@authhero/adapter-interfaces 0.134.0 → 0.136.0

package/dist/adapter-interfaces.mjs

@@ -2,20 +2,20 @@ import { z as e } from "@hono/zod-openapi";
 const s = e.object({
   created_at: e.string(),
   updated_at: e.string()
-}), ot = e.enum(["AUTH0", "EMAIL", "REDIRECT"]), tt = e.enum([
+}), pt = e.enum(["AUTH0", "EMAIL", "REDIRECT"]), ct = e.enum([
   "CREATE_USER",
   "GET_USER",
   "UPDATE_USER",
   "SEND_REQUEST",
   "SEND_EMAIL"
-]), nt = e.enum(["VERIFY_EMAIL"]), P = e.object({
+]), _t = e.enum(["VERIFY_EMAIL"]), K = e.object({
   require_mx_record: e.boolean().optional(),
   block_aliases: e.boolean().optional(),
   block_free_emails: e.boolean().optional(),
   block_disposable_emails: e.boolean().optional(),
   blocklist: e.array(e.string()).optional(),
   allowlist: e.array(e.string()).optional()
-}), M = e.object({
+}), z = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("AUTH0"),
@@ -27,7 +27,7 @@ const s = e.object({
     user_id: e.string(),
     changes: e.record(e.string(), e.any())
   })
-}), H = e.object({
+}), X = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("EMAIL"),
@@ -36,9 +36,9 @@ const s = e.object({
   mask_output: e.boolean().optional(),
   params: e.object({
     email: e.string(),
-    rules: P.optional()
+    rules: K.optional()
   })
-}), G = e.enum(["change-email", "account", "custom"]), B = e.object({
+}), q = e.enum(["change-email", "account", "custom"]), V = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("REDIRECT"),
@@ -46,32 +46,32 @@ const s = e.object({
   allow_failure: e.boolean().optional(),
   mask_output: e.boolean().optional(),
   params: e.object({
-    target: G.openapi({
+    target: q.openapi({
       description: "The predefined target to redirect to, or 'custom' for a custom URL"
     }),
     custom_url: e.string().optional().openapi({
       description: "Custom URL to redirect to when target is 'custom'"
     })
   })
-}), K = e.union([
-  M,
-  H,
-  B
-]), W = e.object({
+}), Y = e.union([
+  z,
+  X,
+  V
+]), Q = e.object({
   name: e.string().min(1).max(150).openapi({
     description: "The name of the flow"
   }),
   // Actions is an array of action steps (Auth0 stores as JSON blob)
-  actions: e.array(K).optional().default([]).openapi({
+  actions: e.array(Y).optional().default([]).openapi({
     description: "The list of actions to execute in sequence"
   })
-}), it = W.extend({
+}), dt = Q.extend({
   ...s.shape,
   id: e.string().openapi({
     description: "Unique identifier for the flow",
     example: "af_12tMpdJ3iek7svMyZkSh5M"
   })
-}), at = e.object({
+}), gt = e.object({
   page: e.string().min(0).optional().default("0").transform((o) => parseInt(o, 10)).openapi({
     description: "The page number where 0 is the first page"
   }),
@@ -87,12 +87,12 @@ const s = e.object({
   q: e.string().optional().openapi({
     description: "A lucene query string used to filter the results"
   })
-}), st = e.object({
+}), ut = e.object({
   start: e.number(),
   limit: e.number(),
   length: e.number(),
   total: e.number().optional()
-}), z = e.object({
+}), J = e.object({
   email: e.string().optional(),
   email_verified: e.boolean().optional(),
   name: e.string().optional(),
@@ -101,7 +101,7 @@ const s = e.object({
   phone_number: e.string().optional(),
   phone_verified: e.boolean().optional(),
   family_name: e.string().optional()
-}).catchall(e.any()), X = e.object({
+}).catchall(e.any()), Z = e.object({
   connection: e.string(),
   user_id: e.string(),
   provider: e.string(),
@@ -109,8 +109,8 @@ const s = e.object({
   access_token: e.string().optional(),
   access_token_secret: e.string().optional(),
   refresh_token: e.string().optional(),
-  profileData: z.optional()
-}), V = e.object({
+  profileData: J.optional()
+}), $ = e.object({
   formatted: e.string().optional(),
   // Full mailing address
   street_address: e.string().optional(),
@@ -123,9 +123,11 @@ const s = e.object({
   // Zip code or postal code
   country: e.string().optional()
   // Country name
-}).optional(), I = e.object({
+}).optional(), N = e.object({
   email: e.string().optional().transform((o) => o && o.toLowerCase()),
-  username: e.string().optional(),
+  username: e.string().refine((o) => !o.includes("@"), {
+    message: 'Usernames must not contain "@". Use the email field for email addresses.'
+  }).optional(),
   phone_number: e.string().optional(),
   phone_verified: e.boolean().optional(),
   // OIDC phone scope claim (phone_number_verified)
@@ -153,8 +155,8 @@ const s = e.object({
   zoneinfo: e.string().optional(),
   // e.g., "Europe/Paris"
   // OIDC address claim (OIDC Core 5.1.1)
-  address: V
-}), q = I.extend({
+  address: $
+}), ee = N.extend({
   email_verified: e.boolean().default(!1),
   verify_email: e.boolean().optional(),
   last_ip: e.string().optional(),
@@ -169,29 +171,29 @@ const s = e.object({
     hash: e.string(),
     algorithm: e.string()
   }).optional()
-}), Y = e.object({
-  ...q.omit({ password: !0 }).shape,
+}), oe = e.object({
+  ...ee.omit({ password: !0 }).shape,
   ...s.shape,
   user_id: e.string(),
   provider: e.string(),
   is_social: e.boolean(),
   email: e.string().optional(),
   login_count: e.number().default(0),
-  identities: e.array(X).optional()
-}), rt = Y, lt = I.extend({
+  identities: e.array(Z).optional()
+}), mt = oe, ht = N.extend({
   login_count: e.number(),
   multifactor: e.array(e.string()).optional(),
   last_ip: e.string().optional(),
   last_login: e.string().optional(),
   user_id: e.string()
-}).catchall(e.any()), Q = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";
-let J = (o = 21) => {
-  let a = "", r = crypto.getRandomValues(new Uint8Array(o |= 0));
+}).catchall(e.any()), te = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";
+let ne = (o = 21) => {
+  let n = "", i = crypto.getRandomValues(new Uint8Array(o |= 0));
   for (; o--; )
-    a += Q[r[o] & 63];
-  return a;
+    n += te[i[o] & 63];
+  return n;
 };
-const Z = e.object({
+const ie = e.object({
   client_id: e.string().openapi({
     description: "ID of this client."
   }),
@@ -204,7 +206,7 @@ const Z = e.object({
   global: e.boolean().default(!1).openapi({
     description: "Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false)."
   }),
-  client_secret: e.string().default(() => J()).optional().openapi({
+  client_secret: e.string().default(() => ne()).optional().openapi({
     description: "Client secret (which you must not make public)."
   }),
   app_type: e.enum([
@@ -364,11 +366,11 @@ const Z = e.object({
     description: "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"
   }),
   token_quota: e.record(e.any()).default({}).optional()
-}), ct = e.object({
+}), bt = e.object({
   created_at: e.string(),
   updated_at: e.string(),
-  ...Z.shape
-}), $ = e.object({
+  ...ie.shape
+}), ae = e.object({
   client_id: e.string().min(1).openapi({
     description: "ID of the client."
   }),
@@ -393,23 +395,23 @@ const Z = e.object({
   authorization_details_types: e.array(e.string()).optional().openapi({
     description: "Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."
   })
-}), ee = e.object({
+}), re = e.object({
   id: e.string().openapi({
     description: "ID of the client grant."
