@passflow/react 0.0.1 → 0.2.0

package/dist/index.es.js

@@ -5,22 +5,22 @@ import 'dayjs';
 import clsx from 'clsx';
 import { twMerge } from 'tailwind-merge';
 import * as React from 'react';
-import { useState, useEffect, forwardRef, createContext, useCallback, useContext, useLayoutEffect, useRef, useMemo, useReducer } from 'react';
+import { useState, useEffect, forwardRef, createContext, useCallback, useContext, useRef, useLayoutEffect, useMemo, useReducer } from 'react';
 import queryString from 'query-string';
 import { getCountryForTimezone } from 'countries-and-timezones';
 import { usePhoneInput, defaultCountries, parseCountry, FlagImage } from 'react-international-phone';
 import * as PopoverPrimitive from '@radix-ui/react-popover';
 import * as DialogPrimitive from '@radix-ui/react-dialog';
+import OtpInput from 'react-otp-input';
 import { HelmetProvider, Helmet } from 'react-helmet-async';
 import { ErrorBoundary } from 'react-error-boundary';
 import { phone as phone$1 } from 'phone';
 import { useForm, Controller } from 'react-hook-form';
-import OtpInput from 'react-otp-input';
 import { parseToken, Passflow } from '@passflow/core';
 export * from '@passflow/core';
 import 'react-dom';
 
-const version = "0.0.1";
+const version = "0.1.42";
 
 window.passflowReactAppVersion = () => {
   console.log(`App Version: ${version}`);
@@ -69,11 +69,14 @@ const isValidUrl = (url) => {
   }
 };
 
-const getUrlWithTokens = async (passflow, url) => {
+const getUrlWithTokens = async (passflow, url, format = "hash") => {
   const tokens = await passflow.getTokens(false);
   if (tokens) {
     tokens.scopes = void 0;
     const tokenParams = Object.entries(tokens).filter(([_, value]) => value).map(([key, value]) => `${key}=${encodeURIComponent(value)}`).join("&");
+    if (format === "hash") {
+      return `${url}#${tokenParams}`;
+    }
     return `${url}?${tokenParams}`;
   }
   return url;
@@ -243,6 +246,140 @@ const getUrlErrors = (subUrl) => {
   return { error, message: message ? decodeURIComponent(message) : null };
 };
 
