-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtypes.ts
More file actions
129 lines (115 loc) · 4.81 KB
/
types.ts
File metadata and controls
129 lines (115 loc) · 4.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
import { AdminUser, KeyValueAdapter } from "adminforth";
export type PluginOptions = {
/**
* Name of the field in the auth resource which will store 2FA secret.
*
* Resource mandatory should have one columns which defined {@link AdminForthResourceColumn} which
* name should be equal to the value .
*/
twoFaSecretFieldName: string;
/**
* Not-negative optional time step window for 2FA. This value means that the user will be able to enter the old code
* for the next 30 seconds after the new code was generated.
*/
timeStepWindow?: number;
/**
* Number of seconds for step-up MFA grace period.
* During this period, user will not be challenged with 2FA on sensitive actions.
*/
stepUpMfaGracePeriodSeconds?: number;
customBrandPrefix?: string;
/**
* Passkeys (WebAuthn) configuration.
*/
passkeys?: {
credentialResourceID: string,
credentialIdFieldName: string,
credentialMetaFieldName: string,
credentialUserIdFieldName: string,
/**
* KeyValueAdapter is required to make sure that generated challenge can't be reused more than once
*/
keyValueAdapter: KeyValueAdapter,
/**
* Allow login with Passkeys even if 2FA is not set up. Default is true.
*/
allowLoginWithPasskeys?: boolean;
/**
* Remember user for number of days after login with Passkey, so that user won't be challenged with 2FA on every login.
*/
rememberDaysAfterPasskeyLogin?: number;
/**
* Order of "Continue with passkey" button in under login button injection
*/
continueWithButtonsOrder?: number,
/**
* Period between showing alert suggesting to set up Passkeys if not set up yet.
*/
suggestionPeriod?: string; // e.g. '30d', '12h', '15m'. Default is '5d'
/**
* Challenge period for Passkeys authentication.
*/
challengeValidityPeriod?: string; // e.g. '5m', '10m', '15m'. Default is '1m'
/**
* Passkeys settings for WebAuthn API.
*/
settings: {
/**
* The origin that you expect the authentication to come from. (e.g. https://example.com or http://localhost:3000)
*/
expectedOrigin: string;
rp?: {
/**
* The Relying Party name.
*/
name?: string;
/**
* The Relying Party ID. A domain or subdomain (e.g. example.com or login.example.com).
*/
id?: string;
},
user: {
/**
* Field in users resource, that user will recognize as unique user ID.(e.g. email or username)
*/
nameField: string;
/**
* Field in users resource, that user will recognize as display name.(e.g. full name)
*/
displayNameField?: string;
},
authenticatorSelection?: {
/**
* The preferred authenticator attachment. It can be either "platform", "cross-platform" or "both".
* Default to "platform".
*/
authenticatorAttachment?: 'platform' | 'cross-platform' | 'both';
/**
* Set it to a boolean true. A discoverable credential (resident key)
* stores user information to the passkey and lets users select the account upon authentication.
* Default to "True".
*/
requireResidentKey?: boolean;
/**
* Indicates whether a user verification using the device screen lock is "required" or "discouraged".
* The default is "required".
*/
userVerification?: 'required' | 'discouraged';
}
};
};
/**
* Optional function to filter users to apply 2FA.
* Should return true if 2FA should be applied to the user and false if AdminForth should not challenge the user with 2FA.
* @param adminUser
* @returns true if 2FA should be applied to the user and false if AdminForth should not challenge the user with 2FA.
*/
usersFilterToApply?: (adminUser: AdminUser) => boolean;
/**
* Optional function to allow users to skip 2FA setup.
* Should return true if the user should be allowed to skip the 2FA setup and false if AdminForth should require the user to set up 2FA.
* @param adminUser
* @returns true if the user should be allowed to skip the 2FA setup and false if AdminForth should require the user to set up 2FA.
*/
usersFilterToAllowSkipSetup?: (adminUser: AdminUser) => boolean;
}