   }),
-  ...$.shape,
+  ...ae.shape,
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), pt = e.array(ee), c = e.object({
+}), ft = e.array(re), u = e.object({
   x: e.number(),
   y: e.number()
 });
-var y = /* @__PURE__ */ ((o) => (o.RICH_TEXT = "RICH_TEXT", o.NEXT_BUTTON = "NEXT_BUTTON", o.BACK_BUTTON = "BACK_BUTTON", o.SUBMIT_BUTTON = "SUBMIT_BUTTON", o.DIVIDER = "DIVIDER", o.TEXT = "TEXT", o.EMAIL = "EMAIL", o.PASSWORD = "PASSWORD", o.NUMBER = "NUMBER", o.PHONE = "PHONE", o.DATE = "DATE", o.CHECKBOX = "CHECKBOX", o.RADIO = "RADIO", o.SELECT = "SELECT", o.HIDDEN = "HIDDEN", o.LEGAL = "LEGAL", o))(y || {}), C = /* @__PURE__ */ ((o) => (o.BLOCK = "BLOCK", o.FIELD = "FIELD", o))(C || {});
-const u = e.object({
+var R = /* @__PURE__ */ ((o) => (o.RICH_TEXT = "RICH_TEXT", o.NEXT_BUTTON = "NEXT_BUTTON", o.BACK_BUTTON = "BACK_BUTTON", o.SUBMIT_BUTTON = "SUBMIT_BUTTON", o.DIVIDER = "DIVIDER", o.TEXT = "TEXT", o.EMAIL = "EMAIL", o.PASSWORD = "PASSWORD", o.NUMBER = "NUMBER", o.PHONE = "PHONE", o.DATE = "DATE", o.CHECKBOX = "CHECKBOX", o.RADIO = "RADIO", o.SELECT = "SELECT", o.HIDDEN = "HIDDEN", o.LEGAL = "LEGAL", o))(R || {}), j = /* @__PURE__ */ ((o) => (o.BLOCK = "BLOCK", o.FIELD = "FIELD", o))(j || {});
+const y = e.object({
   id: e.string(),
-  category: e.nativeEnum(C),
-  type: e.nativeEnum(y)
-}), oe = u.extend({
+  category: e.nativeEnum(j),
+  type: e.nativeEnum(R)
+}), se = y.extend({
   category: e.literal(
     "BLOCK"
     /* BLOCK */
@@ -421,7 +423,7 @@ const u = e.object({
   config: e.object({
     content: e.string()
   }).passthrough()
-}), te = u.extend({
+}), le = y.extend({
   category: e.literal(
     "BLOCK"
     /* BLOCK */
@@ -443,7 +445,7 @@ const u = e.object({
   config: e.object({
     text: e.string()
   }).passthrough()
-}), ne = u.extend({
+}), pe = y.extend({
   category: e.literal(
     "FIELD"
     /* FIELD */
@@ -457,7 +459,7 @@ const u = e.object({
   config: e.object({
     text: e.string()
   }).passthrough()
-}), ie = u.extend({
+}), ce = y.extend({
   category: e.literal(
     "FIELD"
     /* FIELD */
@@ -510,49 +512,49 @@ const u = e.object({
     label: e.string().optional(),
     placeholder: e.string().optional()
   }).passthrough()
-}), ae = e.object({
+}), _e = e.object({
   id: e.string(),
   category: e.string(),
   type: e.string()
-}).passthrough(), se = e.union([
-  oe,
-  te,
-  ne,
-  ie,
-  ae
+}).passthrough(), de = e.union([
+  se,
+  le,
+  pe,
+  ce,
+  _e
 ]);
-var re = /* @__PURE__ */ ((o) => (o.STEP = "STEP", o.FLOW = "FLOW", o.CONDITION = "CONDITION", o.ACTION = "ACTION", o))(re || {});
-const le = e.object({
+var ge = /* @__PURE__ */ ((o) => (o.STEP = "STEP", o.FLOW = "FLOW", o.CONDITION = "CONDITION", o.ACTION = "ACTION", o))(ge || {});
+const ue = e.object({
   id: e.string(),
   type: e.literal(
     "STEP"
     /* STEP */
   ),
-  coordinates: c,
+  coordinates: u,
   alias: e.string().optional(),
   config: e.object({
-    components: e.array(se),
+    components: e.array(de),
     next_node: e.string()
   }).passthrough()
-}), ce = e.object({
+}), me = e.object({
   id: e.string(),
   type: e.literal(
     "FLOW"
     /* FLOW */
   ),
-  coordinates: c,
+  coordinates: u,
   alias: e.string().optional(),
   config: e.object({
     flow_id: e.string(),
     next_node: e.string()
   })
-}), pe = e.object({
+}), he = e.object({
   id: e.string(),
   type: e.literal(
     "ACTION"
     /* ACTION */
   ),
-  coordinates: c,
+  coordinates: u,
   alias: e.string().optional(),
   config: e.object({
     action_type: e.enum(["REDIRECT"]).openapi({
@@ -568,47 +570,47 @@ const le = e.object({
       description: "The next node to navigate to after action (for non-redirect actions)"
     })
   }).passthrough()
-}), _e = e.object({
+}), be = e.object({
   id: e.string(),
   type: e.string(),
-  coordinates: c
-}).passthrough(), de = e.union([
-  le,
-  ce,
-  pe,
-  _e
-]), ge = e.object({
+  coordinates: u
+}).passthrough(), fe = e.union([
+  ue,
+  me,
+  he,
+  be
+]), Ee = e.object({
   next_node: e.string(),
-  coordinates: c
-}).passthrough(), ue = e.object({
+  coordinates: u
+}).passthrough(), Se = e.object({
   resume_flow: e.boolean().optional(),
-  coordinates: c
-}).passthrough(), me = e.object({
+  coordinates: u
+}).passthrough(), Ae = e.object({
   id: e.string(),
   name: e.string(),
   languages: e.object({
     primary: e.string()
   }).passthrough(),
-  nodes: e.array(de),
-  start: ge,
-  ending: ue,
+  nodes: e.array(fe),
+  start: Ee,
+  ending: Se,
   created_at: e.string(),
   updated_at: e.string(),
   links: e.object({
     sdkSrc: e.string().optional(),
     sdk_src: e.string().optional()
   }).passthrough()
-}).passthrough(), _t = me.omit({
+}).passthrough(), Et = Ae.omit({
   id: !0,
   created_at: !0,
   updated_at: !0
 });
-var T = /* @__PURE__ */ ((o) => (o.TOKEN = "token", o.ID_TOKEN = "id_token", o.TOKEN_ID_TOKEN = "token id_token", o.CODE = "code", o))(T || {}), O = /* @__PURE__ */ ((o) => (o.QUERY = "query", o.FRAGMENT = "fragment", o.FORM_POST = "form_post", o.WEB_MESSAGE = "web_message", o.SAML_POST = "saml_post", o))(O || {}), N = /* @__PURE__ */ ((o) => (o.S256 = "S256", o.Plain = "plain", o))(N || {});
-const he = e.object({
+var w = /* @__PURE__ */ ((o) => (o.TOKEN = "token", o.ID_TOKEN = "id_token", o.TOKEN_ID_TOKEN = "token id_token", o.CODE = "code", o))(w || {}), D = /* @__PURE__ */ ((o) => (o.QUERY = "query", o.FRAGMENT = "fragment", o.FORM_POST = "form_post", o.WEB_MESSAGE = "web_message", o.SAML_POST = "saml_post", o))(D || {}), L = /* @__PURE__ */ ((o) => (o.S256 = "S256", o.Plain = "plain", o))(L || {});
+const Ie = e.object({
   client_id: e.string(),
   act_as: e.string().optional(),
-  response_type: e.nativeEnum(T).optional(),
-  response_mode: e.nativeEnum(O).optional(),
+  response_type: e.nativeEnum(w).optional(),
+  response_mode: e.nativeEnum(D).optional(),
   redirect_uri: e.string().optional(),
   audience: e.string().optional(),
   organization: e.string().optional(),
@@ -616,7 +618,7 @@ const he = e.object({
   nonce: e.string().optional(),
   scope: e.string().optional(),
   prompt: e.string().optional(),
-  code_challenge_method: e.nativeEnum(N).optional(),
+  code_challenge_method: e.nativeEnum(L).optional(),
   code_challenge: e.string().optional(),
   username: e.string().optional(),
   ui_locales: e.string().optional(),
@@ -628,7 +630,7 @@ const he = e.object({
   acr_values: e.string().optional(),
   // The following fields are not available in Auth0
   vendor_id: e.string().optional()
-}), dt = e.object({
+}), St = e.object({
   colors: e.object({
     primary: e.string(),
     page_background: e.object({
@@ -644,14 +646,14 @@ const he = e.object({
   font: e.object({
     url: e.string()
   }).optional()
-}), be = e.enum([
+}), ye = e.enum([
   "password_reset",
   "email_verification",
   "otp",
   "authorization_code",
   "oauth2_state",
   "ticket"
-]), fe = e.object({
+]), Ce = e.object({
   code_id: e.string().openapi({
     description: "The code that will be used in for instance an email verification flow"
   }),
@@ -661,7 +663,7 @@ const he = e.object({
   connection_id: e.string().optional().openapi({
     description: "The connection that the code is connected to"
   }),
-  code_type: be,
+  code_type: ye,
   code_verifier: e.string().optional().openapi({
     description: "The code verifier used in PKCE in outbound flows"
   }),
@@ -683,10 +685,10 @@ const he = e.object({
   expires_at: e.string(),
   used_at: e.string().optional(),
   user_id: e.string().optional()
-}), gt = e.object({
-  ...fe.shape,
+}), At = e.object({
+  ...Ce.shape,
   created_at: e.string()
-}), Ee = e.object({
+}), Te = e.object({
   kid: e.string().optional(),
   team_id: e.string().optional(),
   realms: e.string().optional(),
@@ -721,13 +723,87 @@ const he = e.object({
   password_dictionary: e.object({
