pas par "#internal:".', 'Vous créez un nouveau rôle interne qui est interdit par Logto. Essayez un autre nom qui ne commence pas par "#internal:".',
should_be_an_integer: 'Doit être un entier.',
number_should_be_between_inclusive:
'Le nombre doit être compris entre {{min}} et {{max}} (inclusivement).',
}; };
export default errors; export default errors;

View file

@ -12,10 +12,11 @@ const application_details = {
application_name_placeholder: 'La mia app', application_name_placeholder: 'La mia app',
description: 'Descrizione', description: 'Descrizione',
description_placeholder: 'Inserisci la descrizione della tua applicazione', description_placeholder: 'Inserisci la descrizione della tua applicazione',
authorization_endpoint: 'Authorization Endpoint', config_endpoint: 'Endpoint di configurazione OpenID Provider',
authorization_endpoint: 'Endpoint di autorizzazione',
authorization_endpoint_tip: authorization_endpoint_tip:
"L'endpoint per effettuare l'autenticazione e l'autorizzazione. Viene utilizzato per la connessione OpenID <a>autenticazione</a>.", "L'endpoint per effettuare l'autenticazione e l'autorizzazione. Viene utilizzato per la connessione OpenID <a>autenticazione</a>.",
application_id: 'ID Applicazione', application_id: 'App ID',
application_id_tip: application_id_tip:
'L\'identificatore univoco dell\'applicazione generato normalmente da Logto. Sta anche per "<a>client_id</a>" in OpenID Connect.', 'L\'identificatore univoco dell\'applicazione generato normalmente da Logto. Sta anche per "<a>client_id</a>" in OpenID Connect.',
application_secret: 'App Segreta', application_secret: 'App Segreta',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: 'Rilascia sempre il token di aggiornamento', always_issue_refresh_token: 'Rilascia sempre il token di aggiornamento',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'Abilitando questa configurazione, Logto potrà rilasciare sempre token di aggiornamento, anche se `prompt=consent` non viene presentata nella richiesta di autenticazione. Tuttavia, questa pratica è scoraggiata a meno che non sia necessaria, in quanto non è compatibile con OpenID Connect e potrebbe potenzialmente causare problemi.', 'Abilitando questa configurazione, Logto potrà rilasciare sempre token di aggiornamento, anche se `prompt=consent` non viene presentata nella richiesta di autenticazione. Tuttavia, questa pratica è scoraggiata a meno che non sia necessaria, in quanto non è compatibile con OpenID Connect e potrebbe potenzialmente causare problemi.',
refresh_token_ttl: 'Tempo di vita del token di aggiornamento in giorni',
refresh_token_ttl_tip:
'La durata per cui un token di aggiornamento può essere utilizzato per richiedere nuovi access token prima che scada e diventa non valido, le richieste di token estenderanno il TTL del token di aggiornamento a questo valore.',
rotate_refresh_token: 'Ruota token di aggiornamento',
rotate_refresh_token_label:
'Quando abilitato, Logto emetterà un nuovo token di aggiornamento per le richieste di token quando è passato il 70% del Tempo di vita (TTL) originale o sono soddisfatte determinate condizioni. <a>Ulteriori informazioni</a>',
delete_description: delete_description:
"Questa azione non può essere annullata. Eliminerà definitivamente l'applicazione. Inserisci il nome dell'applicazione <span>{{name}}</span> per confermare.", "Questa azione non può essere annullata. Eliminerà definitivamente l'applicazione. Inserisci il nome dell'applicazione <span>{{name}}</span> per confermare.",
enter_your_application_name: 'Inserisci il nome della tua applicazione', enter_your_application_name: 'Inserisci il nome della tua applicazione',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 non trovato', not_found: '404 non trovato',
create_internal_role_violation: create_internal_role_violation:
"Stai creando un nuovo ruolo interno che è proibito da Logto. Prova un altro nome che non inizi con '#internal:'.", "Stai creando un nuovo ruolo interno che è proibito da Logto. Prova un altro nome che non inizi con '#internal:'.",
should_be_an_integer: 'Deve essere un numero intero.',
number_should_be_between_inclusive:
'Il numero deve essere compreso tra {{min}} e {{max}} (inclusi).',
}; };
export default errors; export default errors;

