@authhero/adapter-interfaces 0.88.0 → 0.90.0

package/dist/adapter-interfaces.mjs

@@ -1,12 +1,12 @@
 import { z as e } from "@hono/zod-openapi";
-const Me = e.object({
+const xe = e.object({
   start: e.number(),
   limit: e.number(),
   length: e.number()
-}), o = e.object({
+}), i = e.object({
   created_at: e.string(),
   updated_at: e.string()
-}), h = e.object({
+}), f = e.object({
   email: e.string().optional(),
   email_verified: e.boolean().optional(),
   name: e.string().optional(),
@@ -23,8 +23,8 @@ const Me = e.object({
   access_token: e.string().optional(),
   access_token_secret: e.string().optional(),
   refresh_token: e.string().optional(),
-  profileData: h.optional()
-}), l = e.object({
+  profileData: f.optional()
+}), c = e.object({
   email: e.string().optional().transform((t) => t && t.toLowerCase()),
   username: e.string().optional(),
   phone_number: e.string().optional(),
@@ -39,7 +39,7 @@ const Me = e.object({
   user_id: e.string().optional(),
   app_metadata: e.any().default({}).optional(),
   user_metadata: e.any().default({}).optional()
-}), A = l.extend({
+}), A = c.extend({
   email_verified: e.boolean().default(!1),
   verify_email: e.boolean().optional(),
   last_ip: e.string().optional(),
@@ -48,26 +48,26 @@ const Me = e.object({
   provider: e.string().default("email"),
   connection: e.string().default("email"),
   is_social: e.boolean().optional()
-}), f = e.object({
+}), C = e.object({
   ...A.shape,
-  ...o.shape,
+  ...i.shape,
   user_id: e.string(),
   is_social: e.boolean(),
   email: e.string().optional(),
   login_count: e.number().default(0),
   identities: e.array(b).optional()
-}), Ge = f, xe = l.extend({
+}), Ge = C, Ke = c.extend({
   login_count: e.number(),
   multifactor: e.array(e.string()).optional(),
   last_ip: e.string().optional(),
   last_login: e.string().optional(),
   user_id: e.string()
-}).catchall(e.any()), C = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";
-let I = (t = 21) => {
-  let i = "", s = crypto.getRandomValues(new Uint8Array(t));
+}).catchall(e.any()), I = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";
+let _ = (t = 21) => {
+  let n = "", s = crypto.getRandomValues(new Uint8Array(t));
   for (; t--; )
-    i += C[s[t] & 63];
-  return i;
+    n += I[s[t] & 63];
+  return n;
 };
 const O = e.object({
   audience: e.string().optional(),
@@ -112,24 +112,195 @@ const O = e.object({
   email_validation: e.enum(["enabled", "disabled", "enforced"]).default("enforced").optional().openapi({
     description: "Defines if it possible to sign in with an unverified email and if verification emails will be sent. This is not available in auth0"
   }),
-  client_secret: e.string().default(() => I()).optional(),
+  client_secret: e.string().default(() => _()).optional(),
   disable_sign_ups: e.boolean().optional().default(!1).openapi({
     description: "Prevents users from signing up using the hosted login page. This is not available in auth0"
   }),
   client_metadata: e.record(e.string().length(255)).optional()
-}), N = e.object({
+}), Be = e.object({
   created_at: e.string().transform((t) => t === null ? "" : t),
   updated_at: e.string().transform((t) => t === null ? "" : t),
   ...T.shape
+}), N = e.object({
+  client_id: e.string().openapi({
+    description: "ID of this client."
+  }),
+  name: e.string().min(1).openapi({
+    description: "Name of this client (min length: 1 character, does not allow < or >)."
+  }),
+  description: e.string().max(140).optional().openapi({
+    description: "Free text description of this client (max length: 140 characters)."
+  }),
+  global: e.boolean().default(!1).openapi({
+    description: "Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false)."
+  }),
+  client_secret: e.string().default(() => _()).optional().openapi({
+    description: "Client secret (which you must not make public)."
+  }),
+  app_type: e.enum([
+    "native",
+    "spa",
+    "regular_web",
+    "non_interactive",
+    "resource_server",
+    "express_configuration",
+    "rms",
+    "box",
+    "cloudbees",
+    "concur",
+    "dropbox",
+    "mscrm",
+    "echosign",
+    "egnyte",
+    "newrelic",
+    "office365",
+    "salesforce",
+    "sentry",
+    "sharepoint",
+    "slack",
+    "springcm",
+    "zendesk",
+    "zoom",
+    "sso_integration",
+    "oag"
+  ]).default("regular_web").optional().openapi({
+    description: "The type of application this client represents"
+  }),
+  logo_uri: e.string().url().optional().openapi({
+    description: "URL of the logo to display for this client. Recommended size is 150x150 pixels."
+  }),
+  is_first_party: e.boolean().default(!1).openapi({
+    description: "Whether this client a first party client (true) or not (false)."
+  }),
+  oidc_conformant: e.boolean().default(!0).openapi({
+    description: "Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false)."
+  }),
+  callbacks: e.array(e.string()).default([]).optional().openapi({
+    description: "Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication."
+  }),
+  allowed_origins: e.array(e.string()).default([]).optional().openapi({
+    description: "Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs."
+  }),
+  web_origins: e.array(e.string()).default([]).optional().openapi({
+    description: "Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."