     enable: e.boolean().optional(),
     dictionary: e.array(e.string()).optional()
+  }).optional(),
+  // Disable signup for this connection
+  disable_signup: e.boolean().optional(),
+  // Brute force protection
+  brute_force_protection: e.boolean().optional(),
+  // Import mode
+  import_mode: e.boolean().optional(),
+  // Flexible Identifiers: attributes schema (replaces legacy requires_username)
+  attributes: e.object({
+    email: e.object({
+      identifier: e.object({
+        active: e.boolean().optional()
+      }).optional(),
+      signup: e.object({
+        status: e.enum(["required", "optional", "disabled"]).optional(),
+        verification: e.object({
+          active: e.boolean().optional()
+        }).optional()
+      }).optional(),
+      validation: e.object({
+        allowed: e.boolean().optional()
+      }).optional(),
+      unique: e.boolean().optional(),
+      profile_required: e.boolean().optional(),
+      verification_method: e.enum(["link", "code"]).optional()
+    }).optional(),
+    username: e.object({
+      identifier: e.object({
+        active: e.boolean().optional()
+      }).optional(),
+      signup: e.object({
+        status: e.enum(["required", "optional", "disabled"]).optional()
+      }).optional(),
+      validation: e.object({
+        max_length: e.number().optional(),
+        min_length: e.number().optional(),
+        allowed_types: e.object({
+          email: e.boolean().optional(),
+          phone_number: e.boolean().optional()
+        }).optional()
+      }).optional(),
+      profile_required: e.boolean().optional()
+    }).optional(),
+    phone_number: e.object({
+      identifier: e.object({
+        active: e.boolean().optional()
+      }).optional(),
+      signup: e.object({
+        status: e.enum(["required", "optional", "disabled"]).optional()
+      }).optional()
+    }).optional()
+  }).optional(),
+  // Authentication methods for Username-Password-Authentication connections
+  authentication_methods: e.object({
+    password: e.object({
+      enabled: e.boolean().optional()
+    }).optional(),
+    passkey: e.object({
+      enabled: e.boolean().optional()
+    }).optional()
+  }).optional(),
+  // Passkey options for Username-Password-Authentication connections
+  passkey_options: e.object({
+    challenge_ui: e.enum(["both", "autofill", "button"]).optional(),
+    local_enrollment_enabled: e.boolean().optional(),
+    progressive_enrollment_enabled: e.boolean().optional()
+  }).optional(),
+  // Legacy username options (deprecated, use attributes instead)
+  requires_username: e.boolean().optional(),
+  validation: e.object({
+    username: e.object({
+      min: e.number().optional(),
+      max: e.number().optional()
+    }).optional()
   }).optional()
-}), Se = e.object({
+}), Oe = e.object({
   id: e.string().optional(),
   name: e.string(),
   display_name: e.string().optional(),
   strategy: e.string(),
-  options: Ee.default({}),
+  options: Te.default({}),
   enabled_clients: e.array(e.string()).default([]).optional(),
   response_type: e.custom().optional(),
   response_mode: e.custom().optional(),
@@ -735,11 +811,11 @@ const he = e.object({
   show_as_button: e.boolean().optional(),
   metadata: e.record(e.any()).optional(),
   is_system: e.boolean().optional()
-}), ut = e.object({
+}), It = e.object({
   id: e.string(),
   created_at: e.string().transform((o) => o === null ? "" : o),
   updated_at: e.string().transform((o) => o === null ? "" : o)
-}).extend(Se.shape), Ae = e.object({
+}).extend(Oe.shape), Ne = e.object({
   domain: e.string(),
   custom_domain_id: e.string().optional(),
   type: e.enum(["auth0_managed_certs", "self_managed_certs"]),
@@ -753,37 +829,37 @@ const he = e.object({
     "null"
   ]).optional(),
   domain_metadata: e.record(e.string().max(255)).optional()
-}), Ie = e.object({
+}), Re = e.object({
   name: e.literal("txt"),
   record: e.string(),
   domain: e.string()
-}), ye = e.object({
-  ...Ae.shape,
+}), je = e.object({
+  ...Ne.shape,
   custom_domain_id: e.string(),
   primary: e.boolean(),
   status: e.enum(["disabled", "pending", "pending_verification", "ready"]),
   origin_domain_name: e.string().optional(),
   verification: e.object({
-    methods: e.array(Ie)
+    methods: e.array(Re)
   }).optional(),
   tls_policy: e.string().optional()
-}), mt = ye.extend({
+}), yt = je.extend({
   tenant_id: e.string()
-}), f = e.object({
+}), C = e.object({
   id: e.string(),
   order: e.number().optional(),
   visible: e.boolean().optional().default(!0)
-}), i = f.extend({
+}), l = C.extend({
   category: e.literal("BLOCK").optional()
-}), Ce = i.extend({
+}), we = l.extend({
   type: e.literal("DIVIDER"),
   config: e.object({}).optional()
-}), Te = i.extend({
+}), De = l.extend({
   type: e.literal("HTML"),
   config: e.object({
     content: e.string().optional()
   }).optional()
-}), Oe = i.extend({
+}), Le = l.extend({
   type: e.literal("IMAGE"),
   config: e.object({
     src: e.string().optional(),
@@ -791,66 +867,66 @@ const he = e.object({
     width: e.number().optional(),
     height: e.number().optional()
   }).optional()
-}), Ne = i.extend({
+}), ve = l.extend({
   type: e.literal("JUMP_BUTTON"),
   config: e.object({
     text: e.string().optional(),
     target_step: e.string().optional()
   })
-}), Re = i.extend({
+}), ke = l.extend({
   type: e.literal("RESEND_BUTTON"),
   config: e.object({
     text: e.string().optional(),
     resend_action: e.string().optional()
   })
-}), we = i.extend({
+}), Ue = l.extend({
   type: e.literal("NEXT_BUTTON"),
   config: e.object({
     text: e.string().optional()
   })
-}), De = i.extend({
+}), Fe = l.extend({
   type: e.literal("PREVIOUS_BUTTON"),
   config: e.object({
     text: e.string().optional()
   })
-}), je = i.extend({
+}), xe = l.extend({
   type: e.literal("RICH_TEXT"),
   config: e.object({
     content: e.string().optional()
   }).optional()
-}), E = f.extend({
+}), T = C.extend({
   category: e.literal("WIDGET").optional(),
   label: e.string().min(1).optional(),
   hint: e.string().min(1).max(500).optional(),
   required: e.boolean().optional(),
   sensitive: e.boolean().optional()
-}), Le = E.extend({
+}), Pe = T.extend({
   type: e.literal("AUTH0_VERIFIABLE_CREDENTIALS"),
   config: e.object({
     credential_type: e.string().optional()
   })
-}), ke = E.extend({
+}), Me = T.extend({
   type: e.literal("GMAPS_ADDRESS"),
   config: e.object({
     api_key: e.string().optional()
   })
-}), ve = E.extend({
+}), He = T.extend({
   type: e.literal("RECAPTCHA"),
   config: e.object({
     site_key: e.string().optional()
   })
-}), t = f.extend({
+}), t = C.extend({
   category: e.literal("FIELD").optional(),
   label: e.string().min(1).optional(),
   hint: e.string().min(1).max(500).optional(),
   required: e.boolean().optional(),
   sensitive: e.boolean().optional()
-}), Ue = t.extend({
+}), Ge = t.extend({
   type: e.literal("BOOLEAN"),
   config: e.object({
     default_value: e.boolean().optional()
   }).optional()
-}), Fe = t.extend({
+}), Be = t.extend({
   type: e.literal("CARDS"),
   config: e.object({
     options: e.array(
@@ -863,7 +939,7 @@ const he = e.object({
     ).optional(),
     multi_select: e.boolean().optional()
   }).optional()
-}), xe = t.extend({
+}), We = t.extend({
   type: e.literal("CHOICE"),
   config: e.object({
     options: e.array(
@@ -876,7 +952,7 @@ const he = e.object({
     multiple: e.boolean().optional(),
     default_value: e.union([e.string(), e.array(e.string())]).optional()
   }).optional()
-}), Pe = t.extend({
+}), Ke = t.extend({
   type: e.literal("CUSTOM"),
   config: e.object({
     component: e.string().optional(),
@@ -884,14 +960,15 @@ const he = e.object({
     schema: e.record(e.any()).optional(),
     code: e.string().optional()
   })
-}), Me = t.extend({
