@passflow/core 0.0.1

package/dist/index.mjs

@@ -0,0 +1,2149 @@
+import T from "axios";
+import { v4 as R } from "uuid";
+import { startRegistration as _, startAuthentication as U } from "@simplewebauthn/browser";
+const P = "X-Passflow-Clientid", m = "Authorization", D = "X-Passflow-DeviceId", x = "X-Passflow-DeviceType", F = ["id", "offline", "tenant", "email", "oidc", "openid", "access:tenant:all"], A = "https://auth.passflow.cloud", re = "default", M = (i) => {
+  const e = [];
+  let t;
+  for (t in i) {
+    const s = i[t];
+    if (s === void 0)
+      continue;
+    const r = { tenant: { id: s.tenant_id, name: s.tenant_name } };
+    r.groups = s.groups ? Object.keys(s.groups).map((o) => {
+      const n = s.groups[o] || [];
+      return { group: { id: o, name: s.group_names?.[o] ?? "unknown" }, roles: n };
+    }) : [], r.tenantRoles = r.groups?.find((o) => o.group.id === s.root_group_id), e.push(r);
+  }
+  return { raw: i, tenants: e };
+};
+class G {
+  constructor() {
+    this.storageManager = new b();
+  }
+  /**
+   * Checks if a token is not exists or expired.
+   *
+   * @param {TokenType} ttype - The token type to check.
+   * @returns {boolean} Returns true if the token is expired or not exists, false otherwise.
+   */
+  isTokenTypeExpired(e) {
+    const t = this.storageManager.getToken(e);
+    if (!t) return !0;
+    const s = d(t);
+    return s ? f(s) : !0;
+  }
+  /**
+   * Parse token from storage by type.
+   * Please be aware that this method does not check if the token signature and if the token is valid.
+   *
+   * @param {TokenType} tokenType - The token type to check.
+   * @returns {Token | undefined} Returns token with parsed user membership or undefined.
+   */
+  parseTokenType(e) {
+    const t = this.storageManager.getToken(e);
+    if (t)
+      return d(t);
+  }
+}
+function f(i) {
+  return Math.floor(Date.now() / 1e3) > i.exp;
+}
+function d(i) {
+  const e = i.split(".")[1];
+  if (!e) throw new Error("Invalid token string");
+  const t = e.replace(/-/g, "+").replace(/_/g, "/"), s = decodeURIComponent(
+    window.atob(t).split("").map((o) => "%" + ("00" + o.charCodeAt(0).toString(16)).slice(-2)).join("")
+  ), r = JSON.parse(s);
+  return r.membership = r.passflow_tm && r.type !== "invite" ? M(r.passflow_tm) : void 0, r;
+}
+var g = /* @__PURE__ */ ((i) => (i.id_token = "id_token", i.access_token = "access", i.refresh_token = "refresh", i.invite_token = "invite", i.reset_token = "reset", i.web_cookie = "web-cookie", i.management = "management", i.signin = "signin", i.actor = "actor", i))(g || {});
+class b {
+  constructor({ storage: e, prefix: t } = {}) {
+    this.keyStoragePrefix = "", this.scopes = `${this.keyStoragePrefix}tokens_scopes`, this.deviceId = `${this.keyStoragePrefix}passflowDeviceId`, this.invitationToken = `${this.keyStoragePrefix}passflowInvitationToken`, this.previousRedirectUrl = `${this.keyStoragePrefix}passflowPreviousRedirectUrl`, this.storage = e ?? localStorage, this.keyStoragePrefix = t ? `${t}_` : "";
+  }
+  saveTokens(e) {
+    const { id_token: t, access_token: s, refresh_token: r, scopes: o } = e;
+    t && this.storage.setItem(this.getKeyForTokenType(g.id_token), t), s && this.storage.setItem(this.getKeyForTokenType(g.access_token), s), r && this.storage.setItem(this.getKeyForTokenType(g.refresh_token), r), o && this.storage.setItem(this.scopes, o.join(","));
+  }
+  getToken(e) {
+    const t = this.getKeyForTokenType(e);
+    return this.storage.getItem(t) ?? void 0;
+  }
+  getTokens() {
+    const e = this.storage.getItem(this.getKeyForTokenType(g.access_token));
+    if (e)
+      return {
+        access_token: e,
+        id_token: this.storage.getItem(this.getKeyForTokenType(g.id_token)) ?? void 0,
+        refresh_token: this.storage.getItem(this.getKeyForTokenType(g.refresh_token)) ?? void 0,
+        scopes: this.storage.getItem(this.scopes)?.split(",") ?? void 0
+      };
+  }
+  getScopes() {
+    return this.storage.getItem(this.scopes)?.split(",") ?? void 0;
+  }
+  deleteToken(e) {
+    const t = this.getKeyForTokenType(e);
+    this.storage.removeItem(t);
+  }
+  deleteTokens() {
+    this.storage.removeItem(this.getKeyForTokenType(g.id_token)), this.storage.removeItem(this.getKeyForTokenType(g.access_token)), this.storage.removeItem(this.getKeyForTokenType(g.refresh_token)), this.storage.removeItem(this.scopes);
+  }
+  getDeviceId() {
+    return this.storage.getItem(this.deviceId) ?? void 0;
+  }
+  setDeviceId(e) {
+    this.storage.setItem(this.deviceId, e);
+  }
+  deleteDeviceId() {
+    this.storage.removeItem(this.deviceId);
+  }
+  setInvitationToken(e) {
+    this.storage.setItem(this.invitationToken, e);
+  }
+  getInvitationToken() {
+    return this.storage.getItem(this.invitationToken) ?? void 0;
+  }
+  deleteInvitationToken() {
+    this.storage.removeItem(this.invitationToken);
+  }
+  setPreviousRedirectUrl(e) {
+    this.storage.setItem(this.previousRedirectUrl, e);
+  }
+  getPreviousRedirectUrl() {
+    return this.storage.getItem(this.previousRedirectUrl) ?? void 0;
+  }
+  deletePreviousRedirectUrl() {
+    this.storage.removeItem(this.previousRedirectUrl);
+  }
+  getKeyForTokenType(e) {
+    return `${this.keyStoragePrefix}${e}`;
+  }
+}
+class $ {
+  constructor() {
+    this.storageManager = new b();
+  }
+  getDeviceId() {
+    const e = this.storageManager.getDeviceId();
+    if (!e) {
+      const t = this.generateUniqueDeviceId();
+      return this.storageManager.setDeviceId(t), t;
+    }
+    return e;
+  }
+  generateUniqueDeviceId() {
+    return R();
+  }
+}
+var S = /* @__PURE__ */ ((i) => (i.GET = "get", i.POST = "post", i.PUT = "put", i.PATCH = "patch", i.DELETE = "delete", i))(S || {}), c = /* @__PURE__ */ ((i) => (i.signin = "/auth/login", i.signup = "/auth/register", i.signInWithProvider = "/auth/federated/start/", i.passwordless = "/auth/passwordless/start", i.passwordlessComplete = "/auth/passwordless/complete", i.logout = "/user/logout", i.refresh = "/auth/refresh", i.sendPasswordResetEmail = "/auth/password/reset", i.resetPassword = "/auth/password/change", i.appSettings = "/app/settings", i.passkeyRegisterStart = "/auth/passkey/register/start", i.passkeyRegisterComplete = "/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/auth/passkey/authenticate/complete", i.passkeyValidate = "/auth/validate", i.settingsAll = "/settings", i.settingsPasswordPolicy = "/settings/password", i.settingsPasskey = "/settings/passkey", i.userPasskey = "/user/passkey", i.addUserPasskey = "/user/passkey/add/start", i.completeAddUserPasskey = "/user/passkey/add/complete", i.joinInvitation = "/user/tenant/join", i.tenantPath = "/user/tenant", i.invitationsPath = "/user/tenant/:tenantID/invitations", i.requestInvitation = "/user/invite", i.invitationDelete = "/user/invite/:invitationID", i.invitationResend = "/user/invite/:invitationID/resend", i.invitationGetLink = "/user/invite/:invitationID/link", i))(c || {}), y = /* @__PURE__ */ ((i) => (i.passkeyRegisterStart = "/admin/auth/passkey/register/start", i.passkeyRegisterComplete = "/admin/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/admin/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/admin/auth/passkey/authenticate/complete", i.passkeyValidate = "/admin/auth/validate", i.logout = "/admin/auth/logout", i))(y || {});
+class u extends Error {
+  constructor(e) {
+    super(), this.id = e?.id ?? "unknown", this.message = e?.message ?? e ?? "Something went wrong", this.status = e?.status ?? 500, this.location = e?.location ?? "unknown", this.time = e?.time ?? (/* @__PURE__ */ new Date()).toISOString();
+  }
+}
+var L = /* @__PURE__ */ ((i) => (i.google = "google", i.facebook = "facebook", i))(L || {}), w = /* @__PURE__ */ ((i) => (i.web = "web", i))(w || {});
+function C(i, e) {
+  let t = i;
+  return Object.entries(e).forEach(([s, r]) => {
+    t = t.replace(`:${s}`, r);
+  }), t;
+}
+class I {
+  constructor(e) {
+    this.refreshPromise = null, this.origin = window.location.origin, this.defaultHeaders = {
+      Accept: "application/json",
+      "Content-Type": "application/json"
+    }, this.nonAccessTokenEndpoints = ["/auth/", "/settings", "/settings/"], this.protectedEndpoints = ["logout", "refresh"];
+    const { url: t, appId: s, keyStoragePrefix: r } = e;