+  }),
+  client_aliases: e.array(e.string()).default([]).optional().openapi({
+    description: "List of audiences/realms for SAML protocol. Used by the wsfed addon."
+  }),
+  allowed_clients: e.array(e.string()).default([]).optional().openapi({
+    description: "List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed."
+  }),
+  allowed_logout_urls: e.array(e.string()).default([]).optional().openapi({
+    description: "Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."
+  }),
+  session_transfer: e.record(e.any()).default({}).optional().openapi({
+    description: "Native to Web SSO Configuration"
+  }),
+  oidc_logout: e.record(e.any()).default({}).optional().openapi({
+    description: "Configuration for OIDC backchannel logout"
+  }),
+  grant_types: e.array(e.string()).default([]).optional().openapi({
+    description: "List of grant types supported for this application. Can include authorization_code, implicit, refresh_token, client_credentials, password, http://auth0.com/oauth/grant-type/password-realm, http://auth0.com/oauth/grant-type/mfa-oob, http://auth0.com/oauth/grant-type/mfa-otp, http://auth0.com/oauth/grant-type/mfa-recovery-code, urn:openid:params:grant-type:ciba, and urn:ietf:params:oauth:grant-type:device_code."
+  }),
+  jwt_configuration: e.record(e.any()).default({}).optional().openapi({
+    description: "Configuration related to JWTs for the client."
+  }),
+  signing_keys: e.array(e.record(e.any())).default([]).optional().openapi({
+    description: "Signing certificates associated with this client."
+  }),
+  encryption_key: e.record(e.any()).default({}).optional().openapi({
+    description: "Encryption used for WsFed responses with this client."
+  }),
+  sso: e.boolean().default(!1).openapi({
+    description: "Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false)."
+  }),
+  sso_disabled: e.boolean().default(!0).openapi({
+    description: "Whether Single Sign On is disabled (true) or enabled (true). Defaults to true."
+  }),
+  cross_origin_authentication: e.boolean().default(!1).openapi({
+    description: "Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."
+  }),
+  cross_origin_loc: e.string().url().optional().openapi({
+    description: "URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page."
+  }),
+  custom_login_page_on: e.boolean().default(!1).openapi({
+    description: "Whether a custom login page is to be used (true) or the default provided login page (false)."
+  }),
+  custom_login_page: e.string().optional().openapi({
+    description: "The content (HTML, CSS, JS) of the custom login page."
+  }),
+  custom_login_page_preview: e.string().optional().openapi({
+    description: "The content (HTML, CSS, JS) of the custom login page. (Used on Previews)"
+  }),
+  form_template: e.string().optional().openapi({
+    description: "HTML form template to be used for WS-Federation."
+  }),
+  addons: e.record(e.any()).default({}).optional().openapi({
+    description: "Addons enabled for this client and their associated configurations."
+  }),
+  token_endpoint_auth_method: e.enum(["none", "client_secret_post", "client_secret_basic"]).default("client_secret_basic").optional().openapi({
+    description: "Defines the requested authentication method for the token endpoint. Can be none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), or client_secret_basic (client uses HTTP Basic)."
+  }),
+  client_metadata: e.record(e.string().max(255)).default({}).optional().openapi({
+    description: 'Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/()<>@ [Tab][Space]'
+  }),
+  mobile: e.record(e.any()).default({}).optional().openapi({
+    description: "Additional configuration for native mobile apps."
+  }),
+  initiate_login_uri: e.string().url().optional().openapi({
+    description: "Initiate login uri, must be https"
+  }),
+  native_social_login: e.record(e.any()).default({}).optional(),
+  refresh_token: e.record(e.any()).default({}).optional().openapi({
+    description: "Refresh token configuration"
+  }),
+  default_organization: e.record(e.any()).default({}).optional().openapi({
+    description: "Defines the default Organization ID and flows"
+  }),
+  organization_usage: e.enum(["deny", "allow", "require"]).default("deny").optional().openapi({
+    description: "Defines how to proceed during an authentication transaction with regards an organization. Can be deny (default), allow or require."
+  }),
+  organization_require_behavior: e.enum(["no_prompt", "pre_login_prompt", "post_login_prompt"]).default("no_prompt").optional().openapi({
+    description: "Defines how to proceed during an authentication transaction when client.organization_usage: 'require'. Can be no_prompt (default), pre_login_prompt or post_login_prompt. post_login_prompt requires oidc_conformant: true."
+  }),
+  client_authentication_methods: e.record(e.any()).default({}).optional().openapi({
+    description: "Defines client authentication methods."
+  }),
+  require_pushed_authorization_requests: e.boolean().default(!1).openapi({
+    description: "Makes the use of Pushed Authorization Requests mandatory for this client"
+  }),
+  require_proof_of_possession: e.boolean().default(!1).openapi({
+    description: "Makes the use of Proof-of-Possession mandatory for this client"
+  }),
+  signed_request_object: e.record(e.any()).default({}).optional().openapi({
+    description: "JWT-secured Authorization Requests (JAR) settings."