+}), ze = t.extend({
   type: e.literal("DATE"),
   config: e.object({
     format: e.string().optional(),
     min: e.string().optional(),
-    max: e.string().optional()
+    max: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), He = t.extend({
+}), Xe = t.extend({
   type: e.literal("DROPDOWN"),
   config: e.object({
     options: e.array(
@@ -905,47 +982,50 @@ const he = e.object({
     multiple: e.boolean().optional(),
     default_value: e.union([e.string(), e.array(e.string())]).optional()
   }).optional()
-}), Ge = t.extend({
+}), qe = t.extend({
   type: e.literal("EMAIL"),
   config: e.object({
-    placeholder: e.string().optional()
+    placeholder: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Be = t.extend({
+}), Ve = t.extend({
   type: e.literal("FILE"),
   config: e.object({
     accept: e.string().optional(),
     max_size: e.number().optional(),
     multiple: e.boolean().optional()
   }).optional()
-}), Ke = t.extend({
+}), Ye = t.extend({
   type: e.literal("LEGAL"),
   config: e.object({
     text: e.string(),
     html: e.boolean().optional()
   }).optional()
-}), We = t.extend({
+}), Qe = t.extend({
   type: e.literal("NUMBER"),
   config: e.object({
     placeholder: e.string().optional(),
     min: e.number().optional(),
     max: e.number().optional(),
-    step: e.number().optional()
+    step: e.number().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), ze = t.extend({
+}), Je = t.extend({
   type: e.literal("PASSWORD"),
   config: e.object({
     placeholder: e.string().optional(),
     min_length: e.number().optional(),
     show_toggle: e.boolean().optional(),
-    forgot_password_link: e.string().optional()
+    forgot_password_link: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Xe = t.extend({
+}), Ze = t.extend({
   type: e.literal("PAYMENT"),
   config: e.object({
     provider: e.string().optional(),
     currency: e.string().optional()
   }).optional()
-}), Ve = t.extend({
+}), $e = t.extend({
   type: e.literal("SOCIAL"),
   config: e.object({
     providers: e.array(e.string()).optional(),
@@ -959,59 +1039,75 @@ const he = e.object({
       })
     ).optional()
   }).optional()
-}), qe = t.extend({
+}), eo = t.extend({
   type: e.literal("TEL"),
   config: e.object({
     placeholder: e.string().optional(),
-    default_country: e.string().optional()
+    default_country: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Ye = t.extend({
+}), oo = t.extend({
   type: e.literal("TEXT"),
   config: e.object({
     placeholder: e.string().optional(),
     multiline: e.boolean().optional(),
-    max_length: e.number().optional()
+    max_length: e.number().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Qe = t.extend({
+}), to = t.extend({
   type: e.literal("URL"),
   config: e.object({
-    placeholder: e.string().optional()
+    placeholder: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Je = e.discriminatedUnion("type", [
-  Ce,
-  Te,
-  Oe,
-  Ne,
-  Re,
+}), no = e.discriminatedUnion("type", [
   we,
   De,
-  je
-]), Ze = e.discriminatedUnion("type", [
   Le,
+  ve,
   ke,
-  ve
-]), $e = e.discriminatedUnion("type", [
   Ue,
   Fe,
-  xe,
+  xe
+]), io = e.discriminatedUnion("type", [
   Pe,
   Me,
-  He,
+  He
+]), ao = e.discriminatedUnion("type", [
   Ge,
   Be,
-  Ke,
   We,
+  Ke,
   ze,
   Xe,
-  Ve,
   qe,
+  Ve,
   Ye,
-  Qe
-]), R = e.union([
+  Qe,
   Je,
   Ze,
-  $e
-]), ht = e.object({
+  $e,
+  eo,
+  oo,
+  to
+]), v = e.union([
+  no,
+  io,
+  ao
+]), Ct = /* @__PURE__ */ new Set([
+  "BOOLEAN",
+  "CARDS",
+  "CHOICE",
+  "DATE",
+  "DROPDOWN",
+  "EMAIL",
+  "LEGAL",
+  "NUMBER",
+  "PASSWORD",
+  "TEL",
+  "TEXT",
+  "URL"
+]), Tt = e.object({
   id: e.string(),
   type: e.literal("submit"),
   label: e.string(),
@@ -1020,22 +1116,22 @@ const he = e.object({
   order: e.number().optional(),
   visible: e.boolean().optional().default(!0),
   customizations: e.record(e.string(), e.any()).optional()
-}), _ = e.object({
+}), f = e.object({
   x: e.number(),
   y: e.number()
-}), eo = e.object({
+}), ro = e.object({
   id: e.string(),
   type: e.literal("FLOW"),
-  coordinates: _,
+  coordinates: f,
   alias: e.string().min(1).max(150).optional(),
   config: e.object({
     flow_id: e.string().max(30),
     next_node: e.string().optional()
   })
-}), oo = e.object({
+}), so = e.object({
   id: e.string(),
   type: e.literal("ROUTER"),
-  coordinates: _,
+  coordinates: f,
   alias: e.string().min(1).max(150),
   config: e.object({
     rules: e.array(
@@ -1048,20 +1144,20 @@ const he = e.object({
     ),
     fallback: e.string()
   })
-}), to = e.object({
+}), lo = e.object({
   id: e.string(),
   type: e.literal("STEP"),
-  coordinates: _,
+  coordinates: f,
   alias: e.string().min(1).max(150).optional(),
   config: e.object({
-    components: e.array(R),
+    components: e.array(v),
     next_node: e.string().optional()
   })
-}), no = e.discriminatedUnion("type", [
-  eo,
-  oo,
-  to
-]), io = e.object({
+}), po = e.discriminatedUnion("type", [
+  ro,
+  so,
+  lo
+]), co = e.object({
   name: e.string().openapi({
     description: "The name of the form"
   }),
@@ -1074,11 +1170,11 @@ const he = e.object({
     default: e.string().optional()
   }).optional(),
   translations: e.record(e.string(), e.any()).optional(),
-  nodes: e.array(no).optional(),
+  nodes: e.array(po).optional(),
   start: e.object({
     hidden_fields: e.array(e.object({ key: e.string(), value: e.string() })).optional(),
     next_node: e.string().optional(),
-    coordinates: _.optional()
+    coordinates: f.optional()
   }).optional(),
   ending: e.object({
     redirection: e.object({
@@ -1086,7 +1182,7 @@ const he = e.object({
       target: e.string().optional()
     }).optional(),
     after_submit: e.object({ flow_id: e.string().optional() }).optional(),
-    coordinates: _.optional(),
+    coordinates: f.optional(),
     resume_flow: e.boolean().optional()
   }).optional(),
   style: e.object({ css: e.string().optional() }).optional(),
@@ -1096,42 +1192,42 @@ const he = e.object({
   }).optional()
 }).openapi({
   description: "Schema for flow-based forms (matches Auth0 Forms structure)"
-}), bt = e.object({
+}), Ot = e.object({
   ...s.shape,
-  ...io.shape,
+  ...co.shape,
   id: e.string()
-}), ao = e.object({
+}), _o = e.object({
   id: e.number().optional(),
   text: e.string(),
   type: e.enum(["info", "error", "success", "warning"])
-}), so = e.object({
+}), go = e.object({
   id: e.string().optional(),
   text: e.string(),
   href: e.string(),
   linkText: e.string().optional()
-}), ft = e.object({
+}), Nt = e.object({
   /** Screen identifier for CSS targeting (e.g., 'identifier', 'enter-password', 'signup') */
   name: e.string().optional(),
   action: e.string(),
   method: e.enum(["POST", "GET"]),
   title: e.string().optional(),
   description: e.string().optional(),
-  components: e.array(R),
-  messages: e.array(ao).optional(),
-  links: e.array(so).optional(),
+  components: e.array(v),
+  messages: e.array(_o).optional(),
+  links: e.array(go).optional(),
   /** Footer HTML content displayed at the very bottom of the widget (e.g., terms and conditions) */
   footer: e.string().optional()
 });
-function Et(o) {
+function Rt(o) {
   return o.category === "BLOCK";
 }
-function St(o) {
+function jt(o) {
   return o.category === "WIDGET";
 }
-function At(o) {
+function wt(o) {
   return o.category === "FIELD";
 }
-const w = e.enum([
+const k = e.enum([
   "pre-user-registration",
   "post-user-registration",
   "post-user-login",
@@ -1139,49 +1235,81 @@ const w = e.enum([
   "pre-user-deletion",
   "post-user-deletion"
   // Potentially other triggers specific to webhooks in the future
-]), D = e.enum([
+]), U = e.enum([
   "pre-user-registration",
   "post-user-registration",
   "post-user-login",
   "validate-registration-username",