+    this.url = t || A, this.storageManager = new b({
+      prefix: r ?? ""
+    }), this.deviceService = new $(), this.tokenService = new G(), s && (this.appId = s, this.defaultHeaders = {
+      ...this.defaultHeaders,
+      [P]: s
+    });
+    const o = this.deviceService.getDeviceId();
+    this.defaultHeaders = {
+      ...this.defaultHeaders,
+      [D]: o,
+      [x]: "web"
+    }, this.instance = T.create({
+      baseURL: this.url,
+      headers: { ...this.defaultHeaders }
+    }), this.instance.interceptors.request.use(async (n) => {
+      if (this.isNonAuthEndpoint(n.url))
+        return n;
+      if (n.url?.includes("refresh")) {
+        if (this.refreshPromise) {
+          const p = new AbortController();
+          return p.abort(), n.signal = p.signal, n;
+        }
+        return n;
+      }
+      const h = this.storageManager.getTokens(), l = this.storageManager.getScopes();
+      if (h?.access_token) {
+        const p = d(h.access_token);
+        if (f(p) && h.refresh_token)
+          try {
+            if (this.refreshPromise) {
+              const E = await this.refreshPromise;
+              return E.data && (n.headers[m] = `Bearer ${E.data.access_token}`), n;
+            }
+            const v = {
+              refresh_token: h.refresh_token,
+              scopes: l
+            };
+            this.refreshPromise = this.instance.post(c.refresh, v, {
+              headers: {
+                [m]: `Bearer ${h.refresh_token}`
+              }
+            });
+            const k = await this.refreshPromise;
+            return k.data && (this.storageManager.saveTokens(k.data), n.headers[m] = `Bearer ${k.data.access_token}`), n;
+          } catch (v) {
+            return this.refreshPromise = null, Promise.reject(v);
+          } finally {
+            this.refreshPromise = null;
+          }
+        return n.headers[m] = `Bearer ${h.access_token}`, n;
+      }
+      return n;
+    }), this.instance.interceptors.response.use(
+      (n) => n,
+      (n) => this.handleAxiosError(n)
+    );
+  }
+  isProtectedEndpoint(e) {
+    return this.protectedEndpoints.some((t) => e?.includes(t));
+  }
+  isNonAuthEndpoint(e) {
+    return this.nonAccessTokenEndpoints.some((t) => e?.includes(t)) && !this.isProtectedEndpoint(e);
+  }
+  // eslint-disable-next-line complexity
+  // biome-ignore lint/suspicious/useAwait: <explanation>
+  async handleAxiosError(e) {
+    if (!e.response)
+      return Promise.reject(e);
+    const t = e.response.status, s = e.response.data;
+    if ("error" in s && typeof s.error == "object" && s.error !== null) {
+      const { error: r } = s;
+      return Promise.reject(new u(r));
+    }
+    return Promise.reject(
+      new u({
+        id: `error.http.${t}`,
+        message: e.message || "An error occurred",
+        status: t,
+        location: e.config?.url || "unknown",
+        time: (/* @__PURE__ */ new Date()).toISOString()
+      })
+    );
+  }
+  async send(e, t, s) {
+    return (await this.instance.request({
+      method: e,
+      url: t,
+      ...s
+    })).data;
+  }
+  get(e, t) {
+    return this.send(S.GET, e, t);
+  }
+  post(e, t, s) {
+    return this.send(S.POST, e, { data: t, ...s });
+  }
+  put(e, t, s) {
+    return this.send(S.PUT, e, { data: t, ...s });
+  }
+  patch(e, t, s) {
+    return this.send(S.PATCH, e, { data: t, ...s });
+  }
+  delete(e, t) {
+    return this.send(S.DELETE, e, t);
+  }
+}
+class O {
+  constructor(e) {
+    this.storageManager = new b(), this.axiosClient = new I(e);
+  }
+  refreshToken(e, t, s) {
+    const r = {
+      access: s,
+      scopes: t
+    };
+    return this.axiosClient.post(c.refresh, r, {
+      headers: {
+        [m]: `Bearer ${e}`
+      }
+    });
+  }
+  signIn(e, t, s) {
+    const r = {
+      ...e,
+      device: t,
+      os: s
+    };
+    return this.axiosClient.post(
+      c.signin,
+      r
+    );
+  }
+  signUp(e) {
+    const { create_tenant: t, anonymous: s } = e, r = {
+      ...e,
+      create_tenant: t ?? !1,
+      anonymous: s ?? !1
+    };
+    return this.axiosClient.post(
+      c.signup,
+      r
+    );
+  }
+  passwordlessSignIn(e, t, s) {
+    const { create_tenant: r } = e, o = {
+      ...e,
+      create_tenant: r ?? !1,
+      device: t,
+      os: s
+    };
+    return this.axiosClient.post(
+      c.passwordless,
+      o
+    );
+  }
+  passwordlessSignInComplete(e) {
+    return this.axiosClient.post(
+      c.passwordlessComplete,
+      e
+    );
+  }
+  logOut(e, t, s = !1) {
+    const r = s ? void 0 : { refresh_token: t, device: e }, o = s ? y.logout : c.logout;
+    return this.axiosClient.post(o, r);
+  }
+  sendPasswordResetEmail(e) {
+    return this.axiosClient.post(
+      c.sendPasswordResetEmail,
+      e
+    );
+  }
+  resetPassword(e, t, s) {
+    const r = {
+      password: e,
+      scopes: t
+    };
+    return this.axiosClient.post(c.resetPassword, r, {
+      headers: {
+        [m]: `Bearer ${s}`,
+        [P]: void 0
+      }
+    });
+  }
+  passkeyRegisterStart(e, t, s, r = !1) {
+    const { create_tenant: o } = e, n = {
+      ...e,
+      create_tenant: o ?? !1,
+      device: t,
+      os: s
+    }, h = r ? y.passkeyRegisterStart : c.passkeyRegisterStart;
+    return this.axiosClient.post(h, n);
+  }
+  passkeyRegisterComplete(e, t, s, r = !1) {
+    const o = {
+      challenge_id: s,
+      device: t,
+      passkey_data: e
+    }, n = r ? y.passkeyRegisterComplete : c.passkeyRegisterComplete;
+    return this.axiosClient.post(n, o);
+  }
+  passkeyAuthenticateStart(e, t, s, r = !1) {
+    const o = {
+      ...e,
+      user_id: e.user_id ?? "",
+      device: t,
+      os: s
+    }, n = r ? y.passkeyAuthenticateStart : c.passkeyAuthenticateStart;
+    return this.axiosClient.post(
+      n,
+      o
+    );
+  }
+  passkeyAuthenticateComplete(e, t, s, r = !1) {
+    const o = {
+      challenge_id: s,
+      device: t,
+      passkey_data: e
+    }, n = r ? y.passkeyAuthenticateComplete : c.passkeyAuthenticateComplete;
+    return this.axiosClient.post(n, o);
+  }
+  passkeyValidate(e, t, s, r = !1, o) {
+    const n = {
+      otp: e,
+      device: t,
+      challenge_id: s
+    };
+    let h = c.passkeyValidate;
+    !o && r && (h = y.passkeyValidate);
+    const l = o ? { [P]: o } : {};
+    return this.axiosClient.post(h, n, { headers: l });
+  }
+}
+class j {
+  constructor(e) {
+    this.axiosClient = new I(e);
+  }
+  getAppSettings() {
+    return this.axiosClient.get(c.appSettings);
+  }
+}
+class K {
+  constructor(e) {
+    this.axiosClient = new I(e);
+  }
+  getSettingsAll() {
+    return this.axiosClient.get(c.settingsAll);
+  }
+  getPasswordPolicySettings() {
+    return this.axiosClient.get(c.settingsPasswordPolicy);
+  }
+  getPasskeySettings() {
+    return this.axiosClient.get(c.settingsPasskey);
+  }
+}
+class N {
+  constructor(e) {
+    this.axiosClient = new I(e);
+  }
+  getUserPasskeys() {
+    return this.axiosClient.get(c.userPasskey);
+  }
+  renameUserPasskey(e, t) {
+    return this.axiosClient.patch(
+      `${c.userPasskey}/${t}`,
+      {
+        name: e
+      }
+    );
+  }
+  deleteUserPasskey(e) {
+    return this.axiosClient.delete(`${c.userPasskey}/${e}`);
+  }
+  addUserPasskeyStart({
+    relyingPartyId: e,
+    deviceId: t,
+    os: s,
+    passkeyDisplayName: r,
+    passkeyUsername: o
+  }) {
+    const n = {
+      passkey_display_name: r,
+      passkey_username: o,
+      relying_party_id: e,
+      deviceId: t,
+      os: s
+    };
+    return this.axiosClient.post(c.addUserPasskey, n);
+  }
+  addUserPasskeyComplete(e, t, s) {
+    return this.axiosClient.post(c.completeAddUserPasskey, {
+      challenge_id: s,
+      device: t,
+      passkey_data: e
+    });
+  }
+}
+class B {
+  constructor(e) {
+    this.axiosClient = new I(e);
+  }
+  joinInvitation(e, t) {
+    const s = {
+      invite_token: e,
+      scopes: t
+    };
+    return this.axiosClient.post(
+      c.joinInvitation,
+      s
+    );
+  }
+  createTenant(e) {
+    const t = {
+      name: e
+    };
+    return this.axiosClient.post(
+      c.tenantPath,
+      t
+    );
+  }
+  // 1. Tenant Management
+  /**
+   * Get tenant details
+   * @param tenantId Tenant ID
+   */
+  getTenantDetails(e) {