+const ERROR_PATTERNS = {
+  expired: ["2FA verification expired or not required", "verification expired", "session expired", "verification not required"],
+  not_enabled: ["Two-factor authentication is not enabled for this user", "2FA is not enabled", "two-factor not enabled"],
+  invalid_code: ["invalid code", "incorrect code", "code mismatch", "wrong code", "invalid 2fa code"]
+};
+function classifyTwoFactorError(errorMessage) {
+  const normalizedMessage = errorMessage.toLowerCase();
+  if (ERROR_PATTERNS.expired.some((pattern) => normalizedMessage.includes(pattern.toLowerCase()))) {
+    return {
+      type: "expired",
+      message: errorMessage,
+      isRecoverable: true,
+      shouldAutoRedirect: true
+    };
+  }
+  if (ERROR_PATTERNS.not_enabled.some((pattern) => normalizedMessage.includes(pattern.toLowerCase()))) {
+    return {
+      type: "not_enabled",
+      message: errorMessage,
+      isRecoverable: false,
+      shouldAutoRedirect: false
+    };
+  }
+  if (ERROR_PATTERNS.invalid_code.some((pattern) => normalizedMessage.includes(pattern.toLowerCase()))) {
+    return {
+      type: "invalid_code",
+      message: errorMessage,
+      isRecoverable: true,
+      shouldAutoRedirect: false
+    };
+  }
+  return {
+    type: "generic",
+    message: errorMessage,
+    isRecoverable: true,
+    shouldAutoRedirect: false
+  };
+}
+function getUserFriendlyErrorMessage(error) {
+  switch (error.type) {
+    case "expired":
+      return "Your session has expired. Redirecting to sign in...";
+    case "not_enabled":
+      return "Two-factor authentication is not enabled for your account. Please contact your administrator to enable 2FA.";
+    case "invalid_code":
+      return "Invalid code. Please check your authenticator app and try again.";
+    case "generic":
+    default:
+      return error.message;
+  }
+}
+
+const STORAGE_KEY_PREFIX = "passflow_2fa";
+const REDIRECT_COUNT_KEY = `${STORAGE_KEY_PREFIX}_redirect_count`;
+const LAST_ERROR_KEY = `${STORAGE_KEY_PREFIX}_last_error_type`;
+const MAX_REDIRECTS = 3;
+const TwoFactorLoopPrevention = {
+  /**
+   * Check if redirect should be allowed
+   * @returns true if redirect is safe, false if loop detected
+   */
+  canRedirect() {
+    try {
+      const count = this.getRedirectCount();
+      return count < MAX_REDIRECTS;
+    } catch {
+      return true;
+    }
+  },
+  /**
+   * Increment redirect counter
+   */
+  incrementRedirect() {
+    try {
+      const count = this.getRedirectCount();
+      sessionStorage.setItem(REDIRECT_COUNT_KEY, String(count + 1));
+    } catch {
+    }
+  },
+  /**
+   * Get current redirect count
+   */
+  getRedirectCount() {
+    try {
+      const value = sessionStorage.getItem(REDIRECT_COUNT_KEY);
+      return value ? Number.parseInt(value, 10) : 0;
+    } catch {
+      return 0;
+    }
+  },
+  /**
+   * Reset redirect counter (call on successful auth)
+   */
+  reset() {
+    try {
+      sessionStorage.removeItem(REDIRECT_COUNT_KEY);
+      sessionStorage.removeItem(LAST_ERROR_KEY);
+    } catch {
+    }
+  },
+  /**
+   * Track last error type to detect repeated errors
+   */
+  setLastErrorType(errorType) {
+    try {
+      sessionStorage.setItem(LAST_ERROR_KEY, errorType);
+    } catch {
+    }
+  },
+  /**
+   * Get last error type
+   */
+  getLastErrorType() {
+    try {
+      return sessionStorage.getItem(LAST_ERROR_KEY);
+    } catch {
+      return null;
+    }
+  },
+  /**
+   * Check if same error is repeating
+   */
+  isRepeatingError(errorType) {
+    const lastError = this.getLastErrorType();
+    return lastError === errorType && this.getRedirectCount() > 0;
+  },
+  /**
+   * Get user-friendly message when loop is detected
+   */
+  getLoopDetectedMessage() {
+    return "Unable to complete authentication. This may be a configuration issue. Please contact support.";
+  }
+};
+
 const flags = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZgAAAGACAMAAACnYISRAAADAFBMVEUAAAAxQ5cSO5wAOJP////OESYBAAAANJgAJ33SDzT80Rb/AADKAADzKDgEfj3bFRr/zgDoDi4JhQHuHCYAak0AlEIAaDt1qtv/3wAAN4rdKBAAN6lFjdwBMnwOrS3cIyADh1EAVqVLsdjCKC/44BUBeV0BcsIEm0oEKov84kLVBgcAH6UCrcoAZsPpKjv+yAABAHYAoVtysuEAZQAetTrfIA7VKCQBKGXoAxLiCxcAc89ZgbwdRIoLSqn7+fgCki+kMTYAAJcAAK0Almy/CS/+6AYiSaYAUMPiPShkz//vKi0MHIy1Bwb9mgQiXjn88u8AmQADUpP/xyIxjyyHxuMAot7p6Ob9uAs5XbXUIT352gHFCx4jnkQMsF83lQT2PzNwGT06dMQAjMPhFyf1gQPdG0c1qDQAcijw9fjrhoivGyfFICYAAM0Bf/7hZmk9dir65OWNJCrTrjnwsSwmQILmVgUAoeHUOkn2zM3fOwh9mcj/eQDRyc7+mTL//wAHaajh6vPxsbKpstft8e8EOLhJcLQCmbTW4O0AAP/789j51tgfHRDphSjivAztj5XkcxHd3Nn821q2t7jyvcCUlZPuxwuTy6fsoKTqS00CcGlIZaLQHR7pYCSip6QTOIbozhy0yOSKvHblcn3xVmCOpyKGg4ZDNwXaUmGtWxZeCA8ZnQJYVFSdx+iQpMfIgozTqVK/pRTA4M40UmvVrBECVj0yWpeQi1LEPi/Psqx2iqlqvHywnztjnNl0dnJIk0746Lt+CRNhaWCBfsGo27jGYVfU7N+za2uPVj5taTLcRiOUgRcmqr/H0eVwrafOxBVmVwljcawxBAjmypK6nGYzNDJaRC+aDBrg1bhETEeDbAxQs5q9toe74fX86ZVDs2HA17iwjgx5xZbHyU91ukbGdB3tvnnOViLSihZRuICCMxAyHnWquxxVX4YohdFvlUWXWn1OeofpwUrliHQaOVYscBxonhhwk3M2lnmJLU9mMnChv1o4g6QRPyIzsqcmCFcOjBeew94WAAAABHRSTlMA/f5+Mw0WEQAAUx1JREFUeNrsnAlMI1UYx0fzCoKgKBKMwSsYb0EJbjDEkSgS41WPDdatxjOkQFJgJSkhVbvbIIEC4gKCB3LstliBFiW7gNDAChYlaoUqSGC9VlQQLzyiiTF+rzOdu0wvvDK/zs61pDD8+L/vvccLhIKCgoKCwo7xwrnATYZzMaczEERKyuy5FAjRJ7MpKQShrzLV6C5NUNcY9eWIgQgI8nMyEMTHF0hCBORkETJfj4jwPh4hXdoVPNJ0+P4rPoqKYCvCe+o68PukSQKf+NzknJt7Ex842JGTnMwV81ZKStkurphdZSkpbxGExlGMSBCzr7hWs6NiNLD9q8UgtJvrZTdCjJieV3uO9zw7/WxPzyc94Yt5oCM58WDyAwdzeGJwPk7JY8XknYIzRH8CEIOAnRNTU615p6a6WzOoCVUM9amIgFwjSehivjXBofZbv5Zva+HSlEaLOT49/XpPD3g5Ph2EmAmukgm/mJuTOx7IKa5PvrkjORkxgJhz03FE/GJwgNLPBTEJHBBC6kkzGXUx1YO5+wtqCjQ1mv2awUE5MWItOyImAeB8/Vdc2A1H3QTlZUIHF90XXkGLKXp2GsIy3QNyng02MRMTqRP0GS2mNzlnHyrOOZjBF8PYQIhxJBTzzv4lqxUNRltMTS7ebxZcC/vc3OiKQZKEIQZskJSNKy4cgBMyFW75E9MDr+NFxzFBiZkYyErNytqdNTDBacqSk3Oa0EEoMfymjGm/EGJaNbopUydcinwcMx8ZrzSad6TGHHYe2QyixlzPAQHUmdzXQxZnFO8jIxHDtl/fQquGD1cwYljuoI9StRDjF9M9AF6yBnYPdHPEAIngRSiGqfgIMf0AEKOpLd4HYkhU7NDU3bWyMu6t/hWhUIozRl7MtS6n03l4p8QUP1KOUPk+pA5STAIDI4at+JgB6jpQMmTETKxmpQ50d69mZa0yNQZJEvh+ud5YA2J0NaYq/TN33dX6qKH7yIGoizl82OUEvIevlRcj1iIv5pEm2NV3ZNRHKAb3kalSIxZjbJYQk8NsXDFZ3QO67qxVMiurOzVcMYjDM3c90/rozP6xH6IuBmvBeF2HdyQxjxRHV0yaWEzhBx+Y+WJABpccVkzqaurqQJapNhVO/GJO5yDflInElD/eonv3tegnxknj3aGmLEMNpTKKTdlucWIOHEAM8jUGKozJlAU1JpAY+eLPcuzYj/VrpM70Q7SLPxuZTTkxt/FAAD7KFv/ejqaWKBX/NHpIs32NeUISv5is1YEJXP1Xs5juMuIh311GHCYP/Vw22tI8vT/aYoBNJ8ZaEKaYne8us4MXdkgDYlSSbCtmwmeme/fubuxFusbIDzARB3J87/iR1aUF0w6IudbqtG66CkISw6rZ+QEmZ/DCDmnCEUMzkeUfYU5IN2XyUzIsOzpX5joCPbJ/kRjB83IGL5whTThiJvDGAKdiMfKTmH+jmOc3C8IQA/w9k5gkM3h5ktMPCEOMEOnEyE/7Iw7/hmn/f0oMLirCaf9IxbAQCgoKCgoKCgoKCgoK/x8CDawuo9hDE0fBDKzu4EMQMRS30jD352MkmOevW4tlCDRwCzydjmhO9YFoAr5PQFIlIYgrxfz54CJBZEgS+LlyJfkHxWgZGxYLc6rlr1v7T4n5s0KrLcViEoUbIPFcuYyYwdDFkM3NowgwmlEhyYi5PhpiVIv0/3hsNg99uqjir1sTi9GqShZVqsUSlfbfJebPB0u02r59ahAjaUbiuXTVtJgx/VhoYshC40y+1gEnDq3D3YJQoU/M9f7EnHlmRGJUdp8Wy9Dc3JDFp8aOv0EJHGI3KysHxyorNxkxU4tT81OwLU5FQcwLuyIWw1oxtJc3r7gpMYIXwH8uXlM2qE/u6AwtMaOj7pl8AzKn5wPNqHeUn5iurpDEJKSXanlitFBmLDHDjfHxjcNwAg2ZSAykdG2SRCQrxh4zNT8/FWOPhpgX459+IWIxUFi02vTe+iX3+rodixERUIxGRyWmI8TEmI2k2ZHvIPtAi6pKNzpj5NYY+HW81+kUiUF8WDGlIyMjhlKuGNyY2bAXbMYGDRnc4q9bizWp19bqF9QmrhgMR8z1knB/ot9/nz3ninn77V2PPS0rBjGo1dznoqz4Cot+H0kWrgOz5kC1WfBcsdWUGarGdIZYYwrTSTK9xOELTHphk8FB15jr8dbl3WpoaHC2BS1mpnRrq3SGIwawWzxz8T7mPBa7CuCvW4s11W+1lDdURSbmhBOkxdxzj+qFtl1Bi5lcWJjkiaELS7uaBEbdWIwxkBjBc8Wi6gh6ZWYDMuYvpvsaMvfoqKGd2yvb63WCGe9ekHJvMGJGtka29LBjxWA0FzJoVBj+urVYU1XV2kLLWrhi2LDAmVDMrpERlarhxWDFqBf27l1Qs89FFZamctKHudA8u77ubg5uPV4sRW5YYs4557oPy8ryaeJUFT+fA1CJAdqcDQ17Q0iMoSl9aya9ycAXk8eKyaO/QbFcTHVra5OTdayYRbsdKtO83b4oL4YNC3sGX4+fTz30DhOMmMceWwsoZmEJodl1IwosJlaC8MQAH8bFlWAteWUl+RXX+cX41HR5n24YbvB2BStGu6XX6/u2tFwxwO9+L7+rpMSMmUy1xlrTGCtmanHePj8PBzkxbFTouAjF2Bo9MZZGCyNGvilbC9iUqdecS5PjK0hOTEGBSEy8JNuKAco+zK+4uywOpEB8uIkBMRixmBg+bI0xNPXq2w38GgNUIR9VKkkxZ1PWzuYkZgr3yqbYxNwmCUGwUcH/xGJgWDu3POehr8Iq/gBV/FtI0ukcH19YIgP3yuBpTqwGToxGYiAzoOScsvwy2LGJwezpAjWNXXuCFnPrSF/fyK0iMQYSAaSBFSM2czZngKnFfblFOMqICdhdZgPz6aefztnoq0i7y+2Ta87xpTosRnIgQz1XNfIXfXwRfmKuq6j4ENx8WHH3OT9/WHEKmxjIDAwv29pgiBm8GIxQDNCLgF6VpBjgpDvvPEkwJWO3431kYgCLx2OJ8XgiFcM0aS243DBTMtx/ibQYzTsIvaPxe0HVYScGwpKCd9QpkxjhyP/eCMQALQi1qKTFSM+VabURi2GxRUEMp9xQYgIl5sTu7hM5iQlfjBjJubLIxNyrVt8bihggUjFiojiJyU6RsUdaTMGJJ3Kqf7TFAFEUA+j1qv+DGJlp/xC7ywoKCgoKCgoKCgoKCv89zqdIiotLOp+FIB6WhCBOGHz+xMrhtiQuF19MECdR3EVDXxLEGZIwA71LaBIpCOJmSeT+7oC6RS8YeMK9PhWPvnL88efRxPMI9P789WAJDARxgSQEcbUkBJEiCUH89NTlEmwr5il4MRu8KDEXn/S8Kbey8d8mpryqVyAGaOfeakJIRozOaEZq8xJAqum/a8FfD8YTsydcMYcOccXExDwZohgxl/vEXHzCfsgMNpOJX/8SMe3CxHxshtv1BhWNoQouzV9vI6bQ2OlqRiveccC7hFpdRiNC/PVgXDGTx5655AKwE6qYoveSkt4r4oqJ+SlUMZcLXgAWw89MsGL6Z/tv3zkxLfp7BWKys1+F+2QvTMeXt/TpSbh4NTt7GzEHXK7WNfXouA/y2IrVZS2E90+QxPd5yTqfncavQhBzKHN4bu6rzEOsGMDyVGSJocXwMyMWMzwsFtOfAd/1jP6/rykDMdmfkYgD+Vn2dmLIVhAzutTsda6seFcKFzqtLpdRKGbWaHTnGY2zlBgA2/GOgJ09e4IRU9R4T//GlVdu9N/TWMSKAZ4LXsxpNB3FB09jwWL4mRGKWX5s2fPYskDMR4kUH4Ui5oEHuGJukCRwU5YNfPwmAkbdWNCbH2dvL8Z61NrZeqB6LG0M1uDt7+xsdR01CtaDJbgRKllEyA1izH4x5TMz5eq6Y8dww7YncKcALNz3TWZm/8bGxp8bV/ZnZn5zHyMGsP14CRcQk0QDYjgwYg6WH8wQiHmJyYyUGJvHBptAzEgihSEUMQ0NwYupl2jKMGa/GDNcbCsGNbtcVmtrdWcarL/7dczaaj3aSQrWgyW4zaN5FY5CLMbykauzuZBEjnTAgUgdAjvPcMXMvdXFE/NLY2bmY2NjY4NjmxtXDiVlNv7CigHGBWLiJGHEtDSddlpvfQdXDDczYjHDtuVl27BATKKf4MW8GA+8KC8mcFOG0SEanawY8gB46fz++zesm7//bm1tdbU2C9eDJbhrj/z67g/vYDExmPk8q9vocJAO9cw+hGHFdH3x3a9fdLFi7h7KzMxMmtsANsfGKmeT4HLobu7vh8IQU97BTwybGYnib4Hfo98Vvpir/BTFxxcxF+E1ZViMDtyQZkQKxZzGA7+P8ai1dWlXRkZe6aUJ3k+g9iMkrDFux8tvfeSaocUAU3ZYR/2bdcbdhwRi2l5+/deX2zhi3sNiZq/EZv6sHPNmAu8VccTMRdyU8TIjFuOxWDx3hd2UgZiLfK+rjh86dJy6CEJMS8CmzD0DjVme2SwrRgd5WZp8w+V6f/PopnHyQKfLKCGm9chsq0/MnMdmgRWh9rx5WINYYq842mosZMUAX8y99QW/KWuDjGzQ7M3MbOM2ZZbxS7iEVfxfuoWbGXGvbHkZdtLFvz/4xFyUfdVV99GnWMxZkvjFkOqqXuniPzqKULODhOIvIwZitYRQrabmIY2mGqHCQtIsErP++mzngdmP10HMjTde0DU0t25f31Va+rZ93o6/uR8cZcXgroB08ccIi/8fTwXdK7tfEhADZniZEYkZGpLvLssnhoI6pcW8INrO2rYpe13cXQ4shlpsSaIBzebhNB2cqpGoKQMztrvvttn8UzIgZ7hk5O2Rkil27cApkoAYzC/QXb6S6i5DXFgxMMSMhhgmNFRmgh5gwj6ExOAXLzEvSJhhmzKDSMw0Z4DZix1Ny4kh66BrZaypLsRHJBYD3Orx3MrOleEa/yXw1dCyzSIvBvgm86vZ2a9wXFgxMIqJhhiwAi9eZiKfkpFPDNYQODGovKpJMCXzJn9Kph4uzR9vKwaAJf2fA0M/1iFWzKX+TXoSMz4eogPhee/TZZuMGKAIfpAb+VMyTwY1JXOtrBhshtrRmWmLXIx8YrAVcWgCN2U4Iu1x7J24dgQIxCQLxOi83iV1XZ15xTnKiJEExIjAdmTFiCcxcXmJSmJ4QGbeyX0tumLEyBd/ca8MZOkF0/5QNeQSQzIVKXQxGFkx4mn/y6UgFBQUFBQUFBQUFBT+Yu9cYNqo4zhOliuVDqc4HRPFB3uolUydoSbSNCQqqWRaxyYCTlDBpECsnWO8skU6hgsEAddJK+1QHgZfcw8UeehEk40hY0EUUaaiUzRzjo3pdLqY+Pvfo3f/u//1+kDjkvvccW0vGdB+9v3//v8/91C58NhARP6Endr6dlhqo3HkTyy6GEEJoHfIX4j7SSmtL8EfsuLj4/ftiweigHgOycDt+5sQdREI4r1R8hkoltsY8OPHLvIREXEVi/hYg2UMGhYdg/xA+FIiMDAnIiOmziwvxr5wBSz28MXkHMk+kUMUMyLWUmdAYt7Ys+cNqRiil2uDFYMfPyYSk5kZipiNG+dQzPQs2nrNfsTUrkiDRZqYKxniV1dXVFSvjmdf+hFz5GxOzhGCmJGRl0aScS1IMFjo6lJKDHh5HnkJSsxd8IUfPyYSU1ERnJik8o1JcXENDUlJmJhbxEvAYmbHMjIax8bOmP2JscMNM91pdhkx8dXbpxDV8VIxBQWYmBdOXIaJyelgxJw8pjt2EtMCBNaUfQ9akBdMDAXIiwEtCHxODBOTbKUoa3IQYsrj8vNhE5e0sSGAxFBEcDHTGRnWjDKH2xxgYvTsyouJb56aam2daZ3aC2ZEYtrnz2/HErP442wQk3Mi+6WOHCTmLNuUHTv2l0iLp07wBpAYwRsQt2PPg5dgxAAkMc2jo81sYjIpKjOYxGx8aPHih1A7BmIUEhOgmDFro+uMqx6Jkf8HcI9ZWGSaMuP2qYnumZlDPVN7jSIxloXw0Vgswhrz7ZGcy3KyF4MQltdzkJiTT14t0qLTyYvBvTwPeQlODBMZ7PgxaMp6m1tamnsZMRWAPzEGAyYGknLPPdCWwZOkABKjISIUM7thtrFq4ozTipoy+dOuy+imrIwspnqqp253a/fg8Z6pakxMe3tu7vz5ubnt7aJe2YnFHXQ7loO2Zzvo4i/R0npSUQxfXzAxlA+FxGDHj13UjNICW1pMKqz+xDQ0iMQ0wPdPwss/iCFEJiAxE1UZYxNWp/NMgdufGEgMIJeYiqmqiZ6J6aM9VVMVuJj5LGIx2YtpJR1nueJP0AIVR0kMX1+CF4Migx8/dtFoCxLTMhpAd3koXadLH8KKf3lSUjnKC5T/8BMzXTnhzMiospnj4syBitHDKhZjgis2wpXwTCIxCzkxCy1SMRxnkRiSFiRmDQcS43sBYvD6IitGqSm7SIBQjIGIIDFDOt0QubsMWngxVxJRFjPRaDObXY1uN+TFb40pc7cvbHfLNmUHGptGRpoaM0RNmT2X8ZJrJzRlHDlIjFSLghi8voSQGIIYvilTFuNtaPCSxDRA6Q9fzGxGY5Ujzn3GZXWwYmKJ+Ir/Azhc8d/b1AS35f69SVL8LblMXihcDF78kRiJFmUxeH0JuvjDgotBWUHFH3JDi4kTrbgYA6zkkX/4YqYnGgt6bBCZOHOZ0wwod5fJYuKrG6c2HW7cROguu1z19S4XJRIj7S7jWpTFiOuLshjlxICZd0ZH34H2TDkxNCGL8d9dnnbU28wOl5lHeYBJFgNm9jIDTMLI3+n0O1d2lhlgErQAguKJxAiKJ1ZfQksMrPIjcCYk7IbLTAhiooj4FVNng6SY7U7WSTiJATNGNCVjjA9GDNaU4VqUxUjqCxDClIy8GBJzKEZ+SsbLqLC5zTzKk5giMXM3u4xrURbjm7cMUQygIIaNSbmBe4j7T8QMmUkoTvv/a2JwLcpiOC9hiPl/JkZFRUVFRUVFRUVFReVC49yNJOQu4Cw/IDJedwUB+bmgXiuFoXTB6m0rScAAlgYNXIVERCxi0ekiIymKexURcQcHBWg4sBOOsN9nMZGIiDuJyA+0B2Te15JDa66RAmI0d/8sJ+ZKemWfwMqK6SWKuVm77Ip1C/jliv0z6/yJaXnncFBiKOubF7SYaKIZ+rT9lENEMRrNOaIYTgcs/ApiKky7aBd3cCuCvrT8i1csEKp5eoYkxlJjYsS0GHcFJYaitoUips5bWGhzBi5mPAVOCnSZ5l5M9OdyYpCbp6RigCwnJcJPYpp3jV7UjMXlDloMcOV1vJqZjo6OdVIxY9M1bGKA0aqgxEBoghaz/u689evzCtcHKGZRIfO61C4Sk9318eD4x3uywxATvUpOTBoQNbhGIgawWSRiWD78UKCGqTHvNFc2G4VaGDHAVSg0VzB2OtL7hWIsH9RYaqY3T5soToyxxQjNWRBi2NAkrLz3vXthG4iY9YXjUUuWaMaLUgITA15Sxu12V2epWMxzLxzak/1cOGLAzCckMRd7N3u9m3NjYqDc4GJKS1FoSGLAyr59sMWLf8thaks825jxNYbBuK4/HYwgP/3p/bwYS00+0DDG1xhjvBFCU2GihCjecJQPjYIYHWIDTOAaTp3K0kRFbdAhFMSMg5f7ocZYLK5aXMwLHTMjIzMdL/jERBKRv3VWNEIvbpqQmM3eGG9uGmzZcsOLqa/XiCsNIwassFu8V7ZlV4W0+LN0z6bP7u+H1Kzp55uymum6zbSYWZNPDJhBbporAxZTW8uGhgf2E2HFeMcL87Le2FealzI+JL5a7Kbeg9spDlYM1JfxBQuctTY7JU5M/+ntI6f7swMWY/qgpuYDEy4GcKBT32stAjG5m2GFrw0xXLlhxdhMzCnxWPeM/gFff00hhM8YMS2wQFhETdnWj7aCmNn9M2vWwGZmZg3fXZ5uyEfUjY1ZfGLii1teRGaMWwIU48jNdXChURYTiShKKcrL+ujt9XlFS4rE/6NHXjn1u1gMfAqLFiywR2naaiVi3v/jm/eDEGPZPT2924KLQdRTHrvLJRDjrQMx3piLN6fFsEC5oRPTSVGdGpKYDz6gEMJn+DgG75VdlboVzDzdP7Pu6XS2zvgSk9+AvAhvV0gHphg2xesv4fGbGPYPblV9fJFUErNEE5X10b7xvKJCiZidg2/IiKnVaAp8xf96htX9506fPte/mn0ZiJixMZKYAhDjdArFQFrqvDFpG3xinhi9mhZTUF9fIG3KNETkB5g3g5StydCUpafvn+1nvPDFH240Og39ZJEYFJh9RZcEKMZUW2uhL9VzDY98jaEQtvGUvLxzl3+WVzhuoxACMY2bNjWSm7Iye5udwsQA3d2vvtrdfX3gYsYAqRgXJL/TbhI2ZRsurttcF+PdcDFj5VTy1VczYrLQmuWghMiLuYcIiIGGbGsmXWRmu7khjU+MdZuVAkwHqkQ15lEP6PDQC0LhdAU8LspiyqDqF716CG60qnGK3xcF3MEhKv4mKP4iMatXDx5avZoXQ0nBxdfALW8DKv5QYLze3PRcpAWs0Mh2l2VrjLyYTMYLwA5phImpGmk6YDIdaBqpxBJTnEJrYfEoi4G4YCh1l1OWjGuK3i0cL2S7ywpiCN3l630YjbBRFBNJhO0u/yY9xgFseCExdeCldBSUYGIgLiIUawypV3YVKv7wxQ9p+O7y3qaRAwdGmvZSgsS0fME2YxpwoqGfyZ9HQoiLshg0kGEHmMpiyAPMhURCErPq9suIYkBNGiosAvxNyfCjS9hy+BWz9SrYoEdGj3GBcEqmam9l5d4qSiCm+ByY4BoxvXximNMVCHFRFgPUDcGUjGORghjplMzci/mceFSQr7Bg+JvEBJjRJWwDErO1IhUZ4dFe528Ss7jwEga9qMYQAgNiCHEBgp3EVBYDUMDcizl+mZwYsCJGedqfs6IshsSL8m/gTzCBoVD8IS4XtBjwQhTDFxZMjIqKioqKioqKioqKyoXHw0RggEZE/ngzigauu+PnPpIJPvD9wu+zkgj3/ZenpS2nEOJpeYoll0H+wtqdlqpqLYKCH56qBTJdHhc78PR6hRtAMJCcD5BmkWMAxVl55dlonH9dDH4dMF4Mvv+/FGMzlFG7hGIqbIZa7gMdGsI2cy/G7nC0lZa2ORz2sMW8CJeef/ZFqZhiNItWrCQGvw4YLwbfj4uJZZe1a9nnQYoxc2LuwhdGDOSjgNqWyolJ3W5oM1mr0Qe6/yUdxkv7uQ9UIxSjEX2g9y1del/AYizuFY7oaOcKtyVcMc+WlAwPl5Q8u2jR5UIxNxd3a41GbXfxzUpiogUkJJ+iSU7A92u178WePHnyaiwxb1ZWsn/cjw1GjFkhMdp520tL7dZkRkx1gcdBHU7Vog902XUnhF5OXLeM/UDhg+XFwAtRYpYuDaIpW6J3rlpVpl8iSp7DlpVlc2BibiECYlgvf5dM9sHmWSwxfFSKgxLTW75xqCE/7hWxmHnvNb68JXb5PCwxVivzHAglMUTo3z+5zeOktiAxW8ARVQG7aDHLlkFofHGBlzKJCUOMPWXA+dprzoEUvCmrj6Kpl4h5rqvrOZGYpYhjJSWJw5OTw4klJcfoHawYyAsDZMavGPw6YAm97rqhIbe7NwHfr01d/rLFsu1kqjAxqCkDkJtQaoyOCPP7Z/Z42kxIjKGAqszU8mJQaBqGhhpQXACFGkMUo/PR1SW9ybbbU7TC41lR5HELv48jisUhEvPQT6+++tML6AmsQjGTw32Tra2tfZN9w5O8GGLxjyeCXwcsYWTH7522vp1rE/D92nnLz58+fXo5X2PepI0Ab3LFfzkDiBFCEGOG1Y8YCsEXOBZazDokYxBdf2yQO1dc/uCQGMR9aANiAOawMOHP/fJL6c+t1+vzAL2+XijGxomxicR0/XD8rd1dXFoe4sUkPjjZ1zc83Nc3+WCiUMyHRs6I8UO/YvDrgCXE9vR0dh7tATHYfu28l3d0d+94eR6XmLWV1rX0o7VyLSsmjUjwidFHk6DFHDkCMn5E1x/7MUAxSwWIxHwbCXwrFlOg10d//nm0Xl8gFJPFicnCxUBgxne89QMI4eDFJE7+NTz812RiyGIShPRGAU880ZsgTl7sjk8/HVnJFv9YTkxsKGLM/sUQvehpMXt+ggasCF1/rChcMcCeyMg9OomYgU+iIyOjPxnwiYkC7BSLnTPEitn9w/HBH3Y/RGrKhoehLaMf6B1Bj2NwMe/1lHV2jh19TyJmdOfOna+MMmKAcJoypEapKeMKHN6U0XVlEF1/LISm7D6xmC8Byc+1DQysOn581cCAjRcjKC0OoRigH9WYfnLxn2ydhFVU/I2BF/8EjJcpW+fSowkSMb29Bw/u6OVrTCjFH0/MY0TY4l9JFRiQGFObp0dS/A2G0Iu//MBc76N8I/+cEdNGsbRhYsjdZTPN+ZLJxETomJWcZ14H310GGyu5FfiqvbQpQSKm+egrmzbtPPgLlxiuuwwPwY/8FcVUUPbS0i1IzBbK6WlLDrK7HK6Y/HxcDN9Pro/i8DPANHNmShITS8CLUAyADTAVE3OvoMz0JkjFGHegu4G/b+QSww0wQ0uM2a+Y1MOUw1NQnYrEaJOt4Gj7vHAHmLiYy8UrLmZjOS4G0eaw2x2Ql0DFAAfPP554/iD3KvgpGU7LvZge+Vq1EoFNyQSbGLffxFRbTW2G7alaRow2dRtV4HFlhj0lQ04MOAHEYvCmTISyGCJhFv+VgYjhG7DQBpj+E0PVGmww1mfFALuoMoNt7maXkQ52AdCjSExc/v9QTECJwZnrGuOCfGh5MUB1laVz7maXF5HAxZQHIEZFRUVFRUVFRUVFReXCQ0PEt1/HchdDRMS6HBIREbcCFHWrCPHxYzf++uuNzEByLQPFwr6EE3mI8L+neBr/je8euUGK3IWp5a8BcwkROCGLiOJBF8+wKN7A5waGf9g7E6ioqjCOj3WB5BRBtlmRLWa2YZ0COkEvKi1acE4bBtppgWqgDmJp0EQlTEYMm7KHmAgicJByKFYFJRZXUBIUEReMgMrMRK00q+++fbkzbwbEljO/ebz3Zk7pzPv5v9+9dx7vIZb3GGwScxctZsoztohRnD/WOeykIuZRAhbEdCTGmIbusiTG0/P/LeY6eICY+z5UE4NEKM4fu6Cr00oxj/z88yNWiHEodaxCuqYhs2I8I2L9rRPjCT/V1X5+9Rt/q4ZnvJgn8AKwu7aKmTa2YhjwB3vYJjEXipg6f/7Uzs6Jle5WiBnXunp16zgrxDjsclwFF0EzZO0nivE8hrT+nlYnpv70S2UnGxuPsp5Gn5hpY52Yu9jEwKeYQxKDeO4UIRXjNL/Wu7Fi/o6JVoj5efXQUNPP1ohxmN2RePCWfVrUAuVGJgaaschobY7nVZ5WiqmubW1ubm1ttdSUPXFOEoOIWEgMgC9vQSWsTxCuDmNOjOz8Mafbbisre+gJiRidoYVSivk9v2nOUFP+7+piMKWO8PX6kvUUgnIjEuOZcyzHP5JKD4uOPsaJQZjVqxEg7AnvPzLHqC2k0ov5z8WauA0hSocQ16iZPW6CGP2yZfrR1JgniFhIDPAThRAV2JS1WCSG3JTJzh+rmD+urHHcn6t8BTEtTQl7s1oUYn7u7a3r6+39WSwmPNycGNycJTtjN7jcCGIikDY9NhYas2iU7SkS09uLAGFPOKDGMJoUQQwLQidPghjASjFtVVVtWMy0MRYjJAZYhxDS9dUtRGpiZOePNVYMd3dXHE70FsQcMCXsXmFSiGnt3ZaWtq23VSRmV0fHLrIYYHap4xZnzD663LBi/LXR2mM5hceiI7Nz+MQIYSEcUG1kQWFkTlikUkxcWlqcLWJ26vU7z3VisBiKioyklImRIf1CbGJZ99ETJ2prE/8UxJhWBO7+tsUaMQ4dHbC6WYJFMWCmMFKbnpOTHuvv6SkXA2EhiZkUGz3JmOLPvz6eBR3e+NthxD1TF5O294or9i4TEoOInOXE/KSDwODrfRlsE1PR2Fl7ZGWut1gMdeTA3iOUsil7rNd0sqdH3JTNDg+fTRaD07TqS3lTBkDNP5YSG5aOwjytrDHa2IKI9IiwdIUY05FNm46YrBezrO2KK9pADDAyMYiI5cTQTVjg4sWBqr8ZJRVT1thV37bC171e1JQhymAgFf/TbbWnjxYpij9ZzAbH7aTijxuzyEiUHRlthH3LNWYqS3lYQXpEytfsM5GYAyZYBDHXESH0yqbBYyRi5hKxmJjfPBVoNF8TkYoZ7u7qOtqTVlTkrd5dbu7raTvU/KiKGMvdZSAWRRr9o6lo1e7yVI6M9KXRRVMFMVJsFwOMqRghMYc9PSeJHrBgMXcSkYrx7uwcHr78cEWZuxUDzJ+XLGkepyZGbYDpnxKbAsPL6GPqYmSQxfybE/O8l6fnBMkDzKg0ZRxde7q7uzq7vp9qzZRMK0zJqIlRnZLxBKBBgz2bxPyHEgORYSYxb/T0pHPCbyaoNWUCw4PdTk7ug11WT2Kqi1GfxMR6/kExEJhzkhhCgbG2KQMnXd4w9Q+rkUz7k8V0WzXt/x9MjB07duzYsWPHjh07duz81zA38HEjotG8T8T8F0FziGg0E2mQlxeaKEKjuYwBsdzIoNGEuGUjhoQExBDrEaLRBAevfEbGieBgc/edtPVC1uaPw4NE+OOwlF4tXcofh5VPk4ABppjXlmeucsT8e8RMVRNTEBLC3LJj/S+/rEcAFRESUqDRbAkObpd6+TE4+CC8n/COf1KM10D/QOrggBd/HJ450a4q5kfnNYmOnJiPiJxbMVMZNVMticH58IiGV7IHFuDsRMPTWHxAt2cGLz8hisvy4MztjvT7KR2BmE52QxAzYYL1YiAtqcmDA6LjgP/FWBbzWrvzHkfHxH9ezFReDN5XSww+gSUkJAWhlIEBvA4JyYlkDmjiGlFztjI4+Ev4bMz72WVBjDEiKirCqExMo+O8eY6NiQoxj+MrZjxuhRgiIAY4kWlBzLfOyauKutN4MYhHp1M0ZUFBbh4FzW5uk2BnhGKyiFisMdeRxdA2CiOjBwaitYUhIWHCAd3DN2ftwcFbHAH2/czuMCcmezpNtkJMd2lEQWm3oinzD8XXcgn158VcyOPlJeyLjsPAoCwxDQdaVjSZm8Sc8yO+LFA3onBWE7+UiFm3TiEmpPXzmL2LPdy8Pm/m3pDgMT/fQPhqmX6NovjXKQ4UGYkoDtuLP0Js+5VuNNIb8QFdlRwcfAL/iwzmi6cDQxhF/E7eOJ3FKH//2icLCp7Uymvt46GuAYBr6OMyMVFwO7gU2NwqF5OaCQyKxDToAhtMz6yQvx++6m+Ht52GdMs64WvyWSIxep+XX/bRy99QVLNbkK7g3uLP75WLMZTHxZUvVIhpMSEdSGsyyT8wlZ6dna48QRDEiFERg7S44odBcLTSf+mJB4ODf4SqD8WTFxNVEETfO4kkppgTU8y9/iTLrl3Fxbs2cM+445A3a1ZqXl7qrGl5UjFesXBry3S4J5yXTMxAZqazc2bmgCDmAFqBM91gIohZ6QztL3yKxM5l8FGck5aKxOQ/r9M9v1ouJsTt3uLduyM+L3CTi8mP27EjLl/2gcFISxbE1dTXp5OJiQ6LzQ4T3WbQi4iKGCA7BMhW1obtwQAUT0FMAVXsAARlE8QEcWKC5GJKS6OiNpTKxExIhcDk5QUETAudIBGTYgwriI4OC4tO4cUEOcwGkpbj78eWJ+En8BKI0aGGZ5qwmhVyMXPanbc4snTCiYt5IFImJl/ZXY7S7U43HIiySgxlyurr68lCLUM9PS0yMUZ8V0ejdWKuk4iJkoiJdTMjJhPEbBeLCWK8RCObxHSURkSUdsjF5Lnm5UFc8lxT5WIiI6OjIyON2ZwYo9aYEhEWrU1Yv2QJ3F46OiwiBV5ixRzAYjZJajA3eGGjvsd5Fu5iy5uydUoxe2vc3DyiQtysacpaerKaAKoFNnIxyJiTY0Sjacr4wQs9pJGJYZuyg4IY/i5wtjVlpRuqITHKpizAP/hK/wB5U1YQnY6Jji7gxCyqXLS6N9+nMlefv02fW+mzune1T+UiUVPmJ+0c0YMXrjeWuMY5yQGjVvyBqJhiur4oir9BWfwNvCikLP74zM2zUfxjETOkkRf/lfSQP1la/Oe5SFEv/jW7IgqerFEW/+CA0NCAYFnxL46ONhqZn2JWTHm+Pte3Up8f51PpuyguX1+Jn5TTxb+loeWZk2/Ieq0weOF6Y5D6aZuZ11W6y4yZmuYQkZhLiJgfOYcRGYkYfvDCDmmk3eUTXHd5j0hMl4sM893luzlwr+w490TUXYaaIe8uL42NzYYlm94sZcXo4xYaFubry7cZDPHl+nx4Eqcv57rLGxXDieRVfG9si3OAMFOgPsC8t7nZTS7mL97IX2pibiUiEzMVP9TGMZHc4IUf0ggDzB9FA8w1/ACz20WOqOYVBwUVG5FCzOt3NzfDisX2AWauT+5TkBKfRZWVEBmfyqfg4YObMqBhkfKiQ458b+xL51RemLoYIMpNJuYvWPgHXo1IDKhgxMCWwcliYtL5wYswpMFiVsHgRTYls4oWEz7ThSSGCIghYvuUTPy2hfHb4hfiBfa4J7SYoy8rEKaCYPCy2YFnBJOYl7AqmB9YzlJi1ObK2MGLgJaZxORH/YAw+gcxfpe7jF6M7ZOYE919c/WLfN0nVvr4VMKTRfQTXGNOv2xWDDN4cRidGAK2i7G9xuA+soxsN/K0/0o87f89aPgnxMCHgIu2TQS4Nd5oNL+CBrNimMGLWIwdO3bs2LFjx44dO3bs/Pe4noj5gdgfD5Mwf1/L24mYP0dgAhGN5jEiGs0FRDSaWUQ0Gm+W6RLMXczH/J9zERGNxo+IRnMvEY3mRiIqYhYvRhywz83m3kQQY/6+lrevWDHmYqa6XzBVIearr957b1aJ3zwBvxJGzPz5/wUxFi4kQDWWpVGIhkora+Sn2b9SijF/X8vbT50aazHuw93Dw7DhH4KYwX6RmP5BRkxtLayQgHAxH/HyT4uZQIQ+0Bnd3WUGhLRwsHVl3Y1pjBggUREa+X0tnc7b+3QGm5g6zsaZM1vPhpjeXpmYsoN79hzsJiZmnhi/eVhMLj5ZJNe2xDyNl6fZzViJCQ8niSkMC8uRiVncXdYdg4wR9PcWMfXd3YtZMcClamJ8j6+qkIkZWnGq7gwvxpsHWhYecYKzmnSIQyxGp5OJ2fTW2rVryvjIyMSUwOJXUlKC1dCJqUSo8tw3ZY5ERGLe+P77N5RiUlB2LAqTitGllRUhY9Ds6dNnBxlRUVmajhMDICny65I5jas/fPg8pilbweblFNxvs26rXMz8eITi5xPEmF64q48oBiGZmIotwHwziQElg4MHB2HDianV62uVTRniickQ/4O4lIjZEqAuJsNgyFCKeeNGr85OL9hIxeQYjTmFxmghM2zx16EI8OIwfXYx0kFelGLI1yUDL5sHBgZ+p8XU1bGBaYdTGU+dkYsBL2BGKaZl6IX9QwsJYnpjYnplxR/+R1hziSGIKcGbElbMfFiUiUE8GY2LpWIulz/MizH/Ou9lcZmjY71jolRMuJ/fvD/+mOfnFy4Vk1KA12FhUjGA7jdo+F/64Ycboc6QxJCvSwZiBlLzNv8sSsyZnp5DIGbFmTqpmEpEU6kQ0/QC0KdTitEVFenk3eWp4k6ZTAxIOXiwP2DWrH5WDMaimE6DWMzlZ1eMAZR0xhjKZGI6v/oD+KpTLgaF4RVBzPyXwl+C73p+VxXjJOGRZRnlGXqRmLpTZ+oOtZ/qGWrfapUYw9ALL9z1AkRGIQZ1diKRGAciksTM+jIZysI0Woz6ATV0OhaJxRC8nHUxQNcf8+b90SWvMTmosDCnkJI3ZYE6lOvtDnjvQLpAW8SMqz3adrRI1JRtrTtzpmeo50xPnXVNWROIgbbMpBDTG7N9e0yvDWIOzmJhmjIhJeTE4EOWmKZSY0bblBXJmzIAJ0ZZ/MNSEJVSQCj+8Z95g5fP4mXFf4ODFJmYw0nLahuv+KJKVPzPAD1ntvZYWfxbTC03v6AzmCi5GF2Vs3OVzhYx/YPJgyUB/YPWidFl1NcXxSAW8+OMd4iMvPjP+6qz86t5suIP5ISFvajoLjeWxaD4XF/f3HgUU9Qo6i7vcrAspn7nztraop07peOYoTNDdVZ3lymTqa+F0CvTwkVJk7XWiwFKBufNGwQxFpuyy4iMgRgMQUxXFzRnXW9YN8BsbMQDTJ0ODzDLipbxkQQvZDEC44oycs+TDTC3njkz6gFm7y3OwC29toiB+v99Caz8zCdm7MXMISL8+fPo1aimZDrCHVTEjOGUzBJnmiVqYshTMv9iMaOfxOyY7aAm5lxNYqqLgZzIJjERkf+YGNIHKHUAbBED/CNiSPyXEmPHjh07duzYsWPHjh07/zXMDdAeYghm4S98/RYR9WnwFyWQB6SfbdRoXGfMmLHgVmDajBnT8HYBvOCq0bzA4MzCv89pRPh7jt3Awt9z7CYicAV2IhqNr29lbXx8ua+vL0LCvkZzORHz59chREVSiEZynC8mchbF6BEBvWUxeifMRLxgKvpT4TfQAmbMuPJdEBI6Y0YAbN69Em/PnZjTRUVFGbUiMUBuHCcG71sSY/78OoQiayLHVswbCrCYiXqCl4mWxcSDEvpBLxtTU0EMRMQVzMAGkkN7cYWNJTGu3IPfsU7MkSNKMS8XJX33zcmdSTt9xGLy43J5MbDPivmKfYj3zJ9fR0XGpMVEahkx45nHGImpHpCI4c1otbwXy2LyUT6tBFZ0XBgxQMAMV89bPWfMgJUrjo1lMZyMJUu4XVbMVVfRYrbCQyHmuiM3NTTcdOQ6qZh1rV+k1e7I9Un74rtrRGIqy3H7hRC3L03M8ePixFwoQiwmsiYtI63GeBYTcyUsSjHVb9zY318NG14MZ2bf5Mn7WC8Wxfjkw6v5PkxoIC5A0npGDIQGygtmGsRFRQzP+vWypiwvz0Jirrvp119hJRHz0zc72+6ozMiovGPdzrSfeDG52+Lzc7EYYV9IzOVz16yZSz8hidn68enTH2/FYrTGGPCiTMxUItaISV7zZbJCzI2D1f0DA/3VgzfyYjgzk4ODJ3Ne1BODvbBxSfoGIRDDEAp2FtAbFTGv8VCUsE+LCQjAYraSxEBU2hYa2iA4IjF3lK89OmXKh2lp10+542irnhOzY9vCuPxtWAy3LyRmLvx8+SW7A8jOrwMxFd0gRlpjwAjDqMQkby8p2Z4pF1P9FpgBL29Vi8UIdYb1Yk2NgZ9NqcA3FMJiXANCF1yFXbiyvbKrFoQGuKqI2V9XV9eEUBNs9svFgBqFGIjKpVkIZV0KO6LEZHzx08vX+AQG+kCF2ZnGiRm3I36hIR+L4fZZMV+BFK4pgx0cGfn5dVtvP93AidEatawYPjKjEHPll10gJlkp5q2SqvqNb8nEgJkUByAFvNBY0SubOL8EtHynZbvXM2hm4dqPq/8s5rmamBbE0sKLuQrb9jfXlLX1YDE9bQ+LxXxdM2VKPgLiQEwNIwYR4RKTOZdNTiazlZ5fJxEjgL2oJwYREYs50rBJkRjISlVV1dq3+oUaw5thvMjFyC+EwIYF7o0Jx++LBAQsLH9eEJNqtZh7sIkmRNMkNGWbnVNTMxfgwMAiF2OidC1gUUeZxGJqY16Z8mEcQs9+OGVK2g41MTgha5KP0/U/eQ2XGCcJH3/cePfDSjFciXGAz0tEXUxw5p49W7YoxNw40L/2SNXaflHxF8xgL6pi2E4yjksS1qKLW0T3XlxnsU3ZNKEpm2WpKePM8F7uYcVkzgoAMeTEtOkQMuATTdrEYir2rrtjSvzixdum3LFu2Q5rBphzp2WunDt35bRpODkEMRtLvn99e6tMDBeY8aMSAxdm2RJM6JVV969d2z9QJSn+7niFAPqJihjaSxnuitG9s/OcMCMv/gcQYKJ3OTFJWAy5xvyaZTK1tZlMWb+KxZzeuw2iUlQE5SWmBhxZGmCyHbET02hOMKMZhZgd4d8f/34HOTGA7WJUxzHQI4MCUy1PjCBGvSnDcaG7YvH6R5hWjRfzrtBdfldFjAcLhbKzEcU9Y8QkgRishSCmra3n11972toEMZjy3XEfHs3IODolf3e52gATYHrLycl0f5mUGDDzcyt4IdUYcDMGYgAYx0BcRiOmDHfFoLCI5mVsHGAKYiIiCz08CiMjBDGT/CfBgqUQBphgJgsAL9KRf1tNTBEQ8w14URlgsmN+FiExSpRi+PJv7iZ0lsW8adOUDMadF+MOi2Uxn21M/c4AhYUNi5CYd+VTMu9aIaZQ2GCsmJLpgdAo58r0GUUZsPjArtoAU1DDjy+tFIPDglcjEGPrJKbtiano/yKOKSy8GkA6iRlqxSSmhxSCmK22zS4fLSrKpXdUB5jyxFgthovMv1LMzlooLAqYaf9Uca8M95tdbRcz+ml/lQGmEpvEqDRlduzYsWPHjh07duz8xzlfY+dfiZPTWKoZT0T8y5wdHcI+/+vViIUfKF0t4lUejea3T0loNO5SPotD6UH4772aiEazgIhG40JDIRaKec4P3BALP3C7g4hGE06Eu2YM8vZGF4lgxPz22XkKNRcQYc83u+oq+nyzK3nMnoemLqZ0A1A6cjHj/cyJqQA4L7kLqbDxwEjFIKClBQHnUsyrQb9PHGeVGPZ8s9BQ+nwzQQzhPDQf68RsKO0ohWWDSMzl8CCLqUpeU4+3iAf/+dMriGIqqjIzq1gzehRZDH9rUDQrxql7C3w91+0kE/OueFGI6cs652JeBTVO58vEuCseWAwC4iqG4xAgiCGchxaht0YMSJkeEjIb5FiRmCpX0FJ/WJYYoIwoJtPVNZMW47sNxQbBfxah1TFiPls5efL2VZMnr/xMlpgB/MPtvCsVY2poCLRSzH1nTQzgNx/aM/XEXHhV6K0Va9Z03xr67oWCGOJ5aIIYFwliMRs6ds0OD5+9q2ODFYnJ/PLqqw8nJx+WJWa81/gCCkkRi1mkowpwXLJRywv0n+MEXiavaofVSiermzKqbk6D6ZwnJjsW1Pz22Tj1xFx4a+qF3mvWel8YepWamOcjpGL6AutEYhyIsJeJwmKo3TsXy8QkM2KkiZm+ISA8XH4PV6Ep+6wcGaPgb4wyoqybL6MPRAko2ZK46iBsSvgDgTgijx3TIg5BTEtDQ0OdQV0M4tAmJGhVrwFjWUxhLELpBa/iUnO+WmIQENc9vI3UlAnnoekZMxIxWajPxSoxl+MFocU7v99oIDZlksR4lW7fsyfPa3qHRAxf/CvjUcp4oIAyDF12GSPmIC0mcQ1sDirF5C1YkEQQk9Ww/zqXLHUxgpfFuwUzqr+tAGLEsImJpVD0q5jpP0B7ZkEMe75ZaCp9vpkgRn4eWoRe2ZQZ0HUu1ieGCty9c1NVDEUq/tLElGw6vDcJ/shSuRhMLaWlq34sMt11GScGG1meuGo5bNYoxFALAEopZsilwcVliLJaTII2K45KUBfjTUSoMb87cfjSap4mwp5vdutS+nwzQYzsPDRARYxqYqjdacvql+0WiRGQ1pgNVXv37iKIEQYv44sjqT6woi4Gk7RgwTFlYqi+hjlzrhsyWC/mwIo+k3bUYsCMUPotibmSiJkv1mxvyoQaE3hgWcaBQKEpe5UETkx1gFdo9XhlUyYMXlLg/ElsRdyUtTsmtpObMio2llKKCaybc10DlH/rxaynqPWjbcoIZi6g8a30vUDMKMSAmcA6W2qMYfdug6j4IyJcdzxcWfyFwQtqupn1IhT/PYmr9kiK/7VE+JF/U4MLBL4hy/rinyAt/r5EVHplxbHpBdiMXExlXHz5uFGLIXeXXyNCJ0bcXVZPDEDqLosGL3WX8dD3Hr5sJbRh2/dAi7byspsZ1MS0NLjQYuoMI+suj0yMhxHBPy5sRiYmdyGKz+U7zraJ0auM/MHCM4rHa2xiJGLUE5NEeEOiwctlMjHYzHa4jyrvRV0MaurL+rXOFNiCzqWYQhy5AmlrBjogMfm6OFFi3G0Qo4/Qq4kBD3OkCy3mclsT4zWL9IZEgxe5GDBzPBGuTHkcvFgrBsjKgtU5FfMqm5jxIjMXMGZyKy8414kBLzYlxn8a8Q0JgxeFGAGbxDQ1WS3mPn59n1jMOGGBH2tqTDquMePFZviQjLr4K1CvMbaIyQsmvyFu8DI6Mcpp/3OamPGMFTdRa8apGKUYOyMHxIj53f6F5r8FJxl2M3bs2LFjx44dO/8/4Ld5Jk2CHwu325AMPC9mQCzsU/Oz0aWzQ4iv6+8nnqZkMwhztxyNJpCI+fO4fphu5v07khD94pLswt03EDF/fBBgMATG/PySGFpMDgBHeozEOHbsEptZyr2uXe/zD4gxfz2xq8/7jfj+HUrHXAxA1SjFTCrMzo6YRBQTHz96MdKbzWxO4l5P2IfiXz7nYhTncbl7X8CIgb+cEBr8uUrVxXi4XQSPx91GLmbx5woxXinpYTlEMfnXXJM/ejFAB9eceSU9nSd+Q/nPn00xx49bIeZCEe7DTt4V3k7e7lgMcH8+kkF/rlILYuae6B+YREhM26Hlh9pGl5iLIwrNNWU//WR9YhDH+s8/X6+4BRTdnC1Nfftp58mpwhvSUuiK+8+amIYVtB0bxAzP9B6uGnbfNMyIAXx0BDHYDFnMzKqyTZs9+v0nTGAiw4s5dSXmkC2J+U3RlHlcfHEUlH8O4UBT8fE6m8V890V18y/fScUk1ifim2jkOT892dn5aS/2DSUk7NuXkKDzOUtijhuwk5OGZyyJkZ7HNTxzuGzTzO4trJjnn1eEhj2gKWauvrS83yOn2aN/zSRZYlZcybBCEIN4AhcjHkuJIWJ78efy0uxXXd3cvF4qZlki3A4oZKnD5qedN+fxYpYACQhte/6siMkKpGNzQEWM+DwuuEnzlvojw91sU6bXXy2vNCCGMUMUM3e5f+y2bekemwcgMuIaM5kVE0wQU/P5sRqlmJixFrOvubl1Y3Pzd4IYng10a7Z582ZGjHbfElfXJfu0KGHf6kfOghhToBXFX3oel/umk0dPnp45jMXQrRiOL3TP5GKAMJKYlStLalavrhkYGJzwuDgxbVdytCnEBLaezGgNHIWYOwSQgKqYb1p/A1rFYrq7wUpjvaMjPaTxIoiJjXJgGY0Y9IxYTBAR6Vz98MynTp+6r6K7m07M8whBdsliIhBRzJHqz+PiavxBDFNkrBNz8p8QE/eI3+HDfo+Ui8QUFbFimCGNl7wpMxbDC6MXswI12SrGvfupI6d+dd/ENGV6wExTVkyRm7Jnqo/F94ZtfntAVmOWm2/KqJrWVpuaskskKMUYjepiMD6PAIsoWVOW6MhQ6gBIir+2wEHEaIq/DmXh8t9w3GoxU8u6T5yYOzzMjGMewcv9cYTiH+4ihy3+Px4ZKCwceGu5PwxlIDO8mD6LxT+QVPxHKia9uDjdKjFU3KLnyykkE9PJisF9AEl3OSXIQcyoussGhEwHTA2qiRFwH557YubwRCfL3eXwy82Jmbty00b/zYM4MG4ToPbLusunRN3lq4kQu8vqYu4TJSYqCgEjG2CCF4ENIZwY0B3lIGV0A8wVB0xZUGisFzN12HuuewU38qfjohTzxkwXshhg5twTgwNe4OUiUPO4eIB56tApKDBqYkaemPtYMZTRSI1YTGKM2EypQwgzJSMUl9GLEVATo0BtSga8KJBOyUBYIDEXcYkRsCUxI60xwAjFCCVGaM7wJGbBeId/kxhzk5jdLubEXMqLgfKCtSjFjD4xS8dMDIkNGg0uLv8mMeam/btcSJBml0cohjztb8eOHTt27NixY8eOHTv/PS5guIWF/8WcSUTM/4LSc0Q0mgeIaDSPKjm63Jm7sHbFEoYkLwYY6Jn5BaunaOCGFE+JoS+UPcEjx0OGhftUEjH/+j1EzP/3Lgy3sIQwaDTXELFCjBe9DoHlLItZvfpR/MNz/Vpn57WcmJ2Ml/e9eDGvd9kq5vGU9ELazEXsAkjPK/uXi3GHB0lMCDyimpOavVgt8Nx6MVt7erZaFrNu3aP0z/3049HKdufMTTNZMb68F0HM6zOn2yRmQpg2Z0JBIRgRmTF/n0oElJ8+7fMvEmMhMV5fJCUlRYETL3jYlJgz7e1neDFz9g/N2b9/qG///jl1Q3NYMdK8nHR2bp87kxNzUvAiiAEztoh53JidUzDBI4zODPvwMH99MATkXv/U9WdPjMFgm5h164iJIYupHuzv9xpJjelpb+/hxQyZTEN1WZi6pqY6XgzOCxOXD6EZWzkTYMR89gv28ouXVAyYCbdJTOwEaMlyQAiXF6WY2lOnDh2q5cTs8Hn2ZZKYsMLC6MLCMNvEBO7du9iimEkTJknErF5tVWLmY+CUF1jmC2g0nxCx3JTtb2rqq+vry+qDddOQssZA1V++aaYgpl7mpTgaxGBcTEiK5abMoyCnoPBxWgqrR359sMkftP84YzIWcz2wg0Lx10vQaO4HCj0KUJhH4f0CVtSk3W+trSGKOXQIVqDl7/bOB6aNKo7jaB5VqiFVQI0G/6CYmJnNzThdBidGXfxLdWInxhj/Rcs0pTiNldQIwz/pakvXtRaRjgmCM8CGVGAbwpx2jrG5KUMREWXMqWS4jIlMnUZ/76735x2v16P1T8zuc+2VqwS3fvL9/d67Pe7kiSkroyWGLiZgObrmpjXqxZCIpWw/iIG7goEYsEP2GMhMh17fClJEMWPYy02iFoRADMeHiEC4c6xhHgHf/OdiJJmRXx9sDH9MY7yY9pVftUSMPE+IqQqgQBUWcxHe1Igxe/q7ugbfeYci5sCBmaXs7HXrvkLoq3XrFqhLjN1WFygywRc5eItXDCQGatgWaDFb9m/ZwieGp/1Jvb4vXypmgvMiahHEAPupYgwyM9GHy+T1wRqCzSubCzgxQHWwHZTg7SK8F8Tg9X7ueqzkTtguUiHm1Tc6jh/veMNrlov5LSM1NeM3tpRJE1PAIIApUJkYu6nIHSgT8pKjIMZAhROTkQHPyOt94jwmN1LGXMX5hJh94GWnqIUQs19tYhCVGbdDHGpZWdqCxfAhoSYmLQ2lpdVjLZg7lcQ8xHLpaz1HHjz+8eHXnueOJYkZS00dYxOTRpSy9xjw8p7aHhMIFLmL7GJi4hNDHy6LkxcQIorhJpc7BS2kmP0qe4xaMUf2bpsY+IQTwyEkBna8mA2//pr76691nJQ7lUsZSGHFZB/OTj/c9vylcEiKOQBwzZ8Ug4D31PaYcE1doCpM9JjTqMQlJjcyeZGJ6QAvUi3mD7dcGBHzu05GomKWdD//2vElhBhK838Ru7joRaL5X0qFSwzYyG6bvqsY7rDNHT4Ue7jcbF6wwNysIjEIU/50OaqpQSLxivk6wg9fC2LEyQspBiaXNaKWd/Yf4/6NneIlcTFgZvFi8AJi0qhE3g+/mPtimHyfLkZIzPPHvQ2+4PHn2UOqmAvSSDHcLnZiEIu7LmCxqhKTT4UXc19EzP79GbwYcfKC+V0QMw1eOC2mV3+4UFj8QHhJVAxJLDFA1YYq4v1YiQFADt4pJOaCuGb+SCRRMfRSJk5eyMRM1oAWtn4Rq1Kwl/9MDEnsxFyKN0ELEN8pmcz/Qow4eYG4SL7/SM1btkj9IsSAl/+JGIBXopyYNF7MjxIlP/7XiYHJC/X7X7Hx9YsU87vufyWGII7EaGhoaGhoaGhoaGho/P94jArcNyXKhK43yoWpc6lE/4Wme6hEX/d1K4c+QjIHe7sT7rrcKFOC5ELf6VKi//r86VSiX+D6uZvo6+7S0/M7P8rrzE+X/X+voUJOhE8XUBCTezJdTErvPymGXPeVqJjCv0dMzjqKGN3SV6KJCe/YEc5Pz85WLQaMRF5uw1sMMbm5V1PFYDN0MS+QWzxiyHVfiYpZ8w8mRqdrXFoTJTGd4WdAzDHYaGIWLYouhuM2LAZR4RKQSRWDzSSemHOoyJYXbQ6y+OISU+dGRXArFIOUaH9fBTE5WMRKQUlTEy9G51yxooYmJi8v7+J8sPLux8dmiqm3GY22elGM4INIjKIY4GQnTQyYSVzMbTzvl4Q7hQOZmI3LVixb9v33k3GJecaKrM+oFoMEjEYkAGJ2r5Ukpa3VJSQGzISW4lYjF7Nj/fod+ekQmQ9nJqYIL7cpZ9w0MWRiUgQWLhS/Zj/odniWMrRbW1UaZEjvIeYwxl7JKIj5fOCnboRsvBrZuq+Nz7lXuNZ/uzG+UrbKZkuRiVG+TyXGwSIRI6XXYOgSxQCtS3GrkZcySAyIOQaBkYupR/XXFK1aZYUXpR5DiqmslInp7jhyJPekG8hanCKaCYX4vSgGvHg8DkYuZvt28VUUs7xz3Nk2MRD0mDzh2/I+uhjEEOu+IDFHVyz7PqSUGCQgF1NoSbEUynpMTDEOxrh1xMg4aGJ+ajUQYprgOQq37KuRiVleUrI8yqjMVn6NG5VbrchGEUNPzM55BsO8nVIxR548p3ZJbu6SX0gxgpnRxsZRbi8V4/Ft2hR0yMS888MP7/Cvgpjl69eP6waavhgY8Aa9KBz+bjmIIdd9dRjmfdf5/e37lBMj0l5mNpfl0IbL6sWgkRFGJoYrZk1+A9AqiBmwewZ0uiEws6KGEFOyY0cJXcwiY/011jVz09Yg4xnkcFkhMTcZDDelzEaMwek0cHtCzPRv09MmeWKOHSNfQUzJxC+Pvw9itg18EQx6mfBtJdW/gJhTpLQZ5v1c7DdsUymmtD2z9OXq9tL4xWAjDvxkJGKqd58KdBg4MmOKyYPEKIm5ZZEghuyp9B5TU1lZM6tSNi8U8vN7UYxxeHp6WF7KmO3bzfwrL+bzX0ug8zudA86gxwOlDL8hF5O5dM/55x/SZ6oU054Dq/fW5bRjMQYqKsTgi3WRYjCZrQbgXnj2UkoZrcfQS1kASllAWspAg7hRE7OQfSTe/B3f2I2zaP5w41KftPmfQrDt0PnXHuqOMY8RKS0rKzNDYOIVAzhWX3bZ6hnN/6eQgceVGav5f5YPD7qYelR1jXuVFTd/SmLUzmOA7GtJZj9c1lGRDpfffjsPXqhiwMyePeBFrZjNOS+/nLOZJkb9cNkBSN7n24tIX6zhMpSyvChiIC/uqvoAE7hGMTGxxNyZCi5SuYcoBrwkLEb9zdSeajtFvZic0urqUq75v0kl+t/3SiqcmF6Xy+Vn4cy0gRjWC32C2bnhu+jnyupXMcQEk5qYGKdkXgMfghfuS8VTMvJzMopi7qECYiioF1Ods7aaE5NOEPuUDF1MXKdkwhv3hSlieNLSYKecGEUxEBeW1D+5B3uoeBLzhSW5BP+6GKAUCtnfLqbDQNKkfBLzu87wd1QxIoqJURYDXijEOO3/34sB/k4xcZ32h0uCdyYqRkNDQ0NDQ0NDQ0ND4//HIipwwWrUrdM1oKJkAnLd19kCSUnXiZwmMvOaK4f0o048wXyCSvQJ6XVSTuOJfu7rJUxz1kskSZhzIojfDFyK0UuYj8G/YFU7WauXM9vrnincJ/SGFAoKYpIDaBs+I1+XLIVc9zVDzMmxxDxaq9+rA+IQs1LcZGLMFSYzVUzzLthl7SpISEzt6PpWvRzyc0hEjKvx/VmKSS5nmnS6ILIkSyDXfUWsDI9FxHyw8gNlMW/qQ434tGxrHGIkXq4jTtebNg0PD5oQOk8CK2ZXM+sla1dCYvb0Thx2wXEt/8AoXPfMuNWBWBz9RoTB70QX0+jq+/Tz6GKqYIFAoIoUk7yGgZtYeZm3iB90ugRWy4Kzh4c5MR/s3r37AwUxj+7R9+mARn9tdDE3UlFITMVgV2tr16YKQoyQGOwlS70YQYAoxt+7rdcv+uL+o2yZVVtxflN+cTsrxuHyT/aDHGbSPwJSHCOTfteIVMzCheS9D/pcjVDP6GIglUUPL3p4LikmxUaYoYtpGQsu4ErZnJbdaHfLnKhiDtT62TLWpx/bFYcYiRdCjGm4FRiuoPWYgl0xegzDyMUc0OOdtMeEWl16KRQx+cWPNUxNHeFK2Va/y2UAKavPWQ1f3wtHBxmpmMpKUowOQuN8nyqmCiEL6+NhiRig0FYByw3sRvH2O+S6L1zFWiaDoCd2YqDrtzpxGQvp37j77uhinuUJ7xu2CAdkYohSVsGJMamr6aQYY38/Q4rZM38PuxPE8BmcswSYwx+Rn8PJ+cU9psOcGDODBmtd/nv3be7r7dvsu9fg8vebiT/PihUyMWxoPl1OEWNDtoiQenAjiAEzq0wDOqfEDLnuC4uRNv8PSik9RihjQzpgr7/2y7vViLGgbhMSzCgkpmITLmWD8lKGqJBiKgY3bjzoIMR8PX8+dvI13l0viAEti1l4NeTnAGKm7b1TbVhMQXNBweCY696OqzHbLnFNfoMKvuLF7IRLWer1sNspiGkcamRDo5MSEWNERZyXubZVc0Ux2IzV5NQ5PVbeDLnu62yOliA/KpsTbVR2QO9q1AGj+rHL71Ylxmpqshut/JHSqMw0ODwMLSYOMSZ7/8HJEboYMjH3PLgYvyx+8B7umPwcTk6f6vAUF7NiXs7K2t7T0+8KbcA86RrLKmCysBiOmqV6YGmNmJjRvaNcaPwGEUGMmyoGeMbqATMmayH/g86ewYKxybOjX5hBmLywxVS/hb/A3CVUxFGZh2n4LOxRMypDZpPZjEjUiWEc/ZtMjIpSNmfxg3PY13sW82JOkXBy8VQPmuYSg7KymMNXvuror3O73XUHt8LYw3wzLwZYiL1A+xcT08eKGSLExCpl2IzR7tQNmFYVysXgOsY1/5YWJTHi5GVIX/vH3WrFNCFvsLwp9jyG4YlDjGPk4CZPhbz5H4CHnihlc94DL5yhB0tFMSLbpnpM08UTrJiCAuSd6ilb/SSI2VjLZGV9hbIIMcBCYlTGljKwI0Fs/kW05s+ZYeyw6tBsS6GKWcCOypTEiJMX/W+gRKUYMBP0NqmY+Z9HRV3zZwYDmzyMfLg8f750uMxVMuGew0vuoYjpCHWnn5XdEWLFQHoreq5809W/b8O+Qbh3vBkiLY7KoJbt3AmVTBTDxaXRmZohQRwuo8DcRXOriOEyz1uMF+7Ly6xJoZSy4DDeK4kRJy/Q9WVi9PCQbEC04XL0BJRSYZNKQT5ctlpnzGMOzZ9/SCKGLlhWyia6Ovq6up4SZv6eb7o8/aHW1snmr/tlo8TKhZCaSkIMxMX5bgYBMcEsl08w5WZIMS2QGHjEEiOZvNxNiAETJMpiTqMy+wtWx57533cf7NhSJohJEZ8pFDGUUzLmVwddfld/1uVlMYbvbFx+z5CheEpGxIKCuOiXS8UM17awcYklRjJ5IcVw6OVinqUi+/kxS1kiYg5BYIjEYB3sTvgythjAsXorWrcAxRCD4/JYRlxigDrkg/tYowAWI46RgdhixMkLKYaXIpYyZTGIyj+RGIAUg03wfqilLLGTmBCXOMUARahBp+tGbqLHqBMjTl5IMTwJJeZfEEPw94v5PTWDJkZDQ0NDQ0NDQ0NDQ+P/h3jJD3Licyom5yS8J95PphJ9YpWd/SqyWm6SkZR0JpWkJN/U/RSSTjwUxXyyeFZiqorKq8otR91uS5HF4ubFZB/bjsqVxey9/8z7zzzz/vtBDLJPaWLkYlK4LSIms30tXK2jdK16MUctlqPlRwPuNW5ruSXAiekBM0RoaGKGvl1fObT+271YDKo4rImhJyaFE7O2JQfsVK9NrJQtezObCA29lN0PaoYgNNzPCYYMMpJOPIjEkKUMyKmeRSnzeL3I0+DzeoNBD/J6PayYoWUhIjR0MXfcAdUMYNdlbQ3YRzUxRGIKbQjZCkUxmWvXwl5VMsCLz9vtsV996xVXXHG119Pg9Znw+7rGkBAakejNH6GR28+1mne8fpWUpBMPxIPF2Apt8BDFtLScql5Mg93X4PVecevExFNX2L3dPnsDK0anY0NDIhMDv1gN3/fII4/Az3Ef9d8Oo4gNy09wMclSIC4QGlFMdfUsxPi8dp/Xc/Wtn2y+9Wq7N2i3ByNi2NCoFlP07DL97c+WI1icI5J04kEXQ7yvVowvaPd5HigBHrD77EGfLy4x6KAr5JqEynjCi0nhN76UxS0GN/7xxvHx8c+9XtDki6uUYTGhgyiolTIeofkritFRYYVV2KH/L3eOjztLvD47jMqE5n8hvfnTxZSPjIwMas0fgiJuHPGKgdoV9JaMj5eM5/mCcCQbLpdV3yqgJAbYPTrvhB8uszPK1zkn/D4lLjFMENx4PB67HXZgJchgMUJcVoKPmGK0CaYAsVwK7+NPTBCGy/agNwgPO75vKpsYIi4xxWinZMjEPA46CDdxiQHACAb8MAzXS4i4xBSjncSkNv/Eegx9tEbEJaYY7bS/hoaGhobGP8xff9MS7Xw+B5wAAAAASUVORK5CYII=";
 