   "pre-user-deletion",
   "post-user-deletion"
-]), m = {
+]), F = e.enum([
+  "post-user-login",
+  "credentials-exchange"
+]), x = e.enum([
+  "ensure-username",
+  "set-preferred-username"
+]), Dt = {
+  "ensure-username": {
+    name: "Ensure Username",
+    description: "Automatically assigns a username to users who sign in without one. Creates a linked username account for social/email users.",
+    trigger_id: "post-user-login"
+  },
+  "set-preferred-username": {
+    name: "Set Preferred Username",
+    description: "Sets the preferred_username claim on tokens based on the username from the primary or linked user.",
+    trigger_id: "credentials-exchange"
+  }
+}, m = {
   enabled: e.boolean().default(!1),
   synchronous: e.boolean().default(!1),
   priority: e.number().optional(),
   hook_id: e.string().optional()
-}, ro = e.object({
+}, uo = e.object({
   ...m,
-  trigger_id: w,
+  trigger_id: k,
   url: e.string()
-}), lo = e.object({
+}), mo = e.object({
   ...m,
-  trigger_id: D,
+  trigger_id: U,
   form_id: e.string()
-}), It = e.union([
-  ro,
-  lo
-]), co = e.object({
+}), ho = e.object({
   ...m,
-  trigger_id: w,
+  trigger_id: F,
+  template_id: x
+}), Lt = e.union([
+  uo,
+  mo,
+  ho
+]), bo = e.object({
+  ...m,
+  trigger_id: k,
   ...s.shape,
   hook_id: e.string(),
   url: e.string()
-}), po = e.object({
+}), fo = e.object({
   ...m,
-  trigger_id: D,
+  trigger_id: U,
   ...s.shape,
   hook_id: e.string(),
   form_id: e.string()
-}), yt = e.union([co, po]), _o = e.object({
+}), Eo = e.object({
+  ...m,
+  trigger_id: F,
+  ...s.shape,
+  hook_id: e.string(),
+  template_id: x
+}), vt = e.union([
+  bo,
+  fo,
+  Eo
+]), So = e.object({
   name: e.string().optional()
-}), go = e.object({
+}), Ao = e.object({
   email: e.string().optional()
-}), uo = e.object({
+}), Io = e.object({
   organization_id: e.string().max(50),
-  inviter: _o,
-  invitee: go,
+  inviter: So,
+  invitee: Ao,
   invitation_url: e.string().url(),
   client_id: e.string(),
   connection_id: e.string().optional(),
@@ -1190,13 +1318,13 @@ const w = e.enum([
   ttl_sec: e.number().int().max(2592e3).default(604800).optional(),
   roles: e.array(e.string()).default([]).optional(),
   send_invitation_email: e.boolean().default(!0).optional()
-}), Ct = e.object({
+}), kt = e.object({
   id: e.string(),
   organization_id: e.string().max(50),
   created_at: e.string().datetime(),
   expires_at: e.string().datetime(),
   ticket_id: e.string().optional()
-}).extend(uo.shape), mo = e.object({
+}).extend(Io.shape), yo = e.object({
   alg: e.enum([
     "RS256",
     "RS384",
@@ -1215,9 +1343,9 @@ const w = e.enum([
   x5t: e.string().optional(),
   x5c: e.array(e.string()).optional(),
   use: e.enum(["sig", "enc"]).optional()
-}), Tt = e.object({
-  keys: e.array(mo)
-}), Ot = e.object({
+}), Ut = e.object({
+  keys: e.array(yo)
+}), Ft = e.object({
   issuer: e.string(),
   authorization_endpoint: e.string(),
   token_endpoint: e.string(),
@@ -1239,18 +1367,18 @@ const w = e.enum([
   request_parameter_supported: e.boolean(),
   token_endpoint_auth_signing_alg_values_supported: e.array(e.string())
 });
-var j = /* @__PURE__ */ ((o) => (o.PENDING = "pending", o.AUTHENTICATED = "authenticated", o.AWAITING_EMAIL_VERIFICATION = "awaiting_email_verification", o.AWAITING_HOOK = "awaiting_hook", o.AWAITING_CONTINUATION = "awaiting_continuation", o.COMPLETED = "completed", o.FAILED = "failed", o.EXPIRED = "expired", o))(j || {});
-const ho = e.nativeEnum(j), bo = e.object({
+var P = /* @__PURE__ */ ((o) => (o.PENDING = "pending", o.AUTHENTICATED = "authenticated", o.AWAITING_EMAIL_VERIFICATION = "awaiting_email_verification", o.AWAITING_HOOK = "awaiting_hook", o.AWAITING_CONTINUATION = "awaiting_continuation", o.COMPLETED = "completed", o.FAILED = "failed", o.EXPIRED = "expired", o))(P || {});
+const Co = e.nativeEnum(P), To = e.object({
   csrf_token: e.string(),
   auth0Client: e.string().optional(),
-  authParams: he,
+  authParams: Ie,
   expires_at: e.string(),
   deleted_at: e.string().optional(),
   ip: e.string().optional(),
   useragent: e.string().optional(),
   session_id: e.string().optional(),
   authorization_url: e.string().optional(),
-  state: ho.optional().default(
+  state: Co.optional().default(
     "pending"
     /* PENDING */
   ),
@@ -1261,14 +1389,14 @@ const ho = e.nativeEnum(j), bo = e.object({
   // Set once user is authenticated
 }).openapi({
   description: "This represents a login sesion"
-}), Nt = e.object({
-  ...bo.shape,
+}), xt = e.object({
+  ...To.shape,
   id: e.string().openapi({
     description: "This is is used as the state in the universal login"
   }),
   created_at: e.string(),
   updated_at: e.string()
-}), fo = {
+}), Oo = {
   // Network & System
   ACLS_SUMMARY: "acls_summary",
   ACTIONS_EXECUTION_FAILED: "actions_execution_failed",
@@ -1439,24 +1567,24 @@ const ho = e.nativeEnum(j), bo = e.object({
   WARNING_DURING_LOGIN: "w",
   WARNING_SENDING_NOTIFICATION: "wn",
   WARNING_USER_MANAGEMENT: "wum"
-}, Eo = e.string().refine(
-  (o) => Object.values(fo).includes(o),
+}, No = e.string().refine(
+  (o) => Object.values(Oo).includes(o),
   { message: "Invalid log type" }
-), So = e.object({
+), Ro = e.object({
   name: e.string(),
   version: e.string(),
   env: e.object({
     node: e.string().optional()
   }).optional()
-}), Ao = e.object({
+}), jo = e.object({
   country_code: e.string().length(2),
   city_name: e.string(),
   latitude: e.string(),
   longitude: e.string(),
   time_zone: e.string(),
   continent_code: e.string()
-}), Io = e.object({
-  type: Eo,
+}), wo = e.object({
+  type: No,
   date: e.string(),
   description: e.string().optional(),
   ip: e.string().optional(),
@@ -1475,30 +1603,30 @@ const ho = e.nativeEnum(j), bo = e.object({
   strategy: e.string().optional(),
   strategy_type: e.string().optional(),
   hostname: e.string().optional(),
-  auth0_client: So.optional(),
+  auth0_client: Ro.optional(),
   log_id: e.string().optional(),
-  location_info: Ao.optional()
-}), Rt = e.object({
-  ...Io.shape,
+  location_info: jo.optional()
+}), Pt = e.object({
+  ...wo.shape,
   log_id: e.string()
-}), yo = e.object({
+}), Do = e.object({
   id: e.string().optional(),
   user_id: e.string(),
   password: e.string(),
   algorithm: e.enum(["bcrypt", "argon2id"]).default("argon2id"),
   is_current: e.boolean().default(!0)
-}), wt = yo.extend({
+}), Mt = Do.extend({
   id: e.string(),
   created_at: e.string(),
   updated_at: e.string()
-}), L = e.object({
+}), M = e.object({
   initial_user_agent: e.string().describe("First user agent of the device from which this user logged in"),
   initial_ip: e.string().describe("First IP address associated with this session"),
   initial_asn: e.string().describe("First autonomous system number associated with this session"),
   last_user_agent: e.string().describe("Last user agent of the device from which this user logged in"),
   last_ip: e.string().describe("Last IP address from which this user logged in"),
   last_asn: e.string().describe("Last autonomous system number from which this user logged in")
-}), Co = e.object({
+}), Lo = e.object({
   id: e.string(),
   revoked_at: e.string().optional(),
   used_at: e.string().optional(),
@@ -1506,17 +1634,17 @@ const ho = e.nativeEnum(j), bo = e.object({
   expires_at: e.string().optional(),
   login_session_id: e.string(),
   idle_expires_at: e.string().optional(),
-  device: L.describe(
+  device: M.describe(
     "Metadata related to the device used in the session"
   ),
   clients: e.array(e.string()).describe("List of client details for the session")
-}), Dt = e.object({
+}), Ht = e.object({
   created_at: e.string(),
   updated_at: e.string(),
   authenticated_at: e.string(),
   last_interaction_at: e.string(),
-  ...Co.shape
-}), jt = e.object({
