chore(core,console): remove dev feature guard (#7443)

remove dev feature guard

Author: simeng-li

.changeset/fluffy-actors-knock.md

@@ -0,0 +1,7 @@
+---
+"@logto/schemas": minor
+---
+
+feat: introduced new `oidc_session_extensions` table
+
+This change introduces a new table named `oidc_session_extensions` to the Logto database schema. This table is designed to store additional user session-related data for OpenID Connect (OIDC) sessions, allowing for more flexible and extensible session management.

.changeset/large-carrots-think.md

@@ -0,0 +1,7 @@
+---
+"@logto/console": minor
+---
+
+add user interaction context to custom token claims script
+
+This change introduces the ability to access user interaction details in the custom token claims script within Logto console. The `interaction` context includes information about the user's interaction event, user ID, and verification records, allowing developers to create dynamic and context-aware token claims.

.changeset/twenty-buttons-chew.md

@@ -0,0 +1,35 @@
+---
+"@logto/core": minor
+---
+
+feat: add user interaction details to the custom token claims context
+
+This update introduces a key feature that allows the storage of user interaction details in the `oidc_session_extensions` table for future reference.
+
+Developers can now access user interaction data associated with the current token's authentication session through the context in the custom token claims script, enabling the creation of tailored token claims.
+
+Key Changes:
+
+- Store interaction details: User interaction details are now stored in the oidc_session_extensions table, providing a historical reference for the associated authentication session.
+- Access user interaction details: In the custom token claims script, developers can retrieve user interaction details through the `context.interaction` property, allowing for the creation of dynamic and context-aware token claims. Logto will use the `sessionUid` to query the `oidc_session_extensions` table and retrieve the user interaction details.
+- Interaction Context Includes:
+  - `interactionEvent`: The event that triggered the interaction, such as `SignIn`, `Register`.
+  - `userId`: The unique identifier of the user involved in the interaction.
+  - `verificationRecords`: An array of verification records, providing details about the verification methods used for user identification and any MFA verification if enabled.
+
+Example Use Case:
+Developers can read the verification records from the interaction context. If an Enterprise SSO verification record is found, they can pass the user profile from the Enterprise SSO identities as additional token claims.
+
+```ts
+const ssoVerification = verifications.find(
+  (record) => record.type === "EnterpriseSso"
+);
+
+if (ssoVerification) {
+  return {
+    enterpriseSsoIdentityId:
+      enterpriseSsoVerification?.enterpriseSsoUserInfo?.id,
+    familyName: enterpriseSsoVerification?.enterpriseSsoUserInfo?.familyName,
+  };
+}
+```

packages/console/src/pages/CustomizeJwtDetails/MainContent/SettingsSection/InstructionTab/index.tsx

@@ -5,7 +5,6 @@ import { useState } from 'react';
 import { useFormContext } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 
-import { isDevFeaturesEnabled } from '@/consts/env';
 import { type JwtCustomizerForm } from '@/pages/CustomizeJwtDetails/type';
 import {
   denyAccessCodeExample,
@@ -99,7 +98,7 @@ function InstructionTab({ isActive }: Props) {
           />
         </GuideCard>
       )}
-      {tokenType === LogtoJwtTokenKeyType.AccessToken && isDevFeaturesEnabled && (
+      {tokenType === LogtoJwtTokenKeyType.AccessToken && (
         <GuideCard
           name={CardType.InteractionData}
           isExpanded={expendCard === CardType.InteractionData}

packages/console/src/pages/CustomizeJwtDetails/utils/config.tsx

@@ -8,11 +8,9 @@ import {
   InteractionEvent,
 } from '@logto/schemas';
 import { type EditorProps } from '@monaco-editor/react';
-import { conditional } from '@silverhand/essentials';
 
 import TokenFileIcon from '@/assets/icons/token-file-icon.svg?react';
 import UserFileIcon from '@/assets/icons/user-file-icon.svg?react';
-import { isDevFeaturesEnabled } from '@/consts/env.js';
 
 import type { ModelSettings } from '../MainContent/MonacoCodeEditor/type.js';
 
