@djangocfg/api 2.1.227 → 2.1.229

package/dist/auth.mjs

@@ -1,10 +1,6 @@
 "use client";
 var __defProp = Object.defineProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
 
 // src/auth/context/AuthContext.tsx
 import { usePathname as usePathname3 } from "next/navigation";
@@ -12,9 +8,9 @@ import {
   createContext as createContext2,
   useCallback as useCallback12,
   useContext as useContext2,
-  useEffect as useEffect8,
+  useEffect as useEffect9,
   useMemo as useMemo2,
-  useRef as useRef5,
+  useRef as useRef6,
   useState as useState12
 } from "react";
 import { SWRConfig } from "swr";
@@ -123,10 +119,14 @@ function useQueryParams() {
 __name(useQueryParams, "useQueryParams");
 
 // src/auth/hooks/useAuthFormState.ts
-import { useCallback as useCallback2, useState as useState2 } from "react";
-var useAuthFormState = /* @__PURE__ */ __name((initialIdentifier = "", initialChannel = "email") => {
+import { useCallback as useCallback2, useEffect as useEffect2, useRef as useRef2, useState as useState2 } from "react";
+var formatCountdown = /* @__PURE__ */ __name((s) => {
+  if (s <= 0) return "";
+  const m = Math.floor(s / 60);
+  return m > 0 ? `${m}:${String(s % 60).padStart(2, "0")}` : `${s}s`;
+}, "formatCountdown");
+var useAuthFormState = /* @__PURE__ */ __name((initialIdentifier = "") => {
   const [identifier, setIdentifier] = useState2(initialIdentifier);
-  const [channel, setChannel] = useState2(initialChannel);
   const [otp, setOtp] = useState2("");
   const [isLoading, setIsLoading] = useState2(false);
   const [acceptedTerms, setAcceptedTerms] = useState2(true);
@@ -136,11 +136,29 @@ var useAuthFormState = /* @__PURE__ */ __name((initialIdentifier = "", initialCh
   const [shouldPrompt2FA, setShouldPrompt2FA] = useState2(false);
   const [twoFactorCode, setTwoFactorCode] = useState2("");
   const [useBackupCode, setUseBackupCode] = useState2(false);
+  const [rateLimitSeconds, setRateLimitSeconds] = useState2(0);
+  const rateLimitTimerRef = useRef2(null);
+  const startRateLimitCountdown = useCallback2((seconds) => {
+    if (rateLimitTimerRef.current) clearInterval(rateLimitTimerRef.current);
+    setRateLimitSeconds(seconds);
+    rateLimitTimerRef.current = setInterval(() => {
+      setRateLimitSeconds((prev) => {
+        if (prev <= 1) {
+          clearInterval(rateLimitTimerRef.current);
+          rateLimitTimerRef.current = null;
+          return 0;
+        }
+        return prev - 1;
+      });
+    }, 1e3);
+  }, []);
+  useEffect2(() => () => {
+    if (rateLimitTimerRef.current) clearInterval(rateLimitTimerRef.current);
+  }, []);
   const clearError = useCallback2(() => setError(""), []);
   return {
     // State
     identifier,
-    channel,
     otp,
     isLoading,
     acceptedTerms,
@@ -150,9 +168,11 @@ var useAuthFormState = /* @__PURE__ */ __name((initialIdentifier = "", initialCh
     shouldPrompt2FA,
     twoFactorCode,
     useBackupCode,
+    rateLimitSeconds,
+    isRateLimited: rateLimitSeconds > 0,
+    rateLimitLabel: formatCountdown(rateLimitSeconds),
     // Handlers
     setIdentifier,
-    setChannel,
     setOtp,
     setAcceptedTerms,
     setError,
@@ -162,57 +182,24 @@ var useAuthFormState = /* @__PURE__ */ __name((initialIdentifier = "", initialCh
     setTwoFactorSessionId,
     setShouldPrompt2FA,
     setTwoFactorCode,
-    setUseBackupCode
+    setUseBackupCode,
+    startRateLimitCountdown
   };
 }, "useAuthFormState");
 