 const apple = "data:image/svg+xml,%3csvg%20width='16'%20height='16'%20viewBox='0%200%2016%2016'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3cpath%20d='M13.6167%204.77308C13.5312%204.83608%2012.0218%205.64397%2012.0218%207.44037C12.0218%209.51818%2013.9425%2010.2533%2014%2010.2715C13.9912%2010.3162%2013.6948%2011.2781%2012.9873%2012.2583C12.3564%2013.1207%2011.6976%2013.9818%2010.6952%2013.9818C9.69291%2013.9818%209.43498%2013.4287%208.27784%2013.4287C7.15021%2013.4287%206.74928%2014%205.83245%2014C4.9156%2014%204.27588%2013.2019%203.54034%2012.2218C2.68836%2011.0709%202%209.28291%202%207.58597C2%204.86409%203.86316%203.42054%205.69684%203.42054C6.67116%203.42054%207.48335%204.02821%208.09508%204.02821C8.67726%204.02821%209.58531%203.38414%2010.6937%203.38414C11.1139%203.38414%2012.6233%203.42054%2013.6167%204.77308ZM10.1676%202.23182C10.6259%201.71517%2010.9503%200.998298%2010.9503%200.281428C10.9503%200.182018%2010.9414%200.0812084%2010.9223%200C10.1764%200.0266027%209.28899%200.471848%208.75398%201.0613C8.33385%201.51495%207.94176%202.23182%207.94176%202.95849C7.94176%203.06771%207.96092%203.17691%207.9698%203.21192C8.01697%203.22032%208.09361%203.23012%208.17025%203.23012C8.83946%203.23012%209.68112%202.80448%2010.1676%202.23182Z'%20fill='black'/%3e%3c/svg%3e";
@@ -580,7 +717,9 @@ const initialState = {
   appId: void 0,
   scopes: void 0,
   createTenantForNewUser: void 0,
-  parseQueryParams: true
+  parseQueryParams: true,
+  isDiscoveringAppId: false,
+  hasSettingsError: false
 };
 const PassflowContext = createContext(void 0);
 const passflowReducer = (state, action) => {
@@ -619,6 +758,18 @@ const routes = {
   },
   passkey: {
     path: "/passkeysss"
+  },
+  two_factor_verify: {
+    path: "/two-factor-verify"
+  },
+  two_factor_recovery: {
+    path: "/two-factor-recovery"
+  },
+  two_factor_setup: {
+    path: "/two-factor-setup"
+  },
+  two_factor_setup_magic_link: {
+    path: "/two-factor-setup-magic-link/:token"
   }
 };
 