View file

@ -12,6 +12,7 @@ const application_details = {
application_name_placeholder: '私のアプリ', application_name_placeholder: '私のアプリ',
description: '説明', description: '説明',
description_placeholder: 'アプリケーションの説明を入力してください', description_placeholder: 'アプリケーションの説明を入力してください',
config_endpoint: 'OpenID Providerの構成エンドポイント',
authorization_endpoint: '認可エンドポイント', authorization_endpoint: '認可エンドポイント',
authorization_endpoint_tip: authorization_endpoint_tip:
'認証と認可を実行するエンドポイントです。OpenID Connectの<a>認証</a>に使用されます。', '認証と認可を実行するエンドポイントです。OpenID Connectの<a>認証</a>に使用されます。',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: '常にRefresh Tokenを発行する', always_issue_refresh_token: '常にRefresh Tokenを発行する',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'この設定を有効にすると、Logtoは、認証要求に「prompt = consent」が提示されたかどうかにかかわらず、常にRefresh Tokenを発行することができます。ただし、OpenID Connectと互換性がないため、必要でない限りこのプラクティスは推奨されず、問題が発生する可能性があります。', 'この設定を有効にすると、Logtoは、認証要求に「prompt = consent」が提示されたかどうかにかかわらず、常にRefresh Tokenを発行することができます。ただし、OpenID Connectと互換性がないため、必要でない限りこのプラクティスは推奨されず、問題が発生する可能性があります。',
refresh_token_ttl: 'リフレッシュトークンの有効期限(日単位)',
refresh_token_ttl_tip:
'リフレッシュトークンが期限切れになるまでの期間です。トークンリクエストは、リフレッシュトークンのTTLをこの値に延長します。',
rotate_refresh_token: 'Refresh Tokenを切り替える',
rotate_refresh_token_label:
'有効にすると、Logtoは、元のTTLの70が経過したときまたは特定の条件が満たされた場合、トークン要求で新しいRefresh Tokenを発行します。<a>詳細を見る</a>',
delete_description: delete_description:
'この操作は元に戻すことはできません。アプリケーション名「<span>{{name}}</span>」を入力して確認してください。', 'この操作は元に戻すことはできません。アプリケーション名「<span>{{name}}</span>」を入力して確認してください。',
enter_your_application_name: 'アプリケーション名を入力してください', enter_your_application_name: 'アプリケーション名を入力してください',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404が見つかりません', not_found: '404が見つかりません',
create_internal_role_violation: create_internal_role_violation:
'新しい内部ロールを作成しているため、Logtoによって禁止されています。 「#internal」で始まらない別の名前を試してください。', '新しい内部ロールを作成しているため、Logtoによって禁止されています。 「#internal」で始まらない別の名前を試してください。',
should_be_an_integer: '整数である必要があります。',
number_should_be_between_inclusive:
'{{min}}から{{max}}(両方含む)までの数値である必要があります。',
}; };
export default errors; export default errors;

View file

@ -12,7 +12,8 @@ const application_details = {
application_name_placeholder: '나의 앱', application_name_placeholder: '나의 앱',
description: '설명', description: '설명',
description_placeholder: '어플리케이션 설명을 적어주세요.', description_placeholder: '어플리케이션 설명을 적어주세요.',
authorization_endpoint: '인증 End-Point', config_endpoint: 'OpenID Provider 구성 endpoint',
authorization_endpoint: '인증 Endpoint',
authorization_endpoint_tip: authorization_endpoint_tip:
'인증 및 권한 부여를 진행할 End-Point예요. OpenID Connect <a>인증</a>에서 사용되던 값이에요.', '인증 및 권한 부여를 진행할 End-Point예요. OpenID Connect <a>인증</a>에서 사용되던 값이에요.',
application_id: '앱 ID', application_id: '앱 ID',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: '항상 Refresh Token을 발급하세요', always_issue_refresh_token: '항상 Refresh Token을 발급하세요',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'다음 구성을 활성화하면 Logto가 인증 요청에 `prompt=consent`가 제시되었는지 여부와 상관없이 항상 Refresh Token을 발급할 수 있게 됩니다. 그러나 OpenID Connect와 호환되지 않으며 문제가 발생할 수 있으므로 필요하지 않은 경우에는 이러한 방법을 권장하지 않습니다. ', '다음 구성을 활성화하면 Logto가 인증 요청에 `prompt=consent`가 제시되었는지 여부와 상관없이 항상 Refresh Token을 발급할 수 있게 됩니다. 그러나 OpenID Connect와 호환되지 않으며 문제가 발생할 수 있으므로 필요하지 않은 경우에는 이러한 방법을 권장하지 않습니다. ',
refresh_token_ttl: 'Refresh Token Time to Live (TTL) (일)',
refresh_token_ttl_tip:
'Refresh Token이 새로운 엑세스 토큰을 요청할 수 있는 기간입니다. 토큰 요청이 이루어지면 Refresh Token의 TTL이 이 값으로 연장됩니다.',
rotate_refresh_token: 'Refresh Token 회전',
rotate_refresh_token_label:
'활성화하면, 원래의 TTL 중 70%가 지난 후 또는 특정 조건이 충족되면 Refresh Token 요청에 대해 새로운 Refresh Token을 발행합니다. <a>자세히 보기</a>',
delete_description: delete_description:
'이 행동은 취소될 수 없어요. 어플리케이션을 영원히 삭제할 거에요. 삭제를 진행하기 위해 <span>{{name}}</span> 를 입력해주세요.', '이 행동은 취소될 수 없어요. 어플리케이션을 영원히 삭제할 거에요. 삭제를 진행하기 위해 <span>{{name}}</span> 를 입력해주세요.',
enter_your_application_name: '어플리케이션 이름을 입력해 주세요.', enter_your_application_name: '어플리케이션 이름을 입력해 주세요.',

View file

@ -21,6 +21,8 @@ const errors = {
not_found: '404 찾을 수 없음', not_found: '404 찾을 수 없음',
create_internal_role_violation: create_internal_role_violation:
'Logto에 의해 금지된 내부 역할을 생성하려고 하고 있어요. "#internal:"로 시작하지 않는 다른 이름을 사용하세요.', 'Logto에 의해 금지된 내부 역할을 생성하려고 하고 있어요. "#internal:"로 시작하지 않는 다른 이름을 사용하세요.',
should_be_an_integer: '정수이어야 합니다.',
number_should_be_between_inclusive: '숫자는 {{min}} 이상 {{max}} 이하이어야 합니다.',
}; };
export default errors; export default errors;

