Feature: merge with v1.17.0 (#24)

* fix(deps): update dependency snakecase-keys to v8 (logto-io#5667)

Co-authored-by: Gao Sun <gao@silverhand.io>

* fix(deps): update dependency samlify to v2.8.11 (logto-io#5458)

Co-authored-by: Gao Sun <gao@silverhand.io>

* feat(console): display api resources in org role permission table (logto-io#5671)

* refactor: uncomment feature guard (logto-io#5676)

* feat(console): assign permissions for org roles (logto-io#5664)

* refactor(core): partially remove got (logto-io#5596)

* refactor(core): partially remove got

* refactor: use shared form-urlencoded headers

* refactor(console): update protected app custom domain field to app domain (logto-io#5680)

* fix(core): not allow to modify management api resource (logto-io#5626)

* refactor(console): deprecate original organization template page (logto-io#5681)

* feat(console): add paywall for organization template (logto-io#5679)

* refactor(console): update reservation link (logto-io#5683)

* chore(deps): update zaproxy/action-full-scan action to v0.10.0 (logto-io#5620)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* feat(core): add custom jwt worker deploy (logto-io#5682)

call custom jwt worker deploy cloud service when upsert new jwt-customizers

* feat(core): undeploy worker scripts when jwt customizer is deleted (logto-io#5685)

undeloy work scripts when the jwt customizer is deleted

* refactor(console,phrases): update organization template phrases (logto-io#5688)

* refactor(console): use route objects

* refactor(console): split route objects

* chore(console): disable route component in pages

* feat(core): add jwt-customizer test script deployment (logto-io#5686)

feat(core): call cloud worker deploy service on custom jwt test

call cloud worker deploy service on custom jwt test

* feat(console): add api permission content for organization guide (logto-io#5697)

* style(console): align resource icon with resource name (logto-io#5694)

* refactor(console): update org template sidebar icon (logto-io#5691)

* style(console): update signing key sidebar icon (logto-io#5692)

* refactor(phrases): update organization template subtitle (logto-io#5693)

* refactor(core,schemas): make the jwt customizer script field mandatory (logto-io#5696)

* refactor(core,schemas): make the jwt customizer script field mandatory

make the jwt customizer script field mandatory

* fix(schemas): fix the alteration script

fix the alteration script

* fix(schemas): fix ut

fix ut

* fix(console): fix the quota guard layout (logto-io#5689)

* fix(console): fix the quota guard layout

fix the quota guard layout

* chore(console): add some comments

add some comments

* refactor(console): reorg organization details routes (logto-io#5702)

* refactor(console): update tab order on role details page (logto-io#5695)

* chore: add Cloudflare worker config for custom JWT (logto-io#5709)

* feat(core): add api to fetch organization scopes for a user (logto-io#5701)

* feat(core): add api to fetch user organization scopes

* chore: add openapi.json

* fix: integration test

* chore: turn off max-lines lint rules for openapi json files

* chore: add changeset

* refactor: return all scope information instead of just the name

* refactor(console): update check guide button style on org template page (logto-io#5712)

* style(console): update organization template layout (logto-io#5713)

* refactor(console): update console routes (logto-io#5715)

* fix(console): mutate org roles once a org role is deleted (logto-io#5716)

* feat(core): handle access token with organization api resource (logto-io#5653)

* style(console): minor custom jwt page style iteration (logto-io#5711)

minor custom jwt page styles iteration

* chore(test): improve organization user test stability (logto-io#5717)

* feat(core): add customJwt paywall guard to core API (logto-io#5708)

add customJwt paywall guard to core API

* chore(core): fix typos in comment (logto-io#5718)

* refactor(core): dont throw for status errors in prod (logto-io#5690)

* refactor(core): dont throw for status errors in prod

* refactor(core): report to AppInsights

* chore(console): update incorrect swr cache key usages (logto-io#5724)

* chore(deps): update dependency @testing-library/react to v15 (logto-io#5726)

Co-authored-by: Gao Sun <gao@silverhand.io>

* feat(console): update user access immediately on tenant role updates (logto-io#5720)

* feat(console): update user access immediately on tenant role updates

* chore: improve comments

Co-authored-by: Gao Sun <gao@silverhand.io>

---------

Co-authored-by: Gao Sun <gao@silverhand.io>

* refactor: remove pnpm script (logto-io#5728)

* fix(core): set oidc access denied error code to 403 (logto-io#5725)

* feat(console): add plausible

* refactor(console,phrases): update phrases for organization role (logto-io#5736)

* fix(console): cloud collaboration minor bug fixes (logto-io#5734)

* fix(console): oss version should not check user tenant scopes

* fix(console): collaborators should leave immediately if they are removed from tenant

* fix(core,console): invitee emails should be case insensitive (logto-io#5730)

* fix(core,console): invitee email checks should be case insensitive

* test: add integration test

* chore: add changeset

* refactor(console): remove AppInsights

* refactor: upgrade packages (logto-io#5739)

* refactor: upgrade packages

* refactor: fix type issues

* refactor: fix koa-guard

* test(console): assign permissions to organization role (logto-io#5729)

* refactor: remove AppInsights for React (logto-io#5742)

* fix(console): always display create org button (logto-io#5746)

* fix(console): force dev feature enabled false (logto-io#5752)