 // src/auth/hooks/useAuthValidation.ts
 import { useCallback as useCallback3 } from "react";
 var EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-var PHONE_REGEX = /^\+[1-9]\d{6,14}$/;
 var useAuthValidation = /* @__PURE__ */ __name(() => {
-  const detectChannelFromIdentifier2 = useCallback3((id) => {
-    if (!id) return null;
-    if (id.includes("@")) {
-      return "email";
-    }
-    if (id.startsWith("+") && PHONE_REGEX.test(id)) {
-      return "phone";
-    }
-    return null;
+  const validateIdentifier2 = useCallback3((id) => {
+    return EMAIL_REGEX.test(id);
   }, []);
-  const validateIdentifier2 = useCallback3((id, channelType) => {
-    if (!id) return false;
-    const channel = channelType || detectChannelFromIdentifier2(id);
-    if (channel === "email") {
-      return EMAIL_REGEX.test(id);
-    }
-    if (channel === "phone") {
-      return PHONE_REGEX.test(id);
-    }
-    return false;
-  }, [detectChannelFromIdentifier2]);
-  return {
-    detectChannelFromIdentifier: detectChannelFromIdentifier2,
-    validateIdentifier: validateIdentifier2
-  };
+  return { validateIdentifier: validateIdentifier2 };
 }, "useAuthValidation");
-var detectChannelFromIdentifier = /* @__PURE__ */ __name((id) => {
-  if (!id) return null;
-  if (id.includes("@")) return "email";
-  if (id.startsWith("+") && PHONE_REGEX.test(id)) return "phone";
-  return null;
-}, "detectChannelFromIdentifier");
-var validateIdentifier = /* @__PURE__ */ __name((id, channelType) => {
-  if (!id) return false;
-  const channel = channelType || detectChannelFromIdentifier(id);
-  if (channel === "email") return EMAIL_REGEX.test(id);
-  if (channel === "phone") return PHONE_REGEX.test(id);
-  return false;
-}, "validateIdentifier");
+var validateIdentifier = /* @__PURE__ */ __name((id) => EMAIL_REGEX.test(id), "validateIdentifier");
 
 // src/auth/hooks/useAuthForm.ts
-import { useCallback as useCallback5, useEffect as useEffect3, useRef as useRef2 } from "react";
+import { useCallback as useCallback5, useEffect as useEffect4, useRef as useRef3 } from "react";
 
 // src/auth/utils/logger.ts
 import { createConsola } from "consola";
@@ -227,7 +214,7 @@ var authLogger = logger.withTag("auth");
 
 // src/auth/hooks/useAutoAuth.ts
 import { usePathname as usePathname2 } from "next/navigation";
-import { useEffect as useEffect2 } from "react";
+import { useEffect as useEffect3 } from "react";
 var useAutoAuth = /* @__PURE__ */ __name((options = {}) => {
   const { onOTPDetected, cleanupUrl = true, allowedPaths = ["/auth"] } = options;
   const queryParams = useQueryParams();
@@ -236,7 +223,7 @@ var useAutoAuth = /* @__PURE__ */ __name((options = {}) => {
   const isAllowedPath = allowedPaths.some((path) => pathname === path || pathname?.startsWith(path + "/"));
   const hasOTP = !!queryParams.get("otp");
   const isReady = !!pathname && hasOTP && isAllowedPath;
-  useEffect2(() => {
+  useEffect3(() => {
     if (!isReady) return;
     const queryOtp = queryParams.get("otp");
     if (queryOtp && typeof queryOtp === "string" && queryOtp.length === 6) {
@@ -425,7 +412,7 @@ var Accounts = class {
     this.client = client;
   }
   /**
-   * Request OTP code to email or phone.
+   * Request OTP code to email.
    */
   async otpRequestCreate(data) {
     const response = await this.client.request("POST", "/cfg/accounts/otp/request/", { body: data });
@@ -1066,20 +1053,10 @@ var LocalStorageAdapter = class {
 };
 
 // src/_api/generated/cfg_accounts/enums.ts
-var enums_exports = {};
-__export(enums_exports, {
-  OAuthConnectionProvider: () => OAuthConnectionProvider,
-  OTPRequestRequestChannel: () => OTPRequestRequestChannel
-});
 var OAuthConnectionProvider = /* @__PURE__ */ ((OAuthConnectionProvider2) => {
   OAuthConnectionProvider2["GITHUB"] = "github";
   return OAuthConnectionProvider2;
 })(OAuthConnectionProvider || {});
-var OTPRequestRequestChannel = /* @__PURE__ */ ((OTPRequestRequestChannel2) => {
-  OTPRequestRequestChannel2["EMAIL"] = "email";
-  OTPRequestRequestChannel2["PHONE"] = "phone";
-  return OTPRequestRequestChannel2;
-})(OTPRequestRequestChannel || {});
 
