npm - @cloudflare/workers-auth - Versions diffs - 0.1.1 → 0.3.0 - Mend

@cloudflare/workers-auth 0.1.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.mjs CHANGED Viewed

@@ -1,920 +1,108 @@
 import { __name } from './chunk-O6YSETKJ.mjs';
-import { mkdirSync, writeFileSync, chmodSync, rmSync } from 'node:fs';
-import path from 'node:path';
-import { getEnvironmentVariableFactory, getCloudflareApiEnvironmentFromEnv, UserError, getGlobalWranglerConfigPath, parseTOML, readFileSync, getCloudflareComplianceRegion } from '@cloudflare/workers-utils';
+import { getEnvironmentVariableFactory, getCloudflareApiEnvironmentFromEnv, UserError, getCloudflareApiBaseUrl, COMPLIANCE_REGION_CONFIG_PUBLIC, FatalError, getCloudflareComplianceRegion } from '@cloudflare/workers-utils';
 import { spawnSync } from 'node:child_process';
 import { fetch } from 'undici';
 import assert2 from 'node:assert';
 import http from 'node:http';
 import url from 'node:url';
-import { webcrypto } from 'node:crypto';
+import { webcrypto, createHash } from 'node:crypto';
 import { TextEncoder } from 'node:util';
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/error.js
-function getLineColFromPtr(string, ptr) {
-  let lines = string.slice(0, ptr).split(/\r\n|\n|\r/g);
-  return [lines.length, lines.pop().length + 1];
-}
-__name(getLineColFromPtr, "getLineColFromPtr");
-function makeCodeBlock(string, line, column) {
-  let lines = string.split(/\r\n|\n|\r/g);
-  let codeblock = "";
-  let numberLen = (Math.log10(line + 1) | 0) + 1;
-  for (let i = line - 1; i <= line + 1; i++) {
-    let l = lines[i - 1];
-    if (!l)
-      continue;
-    codeblock += i.toString().padEnd(numberLen, " ");
-    codeblock += ":  ";
-    codeblock += l;
-    codeblock += "\n";
-    if (i === line) {
-      codeblock += " ".repeat(numberLen + column + 2);
-      codeblock += "^\n";
-    }
-  }
-  return codeblock;
-}
-__name(makeCodeBlock, "makeCodeBlock");
-var TomlError = class extends Error {
-  static {
-    __name(this, "TomlError");
-  }
-  line;
-  column;
-  codeblock;
-  constructor(message, options) {
-    const [line, column] = getLineColFromPtr(options.toml, options.ptr);
-    const codeblock = makeCodeBlock(options.toml, line, column);
-    super(`Invalid TOML document: ${message}
-${codeblock}`, options);
-    this.line = line;
-    this.column = column;
-    this.codeblock = codeblock;
-  }
-};
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/util.js
-function isEscaped(str, ptr) {
-  let i = 0;
-  while (str[ptr - ++i] === "\\")
-    ;
-  return --i && i % 2;
-}
-__name(isEscaped, "isEscaped");
-function indexOfNewline(str, start = 0, end = str.length) {
-  let idx = str.indexOf("\n", start);
-  if (str[idx - 1] === "\r")
-    idx--;
-  return idx <= end ? idx : -1;
-}
-__name(indexOfNewline, "indexOfNewline");
-function skipComment(str, ptr) {
-  for (let i = ptr; i < str.length; i++) {
-    let c = str[i];
-    if (c === "\n")
-      return i;
-    if (c === "\r" && str[i + 1] === "\n")
-      return i + 1;
-    if (c < " " && c !== "	" || c === "\x7F") {
-      throw new TomlError("control characters are not allowed in comments", {
-        toml: str,
-        ptr
-      });
-    }
-  }
-  return str.length;
-}
-__name(skipComment, "skipComment");
-function skipVoid(str, ptr, banNewLines, banComments) {
-  let c;
-  while ((c = str[ptr]) === " " || c === "	" || !banNewLines && (c === "\n" || c === "\r" && str[ptr + 1] === "\n"))
-    ptr++;
-  return banComments || c !== "#" ? ptr : skipVoid(str, skipComment(str, ptr), banNewLines);
-}
-__name(skipVoid, "skipVoid");
-function skipUntil(str, ptr, sep, end, banNewLines = false) {
-  if (!end) {
-    ptr = indexOfNewline(str, ptr);
-    return ptr < 0 ? str.length : ptr;
-  }
-  for (let i = ptr; i < str.length; i++) {
-    let c = str[i];
-    if (c === "#") {
-      i = indexOfNewline(str, i);
-    } else if (c === sep) {
-      return i + 1;
-    } else if (c === end || banNewLines && (c === "\n" || c === "\r" && str[i + 1] === "\n")) {
-      return i;
-    }
-  }
-  throw new TomlError("cannot find end of structure", {
-    toml: str,
-    ptr
-  });
-}
-__name(skipUntil, "skipUntil");
-function getStringEnd(str, seek) {
-  let first = str[seek];
-  let target = first === str[seek + 1] && str[seek + 1] === str[seek + 2] ? str.slice(seek, seek + 3) : first;
-  seek += target.length - 1;
-  do
-    seek = str.indexOf(target, ++seek);
-  while (seek > -1 && first !== "'" && isEscaped(str, seek));
-  if (seek > -1) {
-    seek += target.length;
-    if (target.length > 1) {
-      if (str[seek] === first)
-        seek++;
-      if (str[seek] === first)
-        seek++;
-    }
-  }
-  return seek;
-}
-__name(getStringEnd, "getStringEnd");
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/date.js
-var DATE_TIME_RE = /^(\d{4}-\d{2}-\d{2})?[T ]?(?:(\d{2}):\d{2}:\d{2}(?:\.\d+)?)?(Z|[-+]\d{2}:\d{2})?$/i;
-var TomlDate = class _TomlDate extends Date {
-  static {
-    __name(this, "TomlDate");
-  }
-  #hasDate = false;
-  #hasTime = false;
-  #offset = null;
-  constructor(date) {
-    let hasDate = true;
-    let hasTime = true;
-    let offset = "Z";
-    if (typeof date === "string") {
-      let match = date.match(DATE_TIME_RE);
-      if (match) {
-        if (!match[1]) {
-          hasDate = false;
-          date = `0000-01-01T${date}`;
-        }
-        hasTime = !!match[2];
-        hasTime && date[10] === " " && (date = date.replace(" ", "T"));
-        if (match[2] && +match[2] > 23) {
-          date = "";
-        } else {
-          offset = match[3] || null;
-          date = date.toUpperCase();
-          if (!offset && hasTime)
-            date += "Z";
-        }
-      } else {
-        date = "";
-      }
-    }
-    super(date);
-    if (!isNaN(this.getTime())) {
-      this.#hasDate = hasDate;
-      this.#hasTime = hasTime;
-      this.#offset = offset;
-    }
-  }
-  isDateTime() {
-    return this.#hasDate && this.#hasTime;
-  }
-  isLocal() {
-    return !this.#hasDate || !this.#hasTime || !this.#offset;
-  }
-  isDate() {
-    return this.#hasDate && !this.#hasTime;
-  }
-  isTime() {
-    return this.#hasTime && !this.#hasDate;
-  }
-  isValid() {
-    return this.#hasDate || this.#hasTime;
-  }
-  toISOString() {
-    let iso = super.toISOString();
-    if (this.isDate())
-      return iso.slice(0, 10);
-    if (this.isTime())
-      return iso.slice(11, 23);
-    if (this.#offset === null)
-      return iso.slice(0, -1);
-    if (this.#offset === "Z")
-      return iso;
-    let offset = +this.#offset.slice(1, 3) * 60 + +this.#offset.slice(4, 6);
-    offset = this.#offset[0] === "-" ? offset : -offset;
-    let offsetDate = new Date(this.getTime() - offset * 6e4);
-    return offsetDate.toISOString().slice(0, -1) + this.#offset;
-  }
-  static wrapAsOffsetDateTime(jsDate, offset = "Z") {
-    let date = new _TomlDate(jsDate);
-    date.#offset = offset;
-    return date;
-  }
-  static wrapAsLocalDateTime(jsDate) {
-    let date = new _TomlDate(jsDate);
-    date.#offset = null;
-    return date;
-  }
-  static wrapAsLocalDate(jsDate) {
-    let date = new _TomlDate(jsDate);
-    date.#hasTime = false;
-    date.#offset = null;
-    return date;
-  }
-  static wrapAsLocalTime(jsDate) {
-    let date = new _TomlDate(jsDate);
-    date.#hasDate = false;
-    date.#offset = null;
-    return date;
+// src/state.ts
+var hasWarnedAboutDeprecatedV1ApiToken = false;
+function readStoredAuthState(options) {