* fix(console): force dev feature enabled false

force dev feature enabled false

* fix(console): avoid lint error

avoid lint error

* fix(console): enable dev feature for integration tests

enable dev feature for integration tests

* chore: upgrade packages (logto-io#5749)

* feat(core): add redis cluster and tls extra options support (logto-io#5619)

* feat: add redis cluster and tls extra options support

* refactor(core): allow non-normative redis url

---------

Co-authored-by: Gao Sun <gao@silverhand.io>

* chore(deps): update silverhand configs monorepo packages to v6 (major) (logto-io#5750)

* chore: upgrade configs

* refactor: fix lint errors

* refactor: fix lint errors

* refactor: fix stylelint issues

---------

Co-authored-by: Gao Sun <gao@silverhand.io>

* fix(core): update cloud dependency, cloud client calls

* chore: apply suggestions from code review

Co-authored-by: Gao Sun <gao@silverhand.io>

* chore: update util function interface and update comments

* chore(console): update custom JWT scripts sample (logto-io#5747)

* fix(console): revert the isDevFeaturesEnabled changes in console (logto-io#5755)

revert the isDevFeatureEnabled hot fix

* chore: upgrade json5 to 2.2.3 (logto-io#5757)

* fix(console): pagination bar should be fully visible (logto-io#5758)

* fix(console): replace ts with js for JWT customizer (logto-io#5760)

replace ts with js for JWT customizer

* fix(console): rotate signing-key dropdown should be visible (logto-io#5759)

* fix(console): copy to clipboard component should display at full width properly (logto-io#5764)

* fix(console): fix the jwt creation page idle bug after submit form (logto-io#5761)

* fix(console): fix the jwt creation page idle bug after submit form

fix the jwt creation page idle bug after submit the form

* chore(console): add some comments

add some comments

* refactor(console): implement new jwt customizer delete modal (logto-io#5765)

* refactor(console): clean up the global useConfirmModal provider

clean up the global useConfirmModal provider

* refactor(console): implement new jwt customizer delete modal

implement new jwt customizer delete modal

* refactor(console): update organization guide and tenant member routers (logto-io#5766)

* chore(phrases): improve phrases on accessing invitations not made for you (logto-io#5744)

* chore(experience): package update (logto-io#5769)

react-device-deteck package update

* style(experience): fix the terms of use link style (logto-io#5771)

fix the terms of use link style in confirm modal

* chore(core): fix typo in code comments (logto-io#5772)

* feat(console): add spring boot integration guide (logto-io#5740)

* feat(console): add spring boot integration guide

add spring boot integration guide

* chore: add changeset

add changeset

* chore: fix changeset typo

* fix(console): update the spring boot guide description

update the spring boot guide description

* chore(console): remove extra empty space

remove extra empty space

* feat(core): support comma separated resource param (logto-io#5773)

* chore(console,core): remove custom JWT dev feature guard (logto-io#5775)

* chore(phrases): update custom JWT console phrases (logto-io#5776)

* chore(deps): update ataylorme/eslint-annotate-action action to v3 (logto-io#5756)

* chore(deps): update ataylorme/eslint-annotate-action action to v3

* ci: update upload-annotations.yml

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Gao Sun <gao@silverhand.io>

* fix(core): bump oidc-provider to fix resource indicator check (logto-io#5782)

* fix(core): bump oidc-provider to fix resource indicator check

* chore: add changeset

* chore(deps): upgrade formidable (logto-io#5780)

* feat: add the new dockerize-edge job (logto-io#5777)

* feat: add the new dockerize-edge-image job

add the new dockerize-edge-image job

* chore: rename the job

rename the job

* chore: fix the layout of docker-edge ci job

fix the layout of docker-edge ci job

* refactor(core): update `AuthedRouter` -> `ManagementApiRouter`

* feat(connector): support `client_secret_basic` and `client_secret_jwt` methods for oauth2 connectors (logto-io#5762)

* chore: ignore the hidden file found zap alert (logto-io#5786)

ignore the hidden file found zap alert

* fix: fix zap config file (logto-io#5788)

fix zap config file

* fix: fix zap config file syntax (logto-io#5790)

fix zap config file syntax

* fix(deps): update dependency tar to v7 (logto-io#5678)

* fix(deps): update dependency tar to v7

* refactor: fix import

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Gao Sun <gao@silverhand.io>

* chore(deps): update dependency supertest to v7 (logto-io#5791)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix(experience): redirect to sign-in page on socical sign-in error (logto-io#5787)

* fix(experience): redirect to sign-in page on socical sign-in error
redirect user to sign-in page on social sign-in error

* test(experience): add integration tests

add integration tests

* refactor: reorg the implementation

* feat: support organization custom data (logto-io#5785)

* feat: support organization custom data

* chore: update changeset

* chore: add code coverage token (logto-io#5792)

add code coverage token

* fix(experience): use correct callback path for native environments (logto-io#5800)

* refactor(console): remove useless log title definitions (logto-io#5798)

remove useless log title definitions

* fix(core): fix status code of create new user api (logto-io#5735)

* fix(experience,core): fix SSO register hook event not triggering bug (logto-io#5796)

* fix(experience,core): fix SSO register hook event not triggering bug

fix the SSO register hook event not triggering bug

* chore: update changeset content

update changeset content

* feat(schemas): add table for app org resource scope consent (logto-io#5803)

feat(schemas): add table application_user_consent_organization_resource_scopes

* fix: remove the plus sign in front of the phone number (logto-io#5801)