+  }),
+  compliance_level: e.enum([
+    "none",
+    "fapi1_adv_pkj_par",
+    "fapi1_adv_mtls_par",
+    "fapi2_sp_pkj_mtls",
+    "fapi2_sp_mtls_mtls"
+  ]).optional().openapi({
+    description: "Defines the compliance level for this client, which may restrict it's capabilities"
+  }),
+  par_request_expiry: e.number().optional().openapi({
+    description: "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"
+  }),
+  token_quota: e.record(e.any()).default({}).optional()
+}), y = e.object({
+  created_at: e.string(),
+  updated_at: e.string(),
+  ...N.shape
 }), a = e.object({
   x: e.number(),
   y: e.number()
 });
-var c = /* @__PURE__ */ ((t) => (t.RICH_TEXT = "RICH_TEXT", t.NEXT_BUTTON = "NEXT_BUTTON", t.BACK_BUTTON = "BACK_BUTTON", t.SUBMIT_BUTTON = "SUBMIT_BUTTON", t.DIVIDER = "DIVIDER", t.TEXT = "TEXT", t.EMAIL = "EMAIL", t.PASSWORD = "PASSWORD", t.NUMBER = "NUMBER", t.PHONE = "PHONE", t.DATE = "DATE", t.CHECKBOX = "CHECKBOX", t.RADIO = "RADIO", t.SELECT = "SELECT", t.HIDDEN = "HIDDEN", t.LEGAL = "LEGAL", t))(c || {}), p = /* @__PURE__ */ ((t) => (t.BLOCK = "BLOCK", t.FIELD = "FIELD", t))(p || {});
+var p = /* @__PURE__ */ ((t) => (t.RICH_TEXT = "RICH_TEXT", t.NEXT_BUTTON = "NEXT_BUTTON", t.BACK_BUTTON = "BACK_BUTTON", t.SUBMIT_BUTTON = "SUBMIT_BUTTON", t.DIVIDER = "DIVIDER", t.TEXT = "TEXT", t.EMAIL = "EMAIL", t.PASSWORD = "PASSWORD", t.NUMBER = "NUMBER", t.PHONE = "PHONE", t.DATE = "DATE", t.CHECKBOX = "CHECKBOX", t.RADIO = "RADIO", t.SELECT = "SELECT", t.HIDDEN = "HIDDEN", t.LEGAL = "LEGAL", t))(p || {}), d = /* @__PURE__ */ ((t) => (t.BLOCK = "BLOCK", t.FIELD = "FIELD", t))(d || {});
 const r = e.object({
   id: e.string(),
-  category: e.nativeEnum(p),
-  type: e.nativeEnum(c)
+  category: e.nativeEnum(d),
+  type: e.nativeEnum(p)
 }), R = r.extend({
   category: e.literal(
     "BLOCK"
@@ -178,7 +349,7 @@ const r = e.object({
   config: e.object({
     text: e.string()
   }).passthrough()
-}), y = r.extend({
+}), w = r.extend({
   category: e.literal(
     "FIELD"
     /* FIELD */
@@ -239,7 +410,7 @@ const r = e.object({
   R,
   L,
   D,
-  y,
+  w,
   U
 ]);
 var j = /* @__PURE__ */ ((t) => (t.STEP = "STEP", t.FLOW = "FLOW", t.CONDITION = "CONDITION", t.ACTION = "ACTION", t))(j || {});
@@ -255,7 +426,7 @@ const k = e.object({
     components: e.array(F),
     next_node: e.string()
   }).passthrough()
-}), w = e.object({
+}), v = e.object({
   id: e.string(),
   type: e.literal(
     "FLOW"
@@ -271,14 +442,14 @@ const k = e.object({
   id: e.string(),
   type: e.string(),
   coordinates: a
-}).passthrough(), v = e.union([
+}).passthrough(), H = e.union([
   k,
-  w,
+  v,
   P
-]), H = e.object({
+]), M = e.object({
   next_node: e.string(),
   coordinates: a
-}).passthrough(), M = e.object({
+}).passthrough(), x = e.object({
   resume_flow: e.boolean().optional(),
   coordinates: a
 }).passthrough(), G = e.object({
@@ -287,26 +458,26 @@ const k = e.object({
   languages: e.object({
     primary: e.string()
   }).passthrough(),
-  nodes: e.array(v),
-  start: H,
-  ending: M,
+  nodes: e.array(H),
+  start: M,
+  ending: x,
   created_at: e.string(),
   updated_at: e.string(),
   links: e.object({
     sdkSrc: e.string().optional(),
     sdk_src: e.string().optional()
   }).passthrough()
-}).passthrough(), Ke = G.omit({
+}).passthrough(), We = G.omit({
   id: !0,
   created_at: !0,
   updated_at: !0
 });
-var d = /* @__PURE__ */ ((t) => (t.TOKEN = "token", t.TOKEN_ID_TOKEN = "token id_token", t.CODE = "code", t))(d || {}), g = /* @__PURE__ */ ((t) => (t.QUERY = "query", t.FRAGMENT = "fragment", t.FORM_POST = "form_post", t.WEB_MESSAGE = "web_message", t.SAML_POST = "saml_post", t))(g || {}), u = /* @__PURE__ */ ((t) => (t.S256 = "S256", t.Plain = "plain", t))(u || {});
-const x = e.object({
+var g = /* @__PURE__ */ ((t) => (t.TOKEN = "token", t.TOKEN_ID_TOKEN = "token id_token", t.CODE = "code", t))(g || {}), u = /* @__PURE__ */ ((t) => (t.QUERY = "query", t.FRAGMENT = "fragment", t.FORM_POST = "form_post", t.WEB_MESSAGE = "web_message", t.SAML_POST = "saml_post", t))(u || {}), m = /* @__PURE__ */ ((t) => (t.S256 = "S256", t.Plain = "plain", t))(m || {});
+const K = e.object({
   client_id: e.string(),
   act_as: e.string().optional(),
-  response_type: e.nativeEnum(d).optional(),
-  response_mode: e.nativeEnum(g).optional(),
+  response_type: e.nativeEnum(g).optional(),
+  response_mode: e.nativeEnum(u).optional(),
   redirect_uri: e.string().optional(),