+  const { configOverride, warningLogger, storage } = options;
+  let parsed;
+  try {
+    parsed = configOverride ?? storage.read();
+  } catch {
+    return {};
   }
-};
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/primitive.js
-var INT_REGEX = /^((0x[0-9a-fA-F](_?[0-9a-fA-F])*)|(([+-]|0[ob])?\d(_?\d)*))$/;
-var FLOAT_REGEX = /^[+-]?\d(_?\d)*(\.\d(_?\d)*)?([eE][+-]?\d(_?\d)*)?$/;
-var LEADING_ZERO = /^[+-]?0[0-9_]/;
-var ESCAPE_REGEX = /^[0-9a-f]{4,8}$/i;
-var ESC_MAP = {
-  b: "\b",
-  t: "	",
-  n: "\n",
-  f: "\f",
-  r: "\r",
-  '"': '"',
-  "\\": "\\"
-};
-function parseString(str, ptr = 0, endPtr = str.length) {
-  let isLiteral = str[ptr] === "'";
-  let isMultiline = str[ptr++] === str[ptr] && str[ptr] === str[ptr + 1];
-  if (isMultiline) {
-    endPtr -= 2;
-    if (str[ptr += 2] === "\r")
-      ptr++;
-    if (str[ptr] === "\n")
-      ptr++;
-  }
-  let tmp = 0;
-  let isEscape;
-  let parsed = "";
-  let sliceStart = ptr;
-  while (ptr < endPtr - 1) {
-    let c = str[ptr++];
-    if (c === "\n" || c === "\r" && str[ptr] === "\n") {
-      if (!isMultiline) {
-        throw new TomlError("newlines are not allowed in strings", {
-          toml: str,
-          ptr: ptr - 1
-        });
-      }
-    } else if (c < " " && c !== "	" || c === "\x7F") {
-      throw new TomlError("control characters are not allowed in strings", {
-        toml: str,
-        ptr: ptr - 1
-      });
-    }
-    if (isEscape) {
-      isEscape = false;
-      if (c === "u" || c === "U") {
-        let code = str.slice(ptr, ptr += c === "u" ? 4 : 8);
-        if (!ESCAPE_REGEX.test(code)) {
-          throw new TomlError("invalid unicode escape", {
-            toml: str,
-            ptr: tmp
-          });
-        }
-        try {
-          parsed += String.fromCodePoint(parseInt(code, 16));
-        } catch {
-          throw new TomlError("invalid unicode escape", {
-            toml: str,
-            ptr: tmp
-          });
-        }
-      } else if (isMultiline && (c === "\n" || c === " " || c === "	" || c === "\r")) {
-        ptr = skipVoid(str, ptr - 1, true);
-        if (str[ptr] !== "\n" && str[ptr] !== "\r") {
-          throw new TomlError("invalid escape: only line-ending whitespace may be escaped", {
-            toml: str,
-            ptr: tmp
-          });
-        }
-        ptr = skipVoid(str, ptr);
-      } else if (c in ESC_MAP) {
-        parsed += ESC_MAP[c];
-      } else {
-        throw new TomlError("unrecognized escape sequence", {
-          toml: str,
-          ptr: tmp
-        });
-      }
-      sliceStart = ptr;
-    } else if (!isLiteral && c === "\\") {
-      tmp = ptr - 1;
-      isEscape = true;
-      parsed += str.slice(sliceStart, tmp);
-    }
+  const { oauth_token, refresh_token, expiration_time, scopes, api_token } = parsed;
+  if (oauth_token) {
+    return {
+      accessToken: {
+        value: oauth_token,
+        // If there is no `expiration_time` field then set it to an old date, to cause it to expire immediately.
+        expiry: expiration_time ?? "2000-01-01:00:00:00+00:00"
+      },
+      refreshToken: { value: refresh_token ?? "" },
+      scopes
+    };
   }
-  return parsed + str.slice(sliceStart, endPtr - 1);
-}
-__name(parseString, "parseString");
-function parseValue(value, toml, ptr, integersAsBigInt) {
-  if (value === "true")
-    return true;
-  if (value === "false")
-    return false;
-  if (value === "-inf")
-    return -Infinity;
-  if (value === "inf" || value === "+inf")
-    return Infinity;
-  if (value === "nan" || value === "+nan" || value === "-nan")
-    return NaN;
-  if (value === "-0")
-    return integersAsBigInt ? 0n : 0;
-  let isInt = INT_REGEX.test(value);
-  if (isInt || FLOAT_REGEX.test(value)) {
-    if (LEADING_ZERO.test(value)) {
-      throw new TomlError("leading zeroes are not allowed", {
-        toml,
-        ptr
-      });
-    }
-    value = value.replace(/_/g, "");
-    let numeric = +value;
-    if (isNaN(numeric)) {
-      throw new TomlError("invalid number", {
-        toml,
-        ptr
-      });
-    }
-    if (isInt) {
-      if ((isInt = !Number.isSafeInteger(numeric)) && !integersAsBigInt) {
-        throw new TomlError("integer value cannot be represented losslessly", {
-          toml,
-          ptr
-        });
-      }
-      if (isInt || integersAsBigInt === true)
-        numeric = BigInt(value);
+  if (api_token) {
+    if (!hasWarnedAboutDeprecatedV1ApiToken && warningLogger) {
+      hasWarnedAboutDeprecatedV1ApiToken = true;
+      warningLogger.warn(
+        `It looks like you have used Wrangler v1's \`config\` command to login with an API token
+from ${configOverride === void 0 ? storage.path() : "in-memory config"}.
+This is no longer supported in the current version of Wrangler.
+If you wish to authenticate via an API token then please set the \`CLOUDFLARE_API_TOKEN\` environment variable.`
+      );
     }
-    return numeric;
-  }
-  const date = new TomlDate(value);
-  if (!date.isValid()) {
-    throw new TomlError("invalid value", {
-      toml,
-      ptr
-    });
+    return { deprecatedApiToken: api_token };
   }
-  return date;
+  return {};
 }
-__name(parseValue, "parseValue");
+__name(readStoredAuthState, "readStoredAuthState");
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/extract.js
-function sliceAndTrimEndOf(str, startPtr, endPtr, allowNewLines) {
-  let value = str.slice(startPtr, endPtr);
-  let commentIdx = value.indexOf("#");
-  if (commentIdx > -1) {
-    skipComment(str, commentIdx);
-    value = value.slice(0, commentIdx);
-  }
-  let trimmed = value.trimEnd();
-  if (!allowNewLines) {
-    let newlineIdx = value.indexOf("\n", trimmed.length);
-    if (newlineIdx > -1) {
-      throw new TomlError("newlines are not allowed in inline tables", {
-        toml: str,
-        ptr: startPtr + newlineIdx
-      });
-    }
-  }
-  return [trimmed, commentIdx];
-}
-__name(sliceAndTrimEndOf, "sliceAndTrimEndOf");
-function extractValue(str, ptr, end, depth, integersAsBigInt) {
-  if (depth === 0) {
-    throw new TomlError("document contains excessively nested structures. aborting.", {
-      toml: str,
-      ptr
-    });
-  }
-  let c = str[ptr];
-  if (c === "[" || c === "{") {
-    let [value, endPtr2] = c === "[" ? parseArray(str, ptr, depth, integersAsBigInt) : parseInlineTable(str, ptr, depth, integersAsBigInt);
-    let newPtr = end ? skipUntil(str, endPtr2, ",", end) : endPtr2;
-    if (endPtr2 - newPtr && end === "}") {
-      let nextNewLine = indexOfNewline(str, endPtr2, newPtr);
-      if (nextNewLine > -1) {
-        throw new TomlError("newlines are not allowed in inline tables", {
-          toml: str,
-          ptr: nextNewLine
-        });
-      }
-    }
-    return [value, newPtr];
-  }
-  let endPtr;
-  if (c === '"' || c === "'") {
-    endPtr = getStringEnd(str, ptr);
-    let parsed = parseString(str, ptr, endPtr);
-    if (end) {
-      endPtr = skipVoid(str, endPtr, end !== "]");
-      if (str[endPtr] && str[endPtr] !== "," && str[endPtr] !== end && str[endPtr] !== "\n" && str[endPtr] !== "\r") {
-        throw new TomlError("unexpected character encountered", {
-          toml: str,
-          ptr: endPtr
-        });
-      }
-      endPtr += +(str[endPtr] === ",");
+// src/credentials.ts
+var getCloudflareAPITokenFromEnv = getEnvironmentVariableFactory({
+  variableName: "CLOUDFLARE_API_TOKEN",
+  deprecatedName: "CF_API_TOKEN"
+});