View file

@ -1,6 +1,6 @@
const application_details = { const application_details = {
page_title: 'Szczegóły aplikacji', page_title: 'Szczegóły aplikacji',
back_to_applications: 'Powrót do Aplikacji', back_to_applications: 'Powrót do aplikacji',
check_guide: 'Sprawdź przewodnik', check_guide: 'Sprawdź przewodnik',
settings: 'Ustawienia', settings: 'Ustawienia',
settings_description: settings_description:
@ -12,6 +12,7 @@ const application_details = {
application_name_placeholder: 'Moja aplikacja', application_name_placeholder: 'Moja aplikacja',
description: 'Opis', description: 'Opis',
description_placeholder: 'Wpisz opis swojej aplikacji', description_placeholder: 'Wpisz opis swojej aplikacji',
config_endpoint: 'Konfiguracja punktu końcowego OpenID Provider',
authorization_endpoint: 'Endpoint autoryzacji', authorization_endpoint: 'Endpoint autoryzacji',
authorization_endpoint_tip: authorization_endpoint_tip:
'Endpoint wykorzystywany do autentykacji i autoryzacji. Używany jest dla OpenID Connect <a>Autentykacji</a>.', 'Endpoint wykorzystywany do autentykacji i autoryzacji. Używany jest dla OpenID Connect <a>Autentykacji</a>.',
@ -35,7 +36,7 @@ const application_details = {
cors_allowed_origins_tip: cors_allowed_origins_tip:
'Domyślnie dozwolone będą wszystkie źródła z adresów URL przekierowania. Zazwyczaj nie wymaga to żadnych działań. Zobacz dokumentację <a>MDN</a> dla szczegółowych informacji.', 'Domyślnie dozwolone będą wszystkie źródła z adresów URL przekierowania. Zazwyczaj nie wymaga to żadnych działań. Zobacz dokumentację <a>MDN</a> dla szczegółowych informacji.',
id_token_expiration: 'Ważność ID Token', id_token_expiration: 'Ważność ID Token',
refresh_token_expiration: 'Ważność Token odświeżania', refresh_token_expiration: 'Ważność Tokena odświeżania',
token_endpoint: 'Endpoint Tokena', token_endpoint: 'Endpoint Tokena',
user_info_endpoint: 'Endpoint Informacji o użytkowniku', user_info_endpoint: 'Endpoint Informacji o użytkowniku',
enable_admin_access: 'Włącz dostęp administratora', enable_admin_access: 'Włącz dostęp administratora',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: 'Zawsze wydawaj Refresh Token', always_issue_refresh_token: 'Zawsze wydawaj Refresh Token',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'Rozwiazanie tej konfiguracji pozwoli Logto zawsze wydawac cwiecze tokeny, bez wzgledu na to, czy w zadaniu autoryzacji zostal przedstawiony `prompt=consent`. Jednak ta praktyka jest odstraszana, chyba ze konieczne, jak nie jest w pelni kompatybilna z OpenID Connect i moze potencjalnie powodowac problemy.', 'Rozwiazanie tej konfiguracji pozwoli Logto zawsze wydawac cwiecze tokeny, bez wzgledu na to, czy w zadaniu autoryzacji zostal przedstawiony `prompt=consent`. Jednak ta praktyka jest odstraszana, chyba ze konieczne, jak nie jest w pelni kompatybilna z OpenID Connect i moze potencjalnie powodowac problemy.',
refresh_token_ttl: 'Czas życia tokena odświeżania w dniach',
refresh_token_ttl_tip:
'Okres, przez który Token odświeżania można używać do żądania nowych tokenów dostępu, zanim wygaśnie i zostanie unieważniony. Wymaga to przedłużenia czasu życia tokenów żądania. ',
rotate_refresh_token: 'Obróć token odświeżania',
rotate_refresh_token_label:
'Po włączeniu tej opcji Logto wydaje nowy Token odświeżania dla żądań tokenów, gdy upłynęło 70% oryginalnego czasu życia (TTL) lub spełnione są pewne warunki. <a>Dowiedz się więcej</a>',
delete_description: delete_description:
'Ta operacja nie może zostać cofnięta. Skutkuje ona trwałym usunięciem aplikacji. Aby potwierdzić, wpisz nazwę aplikacji <span>{{name}}</span>.', 'Ta operacja nie może zostać cofnięta. Skutkuje ona trwałym usunięciem aplikacji. Aby potwierdzić, wpisz nazwę aplikacji <span>{{name}}</span>.',
enter_your_application_name: 'Wpisz nazwę swojej aplikacji', enter_your_application_name: 'Wpisz nazwę swojej aplikacji',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 nie znaleziono', not_found: '404 nie znaleziono',
create_internal_role_violation: create_internal_role_violation:
'Tworzysz nową wewnętrzną rolę, co jest zabronione przez Logto. Spróbuj użyć innego nazwy, która nie zaczyna się od "#internal:".', 'Tworzysz nową wewnętrzną rolę, co jest zabronione przez Logto. Spróbuj użyć innego nazwy, która nie zaczyna się od "#internal:".',
should_be_an_integer: 'Powinno być liczbą całkowitą.',
number_should_be_between_inclusive:
'Następnie liczba powinna być między {{min}} a {{max}} (włącznie).',
}; };
export default errors; export default errors;