+    const t = `${c.tenantPath}/${e}`;
+    return this.axiosClient.get(t);
+  }
+  /**
+   * Update tenant name
+   * @param tenantId Tenant ID
+   * @param name New tenant name
+   */
+  updateTenant(e, t) {
+    const s = `${c.tenantPath}/${e}`, r = { name: t };
+    return this.axiosClient.put(s, r);
+  }
+  /**
+   * Delete a tenant
+   * @param tenantId Tenant ID
+   */
+  deleteTenant(e) {
+    const t = `${c.tenantPath}/${e}`;
+    return this.axiosClient.delete(t);
+  }
+  /**
+   * Get user's tenant memberships
+   */
+  getUserTenantMembership() {
+    return this.axiosClient.get(c.tenantPath);
+  }
+  // 2. Group Management
+  /**
+   * Create a group in a tenant
+   * @param tenantId Tenant ID
+   * @param name Group name
+   */
+  createGroup(e, t) {
+    const s = `${c.tenantPath}/${e}/group`, r = { name: t };
+    return this.axiosClient.post(s, r);
+  }
+  /**
+   * Get group information
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   */
+  getGroupInfo(e, t) {
+    const s = `${c.tenantPath}/${e}/group/${t}`;
+    return this.axiosClient.get(s);
+  }
+  /**
+   * Update a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param name New group name
+   */
+  updateGroup(e, t, s) {
+    const r = `${c.tenantPath}/${e}/group/${t}`, o = { name: s };
+    return this.axiosClient.put(r, o);
+  }
+  /**
+   * Delete a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   */
+  deleteGroup(e, t) {
+    const s = `${c.tenantPath}/${e}/group/${t}`;
+    return this.axiosClient.delete(s);
+  }
+  /**
+   * Add a user to a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param userId User ID
+   * @param role Role to assign
+   */
+  addUserToGroup(e, t, s, r) {
+    const o = `${c.tenantPath}/${e}/group/${t}/add`, n = { user_id: s, role: r };
+    return this.axiosClient.post(o, n);
+  }
+  /**
+   * Remove user roles from a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param userId User ID
+   * @param roles Roles to remove
+   */
+  removeUserRolesFromGroup(e, t, s, r) {
+    const o = `${c.tenantPath}/${e}/group/${t}/remove_roles`, n = { user_id: s, roles: r };
+    return this.axiosClient.post(o, n);
+  }
+  /**
+   * Change user roles in a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param userId User ID
+   * @param roles New roles to assign
+   */
+  changeUserRoles(e, t, s, r) {
+    const o = `${c.tenantPath}/${e}/group/${t}/change`, n = { user_id: s, roles: r };
+    return this.axiosClient.post(o, n);
+  }
+  /**
+   * Delete a user from a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param userId User ID
+   */
+  deleteUserFromGroup(e, t, s) {
+    const r = `${c.tenantPath}/${e}/group/${t}/${s}`;
+    return this.axiosClient.delete(r);
+  }
+  // 3. Role Management
+  /**
+   * Get roles for a tenant
+   * @param tenantId Tenant ID
+   */
+  getRolesForTenant(e) {
+    const t = `${c.tenantPath}/${e}/role`;
+    return this.axiosClient.get(t);
+  }
+  /**
+   * Create a role for a tenant
+   * @param tenantId Tenant ID
+   * @param name Role name
+   */
+  createRoleForTenant(e, t) {
+    const s = `${c.tenantPath}/${e}/role`, r = { name: t };
+    return this.axiosClient.post(s, r);
+  }
+  /**
+   * Update a role
+   * @param tenantId Tenant ID
+   * @param roleId Role ID
+   * @param name New role name
+   */
+  updateRole(e, t, s) {
+    const r = `${c.tenantPath}/${e}/role/${t}`, o = { name: s };
+    return this.axiosClient.put(r, o);
+  }
+  /**
+   * Delete a role
+   * @param tenantId Tenant ID
+   * @param roleId Role ID
+   */
+  deleteRole(e, t) {
+    const s = `${c.tenantPath}/${e}/role/${t}`;
+    return this.axiosClient.delete(s);
+  }
+  // 4. User Management in Tenants
+  /**
+   * Delete a user from a tenant
+   * @param tenantId Tenant ID
+   * @param userId User ID
+   */
+  deleteUserFromTenant(e, t) {
+    const s = `${c.tenantPath}/${e}/user/${t}`;
+    return this.axiosClient.delete(s);
+  }
+  // 5. Invitation Management
+  /**
+   * Get invitations to a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param limit Maximum number of invitations to return
+   * @param skip Number of invitations to skip
+   */
+  getGroupInvitations(e, t, s, r) {
+    const o = `${c.tenantPath}/${e}/group/${t}/invitations`;
+    return this.axiosClient.get(o, {
+      params: { limit: s, skip: r }
+    });
+  }
+  /**
+   * Get invitations to a tenant
+   * @param tenantId Tenant ID
+   * @param limit Maximum number of invitations to return
+   * @param skip Number of invitations to skip
+   */
+  getTenantInvitations(e, t, s) {
+    const r = `${c.tenantPath}/${e}/invitations`;
+    return this.axiosClient.get(r, {
+      params: { limit: t, skip: s }
+    });
+  }
+  /**
+   * Invalidate an invitation by ID
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param inviteId Invitation ID
+   */
+  invalidateInviteById(e, t, s) {
+    const r = `${c.tenantPath}/${e}/group/${t}/invite/${s}`;
+    return this.axiosClient.delete(r);
+  }
+  /**
+   * Invalidate an invitation by email
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param email Email address
+   */
+  invalidateInviteByEmail(e, t, s) {
+    const r = `${c.tenantPath}/${e}/group/${t}/invite/email/${s}`;
+    return this.axiosClient.delete(r);
+  }
+}
+class W {
+  constructor(e) {
+    this.axiosClient = new I(e);
+  }
+  /**
+   * Requests an invitation link that can be used to invite users
+   * @param payload Request invitation payload
+   * @returns Promise with invitation link and token
+   */
+  requestInviteLink(e) {
+    return this.axiosClient.post(
+      c.requestInvitation,
+      e
+    );
+  }
+  /**
+   * Gets a list of active invitations
+   * @param options Optional parameters for filtering and pagination
+   * @returns Promise with paginated list of invitations
+   */
+  getInvitations(e) {
+    const t = {};
+    e.groupID && (t.group_id = e.groupID.toString()), e.skip !== void 0 && (t.skip = e.skip.toString()), e.limit !== void 0 && (t.limit = e.limit.toString());
+    const s = C(c.invitationsPath, {
+      tenantID: e.tenantID
+    });
+    return this.axiosClient.get(s, { params: t }).then((r) => ({
+      invites: r.invites,
+      nextPageSkip: r.next_page_skip
+    }));
+  }
+  /**
+   * Deletes an invitation by token
+   * @param invitationID The invitation ID to delete
+   * @returns Promise with success response
+   */
+  deleteInvitation(e) {
+    const t = C(c.invitationDelete, {
+      invitationID: e
+    });
+    return this.axiosClient.delete(t);
+  }
+  /**
+   * Resend an invitation by token
+   * @param invitationID The invitation ID to resend
+   * @returns Promise with success response
+   */
+  resendInvitation(e) {
+    const t = C(c.invitationResend, {
+      invitationID: e
+    });
+    return this.axiosClient.post(t, {});
+  }
+  /**
+   * Get a link to an invitation by id
+   * @param invitationID The invitation ID to get link
+   * @returns Promise with the link
+   */
+  getInvitationLink(e) {
+    const t = C(c.invitationGetLink, {
+      invitationID: e
+    });
+    return this.axiosClient.get(t);
+  }
+}
+var a = /* @__PURE__ */ ((i) => (i.SignIn = "signin", i.SignInStart = "signin:start", i.Register = "register", i.RegisterStart = "register:start", i.SignOut = "signout", i.Error = "error", i.Refresh = "refresh", i.RefreshStart = "refresh:start", i.TokenCacheExpired = "token-cache-expired", i))(a || {});
+class H {
+  constructor() {
+    this.subscribers = /* @__PURE__ */ new Map();
+  }
+  /**
+   * Subscribe to authentication events
+   * @param subscriber The subscriber to register
+   * @param events Optional specific events to subscribe to
+   */
+  subscribe(e, t) {
+    if (t?.length) {
+      const s = new Set(t);
+      this.subscribers.set(e, s);
+    } else
+      this.subscribers.set(e, null);
+  }
+  /**
+   * Unsubscribe from authentication events
+   * @param subscriber The subscriber to unregister
+   * @param events Optional specific events to unsubscribe from
+   */
+  unsubscribe(e, t) {
+    if (!t?.length) {
+      this.subscribers.delete(e);
+      return;
+    }
+    const s = this.subscribers.get(e);
+    s && (t.forEach((r) => s.delete(r)), s.size === 0 && this.subscribers.delete(e));
+  }
+  /**
+   * Notify subscribers of an event
