@carlonicora/nextjs-jsonapi 1.24.3 → 1.25.1

package/dist/{chunk-H5JZ5E7M.mjs → chunk-6BDOZDZ3.mjs}

@@ -13,13 +13,17 @@ import {
   useI18nTranslations
 } from "./chunk-GR4QPP36.mjs";
 import {
+  AVAILABLE_OAUTH_SCOPES,
   AuthService,
   ClientAbstractService,
   CompanyService,
   ContentService,
+  DEFAULT_GRANT_TYPES,
   FeatureService,
   Modules,
   NotificationService,
+  OAUTH_SCOPE_DISPLAY,
+  OAuthService,
   PushService,
   RehydrationFactory,
   RoleService,
@@ -32,7 +36,7 @@ import {
   rehydrate,
   useComposedRefs,
   useIsMobile
-} from "./chunk-5U4NJJOF.mjs";
+} from "./chunk-LNBT2YPZ.mjs";
 import {
   JsonApiContext
 } from "./chunk-VOXD3ZLY.mjs";
@@ -10962,7 +10966,7 @@ __name(AllowedUsersDetails, "AllowedUsersDetails");
 import dynamic from "next/dynamic";
 import React15 from "react";
 import { jsx as jsx121 } from "react/jsx-runtime";
-var BlockNoteEditor = dynamic(() => import("./BlockNoteEditor-TJNLCNIP.mjs"), {
+var BlockNoteEditor = dynamic(() => import("./BlockNoteEditor-UNVKGZ2G.mjs"), {
   ssr: false
 });
 var BlockNoteEditorContainer = React15.memo(/* @__PURE__ */ __name(function EditorContainer(props) {
@@ -11717,6 +11721,294 @@ var useContentTableStructure = /* @__PURE__ */ __name((params) => {
   return useMemo17(() => ({ data: tableData, columns }), [tableData, columns]);
 }, "useContentTableStructure");
 
+// src/features/oauth/hooks/useOAuthClients.ts
+import { useAtom as useAtom3, useSetAtom } from "jotai";
+import { useCallback as useCallback16, useEffect as useEffect34 } from "react";
+
+// src/features/oauth/atoms/oauth.atoms.ts
+import { atom } from "jotai";
+import { atomFamily } from "jotai-family";
+var oauthClientsAtom = atom([]);
+var oauthClientsLoadingAtom = atom(false);
+var oauthClientsErrorAtom = atom(null);
+var oauthClientByIdAtom = atomFamily(
+  (clientId) => atom((get) => {
+    const clients = get(oauthClientsAtom);
+    return clients.find((c) => c.clientId === clientId || c.id === clientId);
+  })
+);
+var oauthNewClientSecretAtom = atom(null);
+var oauthNewClientIdAtom = atom(null);
+var oauthConsentLoadingAtom = atom(false);
+var oauthConsentErrorAtom = atom(null);
+var setNewClientSecretAtom = atom(null, (get, set, value) => {
+  if (value === null) {
+    set(oauthNewClientSecretAtom, null);
+    set(oauthNewClientIdAtom, null);
+  } else {
+    set(oauthNewClientSecretAtom, value.secret);
+    set(oauthNewClientIdAtom, value.clientId);
+  }
+});
+var clearNewClientSecretAtom = atom(null, (get, set) => {
+  set(oauthNewClientSecretAtom, null);
+  set(oauthNewClientIdAtom, null);
+});
+var setOAuthClientsAtom = atom(null, (get, set, clients) => {
+  set(oauthClientsAtom, clients);
+});
+var addOAuthClientAtom = atom(null, (get, set, client) => {
+  const clients = get(oauthClientsAtom);
+  set(oauthClientsAtom, [...clients, client]);
+});
+var updateOAuthClientAtom = atom(null, (get, set, updatedClient) => {
+  const clients = get(oauthClientsAtom);
+  const index = clients.findIndex((c) => c.id === updatedClient.id || c.clientId === updatedClient.clientId);
+  if (index !== -1) {
+    const newClients = [...clients];
+    newClients[index] = updatedClient;
+    set(oauthClientsAtom, newClients);
+  }
+});
+var removeOAuthClientAtom = atom(null, (get, set, clientId) => {
+  const clients = get(oauthClientsAtom);
+  set(
+    oauthClientsAtom,
+    clients.filter((c) => c.id !== clientId && c.clientId !== clientId)
+  );
+});
+
+// src/features/oauth/hooks/useOAuthClients.ts
+function useOAuthClients() {
+  const [clients, setClients] = useAtom3(oauthClientsAtom);
+  const [isLoading, setIsLoading] = useAtom3(oauthClientsLoadingAtom);
+  const [error, setError] = useAtom3(oauthClientsErrorAtom);
+  const addClient = useSetAtom(addOAuthClientAtom);
+  const setNewClientSecret = useSetAtom(setNewClientSecretAtom);
+  const fetchClients = useCallback16(async () => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      const fetchedClients = await OAuthService.listClients();
+      setClients(fetchedClients);
+    } catch (err) {
+      console.error("[useOAuthClients] Failed to fetch clients:", err);
+      setError(err instanceof Error ? err : new Error("Failed to fetch OAuth clients"));
+    } finally {
+      setIsLoading(false);
+    }
+  }, [setClients, setIsLoading, setError]);
+  useEffect34(() => {
+    fetchClients();
+  }, [fetchClients]);
+  const createClient = useCallback16(
+    async (data) => {
+      setIsLoading(true);
+      setError(null);
+      try {
+        const result = await OAuthService.createClient(data);
+        addClient(result.client);
+        if (result.clientSecret) {
+          setNewClientSecret({
+            clientId: result.client.clientId,
+            secret: result.clientSecret
+          });
+        }
+        return result;
+      } catch (err) {
+        console.error("[useOAuthClients] Failed to create client:", err);
+        const error2 = err instanceof Error ? err : new Error("Failed to create OAuth client");
+        setError(error2);
+        throw error2;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [addClient, setNewClientSecret, setIsLoading, setError]
+  );
+  return {
+    clients,
+    isLoading,
+    error,
+    refetch: fetchClients,
+    createClient
+  };
+}
+__name(useOAuthClients, "useOAuthClients");
+
+// src/features/oauth/hooks/useOAuthClient.ts
+import { useAtomValue as useAtomValue2, useSetAtom as useSetAtom2 } from "jotai";
+import { useCallback as useCallback17, useEffect as useEffect35, useState as useState41 } from "react";
+function useOAuthClient(clientId) {
+  const storedClient = useAtomValue2(oauthClientByIdAtom(clientId));
+  const updateClientInStore = useSetAtom2(updateOAuthClientAtom);
+  const removeClientFromStore = useSetAtom2(removeOAuthClientAtom);
+  const setNewClientSecret = useSetAtom2(setNewClientSecretAtom);
+  const [fetchedClient, setFetchedClient] = useState41(null);
+  const [isLoading, setIsLoading] = useState41(false);
+  const [error, setError] = useState41(null);
+  const client = storedClient || fetchedClient;
+  const fetchClient = useCallback17(async () => {
+    if (!clientId) return;
+    setIsLoading(true);
+    setError(null);
+    try {
+      const fetched = await OAuthService.getClient({ clientId });
+      setFetchedClient(fetched);
+    } catch (err) {
+      console.error("[useOAuthClient] Failed to fetch client:", err);
+      setError(err instanceof Error ? err : new Error("Failed to fetch OAuth client"));
+    } finally {
+      setIsLoading(false);
+    }
+  }, [clientId]);
+  useEffect35(() => {
+    if (!storedClient && clientId) {
+      fetchClient();
+    }
+  }, [storedClient, clientId, fetchClient]);
+  const update = useCallback17(
+    async (data) => {
+      if (!clientId) throw new Error("No client ID");
+      setIsLoading(true);
+      setError(null);
+      try {
+        const updated = await OAuthService.updateClient({ clientId, data });
+        updateClientInStore(updated);
+        setFetchedClient(updated);
+      } catch (err) {
+        console.error("[useOAuthClient] Failed to update client:", err);
+        const error2 = err instanceof Error ? err : new Error("Failed to update OAuth client");
+        setError(error2);
+        throw error2;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [clientId, updateClientInStore]
+  );
+  const deleteClient = useCallback17(async () => {
+    if (!clientId) throw new Error("No client ID");
+    setIsLoading(true);
+    setError(null);
+    try {
+      await OAuthService.deleteClient({ clientId });
+      removeClientFromStore(clientId);
+    } catch (err) {
+      console.error("[useOAuthClient] Failed to delete client:", err);
+      const error2 = err instanceof Error ? err : new Error("Failed to delete OAuth client");
+      setError(error2);
+      throw error2;
+    } finally {
+      setIsLoading(false);
+    }
+  }, [clientId, removeClientFromStore]);
+  const regenerateSecret = useCallback17(async () => {
+    if (!clientId) throw new Error("No client ID");
+    setIsLoading(true);
+    setError(null);
+    try {
+      const result = await OAuthService.regenerateSecret({ clientId });
+      setNewClientSecret({
+        clientId,
+        secret: result.clientSecret
+      });
+      return result.clientSecret;
+    } catch (err) {
+      console.error("[useOAuthClient] Failed to regenerate secret:", err);
+      const error2 = err instanceof Error ? err : new Error("Failed to regenerate client secret");
+      setError(error2);
+      throw error2;
+    } finally {
+      setIsLoading(false);
+    }
+  }, [clientId, setNewClientSecret]);
+  return {
+    client,
+    isLoading,
+    error,
+    update,
+    deleteClient,
+    regenerateSecret,
+    refetch: fetchClient
+  };
+}
+__name(useOAuthClient, "useOAuthClient");
+