View file

@ -12,6 +12,7 @@ const application_details = {
application_name_placeholder: 'Meu aplicativo', application_name_placeholder: 'Meu aplicativo',
description: 'Descrição', description: 'Descrição',
description_placeholder: 'Digite a descrição do seu aplicativo', description_placeholder: 'Digite a descrição do seu aplicativo',
config_endpoint: 'OpenID Provider configuração endpoint',
authorization_endpoint: 'Endpoint de autorização', authorization_endpoint: 'Endpoint de autorização',
authorization_endpoint_tip: authorization_endpoint_tip:
'O endpoint para executar autenticação e autorização. É usado para <a>autenticação</a> OpenID Connect.', 'O endpoint para executar autenticação e autorização. É usado para <a>autenticação</a> OpenID Connect.',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: 'Emitir sempre o token de refresh', always_issue_refresh_token: 'Emitir sempre o token de refresh',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'Ativar esta configuração permitirá que a Logto emita sempre tokens de Refresh, independentemente de "prompt=consent" ser apresentado na solicitação de autenticação. No entanto, essa prática é desencorajada, a menos que seja necessária, pois não é compatível com o OpenID Connect e pode potencialmente causar problemas.', 'Ativar esta configuração permitirá que a Logto emita sempre tokens de Refresh, independentemente de "prompt=consent" ser apresentado na solicitação de autenticação. No entanto, essa prática é desencorajada, a menos que seja necessária, pois não é compatível com o OpenID Connect e pode potencialmente causar problemas.',
refresh_token_ttl: 'Tempo de vida do Refresh Token em dias',
refresh_token_ttl_tip:
'A duração para a qual um Refresh Token pode ser usado para solicitar novos tokens de acesso antes que expire e se torne inválido. As solicitações de token estenderão o TTL do Refresh Token para este valor.',
rotate_refresh_token: 'Rotacionar Refresh Token',
rotate_refresh_token_label:
'Quando ativado, a Logto emitirá um novo Refresh Token para solicitações de token quando 70% do tempo de vida original (TTL) tenha passado ou certas condições sejam atendidas. <a>Saiba mais</a>',
delete_description: delete_description:
'Essa ação não pode ser desfeita. Isso excluirá permanentemente o aplicativo. Insira o nome do aplicativo <span>{{name}}</span> para confirmar.', 'Essa ação não pode ser desfeita. Isso excluirá permanentemente o aplicativo. Insira o nome do aplicativo <span>{{name}}</span> para confirmar.',
enter_your_application_name: 'Digite o nome do seu aplicativo', enter_your_application_name: 'Digite o nome do seu aplicativo',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 não encontrado', not_found: '404 não encontrado',
create_internal_role_violation: create_internal_role_violation:
'Você está criando uma nova função interna que é proibida pela Logto. Tente outro nome que não comece com "#internal:".', 'Você está criando uma nova função interna que é proibida pela Logto. Tente outro nome que não comece com "#internal:".',
should_be_an_integer: 'Deveria ser um inteiro.',
number_should_be_between_inclusive:
'Então o número deve estar entre {{min}} e {{max}} (ambos inclusive).',
}; };
export default errors; export default errors;

View file

@ -12,6 +12,7 @@ const application_details = {
application_name_placeholder: 'Ex: Site da Empresa', application_name_placeholder: 'Ex: Site da Empresa',
description: 'Descrição', description: 'Descrição',
description_placeholder: 'Insira a descrição da sua aplicação', description_placeholder: 'Insira a descrição da sua aplicação',
config_endpoint: 'OpenID Provedor endpoint de configuração',
authorization_endpoint: 'Endpoint de autorização', authorization_endpoint: 'Endpoint de autorização',
authorization_endpoint_tip: authorization_endpoint_tip:
'O endpoint para realizar a autenticação e autorização. É usado para <a>autenticação</a> OpenID Connect.', 'O endpoint para realizar a autenticação e autorização. É usado para <a>autenticação</a> OpenID Connect.',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: 'Sempre emitir Refresh Token', always_issue_refresh_token: 'Sempre emitir Refresh Token',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'Ao ativar essa configuração, a Logto sempre emitirá tokens de atualização, independentemente de `prompt=consent`ser apresentado na solicitação de autenticação. No entanto, essa prática é desencorajada, a menos que seja necessária, pois não é compatível com OpenID Connect e pode causar problemas.', 'Ao ativar essa configuração, a Logto sempre emitirá tokens de atualização, independentemente de `prompt=consent`ser apresentado na solicitação de autenticação. No entanto, essa prática é desencorajada, a menos que seja necessária, pois não é compatível com OpenID Connect e pode causar problemas.',
refresh_token_ttl: 'Tempo de vida do token de atualização em dias',
refresh_token_ttl_tip:
'O tempo pelo qual um token de atualização pode ser usado para solicitar novos tokens de acesso antes de expirar e se tornar inválido. As solicitações de token estenderão o TTL do token de atualização para esse valor.',
rotate_refresh_token: 'Rodar o Token de Atualização',
rotate_refresh_token_label:
'Quando ativado, o Logto emitirá um novo Token de Atualização para solicitações de token quando 70% do tempo de vida original (TTL) tiver passado ou certas condições forem atendidas. <a>Learn more</a>',
delete_description: delete_description:
'Esta ação não pode ser revertida. Esta ação irá eliminar permanentemente a aplicação. Insira o nome da aplicação <span>{{name}}</span> para confirmar.', 'Esta ação não pode ser revertida. Esta ação irá eliminar permanentemente a aplicação. Insira o nome da aplicação <span>{{name}}</span> para confirmar.',
enter_your_application_name: 'Insira o nome da aplicação', enter_your_application_name: 'Insira o nome da aplicação',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 not found', not_found: '404 not found',
create_internal_role_violation: create_internal_role_violation:
'Está a criar uma nova função interna que é proibida pelo Logto. Tente outro nome que não comece com "#internal:".', 'Está a criar uma nova função interna que é proibida pelo Logto. Tente outro nome que não comece com "#internal:".',
should_be_an_integer: 'Deve ser um inteiro.',
number_should_be_between_inclusive:
'Então o número deve estar entre {{min}} e {{max}} (ambos inclusivos).',
}; };
export default errors; export default errors;

