@cedros/login-react 0.0.12 → 0.0.14

package/dist/AuthenticationSettings-DtLoxQ2z.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthenticationSettings-DtLoxQ2z.cjs","sources":["../src/hooks/useSsoProviders.ts","../src/components/admin/settings/SsoProvidersSettings.tsx","../src/components/admin/settings/AuthenticationSettings.tsx"],"sourcesContent":["/**\n * Hook for managing SSO providers (admin)\n */\nimport { useState, useCallback, useRef } from 'react';\nimport { useCedrosLogin } from '../context/useCedrosLogin';\n\nexport interface SsoProvider {\n  id: string;\n  orgId: string;\n  name: string;\n  issuerUrl: string;\n  clientId: string;\n  scopes: string[];\n  enabled: boolean;\n  allowRegistration: boolean;\n  emailDomain: string | null;\n  createdAt: string;\n  updatedAt: string;\n}\n\nexport interface CreateSsoProviderInput {\n  orgId: string;\n  name: string;\n  issuerUrl: string;\n  clientId: string;\n  clientSecret: string;\n  scopes?: string[];\n  enabled?: boolean;\n  allowRegistration?: boolean;\n  emailDomain?: string | null;\n}\n\nexport interface UpdateSsoProviderInput {\n  name?: string;\n  issuerUrl?: string;\n  clientId?: string;\n  clientSecret?: string;\n  scopes?: string[];\n  enabled?: boolean;\n  allowRegistration?: boolean;\n  emailDomain?: string | null;\n}\n\ninterface ListResponse {\n  providers: SsoProvider[];\n  total: number;\n  limit: number;\n  offset: number;\n}\n\nexport function useSsoProviders() {\n  const { config, _internal } = useCedrosLogin();\n  const serverUrl = config.serverUrl;\n\n  // PERF-03: Stabilize getAccessToken reference using ref pattern\n  // to prevent unnecessary re-creation of callbacks\n  const getAccessTokenRef = useRef(_internal?.getAccessToken ?? (() => null));\n  getAccessTokenRef.current = _internal?.getAccessToken ?? (() => null);\n\n  const [providers, setProviders] = useState<SsoProvider[]>([]);\n  const [total, setTotal] = useState(0);\n  const [isLoading, setIsLoading] = useState(false);\n  const [error, setError] = useState<Error | null>(null);\n\n  // Memoize getHeaders with empty deps since it uses ref\n  const getHeaders = useCallback(() => {\n    const token = getAccessTokenRef.current();\n    return {\n      'Content-Type': 'application/json',\n      ...(token ? { Authorization: `Bearer ${token}` } : {}),\n    };\n  }, []);\n\n  const fetchProviders = useCallback(\n    async (orgId?: string, limit = 50, offset = 0) => {\n      setIsLoading(true);\n      setError(null);\n      try {\n        const params = new URLSearchParams();\n        if (orgId) params.set('org_id', orgId);\n        params.set('limit', String(limit));\n        params.set('offset', String(offset));\n\n        const res = await fetch(`${serverUrl}/admin/sso-providers?${params}`, {\n          headers: getHeaders(),\n        });\n\n        if (!res.ok) {\n          const err = await res.json().catch(() => ({}));\n          throw new Error(err.error || `Failed to fetch SSO providers: ${res.status}`);\n        }\n\n        const data: ListResponse = await res.json();\n        setProviders(data.providers);\n        setTotal(data.total);\n        return data;\n      } catch (err) {\n        const error = err instanceof Error ? err : new Error(String(err));\n        setError(error);\n        throw error;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [serverUrl, getHeaders]\n  );\n\n  const createProvider = useCallback(\n    async (input: CreateSsoProviderInput): Promise<SsoProvider> => {\n      setIsLoading(true);\n      setError(null);\n      try {\n        const res = await fetch(`${serverUrl}/admin/sso-providers`, {\n          method: 'POST',\n          headers: getHeaders(),\n          body: JSON.stringify(input),\n        });\n\n        if (!res.ok) {\n          const err = await res.json().catch(() => ({}));\n          throw new Error(err.error || `Failed to create SSO provider: ${res.status}`);\n        }\n\n        const provider: SsoProvider = await res.json();\n        setProviders((prev) => [...prev, provider]);\n        setTotal((prev) => prev + 1);\n        return provider;\n      } catch (err) {\n        const error = err instanceof Error ? err : new Error(String(err));\n        setError(error);\n        throw error;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [serverUrl, getHeaders]\n  );\n\n  const updateProvider = useCallback(\n    async (id: string, input: UpdateSsoProviderInput): Promise<SsoProvider> => {\n      setIsLoading(true);\n      setError(null);\n      try {\n        const res = await fetch(`${serverUrl}/admin/sso-providers/${id}`, {\n          method: 'PUT',\n          headers: getHeaders(),\n          body: JSON.stringify(input),\n        });\n\n        if (!res.ok) {\n          const err = await res.json().catch(() => ({}));\n          throw new Error(err.error || `Failed to update SSO provider: ${res.status}`);\n        }\n\n        const provider: SsoProvider = await res.json();\n        setProviders((prev) => prev.map((p) => (p.id === id ? provider : p)));\n        return provider;\n      } catch (err) {\n        const error = err instanceof Error ? err : new Error(String(err));\n        setError(error);\n        throw error;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [serverUrl, getHeaders]\n  );\n\n  const deleteProvider = useCallback(\n    async (id: string): Promise<void> => {\n      setIsLoading(true);\n      setError(null);\n      try {\n        const res = await fetch(`${serverUrl}/admin/sso-providers/${id}`, {\n          method: 'DELETE',\n          headers: getHeaders(),\n        });\n\n        if (!res.ok) {\n          const err = await res.json().catch(() => ({}));\n          throw new Error(err.error || `Failed to delete SSO provider: ${res.status}`);\n        }\n\n        setProviders((prev) => prev.filter((p) => p.id !== id));\n        setTotal((prev) => prev - 1);\n      } catch (err) {\n        const error = err instanceof Error ? err : new Error(String(err));\n        setError(error);\n        throw error;\n      } finally {\n        setIsLoading(false);\n      }\n    },\n    [serverUrl, getHeaders]\n  );\n\n  const toggleProvider = useCallback(\n    async (id: string, enabled: boolean): Promise<SsoProvider> => {\n      return updateProvider(id, { enabled });\n    },\n    [updateProvider]\n  );\n\n  return {\n    providers,\n    total,\n    isLoading,\n    error,\n    fetchProviders,\n    createProvider,\n    updateProvider,\n    deleteProvider,\n    toggleProvider,\n  };\n}\n","/**\n * SSO Providers settings - manage OIDC identity providers\n */\nimport { useState, useEffect, useCallback } from 'react';\nimport { LoadingSpinner } from '../../shared/LoadingSpinner';\nimport { ErrorMessage } from '../../shared/ErrorMessage';\nimport {\n  useSsoProviders,\n  type SsoProvider,\n  type CreateSsoProviderInput,\n  type UpdateSsoProviderInput,\n} from '../../../hooks/useSsoProviders';\nimport { useOrgs } from '../../../hooks/useOrgs';\n\nexport interface SsoProvidersSettingsProps {\n  className?: string;\n}\n\ntype ViewMode = 'list' | 'add' | 'edit';\n\nexport function SsoProvidersSettings({ className }: SsoProvidersSettingsProps) {\n  const {\n    providers,\n    isLoading,\n    error,\n    fetchProviders,\n    createProvider,\n    updateProvider,\n    deleteProvider,\n    toggleProvider,\n  } = useSsoProviders();\n\n  const { activeOrg } = useOrgs();\n  const [viewMode, setViewMode] = useState<ViewMode>('list');\n  const [editingProvider, setEditingProvider] = useState<SsoProvider | null>(null);\n  const [formError, setFormError] = useState<string | null>(null);\n\n  useEffect(() => {\n    fetchProviders(activeOrg?.id);\n  }, [fetchProviders, activeOrg?.id]);\n\n  const handleAdd = () => {\n    setEditingProvider(null);\n    setFormError(null);\n    setViewMode('add');\n  };\n\n  const handleEdit = (provider: SsoProvider) => {\n    setEditingProvider(provider);\n    setFormError(null);\n    setViewMode('edit');\n  };\n\n  const handleCancel = () => {\n    setViewMode('list');\n    setEditingProvider(null);\n    setFormError(null);\n  };\n\n  const handleDelete = async (provider: SsoProvider) => {\n    if (!confirm(`Delete SSO provider \"${provider.name}\"? This cannot be undone.