 // src/_api/generated/cfg_accounts/_utils/schemas/AccountDeleteResponse.schema.ts
 import { z } from "zod";
@@ -1173,14 +1150,15 @@ var OAuthTokenResponseSchema = z11.object({
 // src/_api/generated/cfg_accounts/_utils/schemas/OTPErrorResponse.schema.ts
 import { z as z12 } from "zod";
 var OTPErrorResponseSchema = z12.object({
-  error: z12.string()
+  error: z12.string(),
+  error_code: z12.string().nullable().optional(),
+  retry_after: z12.number().int().nullable().optional()
 });
 
 // src/_api/generated/cfg_accounts/_utils/schemas/OTPRequestRequest.schema.ts
 import { z as z13 } from "zod";
 var OTPRequestRequestSchema = z13.object({
   identifier: z13.string().min(1),
-  channel: z13.nativeEnum(OTPRequestRequestChannel).optional(),
   source_url: z13.string().optional()
 });
 
@@ -1195,7 +1173,6 @@ import { z as z15 } from "zod";
 var OTPVerifyRequestSchema = z15.object({
   identifier: z15.string().min(1),
   otp: z15.string().min(6).max(6),
-  channel: z15.nativeEnum(OTPRequestRequestChannel).optional(),
   source_url: z15.string().optional()
 });
 