+var getCloudflareGlobalAuthKeyFromEnv = getEnvironmentVariableFactory({
+  variableName: "CLOUDFLARE_API_KEY",
+  deprecatedName: "CF_API_KEY"
+});
+var getCloudflareGlobalAuthEmailFromEnv = getEnvironmentVariableFactory({
+  variableName: "CLOUDFLARE_EMAIL",
+  deprecatedName: "CF_EMAIL"
+});
+function getAuthFromEnv(options) {
+  const allowGlobalAuthKey = options?.allowGlobalAuthKey ?? true;
+  if (allowGlobalAuthKey) {
+    const globalApiKey = getCloudflareGlobalAuthKeyFromEnv();
+    const globalApiEmail = getCloudflareGlobalAuthEmailFromEnv();
+    if (globalApiKey && globalApiEmail) {
+      return { authKey: globalApiKey, authEmail: globalApiEmail };
     }
-    return [parsed, endPtr];
-  }
-  endPtr = skipUntil(str, ptr, ",", end);
-  let slice = sliceAndTrimEndOf(str, ptr, endPtr - +(str[endPtr - 1] === ","), end === "]");
-  if (!slice[0]) {
-    throw new TomlError("incomplete key-value declaration: no value specified", {
-      toml: str,
-      ptr
-    });
-  }
-  if (end && slice[1] > -1) {
-    endPtr = skipVoid(str, ptr + slice[1]);
-    endPtr += +(str[endPtr] === ",");
   }
-  return [
-    parseValue(slice[0], str, ptr, integersAsBigInt),
-    endPtr
-  ];
-}
-__name(extractValue, "extractValue");
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/struct.js
-var KEY_PART_RE = /^[a-zA-Z0-9-_]+[ \t]*$/;
-function parseKey(str, ptr, end = "=") {
-  let dot = ptr - 1;
-  let parsed = [];
-  let endPtr = str.indexOf(end, ptr);
-  if (endPtr < 0) {
-    throw new TomlError("incomplete key-value: cannot find end of key", {
-      toml: str,
-      ptr
-    });
+  const apiToken = getCloudflareAPITokenFromEnv();
+  if (apiToken) {
+    return { apiToken };
   }
-  do {
-    let c = str[ptr = ++dot];
-    if (c !== " " && c !== "	") {
-      if (c === '"' || c === "'") {
-        if (c === str[ptr + 1] && c === str[ptr + 2]) {
-          throw new TomlError("multiline strings are not allowed in keys", {
-            toml: str,
-            ptr
-          });
-        }
-        let eos = getStringEnd(str, ptr);
-        if (eos < 0) {
-          throw new TomlError("unfinished string encountered", {
-            toml: str,
-            ptr
-          });
-        }
-        dot = str.indexOf(".", eos);
-        let strEnd = str.slice(eos, dot < 0 || dot > endPtr ? endPtr : dot);
-        let newLine = indexOfNewline(strEnd);
-        if (newLine > -1) {
-          throw new TomlError("newlines are not allowed in keys", {
-            toml: str,
-            ptr: ptr + dot + newLine
-          });
-        }
-        if (strEnd.trimStart()) {
-          throw new TomlError("found extra tokens after the string part", {
-            toml: str,
-            ptr: eos
-          });
-        }
-        if (endPtr < eos) {
-          endPtr = str.indexOf(end, eos);
-          if (endPtr < 0) {
-            throw new TomlError("incomplete key-value: cannot find end of key", {
-              toml: str,
-              ptr
-            });
-          }
-        }
-        parsed.push(parseString(str, ptr, eos));
-      } else {
-        dot = str.indexOf(".", ptr);
-        let part = str.slice(ptr, dot < 0 || dot > endPtr ? endPtr : dot);
-        if (!KEY_PART_RE.test(part)) {
-          throw new TomlError("only letter, numbers, dashes and underscores are allowed in keys", {
-            toml: str,
-            ptr
-          });
-        }
-        parsed.push(part.trimEnd());
-      }
-    }
-  } while (dot + 1 && dot < endPtr);
-  return [parsed, skipVoid(str, endPtr + 1, true, true)];
+  return void 0;
 }
-__name(parseKey, "parseKey");
-function parseInlineTable(str, ptr, depth, integersAsBigInt) {
-  let res = {};
-  let seen = /* @__PURE__ */ new Set();
-  let c;
-  let comma = 0;
-  ptr++;
-  while ((c = str[ptr++]) !== "}" && c) {
-    let err = { toml: str, ptr: ptr - 1 };
-    if (c === "\n") {
-      throw new TomlError("newlines are not allowed in inline tables", err);
-    } else if (c === "#") {
-      throw new TomlError("inline tables cannot contain comments", err);
-    } else if (c === ",") {
-      throw new TomlError("expected key-value, found comma", err);
-    } else if (c !== " " && c !== "	") {
-      let k;
-      let t = res;
-      let hasOwn = false;
-      let [key, keyEndPtr] = parseKey(str, ptr - 1);
-      for (let i = 0; i < key.length; i++) {
-        if (i)
-          t = hasOwn ? t[k] : t[k] = {};
-        k = key[i];
-        if ((hasOwn = Object.hasOwn(t, k)) && (typeof t[k] !== "object" || seen.has(t[k]))) {
-          throw new TomlError("trying to redefine an already defined value", {
-            toml: str,
-            ptr
-          });
-        }
-        if (!hasOwn && k === "__proto__") {
-          Object.defineProperty(t, k, { enumerable: true, configurable: true, writable: true });
-        }
-      }
-      if (hasOwn) {
-        throw new TomlError("trying to redefine an already defined value", {
-          toml: str,
-          ptr
-        });
-      }
-      let [value, valueEndPtr] = extractValue(str, keyEndPtr, "}", depth - 1, integersAsBigInt);
-      seen.add(value);
-      t[k] = value;
-      ptr = valueEndPtr;
-      comma = str[ptr - 1] === "," ? ptr - 1 : 0;
-    }
-  }
-  if (comma) {
-    throw new TomlError("trailing commas are not allowed in inline tables", {
-      toml: str,
-      ptr: comma
-    });
+__name(getAuthFromEnv, "getAuthFromEnv");
+function getAPIToken(options) {
+  const envAuth = getAuthFromEnv(options);
+  if (envAuth) {
+    return envAuth;
+  }
+  const stored = readStoredAuthState({
+    storage: options.storage,
+    warningLogger: options.warningLogger
+  });
+  if (stored.deprecatedApiToken) {
+    return { apiToken: stored.deprecatedApiToken };
   }
-  if (!c) {
-    throw new TomlError("unfinished table encountered", {
-      toml: str,
-      ptr
-    });
+  if (stored.accessToken?.value) {
+    return { apiToken: stored.accessToken.value };
   }
-  return [res, ptr];
+  return void 0;
 }
-__name(parseInlineTable, "parseInlineTable");
-function parseArray(str, ptr, depth, integersAsBigInt) {
-  let res = [];
-  let c;
-  ptr++;
-  while ((c = str[ptr++]) !== "]" && c) {
-    if (c === ",") {
-      throw new TomlError("expected value, found comma", {
-        toml: str,
-        ptr: ptr - 1
-      });
-    } else if (c === "#")
-      ptr = skipComment(str, ptr);
-    else if (c !== " " && c !== "	" && c !== "\n" && c !== "\r") {
-      let e = extractValue(str, ptr - 1, "]", depth - 1, integersAsBigInt);
-      res.push(e[0]);
-      ptr = e[1];
-    }
-  }
-  if (!c) {
-    throw new TomlError("unfinished array encountered", {
-      toml: str,
-      ptr
+__name(getAPIToken, "getAPIToken");
+function requireApiToken(options) {
+  const credentials = getAPIToken(options);
+  if (!credentials) {
+    throw new UserError("No API token found.", {
+      telemetryMessage: "user auth missing api token"
     });
   }
-  return [res, ptr];
-}
-__name(parseArray, "parseArray");
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/parse.js
-function peekTable(key, table, meta, type) {
-  let t = table;
-  let m = meta;
-  let k;
-  let hasOwn = false;
-  let state;
-  for (let i = 0; i < key.length; i++) {
-    if (i) {
-      t = hasOwn ? t[k] : t[k] = {};
-      m = (state = m[k]).c;
-      if (type === 0 && (state.t === 1 || state.t === 2)) {
-        return null;
-      }
-      if (state.t === 2) {
-        let l = t.length - 1;
-        t = t[l];