`)) {\n      return;\n    }\n    try {\n      await deleteProvider(provider.id);\n    } catch {\n      // Error is already set in hook\n    }\n  };\n\n  const handleToggle = async (provider: SsoProvider) => {\n    try {\n      await toggleProvider(provider.id, !provider.enabled);\n    } catch {\n      // Error is already set in hook\n    }\n  };\n\n  const handleSave = async (data: CreateSsoProviderInput | UpdateSsoProviderInput) => {\n    setFormError(null);\n    try {\n      if (viewMode === 'add') {\n        await createProvider(data as CreateSsoProviderInput);\n      } else if (editingProvider) {\n        await updateProvider(editingProvider.id, data as UpdateSsoProviderInput);\n      }\n      setViewMode('list');\n      setEditingProvider(null);\n    } catch (err) {\n      setFormError(err instanceof Error ? err.message : 'Failed to save provider');\n    }\n  };\n\n  if (isLoading && providers.length === 0) {\n    return (\n      <div className={`cedros-system-settings cedros-system-settings-loading ${className ?? ''}`}>\n        <LoadingSpinner />\n        <span>Loading SSO providers...</span>\n      </div>\n    );\n  }\n\n  if (viewMode === 'add' || viewMode === 'edit') {\n    return (\n      <div className={`cedros-system-settings ${className ?? ''}`}>\n        <SsoProviderForm\n          provider={editingProvider}\n          orgId={activeOrg?.id}\n          error={formError}\n          isLoading={isLoading}\n          onSave={handleSave}\n          onCancel={handleCancel}\n        />\n      </div>\n    );\n  }\n\n  return (\n    <div className={`cedros-system-settings ${className ?? ''}`}>\n      <div className=\"cedros-settings-page-header\">\n        <div className=\"cedros-settings-page-header-content\">\n          <h2 className=\"cedros-settings-page-title\">SSO Providers</h2>\n          <p className=\"cedros-settings-page-description\">\n            Configure OIDC identity providers for enterprise single sign-on.\n          </p>\n        </div>\n        <button type=\"button\" className=\"cedros-btn cedros-btn-primary\" onClick={handleAdd}>\n          Add Provider\n        </button>\n      </div>\n\n      {error && <ErrorMessage error={error.message} />}\n\n      {providers.length === 0 ? (\n        <div className=\"cedros-system-settings-empty\">\n          <p>No SSO providers configured.</p>\n          <p className=\"cedros-text-muted\">\n            Add an OIDC provider like Okta, Azure AD, or Auth0 to enable enterprise SSO.\n          </p>\n        </div>\n      ) : (\n        <div className=\"cedros-sso-provider-list\">\n          {providers.map((provider) => (\n            <SsoProviderCard\n              key={provider.id}\n              provider={provider}\n              onEdit={() => handleEdit(provider)}\n              onDelete={() => handleDelete(provider)}\n              onToggle={() => handleToggle(provider)}\n            />\n          ))}\n        </div>\n      )}\n    </div>\n  );\n}\n\n// =============================================================================\n// Provider Card\n// =============================================================================\n\ninterface SsoProviderCardProps {\n  provider: SsoProvider;\n  onEdit: () => void;\n  onDelete: () => void;\n  onToggle: () => void;\n}\n\nfunction SsoProviderCard({ provider, onEdit, onDelete, onToggle }: SsoProviderCardProps) {\n  return (\n    <div\n      className={`cedros-sso-provider-card ${provider.enabled ? '' : 'cedros-sso-provider-card--disabled'}`}\n    >\n      <div className=\"cedros-sso-provider-card-header\">\n        <div className=\"cedros-sso-provider-card-info\">\n          <h3 className=\"cedros-sso-provider-card-name\">{provider.name}</h3>\n          <p className=\"cedros-sso-provider-card-issuer\">{provider.issuerUrl}</p>\n        </div>\n        <button\n          type=\"button\"\n          role=\"switch\"\n          aria-checked={provider.enabled}\n          className={`cedros-toggle ${provider.enabled ? 'cedros-toggle-on' : 'cedros-toggle-off'}`}\n          onClick={onToggle}\n        >\n          <span className=\"cedros-toggle-track\">\n            <span className=\"cedros-toggle-thumb\" />\n          </span>\n          <span className=\"cedros-toggle-label\">{provider.enabled ? 'Enabled' : 'Disabled'}</span>\n        </button>\n      </div>\n\n      <div className=\"cedros-sso-provider-card-details\">\n        <div className=\"cedros-sso-provider-card-detail\">\n          <span className=\"cedros-sso-provider-card-detail-label\">Client ID</span>\n          <code className=\"cedros-sso-provider-card-detail-value\">{provider.clientId}</code>\n        </div>\n        {provider.emailDomain && (\n          <div className=\"cedros-sso-provider-card-detail\">\n            <span className=\"cedros-sso-provider-card-detail-label\">Email Domain</span>\n            <span className=\"cedros-sso-provider-card-detail-value\">@{provider.emailDomain}</span>\n          </div>\n        )}\n        <div className=\"cedros-sso-provider-card-detail\">\n          <span className=\"cedros-sso-provider-card-detail-label\">Registration</span>\n          <span className=\"cedros-sso-provider-card-detail-value\">\n            {provider.allowRegistration ? 'Allowed' : 'Existing users only'}\n          </span>\n        </div>\n      </div>\n\n      <div className=\"cedros-sso-provider-card-actions\">\n        <button type=\"button\" className=\"cedros-btn cedros-btn-ghost\" onClick={onEdit}>\n          Edit\n        </button>\n        <button\n          type=\"button\"\n          className=\"cedros-btn cedros-btn-ghost cedros-btn-danger\"\n          onClick={onDelete}\n        >\n          Delete\n        </button>\n      </div>\n    </div>\n  );\n}\n\n// =============================================================================\n// Provider Form\n// =============================================================================\n\ninterface SsoProviderFormProps {\n  provider: SsoProvider | null;\n  orgId?: string;\n  error: string | null;\n  isLoading: boolean;\n  onSave: (data: CreateSsoProviderInput | UpdateSsoProviderInput) => void;\n  onCancel: () => void;\n}\n\nfunction SsoProviderForm({\n  provider,\n  orgId,\n  error,\n  isLoading,\n  onSave,\n  onCancel,\n}: SsoProviderFormProps) {\n  const isEditing = Boolean(provider);\n\n  const [name, setName] = useState(provider?.name ?? '');\n  const [issuerUrl, setIssuerUrl] = useState(provider?.issuerUrl ?? '');\n  const [clientId, setClientId] = useState(provider?.clientId ?? '');\n  const [clientSecret, setClientSecret] = useState('');\n  const [emailDomain, setEmailDomain] = useState(provider?.emailDomain ?? '');\n  const [allowRegistration, setAllowRegistration] = useState(provider?.allowRegistration ?? true);\n  const [enabled, setEnabled] = useState(provider?.enabled ?? true);\n\n  const handleSubmit = useCallback(\n    (e: React.FormEvent) => {\n      e.preventDefault();\n\n      if (isEditing) {\n        const updates: UpdateSsoProviderInput = {\n          name,\n          issuerUrl,\n          clientId,\n          emailDomain: emailDomain || null,\n          allowRegistration,\n          enabled,\n        };\n        // Only include secret if changed\n        if (clientSecret) {\n          updates.clientSecret = clientSecret;\n        }\n        onSave(updates);\n      } else {\n        if (!orgId) {\n          return;\n        }\n        const data: CreateSsoProviderInput = {\n          orgId,\n          name,\n          issuerUrl,\n          clientId,\n          clientSecret,\n          emailDomain: emailDomain || null,\n          allowRegistration,\n          enabled,\n        };\n        onSave(data);\n      }\n    },\n    [\n      isEditing,\n      orgId,\n      name,\n      issuerUrl,\n      clientId,\n      clientSecret,\n      emailDomain,\n      allowRegistration,\n      enabled,\n      onSave,\n    ]\n  );\n\n  return (\n    <form className=\"cedros-sso-provider-form\" onSubmit={handleSubmit}>\n      <div className=\"cedros-settings-page-header\">\n        <div className=\"cedros-settings-page-header-content\">\n          <h2 className=\"cedros-settings-page-title\">\n            {isEditing ? 