+// src/features/oauth/hooks/useOAuthConsent.ts
+import { useCallback as useCallback18, useEffect as useEffect36, useState as useState42 } from "react";
+function useOAuthConsent(params) {
+  const [clientInfo, setClientInfo] = useState42(null);
+  const [isLoading, setIsLoading] = useState42(true);
+  const [error, setError] = useState42(null);
+  const [isSubmitting, setIsSubmitting] = useState42(false);
+  useEffect36(() => {
+    const fetchInfo = /* @__PURE__ */ __name(async () => {
+      if (!params.clientId || !params.redirectUri || !params.scope) {
+        setError(new Error("Missing required authorization parameters"));
+        setIsLoading(false);
+        return;
+      }
+      setIsLoading(true);
+      setError(null);
+      try {
+        const info = await OAuthService.getAuthorizationInfo(params);
+        setClientInfo(info);
+      } catch (err) {
+        console.error("[useOAuthConsent] Failed to fetch authorization info:", err);
+        setError(err instanceof Error ? err : new Error("Failed to load authorization info"));
+      } finally {
+        setIsLoading(false);
+      }
+    }, "fetchInfo");
+    fetchInfo();
+  }, [
+    params.clientId,
+    params.redirectUri,
+    params.scope,
+    params.state,
+    params.codeChallenge,
+    params.codeChallengeMethod
+  ]);
+  const approve = useCallback18(async () => {
+    setIsSubmitting(true);
+    setError(null);
+    try {
+      const result = await OAuthService.approveAuthorization(params);
+      if (result.redirectUrl) {
+        window.location.href = result.redirectUrl;
+      }
+    } catch (err) {
+      console.error("[useOAuthConsent] Failed to approve authorization:", err);
+      setError(err instanceof Error ? err : new Error("Failed to approve authorization"));
+      setIsSubmitting(false);
+    }
+  }, [params]);
+  const deny = useCallback18(async () => {
+    setIsSubmitting(true);
+    setError(null);
+    try {
+      const result = await OAuthService.denyAuthorization(params);
+      if (result.redirectUrl) {
+        window.location.href = result.redirectUrl;
+      }
+    } catch (err) {
+      console.error("[useOAuthConsent] Failed to deny authorization:", err);
+      setError(err instanceof Error ? err : new Error("Failed to deny authorization"));
+      setIsSubmitting(false);
+    }
+  }, [params]);
+  return {
+    clientInfo,
+    isLoading,
+    error,
+    approve,
+    deny,
+    isSubmitting
+  };
+}
+__name(useOAuthConsent, "useOAuthConsent");
+
 // src/client/index.ts
 registerTableGenerator("roles", useRoleTableStructure);
 registerTableGenerator("users", useUserTableStructure);
@@ -11730,17 +12022,17 @@ import { memo, useMemo as useMemo18 } from "react";
 // src/components/tables/ContentTableSearch.tsx
 import { RefreshCw, Search, X } from "lucide-react";
 import { useTranslations as useTranslations45 } from "next-intl";
-import { useCallback as useCallback16, useEffect as useEffect34, useRef as useRef16, useState as useState41 } from "react";
+import { useCallback as useCallback19, useEffect as useEffect37, useRef as useRef16, useState as useState43 } from "react";
 import { jsx as jsx133, jsxs as jsxs76 } from "react/jsx-runtime";
 function ContentTableSearch({ data }) {
   const t = useTranslations45();
   const searchTermRef = useRef16("");
   const inputRef = useRef16(null);
-  const [searchTerm, setSearchTerm] = useState41("");
-  const [isFocused, setIsFocused] = useState41(false);
-  const [isSearching, setIsSearching] = useState41(false);
+  const [searchTerm, setSearchTerm] = useState43("");
+  const [isFocused, setIsFocused] = useState43(false);
+  const [isSearching, setIsSearching] = useState43(false);
   const isExpanded = isFocused || searchTerm.length > 0;
-  const search = useCallback16(
+  const search = useCallback19(
     async (searchedTerm) => {
       try {
         if (searchedTerm === searchTermRef.current) return;
@@ -11753,7 +12045,7 @@ function ContentTableSearch({ data }) {
     [searchTermRef, data]
   );
   const updateSearchTerm = useDebounce(search, 500);
-  useEffect34(() => {
+  useEffect37(() => {
     setIsSearching(true);
     updateSearchTerm(searchTerm);
   }, [updateSearchTerm, searchTerm]);
@@ -11905,13 +12197,13 @@ var ContentListTable = memo(/* @__PURE__ */ __name(function ContentListTable2(pr
 import Image9 from "next/image";
 
 // src/features/auth/contexts/AuthContext.tsx
-import { createContext as createContext14, useContext as useContext15, useMemo as useMemo19, useState as useState43 } from "react";
+import { createContext as createContext14, useContext as useContext15, useMemo as useMemo19, useState as useState45 } from "react";
 
 // src/features/auth/components/forms/Register.tsx
 import { zodResolver as zodResolver5 } from "@hookform/resolvers/zod";
 import { useTranslations as useTranslations46 } from "next-intl";
 import Image8 from "next/image";
-import { useState as useState42 } from "react";
+import { useState as useState44 } from "react";
 import { useForm as useForm5 } from "react-hook-form";
 import { v4 as v44 } from "uuid";
 import { z as z5 } from "zod";
@@ -11919,7 +12211,7 @@ import { Fragment as Fragment20, jsx as jsx135, jsxs as jsxs78 } from "react/jsx
 function Register() {
   const t = useTranslations46();
   const { setComponentType } = useAuthContext();
-  const [showConfirmation, setShowConfirmation] = useState42(false);
+  const [showConfirmation, setShowConfirmation] = useState44(false);
   const formSchema = z5.object({
     company: z5.string().min(1, {
       message: t(`generic.errors.missing_company_name`)
@@ -12043,8 +12335,8 @@ var AuthContextProvider = /* @__PURE__ */ __name(({
   initialComponentType,
   initialParams
 }) => {
-  const [componentType, setComponentType] = useState43(initialComponentType);
-  const [params, setParams] = useState43(initialParams);
+  const [componentType, setComponentType] = useState45(initialComponentType);
+  const [params, setParams] = useState45(initialParams);
   const activeComponent = useMemo19(() => {
     if (componentType === void 0) return null;
     switch (componentType) {
@@ -12137,17 +12429,17 @@ __name(LandingComponent, "LandingComponent");
 import { zodResolver as zodResolver6 } from "@hookform/resolvers/zod";
 import { useTranslations as useTranslations48 } from "next-intl";
 import Image11 from "next/image";
-import { useEffect as useEffect35, useState as useState44 } from "react";
+import { useEffect as useEffect38, useState as useState46 } from "react";
 import { useForm as useForm6 } from "react-hook-form";
 import { toast as toast7 } from "sonner";
 import { z as z6 } from "zod";
 import { Fragment as Fragment22, jsx as jsx139, jsxs as jsxs80 } from "react/jsx-runtime";
 function AcceptInvitation() {
   const { setComponentType, params, setParams } = useAuthContext();
-  const [showConfirmation, setShowConfirmation] = useState44(false);
-  const [error, setError] = useState44(void 0);
+  const [showConfirmation, setShowConfirmation] = useState46(false);
+  const [error, setError] = useState46(void 0);
   const t = useTranslations48();
-  useEffect35(() => {
+  useEffect38(() => {
     async function validateCode(code) {
       try {
         const payload = {
@@ -12240,15 +12532,15 @@ __name(AcceptInvitation, "AcceptInvitation");
 // src/features/auth/components/forms/ActivateAccount.tsx
 import { useTranslations as useTranslations49 } from "next-intl";
 import Image12 from "next/image";
-import { useEffect as useEffect36, useState as useState45 } from "react";
+import { useEffect as useEffect39, useState as useState47 } from "react";
 import { toast as toast8 } from "sonner";
 import { Fragment as Fragment23, jsx as jsx140, jsxs as jsxs81 } from "react/jsx-runtime";
 function ActivateAccount() {
   const { setComponentType, params, setParams } = useAuthContext();
-  const [showConfirmation, setShowConfirmation] = useState45(false);
-  const [error, setError] = useState45(void 0);
+  const [showConfirmation, setShowConfirmation] = useState47(false);
+  const [error, setError] = useState47(void 0);
   const t = useTranslations49();
-  useEffect36(() => {
+  useEffect39(() => {
     async function ActivateAccount2(code) {
       try {
         const payload = {
@@ -12289,12 +12581,12 @@ function ActivateAccount() {
 __name(ActivateAccount, "ActivateAccount");
 
 // src/features/auth/components/forms/Cookies.tsx
-import { useEffect as useEffect37, useState as useState46 } from "react";
+import { useEffect as useEffect40, useState as useState48 } from "react";
 function Cookies({ dehydratedAuth, page }) {
   const { setUser } = useCurrentUserContext();
   const router = useI18nRouter();
-  const [hasSaved, setHasSaved] = useState46(false);
-  useEffect37(() => {
+  const [hasSaved, setHasSaved] = useState48(false);
+  useEffect40(() => {