@@ -4315,6 +4292,7 @@ var useTwoFactor = /* @__PURE__ */ __name((options = {}) => {
   const [error, setError] = useState3(null);
   const [warning, setWarning] = useState3(null);
   const [remainingBackupCodes, setRemainingBackupCodes] = useState3(null);
+  const [attemptsRemaining, setAttemptsRemaining] = useState3(null);
   const clearError = useCallback4(() => {
     setError(null);
   }, []);
@@ -4367,8 +4345,11 @@ var useTwoFactor = /* @__PURE__ */ __name((options = {}) => {
       handleSuccess(response);
       return true;
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : "Invalid verification code";
       authLogger.error("2FA TOTP verification error:", err);
+      const errorMessage = err instanceof APIError3 ? err.response?.error || err.response?.detail || err.response?.message || err.errorMessage : err instanceof Error ? err.message : "Invalid verification code";
+      if (err instanceof APIError3 && typeof err.response?.attempts_remaining === "number") {
+        setAttemptsRemaining(err.response.attempts_remaining);
+      }
       setError(errorMessage);
       onError?.(errorMessage);
       Analytics.event("auth_otp_verify_fail" /* AUTH_OTP_VERIFY_FAIL */, {
@@ -4408,8 +4389,11 @@ var useTwoFactor = /* @__PURE__ */ __name((options = {}) => {
       handleSuccess(response);
       return true;
     } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : "Invalid backup code";
       authLogger.error("2FA backup code verification error:", err);
+      const errorMessage = err instanceof APIError3 ? err.response?.error || err.response?.detail || err.response?.message || err.errorMessage : err instanceof Error ? err.message : "Invalid backup code";
+      if (err instanceof APIError3 && typeof err.response?.attempts_remaining === "number") {
+        setAttemptsRemaining(err.response.attempts_remaining);
+      }
       setError(errorMessage);
       onError?.(errorMessage);
       Analytics.event("auth_otp_verify_fail" /* AUTH_OTP_VERIFY_FAIL */, {
@@ -4426,6 +4410,7 @@ var useTwoFactor = /* @__PURE__ */ __name((options = {}) => {
     error,
     warning,
     remainingBackupCodes,
+    attemptsRemaining,
     verifyTOTP,
     verifyBackupCode,
     clearError
@@ -4446,20 +4431,15 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
   } = options;
   const formState = useAuthFormState();
   const validation = useAuthValidation();
-  const isAutoSubmitFromUrlRef = useRef2(false);
+  const isAutoSubmitFromUrlRef = useRef3(false);
   const {
     requestOTP,
     verifyOTP,
     getSavedEmail,
-    saveEmail,
-    clearSavedEmail,
-    getSavedPhone,
-    savePhone,
-    clearSavedPhone
+    saveEmail
   } = useAuth();
   const {
     identifier,
-    channel,
     otp,
     isLoading,
     acceptedTerms,
@@ -4467,7 +4447,6 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     twoFactorCode,
     useBackupCode,
     setIdentifier,
-    setChannel,
     setOtp,
     setStep,
     setError,
@@ -4476,7 +4455,8 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     setTwoFactorSessionId,
     setShouldPrompt2FA,
     setTwoFactorCode,
-    setUseBackupCode
+    setUseBackupCode,
+    startRateLimitCountdown
   } = formState;
   const twoFactor = useTwoFactor({
     onSuccess: /* @__PURE__ */ __name(() => {
@@ -4492,45 +4472,26 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     skipRedirect: true
     // We handle navigation via success step
   });
-  const { detectChannelFromIdentifier: detectChannelFromIdentifier2, validateIdentifier: validateIdentifier2 } = validation;
-  const saveIdentifierToStorage = useCallback5((id, ch) => {
-    if (ch === "email") {
-      saveEmail(id);
-      clearSavedPhone();
-    } else {
-      savePhone(id);
-      clearSavedEmail();
-    }
-  }, [saveEmail, savePhone, clearSavedEmail, clearSavedPhone]);
-  useEffect3(() => {
-    const savedPhone = getSavedPhone();
+  const { validateIdentifier: validateIdentifier2 } = validation;
+  const saveIdentifierToStorage = useCallback5((id) => {
+    saveEmail(id);
+  }, [saveEmail]);
+  useEffect4(() => {
     const savedEmail = getSavedEmail();
-    if (savedPhone) {
-      setIdentifier(savedPhone);
-      setChannel("phone");
-    } else if (savedEmail) {
+    if (savedEmail) {
       setIdentifier(savedEmail);
-      setChannel("email");
     }
-  }, [getSavedEmail, getSavedPhone, setIdentifier, setChannel]);
-  useEffect3(() => {
-    if (identifier) {
-      const detected = detectChannelFromIdentifier2(identifier);
-      if (detected && detected !== channel) {
-        setChannel(detected);
-      }
-    }
-  }, [identifier, channel, detectChannelFromIdentifier2, setChannel]);
+  }, []);
   const handleIdentifierSubmit = useCallback5(async (e) => {
     e.preventDefault();
     if (!identifier) {
-      const msg = channel === "phone" ? "Please enter your phone number" : "Please enter your email address";
+      const msg = "Please enter your email address";
       setError(msg);
       onError?.(msg);
       return;
     }
-    if (!validateIdentifier2(identifier, channel)) {
-      const msg = channel === "phone" ? "Please enter a valid phone number (e.g., +1234567890)" : "Please enter a valid email address";
+    if (!validateIdentifier2(identifier)) {
+      const msg = "Please enter a valid email address";
       setError(msg);
       onError?.(msg);
       return;
@@ -4544,14 +4505,19 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     setIsLoading(true);
     clearError();
     try {
-      const result = await requestOTP(identifier, channel, sourceUrl);
+      const result = await requestOTP(identifier, sourceUrl);
       if (result.success) {
-        saveIdentifierToStorage(identifier, channel);