* fix(core): fix upload file guard (logto-io#5810)

fix: remove the plus sign in front of the phone number (logto-io#5801)

Co-authored-by: Kamto <kam_to@outlook.com>

* refactor: update plausible domain (logto-io#5799)

refactor: update plausible domain

* feat(core,schemas): add CRUD for consent organization resource scopes (logto-io#5804)

feat(core,schemas): add crud for user consent organization resource scopes

* refactor: implement request id (logto-io#5813)

* refactor: implement request id

* refactor: fix tests

* refactor: add unit tests

* refactor: remove app insights domains from security headers (logto-io#5814)

* feat(connector): add hugging face connector (logto-io#5797)

* fix(core): invitee email check should be case insensitive (logto-io#5823)

* fix(core): invitee email check should be case insensitive

* chore: add changeset

* fix(console): hide org resource scopes tab from 3rd-party app modal (logto-io#5824)

* chore(deps): upgrade withtyped packages (logto-io#5827)

* refactor(core): optimize init (logto-io#5826)

* chore(deps): upgrade withtyped packages (logto-io#5829)

* refactor(console): make invitee email breakable in invitation list (logto-io#5825)

* feat(core,schemas): add org resource scopes to consent get (logto-io#5808)

* feat(experience): display org resource scopes on consent page (logto-io#5831)

* feat: init management api hook middleware function (logto-io#5783)

* feat: init management api hook middleware function

* refactor: fix type issues

* feat(core): implement auto triggered management api hooks

implement auto triggered managment api hooks

* refactor(console,core,schemas): rename the managementHook to dataHook

rename the managementHooke to dataHook and redefine the types

* feat(core): add dev feature guard

add dev feature guard

* chore: update changeset

update changeset

* refactor(core,console,schemas,shared): update the webhook logics

update the webhook logics. Address some PR review comments

* fix(test): fix integration tests

fix integration tests

* fix(test): remove legacy code

remove legacy code

* refactor(core,schemas): refactor the hook library code

refactor the webhooks library code. address some comments

* fix(core): address rebase issue

update console log using getConsoleLogFromContext

* fix(core): fix ut

fix ut

* fix(core): refactor data webhook code

refactor data webhook codes

* refactor(core): clean up some management api webhook code

clean up some management api webhook code

---------

Co-authored-by: simeng-li <simeng@silverhand.io>

* feat(console): add webflow integration guide (logto-io#5832)

* refactor(console): update conversion report timing (logto-io#5833)

* feat(connector): can access all user email even if no public email is set (logto-io#5737)

* feat(core,schemas): update consent info (logto-io#5822)

* chore(deps): update pnpm to v9 (logto-io#5727)

* chore(deps): update pnpm to v9

* ci: fix alteration

---------

Co-authored-by: Gao Sun <gao@silverhand.io>

* feat(console): support assign organization resource scopes for 3rd-party app (logto-io#5812)

* fix(console): make profile a tenant independent page (logto-io#5687)

* fix(console): make profile a tenant independent page

* refactor(console): profile routes

* chore(core): refactor later

* fix(console): focus on org socpes tab on app scopes modal reopened (logto-io#5839)

* fix(console): fix the link social feature on logto cloud (logto-io#5838)

* fix(experience): hide scope list if no user scopes and resource scopes (logto-io#5840)

* refactor(console): refactor some console global routes (logto-io#5841)

* fix(console): move handle social route to global anonymous route enum (logto-io#5842)

* refactor(console, phrases): update resource scopes assignment form title (logto-io#5846)

* feat(core,console): enable custom JWT for OSS and can run script in local vm (logto-io#5794)

* chore: add changeset for org api resource (logto-io#5719)

chore: add change set for org api resource

* chore(deps): update dependency @simplewebauthn/browser to v10 (logto-io#5703)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update dependency @simplewebauthn/types to v10 (logto-io#5704)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix(deps): update dependency @simplewebauthn/server to v10 (logto-io#5705)

* fix(deps): update dependency @simplewebauthn/server to v10

* fix(core): update code to support @simplewebauthn/server v10

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: wangsijie <wangsijie@silverhand.io>

* fix(core): filter scopes for 3rd-party app (logto-io#5845)

* chore: fix pnpm-lock (logto-io#5851)

* ci(connector): build connectors before publish (logto-io#5853)

* chore(console,experience): remove dev flags add changeset for organization updates (logto-io#5763)

* chore(core,schemas): remove feature guard of organization api resource (logto-io#5743)

* chore(console): update jwt claims status in plan comparison table (logto-io#5854)

* feat(schemas): define data hook events (logto-io#5828)

* feat(schemas): define data hook events

define data hook events

* fix(schemas,core): fix the type error

fix the type error

* fix(core): fix unit test

fix unit test

* feat(test): add integration tests for DataHooks

add integration tests for DataHooks

* fix(test): fix ut of management api hook middleware
fix ut of the management api hook middleware

* refactor(test,core,schemas): refactor some DataHook definiations

refactor some DataHook definitations

* chore(test): remove upper scope describe wrap

remove upper scope describe wrap

* fix(test): fix tests

fix tests

* refactor(schemas): rename the info.update events

rename the info.update events

* refactor(schemas): rename

rename

* refactor(core,schemas): refactor DataHook code

refactor DataHook code to address some code review comments

* fix(test): fix ut

fix ut

* fix(schemas): update DataHookEventPayload type

update DataHookEventPayload type

* chore(schemas): update comments

update comments

* feat(console): add wordpress integration guide (logto-io#5844)