     if (hasSaved) return;
     async function saveTokenOnServer() {
       await AuthService.saveToken({ dehydratedAuth });
@@ -12317,14 +12609,14 @@ __name(Cookies, "Cookies");
 import { zodResolver as zodResolver7 } from "@hookform/resolvers/zod";
 import { useTranslations as useTranslations50 } from "next-intl";
 import Image13 from "next/image";
-import { useState as useState47 } from "react";
+import { useState as useState49 } from "react";
 import { useForm as useForm7 } from "react-hook-form";
 import { z as z7 } from "zod";
 import { Fragment as Fragment24, jsx as jsx141, jsxs as jsxs82 } from "react/jsx-runtime";
 function ForgotPassword() {
   const t = useTranslations50();
   const { setComponentType } = useAuthContext();
-  const [showConfirmation, setShowConfirmation] = useState47(false);
+  const [showConfirmation, setShowConfirmation] = useState49(false);
   const formSchema = z7.object({
     email: z7.string().email({
       message: t(`generic.errors.invalid_email`)
@@ -12488,11 +12780,11 @@ function Login() {
 __name(Login, "Login");
 
 // src/features/auth/components/forms/Logout.tsx
-import { useEffect as useEffect38 } from "react";
+import { useEffect as useEffect41 } from "react";
 import { Fragment as Fragment26, jsx as jsx143 } from "react/jsx-runtime";
 function Logout() {
   const generateUrl = usePageUrlGenerator();
-  useEffect38(() => {
+  useEffect41(() => {
     const logOut = /* @__PURE__ */ __name(async () => {
       await AuthService.logout();
       window.location.href = generateUrl({ page: `/` });
@@ -12505,7 +12797,7 @@ __name(Logout, "Logout");
 
 // src/features/auth/components/forms/RefreshUser.tsx
 import { deleteCookie as deleteCookie2, getCookie as getCookie2 } from "cookies-next";
-import { useEffect as useEffect39 } from "react";
+import { useEffect as useEffect42 } from "react";
 function RefreshUser() {
   const { setUser } = useCurrentUserContext();
   const loadFullUser = /* @__PURE__ */ __name(async () => {
@@ -12526,7 +12818,7 @@ function RefreshUser() {
       deleteCookie2("reloadData");
     }
   }, "loadFullUser");
-  useEffect39(() => {
+  useEffect42(() => {
     const reloadData = getCookie2("reloadData");
     if (reloadData !== void 0) loadFullUser();
   }, []);
@@ -12538,17 +12830,17 @@ __name(RefreshUser, "RefreshUser");
 import { zodResolver as zodResolver9 } from "@hookform/resolvers/zod";
 import { useTranslations as useTranslations52 } from "next-intl";
 import Image15 from "next/image";
-import { useEffect as useEffect40, useState as useState48 } from "react";
+import { useEffect as useEffect43, useState as useState50 } from "react";
 import { useForm as useForm9 } from "react-hook-form";
 import { toast as toast9 } from "sonner";
 import { z as z9 } from "zod";
 import { Fragment as Fragment27, jsx as jsx144, jsxs as jsxs84 } from "react/jsx-runtime";
 function ResetPassword() {
   const { setComponentType, params, setParams } = useAuthContext();
-  const [showConfirmation, setShowConfirmation] = useState48(false);
-  const [error, setError] = useState48(void 0);
+  const [showConfirmation, setShowConfirmation] = useState50(false);
+  const [error, setError] = useState50(void 0);
   const t = useTranslations52();
-  useEffect40(() => {
+  useEffect43(() => {
     async function validateResetPasswordCode(code) {
       try {
         const payload = {
@@ -12830,7 +13122,7 @@ __name(NotificationsListContainer, "NotificationsListContainer");
 // src/features/notification/components/modals/NotificationModal.tsx
 import { BellIcon } from "lucide-react";
 import { useTranslations as useTranslations58 } from "next-intl";
-import { Fragment as Fragment29, useCallback as useCallback17, useEffect as useEffect41, useMemo as useMemo20, useRef as useRef17, useState as useState49 } from "react";
+import { Fragment as Fragment29, useCallback as useCallback20, useEffect as useEffect44, useMemo as useMemo20, useRef as useRef17, useState as useState51 } from "react";
 import { toast as toast10 } from "sonner";
 import { jsx as jsx151, jsxs as jsxs89 } from "react/jsx-runtime";
 function NotificationModalContent({ isOpen, setIsOpen }) {
@@ -12850,14 +13142,14 @@ function NotificationModalContent({ isOpen, setIsOpen }) {
   const { socketNotifications, removeSocketNotification, clearSocketNotifications } = useSocketContext();
   const t = useTranslations58();
   const generateUrl = usePageUrlGenerator();
-  const [newNotifications, setNewNotifications] = useState49(false);
+  const [newNotifications, setNewNotifications] = useState51(false);
   const preventAutoClose = useRef17(false);
   const circuitBreakerRef = useRef17({
     count: 0,
     resetTime: 0,
     isOpen: false
   });
-  const checkCircuitBreaker = useCallback17(() => {
+  const checkCircuitBreaker = useCallback20(() => {
     const now = Date.now();
     const breaker = circuitBreakerRef.current;
     if (now > breaker.resetTime) {
@@ -12879,14 +13171,14 @@ function NotificationModalContent({ isOpen, setIsOpen }) {
       unreadIds: unreadNotifications2.map((notif) => notif.id)
     };
   }, [notifications]);
-  useEffect41(() => {
+  useEffect44(() => {
     setNewNotifications(unreadCount > 0);
   }, [unreadCount]);
-  useEffect41(() => {
+  useEffect44(() => {
     if (lastLoaded === 0) loadNotifications();
   }, [lastLoaded, loadNotifications]);
   const processSocketNotificationsRef = useRef17(null);
-  const processSocketNotifications = useCallback17(() => {
+  const processSocketNotifications = useCallback20(() => {
     if (socketNotifications.length === 0) {
       return;
     }
@@ -12925,7 +13217,7 @@ function NotificationModalContent({ isOpen, setIsOpen }) {
     generateUrl,
     checkCircuitBreaker
   ]);
-  useEffect41(() => {
+  useEffect44(() => {
     if (processSocketNotificationsRef.current) {
       clearTimeout(processSocketNotificationsRef.current);
     }
@@ -13059,13 +13351,13 @@ __name(FormRoles, "FormRoles");
 
 // src/features/role/components/forms/RemoveUserFromRole.tsx
 import { useTranslations as useTranslations61 } from "next-intl";
-import { useEffect as useEffect42, useState as useState50 } from "react";
+import { useEffect as useEffect45, useState as useState52 } from "react";
 import { Fragment as Fragment32, jsx as jsx156, jsxs as jsxs92 } from "react/jsx-runtime";
 function RemoveUserFromRole({ role, user, refresh }) {
-  const [open, setOpen] = useState50(false);
-  const [canRemove, setCanRemove] = useState50(false);
+  const [open, setOpen] = useState52(false);
+  const [canRemove, setCanRemove] = useState52(false);
   const t = useTranslations61();
-  useEffect42(() => {
+  useEffect45(() => {
     async function checkCompanyAdminDeletability() {
       const roleUsers = await UserService.findAllUsersByRole({
         roleId: role.id
@@ -13135,14 +13427,14 @@ __name(RemoveUserFromRole, "RemoveUserFromRole");
 // src/features/role/components/forms/UserRoleAdd.tsx
 import { PlusCircle } from "lucide-react";
 import { useTranslations as useTranslations62 } from "next-intl";
-import { useCallback as useCallback18, useEffect as useEffect43, useRef as useRef18, useState as useState51 } from "react";
+import { useCallback as useCallback21, useEffect as useEffect46, useRef as useRef18, useState as useState53 } from "react";
 import { toast as toast11 } from "sonner";
 import { Fragment as Fragment33, jsx as jsx157, jsxs as jsxs93 } from "react/jsx-runtime";
 function UserRoleAdd({ user, refresh }) {
-  const [open, setOpen] = useState51(false);
+  const [open, setOpen] = useState53(false);
   const inputRef = useRef18(null);
-  const [searchTerm, setSearchTerm] = useState51("");
-  const [roles, setRoles] = useState51([]);
+  const [searchTerm, setSearchTerm] = useState53("");
+  const [roles, setRoles] = useState53([]);
   const t = useTranslations62();
   const addUserToRole = /* @__PURE__ */ __name(async (role) => {
     await RoleService.addUserToRole({
@@ -13166,7 +13458,7 @@ function UserRoleAdd({ user, refresh }) {
     );
     refresh();
   }, "addUserToRole");
-  const searchRoles = useCallback18(
+  const searchRoles = useCallback21(
     async (term) => {
       setRoles(
         await RoleService.findAllRolesUserNotIn({
@@ -13178,10 +13470,10 @@ function UserRoleAdd({ user, refresh }) {
     [searchTerm, user]
   );
   const updateSearchTerm = useDebounce(searchRoles, 500);
-  useEffect43(() => {
+  useEffect46(() => {
     if (open) updateSearchTerm(searchTerm);
   }, [open, searchTerm]);
-  useEffect43(() => {
+  useEffect46(() => {
     if (open) searchRoles("");
   }, [open]);
   return /* @__PURE__ */ jsxs93(Fragment33, { children: [
@@ -13275,6 +13567,893 @@ function UserRolesList({ user }) {
 }
 __name(UserRolesList, "UserRolesList");
 
+// src/features/oauth/components/OAuthRedirectUriInput.tsx
+import { useCallback as useCallback22 } from "react";