+        saveIdentifierToStorage(identifier);
         setStep("otp");
-        onIdentifierSuccess?.(identifier, channel);
+        onIdentifierSuccess?.(identifier);
       } else {
-        setError(result.message);
-        onError?.(result.message);
+        if (result.retryAfter) {
+          startRateLimitCountdown(result.retryAfter);
+          clearError();
+        } else {
+          setError(result.message);
+          onError?.(result.message);
+        }
       }
     } catch {
       const msg = "An unexpected error occurred";
@@ -4562,7 +4528,6 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     }
   }, [
     identifier,
-    channel,
     acceptedTerms,
     requireTermsAcceptance,
     validateIdentifier2,
@@ -4572,11 +4537,12 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     setIsLoading,
     setStep,
     clearError,
+    startRateLimitCountdown,
     onIdentifierSuccess,
     onError,
     sourceUrl
   ]);
-  const submitOTP = useCallback5(async (submitIdentifier, submitOtp, submitChannel) => {
+  const submitOTP = useCallback5(async (submitIdentifier, submitOtp) => {
     if (!submitOtp || submitOtp.length < 6) {
       const msg = "Please enter the 6-digit verification code";
       setError(msg);
@@ -4586,17 +4552,17 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     setIsLoading(true);
     clearError();
     try {
-      const result = await verifyOTP(submitIdentifier, submitOtp, submitChannel, sourceUrl, redirectUrl, true);
+      const result = await verifyOTP(submitIdentifier, submitOtp, sourceUrl, redirectUrl, true);
       if (result.requires_2fa && result.session_id) {
         authLogger.info("2FA required after OTP verification");
         setTwoFactorSessionId(result.session_id);
         setShouldPrompt2FA(result.should_prompt_2fa || false);
         setStep("2fa");
-        saveIdentifierToStorage(submitIdentifier, submitChannel);
+        saveIdentifierToStorage(submitIdentifier);
         return true;
       }
       if (result.success) {
-        saveIdentifierToStorage(submitIdentifier, submitChannel);
+        saveIdentifierToStorage(submitIdentifier);
         if (result.should_prompt_2fa && enable2FASetup) {
           authLogger.info("OTP verification successful, prompting 2FA setup");
           setShouldPrompt2FA(true);
@@ -4628,19 +4594,24 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
   }, [verifyOTP, saveIdentifierToStorage, setError, setIsLoading, clearError, onOTPSuccess, onError, sourceUrl, redirectUrl, setTwoFactorSessionId, setShouldPrompt2FA, setStep, enable2FASetup]);
   const handleOTPSubmit = useCallback5(async (e) => {
     e.preventDefault();
-    await submitOTP(identifier, otp, channel);
-  }, [identifier, otp, channel, submitOTP]);
+    await submitOTP(identifier, otp);
+  }, [identifier, otp, submitOTP]);
   const handleResendOTP = useCallback5(async () => {
     setIsLoading(true);
     clearError();
     try {
-      const result = await requestOTP(identifier, channel, sourceUrl);
+      const result = await requestOTP(identifier, sourceUrl);
       if (result.success) {
-        saveIdentifierToStorage(identifier, channel);
+        saveIdentifierToStorage(identifier);
         setOtp("");
       } else {
-        setError(result.message);
-        onError?.(result.message);
+        if (result.retryAfter) {
+          startRateLimitCountdown(result.retryAfter);
+          clearError();
+        } else {
+          setError(result.message);
+          onError?.(result.message);
+        }
       }
     } catch {
       const msg = "Failed to resend verification code";
@@ -4649,7 +4620,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     } finally {
       setIsLoading(false);
     }
-  }, [identifier, channel, requestOTP, saveIdentifierToStorage, setOtp, setError, setIsLoading, clearError, onError, sourceUrl]);
+  }, [identifier, requestOTP, saveIdentifierToStorage, setOtp, setError, setIsLoading, clearError, startRateLimitCountdown, onError, sourceUrl]);
   const handleBackToIdentifier = useCallback5(() => {
     setStep("identifier");
     clearError();
@@ -4688,29 +4659,19 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
       if (isAutoSubmitFromUrlRef.current || isLoading) return;
       isAutoSubmitFromUrlRef.current = true;
       authLogger.info("OTP detected from URL, auto-submitting");
-      const savedPhone = getSavedPhone();
       const savedEmail = getSavedEmail();
-      let autoIdentifier = "";
-      let autoChannel = "email";
-      if (savedPhone) {
-        autoIdentifier = savedPhone;
-        autoChannel = "phone";
-      } else if (savedEmail) {
-        autoIdentifier = savedEmail;
-        autoChannel = "email";
-      }
+      const autoIdentifier = savedEmail || "";
       if (!autoIdentifier) {
         authLogger.warn("No saved identifier found for auto-submit");
         isAutoSubmitFromUrlRef.current = false;
         return;
       }
       setIdentifier(autoIdentifier);
-      setChannel(autoChannel);
       setOtp(detectedOtp);
       setStep("otp");
       setTimeout(async () => {
         try {
-          await submitOTP(autoIdentifier, detectedOtp, autoChannel);
+          await submitOTP(autoIdentifier, detectedOtp);
         } finally {
           isAutoSubmitFromUrlRef.current = false;
         }
@@ -4737,7 +4698,8 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     isAutoSubmittingFromUrl: isAutoSubmitFromUrlRef,
     // 2FA state from hook (for loading indicator)
     is2FALoading: twoFactor.isLoading,
-    twoFactorWarning: twoFactor.warning
+    twoFactorWarning: twoFactor.warning,
+    twoFactorAttemptsRemaining: twoFactor.attemptsRemaining
   };
 }, "useAuthForm");
 