-        m = m[l].c;
-      }
-    }
-    k = key[i];
-    if ((hasOwn = Object.hasOwn(t, k)) && m[k]?.t === 0 && m[k]?.d) {
-      return null;
-    }
-    if (!hasOwn) {
-      if (k === "__proto__") {
-        Object.defineProperty(t, k, { enumerable: true, configurable: true, writable: true });
-        Object.defineProperty(m, k, { enumerable: true, configurable: true, writable: true });
-      }
-      m[k] = {
-        t: i < key.length - 1 && type === 2 ? 3 : type,
-        d: false,
-        i: 0,
-        c: {}
-      };
-    }
-  }
-  state = m[k];
-  if (state.t !== type && !(type === 1 && state.t === 3)) {
-    return null;
-  }
-  if (type === 2) {
-    if (!state.d) {
-      state.d = true;
-      t[k] = [];
-    }
-    t[k].push(t = {});
-    state.c[state.i++] = state = { t: 1, d: false, i: 0, c: {} };
-  }
-  if (state.d) {
-    return null;
-  }
-  state.d = true;
-  if (type === 1) {
-    t = hasOwn ? t[k] : t[k] = {};
-  } else if (type === 0 && hasOwn) {
-    return null;
-  }
-  return [k, t, state.c];
-}
-__name(peekTable, "peekTable");
-function parse(toml, { maxDepth = 1e3, integersAsBigInt } = {}) {
-  let res = {};
-  let meta = {};
-  let tbl = res;
-  let m = meta;
-  for (let ptr = skipVoid(toml, 0); ptr < toml.length; ) {
-    if (toml[ptr] === "[") {
-      let isTableArray = toml[++ptr] === "[";
-      let k = parseKey(toml, ptr += +isTableArray, "]");
-      if (isTableArray) {
-        if (toml[k[1] - 1] !== "]") {
-          throw new TomlError("expected end of table declaration", {
-            toml,
-            ptr: k[1] - 1
-          });
-        }
-        k[1]++;
-      }
-      let p = peekTable(
-        k[0],
-        res,
-        meta,
-        isTableArray ? 2 : 1
-        /* Type.EXPLICIT */
-      );
-      if (!p) {
-        throw new TomlError("trying to redefine an already defined table or value", {
-          toml,
-          ptr
-        });
-      }
-      m = p[2];
-      tbl = p[1];
-      ptr = k[1];
-    } else {
-      let k = parseKey(toml, ptr);
-      let p = peekTable(
-        k[0],
-        tbl,
-        m,
-        0
-        /* Type.DOTTED */
-      );
-      if (!p) {
-        throw new TomlError("trying to redefine an already defined table or value", {
-          toml,
-          ptr
-        });
-      }
-      let v = extractValue(toml, k[1], void 0, maxDepth, integersAsBigInt);
-      p[1][p[0]] = v[0];
-      ptr = v[1];
-    }
-    ptr = skipVoid(toml, ptr, true);
-    if (toml[ptr] && toml[ptr] !== "\n" && toml[ptr] !== "\r") {
-      throw new TomlError("each key-value declaration must be followed by an end-of-line", {
-        toml,
-        ptr
-      });
-    }
-    ptr = skipVoid(toml, ptr);
-  }
-  return res;
-}
-__name(parse, "parse");
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/stringify.js
-var BARE_KEY = /^[a-z0-9-_]+$/i;
-function extendedTypeOf(obj) {
-  let type = typeof obj;
-  if (type === "object") {
-    if (Array.isArray(obj))
-      return "array";
-    if (obj instanceof Date)
-      return "date";
-  }
-  return type;
-}
-__name(extendedTypeOf, "extendedTypeOf");
-function isArrayOfTables(obj) {
-  for (let i = 0; i < obj.length; i++) {
-    if (extendedTypeOf(obj[i]) !== "object")
-      return false;
-  }
-  return obj.length != 0;
-}
-__name(isArrayOfTables, "isArrayOfTables");
-function formatString(s) {
-  return JSON.stringify(s).replace(/\x7f/g, "\\u007f");
-}
-__name(formatString, "formatString");
-function stringifyValue(val, type, depth, numberAsFloat) {
-  if (depth === 0) {
-    throw new Error("Could not stringify the object: maximum object depth exceeded");
-  }
-  if (type === "number") {
-    if (isNaN(val))
-      return "nan";
-    if (val === Infinity)
-      return "inf";
-    if (val === -Infinity)
-      return "-inf";
-    if (numberAsFloat && Number.isInteger(val))
-      return val.toFixed(1);
-    return val.toString();
-  }
-  if (type === "bigint" || type === "boolean") {
-    return val.toString();
-  }
-  if (type === "string") {
-    return formatString(val);
-  }
-  if (type === "date") {
-    if (isNaN(val.getTime())) {
-      throw new TypeError("cannot serialize invalid date");
-    }
-    return val.toISOString();
-  }
-  if (type === "object") {
-    return stringifyInlineTable(val, depth, numberAsFloat);
-  }
-  if (type === "array") {
-    return stringifyArray(val, depth, numberAsFloat);
-  }
-}
-__name(stringifyValue, "stringifyValue");
-function stringifyInlineTable(obj, depth, numberAsFloat) {
-  let keys = Object.keys(obj);
-  if (keys.length === 0)
-    return "{}";
-  let res = "{ ";
-  for (let i = 0; i < keys.length; i++) {
-    let k = keys[i];
-    if (i)
-      res += ", ";
-    res += BARE_KEY.test(k) ? k : formatString(k);
-    res += " = ";
-    res += stringifyValue(obj[k], extendedTypeOf(obj[k]), depth - 1, numberAsFloat);
-  }
-  return res + " }";
-}
-__name(stringifyInlineTable, "stringifyInlineTable");
-function stringifyArray(array, depth, numberAsFloat) {
-  if (array.length === 0)
-    return "[]";
-  let res = "[ ";
-  for (let i = 0; i < array.length; i++) {
-    if (i)
-      res += ", ";
-    if (array[i] === null || array[i] === void 0) {
-      throw new TypeError("arrays cannot contain null or undefined values");
-    }
-    res += stringifyValue(array[i], extendedTypeOf(array[i]), depth - 1, numberAsFloat);
-  }
-  return res + " ]";
+  return credentials;
 }
-__name(stringifyArray, "stringifyArray");
-function stringifyArrayTable(array, key, depth, numberAsFloat) {
-  if (depth === 0) {
-    throw new Error("Could not stringify the object: maximum object depth exceeded");
-  }
-  let res = "";
-  for (let i = 0; i < array.length; i++) {
-    res += `${res && "\n"}[[${key}]]
-`;
-    res += stringifyTable(0, array[i], key, depth, numberAsFloat);
-  }
-  return res;
-}
-__name(stringifyArrayTable, "stringifyArrayTable");
-function stringifyTable(tableKey, obj, prefix, depth, numberAsFloat) {
-  if (depth === 0) {
-    throw new Error("Could not stringify the object: maximum object depth exceeded");
-  }
-  let preamble = "";
-  let tables = "";
-  let keys = Object.keys(obj);
-  for (let i = 0; i < keys.length; i++) {
-    let k = keys[i];
-    if (obj[k] !== null && obj[k] !== void 0) {
-      let type = extendedTypeOf(obj[k]);
-      if (type === "symbol" || type === "function") {
-        throw new TypeError(`cannot serialize values of type '${type}'`);
-      }
-      let key = BARE_KEY.test(k) ? k : formatString(k);
-      if (type === "array" && isArrayOfTables(obj[k])) {
-        tables += (tables && "\n") + stringifyArrayTable(obj[k], prefix ? `${prefix}.${key}` : key, depth - 1, numberAsFloat);
-      } else if (type === "object") {
-        let tblKey = prefix ? `${prefix}.${key}` : key;
-        tables += (tables && "\n") + stringifyTable(tblKey, obj[k], tblKey, depth - 1, numberAsFloat);
-      } else {
-        preamble += key;
-        preamble += " = ";
-        preamble += stringifyValue(obj[k], type, depth, numberAsFloat);
-        preamble += "\n";
-      }
-    }
-  }
-  if (tableKey && (preamble || !tables))
-    preamble = preamble ? `[${tableKey}]
-${preamble}` : `[${tableKey}]`;
-  return preamble && tables ? `${preamble}
-${tables}` : preamble || tables;
-}
-__name(stringifyTable, "stringifyTable");
-function stringify(obj, { maxDepth = 1e3, numbersAsFloat = false } = {}) {
-  if (extendedTypeOf(obj) !== "object") {