+import { Plus, Trash2 } from "lucide-react";
+import { jsx as jsx160, jsxs as jsxs94 } from "react/jsx-runtime";
+function isValidRedirectUri(uri) {
+  if (!uri.trim()) return false;
+  if (uri.startsWith("http://localhost") || uri.startsWith("http://127.0.0.1")) {
+    return true;
+  }
+  if (uri.startsWith("https://")) {
+    try {
+      new URL(uri);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  if (uri.includes("://")) {
+    const schemeMatch = uri.match(/^([a-zA-Z][a-zA-Z0-9+.-]*):\/\//);
+    return schemeMatch !== null;
+  }
+  return false;
+}
+__name(isValidRedirectUri, "isValidRedirectUri");
+function OAuthRedirectUriInput({
+  value,
+  onChange,
+  error,
+  disabled = false,
+  label = "Redirect URIs"
+}) {
+  const handleAdd = useCallback22(() => {
+    onChange([...value, ""]);
+  }, [value, onChange]);
+  const handleRemove = useCallback22(
+    (index) => {
+      const newUris = value.filter((_, i) => i !== index);
+      onChange(newUris.length > 0 ? newUris : [""]);
+    },
+    [value, onChange]
+  );
+  const handleChange = useCallback22(
+    (index, newValue) => {
+      const newUris = [...value];
+      newUris[index] = newValue;
+      onChange(newUris);
+    },
+    [value, onChange]
+  );
+  return /* @__PURE__ */ jsxs94("div", { className: "space-y-2", children: [
+    /* @__PURE__ */ jsxs94(Label, { children: [
+      label,
+      " *"
+    ] }),
+    /* @__PURE__ */ jsx160("p", { className: "text-sm text-muted-foreground", children: "Enter the URIs where users will be redirected after authorization. Use https:// for production, or custom schemes for mobile apps." }),
+    /* @__PURE__ */ jsx160("div", { className: "space-y-2", children: value.map((uri, index) => {
+      const isValid3 = !uri || isValidRedirectUri(uri);
+      return /* @__PURE__ */ jsxs94("div", { className: "flex gap-2", children: [
+        /* @__PURE__ */ jsxs94("div", { className: "flex-1", children: [
+          /* @__PURE__ */ jsx160(
+            Input,
+            {
+              value: uri,
+              onChange: (e) => handleChange(index, e.target.value),
+              placeholder: "https://example.com/callback or myapp://oauth",
+              disabled,
+              className: !isValid3 ? "border-destructive" : ""
+            }
+          ),
+          !isValid3 && /* @__PURE__ */ jsx160("p", { className: "text-xs text-destructive mt-1", children: "Must be https://, http://localhost, or a custom scheme (app://)" })
+        ] }),
+        /* @__PURE__ */ jsx160(
+          Button,
+          {
+            type: "button",
+            variant: "ghost",
+            size: "icon",
+            onClick: () => handleRemove(index),
+            disabled: disabled || value.length === 1,
+            title: "Remove URI",
+            children: /* @__PURE__ */ jsx160(Trash2, { className: "h-4 w-4" })
+          }
+        )
+      ] }, index);
+    }) }),
+    /* @__PURE__ */ jsxs94(
+      Button,
+      {
+        type: "button",
+        variant: "outline",
+        size: "sm",
+        onClick: handleAdd,
+        disabled,
+        className: "mt-2",
+        children: [
+          /* @__PURE__ */ jsx160(Plus, { className: "h-4 w-4 mr-2" }),
+          "Add Redirect URI"
+        ]
+      }
+    ),
+    error && /* @__PURE__ */ jsx160("p", { className: "text-sm text-destructive", children: error })
+  ] });
+}
+__name(OAuthRedirectUriInput, "OAuthRedirectUriInput");
+
+// src/features/oauth/components/OAuthScopeSelector.tsx
+import { useCallback as useCallback23 } from "react";
+import { jsx as jsx161, jsxs as jsxs95 } from "react/jsx-runtime";
+function OAuthScopeSelector({
+  value,
+  onChange,
+  availableScopes = AVAILABLE_OAUTH_SCOPES,
+  disabled = false,
+  error,
+  label = "Allowed Scopes"
+}) {
+  const handleToggle = useCallback23(
+    (scope, checked) => {
+      if (checked) {
+        onChange([...value, scope]);
+      } else {
+        onChange(value.filter((s) => s !== scope));
+      }
+    },
+    [value, onChange]
+  );
+  const groupedScopes = availableScopes.reduce((acc, scope) => {
+    const [category] = scope.scope.split(":");
+    const groupName = category === scope.scope ? "General" : category;
+    if (!acc[groupName]) {
+      acc[groupName] = [];
+    }
+    acc[groupName].push(scope);
+    return acc;
+  }, {});
+  return /* @__PURE__ */ jsxs95("div", { className: "space-y-4", children: [
+    /* @__PURE__ */ jsxs95("div", { children: [
+      /* @__PURE__ */ jsxs95(Label, { children: [
+        label,
+        " *"
+      ] }),
+      /* @__PURE__ */ jsx161("p", { className: "text-sm text-muted-foreground", children: "Select the permissions your application needs." })
+    ] }),
+    /* @__PURE__ */ jsx161("div", { className: "space-y-4", children: Object.entries(groupedScopes).map(([groupName, scopes]) => /* @__PURE__ */ jsxs95("div", { className: "space-y-2", children: [
+      /* @__PURE__ */ jsx161("h4", { className: "text-sm font-medium capitalize", children: groupName }),
+      /* @__PURE__ */ jsx161("div", { className: "grid grid-cols-1 md:grid-cols-2 gap-2 pl-2", children: scopes.map((scopeInfo) => {
+        const isChecked = value.includes(scopeInfo.scope);
+        const isAdmin = scopeInfo.scope === "admin";
+        return /* @__PURE__ */ jsxs95(
+          "div",
+          {
+            className: `flex items-start space-x-3 p-2 rounded-md border ${isChecked ? "bg-primary/5 border-primary/20" : "border-transparent"} ${isAdmin ? "bg-destructive/5" : ""}`,
+            children: [
+              /* @__PURE__ */ jsx161(
+                Checkbox,
+                {
+                  id: `scope-${scopeInfo.scope}`,
+                  checked: isChecked,
+                  onCheckedChange: (checked) => handleToggle(scopeInfo.scope, checked === true),
+                  disabled
+                }
+              ),
+              /* @__PURE__ */ jsxs95("div", { className: "flex-1", children: [
+                /* @__PURE__ */ jsxs95(
+                  Label,
+                  {
+                    htmlFor: `scope-${scopeInfo.scope}`,
+                    className: "text-sm font-medium cursor-pointer",
+                    children: [
+                      scopeInfo.name,
+                      isAdmin && /* @__PURE__ */ jsx161("span", { className: "ml-2 text-xs text-destructive", children: "(Dangerous)" })
+                    ]
+                  }
+                ),
+                /* @__PURE__ */ jsx161("p", { className: "text-xs text-muted-foreground", children: scopeInfo.description })
+              ] })
+            ]
+          },
+          scopeInfo.scope
+        );
+      }) })
+    ] }, groupName)) }),
+    error && /* @__PURE__ */ jsx161("p", { className: "text-sm text-destructive", children: error })
+  ] });
+}
+__name(OAuthScopeSelector, "OAuthScopeSelector");
+
+// src/features/oauth/components/OAuthClientSecretDisplay.tsx
+import { useState as useState54, useCallback as useCallback24 } from "react";
+import { Copy, Check, AlertTriangle } from "lucide-react";
+import { jsx as jsx162, jsxs as jsxs96 } from "react/jsx-runtime";
+function OAuthClientSecretDisplay({
+  secret,
+  onDismiss,
+  open,
+  clientName
+}) {
+  const [copied, setCopied] = useState54(false);
+  const handleCopy = useCallback24(async () => {
+    try {
+      await navigator.clipboard.writeText(secret);
+      setCopied(true);
+      setTimeout(() => setCopied(false), 2e3);
+    } catch (err) {
+      console.error("Failed to copy to clipboard:", err);
+    }
+  }, [secret]);
+  const handleDismiss = useCallback24(() => {
+    setCopied(false);
+    onDismiss();
+  }, [onDismiss]);
+  return /* @__PURE__ */ jsx162(Dialog, { open, onOpenChange: (isOpen) => !isOpen && handleDismiss(), children: /* @__PURE__ */ jsxs96(DialogContent, { className: "sm:max-w-md", children: [
+    /* @__PURE__ */ jsxs96(DialogHeader, { children: [
+      /* @__PURE__ */ jsxs96(DialogTitle, { className: "flex items-center gap-2", children: [
+        /* @__PURE__ */ jsx162(AlertTriangle, { className: "h-5 w-5 text-warning" }),
+        "Save Your Client Secret"
+      ] }),
+      /* @__PURE__ */ jsx162(DialogDescription, { children: clientName ? `Your client secret for "${clientName}" is shown below.` : "Your client secret is shown below." })
+    ] }),
+    /* @__PURE__ */ jsxs96(Alert, { variant: "destructive", className: "my-4", children: [
+      /* @__PURE__ */ jsx162(AlertTriangle, { className: "h-4 w-4" }),
+      /* @__PURE__ */ jsxs96(AlertDescription, { children: [
+        /* @__PURE__ */ jsx162("strong", { children: "This is the only time your client secret will be displayed." }),
+        /* @__PURE__ */ jsx162("br", {}),
+        "Copy it now and store it securely. You will not be able to retrieve it later."