@@ -646,7 +797,7 @@ const AuthProvider = ({ children }) => {
       setIsLoading(true);
       try {
         const tokens = await passflow.getTokens(doRefresh);
-        const parsedTokens = tokens ? passflow.getParsedTokenCache() : void 0;
+        const parsedTokens = tokens ? passflow.getParsedTokens() : void 0;
         return {
           tokens,
           parsedTokens
@@ -697,17 +848,13 @@ const useSignIn = () => {
         else if (type === "passkey") {
           await passflow.passkeyAuthenticate(payload);
         } else {
-          const passwordlessResponse = await passflow.passwordlessSignIn(payload);
-          cleanup();
-          return passwordlessResponse;
+          return await passflow.passwordlessSignIn(payload);
         }
-        cleanup();
         return true;
       } catch (e) {
         setIsError(true);
         const error = e;
         setErrorMessage(error.message);
-        cleanup();
         return false;
       } finally {
         cleanup();
@@ -852,48 +999,143 @@ const useAppSettings = () => {
   const [isError, setIsError] = useState(false);
   const [errorMessage, setErrorMessage] = useState("");
   const [isLoading, setIsLoading] = useState(false);
+  const isFetchingRef = useRef(false);
   if (!context) {
     throw new Error("useAppSetting must be used within an PassflowProvider");
   }
   const { state, dispatch } = context;
   useLayoutEffect(() => {
-    if (!state.appSettings) {
+    if (!state.appSettings && !state.hasSettingsError && !isFetchingRef.current) {
       const fetchAllSettings = async () => {
+        isFetchingRef.current = true;
         setIsLoading(true);
         try {
+          if (!passflow.appId && !state.isDiscoveringAppId) {
+            dispatch({
+              type: "SET_PASSFLOW_STATE",
+              payload: {
+                ...state,
+                isDiscoveringAppId: true
+              }
+            });
+            try {
+              const urlsToTry = ["/settings"];
+              if (passflow.url) {
+                urlsToTry.push(`${passflow.url}/settings`);
+              }
+              let response = null;
+              for (const url of urlsToTry) {
+                try {
+                  const r = await fetch(url);
+                  if (r.ok) {
+                    response = r;
+                    break;
+                  }
+                } catch {
+                  continue;
+                }
+              }
+              if (response && response.ok) {
+                const settings = await response.json();
+                const discoveredAppId = settings.login_app?.app_id || settings.appId;
+                if (discoveredAppId) {
+                  passflow.setAppId(discoveredAppId);
+                  const stateUpdates = {
+                    appId: discoveredAppId
+                  };
+                  if (!state.scopes) {
+                    const discoveredScopes = settings.login_app?.scopes || settings.scopes;
+                    if (discoveredScopes) {
+                      stateUpdates.scopes = discoveredScopes;
+                    }
+                  }
+                  if (isUndefined(state.createTenantForNewUser)) {
+                    const createTenant = settings.login_app?.create_tenant_for_new_user ?? settings.createTenantForNewUser;
+                    if (createTenant !== void 0) {
+                      stateUpdates.createTenantForNewUser = createTenant;
+                    }
+                  }
+                  dispatch({
+                    type: "SET_PASSFLOW_STATE",
+                    payload: {
+                      ...state,
+                      ...stateUpdates,
+                      isDiscoveringAppId: false
+                    }
+                  });
+                } else {
+                  dispatch({
+                    type: "SET_PASSFLOW_STATE",
+                    payload: {
+                      ...state,
+                      isDiscoveringAppId: false
+                    }
+                  });
+                }
+              }
+            } catch (discoveryError) {
+              console.warn("Failed to discover appId from /settings:", discoveryError);
+              dispatch({
+                type: "SET_PASSFLOW_STATE",
+                payload: {
+                  ...state,
+                  isDiscoveringAppId: false
+                }
+              });
+            }
+          }
           let appSettings = {};
           if (passflow.appId) {
             appSettings = await passflow.getAppSettings();
           }
-          if (!state.scopes) state.scopes = appSettings.defaults.scopes;
-          if (isUndefined(state.createTenantForNewUser)) state.createTenantForNewUser = appSettings.defaults.create_tenant_for_new_user;
+          const finalStateUpdates = {
+            appSettings
+          };
+          if (!state.scopes) finalStateUpdates.scopes = appSettings.defaults?.scopes;
+          if (isUndefined(state.createTenantForNewUser))
+            finalStateUpdates.createTenantForNewUser = appSettings.defaults?.create_tenant_for_new_user;
           let passwordPolicy = null;
           if (appSettings.auth_strategies && hasPasswordStrategy(appSettings.auth_strategies)) {
             passwordPolicy = await passflow.getPasswordPolicySettings();
           }
+          finalStateUpdates.passwordPolicy = passwordPolicy;
           dispatch({
             type: "SET_PASSFLOW_STATE",
             payload: {
               ...state,
-              appSettings,
-              passwordPolicy
+              ...finalStateUpdates
             }
           });
         } catch (e) {
           setIsError(true);
           const error = e;
           setErrorMessage(error.message);
+          dispatch({
+            type: "SET_PASSFLOW_STATE",
+            payload: {
+              ...state,
+              hasSettingsError: true
+            }
+          });
         } finally {
           setIsLoading(false);
+          isFetchingRef.current = false;
         }
       };
       void fetchAllSettings();
     }
-  }, [dispatch, state.appSettings, passflow, state]);
+  }, [dispatch, state.appSettings, state.hasSettingsError, state.isDiscoveringAppId, passflow]);
   const reset = () => {
     setIsError(false);
     setErrorMessage("");
     setIsLoading(false);
+    dispatch({
+      type: "SET_PASSFLOW_STATE",
+      payload: {
+        ...state,
+        hasSettingsError: false
+      }
+    });
   };
   const applyThemeStyles = (style) => {
     const root = document.documentElement;
@@ -1146,7 +1388,7 @@ const useNavigation = () => {
         setNavigate(null);
         return;
       }
-      const wrappedNavigate = (options) => {
+      const wrappedNavigate = ((options) => {
         const { to, search = "", replace = false } = options;
         switch (router) {
           case "react-router":
@@ -1177,7 +1419,7 @@ const useNavigation = () => {
             }
           }
         }
-      };
+      });
       setNavigate(wrappedNavigate);
     },
     [setNavigate, router]
@@ -1189,6 +1431,364 @@ const useNavigation = () => {
   };
 };
 