+  ...Lo.shape
+}), Gt = e.object({
   kid: e.string().openapi({ description: "The key id of the signing key" }),
   cert: e.string().openapi({ description: "The public certificate of the signing key" }),
   fingerprint: e.string().openapi({ description: "The cert fingerprint" }),
@@ -1541,7 +1669,7 @@ const ho = e.nativeEnum(j), bo = e.object({
   type: e.enum(["jwt_signing", "saml_encryption"]).openapi({
     description: "The type of the signing key"
   })
-}), To = e.object({
+}), vo = e.object({
   id: e.string().optional(),
   // Basic settings
   audience: e.string(),
@@ -1694,14 +1822,14 @@ const ho = e.nativeEnum(j), bo = e.object({
       message: e.string().optional()
     }).optional()
   }).optional()
-}), Lt = e.object({
+}), Bt = e.object({
   created_at: e.string().nullable().transform((o) => o ?? ""),
   updated_at: e.string().nullable().transform((o) => o ?? ""),
-  ...To.shape,
+  ...vo.shape,
   id: e.string()
 });
-var Oo = /* @__PURE__ */ ((o) => (o.RefreshToken = "refresh_token", o.AuthorizationCode = "authorization_code", o.ClientCredential = "client_credentials", o.Passwordless = "passwordless", o.Password = "password", o.OTP = "http://auth0.com/oauth/grant-type/passwordless/otp", o))(Oo || {});
-const kt = e.object({
+var ko = /* @__PURE__ */ ((o) => (o.RefreshToken = "refresh_token", o.AuthorizationCode = "authorization_code", o.ClientCredential = "client_credentials", o.Passwordless = "passwordless", o.Password = "password", o.OTP = "http://auth0.com/oauth/grant-type/passwordless/otp", o))(ko || {});
+const Wt = e.object({
   access_token: e.string(),
   id_token: e.string().optional(),
   scope: e.string().optional(),
@@ -1714,7 +1842,7 @@ e.object({
   code: e.string(),
   state: e.string().optional()
 });
-const No = e.object({
+const Uo = e.object({
   button_border_radius: e.number(),
   button_border_weight: e.number(),
   buttons_style: e.enum(["pill", "rounded", "sharp"]),
@@ -1724,7 +1852,7 @@ const No = e.object({
   show_widget_shadow: e.boolean(),
   widget_border_weight: e.number(),
   widget_corner_radius: e.number()
-}), Ro = e.object({
+}), Fo = e.object({
   base_focus_color: e.string(),
   base_hover_color: e.string(),
   body_text: e.string(),
@@ -1744,44 +1872,44 @@ const No = e.object({
   success: e.string(),
   widget_background: e.string(),
   widget_border: e.string()
-}), l = e.object({
+}), g = e.object({
   bold: e.boolean(),
   size: e.number()
-}), wo = e.object({
-  body_text: l,
-  buttons_text: l,
+}), xo = e.object({
+  body_text: g,
+  buttons_text: g,
   font_url: e.string(),
-  input_labels: l,
-  links: l,
+  input_labels: g,
+  links: g,
   links_style: e.enum(["normal", "underlined"]),
   reference_text_size: e.number(),
-  subtitle: l,
-  title: l
-}), Do = e.object({
+  subtitle: g,
+  title: g
+}), Po = e.object({
   background_color: e.string(),
   background_image_url: e.string(),
   page_layout: e.enum(["center", "left", "right"])
-}), jo = e.object({
+}), Mo = e.object({
   header_text_alignment: e.enum(["center", "left", "right"]),
   logo_height: e.number(),
   logo_position: e.enum(["center", "left", "none", "right"]),
   logo_url: e.string(),
   social_buttons_layout: e.enum(["bottom", "top"])
-}), Lo = e.object({
-  borders: No,
-  colors: Ro,
+}), Ho = e.object({
+  borders: Uo,
+  colors: Fo,
   displayName: e.string(),
-  fonts: wo,
-  page_background: Do,
-  widget: jo
-}), vt = Lo.extend({
+  fonts: xo,
+  page_background: Po,
+  widget: Mo
+}), Kt = Ho.extend({
   themeId: e.string()
-}), Ut = e.object({
+}), zt = e.object({
   universal_login_experience: e.enum(["new", "classic"]).default("new"),
   identifier_first: e.boolean().default(!0),
   password_first: e.boolean().default(!1),
   webauthn_platform_first_factor: e.boolean()
-}), Ft = e.object({
+}), Xt = e.object({
   name: e.string(),
   enabled: e.boolean().optional().default(!0),
   default_from_address: e.string().optional(),
@@ -1811,7 +1939,7 @@ const No = e.object({
     })
   ]),
   settings: e.object({}).optional()
-}), ko = e.object({
+}), Go = e.object({
   // The actual refresh token value (primary key).
   id: e.string(),
   // Link to the session record
@@ -1824,7 +1952,7 @@ const No = e.object({
   idle_expires_at: e.string().optional(),
   // When the token was last used.
   last_exchanged_at: e.string().optional(),
-  device: L,
+  device: M,
   resource_servers: e.array(
     e.object({
       audience: e.string(),
@@ -1832,21 +1960,21 @@ const No = e.object({
     })
   ),
   rotating: e.boolean()
-}), xt = e.object({
+}), qt = e.object({
   // When the refresh token record was created.
   created_at: e.string(),
   // Spread in the rest of the refresh token properties.
-  ...ko.shape
-}), Pt = e.object({
+  ...Go.shape
+}), Vt = e.object({
   to: e.string(),
   message: e.string()
-}), Mt = e.object({
+}), Yt = e.object({
   name: e.string(),
   options: e.object({})
-}), vo = e.object({
+}), Bo = e.object({
   value: e.string(),
   description: e.string().optional()
-}), Uo = e.object({
+}), Wo = e.object({
   token_dialect: e.enum(["access_token", "access_token_authz"]).optional(),
   enforce_policies: e.boolean().optional(),
   allow_skipping_userinfo: e.boolean().optional(),
@@ -1856,11 +1984,11 @@ const No = e.object({
   mtls: e.object({
     bound_access_tokens: e.boolean().optional()
   }).optional()
-}), Fo = e.object({
+}), Ko = e.object({
   id: e.string().optional(),
   name: e.string(),
   identifier: e.string(),
-  scopes: e.array(vo).optional(),
+  scopes: e.array(Bo).optional(),
   signing_alg: e.string().optional(),
   signing_secret: e.string().optional(),
   token_lifetime: e.number().optional(),
@@ -1868,30 +1996,30 @@ const No = e.object({
   skip_consent_for_verifiable_first_party_clients: e.boolean().optional(),
   allow_offline_access: e.boolean().optional(),
   verificationKey: e.string().optional(),
-  options: Uo.optional(),
+  options: Wo.optional(),
   is_system: e.boolean().optional(),
   metadata: e.record(e.any()).optional()
-}), xo = e.object({
-  ...Fo.shape,
+}), zo = e.object({
+  ...Ko.shape,
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), Ht = e.array(xo), Po = e.object({
+}), Qt = e.array(zo), Xo = e.object({
   role_id: e.string(),
   resource_server_identifier: e.string(),
   permission_name: e.string()
-}), Mo = e.object({
-  ...Po.shape,
+}), qo = e.object({
+  ...Xo.shape,
   created_at: e.string()
-}), Gt = e.array(Mo), Ho = e.object({
+}), Jt = e.array(qo), Vo = e.object({
   user_id: e.string(),
   resource_server_identifier: e.string(),
   permission_name: e.string(),
   organization_id: e.string().optional()
-}), Go = e.object({
-  ...Ho.shape,
+}), Yo = e.object({
+  ...Vo.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), Bt = e.array(Go), Bo = e.object({
+}), Zt = e.array(Yo), Qo = e.object({
   user_id: e.string(),
   resource_server_identifier: e.string(),
   resource_server_name: e.string(),
@@ -1899,17 +2027,17 @@ const No = e.object({
   description: e.string().nullable().optional(),
   created_at: e.string().optional(),
   organization_id: e.string().optional()
-}), Kt = e.array(
-  Bo
-), Ko = e.object({
+}), $t = e.array(
+  Qo
+), Jo = e.object({
   user_id: e.string(),
   role_id: e.string(),
   organization_id: e.string().optional()
-}), Wo = e.object({
-  ...Ko.shape,
+}), Zo = e.object({
+  ...Jo.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), Wt = e.array(Wo), zo = e.object({
+}), en = e.array(Zo), $o = e.object({
   id: e.string().optional().openapi({
     description: "The unique identifier of the role. If not provided, one will be generated."
   }),
@@ -1923,13 +2051,13 @@ const No = e.object({
   metadata: e.record(e.any()).optional().openapi({
     description: "Metadata associated with the role. Can be used to control sync behavior in multi-tenancy scenarios."