+      ] })
+    ] }),
+    /* @__PURE__ */ jsxs96("div", { className: "flex items-center space-x-2", children: [
+      /* @__PURE__ */ jsx162("div", { className: "flex-1", children: /* @__PURE__ */ jsx162(
+        Input,
+        {
+          value: secret,
+          readOnly: true,
+          className: "font-mono text-sm",
+          onClick: (e) => e.currentTarget.select()
+        }
+      ) }),
+      /* @__PURE__ */ jsx162(
+        Button,
+        {
+          type: "button",
+          variant: "outline",
+          size: "icon",
+          onClick: handleCopy,
+          title: copied ? "Copied!" : "Copy to clipboard",
+          children: copied ? /* @__PURE__ */ jsx162(Check, { className: "h-4 w-4 text-green-600" }) : /* @__PURE__ */ jsx162(Copy, { className: "h-4 w-4" })
+        }
+      )
+    ] }),
+    copied && /* @__PURE__ */ jsx162("p", { className: "text-sm text-green-600 text-center", children: "Copied to clipboard!" }),
+    /* @__PURE__ */ jsx162(DialogFooter, { className: "mt-4", children: /* @__PURE__ */ jsx162(Button, { onClick: handleDismiss, className: "w-full", children: "I've Saved My Secret" }) })
+  ] }) });
+}
+__name(OAuthClientSecretDisplay, "OAuthClientSecretDisplay");
+
+// src/features/oauth/components/OAuthClientCard.tsx
+import { formatDistanceToNow } from "date-fns";
+import { Key, MoreVertical, Pencil, Trash2 as Trash22 } from "lucide-react";
+import { jsx as jsx163, jsxs as jsxs97 } from "react/jsx-runtime";
+function OAuthClientCard({
+  client,
+  onClick,
+  onEdit,
+  onDelete
+}) {
+  const truncatedId = client.clientId.length > 12 ? `${client.clientId.slice(0, 8)}...${client.clientId.slice(-4)}` : client.clientId;
+  const createdAgo = client.createdAt ? formatDistanceToNow(new Date(client.createdAt), { addSuffix: true }) : "Unknown";
+  return /* @__PURE__ */ jsxs97(
+    Card,
+    {
+      className: `cursor-pointer transition-colors hover:bg-accent/50 ${!client.isActive ? "opacity-60" : ""}`,
+      onClick,
+      children: [
+        /* @__PURE__ */ jsxs97(CardHeader, { className: "pb-2", children: [
+          /* @__PURE__ */ jsxs97("div", { className: "flex items-start justify-between", children: [
+            /* @__PURE__ */ jsxs97("div", { className: "flex items-center gap-2", children: [
+              /* @__PURE__ */ jsx163(Key, { className: "h-5 w-5 text-muted-foreground" }),
+              /* @__PURE__ */ jsx163(CardTitle, { className: "text-lg", children: client.name })
+            ] }),
+            /* @__PURE__ */ jsxs97("div", { className: "flex items-center gap-2", children: [
+              /* @__PURE__ */ jsx163(Badge, { variant: client.isActive ? "default" : "secondary", children: client.isActive ? "Active" : "Inactive" }),
+              (onEdit || onDelete) && /* @__PURE__ */ jsxs97(DropdownMenu, { children: [
+                /* @__PURE__ */ jsx163(DropdownMenuTrigger, { onClick: (e) => e.stopPropagation(), children: /* @__PURE__ */ jsx163(Button, { render: /* @__PURE__ */ jsx163("div", {}), nativeButton: false, variant: "ghost", size: "icon", className: "h-8 w-8", children: /* @__PURE__ */ jsx163(MoreVertical, { className: "h-4 w-4" }) }) }),
+                /* @__PURE__ */ jsxs97(DropdownMenuContent, { align: "end", children: [
+                  onEdit && /* @__PURE__ */ jsxs97(DropdownMenuItem, { onClick: (e) => {
+                    e.stopPropagation();
+                    onEdit();
+                  }, children: [
+                    /* @__PURE__ */ jsx163(Pencil, { className: "h-4 w-4 mr-2" }),
+                    "Edit"
+                  ] }),
+                  onDelete && /* @__PURE__ */ jsxs97(
+                    DropdownMenuItem,
+                    {
+                      onClick: (e) => {
+                        e.stopPropagation();
+                        onDelete();
+                      },
+                      className: "text-destructive",
+                      children: [
+                        /* @__PURE__ */ jsx163(Trash22, { className: "h-4 w-4 mr-2" }),
+                        "Delete"
+                      ]
+                    }
+                  )
+                ] })
+              ] })
+            ] })
+          ] }),
+          client.description && /* @__PURE__ */ jsx163(CardDescription, { className: "line-clamp-2", children: client.description })
+        ] }),
+        /* @__PURE__ */ jsx163(CardContent, { children: /* @__PURE__ */ jsxs97("div", { className: "flex flex-wrap gap-x-4 gap-y-1 text-sm text-muted-foreground", children: [
+          /* @__PURE__ */ jsx163("span", { className: "font-mono", children: truncatedId }),
+          /* @__PURE__ */ jsxs97("span", { children: [
+            "Created ",
+            createdAgo
+          ] }),
+          /* @__PURE__ */ jsx163("span", { children: client.isConfidential ? "Confidential" : "Public" })
+        ] }) })
+      ]
+    }
+  );
+}
+__name(OAuthClientCard, "OAuthClientCard");
+
+// src/features/oauth/components/OAuthClientList.tsx
+import { Plus as Plus2, Key as Key2 } from "lucide-react";
+import { jsx as jsx164, jsxs as jsxs98 } from "react/jsx-runtime";
+function OAuthClientList({
+  clients,
+  isLoading = false,
+  error,
+  onClientClick,
+  onCreateClick,
+  onEditClick,
+  onDeleteClick,
+  emptyStateMessage = "No OAuth applications yet. Create one to get started.",
+  title = "OAuth Applications"
+}) {
+  if (isLoading && clients.length === 0) {
+    return /* @__PURE__ */ jsxs98("div", { className: "space-y-4", children: [
+      /* @__PURE__ */ jsxs98("div", { className: "flex items-center justify-between", children: [
+        /* @__PURE__ */ jsx164("h2", { className: "text-2xl font-bold", children: title }),
+        /* @__PURE__ */ jsx164(Skeleton, { className: "h-10 w-32" })
+      ] }),
+      /* @__PURE__ */ jsx164("div", { className: "space-y-3", children: [1, 2, 3].map((i) => /* @__PURE__ */ jsx164(Skeleton, { className: "h-32 w-full" }, i)) })
+    ] });
+  }
+  if (error) {
+    return /* @__PURE__ */ jsxs98("div", { className: "space-y-4", children: [
+      /* @__PURE__ */ jsx164("div", { className: "flex items-center justify-between", children: /* @__PURE__ */ jsx164("h2", { className: "text-2xl font-bold", children: title }) }),
+      /* @__PURE__ */ jsx164("div", { className: "rounded-lg border border-destructive/50 bg-destructive/10 p-6 text-center", children: /* @__PURE__ */ jsx164("p", { className: "text-destructive", children: error.message }) })
+    ] });
+  }
+  if (clients.length === 0) {
+    return /* @__PURE__ */ jsxs98("div", { className: "space-y-4", children: [
+      /* @__PURE__ */ jsxs98("div", { className: "flex items-center justify-between", children: [
+        /* @__PURE__ */ jsx164("h2", { className: "text-2xl font-bold", children: title }),
+        onCreateClick && /* @__PURE__ */ jsxs98(Button, { onClick: onCreateClick, children: [
+          /* @__PURE__ */ jsx164(Plus2, { className: "h-4 w-4 mr-2" }),
+          "New App"
+        ] })
+      ] }),
+      /* @__PURE__ */ jsxs98("div", { className: "rounded-lg border border-dashed p-12 text-center", children: [
+        /* @__PURE__ */ jsx164(Key2, { className: "h-12 w-12 mx-auto text-muted-foreground mb-4" }),
+        /* @__PURE__ */ jsx164("h3", { className: "text-lg font-medium mb-2", children: "No OAuth Applications" }),
+        /* @__PURE__ */ jsx164("p", { className: "text-muted-foreground mb-4", children: emptyStateMessage }),
+        onCreateClick && /* @__PURE__ */ jsxs98(Button, { onClick: onCreateClick, children: [
+          /* @__PURE__ */ jsx164(Plus2, { className: "h-4 w-4 mr-2" }),
+          "Create Application"