+   * @param eventType The type of event that occurred
+   * @param payload Event-specific payload data
+   */
+  notify(e, t) {
+    this.subscribers.forEach((s, r) => {
+      (!s || s.has(e)) && r.onAuthChange?.(e, t);
+    });
+  }
+}
+class q {
+  constructor(e, t, s, r, o, n, h, l, p, v, k) {
+    this.authApi = e, this.deviceService = t, this.storageManager = s, this.subscribeStore = r, this.tokenCacheService = o, this.scopes = n, this.createTenantForNewUser = h, this.origin = l, this.url = p, this.sessionCallbacks = v, this.appId = k;
+  }
+  async signIn(e) {
+    this.subscribeStore.notify(a.SignInStart, { email: e.email });
+    const t = this.deviceService.getDeviceId(), s = w.web;
+    e.scopes = e.scopes ?? this.scopes;
+    try {
+      const r = await this.authApi.signIn(e, t, s);
+      return r.scopes = e.scopes, this.storageManager.saveTokens(r), this.tokenCacheService.setTokensCache(r), this.subscribeStore.notify(a.SignIn, {
+        tokens: r,
+        parsedTokens: this.tokenCacheService.getParsedTokenCache()
+      }), await this.submitSessionCheck(), r;
+    } catch (r) {
+      const o = {
+        message: r instanceof Error ? r.message : "Sign in failed",
+        originalError: r,
+        code: r instanceof u ? r.id : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, o), r;
+    }
+  }
+  async signUp(e) {
+    this.subscribeStore.notify(a.RegisterStart, { email: e.user.email }), e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
+    try {
+      const t = await this.authApi.signUp(e);
+      return t.scopes = e.scopes, this.storageManager.saveTokens(t), this.tokenCacheService.setTokensCache(t), this.subscribeStore.notify(a.Register, {
+        tokens: t,
+        parsedTokens: this.tokenCacheService.getParsedTokenCache()
+      }), await this.submitSessionCheck(), t;
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Sign up failed",
+        originalError: t,
+        code: t instanceof u ? t.id : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  async passwordlessSignIn(e) {
+    this.subscribeStore.notify(a.SignInStart, { email: e.email }), e.scopes = e.scopes ?? this.scopes;
+    const t = this.deviceService.getDeviceId(), s = w.web;
+    try {
+      return await this.authApi.passwordlessSignIn(e, t, s);
+    } catch (r) {
+      const o = {
+        message: r instanceof Error ? r.message : "Failed to send passwordless sign-in link",
+        originalError: r,
+        code: r instanceof u ? r.id : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, o), r;
+    }
+  }
+  async passwordlessSignInComplete(e) {
+    this.subscribeStore.notify(a.SignInStart, {}), e.scopes = e.scopes ?? this.scopes, e.device = this.deviceService.getDeviceId();
+    try {
+      const t = await this.authApi.passwordlessSignInComplete(e);
+      return t.scopes = e.scopes, this.storageManager.saveTokens(t), this.tokenCacheService.setTokensCache(t), this.subscribeStore.notify(a.SignIn, {
+        tokens: t,
+        parsedTokens: this.tokenCacheService.getParsedTokenCache()
+      }), await this.submitSessionCheck(), t;
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Passwordless sign in failed",
+        originalError: t,
+        code: t instanceof u ? t.id : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  async logOut() {
+    const e = this.storageManager.getToken(g.refresh_token), t = this.storageManager.getDeviceId();
+    try {
+      if ((await this.authApi.logOut(t, e, !this.appId)).status !== "ok")
+        throw new Error("Logout failed");
+      this.storageManager.deleteTokens(), this.subscribeStore.notify(a.SignOut, {});
+    } catch (s) {
+      throw console.error(s), s;
+    }
+  }
+  async refreshToken() {
+    this.subscribeStore.notify(a.RefreshStart, {});
+    const e = this.storageManager.getTokens();
+    if (e) {
+      if (!e?.refresh_token) {
+        const s = new Error("No refresh token found"), r = {
+          message: "No refresh token found",
+          originalError: s
+        };
+        throw this.subscribeStore.notify(a.Error, r), s;
+      }
+    } else {
+      const s = new Error("No tokens found"), r = {
+        message: "No tokens found",
+        originalError: s
+      };
+      throw this.subscribeStore.notify(a.Error, r), s;
+    }
+    const t = e?.scopes ?? this.scopes;
+    try {
+      const s = await this.authApi.refreshToken(e?.refresh_token ?? "", t, e?.access_token);
+      return s.scopes = t, this.storageManager.saveTokens(s), this.tokenCacheService.setTokensCache(s), this.subscribeStore.notify(a.Refresh, {
+        tokens: s,
+        parsedTokens: this.tokenCacheService.getParsedTokenCache()
+      }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.isExpired = !1, this.tokenCacheService.startTokenCheck(), s;
+    } catch (s) {
+      const r = {
+        message: s instanceof Error ? s.message : "Token refresh failed",
+        originalError: s,
+        code: s instanceof u ? s.id : void 0,
+        details: T.isAxiosError(s) && s.response ? {
+          status: s.response.status,
+          data: s.response.data
+        } : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, r), s instanceof u ? s : T.isAxiosError(s) && s.response && s.response?.status >= 400 && s.response?.status < 500 ? new Error(`Getting unknown error message from server with code:${s.response.status}`) : s;
+    }
+  }
+  async sendPasswordResetEmail(e) {
+    try {
+      return await this.authApi.sendPasswordResetEmail(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to send password reset email",
+        originalError: t,
+        code: t instanceof u ? t.id : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  async resetPassword(e, t) {
+    this.subscribeStore.notify(a.SignInStart, {});
+    const r = new URLSearchParams(window.location.search).get("token") ?? void 0, o = t ?? this.scopes;
+    try {
+      const n = await this.authApi.resetPassword(e, o, r);
+      return n.scopes = o, this.storageManager.saveTokens(n), this.tokenCacheService.setTokensCache(n), this.subscribeStore.notify(a.SignIn, {
+        tokens: n,
+        parsedTokens: this.tokenCacheService.getParsedTokenCache()
+      }), await this.submitSessionCheck(), n;
+    } catch (n) {
+      const h = {
+        message: n instanceof Error ? n.message : "Password reset failed",
+        originalError: n,
+        code: n instanceof u ? n.id : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, h), n;
+    }
+  }
+  async passkeyRegister(e) {
+    this.subscribeStore.notify(a.RegisterStart, {});
+    const t = this.deviceService.getDeviceId(), s = w.web;
+    e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
+    try {
+      const { challenge_id: r, publicKey: o } = await this.authApi.passkeyRegisterStart(e, t, s, !this.appId);
+      o.user.id = btoa(o.user.id);
+      const n = await _({
+        optionsJSON: o
+      }), h = await this.authApi.passkeyRegisterComplete(
+        n,
+        t,
+        r,
+        !this.appId
+      );
+      return h.scopes = e.scopes, this.storageManager.saveTokens(h), this.tokenCacheService.setTokensCache(h), this.subscribeStore.notify(a.Register, {
+        tokens: h,
+        parsedTokens: this.tokenCacheService.getParsedTokenCache()
+      }), await this.submitSessionCheck(), h;
+    } catch (r) {
+      const o = {
+        message: r instanceof Error ? r.message : "Passkey registration failed",
+        originalError: r,
+        code: r instanceof u ? r.id : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, o), r;
+    }
+  }
+  async passkeyAuthenticate(e) {
+    this.subscribeStore.notify(a.SignInStart, {});
+    const t = this.deviceService.getDeviceId(), s = w.web;
+    e.scopes = e.scopes ?? this.scopes;
+    try {
+      const { challenge_id: r, publicKey: o } = await this.authApi.passkeyAuthenticateStart(e, t, s, !this.appId), n = await U({
+        optionsJSON: o
+      }), h = await this.authApi.passkeyAuthenticateComplete(
+        n,
+        t,
+        r,
+        !this.appId
+      );
+      return "access_token" in h && (h.scopes = e.scopes, this.storageManager.saveTokens(h), this.tokenCacheService.setTokensCache(h), this.subscribeStore.notify(a.SignIn, {
+        tokens: h,
+        parsedTokens: this.tokenCacheService.getParsedTokenCache()