   audience: e.string().optional(),
   organization: e.string().optional(),
@@ -314,13 +485,13 @@ const x = e.object({
   nonce: e.string().optional(),
   scope: e.string().optional(),
   prompt: e.string().optional(),
-  code_challenge_method: e.nativeEnum(u).optional(),
+  code_challenge_method: e.nativeEnum(m).optional(),
   code_challenge: e.string().optional(),
   username: e.string().optional(),
   ui_locales: e.string().optional(),
   // The following fields are not available in Auth0
   vendor_id: e.string().optional()
-}), Be = e.object({
+}), Xe = e.object({
   colors: e.object({
     primary: e.string(),
     page_background: e.object({
@@ -335,7 +506,7 @@ const x = e.object({
   font: e.object({
     url: e.string()
   }).optional()
-}), K = e.object({
+}), B = e.object({
   kid: e.string().optional(),
   team_id: e.string().optional(),
   realms: e.string().optional(),
@@ -354,11 +525,11 @@ const x = e.object({
   from: e.string().optional(),
   twilio_sid: e.string().optional(),
   twilio_token: e.string().optional()
-}), B = e.object({
+}), W = e.object({
   id: e.string().optional(),
   name: e.string(),
   strategy: e.string(),
-  options: K.default({}),
+  options: B.default({}),
   enabled_clients: e.array(e.string()).default([]).optional(),
   response_type: e.custom().optional(),
   response_mode: e.custom().optional()
@@ -366,7 +537,7 @@ const x = e.object({
   id: e.string(),
   created_at: e.string().transform((t) => t === null ? "" : t),
   updated_at: e.string().transform((t) => t === null ? "" : t)
-}).extend(B.shape), W = e.object({
+}).extend(W.shape), z = e.object({
   name: e.string(),
   audience: e.string(),
   sender_email: e.string().email(),
@@ -380,15 +551,18 @@ const x = e.object({
 }), V = e.object({
   created_at: e.string().transform((t) => t === null ? "" : t),
   updated_at: e.string().transform((t) => t === null ? "" : t),
-  ...W.shape,
+  ...z.shape,
   id: e.string()
 });
 e.object({
-  ...N.shape,
+  ...y.shape,
   tenant: V,
-  connections: e.array(X)
+  connections: e.array(X),
+  // Legacy fields for backward compatibility - these are now stored in client_metadata
+  disable_sign_ups: e.boolean(),
+  email_validation: e.string()
 });
-const z = e.enum([
+const q = e.enum([
   "password_reset",
   "email_verification",
   "otp",
@@ -405,7 +579,7 @@ const z = e.enum([
   connection_id: e.string().optional().openapi({
     description: "The connection that the code is connected to"
   }),
-  code_type: z,
+  code_type: q,
   code_verifier: e.string().optional().openapi({
     description: "The code verifier used in PKCE in outbound flows"
   }),
@@ -427,10 +601,10 @@ const z = e.enum([
   expires_at: e.string(),
   used_at: e.string().optional(),
   user_id: e.string().optional()
-}), Xe = e.object({
+}), ze = e.object({
   ...Y.shape,
   created_at: e.string()
-}), q = e.object({
+}), Q = e.object({
   domain: e.string(),
   custom_domain_id: e.string().optional(),
   type: e.enum(["auth0_managed_certs", "self_managed_certs"]),
@@ -444,23 +618,23 @@ const z = e.enum([
     "null"
   ]).optional(),
   domain_metadata: e.record(e.string().max(255)).optional()
-}), Q = e.object({
+}), J = e.object({
   name: e.literal("txt"),
   record: e.string(),
   domain: e.string()
 }), Z = e.object({
-  ...q.shape,
+  ...Q.shape,
   custom_domain_id: e.string(),
   primary: e.boolean(),
   status: e.enum(["disabled", "pending", "pending_verification", "ready"]),
   origin_domain_name: e.string().optional(),
   verification: e.object({
-    methods: e.array(Q)
+    methods: e.array(J)
   }).optional(),
   tls_policy: e.string().optional()
-}), We = Z.extend({
+}), Ve = Z.extend({
   tenant_id: e.string()
-}), Ve = e.object({
+}), qe = e.object({
   id: e.string(),
   type: e.literal("submit"),
   label: e.string(),
@@ -469,7 +643,7 @@ const z = e.enum([
   order: e.number().optional(),
   visible: e.boolean().optional().default(!0),
   customizations: e.record(e.string(), e.any()).optional()
-}), J = e.discriminatedUnion("type", [
+}), $ = e.discriminatedUnion("type", [
   e.object({
     id: e.string(),
     type: e.literal("RICH_TEXT"),
@@ -512,7 +686,7 @@ const z = e.enum([
     visible: e.boolean().optional().default(!0)
   })
   // Add more component types as needed
-]), $ = e.object({
+]), ee = e.object({
   name: e.string().openapi({
     description: "The name of the form"
   }),
@@ -563,7 +737,7 @@ const z = e.enum([