+        ] })
+      ] })
+    ] });
+  }
+  return /* @__PURE__ */ jsxs98("div", { className: "space-y-4", children: [
+    /* @__PURE__ */ jsxs98("div", { className: "flex items-center justify-between", children: [
+      /* @__PURE__ */ jsx164("h2", { className: "text-2xl font-bold", children: title }),
+      onCreateClick && /* @__PURE__ */ jsxs98(Button, { onClick: onCreateClick, children: [
+        /* @__PURE__ */ jsx164(Plus2, { className: "h-4 w-4 mr-2" }),
+        "New App"
+      ] })
+    ] }),
+    /* @__PURE__ */ jsx164("div", { className: "space-y-3", children: clients.map((client) => /* @__PURE__ */ jsx164(
+      OAuthClientCard,
+      {
+        client,
+        onClick: () => onClientClick?.(client),
+        onEdit: onEditClick ? () => onEditClick(client) : void 0,
+        onDelete: onDeleteClick ? () => onDeleteClick(client) : void 0
+      },
+      client.id || client.clientId
+    )) })
+  ] });
+}
+__name(OAuthClientList, "OAuthClientList");
+
+// src/features/oauth/components/OAuthClientForm.tsx
+import { useState as useState55, useCallback as useCallback25 } from "react";
+import { jsx as jsx165, jsxs as jsxs99 } from "react/jsx-runtime";
+function OAuthClientForm({
+  client,
+  onSubmit,
+  onCancel,
+  isLoading = false
+}) {
+  const isEditMode = !!client;
+  const [formState, setFormState] = useState55({
+    name: client?.name || "",
+    description: client?.description || "",
+    redirectUris: client?.redirectUris?.length ? client.redirectUris : [""],
+    allowedScopes: client?.allowedScopes || [],
+    isConfidential: client?.isConfidential ?? true
+  });
+  const [errors, setErrors] = useState55({});
+  const validate = useCallback25(() => {
+    const newErrors = {};
+    if (!formState.name.trim()) {
+      newErrors.name = "Application name is required";
+    }
+    const validUris = formState.redirectUris.filter((uri) => uri.trim());
+    if (validUris.length === 0) {
+      newErrors.redirectUris = "At least one redirect URI is required";
+    }
+    if (formState.allowedScopes.length === 0) {
+      newErrors.allowedScopes = "At least one scope must be selected";
+    }
+    setErrors(newErrors);
+    return Object.keys(newErrors).length === 0;
+  }, [formState]);
+  const handleSubmit = useCallback25(
+    async (e) => {
+      e.preventDefault();
+      if (!validate()) return;
+      const data = {
+        name: formState.name.trim(),
+        description: formState.description.trim() || void 0,
+        redirectUris: formState.redirectUris.filter((uri) => uri.trim()),
+        allowedScopes: formState.allowedScopes,
+        allowedGrantTypes: DEFAULT_GRANT_TYPES,
+        isConfidential: formState.isConfidential
+      };
+      await onSubmit(data);
+    },
+    [formState, validate, onSubmit]
+  );
+  return /* @__PURE__ */ jsx165(Card, { children: /* @__PURE__ */ jsxs99("form", { onSubmit: handleSubmit, children: [
+    /* @__PURE__ */ jsxs99(CardHeader, { children: [
+      /* @__PURE__ */ jsx165(CardTitle, { children: isEditMode ? "Edit Application" : "Create OAuth Application" }),
+      /* @__PURE__ */ jsx165(CardDescription, { children: isEditMode ? "Update your OAuth application settings." : "Register a new application to access the API." })
+    ] }),
+    /* @__PURE__ */ jsxs99(CardContent, { className: "space-y-6", children: [
+      /* @__PURE__ */ jsxs99("div", { className: "space-y-2", children: [
+        /* @__PURE__ */ jsx165(Label, { htmlFor: "name", children: "Application Name *" }),
+        /* @__PURE__ */ jsx165(
+          Input,
+          {
+            id: "name",
+            value: formState.name,
+            onChange: (e) => setFormState((s) => ({ ...s, name: e.target.value })),
+            placeholder: "My Lightroom Plugin",
+            disabled: isLoading,
+            className: errors.name ? "border-destructive" : ""
+          }
+        ),
+        errors.name && /* @__PURE__ */ jsx165("p", { className: "text-sm text-destructive", children: errors.name })
+      ] }),
+      /* @__PURE__ */ jsxs99("div", { className: "space-y-2", children: [
+        /* @__PURE__ */ jsx165(Label, { htmlFor: "description", children: "Description" }),
+        /* @__PURE__ */ jsx165(
+          Textarea,
+          {
+            id: "description",
+            value: formState.description,
+            onChange: (e) => setFormState((s) => ({ ...s, description: e.target.value })),
+            placeholder: "A brief description of your application",
+            disabled: isLoading,
+            rows: 3
+          }
+        )
+      ] }),
+      /* @__PURE__ */ jsx165(
+        OAuthRedirectUriInput,
+        {
+          value: formState.redirectUris,
+          onChange: (uris) => setFormState((s) => ({ ...s, redirectUris: uris })),
+          error: errors.redirectUris,
+          disabled: isLoading
+        }
+      ),
+      /* @__PURE__ */ jsx165(
+        OAuthScopeSelector,
+        {
+          value: formState.allowedScopes,
+          onChange: (scopes) => setFormState((s) => ({ ...s, allowedScopes: scopes })),
+          error: errors.allowedScopes,
+          disabled: isLoading
+        }
+      ),
+      /* @__PURE__ */ jsxs99("div", { className: "space-y-3", children: [
+        /* @__PURE__ */ jsx165(Label, { children: "Client Type" }),
+        /* @__PURE__ */ jsxs99(
+          RadioGroup,
+          {
+            value: formState.isConfidential ? "confidential" : "public",
+            onValueChange: (v) => setFormState((s) => ({ ...s, isConfidential: v === "confidential" })),
+            disabled: isLoading || isEditMode,
+            children: [
+              /* @__PURE__ */ jsxs99("div", { className: "flex items-start space-x-3 p-3 rounded-md border", children: [
+                /* @__PURE__ */ jsx165(RadioGroupItem, { value: "confidential", id: "confidential", className: "mt-1" }),
+                /* @__PURE__ */ jsxs99("div", { children: [
+                  /* @__PURE__ */ jsx165(Label, { htmlFor: "confidential", className: "font-medium cursor-pointer", children: "Confidential" }),
+                  /* @__PURE__ */ jsx165("p", { className: "text-sm text-muted-foreground", children: "Server-side application that can securely store the client secret." })
+                ] })
+              ] }),
+              /* @__PURE__ */ jsxs99("div", { className: "flex items-start space-x-3 p-3 rounded-md border", children: [
+                /* @__PURE__ */ jsx165(RadioGroupItem, { value: "public", id: "public", className: "mt-1" }),
+                /* @__PURE__ */ jsxs99("div", { children: [
+                  /* @__PURE__ */ jsx165(Label, { htmlFor: "public", className: "font-medium cursor-pointer", children: "Public" }),
+                  /* @__PURE__ */ jsx165("p", { className: "text-sm text-muted-foreground", children: "Mobile or desktop application. Requires PKCE for authorization." })
+                ] })
+              ] })
+            ]
+          }
+        ),
+        isEditMode && /* @__PURE__ */ jsx165("p", { className: "text-sm text-muted-foreground", children: "Client type cannot be changed after creation." })
+      ] })
+    ] }),
+    /* @__PURE__ */ jsxs99(CardFooter, { className: "flex justify-end gap-3", children: [
+      /* @__PURE__ */ jsx165(Button, { type: "button", variant: "outline", onClick: onCancel, disabled: isLoading, children: "Cancel" }),
+      /* @__PURE__ */ jsx165(Button, { type: "submit", disabled: isLoading, children: isLoading ? "Saving..." : isEditMode ? "Save Changes" : "Create Application" })
+    ] })
+  ] }) });
+}
+__name(OAuthClientForm, "OAuthClientForm");
+