View file

@ -12,6 +12,7 @@ const application_details = {
application_name_placeholder: 'Мое приложение', application_name_placeholder: 'Мое приложение',
description: 'Описание', description: 'Описание',
description_placeholder: 'Введите описание своего приложения', description_placeholder: 'Введите описание своего приложения',
config_endpoint: 'Конечная точка конфигурации OpenID Provider',
authorization_endpoint: 'Конечная точка авторизации', authorization_endpoint: 'Конечная точка авторизации',
authorization_endpoint_tip: authorization_endpoint_tip:
'Конечная точка для аутентификации и авторизации. Он используется для аутентификации <a> OpenID Connect </a>.', 'Конечная точка для аутентификации и авторизации. Он используется для аутентификации <a> OpenID Connect </a>.',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: 'Всегда выдавать Refresh Token', always_issue_refresh_token: 'Всегда выдавать Refresh Token',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'Включение этой настройки позволит Logto всегда выдавать Refresh Tokens, независимо от того, была ли в запросе на аутентификацию предложена команда `prompt=consent`. Однако данная практика не рекомендуется, если это необходимо, поскольку она несовместима с OpenID Connect и может вызвать проблемы.', 'Включение этой настройки позволит Logto всегда выдавать Refresh Tokens, независимо от того, была ли в запросе на аутентификацию предложена команда `prompt=consent`. Однако данная практика не рекомендуется, если это необходимо, поскольку она несовместима с OpenID Connect и может вызвать проблемы.',
refresh_token_ttl: 'Time to Live (TTL) Refresh Token в днях',
refresh_token_ttl_tip:
'Продолжительность, на протяжении которой Refresh Token может использоваться для запроса новых токенов доступа, прежде чем он истечет и станет недействительным. Запросы токенов будут продлевать TTL Refresh Token до этого значения.',
rotate_refresh_token: 'Поворот Refresh Token',
rotate_refresh_token_label:
'При включении Logto будет выдавать новый Refresh Token для запросов токенов, когда пройдет 70% изначального Time to Live (TTL) или будут выполнены определенные условия. <a>Узнать больше</a>',
delete_description: delete_description:
'Это действие нельзя отменить. Оно навсегда удалит приложение. Введите название приложения <span> {{name}} </span>, чтобы подтвердить.', 'Это действие нельзя отменить. Оно навсегда удалит приложение. Введите название приложения <span> {{name}} </span>, чтобы подтвердить.',
enter_your_application_name: 'Введите название своего приложения', enter_your_application_name: 'Введите название своего приложения',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 не найдено', not_found: '404 не найдено',
create_internal_role_violation: create_internal_role_violation:
'Вы создаете новую внутреннюю роль, что запрещено Logto. Попробуйте другое имя, которое не начинается с "#internal:".', 'Вы создаете новую внутреннюю роль, что запрещено Logto. Попробуйте другое имя, которое не начинается с "#internal:".',
should_be_an_integer: 'Должно быть целым числом.',
number_should_be_between_inclusive:
'Тогда число должно быть между {{min}} и {{max}} (включительно).',
}; };
export default errors; export default errors;