+      }), await this.submitSessionCheck()), h;
+    } catch (r) {
+      const o = {
+        message: r instanceof Error ? r.message : "Passkey authentication failed",
+        originalError: r,
+        code: r instanceof u ? r.id : void 0
+      };
+      throw this.subscribeStore.notify(a.Error, o), r;
+    }
+  }
+  createFederatedAuthUrl(e) {
+    const t = `/auth/federated/start/${e.provider}`;
+    if (!this.appId) throw new Error("AppId is required for federated auth");
+    const r = {
+      scopes: (e.scopes ?? this.scopes).join(" "),
+      redirect_url: e.redirect_url ?? this.origin,
+      appId: this.appId,
+      ...e.invite_token ? { invite_token: e.invite_token } : {},
+      ...e.create_tenant ? { create_tenant: e.create_tenant.toString() } : {},
+      ...e.device ? { device: e.device } : {}
+    }, o = new URL(t, this.url), n = new URLSearchParams(r);
+    return o.search = n.toString(), o.toString();
+  }
+  federatedAuthWithPopup(e) {
+    this.subscribeStore.notify(a.SignInStart, { provider: e.provider });
+    const t = e.scopes ?? this.scopes, s = this.deviceService.getDeviceId(), r = this.createFederatedAuthUrl({ ...e, scopes: t, device: s }), o = window.open(r, "_blank", "width=500,height=500");
+    if (!o)
+      this.federatedAuthWithRedirect(e);
+    else {
+      const n = setInterval(() => {
+        if (o.location.href.startsWith(this.origin)) {
+          const h = new URLSearchParams(o.location.search), l = h.get("access_token") || "", p = h.get("refresh_token") || "", v = h.get("id_token") || "", k = {
+            access_token: l,
+            refresh_token: p,
+            id_token: v,
+            scopes: t
+          };
+          this.storageManager.saveTokens(k), this.tokenCacheService.setTokensCache(k), this.subscribeStore.notify(a.SignIn, {
+            tokens: k,
+            parsedTokens: this.tokenCacheService.getParsedTokenCache()
+          }), window.location.href = `${this.origin}`, clearInterval(n), o.close();
+        }
+      }, 100);
+    }
+  }
+  federatedAuthWithRedirect(e) {
+    this.subscribeStore.notify(a.SignInStart, { provider: e.provider });
+    const t = e.scopes ?? this.scopes, s = this.deviceService.getDeviceId(), r = this.createFederatedAuthUrl({ ...e, scopes: t, device: s });
+    window.location.href = r;
+  }
+  // Helper methods for authentication UI redirect
+  authRedirectUrl(e = {}) {
+    try {
+      const { url: t, redirectUrl: s, scopes: r, appId: o } = e ?? {}, n = new URL(t ?? this.url);
+      n.pathname = (n.pathname.endsWith("/") ? n.pathname : n.pathname + "/") + "web";
+      const h = r ?? this.scopes, l = {
+        appId: o ?? this.appId ?? "",
+        redirectto: s ?? window.location.href,
+        scopes: h.join(",")
+      }, p = new URLSearchParams(l);
+      return n.search = p.toString(), n.toString();
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to create auth redirect URL",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  authRedirect(e = {}) {
+    try {
+      window.location.href = this.authRedirectUrl(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to redirect to auth page",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  /**
+   * Check if user is authenticated
+   */
+  isAuthenticated(e) {
+    try {
+      return e ? !f(e.access_token) || !!e.refresh_token && !f(e.refresh_token) : !1;
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to check authentication status",
+        originalError: t
+      };
+      return this.subscribeStore.notify(a.Error, s), !1;
+    }
+  }
+  /**
+   * Handle session check and callbacks
+   */
+  async submitSessionCheck(e = !1) {
+    let t, s;
+    try {
+      t = await this.getTokens(e), s = this.tokenCacheService.getParsedTokenCache();
+    } catch (r) {
+      const o = {
+        message: r instanceof Error || r instanceof u ? r.message : "Session check failed",
+        originalError: r
+      };
+      this.subscribeStore.notify(a.Error, o), t = void 0;
+    }
+    return t && this.sessionCallbacks.createSession && await this.sessionCallbacks.createSession({ tokens: t, parsedTokens: s }), !t && this.sessionCallbacks.expiredSession && await this.sessionCallbacks.expiredSession(), t;
+  }
+  /**
+   * Get tokens and refresh if needed
+   */
+  async getTokens(e) {
+    try {
+      const t = this.storageManager.getTokens();
+      if (!t || !t.access_token) return;
+      const s = d(t.access_token);
+      return f(s) ? e ? await this.refreshToken() : void 0 : t;
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to get tokens",
+        originalError: t
+      };
+      this.subscribeStore.notify(a.Error, s);
+      return;
+    }
+  }
+}
+class V {
+  constructor(e) {
+    this.invitationAPI = e;
+  }
+  /**
+   * Requests an invitation link that can be used to invite users
+   * @param payload Request invitation payload
+   * @returns Promise with invitation link and token
+   */
+  requestInviteLink(e) {
+    return this.invitationAPI.requestInviteLink(e);
+  }
+  /**
+   * Gets a list of active invitations
+   * @param options Optional parameters for filtering and pagination
+   * @returns Promise with paginated list of invitations
+   */
+  getInvitations(e) {
+    return this.invitationAPI.getInvitations(e);
+  }
+  /**
+   * Deletes an invitation by token
+   * @param token The invitation token to delete
+   * @returns Promise with success response
+   */
+  deleteInvitation(e) {
+    return this.invitationAPI.deleteInvitation(e);
+  }
+  /**
+   * Resends an invitation by token
+   * @param token The invitation token to resend
+   * @returns Promise with success response
+   */
+  resendInvitation(e) {
+    return this.invitationAPI.resendInvitation(e);
+  }
+  /**
+   * Gets a link to an invitation by id
+   * @param invitationID The invitation ID to get link
+   * @returns Promise with the link
+   */
+  getInvitationLink(e) {
+    return this.invitationAPI.getInvitationLink(e);
+  }
+}
+class z {
+  error(e, ...t) {
+    console.error(e, ...t);
+  }
+  warn(e, ...t) {
+    console.warn(e, ...t);
+  }
+  info(e, ...t) {
+    console.info(e, ...t);
+  }
+  debug(e, ...t) {
+    console.debug(e, ...t);
+  }
+}
+function J() {
+  return new z();
+}
+class Y {
+  constructor(e) {
+    this.data = this.normalize(e);
+  }
+  normalize(e) {
+    const t = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), o = [];
+    return e.groups?.forEach((n) => {
+      s.set(n.id, {
+        id: n.id,
+        name: n.name,
+        default: n.default ?? !1,
+        updated_at: n.updated_at,
+        created_at: n.created_at
+      });
+    }), e.roles?.forEach((n) => {
+      r.set(n.id, {
+        id: n.id,
+        tenant_id: n.tenant_id,
+        name: n.name
+      });
+    }), e.users_in_groups?.forEach((n) => {
+      const h = n.user;
+      h && !t.has(h.id) && t.set(h.id, {
+        id: h.id,
+        name: h.name ?? null,
+        email: h.email ?? null,
+        phone: h.phone ?? null
+      }), h && n.group_id && s.has(n.group_id) && o.push({
+        userId: h.id,
+        groupId: n.group_id,
+        roleIds: n.roles?.map((l) => l.id) ?? []
+      });
+    }), {
+      tenant_id: e.tenant_id,
+      tenant_name: e.tenant_name,
+      users: Array.from(t.values()),
+      groups: Array.from(s.values()),
+      roles: Array.from(r.values()),
+      memberships: o,
+      usersById: t,
+      groupsById: s,
+      rolesById: r
+    };
+  }
+  /**
+   * Returns all users in the specified group.
+   */
+  getUsersInGroup(e) {
+    return this.data.memberships.filter((t) => t.groupId === e).map((t) => this.data.usersById.get(t.userId)).filter((t) => t !== void 0);
+  }
+  /**
+   * Returns all groups to which the specified user belongs.
+   */
+  getGroupsForUser(e) {
+    return this.data.memberships.filter((t) => t.userId === e).map((t) => this.data.groupsById.get(t.groupId)).filter((t) => t !== void 0);
+  }
+  /**
+   * Returns all roles that the specified user has in the specified group.
+   */
+  getUserRolesInGroup(e, t) {
+    const s = this.data.memberships.find((r) => r.userId === e && r.groupId === t);
+    return s ? s.roleIds.map((r) => this.data.rolesById.get(r)).filter((r) => r !== void 0) : [];
+  }
+  /**
+   * Returns the full TenantData object.