@@ -5221,13 +5183,13 @@ var useAuthRedirectManager = /* @__PURE__ */ __name((options = {}) => {
 }, "useAuthRedirectManager");
 
 // src/auth/hooks/useAuthGuard.ts
-import { useEffect as useEffect4, useState as useState8 } from "react";
+import { useEffect as useEffect5, useState as useState8 } from "react";
 var useAuthGuard = /* @__PURE__ */ __name((options = {}) => {
   const { redirectTo = "/auth", requireAuth = true, saveRedirectUrl: shouldSaveUrl = true } = options;
   const { isAuthenticated, isLoading, saveRedirectUrl } = useAuth();
   const router = useCfgRouter();
   const [isRedirecting, setIsRedirecting] = useState8(false);
-  useEffect4(() => {
+  useEffect5(() => {
     if (!isLoading && requireAuth && !isAuthenticated && !isRedirecting) {
       if (shouldSaveUrl && typeof window !== "undefined") {
         const currentUrl = window.location.pathname + window.location.search;
@@ -5540,7 +5502,7 @@ function getCacheMetadata() {
 __name(getCacheMetadata, "getCacheMetadata");
 
 // src/auth/hooks/useTokenRefresh.ts
-import { useCallback as useCallback9, useEffect as useEffect6, useRef as useRef3 } from "react";
+import { useCallback as useCallback9, useEffect as useEffect7, useRef as useRef4 } from "react";
 
