mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
feat(schemas): add IdP initiated SAML SSO sessions table (#6663)
* feat(schemas): add idp-initiated saml sso sessions table add idp-iniaited saml sso sessions table * refactor(schemas): remove nameID index remove nameID index
This commit is contained in:
parent
17c2a79caf
commit
d4f7d098dc
3 changed files with 68 additions and 1 deletions
|
@ -0,0 +1,36 @@
|
||||||
|
import { sql } from '@silverhand/slonik';
|
||||||
|
|
||||||
|
import type { AlterationScript } from '../lib/types/alteration.js';
|
||||||
|
|
||||||
|
import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
|
||||||
|
|
||||||
|
const alteration: AlterationScript = {
|
||||||
|
up: async (pool) => {
|
||||||
|
await pool.query(sql`
|
||||||
|
create table idp_initiated_saml_sso_sessions (
|
||||||
|
tenant_id varchar(21) not null
|
||||||
|
references tenants (id) on update cascade on delete cascade,
|
||||||
|
/** The globally unique identifier of the assertion record. */
|
||||||
|
id varchar(21) not null,
|
||||||
|
/** The identifier of the SAML SSO connector. */
|
||||||
|
connector_id varchar(128) not null
|
||||||
|
references sso_connectors (id) on update cascade on delete cascade,
|
||||||
|
/** The SAML assertion. */
|
||||||
|
assertion_content jsonb /* @use SsoSamlAssertionContent */ not null default '{}'::jsonb,
|
||||||
|
created_at timestamptz not null default(now()),
|
||||||
|
/** The expiration time of the assertion. */
|
||||||
|
expires_at timestamptz not null,
|
||||||
|
primary key (tenant_id, id)
|
||||||
|
);
|
||||||
|
`);
|
||||||
|
await applyTableRls(pool, 'idp_initiated_saml_sso_sessions');
|
||||||
|
},
|
||||||
|
down: async (pool) => {
|
||||||
|
await dropTableRls(pool, 'idp_initiated_saml_sso_sessions');
|
||||||
|
await pool.query(sql`
|
||||||
|
drop table idp_initiated_saml_sso_sessions;
|
||||||
|
`);
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
export default alteration;
|
|
@ -10,6 +10,8 @@ export const ssoBrandingGuard = z.object({
|
||||||
darkLogo: z.string().optional(),
|
darkLogo: z.string().optional(),
|
||||||
});
|
});
|
||||||
|
|
||||||
|
export type SsoBranding = z.infer<typeof ssoBrandingGuard>;
|
||||||
|
|
||||||
export const idpInitiatedAuthParamsGuard = z
|
export const idpInitiatedAuthParamsGuard = z
|
||||||
.object({
|
.object({
|
||||||
resources: z.array(z.string()).optional(),
|
resources: z.array(z.string()).optional(),
|
||||||
|
@ -19,4 +21,17 @@ export const idpInitiatedAuthParamsGuard = z
|
||||||
|
|
||||||
export type IdpInitiatedAuthParams = z.infer<typeof idpInitiatedAuthParamsGuard>;
|
export type IdpInitiatedAuthParams = z.infer<typeof idpInitiatedAuthParamsGuard>;
|
||||||
|
|
||||||
export type SsoBranding = z.infer<typeof ssoBrandingGuard>;
|
export const ssoSamlAssertionContentGuard = z
|
||||||
|
.object({
|
||||||
|
nameID: z.string().optional(),
|
||||||
|
attributes: z.record(z.string().or(z.array(z.string()))).optional(),
|
||||||
|
conditions: z
|
||||||
|
.object({
|
||||||
|
notBefore: z.string(),
|
||||||
|
notOnOrAfter: z.string(),
|
||||||
|
})
|
||||||
|
.optional(),
|
||||||
|
})
|
||||||
|
.catchall(z.unknown());
|
||||||
|
|
||||||
|
export type SsoSamlAssertionContent = z.infer<typeof ssoSamlAssertionContentGuard>;
|
||||||
|
|
16
packages/schemas/tables/idp_initiated_saml_sso_sessions.sql
Normal file
16
packages/schemas/tables/idp_initiated_saml_sso_sessions.sql
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
/* init_order = 2 */
|
||||||
|
create table idp_initiated_saml_sso_sessions (
|
||||||
|
tenant_id varchar(21) not null
|
||||||
|
references tenants (id) on update cascade on delete cascade,
|
||||||
|
/** The globally unique identifier of the assertion record. */
|
||||||
|
id varchar(21) not null,
|
||||||
|
/** The identifier of the SAML SSO connector. */
|
||||||
|
connector_id varchar(128) not null
|
||||||
|
references sso_connectors (id) on update cascade on delete cascade,
|
||||||
|
/** The SAML assertion. */
|
||||||
|
assertion_content jsonb /* @use SsoSamlAssertionContent */ not null default '{}'::jsonb,
|
||||||
|
created_at timestamptz not null default(now()),
|
||||||
|
/** The expiration time of the assertion. */
|
||||||
|
expires_at timestamptz not null,
|
||||||
|
primary key (tenant_id, id)
|
||||||
|
);
|
Loading…
Reference in a new issue