+   */
+  getData() {
+    return this.data;
+  }
+}
+class X {
+  constructor(e, t, s) {
+    this.tenantAPI = e, this.scopes = t, this.logger = s || J();
+  }
+  /**
+   * Handle Passflow API errors
+   * @param error The error object
+   * @param context Context information for logging
+   * @throws Formatted error with Passflow API error details
+   */
+  handlePassflowError(e, t) {
+    if (T.isAxiosError(e) && e.response?.data) {
+      const s = e.response.data;
+      if (typeof s == "object" && s !== null && "error" in s && typeof s.error == "object" && s.error !== null) {
+        const r = s.error;
+        throw this.logger.error(`${t}: ${r.id} - ${r.message} (Status: ${r.status})`), new Error(`Passflow API Error: ${r.id} - ${r.message} (Status: ${r.status})`);
+      }
+    }
+    throw this.logger.error(`${t}:`, e), e instanceof Error ? e : new Error(String(e));
+  }
+  /**
+   * Join a tenant invitation
+   * @param token The invitation token
+   * @param scopes Optional scopes to request
+   * @returns Promise with invite response
+   */
+  async joinInvitation(e, t) {
+    try {
+      const s = t ?? this.scopes;
+      return await this.tenantAPI.joinInvitation(e, s);
+    } catch (s) {
+      this.handlePassflowError(s, "Join invitation failed");
+    }
+  }
+  /**
+   * Create a new tenant
+   * @param name The name of the tenant
+   * @returns Promise with tenant response
+   */
+  async createTenant(e) {
+    try {
+      return await this.tenantAPI.createTenant(e);
+    } catch (t) {
+      this.handlePassflowError(t, "Tenant creation failed");
+    }
+  }
+  // 1. Tenant Management
+  /**
+   * Get tenant details
+   * @param tenantId Tenant ID
+   * @returns Promise with tenant response
+   */
+  /**
+   * Get tenant details
+   * @param tenantId Tenant ID
+   * @returns Promise with tenant response
+   */
+  async getTenantDetails(e) {
+    try {
+      return await this.tenantAPI.getTenantDetails(e);
+    } catch (t) {
+      this.handlePassflowError(t, `Get tenant details failed for tenant ID ${e}`);
+    }
+  }
+  /**
+   * Get tenant details and transform into TenantUserMembership
+   * @param tenantId Tenant ID
+   * @returns Promise with TenantUserMembership instance
+   */
+  async getTenantUserMembership(e) {
+    try {
+      const t = await this.tenantAPI.getTenantDetails(e);
+      return new Y(t);
+    } catch (t) {
+      this.handlePassflowError(t, `Get tenant user membership failed for tenant ID ${e}`);
+    }
+  }
+  /**
+   * Update tenant name
+   * @param tenantId Tenant ID
+   * @param name New tenant name
+   * @returns Promise with status response
+   */
+  async updateTenant(e, t) {
+    try {
+      return await this.tenantAPI.updateTenant(e, t);
+    } catch (s) {
+      this.handlePassflowError(s, `Update tenant failed for tenant ID ${e}`);
+    }
+  }
+  /**
+   * Delete a tenant
+   * @param tenantId Tenant ID
+   * @returns Promise with status response
+   */
+  async deleteTenant(e) {
+    try {
+      return await this.tenantAPI.deleteTenant(e);
+    } catch (t) {
+      this.handlePassflowError(t, `Delete tenant failed for tenant ID ${e}`);
+    }
+  }
+  /**
+   * Get user's tenant memberships
+   * @returns Promise with user tenant membership response
+   */
+  async getUserTenantMembership() {
+    try {
+      return await this.tenantAPI.getUserTenantMembership();
+    } catch (e) {
+      this.handlePassflowError(e, "Get user tenant memberships failed");
+    }
+  }
+  // 2. Group Management
+  /**
+   * Create a group in a tenant
+   * @param tenantId Tenant ID
+   * @param name Group name
+   * @returns Promise with group response
+   */
+  async createGroup(e, t) {
+    try {
+      return await this.tenantAPI.createGroup(e, t);
+    } catch (s) {
+      this.handlePassflowError(s, `Group creation failed for tenant ID ${e}`);
+    }
+  }
+  /**
+   * Get group information
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @returns Promise with group response
+   */
+  async getGroupInfo(e, t) {
+    try {
+      return await this.tenantAPI.getGroupInfo(e, t);
+    } catch (s) {
+      this.handlePassflowError(s, `Get group info failed for tenant ID ${e}, group ID ${t}`);
+    }
+  }
+  /**
+   * Update a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param name New group name
+   * @returns Promise with group response
+   */
+  async updateGroup(e, t, s) {
+    try {
+      return await this.tenantAPI.updateGroup(e, t, s);
+    } catch (r) {
+      this.handlePassflowError(r, `Update group failed for tenant ID ${e}, group ID ${t}`);
+    }
+  }
+  /**
+   * Delete a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @returns Promise with status response
+   */
+  async deleteGroup(e, t) {
+    try {
+      return await this.tenantAPI.deleteGroup(e, t);
+    } catch (s) {
+      this.handlePassflowError(s, `Delete group failed for tenant ID ${e}, group ID ${t}`);
+    }
+  }
+  /**
+   * Add a user to a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param userId User ID
+   * @param role Role to assign
+   * @returns Promise with status response
+   */
+  async addUserToGroup(e, t, s, r) {
+    try {
+      return await this.tenantAPI.addUserToGroup(e, t, s, r);
+    } catch (o) {
+      this.handlePassflowError(
+        o,
+        `Add user to group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
+      );
+    }
+  }
+  /**
+   * Remove user roles from a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param userId User ID
+   * @param roles Roles to remove
+   * @returns Promise with status response
+   */
+  async removeUserRolesFromGroup(e, t, s, r) {
+    try {
+      return await this.tenantAPI.removeUserRolesFromGroup(e, t, s, r);
+    } catch (o) {
+      this.handlePassflowError(
+        o,
+        `Remove user roles from group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
+      );
+    }
+  }
+  /**
+   * Change user roles in a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param userId User ID
+   * @param roles New roles to assign
+   * @returns Promise with status response
+   */
+  async changeUserRoles(e, t, s, r) {
+    try {
+      return await this.tenantAPI.changeUserRoles(e, t, s, r);
+    } catch (o) {
+      this.handlePassflowError(
+        o,
+        `Change user roles failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
+      );
+    }
+  }
+  /**
+   * Delete a user from a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param userId User ID
+   * @returns Promise with status response
+   */
+  async deleteUserFromGroup(e, t, s) {
+    try {
+      return await this.tenantAPI.deleteUserFromGroup(e, t, s);
+    } catch (r) {
+      this.handlePassflowError(
+        r,
+        `Delete user from group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
+      );
+    }
+  }
+  // 3. Role Management
+  /**
+   * Get roles for a tenant
+   * @param tenantId Tenant ID
+   * @returns Promise with array of role responses
+   */
+  async getRolesForTenant(e) {
+    try {
+      return await this.tenantAPI.getRolesForTenant(e);
+    } catch (t) {
+      this.handlePassflowError(t, `Get roles for tenant failed for tenant ID ${e}`);
+    }
+  }
+  /**
+   * Create a role for a tenant
+   * @param tenantId Tenant ID
+   * @param name Role name
+   * @returns Promise with role response
+   */
+  async createRoleForTenant(e, t) {
+    try {
+      return await this.tenantAPI.createRoleForTenant(e, t);
+    } catch (s) {
+      this.handlePassflowError(s, `Create role for tenant failed for tenant ID ${e}`);
+    }
+  }
+  /**
+   * Update a role
+   * @param tenantId Tenant ID
+   * @param roleId Role ID
+   * @param name New role name
+   * @returns Promise with role response
+   */
+  async updateRole(e, t, s) {
+    try {
+      return await this.tenantAPI.updateRole(e, t, s);
+    } catch (r) {
+      this.handlePassflowError(r, `Update role failed for tenant ID ${e}, role ID ${t}`);
+    }
+  }
+  /**
+   * Delete a role
+   * @param tenantId Tenant ID
+   * @param roleId Role ID
+   * @returns Promise with status response
+   */
+  async deleteRole(e, t) {
+    try {
+      return await this.tenantAPI.deleteRole(e, t);
+    } catch (s) {
+      this.handlePassflowError(s, `Delete role failed for tenant ID ${e}, role ID ${t}`);
+    }
+  }
+  // 4. User Management in Tenants
+  /**
+   * Delete a user from a tenant
+   * @param tenantId Tenant ID
+   * @param userId User ID
+   * @returns Promise with status response
+   */
+  async deleteUserFromTenant(e, t) {
+    try {
+      return await this.tenantAPI.deleteUserFromTenant(e, t);
+    } catch (s) {
+      this.handlePassflowError(s, `Delete user from tenant failed for tenant ID ${e}, user ID ${t}`);
+    }
+  }
+  // 5. Invitation Management
+  /**
+   * Get invitations to a group
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param limit Maximum number of invitations to return
+   * @param skip Number of invitations to skip
+   * @returns Promise with invitations response
+   */
+  async getGroupInvitations(e, t, s, r) {
+    try {
+      return await this.tenantAPI.getGroupInvitations(e, t, s, r);
+    } catch (o) {
+      this.handlePassflowError(o, `Get group invitations failed for tenant ID ${e}, group ID ${t}`);
+    }
+  }
+  /**
+   * Get invitations to a tenant
+   * @param tenantId Tenant ID
+   * @param limit Maximum number of invitations to return
+   * @param skip Number of invitations to skip
+   * @returns Promise with invitations response
+   */
+  async getTenantInvitations(e, t, s) {