+// src/features/oauth/components/OAuthClientDetail.tsx
+import { useState as useState56, useCallback as useCallback26 } from "react";
+import { format as format2 } from "date-fns";
+import { Copy as Copy2, Check as Check2, RefreshCw as RefreshCw2, Pencil as Pencil2, Trash2 as Trash23, ExternalLink } from "lucide-react";
+import { Fragment as Fragment34, jsx as jsx166, jsxs as jsxs100 } from "react/jsx-runtime";
+function OAuthClientDetail({
+  client,
+  isLoading = false,
+  onEdit,
+  onDelete,
+  onRegenerateSecret
+}) {
+  const [copiedField, setCopiedField] = useState56(null);
+  const [showDeleteConfirm, setShowDeleteConfirm] = useState56(false);
+  const [showRegenerateConfirm, setShowRegenerateConfirm] = useState56(false);
+  const [isDeleting, setIsDeleting] = useState56(false);
+  const [isRegenerating, setIsRegenerating] = useState56(false);
+  const copyToClipboard = useCallback26(async (text, field) => {
+    try {
+      await navigator.clipboard.writeText(text);
+      setCopiedField(field);
+      setTimeout(() => setCopiedField(null), 2e3);
+    } catch (err) {
+      console.error("Failed to copy:", err);
+    }
+  }, []);
+  const handleDelete = useCallback26(async () => {
+    if (!onDelete) return;
+    setIsDeleting(true);
+    try {
+      await onDelete();
+    } finally {
+      setIsDeleting(false);
+      setShowDeleteConfirm(false);
+    }
+  }, [onDelete]);
+  const handleRegenerateSecret = useCallback26(async () => {
+    if (!onRegenerateSecret) return;
+    setIsRegenerating(true);
+    try {
+      await onRegenerateSecret();
+    } finally {
+      setIsRegenerating(false);
+      setShowRegenerateConfirm(false);
+    }
+  }, [onRegenerateSecret]);
+  const createdDate = client.createdAt ? format2(new Date(client.createdAt), "MMMM d, yyyy") : "Unknown";
+  return /* @__PURE__ */ jsxs100(Fragment34, { children: [
+    /* @__PURE__ */ jsxs100(Card, { children: [
+      /* @__PURE__ */ jsx166(CardHeader, { children: /* @__PURE__ */ jsxs100("div", { className: "flex items-start justify-between", children: [
+        /* @__PURE__ */ jsxs100("div", { children: [
+          /* @__PURE__ */ jsx166(CardTitle, { className: "text-2xl", children: client.name }),
+          client.description && /* @__PURE__ */ jsx166(CardDescription, { className: "mt-1", children: client.description })
+        ] }),
+        /* @__PURE__ */ jsxs100("div", { className: "flex items-center gap-2", children: [
+          /* @__PURE__ */ jsx166(Badge, { variant: client.isActive ? "default" : "secondary", children: client.isActive ? "Active" : "Inactive" }),
+          /* @__PURE__ */ jsx166(Badge, { variant: "outline", children: client.isConfidential ? "Confidential" : "Public" })
+        ] })
+      ] }) }),
+      /* @__PURE__ */ jsxs100(CardContent, { className: "space-y-6", children: [
+        /* @__PURE__ */ jsxs100("div", { className: "space-y-2", children: [
+          /* @__PURE__ */ jsx166(Label, { children: "Client ID" }),
+          /* @__PURE__ */ jsxs100("div", { className: "flex gap-2", children: [
+            /* @__PURE__ */ jsx166(Input, { value: client.clientId, readOnly: true, className: "font-mono" }),
+            /* @__PURE__ */ jsx166(
+              Button,
+              {
+                variant: "outline",
+                size: "icon",
+                onClick: () => copyToClipboard(client.clientId, "clientId"),
+                title: "Copy Client ID",
+                children: copiedField === "clientId" ? /* @__PURE__ */ jsx166(Check2, { className: "h-4 w-4 text-green-600" }) : /* @__PURE__ */ jsx166(Copy2, { className: "h-4 w-4" })
+              }
+            )
+          ] })
+        ] }),
+        /* @__PURE__ */ jsxs100("div", { className: "space-y-2", children: [
+          /* @__PURE__ */ jsx166(Label, { children: "Client Secret" }),
+          /* @__PURE__ */ jsxs100("div", { className: "flex gap-2", children: [
+            /* @__PURE__ */ jsx166(Input, { value: "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022", readOnly: true, className: "font-mono" }),
+            onRegenerateSecret && /* @__PURE__ */ jsx166(
+              Button,
+              {
+                variant: "outline",
+                size: "icon",
+                onClick: () => setShowRegenerateConfirm(true),
+                title: "Regenerate Secret",
+                disabled: isLoading,
+                children: /* @__PURE__ */ jsx166(RefreshCw2, { className: "h-4 w-4" })
+              }
+            )
+          ] }),
+          /* @__PURE__ */ jsx166("p", { className: "text-xs text-muted-foreground", children: "Regenerating will invalidate the current secret and all existing tokens." })
+        ] }),
+        /* @__PURE__ */ jsx166(Separator, {}),
+        /* @__PURE__ */ jsxs100("div", { className: "space-y-2", children: [
+          /* @__PURE__ */ jsx166(Label, { children: "Redirect URIs" }),
+          /* @__PURE__ */ jsx166("ul", { className: "space-y-1", children: client.redirectUris.map((uri, index) => /* @__PURE__ */ jsxs100("li", { className: "flex items-center gap-2 text-sm font-mono", children: [
+            /* @__PURE__ */ jsx166(ExternalLink, { className: "h-3 w-3 text-muted-foreground" }),
+            uri
+          ] }, index)) })
+        ] }),
+        /* @__PURE__ */ jsxs100("div", { className: "space-y-2", children: [
+          /* @__PURE__ */ jsx166(Label, { children: "Allowed Scopes" }),
+          /* @__PURE__ */ jsx166("div", { className: "flex flex-wrap gap-2", children: client.allowedScopes.map((scope) => /* @__PURE__ */ jsx166(Badge, { variant: "secondary", children: OAUTH_SCOPE_DISPLAY[scope]?.name || scope }, scope)) })
+        ] }),
+        /* @__PURE__ */ jsxs100("div", { className: "space-y-2", children: [
+          /* @__PURE__ */ jsx166(Label, { children: "Grant Types" }),
+          /* @__PURE__ */ jsx166("div", { className: "flex flex-wrap gap-2", children: client.allowedGrantTypes.map((grant) => /* @__PURE__ */ jsx166(Badge, { variant: "outline", children: grant.replace(/_/g, " ") }, grant)) })
+        ] }),
+        /* @__PURE__ */ jsx166(Separator, {}),
+        /* @__PURE__ */ jsx166("div", { className: "flex flex-wrap gap-x-6 gap-y-2 text-sm text-muted-foreground", children: /* @__PURE__ */ jsxs100("span", { children: [
+          "Created: ",
+          createdDate
+        ] }) }),
+        /* @__PURE__ */ jsxs100("div", { className: "flex gap-3 pt-4", children: [
+          onEdit && /* @__PURE__ */ jsxs100(Button, { variant: "outline", onClick: onEdit, disabled: isLoading, children: [
+            /* @__PURE__ */ jsx166(Pencil2, { className: "h-4 w-4 mr-2" }),
+            "Edit"
+          ] }),
+          onDelete && /* @__PURE__ */ jsxs100(
+            Button,
+            {
+              variant: "destructive",
+              onClick: () => setShowDeleteConfirm(true),
+              disabled: isLoading,
+              children: [
+                /* @__PURE__ */ jsx166(Trash23, { className: "h-4 w-4 mr-2" }),
+                "Delete"
+              ]
+            }
+          )
+        ] })
+      ] })
+    ] }),
+    /* @__PURE__ */ jsx166(AlertDialog, { open: showDeleteConfirm, onOpenChange: setShowDeleteConfirm, children: /* @__PURE__ */ jsxs100(AlertDialogContent, { children: [
+      /* @__PURE__ */ jsxs100(AlertDialogHeader, { children: [
+        /* @__PURE__ */ jsx166(AlertDialogTitle, { children: "Delete OAuth Application?" }),
+        /* @__PURE__ */ jsxs100(AlertDialogDescription, { children: [
+          'This will permanently delete "',
+          client.name,
+          '" and revoke all access tokens. This action cannot be undone.'