View file

@ -12,6 +12,7 @@ const application_details = {
application_name_placeholder: 'Uygulamam', application_name_placeholder: 'Uygulamam',
description: 'Açıklama', description: 'Açıklama',
description_placeholder: 'Uygulama açıklamasını giriniz', description_placeholder: 'Uygulama açıklamasını giriniz',
config_endpoint: 'OpenID Provider yapılandırma bitiş noktası',
authorization_endpoint: 'Yetkilendirme bitiş noktası', authorization_endpoint: 'Yetkilendirme bitiş noktası',
authorization_endpoint_tip: authorization_endpoint_tip:
'Kimlik doğrulama ve yetkilendirme gerçekleştirmek için bitiş noktası. OpenID Connect <a>Authentication</a> için kullanılır.', 'Kimlik doğrulama ve yetkilendirme gerçekleştirmek için bitiş noktası. OpenID Connect <a>Authentication</a> için kullanılır.',
@ -44,6 +45,12 @@ const application_details = {
always_issue_refresh_token: 'Her zaman Refresh Token ver', always_issue_refresh_token: 'Her zaman Refresh Token ver',
always_issue_refresh_token_label: always_issue_refresh_token_label:
"Bu yapılandırmayı etkinleştirmek, Logto'nun OpenID Connect ile uyumlu olmayan ve olası sorunlara neden olabilecek her zaman Refresh Token çıkarmasına izin verir `prompt=consent` kimlik doğrulama isteğinin sunulup sunulmadığına bakılmaksızın. Ancak, bu uygulama yalnızca zorunlu olduğunda caydırılmayan bir uygulamadır.", "Bu yapılandırmayı etkinleştirmek, Logto'nun OpenID Connect ile uyumlu olmayan ve olası sorunlara neden olabilecek her zaman Refresh Token çıkarmasına izin verir `prompt=consent` kimlik doğrulama isteğinin sunulup sunulmadığına bakılmaksızın. Ancak, bu uygulama yalnızca zorunlu olduğunda caydırılmayan bir uygulamadır.",
refresh_token_ttl: 'Refresh Token süresi (gün cinsinden)',
refresh_token_ttl_tip:
'Yeni erişim belirteği istekleri için Refresh Belirteği kullanılabilecek süre. Belirteğin süresi dolmadan önce yapılan talepler belirteğin ömrünü uzatacaktır.',
rotate_refresh_token: 'Refresh Tokenı değiştir',
rotate_refresh_token_label:
'Bu seçenek etkinleştirildiğinde, Logto Token Bitiş Süresinin %70&#39;i geçildiğinde veya belli koşullar sağlandığında yeni bir Refresh Token verecektir. <a>Daha fazlası için tıklayın</a>',
delete_description: delete_description:
'Bu eylem geri alınamaz. Uygulama kalıcı olarak silinecektir. Lütfen onaylamak için uygulama adı <span>{{name}}</span> girin.', 'Bu eylem geri alınamaz. Uygulama kalıcı olarak silinecektir. Lütfen onaylamak için uygulama adı <span>{{name}}</span> girin.',
enter_your_application_name: 'Uygulama adı giriniz', enter_your_application_name: 'Uygulama adı giriniz',

View file

@ -22,6 +22,9 @@ const errors = {
not_found: '404 bulunamadı', not_found: '404 bulunamadı',
create_internal_role_violation: create_internal_role_violation:
'Yeni bir dahili rol oluşturuyorsunuz, bu Logto tarafından yasaklanmıştır. "#internal:" ile başlamayan başka bir ad deneyin.', 'Yeni bir dahili rol oluşturuyorsunuz, bu Logto tarafından yasaklanmıştır. "#internal:" ile başlamayan başka bir ad deneyin.',
should_be_an_integer: 'Tamsayı olmalıdır.',
number_should_be_between_inclusive:
'Sayı {{min}} ve {{max}} arasında (her ikisi de dahil) olmalıdır.',
}; };
export default errors; export default errors;

View file

@ -11,6 +11,7 @@ const application_details = {
application_name_placeholder: '我的应用', application_name_placeholder: '我的应用',
description: '描述', description: '描述',
description_placeholder: '请输入应用描述', description_placeholder: '请输入应用描述',
config_endpoint: 'OpenID Provider 配置端点',
authorization_endpoint: '授权端点', authorization_endpoint: '授权端点',
authorization_endpoint_tip: '进行鉴权与授权的端点。用于 OpenID Connect 中的 <a>鉴权</a> 流程。', authorization_endpoint_tip: '进行鉴权与授权的端点。用于 OpenID Connect 中的 <a>鉴权</a> 流程。',
application_id: '应用 ID', application_id: '应用 ID',
@ -42,6 +43,12 @@ const application_details = {
always_issue_refresh_token: '总是颁发 Refresh Token', always_issue_refresh_token: '总是颁发 Refresh Token',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'启用此配置将允许 Logto 始终颁发 Refresh Token无论身份验证请求中是否呈现 `prompt=consent`。 然而,除非必要,否则不推荐这样做,因为它与 OpenID Connect 不兼容,可能会导致问题。', '启用此配置将允许 Logto 始终颁发 Refresh Token无论身份验证请求中是否呈现 `prompt=consent`。 然而,除非必要,否则不推荐这样做,因为它与 OpenID Connect 不兼容,可能会导致问题。',
refresh_token_ttl: 'Refresh Token 有效期(天)',
refresh_token_ttl_tip:
'可用于请求新访问令牌的 Refresh Token 在过期之前的时间段。访问令牌请求将把 Refresh Token 的时效延长到此值。',
rotate_refresh_token: '轮换 Refresh Token',
rotate_refresh_token_label:
'启用后,当原先的 Refresh Token 的时效已经过去 70%或者满足一定条件时Logto 将会为访问令牌请求发放新的 Refresh Token。<a>了解更多</a>',
delete_description: '本操作会永久性地删除该应用,且不可撤销。输入 <span>{{name}}</span> 确认。', delete_description: '本操作会永久性地删除该应用,且不可撤销。输入 <span>{{name}}</span> 确认。',
enter_your_application_name: '输入你的应用名称', enter_your_application_name: '输入你的应用名称',
application_deleted: '应用 {{name}} 成功删除。', application_deleted: '应用 {{name}} 成功删除。',

View file

@ -20,6 +20,8 @@ const errors = {
not_found: '404 找不到资源', not_found: '404 找不到资源',
create_internal_role_violation: create_internal_role_violation:
'你正在创建一个被 Logto 禁止内部角色。尝试使用不以 "#internal:" 开头的其他名称。', '你正在创建一个被 Logto 禁止内部角色。尝试使用不以 "#internal:" 开头的其他名称。',
should_be_an_integer: '应该是整数。',
number_should_be_between_inclusive: '然后数字应该在 {{min}} 到 {{max}} 之间(两端都包括)。',
}; };
export default errors; export default errors;