+    try {
+      return await this.tenantAPI.getTenantInvitations(e, t, s);
+    } catch (r) {
+      this.handlePassflowError(r, `Get tenant invitations failed for tenant ID ${e}`);
+    }
+  }
+  /**
+   * Invalidate an invitation by ID
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param inviteId Invitation ID
+   * @returns Promise with empty record
+   */
+  async invalidateInviteById(e, t, s) {
+    try {
+      return await this.tenantAPI.invalidateInviteById(e, t, s);
+    } catch (r) {
+      this.handlePassflowError(
+        r,
+        `Invalidate invite by ID failed for tenant ID ${e}, group ID ${t}, invite ID ${s}`
+      );
+    }
+  }
+  /**
+   * Invalidate an invitation by email
+   * @param tenantId Tenant ID
+   * @param groupId Group ID
+   * @param email Email address
+   * @returns Promise with empty record
+   */
+  async invalidateInviteByEmail(e, t, s) {
+    try {
+      return await this.tenantAPI.invalidateInviteByEmail(e, t, s);
+    } catch (r) {
+      this.handlePassflowError(
+        r,
+        `Invalidate invite by email failed for tenant ID ${e}, group ID ${t}, email ${s}`
+      );
+    }
+  }
+}
+class Q {
+  constructor(e, t) {
+    this.userAPI = e, this.deviceService = t;
+  }
+  /**
+   * Get user's registered passkeys
+   * @returns Promise with passkeys array
+   */
+  getUserPasskeys() {
+    return this.userAPI.getUserPasskeys();
+  }
+  /**
+   * Rename a user passkey
+   * @param name The new name for the passkey
+   * @param passkeyId The ID of the passkey to rename
+   * @returns Promise with success response
+   */
+  renameUserPasskey(e, t) {
+    return this.userAPI.renameUserPasskey(e, t);
+  }
+  /**
+   * Delete a user passkey
+   * @param passkeyId The ID of the passkey to delete
+   * @returns Promise with success response
+   */
+  deleteUserPasskey(e) {
+    return this.userAPI.deleteUserPasskey(e);
+  }
+  /**
+   * Add a new passkey for the current user
+   * @param options Optional parameters for the passkey
+   * @returns Promise that resolves when the passkey is added
+   */
+  async addUserPasskey({
+    relyingPartyId: e,
+    passkeyUsername: t,
+    passkeyDisplayName: s
+  } = {}) {
+    const r = this.deviceService.getDeviceId(), o = w.web, { challenge_id: n, publicKey: h } = await this.userAPI.addUserPasskeyStart({
+      relyingPartyId: e || window?.location?.hostname,
+      deviceId: r,
+      os: o,
+      passkeyDisplayName: s,
+      passkeyUsername: t
+    });
+    h.user.id = btoa(h.user.id);
+    const l = await _({ optionsJSON: h });
+    return await this.userAPI.addUserPasskeyComplete(l, r, n);
+  }
+}
+class Z {
+  constructor(e, t, s) {
+    this.storageManager = e, this.authApi = t, this.subscribeStore = s, this.checkInterval = null, this.CHECK_INTERVAL = 10, this.isRefreshing = !1, this.isExpired = !1, this.storageManager = e, this.authApi = t;
+  }
+  initialize() {
+    try {
+      const e = this.storageManager.getTokens();
+      if (!e || !e.access_token) {
+        this.startTokenCheck();
+        return;
+      }
+      const t = d(e.access_token);
+      f(t) ? (this.isExpired = !0, this.stopTokenCheck(), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !0 })) : (this.setTokensCache(e), this.startTokenCheck());
+    } catch (e) {
+      const t = {
+        message: e instanceof Error ? e.message : "Failed to get tokens",
+        originalError: e
+      };
+      this.subscribeStore.notify(a.Error, t), this.setTokensCache(void 0);
+    }
+  }
+  async refreshTokensCache(e) {
+    if (!this.isRefreshing)
+      try {
+        this.isRefreshing = !0, this.subscribeStore.notify(a.RefreshStart, {});
+        const t = await this.authApi.refreshToken(e?.refresh_token ?? "", e.scopes ?? [], e.access_token);
+        this.setTokensCache(t), this.subscribeStore.notify(a.Refresh, { tokens: t, parsedTokens: this.getParsedTokenCache() }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.isExpired = !1, this.startTokenCheck();
+      } catch (t) {
+        const s = {
+          message: t instanceof Error ? t.message : "Failed to get tokens",
+          originalError: t
+        };
+        this.subscribeStore.notify(a.Error, s), this.setTokensCache(void 0);
+      } finally {
+        this.isRefreshing = !1;
+      }
+  }
+  startTokenCheck() {
+    this.checkInterval && clearInterval(this.checkInterval), !this.isExpired && (this.checkInterval = setInterval(() => {
+      this.isRefreshing || this.isExpired || this.tokensCacheIsExpired() && !this.isExpired && (this.isExpired = !0, this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !0 }), this.stopTokenCheck());
+    }, this.CHECK_INTERVAL));
+  }
+  stopTokenCheck() {
+    this.checkInterval && (clearInterval(this.checkInterval), this.checkInterval = null);
+  }
+  setTokensCache(e) {
+    this.tokensCache = e, e ? this.parsedTokensCache = {
+      access_token: d(e.access_token),
+      id_token: e.id_token ? d(e.id_token) : void 0,
+      refresh_token: e.refresh_token ? d(e.refresh_token) : void 0,
+      scopes: e.scopes
+    } : this.parsedTokensCache = void 0;
+  }
+  getTokensCache() {
+    return this.tokensCache;
+  }
+  async getTokensCacheWithRefresh() {
+    try {
+      if (!this.tokensCache) return this.tokensCache;
+      const e = d(this.tokensCache.access_token);
+      return f(e) && !this.isExpired ? (await this.refreshTokensCache(this.tokensCache), this.tokensCache) : this.tokensCache;
+    } catch (e) {
+      const t = {
+        message: e instanceof Error ? e.message : "Failed to get tokens",
+        originalError: e
+      };
+      this.subscribeStore.notify(a.Error, t);
+      return;
+    }
+  }
+  getParsedTokenCache() {
+    return this.parsedTokensCache;
+  }
+  tokensCacheIsExpired() {
+    if (!this.tokensCache) return !0;
+    const e = d(this.tokensCache.access_token);
+    return f(e);
+  }
+}
+class ie {
+  constructor(e) {
+    this.doRefreshTokens = !1, this.origin = window.location.origin, this.session = async ({
+      createSession: o,
+      expiredSession: n,
+      doRefresh: h = !1
+    }) => {
+      this.createSessionCallback = o, this.expiredSessionCallback = n, this.doRefreshTokens = h, await this.submitSessionCheck();
+    };
+    const { url: t, appId: s, scopes: r } = e;
+    this.url = t || A, this.appId = s, this.authApi = new O(e), this.appApi = new j(e), this.userApi = new N(e), this.settingApi = new K(e), this.tenantAPI = new B(e), this.invitationAPI = new W(e), this.storageManager = new b({
+      prefix: e.keyStoragePrefix ?? ""
+    }), this.deviceService = new $(), this.subscribeStore = new H(), this.tokenCacheService = new Z(this.storageManager, this.authApi, this.subscribeStore), this.scopes = r ?? F, this.createTenantForNewUser = e.createTenantForNewUser ?? !1, this.authService = new q(
+      this.authApi,
+      this.deviceService,
+      this.storageManager,
+      this.subscribeStore,
+      this.tokenCacheService,
+      this.scopes,
+      this.createTenantForNewUser,
+      this.origin,
+      this.url,
+      {
+        createSession: this.createSessionCallback,
+        expiredSession: this.expiredSessionCallback
+      },
+      this.appId ?? ""
+    ), this.userService = new Q(this.userApi, this.deviceService), this.tenantService = new X(this.tenantAPI, this.scopes), this.tenant = this.tenantService, this.invitationService = new V(this.invitationAPI), e.parseQueryParams && this.checkAndSetTokens(), this.setTokensToCacheFromLocalStorage();
+  }
+  async submitSessionCheck() {
+    let e, t;
+    try {
+      e = await this.authService.getTokens(this.doRefreshTokens), t = this.tokenCacheService.getParsedTokenCache();
+    } catch (s) {
+      const r = {
+        message: s instanceof Error || s instanceof u ? s.message : "Session check failed",
+        originalError: s
+      };
+      this.subscribeStore.notify(a.Error, r), e = void 0;
+    }
+    e && this.createSessionCallback && await this.createSessionCallback({ tokens: e, parsedTokens: t }), !e && this.expiredSessionCallback && await this.expiredSessionCallback();
+  }
+  // Event subscription
+  subscribe(e, t) {
+    this.subscribeStore.subscribe(e, t), this.tokenCacheService.initialize();
+  }
+  unsubscribe(e, t) {
+    this.subscribeStore.unsubscribe(e, t);
+  }
+  // Token handling
+  handleTokensRedirect() {
+    return this.checkAndSetTokens();
+  }
+  checkAndSetTokens() {
+    const e = new URLSearchParams(window.location.search), t = e.get("access_token"), s = e.get("refresh_token"), r = e.get("id_token"), o = e.get("scopes")?.split(",") ?? this.scopes;
+    let n;
+    if (t)
+      return n = {
+        access_token: t,
+        refresh_token: s ?? void 0,
+        id_token: r ?? void 0,
+        scopes: o
+      }, this.storageManager.saveTokens(n), this.tokenCacheService.setTokensCache(n), this.subscribeStore.notify(a.SignIn, { tokens: n, parsedTokens: this.getParsedTokenCache() }), this.submitSessionCheck(), e.delete("access_token"), e.delete("refresh_token"), e.delete("id_token"), e.delete("client_challenge"), e.size > 0 ? window.history.replaceState({}, document.title, `${window.location.pathname}?${e.toString()}`) : window.history.replaceState({}, document.title, window.location.pathname), this.error = void 0, n;
+    this.error = this.checkErrorsFromURL();
+  }
+  checkErrorsFromURL() {
+    const t = new URLSearchParams(window.location.search).get("error");
+    if (t)
+      return new Error(t);
+  }
+  setTokensToCacheFromLocalStorage() {