-    throw new TypeError("stringify can only be called with an object");
-  }
-  let str = stringifyTable(0, obj, "", maxDepth, numbersAsFloat);
-  if (str[str.length - 1] !== "\n")
-    return str + "\n";
-  return str;
-}
-__name(stringify, "stringify");
-// ../../node_modules/.pnpm/smol-toml@1.5.2/node_modules/smol-toml/dist/index.js
-var dist_default = { parse, stringify, TomlDate, TomlError };
-// src/auth-config-file.ts
-var USER_AUTH_CONFIG_PATH = "config";
-function getAuthConfigFilePath() {
-  const environment = getCloudflareApiEnvironmentFromEnv();
-  const filePath = `${USER_AUTH_CONFIG_PATH}/${environment === "production" ? "default.toml" : `${environment}.toml`}`;
-  return path.join(getGlobalWranglerConfigPath(), filePath);
-}
-__name(getAuthConfigFilePath, "getAuthConfigFilePath");
-function writeAuthConfigFile(config) {
-  const configPath = getAuthConfigFilePath();
-  mkdirSync(path.dirname(configPath), {
-    recursive: true
-  });
-  writeFileSync(configPath, dist_default.stringify(config), {
-    encoding: "utf-8",
-    mode: 384
-  });
-  chmodSync(configPath, 384);
-}
-__name(writeAuthConfigFile, "writeAuthConfigFile");
-function readAuthConfigFile() {
-  return parseTOML(readFileSync(getAuthConfigFilePath()));
-}
-__name(readAuthConfigFile, "readAuthConfigFile");
-var getClientIdFromEnv = getEnvironmentVariableFactory({
-  variableName: "WRANGLER_CLIENT_ID",
-  defaultValue: /* @__PURE__ */ __name(() => getCloudflareApiEnvironmentFromEnv() === "staging" ? "4b2ea6cc-9421-4761-874b-ce550e0e3def" : "54d11594-84e4-41aa-b438-e81b8fa78ee7", "defaultValue")
-});
+__name(requireApiToken, "requireApiToken");
 var getAuthDomainFromEnv = getEnvironmentVariableFactory({
   variableName: "WRANGLER_AUTH_DOMAIN",
   defaultValue: /* @__PURE__ */ __name(() => getCloudflareApiEnvironmentFromEnv() === "staging" ? "dash.staging.cloudflare.com" : "dash.cloudflare.com", "defaultValue")
@@ -1050,6 +238,48 @@ async function getCloudflareAccessHeaders(options) {
   return getAccessHeaders(getAuthDomainFromEnv(), options);
 }
 __name(getCloudflareAccessHeaders, "getCloudflareAccessHeaders");
+// ../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js
+function dedent(templ) {
+  var values = [];
+  for (var _i = 1; _i < arguments.length; _i++) {
+    values[_i - 1] = arguments[_i];
+  }
+  var strings = Array.from(typeof templ === "string" ? [templ] : templ);
+  strings[strings.length - 1] = strings[strings.length - 1].replace(/\r?\n([\t ]*)$/, "");
+  var indentLengths = strings.reduce(function(arr, str) {
+    var matches = str.match(/\n([\t ]+|(?!\s).)/g);
+    if (matches) {
+      return arr.concat(matches.map(function(match) {
+        var _a, _b;
+        return (_b = (_a = match.match(/[\t ]/g)) === null || _a === void 0 ? void 0 : _a.length) !== null && _b !== void 0 ? _b : 0;
+      }));
+    }
+    return arr;
+  }, []);
+  if (indentLengths.length) {
+    var pattern_1 = new RegExp("\n[	 ]{" + Math.min.apply(Math, indentLengths) + "}", "g");
+    strings = strings.map(function(str) {
+      return str.replace(pattern_1, "\n");
+    });
+  }
+  strings[0] = strings[0].replace(/^\r?\n/, "");
+  var string = strings[0];
+  values.forEach(function(value, i) {
+    var endentations = string.match(/(?:^|\n)( *)$/);
+    var endentation = endentations ? endentations[1] : "";
+    var indentedValue = value;
+    if (typeof value === "string" && value.includes("\n")) {
+      indentedValue = String(value).split("\n").map(function(str, i2) {
+        return i2 === 0 ? str : "" + endentation + str;
+      }).join("\n");
+    }
+    string += indentedValue + strings[i + 1];
+  });
+  return string;
+}
+__name(dedent, "dedent");
+var esm_default = dedent;
 var ErrorOAuth2 = class extends UserError {
   static {
     __name(this, "ErrorOAuth2");
@@ -1289,60 +519,6 @@ function toErrorClass(rawError, description, uri) {
   return error;
 }
 __name(toErrorClass, "toErrorClass");
-// ../../node_modules/.pnpm/ts-dedent@2.2.0/node_modules/ts-dedent/esm/index.js
-function dedent(templ) {
-  var values = [];
-  for (var _i = 1; _i < arguments.length; _i++) {
-    values[_i - 1] = arguments[_i];
-  }
-  var strings = Array.from(typeof templ === "string" ? [templ] : templ);
-  strings[strings.length - 1] = strings[strings.length - 1].replace(/\r?\n([\t ]*)$/, "");
-  var indentLengths = strings.reduce(function(arr, str) {
-    var matches = str.match(/\n([\t ]+|(?!\s).)/g);
-    if (matches) {
-      return arr.concat(matches.map(function(match) {
-        var _a, _b;
-        return (_b = (_a = match.match(/[\t ]/g)) === null || _a === void 0 ? void 0 : _a.length) !== null && _b !== void 0 ? _b : 0;
-      }));
-    }
-    return arr;
-  }, []);
-  if (indentLengths.length) {
-    var pattern_1 = new RegExp("\n[	 ]{" + Math.min.apply(Math, indentLengths) + "}", "g");
-    strings = strings.map(function(str) {
-      return str.replace(pattern_1, "\n");
-    });
-  }
-  strings[0] = strings[0].replace(/^\r?\n/, "");
-  var string = strings[0];
-  values.forEach(function(value, i) {
-    var endentations = string.match(/(?:^|\n)( *)$/);
-    var endentation = endentations ? endentations[1] : "";
-    var indentedValue = value;
-    if (typeof value === "string" && value.includes("\n")) {
-      indentedValue = String(value).split("\n").map(function(str, i2) {
-        return i2 === 0 ? str : "" + endentation + str;
-      }).join("\n");
-    }
-    string += indentedValue + strings[i + 1];
-  });
-  return string;
-}
-__name(dedent, "dedent");
-var esm_default = dedent;
-// src/generate-auth-url.ts
-var OAUTH_CALLBACK_URL = "http://localhost:8976/oauth/callback";
-var generateAuthUrl = /* @__PURE__ */ __name(({
-  authUrl,
-  clientId,
-  scopes,
-  stateQueryParam,
-  codeChallenge
-}) => {
-  return authUrl + `?response_type=code&client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(OAUTH_CALLBACK_URL)}&scope=${encodeURIComponent([...scopes, "offline_access"].join(" "))}&state=${stateQueryParam}&code_challenge=${encodeURIComponent(codeChallenge)}&code_challenge_method=S256`;
-}, "generateAuthUrl");
 var RECOMMENDED_CODE_VERIFIER_LENGTH = 96;
 var RECOMMENDED_STATE_LENGTH = 32;
 var PKCE_CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
@@ -1375,44 +551,6 @@ async function generatePKCECodes() {
 }
 __name(generatePKCECodes, "generatePKCECodes");
-// src/state.ts
-var hasWarnedAboutDeprecatedV1ApiToken = false;
-function readStoredAuthState(options) {
-  const { configOverride, warningLogger } = options ?? {};
-  let parsed;
-  try {
-    parsed = configOverride ?? readAuthConfigFile();
-  } catch {
-    return {};
-  }
-  const { oauth_token, refresh_token, expiration_time, scopes, api_token } = parsed;
-  if (oauth_token) {
-    return {
-      accessToken: {
-        value: oauth_token,
-        // If there is no `expiration_time` field then set it to an old date, to cause it to expire immediately.
-        expiry: expiration_time ?? "2000-01-01:00:00:00+00:00"
-      },
-      refreshToken: { value: refresh_token ?? "" },
-      scopes
-    };
-  }
-  if (api_token) {
-    if (!hasWarnedAboutDeprecatedV1ApiToken && warningLogger) {
-      hasWarnedAboutDeprecatedV1ApiToken = true;
-      warningLogger.warn(
-        `It looks like you have used Wrangler v1's \`config\` command to login with an API token
-from ${configOverride === void 0 ? getAuthConfigFilePath() : "in-memory config"}.
-This is no longer supported in the current version of Wrangler.