         coordinates: e.object({ x: e.number(), y: e.number() }),
         alias: e.string().min(1).max(150).optional(),
         config: e.object({
-          components: e.array(J),
+          components: e.array($),
           next_node: e.string()
         })
       })
@@ -586,48 +760,48 @@ const z = e.enum([
   style: e.object({ css: e.string().optional() }).optional()
 }).openapi({
   description: "Schema for flow-based forms (matches new JSON structure)"
-}), ze = e.object({
-  ...o.shape,
-  ...$.shape,
+}), Ye = e.object({
+  ...i.shape,
+  ...ee.shape,
   id: e.string()
-}), E = e.enum([
+}), h = e.enum([
   "pre-user-signup",
   "post-user-registration",
   "post-user-login"
   // Potentially other triggers specific to webhooks in the future
-]), m = e.enum([
+]), E = e.enum([
   "pre-user-signup",
   "post-user-registration",
   "post-user-login"
-]), _ = {
+]), l = {
   enabled: e.boolean().default(!1),
   synchronous: e.boolean().default(!1),
   priority: e.number().optional(),
   hook_id: e.string().optional()
-}, ee = e.object({
-  ..._,
-  trigger_id: E,
+}, te = e.object({
+  ...l,
+  trigger_id: h,
   url: e.string()
-}), te = e.object({
-  ..._,
-  trigger_id: m,
-  form_id: e.string()
-}), Ye = e.union([
-  ee,
-  te
-]), ne = e.object({
-  ..._,
+}), oe = e.object({
+  ...l,
   trigger_id: E,
-  ...o.shape,
+  form_id: e.string()
+}), Qe = e.union([
+  te,
+  oe
+]), ie = e.object({
+  ...l,
+  trigger_id: h,
+  ...i.shape,
   hook_id: e.string(),
   url: e.string()
-}), oe = e.object({
-  ..._,
-  trigger_id: m,
-  ...o.shape,
+}), ne = e.object({
+  ...l,
+  trigger_id: E,
+  ...i.shape,
   hook_id: e.string(),
   form_id: e.string()
-}), qe = e.union([ne, oe]), ie = e.object({
+}), Je = e.union([ie, ne]), ae = e.object({
   alg: e.enum([
     "RS256",
     "RS384",
@@ -646,9 +820,9 @@ const z = e.enum([
   x5t: e.string().optional(),
   x5c: e.array(e.string()).optional(),
   use: e.enum(["sig", "enc"]).optional()
-}), Qe = e.object({
-  keys: e.array(ie)
 }), Ze = e.object({
+  keys: e.array(ae)
+}), $e = e.object({
   issuer: e.string(),
   authorization_endpoint: e.string(),
   token_endpoint: e.string(),
@@ -669,10 +843,10 @@ const z = e.enum([
   request_uri_parameter_supported: e.boolean(),
   request_parameter_supported: e.boolean(),
   token_endpoint_auth_signing_alg_values_supported: e.array(e.string())
-}), ae = e.object({
+}), se = e.object({
   csrf_token: e.string(),
   auth0Client: e.string().optional(),
-  authParams: x,
+  authParams: K,
   expires_at: e.string(),
   deleted_at: e.string().optional(),
   ip: e.string().optional(),
@@ -682,14 +856,14 @@ const z = e.enum([
   login_completed: e.boolean().optional().default(!1)
 }).openapi({
   description: "This represents a login sesion"
-}), Je = e.object({
-  ...ae.shape,
+}), et = e.object({
+  ...se.shape,
   id: e.string().openapi({
     description: "This is is used as the state in the universal login"
   }),
   created_at: e.string(),
   updated_at: e.string()
-}), se = {
+}), re = {
   // Network & System
   ACLS_SUMMARY: "acls_summary",
   ACTIONS_EXECUTION_FAILED: "actions_execution_failed",
@@ -856,17 +1030,17 @@ const z = e.enum([
   WARNING_DURING_LOGIN: "w",
   WARNING_SENDING_NOTIFICATION: "wn",
   WARNING_USER_MANAGEMENT: "wum"
-}, re = e.string().refine(
-  (t) => Object.values(se).includes(t),
+}, le = e.string().refine(
+  (t) => Object.values(re).includes(t),
   { message: "Invalid log type" }
-), _e = e.object({
+), ce = e.object({
   name: e.string(),
   version: e.string(),
   env: e.object({
     node: e.string().optional()
   }).optional()
-}), $e = e.object({
-  type: re,
+}), tt = e.object({
+  type: le,
   date: e.string(),
   description: e.string().optional(),
   log_id: e.string().optional(),
@@ -887,13 +1061,13 @@ const z = e.enum([
   strategy: e.string().optional(),
   strategy_type: e.string().optional(),
   hostname: e.string().optional(),
-  auth0_client: _e.optional()
-}), le = e.object({
+  auth0_client: ce.optional()
+}), _e = e.object({
   user_id: e.string(),
   password: e.string(),
   algorithm: e.enum(["bcrypt", "argon2id"]).default("argon2id")
-}), et = e.object({
-  ...le.shape,
+}), ot = e.object({
+  ..._e.shape,
   created_at: e.string(),
   updated_at: e.string()
 }), S = e.object({
@@ -903,7 +1077,7 @@ const z = e.enum([
   last_user_agent: e.string().describe("Last user agent of the device from which this user logged in"),