'Edit SSO Provider' : 'Add SSO Provider'}\n          </h2>\n          <p className=\"cedros-settings-page-description\">\n            Configure an OIDC identity provider for enterprise single sign-on.\n          </p>\n        </div>\n      </div>\n\n      {error && <ErrorMessage error={error} />}\n\n      <div className=\"cedros-form-section\">\n        <div className=\"cedros-form-group\">\n          <label className=\"cedros-form-label\" htmlFor=\"sso-name\">\n            Provider Name\n          </label>\n          <input\n            id=\"sso-name\"\n            type=\"text\"\n            className=\"cedros-form-input\"\n            value={name}\n            onChange={(e) => setName(e.target.value)}\n            placeholder=\"e.g., Okta, Azure AD\"\n            required\n          />\n        </div>\n\n        <div className=\"cedros-form-group\">\n          <label className=\"cedros-form-label\" htmlFor=\"sso-issuer\">\n            Issuer URL\n          </label>\n          <input\n            id=\"sso-issuer\"\n            type=\"url\"\n            className=\"cedros-form-input\"\n            value={issuerUrl}\n            onChange={(e) => setIssuerUrl(e.target.value)}\n            placeholder=\"https://your-org.okta.com\"\n            required\n          />\n          <p className=\"cedros-form-hint\">\n            The OIDC issuer URL. Must support discovery at /.well-known/openid-configuration\n          </p>\n        </div>\n\n        <div className=\"cedros-form-group\">\n          <label className=\"cedros-form-label\" htmlFor=\"sso-client-id\">\n            Client ID\n          </label>\n          <input\n            id=\"sso-client-id\"\n            type=\"text\"\n            className=\"cedros-form-input\"\n            value={clientId}\n            onChange={(e) => setClientId(e.target.value)}\n            placeholder=\"OAuth client ID\"\n            required\n          />\n        </div>\n\n        <div className=\"cedros-form-group\">\n          <label className=\"cedros-form-label\" htmlFor=\"sso-client-secret\">\n            Client Secret{' '}\n            {isEditing && (\n              <span className=\"cedros-form-hint-inline\">(leave blank to keep current)</span>\n            )}\n          </label>\n          <input\n            id=\"sso-client-secret\"\n            type=\"password\"\n            className=\"cedros-form-input\"\n            value={clientSecret}\n            onChange={(e) => setClientSecret(e.target.value)}\n            placeholder={isEditing ? '••••••••' : 'OAuth client secret'}\n            required={!isEditing}\n          />\n        </div>\n\n        <div className=\"cedros-form-group\">\n          <label className=\"cedros-form-label\" htmlFor=\"sso-email-domain\">\n            Email Domain (optional)\n          </label>\n          <input\n            id=\"sso-email-domain\"\n            type=\"text\"\n            className=\"cedros-form-input\"\n            value={emailDomain}\n            onChange={(e) => setEmailDomain(e.target.value)}\n            placeholder=\"company.com\"\n          />\n          <p className=\"cedros-form-hint\">Restrict to users with emails from this domain</p>\n        </div>\n\n        <div className=\"cedros-form-group\">\n          <label className=\"cedros-form-checkbox\">\n            <input\n              type=\"checkbox\"\n              checked={allowRegistration}\n              onChange={(e) => setAllowRegistration(e.target.checked)}\n            />\n            <span>Allow new user registration via SSO</span>\n          </label>\n        </div>\n\n        <div className=\"cedros-form-group\">\n          <label className=\"cedros-form-checkbox\">\n            <input\n              type=\"checkbox\"\n              checked={enabled}\n              onChange={(e) => setEnabled(e.target.checked)}\n            />\n            <span>Enable this provider</span>\n          </label>\n        </div>\n      </div>\n\n      <div className=\"cedros-form-actions\">\n        <button\n          type=\"button\"\n          className=\"cedros-btn cedros-btn-ghost\"\n          onClick={onCancel}\n          disabled={isLoading}\n        >\n          Cancel\n        </button>\n        <button type=\"submit\" className=\"cedros-btn cedros-btn-primary\" disabled={isLoading}>\n          {isLoading ? 'Saving...' : isEditing ? 'Save Changes' : 'Add Provider'}\n        </button>\n      </div>\n    </form>\n  );\n}\n","/**\n * Authentication settings page - configure auth providers with tabs\n */\nimport { useState, useEffect, useMemo } from 'react';\nimport { LoadingSpinner } from '../../shared/LoadingSpinner';\nimport { ErrorMessage } from '../../shared/ErrorMessage';\nimport { useSettingsAutosave } from '../../../hooks/useSettingsAutosave';\nimport { SettingsSection } from './settingsInputs';\nimport { AutosaveStatus } from './AutosaveStatus';\nimport { SsoProvidersSettings } from './SsoProvidersSettings';\n\ntype AuthTab = 'email' | 'google' | 'apple' | 'solana' | 'passkeys' | 'instantlink' | 'sso';\n\ninterface TabConfig {\n  id: AuthTab;\n  label: string;\n  /** Categories to pull settings from (not used for 'sso' tab) */\n  categories: string[];\n  /** Optional list of specific keys to show (if omitted, show all in categories) */\n  keys?: string[];\n  /** If true, renders a custom component instead of settings section */\n  isCustom?: boolean;\n}\n\nconst TABS: TabConfig[] = [\n  { id: 'email', label: 'Email', categories: ['auth.email'],\n    keys: ['auth_email_enabled', 'auth_email_require_verification', 'auth_email_block_disposable'] },\n  { id: 'google', label: 'Google', categories: ['auth.google'],\n    keys: ['auth_google_enabled', 'auth_google_client_id', 'auth_google_client_secret'] },\n  { id: 'apple', label: 'Apple', categories: ['auth.apple'],\n    keys: ['auth_apple_enabled', 'auth_apple_client_id', 'auth_apple_team_id', 'auth_apple_key_id', 'auth_apple_private_key'] },\n  { id: 'solana', label: 'Solana', categories: ['auth.solana'],\n    keys: ['auth_solana_enabled', 'auth_solana_challenge_expiry'] },\n  { id: 'passkeys', label: 'Passkeys', categories: ['auth.webauthn'],\n    keys: ['auth_webauthn_enabled', 'auth_webauthn_rp_id', 'auth_webauthn_rp_name', 'auth_webauthn_rp_origin'] },\n  { id: 'instantlink', label: 'Instant Link', categories: ['auth.instantlink'],\n    keys: ['auth_instantlink_enabled', 'auth_instantlink_expiry', 'auth_instantlink_rate_limit'] },\n  { id: 'sso', label: 'SSO Providers', categories: [], isCustom: true },\n];\n\nexport interface AuthenticationSettingsProps {\n  className?: string;\n}\n\nexport function AuthenticationSettings({ className }: AuthenticationSettingsProps) {\n  const {\n    settings,\n    edits,\n    isLoading,\n    autosaveStatus,\n    autosaveError,\n    