-If you wish to authenticate via an API token then please set the \`CLOUDFLARE_API_TOKEN\` environment variable.`
-      );
-    }
-    return { deprecatedApiToken: api_token };
-  }
-  return {};
-}
-__name(readStoredAuthState, "readStoredAuthState");
 // src/token-exchange.ts
 function isReturningFromAuthServer(query, state, logger) {
   if (query.error) {
@@ -1440,7 +578,7 @@ function isReturningFromAuthServer(query, state, logger) {
   return true;
 }
 __name(isReturningFromAuthServer, "isReturningFromAuthServer");
-async function getAuthURL(scopes, clientId, state, generators) {
+async function getAuthURL(scopes, clientId, redirectUri, state, generators) {
   const { codeChallenge, codeVerifier } = await generatePKCECodes();
   const stateQueryParam = generators.generateRandomState(
     RECOMMENDED_STATE_LENGTH
@@ -1455,13 +593,15 @@ async function getAuthURL(scopes, clientId, state, generators) {
     clientId,
     scopes,
     stateQueryParam,
-    codeChallenge
+    codeChallenge,
+    redirectUri
   });
 }
 __name(getAuthURL, "getAuthURL");
-async function exchangeRefreshTokenForAccessToken(logger, isNonInteractiveOrCI) {
+async function exchangeRefreshTokenForAccessToken(logger, isNonInteractiveOrCI, clientId, storage) {
   const storedRefreshToken = readStoredAuthState({
-    warningLogger: logger
+    warningLogger: logger,
+    storage
   }).refreshToken;
   if (!storedRefreshToken) {
     logger.warn("No refresh token is present.");
@@ -1469,7 +609,7 @@ async function exchangeRefreshTokenForAccessToken(logger, isNonInteractiveOrCI)
   const params = new URLSearchParams({
     grant_type: "refresh_token",
     refresh_token: storedRefreshToken?.value ?? "",
-    client_id: getClientIdFromEnv()
+    client_id: clientId
   });
   const response = await fetchAuthToken(params, logger, isNonInteractiveOrCI);
   if (response.status >= 400) {
@@ -1518,7 +658,7 @@ async function exchangeRefreshTokenForAccessToken(logger, isNonInteractiveOrCI)
   }
 }
 __name(exchangeRefreshTokenForAccessToken, "exchangeRefreshTokenForAccessToken");
-async function exchangeAuthCodeForAccessToken(state, logger, isNonInteractiveOrCI) {
+async function exchangeAuthCodeForAccessToken(state, logger, isNonInteractiveOrCI, clientId, redirectUri) {
   const { authorizationCode, codeVerifier = "" } = state;
   if (!codeVerifier) {
     logger.warn("No code verifier is being sent.");
@@ -1528,8 +668,8 @@ async function exchangeAuthCodeForAccessToken(state, logger, isNonInteractiveOrC
   const params = new URLSearchParams({
     grant_type: `authorization_code`,
     code: authorizationCode ?? "",
-    redirect_uri: OAUTH_CALLBACK_URL,
-    client_id: getClientIdFromEnv(),
+    redirect_uri: redirectUri,
+    client_id: clientId,
     code_verifier: codeVerifier
   });
   const response = await fetchAuthToken(params, logger, isNonInteractiveOrCI);
@@ -1586,7 +726,7 @@ async function fetchAuthToken(body, logger, isNonInteractiveOrCI) {
       headers
     });
     if (!response.ok) {
-      logger.error(
+      logger.debug(
         "Failed to fetch auth token:",
         response.status,
         response.statusText
@@ -1594,7 +734,7 @@ async function fetchAuthToken(body, logger, isNonInteractiveOrCI) {
     }
     return response;
   } catch (e) {
-    logger.error("Failed to fetch auth token:", e);
+    logger.debug("Failed to fetch auth token:", e);
     throw e;
   }
 }
@@ -1610,7 +750,9 @@ async function getJSONFromResponse(response, logger) {
       );
       if (text.match(/challenge-platform/)) {
         logger.error(
-          `It looks like you might have hit a bot challenge page. This may be transient but if not, please contact Cloudflare to find out what can be done. When you contact Cloudflare, please provide your Ray ID: ${response.headers.get("cf-ray")}`
+          `It looks like you might have hit a bot challenge page. This may be transient but if not, please contact Cloudflare to find out what can be done. When you contact Cloudflare, please provide your Ray ID: ${response.headers.get(
+            "cf-ray"
+          )}`
         );
       }
     }
@@ -1628,9 +770,11 @@ async function getOauthToken(options, state, ctx, generators) {
   const urlToOpen = await getAuthURL(
     options.scopes,
     options.clientId,
+    options.redirectUri,
     state,
     generators
   );
+  const callbackPath = new URL(options.redirectUri).pathname;
   let server;
   let loginTimeoutHandle;
   const timerPromise = new Promise((_, reject) => {
@@ -1705,7 +849,7 @@ async function getOauthToken(options, state, ctx, generators) {
         return res.end("OK");
       }
       switch (pathname) {
-        case "/oauth/callback": {
+        case callbackPath: {
           let hasAuthCode = false;
           try {
             hasAuthCode = isReturningFromAuthServer(query, state, ctx.logger);
@@ -1747,7 +891,9 @@ async function getOauthToken(options, state, ctx, generators) {
             const exchange = await exchangeAuthCodeForAccessToken(
               state,
               ctx.logger,
-              ctx.isNonInteractiveOrCI
+              ctx.isNonInteractiveOrCI,
+              options.clientId,
+              options.redirectUri
             );
             res.writeHead(307, {
               Location: options.granted.url
@@ -1768,12 +914,17 @@ async function getOauthToken(options, state, ctx, generators) {
         }
       }
     });
-    if (options.callbackHost !== "localhost" || options.callbackPort !== 8976) {
+    const redirect = new URL(options.redirectUri);
+    const redirectPort = Number(
+      redirect.port || (redirect.protocol === "https:" ? 443 : 80)
+    );
+    if (redirect.hostname !== options.callbackHost || redirectPort !== options.callbackPort) {
       ctx.logger.log(
         `Temporary login server listening on ${options.callbackHost}:${options.callbackPort}`
       );
       ctx.logger.log(
-        "Note that the OAuth login page will always redirect to `localhost:8976`.\nIf you have changed the callback host or port because you are running in a container, then ensure that you have port forwarding set up correctly."
+        `Note that the OAuth login page will always redirect to \`${options.redirectUri}\`.
+If you have changed the callback host or port because you are running in a container, then ensure that you have port forwarding set up correctly.`
       );
     }
     server.once("error", (err) => {
@@ -1800,12 +951,212 @@ async function getOauthToken(options, state, ctx, generators) {
   return Promise.race([timerPromise, loginPromise]);
 }
 __name(getOauthToken, "getOauthToken");
+// src/generate-auth-url.ts
+var generateAuthUrl = /* @__PURE__ */ __name(({
+  authUrl,
+  clientId,
+  scopes,
+  stateQueryParam,
+  codeChallenge,
+  redirectUri
+}) => {
+  return authUrl + `?response_type=code&client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectUri)}&scope=${encodeURIComponent([...scopes, "offline_access"].join(" "))}&state=${stateQueryParam}&code_challenge=${encodeURIComponent(codeChallenge)}&code_challenge_method=S256`;
+}, "generateAuthUrl");
 function generateRandomState(lengthOfState) {
   const output = new Uint32Array(lengthOfState);
   webcrypto.getRandomValues(output);
   return Array.from(output).map((num) => PKCE_CHARSET[num % PKCE_CHARSET.length]).join("");
 }
 __name(generateRandomState, "generateRandomState");
+var POW_MAX_ITERATIONS = 64e6;
+function solvePow(seed, k, g) {
+  const checkpoints = new Array(k + 1);
+  let h = createHash("sha256").update(seed).digest();
+  checkpoints[0] = h;
+  for (let j = 0; j < k; j++) {
+    for (let i = 0; i < g; i++) {
+      h = createHash("sha256").update(h).digest();
+    }
+    checkpoints[j + 1] = h;
+  }
+  return checkpoints;
+}
+__name(solvePow, "solvePow");
+function encodeCheckpoints(checkpoints) {
+  return Buffer.concat(checkpoints).toString("base64");
+}
+__name(encodeCheckpoints, "encodeCheckpoints");
+function solveChallenge(challenge) {
+  const checkpoints = solvePow(
+    Buffer.from(challenge.seed, "base64url"),
+    challenge.k,
+    challenge.g
+  );
+  return {
+    challengeToken: challenge.challengeToken,
+    solution: { checkpoints: encodeCheckpoints(checkpoints) }
+  };
+}
+__name(solveChallenge, "solveChallenge");
+// src/temporary.ts
+var TEMPORARY_TERMS_URLS = {
+  termsOfService: "https://www.cloudflare.com/terms/",
+  privacyPolicy: "https://www.cloudflare.com/privacypolicy/"
+};
+var TEMPORARY_TERMS_PROMPT = `You must accept Cloudflare's Terms of Service (${TEMPORARY_TERMS_URLS.termsOfService}) and Privacy Policy (${TEMPORARY_TERMS_URLS.privacyPolicy}) in order to continue. By typing "yes", you agree to these terms. Type "yes" to continue.`;
+var TEMPORARY_TERMS_NOTICE = `Continuing means you accept Cloudflare's Terms of Service (${TEMPORARY_TERMS_URLS.termsOfService}) and Privacy Policy (${TEMPORARY_TERMS_URLS.privacyPolicy}).`;
+var TEMPORARY_TERMS_ERROR = `You must accept Cloudflare's Terms of Service (${TEMPORARY_TERMS_URLS.termsOfService}) and Privacy Policy (${TEMPORARY_TERMS_URLS.privacyPolicy}) to use --temporary.`;
+function getTemporaryPreviewUrl() {
+  return `${getCloudflareApiBaseUrl(COMPLIANCE_REGION_CONFIG_PUBLIC)}/provisioning/previews`;
+}
+__name(getTemporaryPreviewUrl, "getTemporaryPreviewUrl");
+function getTemporaryPreviewChallengeUrl() {
+  return `${getTemporaryPreviewUrl()}/challenge`;
+}
+__name(getTemporaryPreviewChallengeUrl, "getTemporaryPreviewChallengeUrl");
+function isFutureTimestamp(timestamp) {
+  const parsed = Date.parse(timestamp);
+  return !Number.isNaN(parsed) && parsed > Date.now();
+}
+__name(isFutureTimestamp, "isFutureTimestamp");
+function getCachedTemporaryPreviewAccount(storage) {
+  let temporaryPreviewAccount;
+  try {
+    temporaryPreviewAccount = storage.read();
+  } catch {
+    return void 0;
+  }
+  if (!temporaryPreviewAccount) {