   last_ip: e.string().describe("Last IP address from which this user logged in"),
   last_asn: e.string().describe("Last autonomous system number from which this user logged in")
-}), ce = e.object({
+}), pe = e.object({
   id: e.string(),
   revoked_at: e.string().optional(),
   used_at: e.string().optional(),
@@ -915,12 +1089,12 @@ const z = e.enum([
     "Metadata related to the device used in the session"
   ),
   clients: e.array(e.string()).describe("List of client details for the session")
-}), tt = e.object({
+}), it = e.object({
   created_at: e.string(),
   updated_at: e.string(),
   authenticated_at: e.string(),
   last_interaction_at: e.string(),
-  ...ce.shape
+  ...pe.shape
 }), nt = e.object({
   kid: e.string().openapi({ description: "The key id of the signing key" }),
   cert: e.string().openapi({ description: "The public certificate of the signing key" }),
@@ -947,8 +1121,8 @@ const z = e.enum([
     description: "The type of the signing key"
   })
 });
-var pe = /* @__PURE__ */ ((t) => (t.RefreshToken = "refresh_token", t.AuthorizationCode = "authorization_code", t.ClientCredential = "client_credentials", t.Passwordless = "passwordless", t.Password = "password", t.OTP = "http://auth0.com/oauth/grant-type/passwordless/otp", t))(pe || {});
-const ot = e.object({
+var de = /* @__PURE__ */ ((t) => (t.RefreshToken = "refresh_token", t.AuthorizationCode = "authorization_code", t.ClientCredential = "client_credentials", t.Passwordless = "passwordless", t.Password = "password", t.OTP = "http://auth0.com/oauth/grant-type/passwordless/otp", t))(de || {});
+const at = e.object({
   access_token: e.string(),
   id_token: e.string().optional(),
   scope: e.string().optional(),
@@ -961,7 +1135,7 @@ e.object({
   code: e.string(),
   state: e.string().optional()
 });
-const de = e.object({
+const ge = e.object({
   button_border_radius: e.number(),
   button_border_weight: e.number(),
   buttons_style: e.enum(["pill", "rounded", "sharp"]),
@@ -971,7 +1145,7 @@ const de = e.object({
   show_widget_shadow: e.boolean(),
   widget_border_weight: e.number(),
   widget_corner_radius: e.number()
-}), ge = e.object({
+}), ue = e.object({
   base_focus_color: e.string(),
   base_hover_color: e.string(),
   body_text: e.string(),
@@ -991,44 +1165,44 @@ const de = e.object({
   success: e.string(),
   widget_background: e.string(),
   widget_border: e.string()
-}), n = e.object({
+}), o = e.object({
   bold: e.boolean(),
   size: e.number()
-}), ue = e.object({
-  body_text: n,
-  buttons_text: n,
+}), me = e.object({
+  body_text: o,
+  buttons_text: o,
   font_url: e.string(),
-  input_labels: n,
-  links: n,
+  input_labels: o,
+  links: o,
   links_style: e.enum(["normal", "underlined"]),
   reference_text_size: e.number(),
-  subtitle: n,
-  title: n
-}), Ee = e.object({
+  subtitle: o,
+  title: o
+}), he = e.object({
   background_color: e.string(),
   background_image_url: e.string(),
   page_layout: e.enum(["center", "left", "right"])
-}), me = e.object({
+}), Ee = e.object({
   header_text_alignment: e.enum(["center", "left", "right"]),
   logo_height: e.number(),
   logo_position: e.enum(["center", "left", "none", "right"]),
   logo_url: e.string(),
   social_buttons_layout: e.enum(["bottom", "top"])
 }), Se = e.object({
-  borders: de,
-  colors: ge,
+  borders: ge,
+  colors: ue,
   displayName: e.string(),
-  fonts: ue,
-  page_background: Ee,
-  widget: me
-}), it = Se.extend({
+  fonts: me,
+  page_background: he,
+  widget: Ee
+}), st = Se.extend({
   themeId: e.string()
-}), at = e.object({
+}), rt = e.object({
   universal_login_experience: e.enum(["new", "classic"]).default("new"),
   identifier_first: e.boolean().default(!0),
   password_first: e.boolean().default(!1),
   webauthn_platform_first_factor: e.boolean()
-}), st = e.object({
+}), lt = e.object({
   name: e.string(),
   enabled: e.boolean().optional().default(!0),
   default_from_address: e.string().optional(),
@@ -1058,7 +1232,7 @@ const de = e.object({
     })
   ]),
   settings: e.object({}).optional()
-}), he = e.object({
+}), fe = e.object({
   // The actual refresh token value (primary key).
   id: e.string(),
   // Link to the session record
@@ -1079,15 +1253,15 @@ const de = e.object({
     })
   ),
   rotating: e.boolean()
-}), rt = e.object({
+}), ct = e.object({
   // When the refresh token record was created.
   created_at: e.string(),
   // Spread in the rest of the refresh token properties.