+const useTwoFactorStatus = () => {
+  const passflow = usePassflow();
+  const [data, setData] = useState(null);
+  const [isLoading, setIsLoading] = useState(false);
+  const [isError, setIsError] = useState(false);
+  const [errorMessage, setErrorMessage] = useState("");
+  const fetch = useCallback(async () => {
+    setIsLoading(true);
+    setIsError(false);
+    setErrorMessage("");
+    try {
+      const response = await passflow.getTwoFactorStatus();
+      setData(response);
+      return response;
+    } catch (e) {
+      setIsError(true);
+      const error = e;
+      setErrorMessage(error.message);
+      return null;
+    } finally {
+      setIsLoading(false);
+    }
+  }, [passflow]);
+  useLayoutEffect(() => {
+    void fetch();
+  }, [fetch]);
+  return {
+    data,
+    refetch: fetch,
+    isLoading,
+    isError,
+    errorMessage
+  };
+};
+
+const useTwoFactorSetup = () => {
+  const passflow = usePassflow();
+  const [setupData, setSetupData] = useState(null);
+  const [recoveryCodes, setRecoveryCodes] = useState([]);
+  const [isLoading, setIsLoading] = useState(false);
+  const [isError, setIsError] = useState(false);
+  const [error, setError] = useState("");
+  const [step, setStep] = useState("idle");
+  const beginSetup = useCallback(async () => {
+    setIsLoading(true);
+    setIsError(false);
+    setError("");
+    try {
+      const response = await passflow.beginTwoFactorSetup();
+      setSetupData(response);
+      setStep("setup");
+      return response;
+    } catch (e) {
+      setIsError(true);
+      const err = e;
+      setError(err.message);
+      return null;
+    } finally {
+      setIsLoading(false);
+    }
+  }, [passflow]);
+  const confirmSetup = useCallback(
+    async (code) => {
+      setIsLoading(true);
+      setIsError(false);
+      setError("");
+      try {
+        const response = await passflow.confirmTwoFactorSetup(code);
+        setRecoveryCodes(response.recovery_codes);
+        setStep("complete");
+        return response;
+      } catch (e) {
+        setIsError(true);
+        const err = e;
+        setError(err.message);
+        return null;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow]
+  );
+  const reset = useCallback(() => {
+    setSetupData(null);
+    setRecoveryCodes([]);
+    setIsError(false);
+    setError("");
+    setStep("idle");
+  }, []);
+  return {
+    setupData,
+    recoveryCodes,
+    step,
+    beginSetup,
+    confirmSetup,
+    reset,
+    isLoading,
+    isError,
+    error
+  };
+};
+
+const useTwoFactorVerify = () => {
+  const passflow = usePassflow();
+  const [isLoading, setIsLoading] = useState(false);
+  const [isError, setIsError] = useState(false);
+  const [error, setError] = useState("");
+  const [errorType, setErrorType] = useState(null);
+  const [errorDetails, setErrorDetails] = useState(null);
+  const isVerificationRequired = useCallback(() => {
+    return passflow.isTwoFactorVerificationRequired();
+  }, [passflow]);
+  const handleError = useCallback((e) => {
+    const err = e;
+    const classified = classifyTwoFactorError(err.message);
+    setIsError(true);
+    setError(err.message);
+    setErrorType(classified.type);
+    setErrorDetails(classified);
+  }, []);
+  const verify = useCallback(
+    async (code) => {
+      setIsLoading(true);
+      setIsError(false);
+      setError("");
+      setErrorType(null);
+      setErrorDetails(null);
+      try {
+        const response = await passflow.verifyTwoFactor(code);
+        return response;
+      } catch (e) {
+        handleError(e);
+        return null;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow, handleError]
+  );
+  const useRecoveryCode = useCallback(
+    async (code) => {
+      setIsLoading(true);
+      setIsError(false);
+      setError("");
+      setErrorType(null);
+      setErrorDetails(null);
+      try {
+        const response = await passflow.useTwoFactorRecoveryCode(code);
+        return response;
+      } catch (e) {
+        handleError(e);
+        return null;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow, handleError]
+  );
+  const reset = useCallback(() => {
+    setIsError(false);
+    setError("");
+    setErrorType(null);
+    setErrorDetails(null);
+  }, []);
+  return {
+    isVerificationRequired,
+    verify,
+    useRecoveryCode,
+    reset,
+    isLoading,
+    isError,
+    error,
+    errorType,
+    errorDetails
+  };
+};
+
+const useTwoFactorManage = () => {
+  const passflow = usePassflow();
+  const [recoveryCodes, setRecoveryCodes] = useState([]);
+  const [isLoading, setIsLoading] = useState(false);
+  const [isError, setIsError] = useState(false);
+  const [error, setError] = useState("");
+  const disable = useCallback(
+    async (code) => {
+      setIsLoading(true);
+      setIsError(false);
+      setError("");
+      try {
+        await passflow.disableTwoFactor(code);
+        return true;
+      } catch (e) {
+        setIsError(true);
+        const err = e;
+        setError(err.message);
+        return false;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow]
+  );
+  const regenerateCodes = useCallback(
+    async (code) => {
+      setIsLoading(true);
+      setIsError(false);
+      setError("");
+      try {
+        const response = await passflow.regenerateTwoFactorRecoveryCodes(code);
+        setRecoveryCodes(response.recovery_codes);
+        return response;
+      } catch (e) {
+        setIsError(true);
+        const err = e;
+        setError(err.message);
+        return null;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [passflow]
+  );
+  const reset = useCallback(() => {
+    setRecoveryCodes([]);
+    setIsError(false);
+    setError("");
+  }, []);
+  return {
+    recoveryCodes,
+    disable,
+    regenerateCodes,
+    reset,
+    isLoading,
+    isError,
+    error
+  };
+};
+
+const useTwoFactorSetupMagicLink = (token) => {
+  const passflow = usePassflow();
+  const [isLoading, setIsLoading] = useState(true);
+  const [isRetrying, setIsRetrying] = useState(false);
+  const [isValidated, setIsValidated] = useState(false);
+  const [error, setError] = useState(null);
+  const [sessionToken, setSessionToken] = useState(null);
+  const [userId, setUserId] = useState(null);
+  const [appId, setAppId] = useState(null);
+  const [expiresIn, setExpiresIn] = useState(null);
+  const [retryCountdown, setRetryCountdown] = useState(null);
+  const [validatedToken, setValidatedToken] = useState(null);
+  const shouldClearOnUnmount = useRef(true);
+  const countdownTimerRef = useRef(null);
+  const startCountdown = useCallback((seconds) => {
+    if (countdownTimerRef.current) {
+      clearInterval(countdownTimerRef.current);
+    }
+    setRetryCountdown(seconds);
+    countdownTimerRef.current = setInterval(() => {
+      setRetryCountdown((prev) => {
+        if (prev === null || prev <= 1) {
+          if (countdownTimerRef.current) {
+            clearInterval(countdownTimerRef.current);
+            countdownTimerRef.current = null;
+          }
+          return null;
+        }
+        return prev - 1;
+      });
+    }, 1e3);
+  }, []);
+  const validateToken = useCallback(
+    async (isRetry = false) => {
+      if (!isRetry && validatedToken === token && isValidated) {
+        return;
+      }
+      if (isRetry) {
+        setIsRetrying(true);
+      } else {
+        setIsLoading(true);
+      }
+      setError(null);
+      try {
+        const response = await passflow.validateTwoFactorSetupMagicLink(token);
+        if (response.success && response.sessionToken && response.userId) {
+          setSessionToken(response.sessionToken);
+          setUserId(response.userId);
+          setAppId(response.appId ?? null);
+          setExpiresIn(response.expiresIn ?? null);
+          setIsValidated(true);
+          setValidatedToken(token);
+          setRetryCountdown(null);
+          shouldClearOnUnmount.current = false;
+        } else if (response.error) {
+          setError(response.error);
+          setIsValidated(false);
+          shouldClearOnUnmount.current = true;
+          if (response.error.code === "RATE_LIMITED" && response.error.retryAfter) {
+            startCountdown(response.error.retryAfter);
+          }
+        }
+      } catch (err) {
+        setError({
+          code: "SERVER_ERROR",
+          message: err instanceof Error ? err.message : "An unexpected error occurred"
+        });
+        setIsValidated(false);
+        shouldClearOnUnmount.current = true;
+      } finally {
+        setIsLoading(false);
+        setIsRetrying(false);
+      }
+    },
+    [token, validatedToken, isValidated, passflow, startCountdown]
+  );
+  const retry = useCallback(async () => {
+    if (retryCountdown !== null && retryCountdown > 0) {
+      return;
+    }
+    setValidatedToken(null);
+    await validateToken(true);
+  }, [validateToken, retryCountdown]);
+  useEffect(() => {
+    if (!token) {
+      setError({
+        code: "INVALID_TOKEN",
+        message: "No token provided"
+      });
+      setIsLoading(false);
+      return;
+    }
+    if (token !== validatedToken) {
+      validateToken();
+    }
+  }, [token, validatedToken, validateToken]);
+  useEffect(() => {
+    return () => {
+      if (countdownTimerRef.current) {
+        clearInterval(countdownTimerRef.current);
+      }
+      if (shouldClearOnUnmount.current) {
+        passflow.clearMagicLinkSession?.();
+      }
+    };
+  }, [passflow]);
+  return {
+    isLoading,
+    isRetrying,
+    isValidated,
+    error,
+    sessionToken,
+    userId,
+    appId,
+    expiresIn,
+    retryCountdown,
+    retry
+  };
+};
+
 const FieldPhone = ({ id, onChange, isError = false, className = "" }) => {
   const [show, setShow] = useState(false);
   const [filterValue, setFilterValue] = useState("");
@@ -1431,25 +2031,515 @@ const Wrapper = ({
   customLogo,
   removeBranding = false
 }) => {
-  return /* @__PURE__ */ jsxs(HelmetProvider, { children: [
-    /* @__PURE__ */ jsx(Helmet, { children: /* @__PURE__ */ jsx("style", { type: "text/css", children: customCss }) }),
-    /* @__PURE__ */ jsxs("div", { id: "passflow-wrapper", className: "passflow-wrapper", children: [
-      /* @__PURE__ */ jsxs("div", { className: cn("passflow-form-main-wrapper", className), children: [
-        /* @__PURE__ */ jsxs("div", { className: "passflow-form-main-container", children: [
-          customLogo ? /* @__PURE__ */ jsx("img", { src: customLogo, alt: "custom logo", className: "passflow-form-main-container-logo" }) : /* @__PURE__ */ jsx(Icon, { id: iconId, size: "large", type: "general" }),
-          title && /* @__PURE__ */ jsxs("div", { className: "passflow-form-header", children: [
-            /* @__PURE__ */ jsx("h2", { className: "passflow-form-title", children: title }),
-            subtitle && /* @__PURE__ */ jsx("span", { className: "passflow-form-subtitle", children: subtitle })
-          ] })
-        ] }),
-        children
-      ] }),
-      !removeBranding && /* @__PURE__ */ jsx("div", { className: "passflow-branding", children: /* @__PURE__ */ jsxs("p", { className: "passflow-branding-text", children: [
-        "Secured by ",
-        /* @__PURE__ */ jsx("span", { className: "passflow-branding-text-secondary passflow-secondary-font", children: "PASSFLOW" })
-      ] }) })
-    ] })
-  ] });
+  return /* @__PURE__ */ jsxs(HelmetProvider, { children: [
+    /* @__PURE__ */ jsx(Helmet, { children: /* @__PURE__ */ jsx("style", { type: "text/css", children: customCss }) }),
+    /* @__PURE__ */ jsxs("div", { id: "passflow-wrapper", className: "passflow-wrapper", children: [
+      /* @__PURE__ */ jsxs("div", { className: cn("passflow-form-main-wrapper", className), children: [
+        /* @__PURE__ */ jsxs("div", { className: "passflow-form-main-container", children: [
+          customLogo ? /* @__PURE__ */ jsx("img", { src: customLogo, alt: "custom logo", className: "passflow-form-main-container-logo" }) : /* @__PURE__ */ jsx(Icon, { id: iconId, size: "large", type: "general" }),
+          title && /* @__PURE__ */ jsxs("div", { className: "passflow-form-header", children: [
+            /* @__PURE__ */ jsx("h2", { className: "passflow-form-title", children: title }),
+            subtitle && /* @__PURE__ */ jsx("span", { className: "passflow-form-subtitle", children: subtitle })
+          ] })
+        ] }),
+        children
+      ] }),
+      !removeBranding && /* @__PURE__ */ jsx("div", { className: "passflow-branding", children: /* @__PURE__ */ jsxs("p", { className: "passflow-branding-text", children: [
+        "Secured by ",
+        /* @__PURE__ */ jsx("span", { className: "passflow-branding-text-secondary passflow-secondary-font", children: "PASSFLOW" })
+      ] }) })
+    ] })
+  ] });
+};
+
+const TwoFactorSetupForm = ({ onComplete, onCancel, numInputs }) => {
+  const [code, setCode] = useState("");
+  const [showSecret, setShowSecret] = useState(false);
+  const { setupData, recoveryCodes, step, beginSetup, confirmSetup, reset, isLoading, isError, error } = useTwoFactorSetup();
+  const totpDigits = numInputs ?? 6;
+  const handleCodeChange = (value) => {
+    setCode(value);
+  };
+  const handleConfirm = async (e) => {
+    e.preventDefault();
+    await confirmSetup(code);
+  };
+  const handleCopyRecoveryCodes = () => {
+    navigator.clipboard.writeText(recoveryCodes.join("\n"));
+  };
+  const handleComplete = () => {
+    onComplete?.(recoveryCodes);
+    reset();
+  };
+  if (step === "idle") {
+    return /* @__PURE__ */ jsx(
+      Wrapper,
+      {
+        title: "Enable Two-Factor Authentication",
+        subtitle: "Add an extra layer of security to your account",
+        className: "passflow-2fa-setup",
+        children: /* @__PURE__ */ jsxs("div", { className: "passflow-2fa-setup-start", children: [
+          /* @__PURE__ */ jsx(Button, { size: "big", type: "button", variant: "primary", onClick: () => beginSetup(), disabled: isLoading, children: isLoading ? "Loading..." : "Get Started" }),
+          onCancel && /* @__PURE__ */ jsx("button", { type: "button", className: "passflow-link-button", onClick: onCancel, children: "Cancel" }),
+          isError && /* @__PURE__ */ jsxs("div", { className: "passflow-field-error", children: [
+            /* @__PURE__ */ jsx(Icon, { size: "small", id: "warning", type: "general", className: "icon-warning" }),
+            /* @__PURE__ */ jsx("span", { className: "passflow-field-error-text", children: error })
+          ] })
+        ] })
+      }
+    );
+  }
+  if (step === "setup" && setupData) {
+    return /* @__PURE__ */ jsx(
+      Wrapper,
+      {
+        title: "Scan QR Code",
+        subtitle: "Scan this code with your authenticator app (Google Authenticator, Authy, etc.)",
+        className: "passflow-2fa-setup",
+        children: /* @__PURE__ */ jsxs("form", { onSubmit: handleConfirm, className: "passflow-2fa-setup-qr", children: [
+          /* @__PURE__ */ jsx("div", { className: "passflow-2fa-qr-container", children: /* @__PURE__ */ jsx("img", { src: `data:image/png;base64,${setupData.qr_code}`, alt: "2FA QR Code", className: "passflow-2fa-qr-image" }) }),
+          /* @__PURE__ */ jsxs("div", { className: "passflow-2fa-secret-toggle", children: [
+            /* @__PURE__ */ jsx("button", { type: "button", className: "passflow-link-button", onClick: () => setShowSecret(!showSecret), children: showSecret ? "Hide manual code" : "Can't scan? Enter code manually" }),
+            showSecret && /* @__PURE__ */ jsx("code", { className: "passflow-2fa-secret-code", children: setupData.secret })
+          ] }),
+          /* @__PURE__ */ jsxs("div", { className: "passflow-2fa-confirm-section", children: [
+            /* @__PURE__ */ jsxs("p", { className: "passflow-2fa-confirm-label", children: [
+              "Enter the ",
+              totpDigits,
+              "-digit code from your app to confirm:"
+            ] }),
+            /* @__PURE__ */ jsxs("div", { id: "otp-wrapper", className: "passflow-verify-otp-wrapper", children: [
+              /* @__PURE__ */ jsx(
+                OtpInput,
+                {
+                  value: code,
+                  onChange: handleCodeChange,
+                  numInputs: totpDigits,
+                  shouldAutoFocus: true,
+                  skipDefaultStyles: true,
+                  containerStyle: "passflow-verify-otp-inputs",
+                  inputStyle: cn("passflow-field-otp passflow-field-otp--focused", isError && "passflow-field-otp--error"),
+                  inputType: "text",
+                  renderInput: (props) => /* @__PURE__ */ jsx("input", { ...props })
+                }
+              ),
+              isError && /* @__PURE__ */ jsxs("div", { className: "passflow-verify-otp-error", children: [
+                /* @__PURE__ */ jsx(Icon, { size: "small", id: "warning", type: "general", className: "icon-warning" }),
+                /* @__PURE__ */ jsx("span", { className: "passflow-verify-otp-error-text", children: error })
+              ] })
+            ] })
+          ] }),
+          /* @__PURE__ */ jsx(Button, { size: "big", type: "submit", variant: "primary", disabled: code.length !== totpDigits || isLoading, children: isLoading ? "Confirming..." : "Confirm & Enable" })
+        ] })
+      }
+    );
+  }
+  if (step === "complete" && recoveryCodes.length > 0) {
+    return /* @__PURE__ */ jsx(
+      Wrapper,
+      {
+        title: "Save Your Recovery Codes",
+        subtitle: "Store these codes in a safe place. You'll need them if you lose access to your authenticator.",
+        className: "passflow-2fa-setup",
+        children: /* @__PURE__ */ jsxs("div", { className: "passflow-2fa-setup-complete", children: [
+          /* @__PURE__ */ jsxs("div", { className: "passflow-2fa-warning", children: [
+            /* @__PURE__ */ jsx(Icon, { size: "small", id: "warning", type: "general", className: "icon-warning" }),
+            /* @__PURE__ */ jsx("span", { children: "These codes will only be shown once. Make sure to save them!" })
+          ] }),
+          /* @__PURE__ */ jsx("div", { className: "passflow-2fa-recovery-codes", children: recoveryCodes.map((recoveryCode, index) => /* @__PURE__ */ jsx("code", { className: "passflow-2fa-recovery-code", children: recoveryCode }, index)) }),
+          /* @__PURE__ */ jsx(Button, { size: "big", type: "button", variant: "secondary", onClick: handleCopyRecoveryCodes, children: "Copy to Clipboard" }),
+          /* @__PURE__ */ jsx(Button, { size: "big", type: "button", variant: "primary", onClick: handleComplete, children: "I've Saved These Codes" })
+        ] })
+      }
+    );
+  }
+  return null;
+};
+
+const TwoFactorSetupFlow = ({
+  twoFactorVerifyPath = routes.two_factor_verify.path,
+  signInPath = routes.signin.path
+}) => {
+  const [shouldBlockRender, setShouldBlockRender] = useState(false);
+  const { navigate } = useNavigation();
+  const passflow = usePassflow();
+  useEffect(() => {
+    if (!passflow.isTwoFactorVerificationRequired()) {
+      if (TwoFactorLoopPrevention.canRedirect()) {
+        TwoFactorLoopPrevention.incrementRedirect();
+        navigate({ to: signInPath });
+        setShouldBlockRender(true);
+      } else {
+        setShouldBlockRender(false);
+      }
+    }
+  }, [passflow, navigate, signInPath]);
+  const handleSetupComplete = () => {
+    navigate({ to: twoFactorVerifyPath });
+  };
+  const handleCancel = () => {
+    TwoFactorLoopPrevention.reset();
+    navigate({ to: signInPath });
+  };
+  if (shouldBlockRender) {
+    return null;
+  }
+  if (!passflow.isTwoFactorVerificationRequired() && TwoFactorLoopPrevention.canRedirect()) {
+    return null;
+  }
+  return /* @__PURE__ */ jsx(TwoFactorSetupForm, { onComplete: handleSetupComplete, onCancel: handleCancel });
+};
+
+const TwoFactorVerifyForm = ({
+  onSuccess,
+  onUseRecovery,
+  title = "Two-Factor Authentication",
+  subtitle,
+  numInputs,
+  shouldAutoFocus = true,
+  signInPath,
+  twoFactorSetupPath
+}) => {
+  const [code, setCode] = useState("");
+  const { verify, isLoading, isError, errorDetails, reset } = useTwoFactorVerify();
+  const totpDigits = numInputs ?? 6;
+  const computedSubtitle = subtitle ?? `Enter the ${totpDigits}-digit code from your authenticator app`;
+  const handleChange = (value) => {
+    reset();
+    setCode(value);
+  };
+  const handleSubmit = async (e) => {
+    e.preventDefault();
+    const result = await verify(code);
+    if (result) {
+      onSuccess?.();
+    }
+  };
+  const handleOtpChange = async (value) => {
+    handleChange(value);
+    if (value.length === totpDigits) {
+      const result = await verify(value);
+      if (result) {
+        onSuccess?.();
+      }
+    }
+  };
+  const handleBackToSignIn = () => {
+    TwoFactorLoopPrevention.reset();
+    window.location.href = signInPath || "/signin";
+  };
+  const handleSetup2FA = () => {
+    window.location.href = twoFactorSetupPath || "/two-factor-setup";
+  };
+  const isLoopDetected = !TwoFactorLoopPrevention.canRedirect();
+  const renderErrorContent = () => {
+    if (!isError || !errorDetails) return null;
+    if (isLoopDetected) {
+      return /* @__PURE__ */ jsxs("div", { className: "passflow-form-error passflow-form-error--critical", children: [
+        /* @__PURE__ */ jsx(Icon, { size: "medium", id: "warning", type: "general", className: "icon-warning" }),
+        /* @__PURE__ */ jsxs("div", { className: "passflow-form-error-content", children: [
+          /* @__PURE__ */ jsx("span", { className: "passflow-form-error-text", children: TwoFactorLoopPrevention.getLoopDetectedMessage() }),
+          signInPath && /* @__PURE__ */ jsx(
+            Button,
+            {
+              type: "button",
+              size: "medium",
+              variant: "secondary",
+              onClick: handleBackToSignIn,
+              className: "passflow-button-back-to-signin",
+              children: "Back to Sign In"
+            }
+          )
+        ] })
+      ] });
+    }
+    if (errorDetails.type === "not_enabled") {
+      return /* @__PURE__ */ jsxs("div", { className: "passflow-form-error passflow-form-error--persistent", children: [
+        /* @__PURE__ */ jsx(Icon, { size: "medium", id: "warning", type: "general", className: "icon-warning" }),
+        /* @__PURE__ */ jsxs("div", { className: "passflow-form-error-content", children: [
+          /* @__PURE__ */ jsx("span", { className: "passflow-form-error-text", children: "You need to set up two-factor authentication first." }),
+          /* @__PURE__ */ jsxs("div", { className: "passflow-form-error-actions", children: [
+            twoFactorSetupPath && /* @__PURE__ */ jsx(
+              Button,
+              {
+                type: "button",
+                size: "medium",
+                variant: "primary",
+                onClick: handleSetup2FA,
+                className: "passflow-button-setup-2fa",
+                children: "Set Up 2FA"
+              }
+            ),
+            signInPath && /* @__PURE__ */ jsx(
+              Button,
+              {
+                type: "button",
+                size: "medium",
+                variant: "secondary",
+                onClick: handleBackToSignIn,
+                className: "passflow-button-back-to-signin",
+                children: "Back to Sign In"
+              }
+            )
+          ] })
+        ] })
+      ] });
+    }
+    if (errorDetails.type === "expired") {
+      return /* @__PURE__ */ jsxs("div", { className: "passflow-form-info", children: [
+        /* @__PURE__ */ jsx(Icon, { size: "small", id: "info", type: "general", className: "icon-info" }),
+        /* @__PURE__ */ jsx("span", { className: "passflow-form-info-text", children: getUserFriendlyErrorMessage(errorDetails) })
+      ] });
+    }
+    return /* @__PURE__ */ jsxs("div", { className: "passflow-form-error", children: [
+      /* @__PURE__ */ jsx(Icon, { size: "small", id: "warning", type: "general", className: "icon-warning" }),
+      /* @__PURE__ */ jsx("span", { className: "passflow-form-error-text", children: getUserFriendlyErrorMessage(errorDetails) })
+    ] });
+  };
+  const isInputDisabled = isLoading || errorDetails?.type === "not_enabled" || errorDetails?.type === "expired" || isLoopDetected;
+  return /* @__PURE__ */ jsx(Wrapper, { title, subtitle: computedSubtitle, className: "passflow-2fa-verify", children: /* @__PURE__ */ jsxs("form", { onSubmit: handleSubmit, className: "passflow-form", children: [
+    /* @__PURE__ */ jsxs("div", { className: "passflow-form-container", children: [
+      /* @__PURE__ */ jsx("div", { className: "passflow-verify-otp-wrapper", children: /* @__PURE__ */ jsx(
+        OtpInput,
+        {
+          value: code,
+          onChange: handleOtpChange,
+          numInputs: totpDigits,
+          shouldAutoFocus: shouldAutoFocus && !isInputDisabled,
+          skipDefaultStyles: true,
+          containerStyle: "passflow-verify-otp-inputs",
+          inputStyle: cn(
+            "passflow-field-otp passflow-field-otp--focused",
+            isError && "passflow-field-otp--error",
+            isInputDisabled && "passflow-field-otp--disabled"
+          ),
+          inputType: "text",
+          renderInput: (props) => /* @__PURE__ */ jsx("input", { ...props, disabled: isInputDisabled })
+        }
+      ) }),
+      renderErrorContent()
+    ] }),
+    !isInputDisabled && /* @__PURE__ */ jsx(
+      Button,
+      {
+        size: "big",
+        type: "submit",
+        variant: "primary",
+        disabled: code.length !== totpDigits || isLoading,
+        className: "passflow-button-signin",
+        children: isLoading ? "Verifying..." : "Verify"
+      }
+    ),
+    onUseRecovery && !isInputDisabled && /* @__PURE__ */ jsx("div", { className: "passflow-form-actions", children: /* @__PURE__ */ jsxs("p", { className: "passflow-dont-have-account", children: [
+      "Lost your device?",
+      " ",
+      /* @__PURE__ */ jsx(
+        "button",
+        {
+          type: "button",
+          onClick: onUseRecovery,
+          className: "passflow-link",
+          style: { background: "none", border: "none", cursor: "pointer" },
+          children: "Use recovery code"
+        }
+      )
+    ] }) })
+  ] }) });
+};
+
+const TwoFactorRecoveryForm = ({
+  onSuccess,
+  onBack,
+  title = "Use Recovery Code",
+  subtitle = "Enter one of your recovery codes",
+  signInPath
+}) => {
+  const [code, setCode] = useState("");
+  const { useRecoveryCode, isLoading, isError, errorDetails, reset } = useTwoFactorVerify();
+  const handleChange = (e) => {
+    reset();
+    setCode(e.target.value.toUpperCase().replace(/\s/g, ""));
+  };
+  const handleSubmit = async (e) => {
+    e.preventDefault();
+    const result = await useRecoveryCode(code);
+    if (result) {
+      onSuccess?.();
+    }
+  };
+  const handleBackToSignIn = () => {
+    TwoFactorLoopPrevention.reset();
+    window.location.href = signInPath || "/signin";
+  };
+  const isLoopDetected = !TwoFactorLoopPrevention.canRedirect();
+  const renderErrorContent = () => {
+    if (!isError || !errorDetails) return null;
+    if (isLoopDetected) {
+      return /* @__PURE__ */ jsxs("div", { className: "passflow-form-error passflow-form-error--critical", children: [
+        /* @__PURE__ */ jsx(Icon, { size: "medium", id: "warning", type: "general", className: "icon-warning" }),
+        /* @__PURE__ */ jsxs("div", { className: "passflow-form-error-content", children: [
+          /* @__PURE__ */ jsx("span", { className: "passflow-form-error-text", children: TwoFactorLoopPrevention.getLoopDetectedMessage() }),
+          signInPath && /* @__PURE__ */ jsx(
+            Button,
+            {
+              type: "button",
+              size: "medium",
+              variant: "secondary",
+              onClick: handleBackToSignIn,
+              className: "passflow-button-back-to-signin",
+              children: "Back to Sign In"
+            }
+          )
+        ] })
+      ] });
+    }
+    if (errorDetails.type === "not_enabled") {
+      return /* @__PURE__ */ jsxs("div", { className: "passflow-form-error passflow-form-error--persistent", children: [
+        /* @__PURE__ */ jsx(Icon, { size: "medium", id: "warning", type: "general", className: "icon-warning" }),
+        /* @__PURE__ */ jsxs("div", { className: "passflow-form-error-content", children: [
+          /* @__PURE__ */ jsx("span", { className: "passflow-form-error-text", children: getUserFriendlyErrorMessage(errorDetails) }),
+          signInPath && /* @__PURE__ */ jsx(
+            Button,
+            {
+              type: "button",
+              size: "medium",
+              variant: "secondary",
+              onClick: handleBackToSignIn,
+              className: "passflow-button-back-to-signin",
+              children: "Back to Sign In"
+            }
+          )
+        ] })
+      ] });
+    }
+    if (errorDetails.type === "expired") {
+      return /* @__PURE__ */ jsxs("div", { className: "passflow-form-info", children: [
+        /* @__PURE__ */ jsx(Icon, { size: "small", id: "info", type: "general", className: "icon-info" }),
+        /* @__PURE__ */ jsx("span", { className: "passflow-form-info-text", children: getUserFriendlyErrorMessage(errorDetails) })
+      ] });
+    }
+    return /* @__PURE__ */ jsxs("div", { className: "passflow-form-error", children: [
+      /* @__PURE__ */ jsx(Icon, { size: "small", id: "warning", type: "general", className: "icon-warning" }),
+      /* @__PURE__ */ jsx("span", { className: "passflow-form-error-text", children: getUserFriendlyErrorMessage(errorDetails) })
+    ] });
+  };
+  const isInputDisabled = isLoading || errorDetails?.type === "not_enabled" || errorDetails?.type === "expired" || isLoopDetected;
+  return /* @__PURE__ */ jsx(Wrapper, { title, subtitle, className: "passflow-2fa-recovery", children: /* @__PURE__ */ jsxs("form", { onSubmit: handleSubmit, className: "passflow-form", children: [
+    /* @__PURE__ */ jsx("div", { className: "passflow-form-container", children: /* @__PURE__ */ jsxs("div", { className: "passflow-form-field", children: [
+      /* @__PURE__ */ jsx("label", { htmlFor: "recovery-code", className: cn("passflow-field-label", isError && "passflow-field-label--error"), children: "Recovery Code" }),
+      /* @__PURE__ */ jsx(
+        "input",
+        {
+          id: "recovery-code",
+          type: "text",
+          value: code,
+          onChange: handleChange,
+          placeholder: "XXXX-XXXX",
+          className: cn(
+            "passflow-field passflow-field--text passflow-field--focused",
+            isError && "passflow-field--error",
+            isInputDisabled && "passflow-field--disabled"
+          ),
+          autoFocus: !isInputDisabled,
+          autoComplete: "off",
+          disabled: isInputDisabled
+        }
+      ),
+      renderErrorContent()
+    ] }) }),
+    !isInputDisabled && /* @__PURE__ */ jsx(
+      Button,
+      {
+        size: "big",
+        type: "submit",
+        variant: "primary",
+        disabled: code.length < 8 || isLoading,
+        className: "passflow-button-signin",
+        children: isLoading ? "Verifying..." : "Verify"
+      }
+    ),
+    onBack && !isInputDisabled && /* @__PURE__ */ jsx("div", { className: "passflow-form-actions", children: /* @__PURE__ */ jsxs("p", { className: "passflow-dont-have-account", children: [
+      "Have your device?",
+      " ",
+      /* @__PURE__ */ jsx(
+        "button",
+        {
+          type: "button",
+          onClick: onBack,
+          className: "passflow-link",
+          style: { background: "none", border: "none", cursor: "pointer" },
+          children: "Use authenticator code"
+        }
+      )
+    ] }) })
+  ] }) });
+};
+
+const TwoFactorVerifyFlow = ({
+  successAuthRedirect,
+  signInPath = routes.signin.path,
+  twoFactorSetupPath = routes.two_factor_setup?.path
+}) => {
+  const [mode, setMode] = useState("verify");
+  const [shouldBlockRender, setShouldBlockRender] = useState(false);
+  const { navigate } = useNavigation();
+  const passflow = usePassflow();
+  const { errorType } = useTwoFactorVerify();
+  useEffect(() => {
+    if (!passflow.isTwoFactorVerificationRequired()) {
+      if (TwoFactorLoopPrevention.canRedirect()) {
+        TwoFactorLoopPrevention.incrementRedirect();
+        navigate({ to: signInPath });
+        setShouldBlockRender(true);
+      } else {
+        setShouldBlockRender(false);
+      }
+    }
+  }, [passflow, navigate, signInPath]);
+  useEffect(() => {
+    if (errorType === "expired") {
+      if (TwoFactorLoopPrevention.canRedirect()) {
+        TwoFactorLoopPrevention.incrementRedirect();
+        TwoFactorLoopPrevention.setLastErrorType("expired");
+        setTimeout(() => {
+          navigate({ to: signInPath });
+        }, 1500);
+      }
+    } else if (errorType === "not_enabled") {
+      TwoFactorLoopPrevention.setLastErrorType("not_enabled");
+    }
+  }, [errorType, navigate, signInPath]);
+  const handleSuccess = async () => {
+    TwoFactorLoopPrevention.reset();
+    if (successAuthRedirect) {
+      if (!isValidUrl(successAuthRedirect)) {
+        navigate({ to: successAuthRedirect });
+      } else {
+        window.location.href = await getUrlWithTokens(passflow, successAuthRedirect);
+      }
+    }
+  };
+  const handleUseRecovery = () => {
+    setMode("recovery");
+  };
+  const handleBackToVerify = () => {
+    setMode("verify");
+  };
+  if (shouldBlockRender) {
+    return null;
+  }
+  if (!passflow.isTwoFactorVerificationRequired() && TwoFactorLoopPrevention.canRedirect()) {
+    return null;
+  }
+  return /* @__PURE__ */ jsx(Fragment, { children: mode === "verify" ? /* @__PURE__ */ jsx(
+    TwoFactorVerifyForm,
+    {
+      onSuccess: handleSuccess,
+      onUseRecovery: handleUseRecovery,
+      signInPath,
+      twoFactorSetupPath
+    }
+  ) : /* @__PURE__ */ jsx(TwoFactorRecoveryForm, { onSuccess: handleSuccess, onBack: handleBackToVerify, signInPath }) });
 };
 