@@ -34,7 +32,7 @@ declare interface CustomJwtClaims extends Record<string, any> {}
  * 
  * @param {${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserContext}} user - The user info associated with the token.
  * @param {${JwtCustomizerTypeDefinitionKey.JwtCustomizerGrantContext}} [grant] - The grant context associated with the token.
- * ${isDevFeaturesEnabled ? `@param {${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserInteractionContext}} [interaction] - The user interaction context associated with the token.` : ''}
+ * @param {${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserInteractionContext}} [interaction] - The user interaction context associated with the token.
  */
 declare type Context = {
   /**
@@ -48,7 +46,7 @@ declare type Context = {
   /**
    * The user interaction context associated with the token.
    */
-  ${isDevFeaturesEnabled ? `interaction?: ${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserInteractionContext};` : ''}
+  interaction?: ${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserInteractionContext};
 }
 
 declare type Payload = {
@@ -59,9 +57,9 @@ declare type Payload = {
   /**
    * Logto internal data that can be used to pass additional information.
    *
-   * @param {${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserContext}} user
-   * @param {${JwtCustomizerTypeDefinitionKey.JwtCustomizerGrantContext}} [grant]
-   * ${isDevFeaturesEnabled ? `@param {${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserInteractionContext}} [interaction]` : ''}
+   * @params {${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserContext}} user
+   * @params {${JwtCustomizerTypeDefinitionKey.JwtCustomizerGrantContext}} [grant]
+   * @params {${JwtCustomizerTypeDefinitionKey.JwtCustomizerUserInteractionContext}} [interaction]
    */
   context: Context;
   /**
@@ -275,7 +273,7 @@ const defaultUserInteractionContext: Partial<JwtCustomizerUserInteractionContext
 export const defaultUserTokenContextData = {
   user: defaultUserContext,
   grant: defaultGrantContext,
-  ...conditional(isDevFeaturesEnabled && { interaction: defaultUserInteractionContext }),
+  interaction: defaultUserInteractionContext,
 };
 
 export const accessTokenPayloadTestModel: ModelSettings = {

packages/core/src/libraries/session.ts

@@ -7,8 +7,6 @@ import { z } from 'zod';
 import type Queries from '#src/tenants/Queries.js';
 import assertThat from '#src/utils/assert-that.js';
 
-import { EnvSet } from '../env-set/index.js';
-
 const updateInteractionResult = async (
   ctx: Context,
   provider: Provider,
@@ -96,11 +94,6 @@ const saveInteractionLastSubmissionToSession = async (
   queries: Queries,
   interactionDetails: Awaited<ReturnType<Provider['interactionDetails']>>
 ) => {
-  // TODO: Remove this check when the feature is ready to be released. @simeng
-  if (!EnvSet.values.isDevFeaturesEnabled) {
-    return;
-  }
-
   const { session, lastSubmission } = interactionDetails;
 
   if (!session || !lastSubmission) {

packages/core/src/oidc/extra-token-claims.ts

@@ -101,11 +101,6 @@ const getInteractionLastSubmission = async (
   queries: Queries,
   { accountId, sessionUid }: AccessToken
 ) => {
-  // TODO: Remove this check when the feature is ready to be released. @simeng
-  if (!EnvSet.values.isDevFeaturesEnabled) {
-    return;
-  }
-
   // Session UID and account ID are required to fetch the interaction data.
   if (!accountId || !sessionUid) {
     return;

packages/integration-tests/src/tests/api/oidc/get-access-token.test.ts

@@ -26,7 +26,7 @@ import {
 import { assignUsersToRole, createRole, deleteRole } from '#src/api/role.js';
 import { createScope, deleteScope } from '#src/api/scope.js';
 import MockClient, { defaultConfig } from '#src/client/index.js';
-import { isDevFeaturesEnabled, logtoUrl } from '#src/constants.js';
+import { logtoUrl } from '#src/constants.js';
 import { initExperienceClient, processSession } from '#src/helpers/client.js';
 import { createUserByAdmin } from '#src/helpers/index.js';
 import { enableAllPasswordSignInMethods } from '#src/helpers/sign-in-experience.js';
@@ -143,16 +143,14 @@ describe('get access token', () => {
     // The guest user has password.
     expect(getAccessTokenPayload(accessToken)).toHaveProperty('hasPassword', true);
 
-    if (isDevFeaturesEnabled) {
-      expect(getAccessTokenPayload(accessToken)).toHaveProperty(
-        'interactionEvent',
-        InteractionEvent.SignIn
-      );
-      expect(getAccessTokenPayload(accessToken)).toHaveProperty(
-        'verificationType',
-        VerificationType.Password
-      );
-    }
+    expect(getAccessTokenPayload(accessToken)).toHaveProperty(
+      'interactionEvent',
+      InteractionEvent.SignIn
+    );
+    expect(getAccessTokenPayload(accessToken)).toHaveProperty(
+      'verificationType',
+      VerificationType.Password
+    );
 
     await deleteJwtCustomizer('access-token');
   });