-  ...he.shape
+  ...fe.shape
 }), _t = e.object({
   to: e.string(),
   message: e.string()
-}), lt = e.object({
+}), pt = e.object({
   name: e.string(),
   options: e.object({})
 }), be = e.object({
@@ -1103,7 +1277,7 @@ const de = e.object({
   mtls: e.object({
     bound_access_tokens: e.boolean().optional()
   }).optional()
-}), fe = e.object({
+}), Ce = e.object({
   name: e.string(),
   identifier: e.string(),
   scopes: e.array(be).optional(),
@@ -1115,38 +1289,38 @@ const de = e.object({
   allow_offline_access: e.boolean().optional(),
   verificationKey: e.string().optional(),
   options: Ae.optional()
-}), Ce = e.object({
+}), Ie = e.object({
   id: e.string().optional(),
-  ...fe.shape,
+  ...Ce.shape,
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), ct = e.array(Ce), Ie = e.object({
+}), dt = e.array(Ie), Oe = e.object({
   role_id: e.string(),
   resource_server_identifier: e.string(),
   permission_name: e.string()
-}), Oe = e.object({
-  ...Ie.shape,
+}), Te = e.object({
+  ...Oe.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), pt = e.array(Oe), Te = e.object({
+}), gt = e.array(Te), Ne = e.object({
   role_id: e.string(),
   resource_server_identifier: e.string(),
   resource_server_name: e.string(),
   permission_name: e.string(),
   description: e.string().nullable().optional(),
   created_at: e.string().optional()
-}), dt = e.array(
-  Te
-), Ne = e.object({
+}), ut = e.array(
+  Ne
+), ye = e.object({
   user_id: e.string(),
   resource_server_identifier: e.string(),
   permission_name: e.string(),
   organization_id: e.string().optional()
 }), Re = e.object({
-  ...Ne.shape,
+  ...ye.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), gt = e.array(Re), Le = e.object({
+}), mt = e.array(Re), Le = e.object({
   user_id: e.string(),
   resource_server_identifier: e.string(),
   resource_server_name: e.string(),
@@ -1154,17 +1328,17 @@ const de = e.object({
   description: e.string().nullable().optional(),
   created_at: e.string().optional(),
   organization_id: e.string().optional()
-}), ut = e.array(
+}), ht = e.array(
   Le
 ), De = e.object({
   user_id: e.string(),
   role_id: e.string(),
   organization_id: e.string().optional()
-}), ye = e.object({
+}), we = e.object({
   ...De.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), Et = e.array(ye), Ue = e.object({
+}), Et = e.array(we), Ue = e.object({
   name: e.string().min(1).max(50).openapi({
     description: "The name of the role. Cannot include '<' or '>'"
   }),
@@ -1178,7 +1352,7 @@ const de = e.object({
   ...Ue.shape,
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), mt = e.array(Fe), je = e.object({
+}), St = e.array(Fe), je = e.object({
   logo_url: e.string().optional().openapi({
     description: "URL of the organization's logo"
   }),
@@ -1203,7 +1377,7 @@ const de = e.object({
   is_signup_enabled: e.boolean().default(!0).openapi({
     description: "Whether signup is enabled for this connection"
   })
-}), we = e.object({
+}), ve = e.object({
   client_credentials: e.object({
     enforce: e.boolean().default(!1).openapi({
       description: "Whether to enforce token quota limits"
@@ -1230,138 +1404,140 @@ const de = e.object({
   enabled_connections: e.array(ke).default([]).optional().openapi({
     description: "List of enabled connections for the organization"
   }),
-  token_quota: we
-}), St = e.object({
+  token_quota: ve
+}), ft = e.object({
   ...Pe.shape,
-  ...o.shape,
+  ...i.shape,
   id: e.string()
-}), ve = e.object({
+}), He = e.object({
   user_id: e.string().openapi({
     description: "ID of the user"
   }),
   organization_id: e.string().openapi({
     description: "ID of the organization"
   })
-}), ht = e.object({
-  ...ve.shape,
-  ...o.shape,
+}), bt = e.object({
+  ...He.shape,
+  ...i.shape,
   id: e.string()
 });
-function bt(t) {
-  const [i, s] = t.split("|");
-  if (!i || !s)
+function At(t) {
+  const [n, s] = t.split("|");
+  if (!n || !s)
     throw new Error(`Invalid user_id: ${t}`);
-  return { connection: i, id: s };
+  return { connection: n, id: s };
 }
 export {
-  _e as Auth0Client,
-  g as AuthorizationResponseMode,
-  d as AuthorizationResponseType,
-  u as CodeChallengeMethod,
-  p as ComponentCategory,
-  c as ComponentType,
-  pe as GrantType,
-  se as LogTypes,
+  ce as Auth0Client,
+  u as AuthorizationResponseMode,
+  g as AuthorizationResponseType,
+  m as CodeChallengeMethod,
+  d as ComponentCategory,
+  p as ComponentType,
+  de as GrantType,
+  re as LogTypes,
   j as NodeType,
   T as applicationInsertSchema,
-  N as applicationSchema,
-  Ke as auth0FlowInsertSchema,
+  Be as applicationSchema,
+  We as auth0FlowInsertSchema,
   G as auth0FlowSchema,
   Ge as auth0UserResponseSchema,
-  x as authParamsSchema,