+    const e = this.storageManager.getTokens();
+    e && this.tokenCacheService.setTokensCache(e);
+  }
+  getTokensCache() {
+    return this.tokenCacheService.getTokensCache();
+  }
+  getTokensCacheWithRefresh() {
+    return this.tokenCacheService.getTokensCacheWithRefresh();
+  }
+  getParsedTokenCache() {
+    return this.tokenCacheService.getParsedTokenCache();
+  }
+  tokensCacheIsExpired() {
+    return this.tokenCacheService.tokensCacheIsExpired();
+  }
+  // Auth delegation methods
+  isAuthenticated() {
+    const e = this.storageManager.getTokens();
+    if (!e || !e.access_token) return !1;
+    const t = {
+      access_token: d(e.access_token),
+      refresh_token: e.refresh_token ? d(e.refresh_token) : void 0
+    };
+    return this.authService.isAuthenticated(t);
+  }
+  async signIn(e) {
+    return await this.authService.signIn(e);
+  }
+  async signUp(e) {
+    return await this.authService.signUp(e);
+  }
+  passwordlessSignIn(e) {
+    return this.authService.passwordlessSignIn(e);
+  }
+  async passwordlessSignInComplete(e) {
+    return await this.authService.passwordlessSignInComplete(e);
+  }
+  async logOut() {
+    try {
+      await this.authService.logOut(), this.storageManager.deleteTokens(), await this.submitSessionCheck();
+    } catch (e) {
+      const t = {
+        message: e instanceof Error ? e.message : "Failed to log out",
+        originalError: e
+      };
+      this.subscribeStore.notify(a.Error, t);
+    }
+    this.tokenCacheService.setTokensCache(void 0), this.subscribeStore.notify(a.SignOut, {});
+  }
+  federatedAuthWithPopup(e) {
+    this.authService.federatedAuthWithPopup(e);
+  }
+  federatedAuthWithRedirect(e) {
+    this.authService.federatedAuthWithRedirect(e);
+  }
+  reset(e) {
+    if (this.storageManager.deleteTokens(), this.tokenCacheService.setTokensCache(void 0), this.subscribeStore.notify(a.SignOut, {}), e) {
+      this.error = new Error(e);
+      const t = {
+        message: e,
+        code: "RESET_ERROR"
+      };
+      throw this.subscribeStore.notify(a.Error, t), this.error;
+    }
+  }
+  async refreshToken() {
+    if (!this.tokenCacheService.parsedTokensCache?.refresh_token)
+      throw new Error("No refresh token found");
+    try {
+      return await this.authService.refreshToken();
+    } catch (e) {
+      throw e instanceof u || this.subscribeStore.notify(a.Error, {
+        message: "Failed to refresh token",
+        originalError: e
+      }), e;
+    }
+  }
+  sendPasswordResetEmail(e) {
+    return this.authService.sendPasswordResetEmail(e);
+  }
+  async resetPassword(e, t) {
+    return await this.authService.resetPassword(e, t);
+  }
+  // App settings
+  async getAppSettings() {
+    try {
+      return await this.appApi.getAppSettings();
+    } catch (e) {
+      const t = {
+        message: e instanceof Error ? e.message : "Failed to get app settings",
+        originalError: e
+      };
+      throw this.subscribeStore.notify(a.Error, t), e;
+    }
+  }
+  async getSettingsAll() {
+    try {
+      return await this.settingApi.getSettingsAll();
+    } catch (e) {
+      const t = {
+        message: e instanceof Error ? e.message : "Failed to get all settings",
+        originalError: e
+      };
+      throw this.subscribeStore.notify(a.Error, t), e;
+    }
+  }
+  async getPasswordPolicySettings() {
+    try {
+      return await this.settingApi.getPasswordPolicySettings();
+    } catch (e) {
+      const t = {
+        message: e instanceof Error ? e.message : "Failed to get password policy settings",
+        originalError: e
+      };
+      throw this.subscribeStore.notify(a.Error, t), e;
+    }
+  }
+  async getPasskeySettings() {
+    try {
+      return await this.settingApi.getPasskeySettings();
+    } catch (e) {
+      const t = {
+        message: e instanceof Error ? e.message : "Failed to get passkey settings",
+        originalError: e
+      };
+      throw this.subscribeStore.notify(a.Error, t), e;
+    }
+  }
+  // Passkey methods
+  async passkeyRegister(e) {
+    return await this.authService.passkeyRegister(e);
+  }
+  async passkeyAuthenticate(e) {
+    return await this.authService.passkeyAuthenticate(e);
+  }
+  // Token management
+  setTokens(e) {
+    this.storageManager.saveTokens(e), this.tokenCacheService.setTokensCache(e), this.subscribeStore.notify(a.SignIn, {
+      tokens: e,
+      parsedTokens: this.tokenCacheService.getParsedTokenCache()
+    });
+  }
+  // Add getTokens method
+  async getTokens(e = !1) {
+    return await this.authService.getTokens(e);
+  }
+  // Get token from storage by key
+  getToken(e) {
+    return this.storageManager.getToken(e);
+  }
+  // User passkey methods delegated to UserService
+  async getUserPasskeys() {
+    try {
+      return await this.userService.getUserPasskeys();
+    } catch (e) {
+      const t = {
+        message: e instanceof Error ? e.message : "Failed to get user passkeys",
+        originalError: e
+      };
+      throw this.subscribeStore.notify(a.Error, t), e;
+    }
+  }
+  async renameUserPasskey(e, t) {
+    try {
+      return await this.userService.renameUserPasskey(e, t);
+    } catch (s) {
+      const r = {
+        message: s instanceof Error ? s.message : "Failed to rename user passkey",
+        originalError: s
+      };
+      throw this.subscribeStore.notify(a.Error, r), s;
+    }
+  }
+  async deleteUserPasskey(e) {
+    try {
+      return await this.userService.deleteUserPasskey(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to delete user passkey",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  async addUserPasskey(e) {
+    try {
+      return await this.userService.addUserPasskey(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to add user passkey",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  // Tenant methods delegated to TenantService
+  /**
+   * Join a tenant invitation
+   * @param token The invitation token
+   * @param scopes Optional scopes to request
+   * @returns Promise with invite response
+   */
+  async joinInvitation(e, t) {
+    try {
+      const s = await this.tenant.joinInvitation(e, t);
+      return s.scopes = t ?? this.scopes, this.storageManager.saveTokens(s), this.tokenCacheService.setTokensCache(s), s;
+    } catch (s) {
+      const r = {
+        message: s instanceof Error ? s.message : "Failed to join invitation",
+        originalError: s
+      };
+      throw this.subscribeStore.notify(a.Error, r), s;
+    }
+  }
+  /**
+   * Create a new tenant
+   * @param name The name of the tenant
+   * @param refreshToken Whether to refresh the token after creating the tenant
+   * @returns Promise with tenant response
+   */
+  async createTenant(e, t) {
+    try {
+      const s = await this.tenant.createTenant(e);
+      return t && await this.refreshToken(), s;
+    } catch (s) {
+      const r = {
+        message: s instanceof Error ? s.message : "Failed to create tenant",
+        originalError: s
+      };
+      throw this.subscribeStore.notify(a.Error, r), s;
+    }
+  }
+  // Invitation methods delegated to InvitationService
+  async requestInviteLink(e) {
+    try {
+      return e.send_to_email === void 0 && (e.send_to_email = !0), await this.invitationService.requestInviteLink(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to request invite link",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  /**
+   * Gets a list of active invitations
+   * @param options Optional parameters for filtering and pagination
+   * @returns Promise with paginated list of invitations
+   */
+  async getInvitations(e) {
+    try {
+      return await this.invitationService.getInvitations(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to get invitations",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  async deleteInvitation(e) {
+    try {
+      return await this.invitationService.deleteInvitation(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to delete invitation",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  async resendInvitation(e) {
+    try {
+      return await this.invitationService.resendInvitation(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to resend invitation",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  async getInvitationLink(e) {
+    try {
+      return await this.invitationService.getInvitationLink(e);
+    } catch (t) {
+      const s = {
+        message: t instanceof Error ? t.message : "Failed to get invitation link",
+        originalError: t
+      };
+      throw this.subscribeStore.notify(a.Error, s), t;
+    }
+  }
+  // Auth redirect helpers
+  authRedirectUrl(e = {}) {
+    return this.authService.authRedirectUrl(e);
+  }
+  authRedirect(e = {}) {
+    this.authService.authRedirect(e);
+  }
+}
+export {
+  P as APP_ID_HEADER_KEY,
+  m as AUTHORIZATION_HEADER_KEY,
+  j as AppAPI,
+  O as AuthAPI,
+  q as AuthService,
+  re as DEFAULT_GROUP_NAME,
+  F as DEFAULT_SCOPES,
+  D as DEVICE_ID_HEADER_KEY,
+  x as DEVICE_TYPE_HEADER_KEY,
+  W as InvitationAPI,
+  V as InvitationService,
+  w as OS,
+  A as PASSFLOW_CLOUD_URL,
+  ie as Passflow,
+  y as PassflowAdminEndpointPaths,
+  c as PassflowEndpointPaths,
+  u as PassflowError,
+  a as PassflowEvent,
+  L as Providers,
+  S as RequestMethod,
+  K as SettingAPI,
+  B as TenantAPI,
+  X as TenantService,
+  Y as TenantUserMembership,
+  Z as TokenCacheService,
+  g as TokenType,
+  N as UserAPI,
+  Q as UserService,
+  f as isTokenExpired,
+  d as parseToken,
+  C as pathWithParams
+};
+//# sourceMappingURL=index.mjs.map