   })
-}), Xo = zo.extend({
+}), et = $o.extend({
   id: e.string().openapi({
     description: "The unique identifier of the role"
   }),
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), zt = e.array(Xo), Vo = e.object({
+}), on = e.array(et), ot = e.object({
   logo_url: e.string().optional().openapi({
     description: "URL of the organization's logo"
   }),
@@ -1941,7 +2069,7 @@ const No = e.object({
       description: "Page background color in hex format (e.g., #FFFFFF)"
     })
   }).optional()
-}).optional(), qo = e.object({
+}).optional(), tt = e.object({
   connection_id: e.string().openapi({
     description: "ID of the connection"
   }),
@@ -1954,7 +2082,7 @@ const No = e.object({
   is_signup_enabled: e.boolean().default(!0).openapi({
     description: "Whether signup is enabled for this connection"
   })
-}), Yo = e.object({
+}), nt = e.object({
   client_credentials: e.object({
     enforce: e.boolean().default(!1).openapi({
       description: "Whether to enforce token quota limits"
@@ -1966,7 +2094,7 @@ const No = e.object({
       description: "Maximum tokens per hour (0 = unlimited)"
     })
   }).optional()
-}).optional(), Qo = e.object({
+}).optional(), it = e.object({
   id: e.string().optional(),
   name: e.string().min(1).regex(/^[a-z0-9_-]+$/, {
     message: "Organization name must be lowercase and can only contain letters, numbers, hyphens, and underscores"
@@ -1976,34 +2104,34 @@ const No = e.object({
   display_name: e.string().optional().openapi({
     description: "The display name of the organization"
   }),
-  branding: Vo,
+  branding: ot,
   metadata: e.record(e.any()).default({}).optional().openapi({
     description: "Custom metadata for the organization"
   }),
-  enabled_connections: e.array(qo).default([]).optional().openapi({
+  enabled_connections: e.array(tt).default([]).optional().openapi({
     description: "List of enabled connections for the organization"
   }),
-  token_quota: Yo
-}), Xt = e.object({
-  ...Qo.shape,
+  token_quota: nt
+}), tn = e.object({
+  ...it.shape,
   ...s.shape,
   id: e.string(),
   // Override name to be lenient when reading from database (to support existing uppercase names)
   name: e.string().min(1).openapi({
     description: "The name of the organization"
   })
-}), Jo = e.object({
+}), at = e.object({
   user_id: e.string().openapi({
     description: "ID of the user"
   }),
   organization_id: e.string().openapi({
     description: "ID of the organization"
   })
-}), Vt = e.object({
-  ...Jo.shape,
+}), nn = e.object({
+  ...at.shape,
   ...s.shape,
   id: e.string()
-}), qt = e.object({
+}), an = e.object({
   // Session settings
   idle_session_lifetime: e.number().optional(),
   session_lifetime: e.number().optional(),
@@ -2101,7 +2229,7 @@ const No = e.object({
       message: e.string().optional()
     }).optional()
   }).optional()
-}), Yt = e.object({
+}), rn = e.object({
   date: e.string().openapi({
     description: "Date these events occurred in ISO 8601 format",
     example: "2025-12-19"
@@ -2126,10 +2254,10 @@ const No = e.object({
     description: "Approximate date and time the first event occurred in ISO 8601 format",
     example: "2025-12-19T00:00:00.000Z"
   })
-}), Qt = e.number().openapi({
+}), sn = e.number().openapi({
   description: "Number of active users in the last 30 days",
   example: 1234
-}), Zo = e.enum([
+}), rt = e.enum([
   "login",
   "login-id",
   "login-password",
@@ -2157,213 +2285,244 @@ const No = e.object({
   "passkeys",
   "captcha",
   "custom-form"
-]), $o = e.record(e.string(), e.string()).openapi({
+]), st = e.record(e.string(), e.string()).openapi({
   type: "object",
   additionalProperties: { type: "string" }
-}), Jt = e.object({
-  prompt: Zo,
+}), ln = e.object({
+  prompt: rt,
   language: e.string(),
-  custom_text: $o
+  custom_text: st
 });
-function Zt(o) {
-  const [a, r] = o.split("|");
-  if (!a || !r)
+function pn(o) {
+  const [n, i] = o.split("|");
+  if (!n || !i)
     throw new Error(`Invalid user_id: ${o}`);
-  return { connection: a, id: r };
+  return { connection: n, id: i };
 }
-function $t(o) {
+function cn(o) {
   const {
-    primary: a,
-    secondaries: r,
-    syncMethods: k = ["create", "update", "remove", "delete", "set"]
-  } = o, v = {
-    get(d, n) {
-      if (typeof n == "symbol")
-        return d[n];
-      const g = d[n];
-      return typeof g != "function" ? g : k.includes(n) ? async (...h) => {
-        const U = await g.apply(d, h), b = [];
-        for (const p of r) {
-          const S = p.adapter[n];
-          if (typeof S != "function")
+    primary: n,
+    secondaries: i,
+    syncMethods: O = ["create", "update", "remove", "delete", "set"]
+  } = o, E = {
+    get(p, a) {
+      if (typeof a == "symbol")
+        return p[a];
+      const c = p[a];
+      return typeof c != "function" ? c : O.includes(a) ? async (..._) => {
+        const S = await c.apply(p, _), d = [];
+        for (const r of i) {
+          const h = r.adapter[a];
+          if (typeof h != "function")
             continue;
-          const F = (async () => {
+          const A = (async () => {
             try {
-              await S.apply(p.adapter, h);
-            } catch (A) {
+              await h.apply(r.adapter, _);
+            } catch (b) {
               try {
-                p.onError ? p.onError(A, n, h) : console.error(
-                  `Passthrough adapter: secondary write failed for ${n}:`,
-                  A
+                r.onError ? r.onError(b, a, _) : console.error(
+                  `Passthrough adapter: secondary write failed for ${a}:`,
+                  b
                 );
-              } catch (x) {
+              } catch (I) {
                 console.error(
-                  `Passthrough adapter: onError handler threw for ${n}:`,
-                  x
+                  `Passthrough adapter: onError handler threw for ${a}:`,
+                  I
                 );
               }
             }
           })();
-          p.blocking && b.push(F);
+          r.blocking && d.push(A);
         }
-        return b.length > 0 && await Promise.all(b), U;
-      } : g.bind(d);
+        return d.length > 0 && await Promise.all(d), S;
+      } : c.bind(p);
     }
   };
-  return new Proxy(a, v);
+  return new Proxy(n, E);
 }
-function en(o) {
+function _n(o) {
   return o;
 }
+function dn(o) {
+  var E, p, a, c, _, S, d, r, h, A, b, I;
+  const n = o == null ? void 0 : o.options;
+  if (!n)
+    return {
+      usernameIdentifierActive: !1,
+      emailIdentifierActive: !0,
+      usernameMinLength: 1,
+      usernameMaxLength: 15
+    };
+  const i = n.attributes;
+  if (i) {
+    const H = ((p = (E = i.username) == null ? void 0 : E.identifier) == null ? void 0 : p.active) === !0, G = ((c = (a = i.email) == null ? void 0 : a.identifier) == null ? void 0 : c.active) !== !1, B = ((S = (_ = i.username) == null ? void 0 : _.validation) == null ? void 0 : S.min_length) ?? 1, W = ((r = (d = i.username) == null ? void 0 : d.validation) == null ? void 0 : r.max_length) ?? 15;
+    return {
+      usernameIdentifierActive: H,
+      emailIdentifierActive: G,
+      usernameMinLength: B,
+      usernameMaxLength: W
+    };
+  }
+  return {
+    usernameIdentifierActive: n.requires_username === !0,
+    emailIdentifierActive: !0,
+    usernameMinLength: ((A = (h = n.validation) == null ? void 0 : h.username) == null ? void 0 : A.min) ?? 1,
+    usernameMaxLength: ((I = (b = n.validation) == null ? void 0 : b.username) == null ? void 0 : I.max) ?? 15
+  };
+}
 export {
-  tt as Auth0ActionEnum,
-  So as Auth0Client,
-  O as AuthorizationResponseMode,
-  T as AuthorizationResponseType,
-  N as CodeChallengeMethod,
-  C as ComponentCategory,
-  y as ComponentType,
-  nt as EmailActionEnum,
-  ot as FlowActionTypeEnum,
-  Oo as GrantType,
-  Ao as LocationInfo,
-  fo as LogTypes,
-  j as LoginSessionState,
-  re as NodeType,
-  G as RedirectTargetEnum,
-  pe as actionNodeSchema,
-  Qt as activeUsersResponseSchema,
-  V as addressSchema,
-  _t as auth0FlowInsertSchema,
-  me as auth0FlowSchema,
-  at as auth0QuerySchema,
-  M as auth0UpdateUserActionSchema,
-  rt as auth0UserResponseSchema,