+    return void 0;
+  }
+  if (!temporaryPreviewAccount.account?.id || !temporaryPreviewAccount.account?.apiToken || !temporaryPreviewAccount.account?.name || !temporaryPreviewAccount.claim?.url || !isFutureTimestamp(temporaryPreviewAccount.account?.expiresAt ?? "") || !isFutureTimestamp(temporaryPreviewAccount.claim?.expiresAt ?? "")) {
+    return void 0;
+  }
+  return temporaryPreviewAccount;
+}
+__name(getCachedTemporaryPreviewAccount, "getCachedTemporaryPreviewAccount");
+async function requestPowSolution(logger) {
+  const response = await fetch(getTemporaryPreviewChallengeUrl(), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: "{}"
+  });
+  if (!response.ok) {
+    throw new FatalError(
+      `Failed to request a proof-of-work challenge (${response.status} ${response.statusText}).`,
+      { telemetryMessage: "deploy temporary account challenge failed" }
+    );
+  }
+  let body;
+  try {
+    body = await response.json();
+  } catch {
+    throw new FatalError(
+      `Failed to request a proof-of-work challenge. Received an invalid response (${response.status} ${response.statusText}).`,
+      {
+        telemetryMessage: "deploy temporary account challenge invalid response"
+      }
+    );
+  }
+  const { challengeToken, seed, k, g } = body.result ?? {};
+  if (challengeToken === void 0 || seed === void 0 || k === void 0 || g === void 0) {
+    throw new FatalError(
+      "Failed to request a proof-of-work challenge because the response was missing required fields.",
+      { telemetryMessage: "deploy temporary account challenge incomplete" }
+    );
+  }
+  if (!Number.isInteger(k) || !Number.isInteger(g) || k <= 0 || g <= 0 || k * g > POW_MAX_ITERATIONS || Buffer.from(seed, "base64url").length !== 32) {
+    throw new FatalError(
+      "The proof-of-work challenge is not supported by this version of Wrangler.",
+      {
+        telemetryMessage: "deploy temporary account challenge difficulty unsupported"
+      }
+    );
+  }
+  logger.log("Solving proof-of-work challenge\u2026");
+  return solveChallenge({ challengeToken, seed, k, g });
+}
+__name(requestPowSolution, "requestPowSolution");
+async function createTemporaryPreviewAccount(logger) {
+  const pow = await requestPowSolution(logger);
+  const response = await fetch(getTemporaryPreviewUrl(), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      termsOfService: TEMPORARY_TERMS_URLS.termsOfService,
+      privacyPolicy: TEMPORARY_TERMS_URLS.privacyPolicy,
+      acceptTermsOfService: "yes",
+      challengeToken: pow.challengeToken,
+      solution: pow.solution
+    })
+  });
+  if (!response.ok) {
+    throw new FatalError(
+      `Failed to create a temporary preview account (${response.status} ${response.statusText}).`,
+      { telemetryMessage: "deploy temporary account create failed" }
+    );
+  }
+  let responseBody;
+  try {
+    responseBody = await response.json();
+  } catch {
+    throw new FatalError(
+      `Failed to create a temporary preview account. Received an invalid response (${response.status} ${response.statusText}).`,
+      { telemetryMessage: "deploy temporary account invalid response" }
+    );
+  }
+  const previewAccount = responseBody.result;
+  const accountId = previewAccount?.account?.id;
+  const accountName = previewAccount?.account?.name;
+  const apiToken = previewAccount?.account?.apiToken;
+  const accountExpiresAt = previewAccount?.account?.expiresAt;
+  const claimUrl = previewAccount?.claim?.url;
+  const claimExpiresAt = previewAccount?.claim?.expiresAt;
+  if (accountId === void 0 || accountName === void 0 || apiToken === void 0 || accountExpiresAt === void 0 || claimUrl === void 0 || claimExpiresAt === void 0) {
+    throw new FatalError(
+      "Failed to create a temporary preview account because the response was missing required fields.",
+      { telemetryMessage: "deploy temporary account response incomplete" }
+    );
+  }
+  return {
+    account: {
+      id: accountId,
+      name: accountName,
+      apiToken,
+      expiresAt: accountExpiresAt
+    },
+    claim: {
+      url: claimUrl,
+      expiresAt: claimExpiresAt
+    }
+  };
+}
+__name(createTemporaryPreviewAccount, "createTemporaryPreviewAccount");
+async function getOrCreateTemporaryPreviewAccount(options) {
+  const cachedPreviewAccount = getCachedTemporaryPreviewAccount(
+    options.storage
+  );
+  if (cachedPreviewAccount) {
+    return { account: cachedPreviewAccount, cached: true };
+  }
+  const termsAccepted = await options.prompt(
+    TEMPORARY_TERMS_PROMPT,
+    TEMPORARY_TERMS_NOTICE
+  );
+  if (!termsAccepted) {
+    throw new UserError(TEMPORARY_TERMS_ERROR, {
+      telemetryMessage: "user temporary terms not accepted"
+    });
+  }
+  const temporaryPreviewAccount = await createTemporaryPreviewAccount(
+    options.logger
+  );
+  options.storage.write(temporaryPreviewAccount);
+  return { account: temporaryPreviewAccount, cached: false };
+}
+__name(getOrCreateTemporaryPreviewAccount, "getOrCreateTemporaryPreviewAccount");
 // src/flow.ts
 function createOAuthFlow(ctx) {
@@ -1814,6 +1165,14 @@ function createOAuthFlow(ctx) {
     generateAuthUrl: ctx.generateAuthUrl ?? generateAuthUrl,
     generateRandomState: ctx.generateRandomState ?? generateRandomState
   };
+  const storage = ctx.storage;
+  const getClientId = /* @__PURE__ */ __name(() => typeof ctx.clientId === "function" ? ctx.clientId() : ctx.clientId, "getClientId");
+  const consent = ctx.consent;
+  let temporaryAllowed = false;
+  let activeTemporaryAccount;
+  const redirectUrl = new URL(ctx.redirectUri);
+  const defaultCallbackHost = redirectUrl.hostname;
+  const defaultCallbackPort = Number(redirectUrl.port);
   async function login(props) {
     if (ctx.hasEnvCredentials()) {
       ctx.logger.error(
@@ -1841,28 +1200,25 @@ function createOAuthFlow(ctx) {
       {
         browser: props.browser ?? true,
         scopes: props.scopes,
-        clientId: getClientIdFromEnv(),
-        denied: {
-          url: "https://welcome.developers.workers.dev/wrangler-oauth-consent-denied",
-          error: "Error: Consent denied. You must grant consent to Wrangler in order to login.\nIf you don't want to do this consider passing an API token via the `CLOUDFLARE_API_TOKEN` environment variable"
-        },
-        granted: {
-          url: "https://welcome.developers.workers.dev/wrangler-oauth-consent-granted"
-        },
-        callbackHost: props.callbackHost ?? "localhost",
-        callbackPort: props.callbackPort ?? 8976
+        clientId: getClientId(),
+        redirectUri: ctx.redirectUri,
+        denied: consent.denied,
+        granted: consent.granted,
+        callbackHost: props.callbackHost ?? defaultCallbackHost,
+        callbackPort: props.callbackPort ?? defaultCallbackPort
       },
       oauthFlowState,
       ctx,
       generators
     );
-    writeAuthConfigFile({
+    storage.write({
       oauth_token: oauth.token?.value ?? "",
       expiration_time: oauth.token?.expiry,
       refresh_token: oauth.refreshToken?.value,
       scopes: oauth.scopes
     });
     ctx.logger.log(`Successfully logged in.`);
+    clearTemporaryAccount();
     ctx.purgeOnLoginOrLogout?.();
     return true;
   }
@@ -1871,7 +1227,10 @@ function createOAuthFlow(ctx) {
     if (ctx.hasEnvCredentials()) {
       return false;
     }
-    const { accessToken } = readStoredAuthState({ warningLogger: ctx.logger });
+    const { accessToken } = readStoredAuthState({
+      warningLogger: ctx.logger,
+      storage
+    });
     return Boolean(accessToken && /* @__PURE__ */ new Date() >= new Date(accessToken.expiry));
   }
   __name(isRefreshNeeded, "isRefreshNeeded");
@@ -1886,9 +1245,11 @@ function createOAuthFlow(ctx) {
         scopes
       } = await exchangeRefreshTokenForAccessToken(
         ctx.logger,
-        ctx.isNonInteractiveOrCI
+        ctx.isNonInteractiveOrCI,
+        getClientId(),
+        storage
       );
-      writeAuthConfigFile({
+      storage.write({
         oauth_token,
         expiration_time,
         refresh_token,
@@ -1905,24 +1266,45 @@ function createOAuthFlow(ctx) {
   __name(refreshToken, "refreshToken");
   async function loginOrRefreshIfRequired(props) {
     if (ctx.hasEnvCredentials()) {
-      return true;
+      return { loggedIn: true };
     }
-    const stored = readStoredAuthState({ warningLogger: ctx.logger });
+    const stored = readStoredAuthState({
+      warningLogger: ctx.logger,
+      storage
+    });
     if (!stored.accessToken && !stored.deprecatedApiToken) {
-      return !ctx.isNonInteractiveOrCI() && await login(props);
+      if (ctx.isNonInteractiveOrCI()) {
+        return {
+          loggedIn: false,
+          reason: "no-credentials-non-interactive"
+        };
+      }
+      if (await login(props)) {
+        return { loggedIn: true };
+      }
+      return { loggedIn: false, reason: "no-credentials-login-failed" };
     } else if (isRefreshNeeded()) {
       const didRefresh = await refreshToken();
       if (didRefresh) {
-        return true;
-      } else {
-        return !ctx.isNonInteractiveOrCI() && await login(props);
+        return { loggedIn: true };
       }
+      if (ctx.isNonInteractiveOrCI()) {
+        return {
+          loggedIn: false,
+          reason: "token-expired-non-interactive"
+        };
+      }
+      if (await login(props)) {
+        return { loggedIn: true };
+      }
+      return { loggedIn: false, reason: "token-expired-login-failed" };
     } else {
-      return true;
+      return { loggedIn: true };
     }
   }
   __name(loginOrRefreshIfRequired, "loginOrRefreshIfRequired");
   async function logout() {
+    const clearedTemporary = clearTemporaryAccount();
     if (ctx.hasEnvCredentials()) {
       ctx.logger.log(
         "You are logged in with an API Token. Unset the CLOUDFLARE_API_TOKEN in the environment to log out."