error,\n    fetchSettings,\n    handleChange,\n  } = useSettingsAutosave();\n\n  const [activeTab, setActiveTab] = useState<AuthTab>('email');\n\n  useEffect(() => {\n    fetchSettings();\n  }, [fetchSettings]);\n\n  // Get current tab config\n  const currentTab = TABS.find((t) => t.id === activeTab);\n\n  // Collect settings from all categories for the current tab\n  const allTabSettings = useMemo(() => {\n    if (!currentTab) return [];\n    const allSettings: (typeof settings)[string] = [];\n    for (const category of currentTab.categories) {\n      const categorySettings = settings[category] ?? [];\n      allSettings.push(...categorySettings);\n    }\n    return allSettings;\n  }, [settings, currentTab]);\n\n  const currentSettings = useMemo(() => {\n    if (!currentTab?.keys) return allTabSettings;\n    // Filter and sort by keys order\n    return allTabSettings\n      .filter((s) => currentTab.keys!.includes(s.key))\n      .sort((a, b) => currentTab.keys!.indexOf(a.key) - currentTab.keys!.indexOf(b.key));\n  }, [allTabSettings, currentTab]);\n\n  if (isLoading && Object.keys(settings).length === 0) {\n    return (\n      <div className={`cedros-system-settings cedros-system-settings-loading ${className ?? ''}`}>\n        <LoadingSpinner />\n        <span>Loading settings...</span>\n      </div>\n    );\n  }\n\n  if (error) {\n    return (\n      <div className={`cedros-system-settings ${className ?? ''}`}>\n        <ErrorMessage error={error.message} />\n      </div>\n    );\n  }\n\n  return (\n    <div className={`cedros-system-settings ${className ?? ''}`}>\n      <div className=\"cedros-settings-page-header\">\n        <div className=\"cedros-settings-page-header-content\">\n          <h2 className=\"cedros-settings-page-title\">Authentication</h2>\n          <p className=\"cedros-settings-page-description\">\n            Configure authentication providers and methods for user sign-in.\n          </p>\n        </div>\n        <AutosaveStatus status={autosaveStatus} error={autosaveError} />\n      </div>\n\n      {/* Tabs */}\n      <div className=\"cedros-admin-tabs cedros-admin-tabs--line\">\n        {TABS.map((tab) => (\n          <button\n            key={tab.id}\n            type=\"button\"\n            className={`cedros-admin-tab ${activeTab === tab.id ? 'cedros-admin-tab-active' : ''}`}\n            onClick={() => setActiveTab(tab.id)}\n            aria-selected={activeTab === tab.id}\n            role=\"tab\"\n          >\n            {tab.label}\n          </button>\n        ))}\n      </div>\n\n      {/* Tab content */}\n      <div className=\"cedros-admin-tab-content\" role=\"tabpanel\">\n        {currentTab?.isCustom ? (\n          <SsoProvidersSettings />\n        ) : currentSettings.length === 0 ? (\n          <div className=\"cedros-system-settings-empty\">\n            <p>No settings found for {currentTab?.label ?? 'this provider'}.</p>\n          </div>\n        ) : (\n          <SettingsSection settings={currentSettings} edits={edits} onChange={handleChange} />\n        )}\n      </div>\n    </div>\n  );\n}\n"],"names":["useSsoProviders","config","_internal","useCedrosLogin","serverUrl","getAccessTokenRef","useRef","providers","setProviders","useState","total","setTotal","isLoading","setIsLoading","error","setError","getHeaders","useCallback","token","fetchProviders","orgId","limit","offset","params","res","err","data","createProvider","input","provider","prev","updateProvider","id","p","deleteProvider","toggleProvider","enabled","SsoProvidersSettings","className","activeOrg","useOrgs","viewMode","setViewMode","editingProvider","setEditingProvider","formError","setFormError","useEffect","handleAdd","handleEdit","handleCancel","handleDelete","handleToggle","handleSave","jsx","LoadingSpinner","SsoProviderForm","jsxs","ErrorMessage","SsoProviderCard","onEdit","onDelete","onToggle","onSave","onCancel","isEditing","name","setName","issuerUrl","setIssuerUrl","clientId","setClientId","clientSecret","setClientSecret","emailDomain","setEmailDomain","allowRegistration","setAllowRegistration","setEnabled","handleSubmit","e","updates","TABS","AuthenticationSettings","settings","edits","autosaveStatus","autosaveError","fetchSettings","handleChange","useSettingsAutosave","activeTab","setActiveTab","currentTab","t","allTabSettings","useMemo","allSettings","category","categorySettings","currentSettings","s","a","b","AutosaveStatus","tab","SettingsSection"],"mappings":"mRAkDO,SAASA,GAAkB,CAChC,KAAM,CAAE,OAAAC,EAAQ,UAAAC,CAAA,EAAcC,iBAAA,EACxBC,EAAYH,EAAO,UAInBI,EAAoBC,EAAAA,OAAOJ,GAAW,iBAAmB,IAAM,KAAK,EAC1EG,EAAkB,QAAUH,GAAW,iBAAmB,IAAM,MAEhE,KAAM,CAACK,EAAWC,CAAY,EAAIC,EAAAA,SAAwB,CAAA,CAAE,EACtD,CAACC,EAAOC,CAAQ,EAAIF,EAAAA,SAAS,CAAC,EAC9B,CAACG,EAAWC,CAAY,EAAIJ,EAAAA,SAAS,EAAK,EAC1C,CAACK,EAAOC,CAAQ,EAAIN,EAAAA,SAAuB,IAAI,EAG/CO,EAAaC,EAAAA,YAAY,IAAM,CACnC,MAAMC,EAAQb,EAAkB,QAAA,EAChC,MAAO,CACL,eAAgB,mBAChB,GAAIa,EAAQ,CAAE,cAAe,UAAUA,CAAK,IAAO,CAAA,CAAC,CAExD,EAAG,CAAA,CAAE,EAECC,EAAiBF,EAAAA,YACrB,MAAOG,EAAgBC,EAAQ,GAAIC,EAAS,IAAM,CAChDT,EAAa,EAAI,EACjBE,EAAS,IAAI,EACb,GAAI,CACF,MAAMQ,EAAS,IAAI,gBACfH,GAAOG,EAAO,IAAI,SAAUH,CAAK,EACrCG,EAAO,IAAI,QAAS,OAAOF,CAAK,CAAC,EACjCE,EAAO,IAAI,SAAU,OAAOD,CAAM,CAAC,EAEnC,MAAME,EAAM,MAAM,MAAM,GAAGpB,CAAS,wBAAwBmB,CAAM,GAAI,CACpE,QAASP,EAAA,CAAW,CACrB,EAED,GAAI,CAACQ,EAAI,GAAI,CACX,MAAMC,EAAM,MAAMD,EAAI,KAAA,EAAO,MAAM,KAAO,CAAA,EAAG,EAC7C,MAAM,IAAI,MAAMC,EAAI,OAAS,kCAAkCD,EAAI,MAAM,EAAE,CAC7E,CAEA,MAAME,EAAqB,MAAMF,EAAI,KAAA,EACrC,OAAAhB,EAAakB,EAAK,SAAS,EAC3Bf,EAASe,EAAK,KAAK,EACZA,CACT,OAASD,EAAK,CACZ,MAAMX,EAAQW,aAAe,MAAQA,EAAM,IAAI,MAAM,OAAOA,CAAG,CAAC,EAChE,MAAAV,EAASD,CAAK,EACRA,CACR,QAAA,CACED,EAAa,EAAK,CACpB,CACF,EACA,CAACT,EAAWY,CAAU,CAAA,EAGlBW,EAAiBV,EAAAA,YACrB,MAAOW,GAAwD,CAC7Df,EAAa,EAAI,EACjBE,EAAS,IAAI,EACb,GAAI,CACF,MAAMS,EAAM,MAAM,MAAM,GAAGpB,CAAS,uBAAwB,CAC1D,OAAQ,OACR,QAASY,EAAA,EACT,KAAM,KAAK,UAAUY,CAAK,CAAA,CAC3B,EAED,GAAI,CAACJ,EAAI,GAAI,CACX,MAAMC,EAAM,MAAMD,EAAI,KAAA,EAAO,MAAM,KAAO,CAAA,EAAG,EAC7C,MAAM,IAAI,MAAMC,EAAI,OAAS,kCAAkCD,EAAI,MAAM,EAAE,CAC7E,CAEA,MAAMK,EAAwB,MAAML,EAAI,KAAA,EACxC,OAAAhB,EAAcsB,GAAS,CAAC,GAAGA,EAAMD,CAAQ,CAAC,EAC1ClB,EAAUmB,GAASA,EAAO,CAAC,EACpBD,CACT,OAASJ,EAAK,CACZ,MAAMX,EAAQW,aAAe,MAAQA,EAAM,IAAI,MAAM,OAAOA,CAAG,CAAC,EAChE,MAAAV,EAASD,CAAK,EACRA,CACR,QAAA,CACED,EAAa,EAAK,CACpB,CACF,EACA,CAACT,EAAWY,CAAU,CAAA,EAGlBe,EAAiBd,EAAAA,YACrB,MAAOe,EAAYJ,IAAwD,CACzEf,EAAa,EAAI,EACjBE,EAAS,IAAI,EACb,GAAI,CACF,MAAMS,EAAM,MAAM,MAAM,GAAGpB,CAAS,wBAAwB4B,CAAE,GAAI,CAChE,OAAQ,MACR,QAAShB,EAAA,EACT,KAAM,KAAK,UAAUY,CAAK,CAAA,CAC3B,EAED,GAAI,CAACJ,EAAI,GAAI,CACX,MAAMC,EAAM,MAAMD,EAAI,KAAA,EAAO,MAAM,KAAO,CAAA,EAAG,EAC7C,MAAM,IAAI,MAAMC,EAAI,OAAS,kCAAkCD,EAAI,MAAM,EAAE,CAC7E,CAEA,MAAMK,EAAwB,MAAML,EAAI,KAAA,EACxC,OAAAhB,EAAcsB,GAASA,EAAK,IAAKG,GAAOA,EAAE,KAAOD,EAAKH,EAAWI,CAAE,CAAC,EAC7DJ,CACT,OAASJ,EAAK,CACZ,MAAMX,EAAQW,aAAe,MAAQA,EAAM,IAAI,MAAM,OAAOA,CAAG,CAAC,EAChE,MAAAV,EAASD,CAAK,EACRA,CACR,QAAA,CACED,EAAa,EAAK,CACpB,CACF,EACA,CAACT,EAAWY,CAAU,CAAA,EAGlBkB,EAAiBjB,EAAAA,YACrB,MAAOe,GAA8B,CACnCnB,EAAa,EAAI,EACjBE,EAAS,IAAI,EACb,GAAI,CACF,MAAMS,EAAM,MAAM,MAAM,GAAGpB,CAAS,wBAAwB4B,CAAE,GAAI,CAChE,OAAQ,SACR,QAAShB,EAAA,CAAW,CACrB,EAED,GAAI,CAACQ,EAAI,GAAI,CACX,MAAMC,EAAM,MAAMD,EAAI,KAAA,EAAO,MAAM,KAAO,CAAA,EAAG,EAC7C,MAAM,IAAI,MAAMC,EAAI,OAAS,kCAAkCD,EAAI,MAAM,EAAE,CAC7E,CAEAhB,EAAcsB,GAASA,EAAK,OAAQG,GAAMA,EAAE,KAAOD,CAAE,CAAC,EACtDrB,EAAUmB,GAASA,EAAO,CAAC,CAC7B,OAASL,EAAK,CACZ,MAAMX,EAAQW,aAAe,MAAQA,EAAM,IAAI,MAAM,OAAOA,CAAG,CAAC,EAChE,MAAAV,EAASD,CAAK,EACRA,CACR,QAAA,CACED,EAAa,EAAK,CACpB,CACF,EACA,CAACT,EAAWY,CAAU,CAAA,EAGlBmB,EAAiBlB,EAAAA,YACrB,MAAOe,EAAYI,IACVL,EAAeC,EAAI,CAAE,QAAAI,EAAS,EAEvC,CAACL,CAAc,CAAA,EAGjB,MAAO,CACL,UAAAxB,EACA,MAAAG,EACA,UAAAE,EACA,MAAAE,EACA,eAAAK,EACA,eAAAQ,EACA,eAAAI,EACA,eAAAG,