 // src/index.ts
 var isStaticBuild3 = process.env.NEXT_PUBLIC_STATIC_BUILD === "true";
@@ -5581,7 +5543,7 @@ function isTokenExpiringSoon(token, thresholdMs) {
 __name(isTokenExpiringSoon, "isTokenExpiringSoon");
 function useTokenRefresh(options = {}) {
   const { enabled = true, onRefresh, onRefreshError } = options;
-  const isRefreshingRef = useRef3(false);
+  const isRefreshingRef = useRef4(false);
   const refreshToken = useCallback9(async () => {
     if (isRefreshingRef.current) {
       authLogger.debug("Token refresh already in progress");
@@ -5622,13 +5584,13 @@ function useTokenRefresh(options = {}) {
       await refreshToken();
     }
   }, [refreshToken]);
-  useEffect6(() => {
+  useEffect7(() => {
     if (!enabled) return;
     checkAndRefresh();
     const intervalId = setInterval(checkAndRefresh, CHECK_INTERVAL_MS);
     return () => clearInterval(intervalId);
   }, [enabled, checkAndRefresh]);
-  useEffect6(() => {
+  useEffect7(() => {
     if (!enabled) return;
     const handleFocus = /* @__PURE__ */ __name(() => {
       authLogger.debug("Window focused, checking token...");
@@ -5637,7 +5599,7 @@ function useTokenRefresh(options = {}) {
     window.addEventListener("focus", handleFocus);
     return () => window.removeEventListener("focus", handleFocus);
   }, [enabled, checkAndRefresh]);
-  useEffect6(() => {
+  useEffect7(() => {
     if (!enabled) return;
     const handleOnline = /* @__PURE__ */ __name(() => {
       authLogger.info("Network reconnected, checking token...");
@@ -5695,8 +5657,8 @@ import {
   createContext,
   useCallback as useCallback11,
   useContext,
-  useEffect as useEffect7,
-  useRef as useRef4,
+  useEffect as useEffect8,
+  useRef as useRef5,
   useState as useState11
 } from "react";
 import { jsx } from "react/jsx-runtime";
@@ -5708,12 +5670,12 @@ function AccountsProvider({ children }) {
   });
   const [isLoadingProfile, setIsLoadingProfile] = useState11(false);
   const [profileError, setProfileError] = useState11(null);
-  const profileRef = useRef4(profile);
-  const isLoadingRef = useRef4(false);
-  useEffect7(() => {
+  const profileRef = useRef5(profile);
+  const isLoadingRef = useRef5(false);
+  useEffect8(() => {
     profileRef.current = profile;
   }, [profile]);
-  useEffect7(() => {
+  useEffect8(() => {
     isLoadingRef.current = isLoadingProfile;
   }, [isLoadingProfile]);
   const updateMutation = useUpdateAccountsProfileUpdateUpdate();
@@ -5775,7 +5737,11 @@ function AccountsProvider({ children }) {
     }
     if (result.access && result.refresh) {
       api.setToken(result.access, result.refresh);
-      await refreshProfile({ callerId: "verifyOTP", force: true });
+      try {
+        await refreshProfile({ callerId: "verifyOTP", force: true });
+      } catch (profileError2) {
+        authLogger.warn("Profile refresh failed after OTP verify (tokens are saved):", profileError2);
+      }
     }
     return result;
   }, "verifyOTP");
@@ -5826,7 +5792,6 @@ var defaultRoutes = {
 };
 var AuthContext = createContext2(void 0);
 var EMAIL_STORAGE_KEY = "auth_email";
-var PHONE_STORAGE_KEY = "auth_phone";
 var hasValidTokens = /* @__PURE__ */ __name(() => {
   if (typeof window === "undefined") return false;
   return api.isAuthenticated();
@@ -5849,7 +5814,6 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
   const pathname = usePathname3();
   const queryParams = useQueryParams();
   const [storedEmail, setStoredEmail, clearStoredEmail] = useLocalStorage(EMAIL_STORAGE_KEY, null);
-  const [storedPhone, setStoredPhone, clearStoredPhone] = useLocalStorage(PHONE_STORAGE_KEY, null);
   useTokenRefresh({
     enabled: true,
     onRefresh: /* @__PURE__ */ __name((newToken) => {
@@ -5860,13 +5824,13 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
     }, "onRefreshError")
   });
   const user = accounts.profile;
-  const userRef = useRef5(user);
-  const configRef = useRef5(config);
-  const isLoadingProfileRef = useRef5(false);
-  useEffect8(() => {
+  const userRef = useRef6(user);
+  const configRef = useRef6(config);
+  const isLoadingProfileRef = useRef6(false);
+  useEffect9(() => {
     userRef.current = user;
   }, [user]);
-  useEffect8(() => {
+  useEffect9(() => {
     configRef.current = config;
   }, [config]);
   const clearAuthState = useCallback12((caller) => {
@@ -5888,7 +5852,7 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
     }
     return false;
   }, [clearAuthState]);
-  const isAutoLoggingOutRef = useRef5(false);
+  const isAutoLoggingOutRef = useRef6(false);
   const swrOnError = useCallback12((error) => {
     const isAuthError = error?.status === 401 || error?.statusCode === 401 || error?.code === "token_not_valid" || error?.code === "authentication_failed";
     if (isAuthError && !isAutoLoggingOutRef.current) {
@@ -5941,7 +5905,7 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       isLoadingProfileRef.current = false;
     }
   }, [clearAuthState, handleGlobalAuthError, accounts]);
-  useEffect8(() => {
+  useEffect9(() => {
     if (initialized) return;
     const initializeAuth = /* @__PURE__ */ __name(async () => {
       authLogger.info("Initializing auth...");
@@ -5997,7 +5961,7 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
     }, "initializeAuth");
     initializeAuth();
   }, [initialized]);
-  useEffect8(() => {
+  useEffect9(() => {
     if (!initialized) return;
     const isAuthenticated = api.isAuthenticated();
     const authRoute = config?.routes?.auth || defaultRoutes.auth;
@@ -6039,25 +6003,33 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
     }