* ci: use default runner (logto-io#5848)

* refactor(core, schemas): update interaction webhook middleware using contextManager (logto-io#5834)

* feat(core): update interaction webhook middleware using contextManager
updaet interaction webhook middleware using contextManager

* fix(test): fix ut

fix ut

* refactor(core, schemas): refactor DataHook context structure

refactor DataHook context structure

* fix(core): fix demo-app application not found error

fix demo-app application not found error

* chore(core): update comments

update comments

* chore: build oauth2 connector on prepack (logto-io#5855)

* chore(core): add custom domain host to app insights (logto-io#5852)

* fix(core): add devFeature guard for DataHooks (logto-io#5861)

fix(core): add devFeature guard

add devFeature guard

* refactor(core): update first admin user preconditions (logto-io#5858)

* fix(core): fix consent scopes filter rule for non-3rd-party app (logto-io#5859)

* refactor(console): do not parameterize guide id (logto-io#5863)

* chore(phrases): update organization permission column name (logto-io#5864)

* fix(core): should sign out user after deletion or suspension (logto-io#5857)

fixed logto-io#5572

* chore(console): update sdk doc reference links (logto-io#5860)

* release: version packages (logto-io#5684)

* feat(core): trigger user create DataHook event on user registration (logto-io#5837)

* feat(core): trigger user data hook event on interaction api call

trigger user data hook event on interaction api call

* chore(core): refine comments

refine comments

* fix(core): fix the interactionHookMiddleware

fix the interactionHookMiddleware

* test(core): add integration tests

add integration tests for interaction hooks

* chore(test): remove legacy test

remove legacy test

* ci: remove corepack (logto-io#5867)

* refactor(console): report first app creation conversion (logto-io#5866)

* feat(console, phrases): update the supported webhook events (logto-io#5856)

* test(core): add integration tests

add integration tests for interaction hooks

* chore(test): remove legacy test

remove legacy test

* feat(console, phrases): update the supported webhook events

update the supported webhook events

* refactor(console): rename webhook and webhook log keys

rename webhook and webhook log keys

* fix(test): fix integration test

fix integration test

* feat(console): add devFeature guard

add devFeature guard

* chore: add changeset

add changeset

* chore(console): remove the lint rule disable comment

remove the lint rule disable comment

* fix(test): fix the integartion tests

fix the integration tests

* fix(console): refine the code

refine the code

* chore(console): refine comments

refine comments

* fix(console): update the svelte integration guide (logto-io#5869)

update the svelte integration guide

* style(console): update webhook list page styles (logto-io#5871)

update webhook list page styles

* fix(console): improve audit log error handling if the related user has been removed (logto-io#5874)

* refactor(core,schemas,test): rename DataHook data update event name (logto-io#5876)

rename the DataHook Schema data update event name

* chore(deps): update dependency sinon to v18 (logto-io#5870)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore: update README.md (logto-io#5877)

* chore: update README.md

fix typos

* chore: update README.md

* chore(deps): upgrade caniuse-lite (logto-io#5875)

* feat(console): add next auth guide (logto-io#5873)

* feat: default user role (logto-io#5872)

* feat: default user role

* chore: add tests and changeset

* refactor: show warning for deprecated env

* chore: fix tests

* refactor(core,schemas): move webhook event payload type definition to schemas (logto-io#5878)

move webhook event payload type definition to schemas

* feat(core): add suctom scopes.updated hook events (logto-io#5880)

* feat(core): add suctom scopes.updated hook events

add scopes.updated hook event to role creation api

* chore(core): add dev feature guard

add dev feature gurad

* feat(core): fetch scopes details and return to the hook

fetch scopes details and return to the hook

* refactor(core): mark deprecated body of roles/:id/scopes api

mark deprecated body of roles/:id/scopes api

* fix(test): fix unit test

fix unit test

* feat(core): update test hook payload (logto-io#5883)

update test hook payload to be dynamic based on InteractionHook or DataHook event

* fix(connector): fix invalid image path in connector readme (logto-io#5887)

* chore(connector): update wecom connector readme (logto-io#5894)

* refactor: remove `TenantInfo` type (logto-io#5891)

* refactor(experience): add global loading status on page redirect (logto-io#5774)

* refactor(experience): add global loading status on page redirect

add global loading status on page redirect

* chore: add changeset

* fix(phrases): fix legacy sie phrases (logto-io#5897)

fix legay sie phrases

* fix(console): fix Nuxt doc typo (logto-io#5899)

* chore(phrases): update tenant deletion modal content (logto-io#5900)

* chore(phrases): update tenant deletion modal content

* chore(phrases): sync translation

* fix(console): add pro tag for custom JWT page (logto-io#5901)

* fix(console): fix Laravel misspelling (logto-io#5903)

* refactor(core): report forwarded headers (logto-io#5907)

* refactor: remove internal role policies (logto-io#5904)

* refactor: remove internal role policies

* refactor: remove unused tests

* chore(console): update pricing table for organizations feature (logto-io#5909)