-  l as baseUserSchema,
-  de as bordersSchema,
-  Be as brandingSchema,
+  K as authParamsSchema,
+  c as baseUserSchema,
+  ge as bordersSchema,
+  Xe as brandingSchema,
   L as buttonComponentSchema,
+  N as clientInsertSchema,
+  y as clientSchema,
   Y as codeInsertSchema,
-  Xe as codeSchema,
-  z as codeTypeSchema,
-  ge as colorsSchema,
+  ze as codeSchema,
+  q as codeTypeSchema,
+  ue as colorsSchema,
   F as componentSchema,
-  B as connectionInsertSchema,
-  K as connectionOptionsSchema,
+  W as connectionInsertSchema,
+  B as connectionOptionsSchema,
   X as connectionSchema,
   a as coordinatesSchema,
-  q as customDomainInsertSchema,
+  Q as customDomainInsertSchema,
   Z as customDomainSchema,
-  We as customDomainWithTenantIdSchema,
-  st as emailProviderSchema,
-  M as endingSchema,
-  y as fieldComponentSchema,
-  w as flowNodeSchema,
-  n as fontDetailsSchema,
-  ue as fontsSchema,
-  Ve as formControlSchema,
-  $ as formInsertSchema,
-  J as formNodeComponentDefinition,
-  ze as formSchema,
+  Ve as customDomainWithTenantIdSchema,
+  lt as emailProviderSchema,
+  x as endingSchema,
+  w as fieldComponentSchema,
+  v as flowNodeSchema,
+  o as fontDetailsSchema,
+  me as fontsSchema,
+  qe as formControlSchema,
+  ee as formInsertSchema,
+  $ as formNodeComponentDefinition,
+  Ye as formSchema,
   U as genericComponentSchema,
   P as genericNodeSchema,
-  Ye as hookInsertSchema,
-  qe as hookSchema,
+  Qe as hookInsertSchema,
+  Je as hookSchema,
   b as identitySchema,
-  Qe as jwksKeySchema,
-  ie as jwksSchema,
+  Ze as jwksKeySchema,
+  ae as jwksSchema,
   D as legalComponentSchema,
-  $e as logSchema,
-  ae as loginSessionInsertSchema,
-  Je as loginSessionSchema,
-  v as nodeSchema,
-  Ze as openIDConfigurationSchema,
+  tt as logSchema,
+  se as loginSessionInsertSchema,
+  et as loginSessionSchema,
+  H as nodeSchema,
+  $e as openIDConfigurationSchema,
   je as organizationBrandingSchema,
   ke as organizationEnabledConnectionSchema,
   Pe as organizationInsertSchema,
-  St as organizationSchema,
-  we as organizationTokenQuotaSchema,
-  Ee as pageBackgroundSchema,
-  bt as parseUserId,
-  le as passwordInsertSchema,
-  et as passwordSchema,
-  h as profileDataSchema,
-  at as promptSettingSchema,
-  he as refreshTokenInsertSchema,
-  rt as refreshTokenSchema,
-  fe as resourceServerInsertSchema,
-  ct as resourceServerListSchema,
+  ft as organizationSchema,
+  ve as organizationTokenQuotaSchema,
+  he as pageBackgroundSchema,
+  At as parseUserId,
+  _e as passwordInsertSchema,
+  ot as passwordSchema,
+  f as profileDataSchema,
+  rt as promptSettingSchema,
+  fe as refreshTokenInsertSchema,
+  ct as refreshTokenSchema,
+  Ce as resourceServerInsertSchema,
+  dt as resourceServerListSchema,
   Ae as resourceServerOptionsSchema,
-  Ce as resourceServerSchema,
+  Ie as resourceServerSchema,
   be as resourceServerScopeSchema,
   R as richTextComponentSchema,
   Ue as roleInsertSchema,
-  mt as roleListSchema,
-  Ie as rolePermissionInsertSchema,
-  pt as rolePermissionListSchema,
-  Oe as rolePermissionSchema,
-  dt as rolePermissionWithDetailsListSchema,
-  Te as rolePermissionWithDetailsSchema,
+  St as roleListSchema,
+  Oe as rolePermissionInsertSchema,
+  gt as rolePermissionListSchema,
+  Te as rolePermissionSchema,
+  ut as rolePermissionWithDetailsListSchema,
+  Ne as rolePermissionWithDetailsSchema,
   Fe as roleSchema,
   O as samlpAddon,
-  ce as sessionInsertSchema,
-  tt as sessionSchema,
+  pe as sessionInsertSchema,
+  it as sessionSchema,
   nt as signingKeySchema,
-  lt as smsProviderSchema,
+  pt as smsProviderSchema,
   _t as smsSendParamsSchema,
-  H as startSchema,
+  M as startSchema,
   k as stepNodeSchema,
-  W as tenantInsertSchema,
+  z as tenantInsertSchema,
   V as tenantSchema,
   Se as themeInsertSchema,
-  it as themeSchema,
-  ot as tokenResponseSchema,
-  Me as totalsSchema,
+  st as themeSchema,
+  at as tokenResponseSchema,
+  xe as totalsSchema,
   A as userInsertSchema,
-  ve as userOrganizationInsertSchema,
-  ht as userOrganizationSchema,
-  Ne as userPermissionInsertSchema,
-  gt as userPermissionListSchema,
+  He as userOrganizationInsertSchema,
+  bt as userOrganizationSchema,
+  ye as userPermissionInsertSchema,
+  mt as userPermissionListSchema,
   Re as userPermissionSchema,
-  ut as userPermissionWithDetailsListSchema,
+  ht as userPermissionWithDetailsListSchema,
   Le as userPermissionWithDetailsSchema,
-  xe as userResponseSchema,
+  Ke as userResponseSchema,
   De as userRoleInsertSchema,
   Et as userRoleListSchema,
-  ye as userRoleSchema,
-  f as userSchema,
-  Q as verificationMethodsSchema,
-  me as widgetSchema
+  we as userRoleSchema,
+  C as userSchema,
+  J as verificationMethodsSchema,
+  Ee as widgetSchema
 };