Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tailor-platform/sdk/llms.txt

Use this file to discover all available pages before exploring further.

Function Signature

function defineIdp<const TClients extends string[]>(
  name: string,
  config: Omit<IdPInput, "name" | "clients"> & { clients: TClients }
): DefinedIdp<string, IdPInput, TClients[number]>
Defines an Identity Provider (IdP) service configuration with type-safe client references.

Parameters

name
string
required
IdP service name
config
IdPInput
required
IdP configuration object
authorization
'insecure' | 'loggedIn' | { cel: string }
required
Authorization policy for IdP operations:
  • "insecure": No authorization required (development only)
  • "loggedIn": Require authenticated user
  • { cel: string }: Custom CEL expression for authorization
clients
string[]
required
Array of client names allowed to use this IdP
lang
'en' | 'ja'
Default language for IdP UI and messages
userAuthPolicy
IdPUserAuthPolicy
User authentication policy configuration
useNonEmailIdentifier
boolean
Allow non-email identifiers for usernames
allowSelfPasswordReset
boolean
Allow users to reset their own passwords
passwordRequireUppercase
boolean
Require at least one uppercase letter in passwords
passwordRequireLowercase
boolean
Require at least one lowercase letter in passwords
passwordRequireNonAlphanumeric
boolean
Require at least one non-alphanumeric character in passwords
passwordRequireNumeric
boolean
Require at least one numeric digit in passwords
passwordMinLength
number
Minimum password length (6-30, inclusive)
passwordMaxLength
number
Maximum password length (6-4096, inclusive)
allowedEmailDomains
string[]
Restrict registration to specific email domains. Cannot be used with useNonEmailIdentifier
allowGoogleOauth
boolean
Enable Google OAuth authentication. Requires allowedEmailDomains to be set
disablePasswordAuth
boolean
Disable password authentication (OAuth only). Requires allowGoogleOauth to be enabled
publishUserEvents
boolean
Enable publishing user lifecycle events (created, updated, deleted)
gqlOperations
IdPGqlOperationsConfig
Configure which GraphQL operations are enabled for IdP users:
  • "query": Alias for read-only mode (disables all mutations)
  • Object with boolean flags for each operation:
    • create: Enable _createUser mutation
    • update: Enable _updateUser mutation
    • delete: Enable _deleteUser mutation
    • read: Enable _users and _user queries
    • sendPasswordResetEmail: Enable _sendPasswordResetEmail mutation
All operations are enabled by default (undefined or true = enabled, false = disabled)

Returns

idp
DefinedIdp
Defined IdP service with the following properties:
name
string
IdP service name
provider
function
Method to create an identity provider configuration:
provider(providerName: string, clientName: TClients[number]): BuiltinIdP
Returns an object with:
  • name: Provider name
  • kind: "BuiltInIdP"
  • namespace: IdP service name
  • clientName: Client name
All other fields from the input config are preserved.

Example

Basic Configuration

import { defineIdp } from "@tailor-platform/sdk";

const idp = defineIdp("my-idp", {
  authorization: "loggedIn",
  clients: ["default-idp-client"],
  userAuthPolicy: {
    useNonEmailIdentifier: false,
    allowSelfPasswordReset: true,
    passwordRequireUppercase: true,
    passwordRequireLowercase: true,
    passwordRequireNonAlphanumeric: true,
    passwordRequireNumeric: true,
    passwordMinLength: 8,
    passwordMaxLength: 128,
  },
});

With Google OAuth

const idp = defineIdp("my-idp", {
  authorization: "loggedIn",
  clients: ["web-client", "mobile-client"],
  userAuthPolicy: {
    allowedEmailDomains: ["example.com", "company.com"],
    allowGoogleOauth: true,
    passwordMinLength: 12,
  },
});

Read-Only GraphQL Operations

const idp = defineIdp("my-idp", {
  authorization: "loggedIn",
  clients: ["default-idp-client"],
  gqlOperations: "query", // Disables all mutations
});

Using Provider Method

import { defineAuth, defineIdp } from "@tailor-platform/sdk";

const idp = defineIdp("my-idp", {
  authorization: "loggedIn",
  clients: ["default-idp-client"],
});

const auth = defineAuth("my-auth", {
  userProfile: {
    type: user,
    usernameField: "email",
  },
  idProvider: idp.provider("sample", "default-idp-client"),
});

Notes

  • The clients array is type-checked when using the .provider() method
  • Password constraints are validated:
    • passwordMinLength must be ≤ passwordMaxLength
    • passwordMinLength must be between 6 and 30
    • passwordMaxLength must be between 6 and 4096
  • allowedEmailDomains cannot be used with useNonEmailIdentifier
  • allowGoogleOauth requires allowedEmailDomains to be set
  • disablePasswordAuth requires allowGoogleOauth to be enabled
  • disablePasswordAuth cannot be used with allowSelfPasswordReset
  • The .provider() method is used to link the IdP to an auth service

Build docs developers (and LLMs) love

Get started for freeTalk to us