* feat(console,core): remove DataHook devFeature guard (logto-io#5898)

* feat(console,core): remove DataHook devFeature guard

remove DataHook devFeature guard

* chore: add changeset

add changeset

* chore: update changesets

update changesets

* feat: create pre-configured role with m-api access when seeding db (logto-io#5908)

* refactor(console): reorg role transfer component file structure (logto-io#5911)

* fix(schemas): import `generateStandardId` from correct source (logto-io#5920)

* fix: add id generation utils for alteration scripts (logto-io#5921)

* refactor(console): add management api access flag for role options (logto-io#5918)

* refactor(console): add notification for m2m role (logto-io#5919)

* fix(console): fix m2m guide curl code syntax error (logto-io#5923)

fix m2m guide curl code syntax error

* chore(console): translate i18n phrases (logto-io#5905)

* refactor(console): setup m2m roles after creating m2m app (logto-io#5924)

* feat(console): support multi-region

* chore(deps): upgrade `@logto/cloud`

* refactor: fix type issues

* refactor(console): show dynamic region info in tenant settings

* chore(deps): upgrade `@logto/cloud`

* refactor(console): support multi-region for paid plans

* refactor(console): prioritize onboarding check for route redirect

* fix(connector): fix GitHub connector GET /emails forbidden error (logto-io#5925)

* fix(connector): fix GitHub connector GET /emails forbidden error

* chore: adopt suggestion

Co-authored-by: Gao Sun <gao@silverhand.io>

---------

Co-authored-by: Gao Sun <gao@silverhand.io>

* fix(console): remove outdated nextjs app router guide (logto-io#5862)

* refactor(core): use jwks response from oidc for admin tenant keys (logto-io#5935)

* refactor(console): improve onboarding ux (logto-io#5932)

* fix(core): fix azure oidc sso connector authorization error (logto-io#5912)

* fix(core): fix azure oidc sso connector authorization error

fix azure oidc sso connector authorization error

* chore: add changeset

add changeset

* chore: update changeset

update changeset

* fix(core): dynamicly verify multi-tenant azure oidc issuer

dynamicly verify multi-tenant azure oidc issuer

* feat(connector): add dingtalk connector (logto-io#5915)

* feat: add dingtalk connector

* refactor(connector): optimize codes

* refactor(connector): optimize the logic of getting user phone

* docs(connector): add English configuration guide for DingTalk

* docs(connector): add table of contents

* docs(connector): optimize format

---------

Co-authored-by: aidenlu <aiden_lu@wochacha.com>

* chore(phrases): update cloud collaboration invite modal title (logto-io#5939)

* refactor(console): add prefix to pv path (logto-io#5933)

* refactor: optmize phrases (logto-io#5936)

* feat(console): invite collaborators during onboarding (logto-io#5938)

* fix(core,console): update invalid documentation links in console and core (logto-io#5937)

fix(core,console): update invalid documentation links in console and core cli

* docs(core): remove pagination from get organization invitation api docs (logto-io#5934)

* chore: update translate cli (logto-io#5906)

* chore: update translate cli

* chore: add changeset

* chore: fix typo (logto-io#5942)

* refactor(console): fix onboarding issues

* feat(console): show banner when only dev tenant found (logto-io#5944)

* feat(console): show banner when only dev tenant found

* refactor(console): use i18n

* refactor(phrases): update m2m role creation hint (logto-io#5945)

* refactor(phrases): update management api notification (logto-io#5946)

* refactor(console): sync m2m integration guide (logto-io#5941)

* feat(console): show dev feature status

* chore(deps): update dependency nock to v14.0.0-beta.7 (logto-io#5952)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* refactor(console): set portal `z-index` properly (logto-io#5948)

* refactor: update naming (logto-io#5951)

replace all "mainFlow" with "experience"

* feat(connector): add DingTalk web connector changeset (logto-io#5940)

* fix(console): avoid rendering outdated role options (logto-io#5953)

* refactor(console): remove redundant notification from m2m guide (logto-io#5954)

* feat(core,toolkit): add new sso_identities claim (logto-io#5955)

* feat(core,toolkit): add new sso_identities claim

add new sso_identities claim to the userinfo endpoint

* chore: update changeset

update changeset

* chore: update comments

update comments

* refactor(core): use findUserSsoIdentites query method in user library

use findUserSsoIdentites query method in user library

* refactor: improve user experience (logto-io#5958)

* feat(console): show version number for oss (logto-io#5950)

* refactor: remove service log fkey (logto-io#5959)

* refactor(console): improve onboarding data and subscription fetching (logto-io#5960)

* release: version packages (logto-io#5868)

* feat(core): some updates

* chore(core): github actions

* chore(core): added ogcio comments

* chore(core): added ogcio comments

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Gao Sun <gao@silverhand.io>
Co-authored-by: Xiao Yijun <xiaoyijun@silverhand.io>
Co-authored-by: Charles Zhao <charleszhao@silverhand.io>
Co-authored-by: wangsijie <wangsijie@silverhand.io>
Co-authored-by: simeng-li <simeng@silverhand.io>
Co-authored-by: Darcy Ye <darcyye@silverhand.io>
Co-authored-by: Alessandro Chitolina <alekitto@gmail.com>
Co-authored-by: Kamto <kam_to@outlook.com>
Co-authored-by: silverhand-bot <107667382+silverhand-bot@users.noreply.github.com>
Co-authored-by: wonders88 <140933866+wonders88@users.noreply.github.com>
Co-authored-by: aiden <allaher@icloud.com>
Co-authored-by: aidenlu <aiden_lu@wochacha.com>