View file

@ -11,6 +11,7 @@ const application_details = {
application_name_placeholder: '我的應用程式', application_name_placeholder: '我的應用程式',
description: '描述', description: '描述',
description_placeholder: '請輸入應用程式描述', description_placeholder: '請輸入應用程式描述',
config_endpoint: 'OpenID Provider 配置端點',
authorization_endpoint: '授權端點', authorization_endpoint: '授權端點',
authorization_endpoint_tip: '進行驗證和授權的端點。用於 OpenID Connect 中的<a> 驗證 </a> 流程。', authorization_endpoint_tip: '進行驗證和授權的端點。用於 OpenID Connect 中的<a> 驗證 </a> 流程。',
application_id: '應用程式 ID', application_id: '應用程式 ID',
@ -41,7 +42,13 @@ const application_details = {
'啟用或禁用對管理 API 的訪問。啟用後,你可以使用訪問權杖代表該應用程式調用管理 API。', '啟用或禁用對管理 API 的訪問。啟用後,你可以使用訪問權杖代表該應用程式調用管理 API。',
always_issue_refresh_token: '始終發放 Refresh Token', always_issue_refresh_token: '始終發放 Refresh Token',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'啟用此配置將允許 Logto 始終發行 Refresh Token無論是否在驗證請求中呈現 `prompt=consent`。但是,除非必要,否則不建議這樣做,因為它不兼容 OpenID Connect可能會引起問題。', '啟用此配置將允許 Logto 始麼發行 Refresh Token無論是否在驗證請求中呈現 `prompt=consent`。但是,除非必要,否則不建議這樣做,因為它不兼容 OpenID Connect可能會引起問題。',
refresh_token_ttl: 'Refresh Token 的有效期(天)',
refresh_token_ttl_tip:
'Refresh Token 可用來在其過期之前請求新的訪問權杖的持續時間。訪問令牌將將缺省的 TTL 延長到此值。',
rotate_refresh_token: '旋轉 Refresh Token',
rotate_refresh_token_label:
'啟用後,當原始 TTL 達到 70% 或滿足某些條件時就可以在令牌請求中為 Refresh Token 發行新的 Refresh Token。 <a>瞭解更多。</a>',
delete_description: '本操作會永久性地刪除該應用,且不可撤銷。輸入 <span>{{name}}</span> 確認。', delete_description: '本操作會永久性地刪除該應用,且不可撤銷。輸入 <span>{{name}}</span> 確認。',
enter_your_application_name: '輸入你的應用程式名稱', enter_your_application_name: '輸入你的應用程式名稱',
application_deleted: '應用 {{name}} 成功刪除。', application_deleted: '應用 {{name}} 成功刪除。',

View file

@ -20,6 +20,8 @@ const errors = {
not_found: '404 找不到資源', not_found: '404 找不到資源',
create_internal_role_violation: create_internal_role_violation:
'你正在創建一個被 Logto 禁止內部角色。嘗試使用不以 "#internal:" 開頭的其他名稱。', '你正在創建一個被 Logto 禁止內部角色。嘗試使用不以 "#internal:" 開頭的其他名稱。',
should_be_an_integer: '必须为整数。',
number_should_be_between_inclusive: '数值必须在{{min}}和{{max}}之间(包括{{min}}和{{max}})。',
}; };
export default errors; export default errors;

View file

@ -11,12 +11,13 @@ const application_details = {
application_name_placeholder: '我的應用程式', application_name_placeholder: '我的應用程式',
description: '說明', description: '說明',
description_placeholder: '請輸入應用程式說明', description_placeholder: '請輸入應用程式說明',
config_endpoint: 'OpenID Provider 配置端點',
authorization_endpoint: '授權端點', authorization_endpoint: '授權端點',
authorization_endpoint_tip: '進行驗證與授權的端點。用於 OpenID Connect 中的 <a>驗證</a> 流程。', authorization_endpoint_tip: '進行驗證與授權的端點。用於 OpenID Connect 中的 <a>驗證</a> 流程。',
application_id: '應用程式 ID', application_id: '應用程式 ID',
application_id_tip: application_id_tip:
'應用程式的唯一標識,通常由 Logto 生成。相當於 OpenID Connect 中的 <a>client_id</a>。', '應用程式的唯一標識,通常由 Logto 生成。相當於 OpenID Connect 中的 <a>client_id</a>。',
application_secret: '應用程式鑰', application_secret: '應用程式鑰',
redirect_uri: '重定向 URI', redirect_uri: '重定向 URI',
redirect_uris: '重定向 URIs', redirect_uris: '重定向 URIs',
redirect_uri_placeholder: 'https://your.website.com/app', redirect_uri_placeholder: 'https://your.website.com/app',
@ -42,6 +43,12 @@ const application_details = {
always_issue_refresh_token: '始終發放 Refresh Token', always_issue_refresh_token: '始終發放 Refresh Token',
always_issue_refresh_token_label: always_issue_refresh_token_label:
'啟用此配置將使 Logto 無論在驗證請求中是否提供 prompt=consent都能始終發放 Refresh Token。然而除非必要否則不鼓勵這種做法因為它與 OpenID Connect 不相容並可能引起問題。', '啟用此配置將使 Logto 無論在驗證請求中是否提供 prompt=consent都能始終發放 Refresh Token。然而除非必要否則不鼓勵這種做法因為它與 OpenID Connect 不相容並可能引起問題。',
refresh_token_ttl: 'Refresh Token 有效期(天數)',
refresh_token_ttl_tip:
'Refresh Token 可用來獲取新的訪問令牌,失效日期之前可用。獲取訪問令牌時,該令牌的期限將被延長至此值。',
rotate_refresh_token: '旋轉 Refresh Token',
rotate_refresh_token_label:
'啟用此配置將使 Logto 当 Refresh Token 的原始有效期剩下 70% 时或当满足某些条件时,授予新的 Refresh Token 以获取新的 Access Token。<a>了解更多</a>',
delete_description: delete_description:
'本操作會永久性地刪除該應用程式,且不可撤銷。輸入 <span>{{name}}</span> 確認。', '本操作會永久性地刪除該應用程式,且不可撤銷。輸入 <span>{{name}}</span> 確認。',
enter_your_application_name: '輸入你的應用程式姓名', enter_your_application_name: '輸入你的應用程式姓名',