 const defaultErrorMessage = "Something went wrong";
@@ -1479,13 +2569,25 @@ const ErrorComponent = ({ error = defaultErrorMessage, goBackRedirectTo }) => {
   );
 };
 
-const excludeRoutes = ["verify-challenge-otp", "password/reset"];
+const excludeRoutes = ["verify-challenge-otp", "password/reset", "two-factor-verify", "two-factor-recovery"];
 const withError = (Component, ErrorComponent) => (props) => {
   const context = useContext(PassflowContext);
   const { successAuthRedirect } = props;
   const { pathname } = window.location;
-  if ((!context?.state.appId || !context.state.url) && !excludeRoutes.some((route) => pathname.includes(route))) {
-    const errorMessage = "Missing appId or url";
+  if (excludeRoutes.some((route) => pathname.includes(route))) {
+    return /* @__PURE__ */ jsx(
+      ErrorBoundary,
+      {
+        FallbackComponent: ({ error }) => /* @__PURE__ */ jsx(ErrorComponent, { goBackRedirectTo: successAuthRedirect ?? "/", error: error.message }),
+        children: /* @__PURE__ */ jsx(Component, { ...props })
+      }
+    );
+  }
+  if (context?.state.isDiscoveringAppId) {
+    return null;
+  }
+  if (!context?.state.appId) {
+    const errorMessage = "Missing appId";
     return /* @__PURE__ */ jsx(ErrorComponent, { goBackRedirectTo: successAuthRedirect ?? "/", error: errorMessage });
   }
   return /* @__PURE__ */ jsx(
@@ -1508,7 +2610,8 @@ const SignInForm = ({
   signUpPath = routes.signup.path,
   verifyOTPPath = routes.verify_otp.path,
   verifyMagicLinkPath = routes.verify_magic_link.path,
-  forgotPasswordPath = routes.forgot_password.path
+  forgotPasswordPath = routes.forgot_password.path,
+  twoFactorVerifyPath = routes.two_factor_verify.path
 }) => {
   const {
     getValues,
@@ -1523,7 +2626,16 @@ const SignInForm = ({
   });
   const passflow = usePassflow();
   const { navigate } = useNavigation();
-  const { appSettings, scopes, createTenantForNewUser, passwordPolicy, currentStyles, isError: isErrorApp, error: errorApp, loginAppTheme } = useAppSettings();
+  const {
+    appSettings,
+    scopes,
+    createTenantForNewUser,
+    passwordPolicy,
+    currentStyles,
+    isError: isErrorApp,
+    error: errorApp,
+    loginAppTheme
+  } = useAppSettings();
   const { federatedWithRedirect } = useProvider(successAuthRedirect, createTenantForNewUser);
   if (isErrorApp) throw new Error(errorApp);
   const authMethods = useMemo(() => getAuthMethods(appSettings?.auth_strategies), [appSettings]);
@@ -1576,7 +2688,12 @@ const SignInForm = ({
     };
     const status = await fetch(payload, "password");
     if (status) {
-      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect)) navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
+      if (passflow.isTwoFactorVerificationRequired()) {
+        navigate({ to: twoFactorVerifyPath ?? routes.two_factor_verify.path });
+        return;
+      }
+      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect))
+        navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
       else window.location.href = await getUrlWithTokens(passflow, successAuthRedirect ?? appSettings.defaults.redirect);
     }
   };
@@ -1587,7 +2704,12 @@ const SignInForm = ({
     };
     const response = await fetch(payload, "passkey");
     if (response) {
-      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect)) navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
+      if (passflow.isTwoFactorVerificationRequired()) {
+        navigate({ to: twoFactorVerifyPath ?? routes.two_factor_verify.path });
+        return;
+      }
+      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect))
+        navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
       else window.location.href = await getUrlWithTokens(passflow, successAuthRedirect ?? appSettings.defaults.redirect);
     }
   };
@@ -1966,7 +3088,16 @@ const SignUpForm = ({
   });
   const passflow = usePassflow();
   const { navigate } = useNavigation();
-  const { appSettings, scopes, createTenantForNewUser, passwordPolicy, currentStyles, isError: isErrorApp, error: errorApp, loginAppTheme } = useAppSettings();
+  const {
+    appSettings,
+    scopes,
+    createTenantForNewUser,
+    passwordPolicy,
+    currentStyles,
+    isError: isErrorApp,
+    error: errorApp,
+    loginAppTheme
+  } = useAppSettings();
   if (isErrorApp) throw new Error(errorApp);
   const { federatedWithRedirect } = useProvider(successAuthRedirect, createTenantForNewUser);
   const authMethods = useMemo(() => getAuthMethods(appSettings?.auth_strategies), [appSettings]);
@@ -2020,7 +3151,8 @@ const SignUpForm = ({
     };
     const status = await fetch(payload, "password");
     if (status) {
-      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect)) navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
+      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect))
+        navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
       else window.location.href = await getUrlWithTokens(passflow, successAuthRedirect ?? appSettings.defaults.redirect);
     }
   };
@@ -2035,7 +3167,8 @@ const SignUpForm = ({
     };
     const response = await fetch(payload, "passkey");
     if (response) {
-      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect)) navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
+      if (!isValidUrl(successAuthRedirect ?? appSettings.defaults.redirect))
+        navigate({ to: successAuthRedirect ?? appSettings.defaults.redirect });
       else window.location.href = await getUrlWithTokens(passflow, successAuthRedirect ?? appSettings.defaults.redirect);
     }
   };
@@ -2443,66 +3576,6 @@ const VerifyChallengeMagicLink = () => {
   );
 };
 