EACA,eAAAC,CAAA,CAEJ,CClMO,SAASE,EAAqB,CAAE,UAAAC,GAAwC,CAC7E,KAAM,CACJ,UAAA/B,EACA,UAAAK,EACA,MAAAE,EACA,eAAAK,EACA,eAAAQ,EACA,eAAAI,EACA,eAAAG,EACA,eAAAC,CAAA,EACEnC,EAAA,EAEE,CAAE,UAAAuC,CAAA,EAAcC,UAAA,EAChB,CAACC,EAAUC,CAAW,EAAIjC,EAAAA,SAAmB,MAAM,EACnD,CAACkC,EAAiBC,CAAkB,EAAInC,EAAAA,SAA6B,IAAI,EACzE,CAACoC,EAAWC,CAAY,EAAIrC,EAAAA,SAAwB,IAAI,EAE9DsC,EAAAA,UAAU,IAAM,CACd5B,EAAeoB,GAAW,EAAE,CAC9B,EAAG,CAACpB,EAAgBoB,GAAW,EAAE,CAAC,EAElC,MAAMS,EAAY,IAAM,CACtBJ,EAAmB,IAAI,EACvBE,EAAa,IAAI,EACjBJ,EAAY,KAAK,CACnB,EAEMO,EAAcpB,GAA0B,CAC5Ce,EAAmBf,CAAQ,EAC3BiB,EAAa,IAAI,EACjBJ,EAAY,MAAM,CACpB,EAEMQ,EAAe,IAAM,CACzBR,EAAY,MAAM,EAClBE,EAAmB,IAAI,EACvBE,EAAa,IAAI,CACnB,EAEMK,EAAe,MAAOtB,GAA0B,CACpD,GAAK,QAAQ,wBAAwBA,EAAS,IAAI,2BAA2B,EAG7E,GAAI,CACF,MAAMK,EAAeL,EAAS,EAAE,CAClC,MAAQ,CAER,CACF,EAEMuB,EAAe,MAAOvB,GAA0B,CACpD,GAAI,CACF,MAAMM,EAAeN,EAAS,GAAI,CAACA,EAAS,OAAO,CACrD,MAAQ,CAER,CACF,EAEMwB,EAAa,MAAO3B,GAA0D,CAClFoB,EAAa,IAAI,EACjB,GAAI,CACEL,IAAa,MACf,MAAMd,EAAeD,CAA8B,EAC1CiB,GACT,MAAMZ,EAAeY,EAAgB,GAAIjB,CAA8B,EAEzEgB,EAAY,MAAM,EAClBE,EAAmB,IAAI,CACzB,OAASnB,EAAK,CACZqB,EAAarB,aAAe,MAAQA,EAAI,QAAU,yBAAyB,CAC7E,CACF,EAEA,OAAIb,GAAaL,EAAU,SAAW,SAEjC,MAAA,CAAI,UAAW,yDAAyD+B,GAAa,EAAE,GACtF,SAAA,CAAAgB,EAAAA,IAACC,EAAAA,eAAA,EAAe,EAChBD,EAAAA,IAAC,QAAK,SAAA,0BAAA,CAAwB,CAAA,EAChC,EAIAb,IAAa,OAASA,IAAa,aAElC,MAAA,CAAI,UAAW,0BAA0BH,GAAa,EAAE,GACvD,SAAAgB,EAAAA,IAACE,EAAA,CACC,SAAUb,EACV,MAAOJ,GAAW,GAClB,MAAOM,EACP,UAAAjC,EACA,OAAQyC,EACR,SAAUH,CAAA,CAAA,EAEd,SAKD,MAAA,CAAI,UAAW,0BAA0BZ,GAAa,EAAE,GACvD,SAAA,CAAAmB,EAAAA,KAAC,MAAA,CAAI,UAAU,8BACb,SAAA,CAAAA,EAAAA,KAAC,MAAA,CAAI,UAAU,sCACb,SAAA,CAAAH,EAAAA,IAAC,KAAA,CAAG,UAAU,6BAA6B,SAAA,gBAAa,EACxDA,EAAAA,IAAC,IAAA,CAAE,UAAU,mCAAmC,SAAA,kEAAA,CAEhD,CAAA,EACF,EACAA,EAAAA,IAAC,UAAO,KAAK,SAAS,UAAU,gCAAgC,QAASN,EAAW,SAAA,cAAA,CAEpF,CAAA,EACF,EAEClC,GAASwC,EAAAA,IAACI,EAAAA,aAAA,CAAa,MAAO5C,EAAM,QAAS,EAE7CP,EAAU,SAAW,EACpBkD,EAAAA,KAAC,MAAA,CAAI,UAAU,+BACb,SAAA,CAAAH,EAAAA,IAAC,KAAE,SAAA,8BAAA,CAA4B,EAC/BA,EAAAA,IAAC,IAAA,CAAE,UAAU,oBAAoB,SAAA,8EAAA,CAEjC,CAAA,CAAA,CACF,QAEC,MAAA,CAAI,UAAU,2BACZ,SAAA/C,EAAU,IAAKsB,GACdyB,EAAAA,IAACK,EAAA,CAEC,SAAA9B,EACA,OAAQ,IAAMoB,EAAWpB,CAAQ,EACjC,SAAU,IAAMsB,EAAatB,CAAQ,EACrC,SAAU,IAAMuB,EAAavB,CAAQ,CAAA,EAJhCA,EAAS,EAAA,CAMjB,CAAA,CACH,CAAA,EAEJ,CAEJ,CAaA,SAAS8B,EAAgB,CAAE,SAAA9B,EAAU,OAAA+B,EAAQ,SAAAC,EAAU,SAAAC,GAAkC,CACvF,OACEL,EAAAA,KAAC,MAAA,CACC,UAAW,4BAA4B5B,EAAS,QAAU,GAAK,oCAAoC,GAEnG,SAAA,CAAA4B,EAAAA,KAAC,MAAA,CAAI,UAAU,kCACb,SAAA,CAAAA,EAAAA,KAAC,MAAA,CAAI,UAAU,gCACb,SAAA,CAAAH,EAAAA,IAAC,KAAA,CAAG,UAAU,gCAAiC,SAAAzB,EAAS,KAAK,EAC7DyB,EAAAA,IAAC,IAAA,CAAE,UAAU,kCAAmC,WAAS,SAAA,CAAU,CAAA,EACrE,EACAG,EAAAA,KAAC,SAAA,CACC,KAAK,SACL,KAAK,SACL,eAAc5B,EAAS,QACvB,UAAW,iBAAiBA,EAAS,QAAU,mBAAqB,mBAAmB,GACvF,QAASiC,EAET,SAAA,CAAAR,EAAAA,IAAC,QAAK,UAAU,sBACd,eAAC,OAAA,CAAK,UAAU,sBAAsB,CAAA,CACxC,QACC,OAAA,CAAK,UAAU,sBAAuB,SAAAzB,EAAS,QAAU,UAAY,UAAA,CAAW,CAAA,CAAA,CAAA,CACnF,EACF,EAEA4B,EAAAA,KAAC,MAAA,CAAI,UAAU,mCACb,SAAA,CAAAA,EAAAA,KAAC,MAAA,CAAI,UAAU,kCACb,SAAA,CAAAH,EAAAA,IAAC,OAAA,CAAK,UAAU,wCAAwC,SAAA,YAAS,EACjEA,EAAAA,IAAC,OAAA,CAAK,UAAU,wCAAyC,WAAS,QAAA,CAAS,CAAA,EAC7E,EACCzB,EAAS,aACR4B,OAAC,MAAA,CAAI,UAAU,kCACb,SAAA,CAAAH,EAAAA,IAAC,OAAA,CAAK,UAAU,wCAAwC,SAAA,eAAY,EACpEG,EAAAA,KAAC,OAAA,CAAK,UAAU,wCAAwC,SAAA,CAAA,IAAE5B,EAAS,WAAA,CAAA,CAAY,CAAA,EACjF,EAEF4B,EAAAA,KAAC,MAAA,CAAI,UAAU,kCACb,SAAA,CAAAH,EAAAA,IAAC,OAAA,CAAK,UAAU,wCAAwC,SAAA,eAAY,QACnE,OAAA,CAAK,UAAU,wCACb,SAAAzB,EAAS,kBAAoB,UAAY,qBAAA,CAC5C,CAAA,CAAA,CACF,CAAA,EACF,EAEA4B,EAAAA,KAAC,MAAA,CAAI,UAAU,mCACb,SAAA,CAAAH,EAAAA,IAAC,UAAO,KAAK,SAAS,UAAU,8BAA8B,QAASM,EAAQ,SAAA,MAAA,CAE/E,EACAN,EAAAA,IAAC,SAAA,CACC,KAAK,SACL,UAAU,gDACV,QAASO,EACV,SAAA,QAAA,CAAA,CAED,CAAA,CACF,CAAA,CAAA,CAAA,CAGN,CAeA,SAASL,EAAgB,CACvB,SAAA3B,EACA,MAAAT,EACA,MAAAN,EACA,UAAAF,EACA,OAAAmD,EACA,SAAAC,CACF,EAAyB,CACvB,MAAMC,EAAY,EAAQpC,EAEpB,CAACqC,EAAMC,CAAO,EAAI1D,EAAAA,SAASoB,GAAU,MAAQ,EAAE,EAC/C,CAACuC,EAAWC,CAAY,EAAI5D,EAAAA,SAASoB,GAAU,WAAa,EAAE,EAC9D,CAACyC,EAAUC,CAAW,EAAI9D,EAAAA,SAASoB,GAAU,UAAY,EAAE,EAC3D,CAAC2C,EAAcC,CAAe,EAAIhE,EAAAA,SAAS,EAAE,EAC7C,CAACiE,EAAaC,CAAc,EAAIlE,EAAAA,SAASoB,GAAU,aAAe,EAAE,EACpE,CAAC+C,EAAmBC,CAAoB,EAAIpE,EAAAA,SAASoB,GAAU,mBAAqB,EAAI,EACxF,CAACO,EAAS0C,CAAU,EAAIrE,EAAAA,SAASoB,GAAU,SAAW,EAAI,EAE1DkD,EAAe9D,EAAAA,YAClB+D,GAAuB,CAGtB,GAFAA,EAAE,eAAA,EAEEf,EAAW,CACb,MAAMgB,EAAkC,CACtC,KAAAf,EACA,UAAAE,EACA,SAAAE,EACA,YAAaI,GAAe,KAC5B,kBAAAE,EACA,QAAAxC,CAAA,EAGEoC,IACFS,EAAQ,aAAeT,GAEzBT,EAAOkB,CAAO,CAChB,KAAO,CACL,GAAI,CAAC7D,EACH,OAYF2C,EAVqC,CACnC,MAAA3C,EACA,KAAA8C,EACA,UAAAE,EACA,SAAAE,EACA,aAAAE,EACA,YAAaE,GAAe,KAC5B,kBAAAE,EACA,QAAAxC,CAAA,CAES,CACb,CACF,EACA,CACE6B,EACA7C,EACA8C,EACAE,EACAE,EACAE,EACAE,EACAE,EACAxC,EACA2B,CAAA,CACF,EAGF,OACEN,EAAAA,KAAC,OAAA,CAAK,UAAU,2BAA2B,SAAUsB,EACnD,SAAA,CAAAzB,EAAAA,IAAC,OAAI,UAAU,8BACb,SAAAG,EAAAA,KAAC,MAAA,CAAI,UAAU,sCACb,SAAA,CAAAH,MAAC,KAAA,CAAG,UAAU,6BACX,SAAAW,EAAY,oBAAsB,mBACrC,EACAX,EAAAA,IAAC,IAAA,CAAE,UAAU,mCAAmC,SAAA,oEAAA,CAEhD,CAAA,CAAA,CACF,CAAA,CACF,EAECxC,GAASwC,EAAAA,IAACI,eAAA,CAAa,MAAA5C,CAAA,CAAc,EAEtC2C,EAAAA,KAAC,MAAA,CAAI,UAAU,sBACb,SAAA,CAAAA,EAAAA,KAAC,MAAA,CAAI,UAAU,oBACb,SAAA,CAAAH,MAAC,QAAA,CAAM,UAAU,oBAAoB,QAAQ,WAAW,SAAA,gBAExD,EACAA,EAAAA,IAAC,QAAA,CACC,GAAG,WACH,KAAK,OACL,UAAU,oBACV,MAAOY,EACP,SAAWc,GAAMb,EAAQa,EAAE,OAAO,KAAK,EACvC,YAAY,uBACZ,SAAQ,EAAA,CAAA,CACV,EACF,EAEAvB,EAAAA,KAAC,MAAA,CAAI,UAAU,oBACb,SAAA,CAAAH,MAAC,QAAA,CAAM,UAAU,oBAAoB,QAAQ,aAAa,SAAA,aAE1D,EACAA,EAAAA,IAAC,QAAA,CACC,GAAG,aACH,KAAK,MACL,UAAU,oBACV,MAAOc,EACP,SAAWY,GAAMX,EAAaW,EAAE,OAAO,KAAK,EAC5C,YAAY,4BACZ,SAAQ,EAAA,CAAA,EAEV1B,EAAAA,IAAC,IAAA,CAAE,UAAU,mBAAmB,SAAA,kFAAA,CAEhC,CAAA,EACF,EAEAG,EAAAA,KAAC,MAAA,CAAI,UAAU,oBACb,SAAA,CAAAH,MAAC,QAAA,CAAM,UAAU,oBAAoB,QAAQ,gBAAgB,SAAA,YAE7D,EACAA,EAAAA,IAAC,QAAA,CACC,GAAG,gBACH,KAAK,OACL,UAAU,oBACV,MAAOgB,EACP,SAAWU,GAAMT,EAAYS,EAAE,OAAO,KAAK,EAC3C,YAAY,kBACZ,SAAQ,EAAA,CAAA,CACV,EACF,EAEAvB,EAAAA,KAAC,MAAA,CAAI,UAAU,oBACb,SAAA,CAAAA,EAAAA,KAAC,QAAA,CAAM,UAAU,oBAAoB,QAAQ,oBAAoB,SAAA,CAAA,gBACjD,IACbQ,GACCX,EAAAA,IAAC,OAAA,CAAK,UAAU,0BAA0B,SAAA,+BAAA,CAA6B,CAAA,EAE3E,EACAA,EAAAA,IAAC,QAAA,CACC,GAAG,oBACH,KAAK,WACL,UAAU,oBACV,MAAOkB,EACP,SAAWQ,GAAMP,EAAgBO,EAAE,OAAO,KAAK,EAC/C,YAAaf,EAAY,WAAa,sBACtC,SAAU,CAACA,CAAA,CAAA,CACb,EACF,EAEAR,EAAAA,KAAC,MAAA,CAAI,UAAU,oBACb,SAAA,CAAAH,MAAC,QAAA,CAAM,UAAU,oBAAoB,QAAQ,mBAAmB,SAAA,0BAEhE,EACAA,EAAAA,IAAC,QAAA,CACC,GAAG,mBACH,KAAK,OACL,UAAU,oBACV,MAAOoB,EACP,SAAWM,GAAML,EAAeK,EAAE,OAAO,KAAK,EAC9C,YAAY,aAAA,CAAA,EAEd1B,EAAAA,IAAC,IAAA,CAAE,UAAU,mBAAmB,SAAA,gDAAA,CAA8C,CAAA,EAChF,QAEC,MAAA,CAAI,UAAU,oBACb,SAAAG,EAAAA,KAAC,QAAA,CAAM,UAAU,uBACf,SAAA,CAAAH,EAAAA,IAAC,QAAA,CACC,KAAK,WACL,QAASsB,EACT,SAAWI,GAAMH,EAAqBG,EAAE,OAAO,OAAO,CAAA,CAAA,EAExD1B,EAAAA,IAAC,QAAK,SAAA,qCAAA,CAAmC,CAAA,CAAA,CAC3C,CAAA,CACF,QAEC,MAAA,CAAI,UAAU,oBACb,SAAAG,EAAAA,KAAC,QAAA,CAAM,UAAU,uBACf,SAAA,CAAAH,EAAAA,IAAC,QAAA,CACC,KAAK,WACL,QAASlB,EACT,SAAW4C,GAAMF,EAAWE,EAAE,OAAO,OAAO,CAAA,CAAA,EAE9C1B,EAAAA,IAAC,QAAK,SAAA,sBAAA,CAAoB,CAAA,CAAA,CAC5B,CAAA,CACF,CAAA,EACF,EAEAG,EAAAA,KAAC,MAAA,CAAI,UAAU,sBACb,SAAA,CAAAH,EAAAA,IAAC,SAAA,CACC,KAAK,SACL,UAAU,8BACV,QAASU,EACT,SAAUpD,EACX,SAAA,QAAA,CAAA,EAGD0C,EAAAA,IAAC,SAAA,CAAO,KAAK,SAAS,UAAU,gCAAgC,SAAU1C,EACvE,SAAAA,EAAY,YAAcqD,EAAY,eAAiB,cAAA,CAC1D,CAAA,CAAA,CACF,CAAA,EACF,CAEJ,CClaA,MAAMiB,EAAoB,CACxB,CAAE,GAAI,QAAS,MAAO,QAAS,WAAY,CAAC,YAAY,EACtD,KAAM,CAAC,qBAAsB,kCAAmC,6BAA6B,CAAA,EAC/F,CAAE,GAAI,SAAU,MAAO,SAAU,WAAY,CAAC,aAAa,EACzD,KAAM,CAAC,sBAAuB,wBAAyB,2BAA2B,CAAA,EACpF,CAAE,GAAI,QAAS,MAAO,QAAS,WAAY,CAAC,YAAY,EACtD,KAAM,CAAC,qBAAsB,uBAAwB,qBAAsB,oBAAqB,wBAAwB,CAAA,EAC1H,CAAE,GAAI,SAAU,MAAO,SAAU,WAAY,CAAC,aAAa,EACzD,KAAM,CAAC,sBAAuB,8BAA8B,CAAA,EAC9D,CAAE,GAAI,WAAY,MAAO,WAAY,WAAY,CAAC,eAAe,EAC/D,KAAM,CAAC,wBAAyB,sBAAuB,wBAAyB,yBAAyB,CAAA,EAC3G,CAAE,GAAI,cAAe,MAAO,eAAgB,WAAY,CAAC,kBAAkB,EACzE,KAAM,CAAC,2BAA4B,0BAA2B,6BAA6B,CAAA,EAC7F,CAAE,GAAI,MAAO,MAAO,gBAAiB,WAAY,CAAA,EAAI,SAAU,EAAA,CACjE,EAMO,SAASC,EAAuB,CAAE,UAAA7C,GAA0C,CACjF,KAAM,CACJ,SAAA8C,EACA,MAAAC,EACA,UAAAzE,EACA,eAAA0E,EACA,cAAAC,EACA,MAAAzE,EACA,cAAA0E,EACA,aAAAC,CAAA,EACEC,sBAAA,EAEE,CAACC,EAAWC,CAAY,EAAInF,EAAAA,SAAkB,OAAO,EAE3DsC,EAAAA,UAAU,IAAM,CACdyC,EAAA,CACF,EAAG,CAACA,CAAa,CAAC,EAGlB,MAAMK,EAAaX,EAAK,KAAMY,GAAMA,EAAE,KAAOH,CAAS,EAGhDI,EAAiBC,EAAAA,QAAQ,IAAM,CACnC,GAAI,CAACH,EAAY,MAAO,CAAA,EACxB,MAAMI,EAAyC,CAAA,EAC/C,UAAWC,KAAYL,EAAW,WAAY,CAC5C,MAAMM,EAAmBf,EAASc,CAAQ,GAAK,CAAA,EAC/CD,EAAY,KAAK,GAAGE,CAAgB,CACtC,CACA,OAAOF,CACT,EAAG,CAACb,EAAUS,CAAU,CAAC,EAEnBO,EAAkBJ,EAAAA,QAAQ,IACzBH,GAAY,KAEVE,EACJ,OAAQM,GAAMR,EAAW,KAAM,SAASQ,EAAE,GAAG,CAAC,EAC9C,KAAK,CAACC,EAAGC,IAAMV,EAAW,KAAM,QAAQS,EAAE,GAAG,EAAIT,EAAW,KAAM,QAAQU,EAAE,GAAG,CAAC,EAJrDR,EAK7B,CAACA,EAAgBF,CAAU,CAAC,EAE/B,OAAIjF,GAAa,OAAO,KAAKwE,CAAQ,EAAE,SAAW,SAE7C,MAAA,CAAI,UAAW,yDAAyD9C,GAAa,EAAE,GACtF,SAAA,CAAAgB,EAAAA,IAACC,EAAAA,eAAA,EAAe,EAChBD,EAAAA,IAAC,QAAK,SAAA,qBAAA,CAAmB,CAAA,EAC3B,EAIAxC,EAEAwC,EAAAA,IAAC,MAAA,CAAI,UAAW,0BAA0BhB,GAAa,EAAE,GACvD,SAAAgB,EAAAA,IAACI,EAAAA,aAAA,CAAa,MAAO5C,EAAM,OAAA,CAAS,EACtC,SAKD,MAAA,CAAI,UAAW,0BAA0BwB,GAAa,EAAE,GACvD,SAAA,CAAAmB,EAAAA,KAAC,MAAA,CAAI,UAAU,8BACb,SAAA,CAAAA,EAAAA,KAAC,MAAA,CAAI,UAAU,sCACb,SAAA,CAAAH,EAAAA,IAAC,KAAA,CAAG,UAAU,6BAA6B,SAAA,iBAAc,EACzDA,EAAAA,IAAC,IAAA,CAAE,UAAU,mCAAmC,SAAA,kEAAA,CAEhD,CAAA,EACF,EACAA,EAAAA,IAACkD,EAAAA,eAAA,CAAe,OAAQlB,EAAgB,MAAOC,CAAA,CAAe,CAAA,EAChE,QAGC,MAAA,CAAI,UAAU,4CACZ,SAAAL,EAAK,IAAKuB,GACTnD,EAAAA,IAAC,SAAA,CAEC,KAAK,SACL,UAAW,oBAAoBqC,IAAcc,EAAI,GAAK,0BAA4B,EAAE,GACpF,QAAS,IAAMb,EAAaa,EAAI,EAAE,EAClC,gBAAed,IAAcc,EAAI,GACjC,KAAK,MAEJ,SAAAA,EAAI,KAAA,EAPAA,EAAI,EAAA,CASZ,EACH,QAGC,MAAA,CAAI,UAAU,2BAA2B,KAAK,WAC5C,YAAY,SACXnD,EAAAA,IAACjB,IAAqB,EACpB+D,EAAgB,SAAW,EAC7B9C,EAAAA,IAAC,OAAI,UAAU,+BACb,gBAAC,IAAA,CAAE,SAAA,CAAA,yBAAuBuC,GAAY,OAAS,gBAAgB,GAAA,CAAA,CAAC,CAAA,CAClE,EAEAvC,EAAAA,IAACoD,kBAAA,CAAgB,SAAUN,EAAiB,MAAAf,EAAc,SAAUI,CAAA,CAAc,CAAA,CAEtF,CAAA,EACF,CAEJ"}

package/dist/AuthenticationSettings-Dx3JCI3m.js

@@ -0,0 +1,9 @@
+import { jsx as t } from "react/jsx-runtime";
+import "react";
+import { A as i } from "./AuthenticationSettings-vowmQPXz.js";
+function r() {
+  return /* @__PURE__ */ t("div", { className: "cedros-dashboard__section", children: /* @__PURE__ */ t(i, {}) });
+}
+export {
+  r as default
+};

package/dist/AuthenticationSettings-Dx3JCI3m.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthenticationSettings-Dx3JCI3m.js","sources":["../src/admin/sections/AuthenticationSettings.tsx"],"sourcesContent":["/**\n * Authentication Settings Section - Plugin wrapper\n */\n\nimport React from 'react';\nimport { AuthenticationSettings as Settings } from '../../components/admin/settings';\n\nexport default function AuthenticationSettings(): React.JSX.Element {\n  return (\n    <div className=\"cedros-dashboard__section\">\n      <Settings />\n    </div>\n  );\n}\n"],"names":["AuthenticationSettings","jsx","Settings"],"mappings":";;;AAOA,SAAwBA,IAA4C;AAClE,2BACG,OAAA,EAAI,WAAU,6BACb,UAAA,gBAAAC,EAACC,KAAS,GACZ;AAEJ;"}

package/dist/AuthenticationSettings-vowmQPXz.js

@@ -0,0 +1,525 @@
+import { jsxs as r, jsx as e } from "react/jsx-runtime";
+import { useRef as I, useState as v, useCallback as O, useEffect as $, useMemo as P } from "react";
+import { L as T } from "./LoadingSpinner-6vml-zwr.js";
+import { E as A } from "./ErrorMessage-CcEK0pYO.js";
+import { u as F, A as L, S as j } from "./AutosaveStatus-Ciyt350A.js";
+import { u as R } from "./useCedrosLogin-_94MmGGq.js";
+import { u as U } from "./useOrgs-C3pzMA9h.js";
+function q() {
+  const { config: o, _internal: g } = R(), h = o.serverUrl, b = I(g?.getAccessToken ?? (() => null));
+  b.current = g?.getAccessToken ?? (() => null);
+  const [S, k] = v([]), [f, y] = v(0), [C, c] = v(!1), [_, t] = v(null), m = O(() => {
+    const d = b.current();
+    return {
+      "Content-Type": "application/json",
+      ...d ? { Authorization: `Bearer ${d}` } : {}
+    };
+  }, []), p = O(
+    async (d, a = 50, n = 0) => {
+      c(!0), t(null);
+      try {
+        const i = new URLSearchParams();
+        d && i.set("org_id", d), i.set("limit", String(a)), i.set("offset", String(n));
+        const s = await fetch(`${h}/admin/sso-providers?${i}`, {
+          headers: m()
+        });
+        if (!s.ok) {
+          const x = await s.json().catch(() => ({}));
+          throw new Error(x.error || `Failed to fetch SSO providers: ${s.status}`);
+        }
+        const N = await s.json();
+        return k(N.providers), y(N.total), N;
+      } catch (i) {
+        const s = i instanceof Error ? i : new Error(String(i));
+        throw t(s), s;
+      } finally {
+        c(!1);
+      }
+    },
+    [h, m]
+  ), l = O(
+    async (d) => {
+      c(!0), t(null);
+      try {
+        const a = await fetch(`${h}/admin/sso-providers`, {
+          method: "POST",
+          headers: m(),
+          body: JSON.stringify(d)
+        });
+        if (!a.ok) {
+          const i = await a.json().catch(() => ({}));
+          throw new Error(i.error || `Failed to create SSO provider: ${a.status}`);
+        }
+        const n = await a.json();
+        return k((i) => [...i, n]), y((i) => i + 1), n;
+      } catch (a) {
+        const n = a instanceof Error ? a : new Error(String(a));
+        throw t(n), n;
+      } finally {
+        c(!1);
+      }
+    },
+    [h, m]
+  ), u = O(
+    async (d, a) => {
+      c(!0), t(null);
+      try {
+        const n = await fetch(`${h}/admin/sso-providers/${d}`, {
+          method: "PUT",
+          headers: m(),
+          body: JSON.stringify(a)
+        });
+        if (!n.ok) {
+          const s = await n.json().catch(() => ({}));
+          throw new Error(s.error || `Failed to update SSO provider: ${n.status}`);
+        }
+        const i = await n.json();
+        return k((s) => s.map((N) => N.id === d ? i : N)), i;
+      } catch (n) {
+        const i = n instanceof Error ? n : new Error(String(n));
+        throw t(i), i;
+      } finally {
+        c(!1);
+      }
+    },
+    [h, m]
+  ), E = O(
+    async (d) => {
+      c(!0), t(null);
+      try {
+        const a = await fetch(`${h}/admin/sso-providers/${d}`, {
+          method: "DELETE",
+          headers: m()
+        });
+        if (!a.ok) {
+          const n = await a.json().catch(() => ({}));
+          throw new Error(n.error || `Failed to delete SSO provider: ${a.status}`);
+        }
+        k((n) => n.filter((i) => i.id !== d)), y((n) => n - 1);
+      } catch (a) {
+        const n = a instanceof Error ? a : new Error(String(a));
+        throw t(n), n;
+      } finally {
+        c(!1);
+      }
+    },
+    [h, m]
+  ), w = O(
+    async (d, a) => u(d, { enabled: a }),
+    [u]
+  );
+  return {
+    providers: S,
+    total: f,
+    isLoading: C,
+    error: _,
+    fetchProviders: p,
+    createProvider: l,
+    updateProvider: u,
+    deleteProvider: E,
+    toggleProvider: w
+  };
+}
+function M({ className: o }) {
+  const {
+    providers: g,
+    isLoading: h,
+    error: b,
+    fetchProviders: S,
+    createProvider: k,
+    updateProvider: f,
+    deleteProvider: y,
+    toggleProvider: C
+  } = q(), { activeOrg: c } = U(), [_, t] = v("list"), [m, p] = v(null), [l, u] = v(null);
+  $(() => {
+    S(c?.id);
+  }, [S, c?.id]);
+  const E = () => {
+    p(null), u(null), t("add");
+  }, w = (s) => {
+    p(s), u(null), t("edit");
+  }, d = () => {
+    t("list"), p(null), u(null);
+  }, a = async (s) => {
+    if (confirm(`Delete SSO provider "${s.name}"? This cannot be undone.`))
+      try {
+        await y(s.id);
+      } catch {
+      }
+  }, n = async (s) => {