   }, [loadCurrentProfile, clearAuthState, pushToDefaultCallbackUrl, pushToDefaultAuthCallbackUrl, handleGlobalAuthError]);
   const requestOTP = useCallback12(
-    async (identifier, channel, sourceUrl) => {
+    async (identifier, sourceUrl) => {
       api.clearTokens();
       try {
-        const channelValue = channel === "phone" ? enums_exports.OTPRequestRequestChannel.PHONE : enums_exports.OTPRequestRequestChannel.EMAIL;
         const result = await accounts.requestOTP({
           identifier,
-          channel: channelValue
+          source_url: sourceUrl
         });
-        const channelName = channel === "phone" ? "phone number" : "email address";
         Analytics.event("auth_otp_request" /* AUTH_OTP_REQUEST */, {
           category: "auth" /* AUTH */,
-          label: channel || "email"
+          label: "email"
         });
         return {
           success: true,
-          message: result.message || `OTP code sent to your ${channelName}`
+          message: result.message || `OTP code sent to your email address`
         };
       } catch (error) {
         authLogger.error("Request OTP error:", error);
+        if (error instanceof APIError) {
+          const retryAfter = error.response?.retry_after ?? error.response?.retryAfter;
+          const message = error.response?.error || error.response?.detail || error.response?.message || error.errorMessage;
+          return {
+            success: false,
+            statusCode: error.statusCode,
+            message,
+            retryAfter: typeof retryAfter === "number" ? retryAfter : void 0
+          };
+        }
         return {
           success: false,
           message: "Failed to send OTP"
@@ -6067,13 +6039,12 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
     [accounts]
   );
   const verifyOTP = useCallback12(
-    async (identifier, otpCode, channel, sourceUrl, redirectUrl, skipRedirect) => {
+    async (identifier, otpCode, sourceUrl, redirectUrl, skipRedirect) => {
       try {
-        const channelValue = channel === "phone" ? enums_exports.OTPRequestRequestChannel.PHONE : enums_exports.OTPRequestRequestChannel.EMAIL;
         const result = await accounts.verifyOTP({
           identifier,
           otp: otpCode,
-          channel: channelValue
+          source_url: sourceUrl
         });
         if (result.requires_2fa && result.session_id) {
           authLogger.info("2FA required, session:", result.session_id);
@@ -6092,17 +6063,13 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
             message: "Invalid OTP verification response"
           };
         }
-        if (channel === "phone") {
-          setStoredPhone(identifier);
-          clearStoredEmail();
-        } else if (identifier.includes("@")) {
+        if (identifier.includes("@")) {
           setStoredEmail(identifier);
-          clearStoredPhone();
         }
         await new Promise((resolve) => setTimeout(resolve, 200));
         Analytics.event("auth_login_success" /* AUTH_LOGIN_SUCCESS */, {
           category: "auth" /* AUTH */,
-          label: channel || "email"
+          label: "email"
         });
         if (result.user?.id) {
           Analytics.setUser(String(result.user.id));
@@ -6123,15 +6090,19 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
         authLogger.error("Verify OTP error:", error);
         Analytics.event("auth_otp_verify_fail" /* AUTH_OTP_VERIFY_FAIL */, {
           category: "auth" /* AUTH */,
-          label: channel || "email"
+          label: "email"
         });
+        if (error instanceof APIError) {
+          const message = error.response?.error || error.response?.detail || error.response?.message || error.errorMessage;
+          return { success: false, message };
+        }
         return {
           success: false,
           message: "Failed to verify OTP"
         };
       }
     },
-    [setStoredEmail, setStoredPhone, clearStoredEmail, clearStoredPhone, config?.routes?.defaultCallback, accounts, router]
+    [setStoredEmail, config?.routes?.defaultCallback, accounts, router]
   );
   const refreshToken = useCallback12(async () => {
     try {
@@ -6207,9 +6178,6 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       getSavedEmail: /* @__PURE__ */ __name(() => storedEmail, "getSavedEmail"),
       saveEmail: setStoredEmail,
       clearSavedEmail: clearStoredEmail,
-      getSavedPhone: /* @__PURE__ */ __name(() => storedPhone, "getSavedPhone"),
-      savePhone: setStoredPhone,
-      clearSavedPhone: clearStoredPhone,
       requestOTP,
       verifyOTP,
       refreshToken,
@@ -6232,9 +6200,6 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       storedEmail,
       setStoredEmail,
       clearStoredEmail,
-      storedPhone,
-      setStoredPhone,
-      clearStoredPhone,
       requestOTP,
       verifyOTP,
       refreshToken,
@@ -6268,12 +6233,6 @@ var defaultAuthState = {
   }, "saveEmail"),
   clearSavedEmail: /* @__PURE__ */ __name(() => {
   }, "clearSavedEmail"),
-  getSavedPhone: /* @__PURE__ */ __name(() => null, "getSavedPhone"),
-  savePhone: /* @__PURE__ */ __name(() => {
-    authLogger.warn("useAuth: savePhone called outside AuthProvider");
-  }, "savePhone"),
-  clearSavedPhone: /* @__PURE__ */ __name(() => {
-  }, "clearSavedPhone"),
   requestOTP: /* @__PURE__ */ __name(async () => {
     authLogger.warn("useAuth: requestOTP called outside AuthProvider");
     return { success: false, message: "AuthProvider not available" };
@@ -6347,7 +6306,6 @@ export {
   authLogger,
   clearProfileCache,
   decodeBase64,
-  detectChannelFromIdentifier,
   encodeBase64,
   formatAuthError,
   getCacheMetadata,