View file

@ -20,6 +20,8 @@ const errors = {
not_found: '404 找不到資源', not_found: '404 找不到資源',
create_internal_role_violation: create_internal_role_violation:
'你正在創建一個被 Logto 禁止的內部角色。嘗試使用不以 "#internal:" 開頭的其他名稱。', '你正在創建一個被 Logto 禁止的內部角色。嘗試使用不以 "#internal:" 開頭的其他名稱。',
should_be_an_integer: '應該是整數。',
number_should_be_between_inclusive: '數字應該在 {{min}} 和 {{max}} 之間(均包含)。',
}; };
export default errors; export default errors;

View file

@ -0,0 +1 @@
export const inSeconds = Object.freeze({ oneMinute: 60, oneHour: 60 * 60, oneDay: 24 * 60 * 60 });

View file

@ -1,3 +1,4 @@
export * from './cookie.js'; export * from './cookie.js';
export * from './system.js'; export * from './system.js';
export * from './oidc.js'; export * from './oidc.js';
export * from './date.js';

View file

@ -1 +1,11 @@
import { type CustomClientMetadata } from '../foundations/jsonb-types.js';
import { inSeconds } from './date.js';
export const tenantIdKey = 'tenant_id'; export const tenantIdKey = 'tenant_id';
export const customClientMetadataDefault = Object.freeze({
idTokenTtl: inSeconds.oneHour,
refreshTokenTtlInDays: 14,
rotateRefreshToken: true,
} as const satisfies Partial<CustomClientMetadata>);

View file

@ -67,7 +67,9 @@ export type OidcClientMetadata = z.infer<typeof oidcClientMetadataGuard>;
export enum CustomClientMetadataKey { export enum CustomClientMetadataKey {
CorsAllowedOrigins = 'corsAllowedOrigins', CorsAllowedOrigins = 'corsAllowedOrigins',
IdTokenTtl = 'idTokenTtl', IdTokenTtl = 'idTokenTtl',
/** @deprecated Use {@link RefreshTokenTtlInDays} instead. */
RefreshTokenTtl = 'refreshTokenTtl', RefreshTokenTtl = 'refreshTokenTtl',
RefreshTokenTtlInDays = 'refreshTokenTtlInDays',
TenantId = 'tenantId', TenantId = 'tenantId',
/** /**
* Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request. * Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request.
@ -77,15 +79,23 @@ export enum CustomClientMetadataKey {
* This config is for the third-party integrations that do not strictly follow OpenID Connect standards due to some reasons (e.g. they only know OAuth, but requires a Refresh Token to be returned anyway). * This config is for the third-party integrations that do not strictly follow OpenID Connect standards due to some reasons (e.g. they only know OAuth, but requires a Refresh Token to be returned anyway).
*/ */
AlwaysIssueRefreshToken = 'alwaysIssueRefreshToken', AlwaysIssueRefreshToken = 'alwaysIssueRefreshToken',
/**
* When enabled (default), Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed.
*
* It can be turned off for only traditional web apps for enhanced security.
*/
RotateRefreshToken = 'rotateRefreshToken',
} }
export const customClientMetadataGuard = z.object({ export const customClientMetadataGuard = z.object({
[CustomClientMetadataKey.CorsAllowedOrigins]: z.string().url().array().optional(), [CustomClientMetadataKey.CorsAllowedOrigins]: z.string().url().array().optional(),
[CustomClientMetadataKey.IdTokenTtl]: z.number().optional(), [CustomClientMetadataKey.IdTokenTtl]: z.number().optional(),
[CustomClientMetadataKey.RefreshTokenTtl]: z.number().optional(), [CustomClientMetadataKey.RefreshTokenTtl]: z.number().optional(),
[CustomClientMetadataKey.RefreshTokenTtlInDays]: z.number().int().min(1).max(90).optional(),
[CustomClientMetadataKey.TenantId]: z.string().optional(), [CustomClientMetadataKey.TenantId]: z.string().optional(),
[CustomClientMetadataKey.AlwaysIssueRefreshToken]: z.boolean().optional(), [CustomClientMetadataKey.AlwaysIssueRefreshToken]: z.boolean().optional(),
}); [CustomClientMetadataKey.RotateRefreshToken]: z.boolean().optional(),
} satisfies Record<CustomClientMetadataKey, z.ZodType>);
/** /**
* @see {@link CustomClientMetadataKey} for key descriptions. * @see {@link CustomClientMetadataKey} for key descriptions.