+    try {
+      await C(s.id, !s.enabled);
+    } catch {
+    }
+  }, i = async (s) => {
+    u(null);
+    try {
+      _ === "add" ? await k(s) : m && await f(m.id, s), t("list"), p(null);
+    } catch (N) {
+      u(N instanceof Error ? N.message : "Failed to save provider");
+    }
+  };
+  return h && g.length === 0 ? /* @__PURE__ */ r("div", { className: `cedros-system-settings cedros-system-settings-loading ${o ?? ""}`, children: [
+    /* @__PURE__ */ e(T, {}),
+    /* @__PURE__ */ e("span", { children: "Loading SSO providers..." })
+  ] }) : _ === "add" || _ === "edit" ? /* @__PURE__ */ e("div", { className: `cedros-system-settings ${o ?? ""}`, children: /* @__PURE__ */ e(
+    B,
+    {
+      provider: m,
+      orgId: c?.id,
+      error: l,
+      isLoading: h,
+      onSave: i,
+      onCancel: d
+    }
+  ) }) : /* @__PURE__ */ r("div", { className: `cedros-system-settings ${o ?? ""}`, children: [
+    /* @__PURE__ */ r("div", { className: "cedros-settings-page-header", children: [
+      /* @__PURE__ */ r("div", { className: "cedros-settings-page-header-content", children: [
+        /* @__PURE__ */ e("h2", { className: "cedros-settings-page-title", children: "SSO Providers" }),
+        /* @__PURE__ */ e("p", { className: "cedros-settings-page-description", children: "Configure OIDC identity providers for enterprise single sign-on." })
+      ] }),
+      /* @__PURE__ */ e("button", { type: "button", className: "cedros-btn cedros-btn-primary", onClick: E, children: "Add Provider" })
+    ] }),
+    b && /* @__PURE__ */ e(A, { error: b.message }),
+    g.length === 0 ? /* @__PURE__ */ r("div", { className: "cedros-system-settings-empty", children: [
+      /* @__PURE__ */ e("p", { children: "No SSO providers configured." }),
+      /* @__PURE__ */ e("p", { className: "cedros-text-muted", children: "Add an OIDC provider like Okta, Azure AD, or Auth0 to enable enterprise SSO." })
+    ] }) : /* @__PURE__ */ e("div", { className: "cedros-sso-provider-list", children: g.map((s) => /* @__PURE__ */ e(
+      z,
+      {
+        provider: s,
+        onEdit: () => w(s),
+        onDelete: () => a(s),
+        onToggle: () => n(s)
+      },
+      s.id
+    )) })
+  ] });
+}
+function z({ provider: o, onEdit: g, onDelete: h, onToggle: b }) {
+  return /* @__PURE__ */ r(
+    "div",
+    {
+      className: `cedros-sso-provider-card ${o.enabled ? "" : "cedros-sso-provider-card--disabled"}`,
+      children: [
+        /* @__PURE__ */ r("div", { className: "cedros-sso-provider-card-header", children: [
+          /* @__PURE__ */ r("div", { className: "cedros-sso-provider-card-info", children: [
+            /* @__PURE__ */ e("h3", { className: "cedros-sso-provider-card-name", children: o.name }),
+            /* @__PURE__ */ e("p", { className: "cedros-sso-provider-card-issuer", children: o.issuerUrl })
+          ] }),
+          /* @__PURE__ */ r(
+            "button",
+            {
+              type: "button",
+              role: "switch",
+              "aria-checked": o.enabled,
+              className: `cedros-toggle ${o.enabled ? "cedros-toggle-on" : "cedros-toggle-off"}`,
+              onClick: b,
+              children: [
+                /* @__PURE__ */ e("span", { className: "cedros-toggle-track", children: /* @__PURE__ */ e("span", { className: "cedros-toggle-thumb" }) }),
+                /* @__PURE__ */ e("span", { className: "cedros-toggle-label", children: o.enabled ? "Enabled" : "Disabled" })
+              ]
+            }
+          )
+        ] }),
+        /* @__PURE__ */ r("div", { className: "cedros-sso-provider-card-details", children: [
+          /* @__PURE__ */ r("div", { className: "cedros-sso-provider-card-detail", children: [
+            /* @__PURE__ */ e("span", { className: "cedros-sso-provider-card-detail-label", children: "Client ID" }),
+            /* @__PURE__ */ e("code", { className: "cedros-sso-provider-card-detail-value", children: o.clientId })
+          ] }),
+          o.emailDomain && /* @__PURE__ */ r("div", { className: "cedros-sso-provider-card-detail", children: [
+            /* @__PURE__ */ e("span", { className: "cedros-sso-provider-card-detail-label", children: "Email Domain" }),
+            /* @__PURE__ */ r("span", { className: "cedros-sso-provider-card-detail-value", children: [
+              "@",
+              o.emailDomain
+            ] })
+          ] }),
+          /* @__PURE__ */ r("div", { className: "cedros-sso-provider-card-detail", children: [
+            /* @__PURE__ */ e("span", { className: "cedros-sso-provider-card-detail-label", children: "Registration" }),
+            /* @__PURE__ */ e("span", { className: "cedros-sso-provider-card-detail-value", children: o.allowRegistration ? "Allowed" : "Existing users only" })
+          ] })
+        ] }),
+        /* @__PURE__ */ r("div", { className: "cedros-sso-provider-card-actions", children: [
+          /* @__PURE__ */ e("button", { type: "button", className: "cedros-btn cedros-btn-ghost", onClick: g, children: "Edit" }),
+          /* @__PURE__ */ e(
+            "button",
+            {
+              type: "button",
+              className: "cedros-btn cedros-btn-ghost cedros-btn-danger",
+              onClick: h,
+              children: "Delete"
+            }
+          )
+        ] })
+      ]
+    }
+  );
+}
+function B({
+  provider: o,
+  orgId: g,
+  error: h,
+  isLoading: b,
+  onSave: S,
+  onCancel: k
+}) {
+  const f = !!o, [y, C] = v(o?.name ?? ""), [c, _] = v(o?.issuerUrl ?? ""), [t, m] = v(o?.clientId ?? ""), [p, l] = v(""), [u, E] = v(o?.emailDomain ?? ""), [w, d] = v(o?.allowRegistration ?? !0), [a, n] = v(o?.enabled ?? !0), i = O(
+    (s) => {
+      if (s.preventDefault(), f) {
+        const N = {
+          name: y,
+          issuerUrl: c,
+          clientId: t,
+          emailDomain: u || null,
+          allowRegistration: w,
+          enabled: a
+        };
+        p && (N.clientSecret = p), S(N);
+      } else {
+        if (!g)
+          return;
+        S({
+          orgId: g,
+          name: y,
+          issuerUrl: c,
+          clientId: t,
+          clientSecret: p,
+          emailDomain: u || null,
+          allowRegistration: w,
+          enabled: a
+        });
+      }
+    },
+    [
+      f,
+      g,
+      y,
+      c,
+      t,
+      p,
+      u,
+      w,
+      a,
+      S
+    ]
+  );
+  return /* @__PURE__ */ r("form", { className: "cedros-sso-provider-form", onSubmit: i, children: [
+    /* @__PURE__ */ e("div", { className: "cedros-settings-page-header", children: /* @__PURE__ */ r("div", { className: "cedros-settings-page-header-content", children: [
+      /* @__PURE__ */ e("h2", { className: "cedros-settings-page-title", children: f ? "Edit SSO Provider" : "Add SSO Provider" }),
+      /* @__PURE__ */ e("p", { className: "cedros-settings-page-description", children: "Configure an OIDC identity provider for enterprise single sign-on." })
+    ] }) }),
+    h && /* @__PURE__ */ e(A, { error: h }),
+    /* @__PURE__ */ r("div", { className: "cedros-form-section", children: [
+      /* @__PURE__ */ r("div", { className: "cedros-form-group", children: [
+        /* @__PURE__ */ e("label", { className: "cedros-form-label", htmlFor: "sso-name", children: "Provider Name" }),
+        /* @__PURE__ */ e(
+          "input",
+          {
+            id: "sso-name",
+            type: "text",
+            className: "cedros-form-input",
+            value: y,
+            onChange: (s) => C(s.target.value),
+            placeholder: "e.g., Okta, Azure AD",
+            required: !0
+          }
+        )
+      ] }),
+      /* @__PURE__ */ r("div", { className: "cedros-form-group", children: [