.github/pull_request_template.md

@@ -1,3 +1,4 @@
+[comment]: <> (This file has been added on OGCIO fork)
 ### Ticket:
 
 - [XXX](https://dev.azure.com/OGCIO-Digital-Services/Digital%20Services%20Programme/_workitems/edit/XXX)

.github/workflows/main.yml

@@ -132,11 +132,7 @@ jobs:
 
       - name: Prepack alteration
         working-directory: ./alteration
-        run: |
-          # Remove corepack commands once a new Logto release is out
-          corepack enable pnpm
-          corepack use pnpm@8
-          pnpm i && pnpm prepack
+        run: pnpm i && pnpm prepack
       # ** End **
 
       - name: Setup Postgres
@@ -192,4 +188,4 @@ jobs:
 
       - name: Check alteration sequence
         working-directory: ./fresh
-        run: node .scripts/check-alterations-sequence.js
+        run: node .scripts/check-alterations-sequence.js

Dockerfile

@@ -5,7 +5,10 @@ ENV CI=true
 
 # No need for Docker build
 ENV PUPPETEER_SKIP_DOWNLOAD=true
+
+# OGCIO
 ENV PORT=3301
+# OGCIO
 ENV ADMIN_PORT=3302
 ### Install toolchain ###
 RUN npm add --location=global pnpm@^9.0.0
@@ -40,12 +43,17 @@ RUN rm -rf .scripts .parcel-cache pnpm-*.yaml packages/cloud
 
 ###### [STAGE] Seal ######
 FROM node:20-alpine as app
+# OGCIO
 ENV PORT=3301
+# OGCIO
 ENV ADMIN_PORT=3302
 WORKDIR /etc/logto
 COPY --from=builder /etc/logto .
+# OGCIO
 RUN apk add --no-cache jq
+# OGCIO
 EXPOSE 3301
+# OGCIO
 EXPOSE 3302
-
+# OGCIO
 CMD [ "sh", "-c", "export ENCODED_PASSWORD=$(jq --slurp --raw-input --raw-output @uri <(printf \"%s\" $POSTGRES_PASSWORD)) && export DB_URL=\"postgres://$POSTGRES_USER:$ENCODED_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB_NAME\" && export REDIS_URL=\"redis://$REDIS_HOST:$REDIS_PORT\" && npm run cli db seed -- --swe && npm run cli db alteration deploy latest && npm run ogcio:start"]

README.OGCIO.md

@@ -1,3 +1,5 @@
+[comment]: <> (This file has been added on OGCIO fork)
+
 # LogTo per OGCIO
 