@@ -1930,13 +1312,16 @@ function createOAuthFlow(ctx) {
       return;
     }
     const storedRefreshToken = readStoredAuthState({
-      warningLogger: ctx.logger
+      warningLogger: ctx.logger,
+      storage
     }).refreshToken;
     if (!storedRefreshToken) {
-      ctx.logger.log("Not logged in, exiting...");
+      ctx.logger.log(
+        clearedTemporary ? "Cleared temporary preview account." : "Not logged in, exiting..."
+      );
       return;
     }
-    const body = `client_id=${encodeURIComponent(getClientIdFromEnv())}&token_type_hint=refresh_token&token=${encodeURIComponent(storedRefreshToken.value || "")}`;
+    const body = `client_id=${encodeURIComponent(getClientId())}&token_type_hint=refresh_token&token=${encodeURIComponent(storedRefreshToken.value || "")}`;
     const response = await fetch(getRevokeUrlFromEnv(), {
       method: "POST",
       body,
@@ -1945,13 +1330,13 @@ function createOAuthFlow(ctx) {
       }
     });
     await response.text();
-    rmSync(getAuthConfigFilePath());
+    storage.clear();
     ctx.logger.log(`Successfully logged out.`);
     ctx.purgeOnLoginOrLogout?.();
   }
   __name(logout, "logout");
   async function getOAuthTokenFromLocalState() {
-    let stored = readStoredAuthState({ warningLogger: ctx.logger });
+    let stored = readStoredAuthState({ warningLogger: ctx.logger, storage });
     if (!stored.accessToken) {
       return void 0;
     }
@@ -1961,283 +1346,79 @@ function createOAuthFlow(ctx) {
       if (!didRefresh) {
         return void 0;
       }
-      stored = readStoredAuthState({ warningLogger: ctx.logger });
+      stored = readStoredAuthState({ warningLogger: ctx.logger, storage });
     }
     return stored.accessToken?.value;
   }
   __name(getOAuthTokenFromLocalState, "getOAuthTokenFromLocalState");
+  function getAPITokenInternal() {
+    if (activeTemporaryAccount) {
+      return { apiToken: activeTemporaryAccount.account.apiToken };
+    }
+    return getAPIToken({
+      storage,
+      warningLogger: ctx.logger,
+      allowGlobalAuthKey: ctx.allowGlobalAuthKey
+    });
+  }
+  __name(getAPITokenInternal, "getAPITokenInternal");
+  function requireApiTokenInternal() {
+    if (activeTemporaryAccount) {
+      return { apiToken: activeTemporaryAccount.account.apiToken };
+    }
+    return requireApiToken({
+      storage,
+      warningLogger: ctx.logger,
+      allowGlobalAuthKey: ctx.allowGlobalAuthKey
+    });
+  }
+  __name(requireApiTokenInternal, "requireApiTokenInternal");
+  function setTemporaryAllowed(allowed) {
+    temporaryAllowed = allowed && ctx.temporary !== void 0;
+    activeTemporaryAccount = void 0;
+  }
+  __name(setTemporaryAllowed, "setTemporaryAllowed");
+  function isTemporaryAllowed() {
+    return temporaryAllowed;
+  }
+  __name(isTemporaryAllowed, "isTemporaryAllowed");
+  function getActiveTemporaryAccount() {
+    return activeTemporaryAccount;
+  }
+  __name(getActiveTemporaryAccount, "getActiveTemporaryAccount");
+  async function activateTemporaryAccount() {
+    if (!ctx.temporary) {
+      throw new UserError(
+        "Temporary preview accounts are not supported by this CLI.",
+        { telemetryMessage: "user temporary account unsupported" }
+      );
+    }
+    const result = await getOrCreateTemporaryPreviewAccount({
+      ...ctx.temporary,
+      logger: ctx.logger
+    });
+    activeTemporaryAccount = result.account;
+    return result;
+  }
+  __name(activateTemporaryAccount, "activateTemporaryAccount");
+  function clearTemporaryAccount() {
+    activeTemporaryAccount = void 0;
+    return ctx.temporary?.storage.clear() ?? false;
+  }
+  __name(clearTemporaryAccount, "clearTemporaryAccount");
   return {
     login,
     logout,
     loginOrRefreshIfRequired,
     getOAuthTokenFromLocalState,
-    isRefreshNeeded,
-    refreshToken
+    getAPIToken: getAPITokenInternal,
+    requireApiToken: requireApiTokenInternal,
+    setTemporaryAllowed,
+    isTemporaryAllowed,
+    getActiveTemporaryAccount,
+    activateTemporaryAccount
   };
 }
 __name(createOAuthFlow, "createOAuthFlow");
-/*! Bundled license information:
-smol-toml/dist/error.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-smol-toml/dist/util.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-smol-toml/dist/date.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-smol-toml/dist/primitive.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-smol-toml/dist/extract.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-smol-toml/dist/struct.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-smol-toml/dist/parse.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-smol-toml/dist/stringify.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-smol-toml/dist/index.js:
-  (*!
-   * Copyright (c) Squirrel Chat et al., All rights reserved.
-   * SPDX-License-Identifier: BSD-3-Clause
-   *
-   * Redistribution and use in source and binary forms, with or without
-   * modification, are permitted provided that the following conditions are met:
-   *
-   * 1. Redistributions of source code must retain the above copyright notice, this
-   *    list of conditions and the following disclaimer.
-   * 2. Redistributions in binary form must reproduce the above copyright notice,
-   *    this list of conditions and the following disclaimer in the
-   *    documentation and/or other materials provided with the distribution.
-   * 3. Neither the name of the copyright holder nor the names of its contributors
-   *    may be used to endorse or promote products derived from this software without
-   *    specific prior written permission.
-   *
-   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-   * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-   *)
-*/
-export { ErrorAccessDenied, ErrorAccessTokenResponse, ErrorAuthenticationGrant, ErrorInvalidClient, ErrorInvalidGrant, ErrorInvalidJson, ErrorInvalidRequest, ErrorInvalidReturnedStateParam, ErrorInvalidScope, ErrorInvalidToken, ErrorNoAuthCode, ErrorOAuth2, ErrorServerError, ErrorTemporarilyUnavailable, ErrorUnauthorizedClient, ErrorUnknown, ErrorUnsupportedGrantType, ErrorUnsupportedResponseType, OAUTH_CALLBACK_URL, PKCE_CHARSET, RECOMMENDED_CODE_VERIFIER_LENGTH, RECOMMENDED_STATE_LENGTH, base64urlEncode, clearAccessCaches, createOAuthFlow, domainUsesAccess, generateAuthUrl, generatePKCECodes, generateRandomState, getAccessClientIdFromEnv, getAccessClientSecretFromEnv, getAccessHeaders, getAuthConfigFilePath, getAuthDomainFromEnv, getAuthUrlFromEnv, getCfAuthorizationTokenFromEnv, getClientIdFromEnv, getCloudflareAccessHeaders, getRevokeUrlFromEnv, getTokenUrlFromEnv, readAuthConfigFile, readStoredAuthState, toErrorClass, writeAuthConfigFile };
+export { PKCE_CHARSET, TEMPORARY_TERMS_NOTICE, TEMPORARY_TERMS_PROMPT, clearAccessCaches, createOAuthFlow, domainUsesAccess, generateAuthUrl, generateRandomState, getAccessHeaders, getAuthFromEnv, getAuthUrlFromEnv, getCloudflareAPITokenFromEnv, getCloudflareGlobalAuthEmailFromEnv, getCloudflareGlobalAuthKeyFromEnv, readStoredAuthState };