+        ] })
+      ] }),
+      /* @__PURE__ */ jsxs100(AlertDialogFooter, { children: [
+        /* @__PURE__ */ jsx166(AlertDialogCancel, { disabled: isDeleting, children: "Cancel" }),
+        /* @__PURE__ */ jsx166(
+          AlertDialogAction,
+          {
+            onClick: handleDelete,
+            disabled: isDeleting,
+            className: "bg-destructive text-destructive-foreground hover:bg-destructive/90",
+            children: isDeleting ? "Deleting..." : "Delete"
+          }
+        )
+      ] })
+    ] }) }),
+    /* @__PURE__ */ jsx166(AlertDialog, { open: showRegenerateConfirm, onOpenChange: setShowRegenerateConfirm, children: /* @__PURE__ */ jsxs100(AlertDialogContent, { children: [
+      /* @__PURE__ */ jsxs100(AlertDialogHeader, { children: [
+        /* @__PURE__ */ jsx166(AlertDialogTitle, { children: "Regenerate Client Secret?" }),
+        /* @__PURE__ */ jsx166(AlertDialogDescription, { children: "This will generate a new client secret and invalidate the old one. All existing tokens will be revoked. You will need to update your application with the new secret." })
+      ] }),
+      /* @__PURE__ */ jsxs100(AlertDialogFooter, { children: [
+        /* @__PURE__ */ jsx166(AlertDialogCancel, { disabled: isRegenerating, children: "Cancel" }),
+        /* @__PURE__ */ jsx166(AlertDialogAction, { onClick: handleRegenerateSecret, disabled: isRegenerating, children: isRegenerating ? "Regenerating..." : "Regenerate" })
+      ] })
+    ] }) })
+  ] });
+}
+__name(OAuthClientDetail, "OAuthClientDetail");
+
+// src/features/oauth/components/consent/OAuthConsentHeader.tsx
+import { Shield } from "lucide-react";
+import { jsx as jsx167, jsxs as jsxs101 } from "react/jsx-runtime";
+function OAuthConsentHeader({
+  client,
+  logoUrl,
+  appName = "Only35"
+}) {
+  return /* @__PURE__ */ jsxs101("div", { className: "text-center space-y-4", children: [
+    /* @__PURE__ */ jsx167("div", { className: "flex justify-center", children: logoUrl ? /* @__PURE__ */ jsx167(
+      "img",
+      {
+        src: logoUrl,
+        alt: appName,
+        className: "h-12 w-auto"
+      }
+    ) : /* @__PURE__ */ jsx167("div", { className: "h-12 w-12 rounded-full bg-primary flex items-center justify-center", children: /* @__PURE__ */ jsx167(Shield, { className: "h-6 w-6 text-primary-foreground" }) }) }),
+    /* @__PURE__ */ jsxs101("div", { className: "space-y-2", children: [
+      /* @__PURE__ */ jsxs101("h1", { className: "text-2xl font-bold", children: [
+        "Authorize ",
+        client.name
+      ] }),
+      /* @__PURE__ */ jsxs101("p", { className: "text-muted-foreground", children: [
+        /* @__PURE__ */ jsx167("span", { className: "font-medium text-foreground", children: client.name }),
+        " ",
+        "wants to access your ",
+        appName,
+        " account"
+      ] })
+    ] })
+  ] });
+}
+__name(OAuthConsentHeader, "OAuthConsentHeader");
+
+// src/features/oauth/components/consent/OAuthScopeList.tsx
+import {
+  Eye,
+  Pencil as Pencil3,
+  Image as Image16,
+  Upload,
+  Film,
+  FolderPlus,
+  User,
+  Shield as Shield2
+} from "lucide-react";
+import { jsx as jsx168, jsxs as jsxs102 } from "react/jsx-runtime";
+var SCOPE_ICONS = {
+  eye: Eye,
+  pencil: Pencil3,
+  image: Image16,
+  upload: Upload,
+  film: Film,
+  "folder-plus": FolderPlus,
+  user: User,
+  shield: Shield2
+};
+function OAuthScopeList({ scopes }) {
+  if (scopes.length === 0) {
+    return null;
+  }
+  return /* @__PURE__ */ jsxs102("div", { className: "space-y-3", children: [
+    /* @__PURE__ */ jsx168("h2", { className: "text-sm font-medium text-muted-foreground uppercase tracking-wide", children: "This will allow the application to:" }),
+    /* @__PURE__ */ jsx168("ul", { className: "space-y-3", children: scopes.map((scope) => {
+      const IconComponent = scope.icon ? SCOPE_ICONS[scope.icon] : Eye;
+      return /* @__PURE__ */ jsxs102(
+        "li",
+        {
+          className: "flex items-start gap-3 p-3 rounded-lg bg-muted/50",
+          children: [
+            /* @__PURE__ */ jsx168("div", { className: "flex-shrink-0 mt-0.5", children: /* @__PURE__ */ jsx168("div", { className: "h-8 w-8 rounded-full bg-primary/10 flex items-center justify-center", children: IconComponent && /* @__PURE__ */ jsx168(IconComponent, { className: "h-4 w-4 text-primary" }) }) }),
+            /* @__PURE__ */ jsxs102("div", { className: "flex-1", children: [
+              /* @__PURE__ */ jsx168("p", { className: "font-medium", children: scope.name }),
+              /* @__PURE__ */ jsx168("p", { className: "text-sm text-muted-foreground", children: scope.description })
+            ] })
+          ]
+        },
+        scope.scope
+      );
+    }) })
+  ] });
+}
+__name(OAuthScopeList, "OAuthScopeList");
+
+// src/features/oauth/components/consent/OAuthConsentActions.tsx
+import { jsx as jsx169, jsxs as jsxs103 } from "react/jsx-runtime";
+function OAuthConsentActions({
+  onApprove,
+  onDeny,
+  isLoading = false
+}) {
+  return /* @__PURE__ */ jsxs103("div", { className: "flex flex-col sm:flex-row gap-3", children: [
+    /* @__PURE__ */ jsx169(
+      Button,
+      {
+        variant: "outline",
+        onClick: onDeny,
+        disabled: isLoading,
+        className: "flex-1",
+        children: "Deny"
+      }
+    ),
+    /* @__PURE__ */ jsx169(
+      Button,
+      {
+        onClick: onApprove,
+        disabled: isLoading,
+        className: "flex-1",
+        children: isLoading ? "Authorizing..." : "Authorize"
+      }
+    )
+  ] });
+}
+__name(OAuthConsentActions, "OAuthConsentActions");
+
+// src/features/oauth/components/consent/OAuthConsentScreen.tsx
+import { ExternalLink as ExternalLink2, AlertTriangle as AlertTriangle2, Loader2 as Loader22 } from "lucide-react";
+import { jsx as jsx170, jsxs as jsxs104 } from "react/jsx-runtime";
+function OAuthConsentScreen({
+  params,
+  logoUrl,
+  appName = "Only35",
+  termsUrl = "/terms",
+  privacyUrl = "/privacy"
+}) {
+  const { clientInfo, isLoading, error, approve, deny, isSubmitting } = useOAuthConsent(params);
+  if (isLoading) {
+    return /* @__PURE__ */ jsx170("div", { className: "min-h-screen flex items-center justify-center p-4", children: /* @__PURE__ */ jsx170(Card, { className: "w-full max-w-md", children: /* @__PURE__ */ jsxs104(CardContent, { className: "flex flex-col items-center justify-center py-12", children: [
+      /* @__PURE__ */ jsx170(Loader22, { className: "h-8 w-8 animate-spin text-muted-foreground" }),
+      /* @__PURE__ */ jsx170("p", { className: "mt-4 text-muted-foreground", children: "Loading authorization request..." })
+    ] }) }) });
+  }
+  if (error || !clientInfo) {
+    return /* @__PURE__ */ jsx170("div", { className: "min-h-screen flex items-center justify-center p-4", children: /* @__PURE__ */ jsx170(Card, { className: "w-full max-w-md", children: /* @__PURE__ */ jsx170(CardContent, { className: "py-8", children: /* @__PURE__ */ jsxs104(Alert, { variant: "destructive", children: [
+      /* @__PURE__ */ jsx170(AlertTriangle2, { className: "h-4 w-4" }),
+      /* @__PURE__ */ jsx170(AlertDescription, { children: error?.message || "Invalid authorization request. Please try again." })
+    ] }) }) }) });
+  }
+  const { client, scopes } = clientInfo;
+  return /* @__PURE__ */ jsx170("div", { className: "min-h-screen flex items-center justify-center p-4 bg-muted/30", children: /* @__PURE__ */ jsxs104(Card, { className: "w-full max-w-md", children: [
+    /* @__PURE__ */ jsxs104(CardContent, { className: "pt-6 space-y-6", children: [
+      /* @__PURE__ */ jsx170(
+        OAuthConsentHeader,
+        {
+          client,
+          logoUrl,
+          appName
+        }
+      ),
+      /* @__PURE__ */ jsx170(Separator, {}),
+      /* @__PURE__ */ jsx170(OAuthScopeList, { scopes }),
+      /* @__PURE__ */ jsx170(Separator, {}),
+      /* @__PURE__ */ jsxs104("div", { className: "flex items-start gap-2 text-sm text-muted-foreground", children: [
+        /* @__PURE__ */ jsx170(ExternalLink2, { className: "h-4 w-4 mt-0.5 flex-shrink-0" }),
+        /* @__PURE__ */ jsxs104("div", { children: [
+          /* @__PURE__ */ jsx170("span", { children: "Authorizing will redirect you to:" }),
+          /* @__PURE__ */ jsx170("p", { className: "font-mono text-xs mt-1 break-all", children: params.redirectUri })
+        ] })
+      ] }),
+      /* @__PURE__ */ jsx170(
+        OAuthConsentActions,
+        {
+          onApprove: approve,
+          onDeny: deny,
+          isLoading: isSubmitting
+        }
+      )
+    ] }),
+    /* @__PURE__ */ jsx170(CardFooter, { className: "justify-center", children: /* @__PURE__ */ jsxs104("p", { className: "text-xs text-center text-muted-foreground", children: [
+      "By authorizing, you agree to the app's",
+      " ",
+      /* @__PURE__ */ jsx170("a", { href: termsUrl, className: "underline hover:text-foreground", target: "_blank", rel: "noopener", children: "Terms of Service" }),
+      " ",
+      "and",
+      " ",
+      /* @__PURE__ */ jsx170("a", { href: privacyUrl, className: "underline hover:text-foreground", target: "_blank", rel: "noopener", children: "Privacy Policy" }),
+      "."
+    ] }) })
+  ] }) });
+}
+__name(OAuthConsentScreen, "OAuthConsentScreen");
+
 export {
   JsonApiProvider,
   useJsonApiGet,
@@ -13650,6 +14829,18 @@ export {
   useRoleTableStructure,
   RolesList,
   UserRolesList,
+  OAuthRedirectUriInput,
+  OAuthScopeSelector,
+  OAuthClientSecretDisplay,
+  OAuthClientCard,
+  OAuthClientList,
+  OAuthClientForm,
+  OAuthClientDetail,
+  OAuthConsentHeader,
+  OAuthScopeList,
+  OAuthConsentActions,
+  useOAuthConsent,
+  OAuthConsentScreen,
   AddUserToRole,
   UserAvatarEditor,
   UserDeleter,
@@ -13672,6 +14863,8 @@ export {
   useSocket,
   useUserSearch,
   useUserTableStructure,
-  useContentTableStructure
+  useContentTableStructure,
+  useOAuthClients,
+  useOAuthClient
 };
-//# sourceMappingURL=chunk-H5JZ5E7M.mjs.map
+//# sourceMappingURL=chunk-6BDOZDZ3.mjs.map