 ## Get started

README.md

@@ -62,7 +62,7 @@ docker compose -p logto -f - up
 
 #### npm-init
 
-Requires [Node.js](https://nodejs.org/) `^18.12.0` + [PostgreSQL](https://postgresql.org/) `^14.0`.
+Requires [Node.js](https://nodejs.org/) `^20.9.0` + [PostgreSQL](https://postgresql.org/) `^14.0`.
 
 ```bash
 npm init @logto
@@ -87,11 +87,11 @@ Logto uses the [default browserslist config](https://github.com/browserslist/bro
 - Our team takes security seriously, especially when it relates to identity. If you find any existing or potential security issues, please do not hesitate to email 🔒 [security@logto.io](mailto:security@logto.io).
 - About other bug reports, feature requests, and feedback, you can:
   - Directly 🙋 [open an issue](https://github.com/logto-io/logto/issues/new) on GitHub;
-  - 💬 [join our Discord server](https://discord.gg/vRvwuwgpVX) to have a live chat;
+  - 💬 [Join our Discord server](https://discord.gg/vRvwuwgpVX) to have a live chat.
 
 ## Licensing
 
-See the [LICENSE](LICENSE) file for licensing information as it pertains to files in this repository.
+[MPL-2.0](LICENSE).
 
 ## Contributing
 

docker-compose-local.yml

@@ -1,3 +1,4 @@
+# This file has been added on OGCIO fork
 services:
   app:
     depends_on:

docker-compose.yml

@@ -13,28 +13,35 @@ services:
         "npm run cli db seed -- --swe && npm start"
       ]
     ports:
+      # OGCIO
       - 3301:3301
+      # OGCIO
       - 3302:3302
     environment:
       - TRUST_PROXY_HEADER=1
+      # OGCIO
       - DB_URL=postgres://postgres:p0stgr3s@postgres:5433/logto
       # Mandatory for GitPod to map host env to the container, thus GitPod can dynamically configure the public URL of Logto;
       # Or, you can leverage it for local testing.
       - ENDPOINT
       - ADMIN_ENDPOINT
+      # OGCIO
       - PORT=3301
+      # OGCIO
       - ADMIN_PORT=3302
   postgres:
     image: postgres:14-alpine
     user: postgres
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: p0stgr3s
+      # OGCIO
       PGPORT: 5433
     healthcheck:
       test: [ "CMD-SHELL", "pg_isready" ]
       interval: 10s
       timeout: 5s
       retries: 5
+    # OGCIO
     ports:
       - 5433:5433

makefile

@@ -1,3 +1,4 @@
+# This file has been added on OGCIO fork
 TAG = local-logto:latest
 
 build:

packages/app-insights/package.json

@@ -47,7 +47,7 @@
   },
   "prettier": "@silverhand/eslint-config/.prettierrc",
   "dependencies": {
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "applicationinsights": "^2.9.5"
   },
   "peerDependencies": {

packages/cli/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Change Log
 
+## 1.17.0
+
+### Minor Changes
+
+- 25d67f33f: create a pre-configured role with Management API access when seeding the database
+
+### Patch Changes
+
+- 07ac3e87c: fix the translate CLI command by adding the missing import
+- Updated dependencies [25d67f33f]
+- Updated dependencies [e04d9523a]
+- Updated dependencies [b5104d8c1]
+- Updated dependencies [0c70d65c7]
+- Updated dependencies [76fd33b7e]
+  - @logto/schemas@1.17.0
+  - @logto/phrases@1.11.0
+  - @logto/core-kit@2.5.0
+
 ## 1.16.0
 
 ### Patch Changes

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/cli",
-  "version": "1.16.0",
+  "version": "1.17.0",
   "description": "Logto CLI.",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "homepage": "https://github.com/logto-io/logto#readme",
@@ -43,13 +43,13 @@
   },
   "dependencies": {
     "@logto/connector-kit": "workspace:^3.0.0",
-    "@logto/core-kit": "workspace:^2.4.0",
+    "@logto/core-kit": "workspace:^2.5.0",
     "@logto/language-kit": "workspace:^1.1.0",
-    "@logto/phrases": "workspace:^1.10.1",
+    "@logto/phrases": "workspace:^1.11.0",
     "@logto/phrases-experience": "workspace:^1.6.1",
-    "@logto/schemas": "workspace:1.16.0",
+    "@logto/schemas": "workspace:1.17.0",
     "@logto/shared": "workspace:^3.1.1",
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "@silverhand/slonik": "31.0.0-beta.2",
     "chalk": "^5.0.0",
     "decamelize": "^6.0.0",
@@ -84,7 +84,7 @@
     "eslint": "^8.56.0",
     "lint-staged": "^15.0.0",
     "prettier": "^3.0.0",
-    "sinon": "^17.0.0",
+    "sinon": "^18.0.0",
     "vitest": "^1.4.0"
   },
   "eslintConfig": {

packages/cli/src/commands/database/alteration/index.ts

@@ -1,6 +1,6 @@
 import type { AlterationScript } from '@logto/schemas/lib/types/alteration.js';
 import { conditionalString } from '@silverhand/essentials';
-import type { DatabasePool } from '@silverhand/slonik';
+import type { CommonQueryMethods, DatabasePool } from '@silverhand/slonik';
 import chalk from 'chalk';
 import type { CommandModule } from 'yargs';
 
@@ -39,7 +39,7 @@ export const getLatestAlterationTimestamp = async () => {
 };
 
 export const getAvailableAlterations = async (
-  pool: DatabasePool,
+  pool: CommonQueryMethods,
   compareMode: 'gt' | 'lte' = 'gt'
 ) => {
   const databaseTimestamp = await getCurrentDatabaseAlterationTimestamp(pool);

packages/cli/src/commands/database/index.ts

@@ -16,6 +16,7 @@ const database: CommandModule = {
       .command(seed)
       .command(alteration)
       .command(system)
+      // OGCIO
       .command(ogcio)
       .demandCommand(1),
   handler: noop,

packages/cli/src/commands/database/seed/roles.ts

@@ -0,0 +1,44 @@
+import {
+  PredefinedScope,
+  getManagementApiResourceIndicator,
+  createPreConfiguredManagementApiAccessRole,
+} from '@logto/schemas';
+import { generateStandardId } from '@logto/shared';
+import { sql, type CommonQueryMethods } from '@silverhand/slonik';
+
+import { insertInto } from '../../../database.js';
+
+/**
+ * Create a pre-configured role with Management API access
+ *
+ * Caution:
+ * This function should only be called after the tenant's Management API resource and the related all scope have been created.
+ */
+export const seedPreConfiguredManagementApiAccessRole = async (