+        /* @__PURE__ */ e("label", { className: "cedros-form-label", htmlFor: "sso-issuer", children: "Issuer URL" }),
+        /* @__PURE__ */ e(
+          "input",
+          {
+            id: "sso-issuer",
+            type: "url",
+            className: "cedros-form-input",
+            value: c,
+            onChange: (s) => _(s.target.value),
+            placeholder: "https://your-org.okta.com",
+            required: !0
+          }
+        ),
+        /* @__PURE__ */ e("p", { className: "cedros-form-hint", children: "The OIDC issuer URL. Must support discovery at /.well-known/openid-configuration" })
+      ] }),
+      /* @__PURE__ */ r("div", { className: "cedros-form-group", children: [
+        /* @__PURE__ */ e("label", { className: "cedros-form-label", htmlFor: "sso-client-id", children: "Client ID" }),
+        /* @__PURE__ */ e(
+          "input",
+          {
+            id: "sso-client-id",
+            type: "text",
+            className: "cedros-form-input",
+            value: t,
+            onChange: (s) => m(s.target.value),
+            placeholder: "OAuth client ID",
+            required: !0
+          }
+        )
+      ] }),
+      /* @__PURE__ */ r("div", { className: "cedros-form-group", children: [
+        /* @__PURE__ */ r("label", { className: "cedros-form-label", htmlFor: "sso-client-secret", children: [
+          "Client Secret",
+          " ",
+          f && /* @__PURE__ */ e("span", { className: "cedros-form-hint-inline", children: "(leave blank to keep current)" })
+        ] }),
+        /* @__PURE__ */ e(
+          "input",
+          {
+            id: "sso-client-secret",
+            type: "password",
+            className: "cedros-form-input",
+            value: p,
+            onChange: (s) => l(s.target.value),
+            placeholder: f ? "••••••••" : "OAuth client secret",
+            required: !f
+          }
+        )
+      ] }),
+      /* @__PURE__ */ r("div", { className: "cedros-form-group", children: [
+        /* @__PURE__ */ e("label", { className: "cedros-form-label", htmlFor: "sso-email-domain", children: "Email Domain (optional)" }),
+        /* @__PURE__ */ e(
+          "input",
+          {
+            id: "sso-email-domain",
+            type: "text",
+            className: "cedros-form-input",
+            value: u,
+            onChange: (s) => E(s.target.value),
+            placeholder: "company.com"
+          }
+        ),
+        /* @__PURE__ */ e("p", { className: "cedros-form-hint", children: "Restrict to users with emails from this domain" })
+      ] }),
+      /* @__PURE__ */ e("div", { className: "cedros-form-group", children: /* @__PURE__ */ r("label", { className: "cedros-form-checkbox", children: [
+        /* @__PURE__ */ e(
+          "input",
+          {
+            type: "checkbox",
+            checked: w,
+            onChange: (s) => d(s.target.checked)
+          }
+        ),
+        /* @__PURE__ */ e("span", { children: "Allow new user registration via SSO" })
+      ] }) }),
+      /* @__PURE__ */ e("div", { className: "cedros-form-group", children: /* @__PURE__ */ r("label", { className: "cedros-form-checkbox", children: [
+        /* @__PURE__ */ e(
+          "input",
+          {
+            type: "checkbox",
+            checked: a,
+            onChange: (s) => n(s.target.checked)
+          }
+        ),
+        /* @__PURE__ */ e("span", { children: "Enable this provider" })
+      ] }) })
+    ] }),
+    /* @__PURE__ */ r("div", { className: "cedros-form-actions", children: [
+      /* @__PURE__ */ e(
+        "button",
+        {
+          type: "button",
+          className: "cedros-btn cedros-btn-ghost",
+          onClick: k,
+          disabled: b,
+          children: "Cancel"
+        }
+      ),
+      /* @__PURE__ */ e("button", { type: "submit", className: "cedros-btn cedros-btn-primary", disabled: b, children: b ? "Saving..." : f ? "Save Changes" : "Add Provider" })
+    ] })
+  ] });
+}
+const D = [
+  {
+    id: "email",
+    label: "Email",
+    categories: ["auth.email"],
+    keys: ["auth_email_enabled", "auth_email_require_verification", "auth_email_block_disposable"]
+  },
+  {
+    id: "google",
+    label: "Google",
+    categories: ["auth.google"],
+    keys: ["auth_google_enabled", "auth_google_client_id", "auth_google_client_secret"]
+  },
+  {
+    id: "apple",
+    label: "Apple",
+    categories: ["auth.apple"],
+    keys: ["auth_apple_enabled", "auth_apple_client_id", "auth_apple_team_id", "auth_apple_key_id", "auth_apple_private_key"]
+  },
+  {
+    id: "solana",
+    label: "Solana",
+    categories: ["auth.solana"],
+    keys: ["auth_solana_enabled", "auth_solana_challenge_expiry"]
+  },
+  {
+    id: "passkeys",
+    label: "Passkeys",
+    categories: ["auth.webauthn"],
+    keys: ["auth_webauthn_enabled", "auth_webauthn_rp_id", "auth_webauthn_rp_name", "auth_webauthn_rp_origin"]
+  },
+  {
+    id: "instantlink",
+    label: "Instant Link",
+    categories: ["auth.instantlink"],
+    keys: ["auth_instantlink_enabled", "auth_instantlink_expiry", "auth_instantlink_rate_limit"]
+  },
+  { id: "sso", label: "SSO Providers", categories: [], isCustom: !0 }
+];
+function X({ className: o }) {
+  const {
+    settings: g,
+    edits: h,
+    isLoading: b,
+    autosaveStatus: S,
+    autosaveError: k,
+    error: f,
+    fetchSettings: y,
+    handleChange: C
+  } = F(), [c, _] = v("email");
+  $(() => {
+    y();
+  }, [y]);
+  const t = D.find((l) => l.id === c), m = P(() => {
+    if (!t) return [];
+    const l = [];
+    for (const u of t.categories) {
+      const E = g[u] ?? [];
+      l.push(...E);
+    }
+    return l;
+  }, [g, t]), p = P(() => t?.keys ? m.filter((l) => t.keys.includes(l.key)).sort((l, u) => t.keys.indexOf(l.key) - t.keys.indexOf(u.key)) : m, [m, t]);
+  return b && Object.keys(g).length === 0 ? /* @__PURE__ */ r("div", { className: `cedros-system-settings cedros-system-settings-loading ${o ?? ""}`, children: [
+    /* @__PURE__ */ e(T, {}),
+    /* @__PURE__ */ e("span", { children: "Loading settings..." })
+  ] }) : f ? /* @__PURE__ */ e("div", { className: `cedros-system-settings ${o ?? ""}`, children: /* @__PURE__ */ e(A, { error: f.message }) }) : /* @__PURE__ */ r("div", { className: `cedros-system-settings ${o ?? ""}`, children: [
+    /* @__PURE__ */ r("div", { className: "cedros-settings-page-header", children: [
+      /* @__PURE__ */ r("div", { className: "cedros-settings-page-header-content", children: [
+        /* @__PURE__ */ e("h2", { className: "cedros-settings-page-title", children: "Authentication" }),
+        /* @__PURE__ */ e("p", { className: "cedros-settings-page-description", children: "Configure authentication providers and methods for user sign-in." })
+      ] }),
+      /* @__PURE__ */ e(L, { status: S, error: k })
+    ] }),
+    /* @__PURE__ */ e("div", { className: "cedros-admin-tabs cedros-admin-tabs--line", children: D.map((l) => /* @__PURE__ */ e(
+      "button",
+      {
+        type: "button",
+        className: `cedros-admin-tab ${c === l.id ? "cedros-admin-tab-active" : ""}`,
+        onClick: () => _(l.id),
+        "aria-selected": c === l.id,
+        role: "tab",
+        children: l.label
+      },
+      l.id
+    )) }),
+    /* @__PURE__ */ e("div", { className: "cedros-admin-tab-content", role: "tabpanel", children: t?.isCustom ? /* @__PURE__ */ e(M, {}) : p.length === 0 ? /* @__PURE__ */ e("div", { className: "cedros-system-settings-empty", children: /* @__PURE__ */ r("p", { children: [
+      "No settings found for ",
+      t?.label ?? "this provider",
+      "."
+    ] }) }) : /* @__PURE__ */ e(j, { settings: p, edits: h, onChange: C }) })
+  ] });
+}
+export {
+  X as A
+};