-  he as authParamsSchema,
-  I as baseUserSchema,
-  Je as blockComponentSchema,
-  No as bordersSchema,
-  dt as brandingSchema,
-  te as buttonComponentSchema,
-  $ as clientGrantInsertSchema,
-  pt as clientGrantListSchema,
-  ee as clientGrantSchema,
-  Z as clientInsertSchema,
-  ct as clientSchema,
-  fe as codeInsertSchema,
-  gt as codeSchema,
-  be as codeTypeSchema,
-  Ro as colorsSchema,
-  ao as componentMessageSchema,
-  se as componentSchema,
-  Se as connectionInsertSchema,
-  Ee as connectionOptionsSchema,
-  ut as connectionSchema,
-  c as coordinatesSchema,
-  $t as createPassthroughAdapter,
-  en as createWriteOnlyAdapter,
-  Ae as customDomainInsertSchema,
-  ye as customDomainSchema,
-  mt as customDomainWithTenantIdSchema,
-  Jt as customTextEntrySchema,
-  $o as customTextSchema,
-  Yt as dailyStatsSchema,
-  Ft as emailProviderSchema,
-  P as emailVerificationRulesSchema,
-  H as emailVerifyActionSchema,
-  ue as endingSchema,
-  $e as fieldComponentSchema,
-  K as flowActionStepSchema,
-  W as flowInsertSchema,
-  it as flowSchema,
-  ie as flowsFieldComponentSchema,
-  ce as flowsFlowNodeSchema,
-  le as flowsStepNodeSchema,
-  l as fontDetailsSchema,
-  wo as fontsSchema,
-  ht as formControlSchema,
-  io as formInsertSchema,
-  R as formNodeComponentDefinition,
-  no as formNodeSchema,
-  bt as formSchema,
-  ae as genericComponentSchema,
-  _e as genericNodeSchema,
-  It as hookInsertSchema,
-  yt as hookSchema,
-  X as identitySchema,
-  uo as inviteInsertSchema,
-  Ct as inviteSchema,
-  go as inviteeSchema,
-  _o as inviterSchema,
-  Et as isBlockComponent,
-  At as isFieldComponent,
-  St as isWidgetComponent,
-  Tt as jwksKeySchema,
-  mo as jwksSchema,
-  ne as legalComponentSchema,
-  Io as logInsertSchema,
-  Rt as logSchema,
-  bo as loginSessionInsertSchema,
-  Nt as loginSessionSchema,
-  ho as loginSessionStateSchema,
-  de as nodeSchema,
-  Ot as openIDConfigurationSchema,
-  Vo as organizationBrandingSchema,
-  qo as organizationEnabledConnectionSchema,
-  Qo as organizationInsertSchema,
-  Xt as organizationSchema,
-  Yo as organizationTokenQuotaSchema,
-  Do as pageBackgroundSchema,
-  Zt as parseUserId,
-  yo as passwordInsertSchema,
-  wt as passwordSchema,
-  z as profileDataSchema,
-  Zo as promptScreenSchema,
-  Ut as promptSettingSchema,
-  B as redirectActionSchema,
-  ko as refreshTokenInsertSchema,
-  xt as refreshTokenSchema,
-  Fo as resourceServerInsertSchema,
-  Ht as resourceServerListSchema,
-  Uo as resourceServerOptionsSchema,
-  xo as resourceServerSchema,
-  vo as resourceServerScopeSchema,
-  oe as richTextComponentSchema,
-  zo as roleInsertSchema,
-  zt as roleListSchema,
-  Po as rolePermissionInsertSchema,
-  Gt as rolePermissionListSchema,
-  Mo as rolePermissionSchema,
-  Xo as roleSchema,
-  so as screenLinkSchema,
-  Co as sessionInsertSchema,
-  Dt as sessionSchema,
-  jt as signingKeySchema,
-  Mt as smsProviderSchema,
-  Pt as smsSendParamsSchema,
-  ge as startSchema,
-  To as tenantInsertSchema,
-  Lt as tenantSchema,
-  qt as tenantSettingsSchema,
-  Lo as themeInsertSchema,
-  vt as themeSchema,
-  kt as tokenResponseSchema,
-  st as totalsSchema,
-  ft as uiScreenSchema,
-  q as userInsertSchema,
-  Jo as userOrganizationInsertSchema,
-  Vt as userOrganizationSchema,
-  Ho as userPermissionInsertSchema,
-  Bt as userPermissionListSchema,
-  Go as userPermissionSchema,
-  Kt as userPermissionWithDetailsListSchema,
-  Bo as userPermissionWithDetailsSchema,
-  lt as userResponseSchema,
-  Ko as userRoleInsertSchema,
-  Wt as userRoleListSchema,
-  Wo as userRoleSchema,
-  Y as userSchema,
-  Ie as verificationMethodsSchema,
-  Ze as widgetComponentSchema,
-  jo as widgetSchema
+  ct as Auth0ActionEnum,
+  Ro as Auth0Client,
+  D as AuthorizationResponseMode,
+  w as AuthorizationResponseType,
+  L as CodeChallengeMethod,
+  j as ComponentCategory,
+  R as ComponentType,
+  _t as EmailActionEnum,
+  Ct as FORM_FIELD_TYPES,
+  pt as FlowActionTypeEnum,
+  ko as GrantType,
+  jo as LocationInfo,
+  Oo as LogTypes,
+  P as LoginSessionState,
+  ge as NodeType,
+  q as RedirectTargetEnum,
+  he as actionNodeSchema,
+  sn as activeUsersResponseSchema,
+  $ as addressSchema,
+  Et as auth0FlowInsertSchema,
+  Ae as auth0FlowSchema,
+  gt as auth0QuerySchema,
+  z as auth0UpdateUserActionSchema,
+  mt as auth0UserResponseSchema,
+  Ie as authParamsSchema,
+  N as baseUserSchema,
+  no as blockComponentSchema,
+  Uo as bordersSchema,
+  St as brandingSchema,
+  le as buttonComponentSchema,
+  ae as clientGrantInsertSchema,
+  ft as clientGrantListSchema,
+  re as clientGrantSchema,
+  ie as clientInsertSchema,
+  bt as clientSchema,
+  Ce as codeInsertSchema,
+  At as codeSchema,
+  ye as codeTypeSchema,
+  Fo as colorsSchema,
+  _o as componentMessageSchema,
+  de as componentSchema,
+  Oe as connectionInsertSchema,
+  Te as connectionOptionsSchema,
+  It as connectionSchema,
+  u as coordinatesSchema,
+  cn as createPassthroughAdapter,
+  _n as createWriteOnlyAdapter,
+  Ne as customDomainInsertSchema,
+  je as customDomainSchema,
+  yt as customDomainWithTenantIdSchema,
+  ln as customTextEntrySchema,
+  st as customTextSchema,
+  rn as dailyStatsSchema,
+  Xt as emailProviderSchema,
+  K as emailVerificationRulesSchema,
+  X as emailVerifyActionSchema,
+  Se as endingSchema,
+  ao as fieldComponentSchema,
+  Y as flowActionStepSchema,
+  Q as flowInsertSchema,
+  dt as flowSchema,
+  ce as flowsFieldComponentSchema,
+  me as flowsFlowNodeSchema,
+  ue as flowsStepNodeSchema,
+  g as fontDetailsSchema,
+  xo as fontsSchema,
+  Tt as formControlSchema,
+  co as formInsertSchema,
+  v as formNodeComponentDefinition,
+  po as formNodeSchema,
+  Ot as formSchema,
+  _e as genericComponentSchema,
+  be as genericNodeSchema,
+  dn as getConnectionIdentifierConfig,
+  Lt as hookInsertSchema,
+  vt as hookSchema,
+  x as hookTemplateId,
+  Dt as hookTemplates,
+  Z as identitySchema,
+  Io as inviteInsertSchema,
+  kt as inviteSchema,
+  Ao as inviteeSchema,
+  So as inviterSchema,
+  Rt as isBlockComponent,
+  wt as isFieldComponent,
+  jt as isWidgetComponent,
+  Ut as jwksKeySchema,
+  yo as jwksSchema,
+  pe as legalComponentSchema,
+  wo as logInsertSchema,
+  Pt as logSchema,
+  To as loginSessionInsertSchema,
+  xt as loginSessionSchema,
+  Co as loginSessionStateSchema,
+  fe as nodeSchema,
+  Ft as openIDConfigurationSchema,
+  ot as organizationBrandingSchema,
+  tt as organizationEnabledConnectionSchema,
+  it as organizationInsertSchema,
+  tn as organizationSchema,
+  nt as organizationTokenQuotaSchema,
+  Po as pageBackgroundSchema,
+  pn as parseUserId,
+  Do as passwordInsertSchema,
+  Mt as passwordSchema,
+  J as profileDataSchema,
+  rt as promptScreenSchema,
+  zt as promptSettingSchema,
+  V as redirectActionSchema,
+  Go as refreshTokenInsertSchema,
+  qt as refreshTokenSchema,
+  Ko as resourceServerInsertSchema,
+  Qt as resourceServerListSchema,
+  Wo as resourceServerOptionsSchema,
+  zo as resourceServerSchema,
+  Bo as resourceServerScopeSchema,
+  se as richTextComponentSchema,
+  $o as roleInsertSchema,
+  on as roleListSchema,
+  Xo as rolePermissionInsertSchema,
+  Jt as rolePermissionListSchema,
+  qo as rolePermissionSchema,
+  et as roleSchema,
+  go as screenLinkSchema,
+  Lo as sessionInsertSchema,
+  Ht as sessionSchema,
+  Gt as signingKeySchema,
+  Yt as smsProviderSchema,
+  Vt as smsSendParamsSchema,
+  Ee as startSchema,
+  vo as tenantInsertSchema,
+  Bt as tenantSchema,
+  an as tenantSettingsSchema,
+  Ho as themeInsertSchema,
+  Kt as themeSchema,
+  Wt as tokenResponseSchema,
+  ut as totalsSchema,
+  Nt as uiScreenSchema,
+  ee as userInsertSchema,
+  at as userOrganizationInsertSchema,
+  nn as userOrganizationSchema,
+  Vo as userPermissionInsertSchema,
+  Zt as userPermissionListSchema,
+  Yo as userPermissionSchema,
+  $t as userPermissionWithDetailsListSchema,
+  Qo as userPermissionWithDetailsSchema,
+  ht as userResponseSchema,
+  Jo as userRoleInsertSchema,
+  en as userRoleListSchema,
+  Zo as userRoleSchema,
+  oe as userSchema,
+  Re as verificationMethodsSchema,
+  io as widgetComponentSchema,
+  Mo as widgetSchema
 };