+  pool: CommonQueryMethods,
+  tenantId: string
+) => {
+  const role = createPreConfiguredManagementApiAccessRole(tenantId);
+
+  await pool.query(insertInto(role, 'roles'));
+
+  // Assign Logto Management API permission `all` to the Logto Management API M2M role
+  await pool.query(sql`
+    insert into roles_scopes (id, role_id, scope_id, tenant_id)
+    values (
+      ${generateStandardId()},
+      ${role.id},
+      (
+        select scopes.id
+        from scopes
+        join resources on
+          scopes.tenant_id = resources.tenant_id and
+          scopes.resource_id = resources.id
+        where resources.indicator = ${getManagementApiResourceIndicator(tenantId)}
+        and scopes.name = ${PredefinedScope.All}
+        and scopes.tenant_id = ${tenantId}
+      ),
+      ${tenantId}
+    )
+  `);
+};

packages/cli/src/commands/database/seed/tables.ts

@@ -40,6 +40,7 @@ import { consoleLog, getPathInModule } from '../../../utils.js';
 
 import { appendAdminConsoleRedirectUris, seedTenantCloudServiceApplication } from './cloud.js';
 import { seedOidcConfigs } from './oidc-config.js';
+import { seedPreConfiguredManagementApiAccessRole } from './roles.js';
 import { seedTenantOrganizations } from './tenant-organizations.js';
 import {
   assignScopesToRole,
@@ -150,6 +151,14 @@ export const seedTables = async (
   await seedOidcConfigs(connection, defaultTenantId);
   await seedAdminData(connection, defaultManagementApi);
 
+  /**
+   * Create a pre-configured role for the Logto Management API access
+   * in the default tenant (the default tenant is the only tenant for the OSS version, and the initial tenant for cloud).
+   *
+   * Called after the default tenant's Management API resource and the related all scope have been created.
+   */
+  await seedPreConfiguredManagementApiAccessRole(connection, defaultTenantId);
+
   await createTenant(connection, adminTenantId);
   await seedOidcConfigs(connection, adminTenantId);
   await seedAdminData(connection, createAdminDataInAdminTenant(defaultTenantId));

packages/cli/src/commands/database/seed/tenant.ts

@@ -1,4 +1,4 @@
-import { createTenantMetadata } from '@logto/core-kit';
+import { createTenantDatabaseMetadata } from '@logto/core-kit';
 import {
   type AdminData,
   type UpdateAdminData,
@@ -26,7 +26,7 @@ import { consoleLog } from '../../../utils.js';
 
 export const createTenant = async (pool: CommonQueryMethods, tenantId: string) => {
   const database = await getDatabaseName(pool, true);
-  const { parentRole, role, password } = createTenantMetadata(database, tenantId);
+  const { parentRole, role, password } = createTenantDatabaseMetadata(database, tenantId);
   const createTenant = {
     id: tenantId,
     dbUser: role,

packages/cli/src/commands/translate/sync-keys/utils.ts

@@ -259,7 +259,10 @@ const traverseNode = async (
   await fs.writeFile(targetFilePath, '', { flag: 'w+' });
 
   if (isRoot) {
-    await fs.appendFile(targetFilePath, "import type { LocalePhrase } from '../../types.js';\n\n");
+    await fs.appendFile(
+      targetFilePath,
+      "import { type DeepPartial } from '@silverhand/essentials';\n\nimport type { LocalePhrase } from '../../types.js';\n\n"
+    );
   }
 
   // Write imports first
@@ -355,7 +358,7 @@ const traverseNode = async (
   await traverseObject(baseline, targetObject, 2);
 
   await (isRoot
-    ? fs.appendFile(targetFilePath, '} satisfies LocalePhrase;\n\n')
+    ? fs.appendFile(targetFilePath, '} satisfies DeepPartial<LocalePhrase>;\n\n')
     : fs.appendFile(targetFilePath, '};\n\n'));
   await fs.appendFile(targetFilePath, `export default Object.freeze(${identifier});\n`);
 };

packages/connectors/connector-alipay-native/package.json

@@ -5,7 +5,7 @@
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "dependencies": {
     "@logto/connector-kit": "workspace:^3.0.0",
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "dayjs": "^1.10.5",
     "got": "^14.0.0",
     "iconv-lite": "^0.6.3",

packages/connectors/connector-alipay-web/package.json

@@ -4,7 +4,7 @@
   "description": "Alipay implementation.",
   "dependencies": {
     "@logto/connector-kit": "workspace:^3.0.0",
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "dayjs": "^1.10.5",
     "got": "^14.0.0",
     "iconv-lite": "^0.6.3",

packages/connectors/connector-aliyun-dm/package.json

@@ -4,7 +4,7 @@
   "description": "Aliyun DM connector implementation.",
   "dependencies": {
     "@logto/connector-kit": "workspace:^3.0.0",
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.0",
     "zod": "^3.22.4"

packages/connectors/connector-aliyun-sms/package.json

@@ -4,7 +4,7 @@
   "description": "Aliyun SMS connector implementation.",
   "dependencies": {
     "@logto/connector-kit": "workspace:^3.0.0",
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.0",
     "zod": "^3.22.4"

packages/connectors/connector-apple/package.json

@@ -5,7 +5,7 @@
   "dependencies": {
     "@logto/connector-kit": "workspace:^3.0.0",
     "@logto/shared": "workspace:^3.1.0",
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "jose": "^5.0.0",
     "snakecase-keys": "^8.0.0",

packages/connectors/connector-aws-ses/package.json

@@ -7,7 +7,7 @@
     "@aws-sdk/client-sesv2": "^3.556.0",
     "@aws-sdk/types": "^3.535.0",
     "@logto/connector-kit": "workspace:^3.0.0",
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.0",
     "zod": "^3.22.4"

packages/connectors/connector-azuread/package.json

@@ -6,7 +6,7 @@
   "dependencies": {
     "@azure/msal-node": "^2.0.0",
     "@logto/connector-kit": "workspace:^3.0.0",
-    "@silverhand/essentials": "^2.9.0",
+    "@silverhand/essentials": "^2.9.1",
     "got": "^14.0.0",
     "snakecase-keys": "^8.0.0",
     "zod": "^3.22.4"

packages/connectors/connector-dingtalk-web/CHANGELOG.md

@@ -0,0 +1,7 @@
+# @logto/connector-dingtalk-web
+
+## 0.1.0
+
+### Minor Changes
+
+- 0b5b15b96: add DingTalk web connector