-const VerifyChallengeSuccess = () => {
-  const { currentStyles, loginAppTheme } = useAppSettings();
-  return /* @__PURE__ */ jsx(
-    Wrapper,
-    {
-      iconId: "logo",
-      className: "passflow-verify-challenge-success-wrapper",
-      customCss: currentStyles?.custom_css,
-      customLogo: currentStyles?.logo_url,
-      removeBranding: loginAppTheme?.remove_passflow_logo,
-      children: /* @__PURE__ */ jsx("div", { className: "passflow-verify-challenge-success-wrapper", children: /* @__PURE__ */ jsxs("div", { className: "passflow-verify-challenge-success-container", children: [
-        /* @__PURE__ */ jsx("p", { className: "passflow-verify-challenge-success-text", children: "Successful verification!" }),
-        /* @__PURE__ */ jsx("p", { className: "passflow-verify-challenge-success-text-secondary", children: "But there is no redirect URL for further redirect." })
-      ] }) })
-    }
-  );
-};
-
-const VerifyChallengeOTPRedirect = ({ otp, challengeId, appId }) => {
-  const passflow = usePassflow();
-  const { navigate } = useNavigation();
-  const [paramsError, setParamsError] = useState(null);
-  const [showSuccessMessage, setShowSuccessMessage] = useState(false);
-  const { fetch, isError, error, isLoading } = usePasswordlessComplete();
-  useEffect(() => {
-    const fetchData = async () => {
-      if (!appId) {
-        setParamsError("Missing required param: app_id");
-        return;
-      }
-      if (!otp) {
-        setParamsError("Missing required param: otp");
-        return;
-      }
-      if (!challengeId) {
-        setParamsError("Missing required param: challenge_id");
-        return;
-      }
-      if (!isLoading) {
-        const response = await fetch({ otp, challenge_id: challengeId });
-        if (response) {
-          if (response.redirect_url) {
-            if (!isValidUrl(response.redirect_url)) navigate({ to: response.redirect_url });
-            else window.location.href = await getUrlWithTokens(passflow, response.redirect_url);
-          } else {
-            setShowSuccessMessage(true);
-          }
-        } else {
-          setParamsError("Something went wrong. Please try again later.");
-        }
-      }
-    };
-    void fetchData();
-  }, []);
-  if (isError && error) throw new Error(error);
-  if (paramsError) throw new Error(paramsError);
-  if (showSuccessMessage) return /* @__PURE__ */ jsx(VerifyChallengeSuccess, {});
-  return null;
-};
-
 const TimerButton = ({ totalSecond, onClick, className = "", ...props }) => {
   const [seconds, setSeconds] = useState(totalSecond);
   useEffect(() => {
@@ -2544,6 +3617,24 @@ const TimerButton = ({ totalSecond, onClick, className = "", ...props }) => {
   );
 };
 
+const VerifyChallengeSuccess = () => {
+  const { currentStyles, loginAppTheme } = useAppSettings();
+  return /* @__PURE__ */ jsx(
+    Wrapper,
+    {
+      iconId: "logo",
+      className: "passflow-verify-challenge-success-wrapper",
+      customCss: currentStyles?.custom_css,
+      customLogo: currentStyles?.logo_url,
+      removeBranding: loginAppTheme?.remove_passflow_logo,
+      children: /* @__PURE__ */ jsx("div", { className: "passflow-verify-challenge-success-wrapper", children: /* @__PURE__ */ jsxs("div", { className: "passflow-verify-challenge-success-container", children: [
+        /* @__PURE__ */ jsx("p", { className: "passflow-verify-challenge-success-text", children: "Successful verification!" }),
+        /* @__PURE__ */ jsx("p", { className: "passflow-verify-challenge-success-text-secondary", children: "But there is no redirect URL for further redirect." })
+      ] }) })
+    }
+  );
+};
+
 const challengeTypeFullString = {
   email: "email address",
   phone: "phone number"
@@ -2667,6 +3758,48 @@ const VerifyChallengeOTPManual = ({
   );
 };
 
+const VerifyChallengeOTPRedirect = ({ otp, challengeId, appId }) => {
+  const passflow = usePassflow();
+  const { navigate } = useNavigation();
+  const [paramsError, setParamsError] = useState(null);
+  const [showSuccessMessage, setShowSuccessMessage] = useState(false);
+  const { fetch, isError, error, isLoading } = usePasswordlessComplete();
+  useEffect(() => {
+    const fetchData = async () => {
+      if (!appId) {
+        setParamsError("Missing required param: app_id");
+        return;
+      }
+      if (!otp) {
+        setParamsError("Missing required param: otp");
+        return;
+      }
+      if (!challengeId) {
+        setParamsError("Missing required param: challenge_id");
+        return;
+      }
+      if (!isLoading) {
+        const response = await fetch({ otp, challenge_id: challengeId });
+        if (response) {
+          if (response.redirect_url) {
+            if (!isValidUrl(response.redirect_url)) navigate({ to: response.redirect_url });
+            else window.location.href = await getUrlWithTokens(passflow, response.redirect_url);
+          } else {
+            setShowSuccessMessage(true);
+          }
+        } else {
+          setParamsError("Something went wrong. Please try again later.");
+        }
+      }
+    };
+    void fetchData();
+  }, []);
+  if (isError && error) throw new Error(error);
+  if (paramsError) throw new Error(paramsError);
+  if (showSuccessMessage) return /* @__PURE__ */ jsx(VerifyChallengeSuccess, {});
+  return null;
+};
+
 const redirectSearchParamsVerifyChallengeOtpSchema = Yup.object().shape({
   appId: Yup.string().required(),
   challengeId: Yup.string().required(),
@@ -3007,7 +4140,11 @@ const ResetPassword = ({ successAuthRedirect }) => {
     if (status) {
       if (!isValidUrl(resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings.defaults.redirect))
         navigate({ to: resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings.defaults.redirect });
-      else window.location.href = await getUrlWithTokens(passflow, resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings.defaults.redirect);
+      else
+        window.location.href = await getUrlWithTokens(
+          passflow,
+          resetTokenType?.redirect_url ?? successAuthRedirect ?? appSettings.defaults.redirect
+        );
     }
   };
   const handlePasswordChange = async () => {
@@ -3140,7 +4277,7 @@ const InvitationJoinFlow = ({
       tenant_name: tenantName,
       redirect_url: redirectUrl
     } = invitationTokenData;
-    const parsedTokenCache = passflow.getParsedTokenCache();
+    const parsedTokenCache = passflow.getParsedTokens();
     const onClickNavigateToSignInHandler = () => navigate({ to: signInPath, search: window.location.search });
     const onClickNavigateToSignUpHandler = () => navigate({ to: signUpPath, search: window.location.search });
     if (!parsedTokenCache?.access_token) onClickNavigateToSignInHandler();
@@ -4245,6 +5382,13 @@ function useNavigateUnstable() {
   }, [basename, navigator, routePathnamesJson, locationPathname, dataRouterContext]);
   return navigate;
 }
+function useParams() {
+  let {
+    matches
+  } = React.useContext(RouteContext);
+  let routeMatch = matches[matches.length - 1];
+  return routeMatch ? routeMatch.params : {};
+}
 function useRoutes(routes, locationArg) {
   return useRoutesImpl(routes, locationArg);
 }
@@ -4498,13 +5642,13 @@ function _renderMatches(matches, parentMatches, dataRouterState, future) {
     }) : getChildren();
   }, null);
 }
-var DataRouterHook$1 = /* @__PURE__ */ function(DataRouterHook2) {
+var DataRouterHook$1 = /* @__PURE__ */ (function(DataRouterHook2) {
   DataRouterHook2["UseBlocker"] = "useBlocker";
   DataRouterHook2["UseRevalidator"] = "useRevalidator";
   DataRouterHook2["UseNavigateStable"] = "useNavigate";
   return DataRouterHook2;
-}(DataRouterHook$1 || {});
-var DataRouterStateHook$1 = /* @__PURE__ */ function(DataRouterStateHook2) {
+})(DataRouterHook$1 || {});
+var DataRouterStateHook$1 = /* @__PURE__ */ (function(DataRouterStateHook2) {
   DataRouterStateHook2["UseBlocker"] = "useBlocker";
   DataRouterStateHook2["UseLoaderData"] = "useLoaderData";
   DataRouterStateHook2["UseActionData"] = "useActionData";
@@ -4516,7 +5660,7 @@ var DataRouterStateHook$1 = /* @__PURE__ */ function(DataRouterStateHook2) {
   DataRouterStateHook2["UseNavigateStable"] = "useNavigate";
   DataRouterStateHook2["UseRouteId"] = "useRouteId";
   return DataRouterStateHook2;
-}(DataRouterStateHook$1 || {});
+})(DataRouterStateHook$1 || {});
 function useDataRouterContext(hookName) {
   let ctx = React.useContext(DataRouterContext);
   !ctx ? invariant(false) : void 0;
@@ -4541,8 +5685,8 @@ function useCurrentRouteId(hookName) {
 function useRouteError() {
   var _state$errors;
   let error = React.useContext(RouteErrorContext);
-  let state = useDataRouterState();
-  let routeId = useCurrentRouteId();
+  let state = useDataRouterState(DataRouterStateHook$1.UseRouteError);
+  let routeId = useCurrentRouteId(DataRouterStateHook$1.UseRouteError);
   if (error !== void 0) {
     return error;
   }
@@ -4888,6 +6032,7 @@ const index = /*#__PURE__*/Object.freeze(/*#__PURE__*/Object.defineProperty({
   useInRouterContext,
   useLocation,
   useNavigate,
+  useParams,
   useRouteError,
   useRoutes
 }, Symbol.toStringTag, { value: 'Module' }));
@@ -4975,7 +6120,8 @@ const PassflowWrapper = ({
             signUpPath: routesWithPrefix.signup,
             forgotPasswordPath: routesWithPrefix.forgot_password,
             verifyMagicLinkPath: routesWithPrefix.verify_magic_link,
-            verifyOTPPath: routesWithPrefix.verify_otp
+            verifyOTPPath: routesWithPrefix.verify_otp,
+            twoFactorVerifyPath: routesWithPrefix.two_factor_verify
           }
         )
       }
@@ -5043,6 +6189,34 @@ const PassflowWrapper = ({
         )
       }
     ),
+    /* @__PURE__ */ jsx(
+      Route,
+      {
+        path: routesWithPrefix.two_factor_verify,
+        element: /* @__PURE__ */ jsx(
+          TwoFactorVerifyFlow,
+          {
+            successAuthRedirect,
+            signInPath: routesWithPrefix.signin,
+            twoFactorSetupPath: routesWithPrefix.two_factor_setup
+          }
+        )
+      }
+    ),
+    /* @__PURE__ */ jsx(
+      Route,
+      {
+        path: routesWithPrefix.two_factor_setup,
+        element: /* @__PURE__ */ jsx(
+          TwoFactorSetupFlow,
+          {
+            successAuthRedirect,
+            twoFactorVerifyPath: routesWithPrefix.two_factor_verify,
+            signInPath: routesWithPrefix.signin
+          }
+        )
+      }
+    ),
     /* @__PURE__ */ jsx(
       Route,
       {
@@ -5062,15 +6236,116 @@ const PassflowWrapper = ({
 };
 const PassflowFlow = withError(PassflowWrapper, ErrorComponent);
 
+const TwoFactorSetupMagicLinkFlow = ({
+  onSuccess,
+  onError,
+  redirectOnSuccess = true,
+  signInPath = routes.signin.path
+}) => {
+  const { token } = useParams();
+  const { navigate } = useNavigation();
+  const { isLoading, isRetrying, isValidated, error, retry, retryCountdown } = useTwoFactorSetupMagicLink(token || "");
+  useEffect(() => {
+    if (error) {
+      onError?.(error);
+    }
+  }, [error, onError]);
+  const handleSetupComplete = () => {
+    onSuccess?.();
+    if (redirectOnSuccess) {
+      navigate({
+        to: signInPath
+      });
+    }
+  };
+  const handleCancel = () => {
+    navigate({ to: signInPath });
+  };
+  if (isLoading) {
+    return /* @__PURE__ */ jsx(
+      Wrapper,
+      {
+        title: "Validating Magic Link",
+        subtitle: "Please wait while we verify your link...",
+        className: "passflow-2fa-magic-link-loading",
+        children: /* @__PURE__ */ jsxs("div", { className: "passflow-loading-container", role: "status", "aria-live": "polite", "aria-busy": "true", children: [
+          /* @__PURE__ */ jsx(Icon, { id: "logo", type: "general", size: "large", className: "passflow-loading-spinner" }),
+          /* @__PURE__ */ jsx("p", { className: "passflow-loading-text", children: "Validating your magic link..." })
+        ] })
+      }
+    );
+  }
+  if (error) {
+    const isRetryable = error.code === "SERVER_ERROR" || error.code === "RATE_LIMITED";
+    const isRateLimited = error.code === "RATE_LIMITED" && retryCountdown !== null && retryCountdown > 0;
+    return /* @__PURE__ */ jsx(
+      Wrapper,
+      {
+        title: "Magic Link Validation Failed",
+        subtitle: getErrorSubtitle(error.code),
+        className: "passflow-2fa-magic-link-error",
+        children: /* @__PURE__ */ jsxs("div", { className: "passflow-error-container", role: "alert", "aria-live": "assertive", children: [
+          /* @__PURE__ */ jsx("div", { className: "passflow-error-icon", children: /* @__PURE__ */ jsx(Icon, { id: "warning", type: "general", size: "large" }) }),
+          /* @__PURE__ */ jsx("p", { className: "passflow-error-message", id: "error-message", children: error.message }),
+          /* @__PURE__ */ jsxs("div", { className: "passflow-error-actions", children: [
+            isRetryable && /* @__PURE__ */ jsx(
+              Button,
+              {
+                size: "big",
+                type: "button",
+                variant: "primary",
+                onClick: retry,
+                disabled: isRateLimited || isRetrying,
+                "aria-describedby": "error-message",
+                children: isRetrying ? "Retrying..." : isRateLimited ? `Try again in ${formatCountdown(retryCountdown)}` : "Try Again"
+              }
+            ),
+            /* @__PURE__ */ jsx(Button, { size: "big", type: "button", variant: "secondary", onClick: () => navigate({ to: signInPath }), children: "Back to Sign In" })
+          ] }),
+          !isRetryable && /* @__PURE__ */ jsx("p", { className: "passflow-error-help-text", children: "Please contact your administrator to request a new magic link." })
+        ] })
+      }
+    );
+  }
+  if (isValidated) {
+    return /* @__PURE__ */ jsx(TwoFactorSetupForm, { onComplete: handleSetupComplete, onCancel: handleCancel });
+  }
+  return null;
+};
+function getErrorSubtitle(code) {
+  switch (code) {
+    case "EXPIRED_TOKEN":
+      return "This magic link has expired";
+    case "INVALID_TOKEN":
+      return "This magic link is invalid";
+    case "REVOKED_TOKEN":
+      return "This magic link has been revoked";
+    case "RATE_LIMITED":
+      return "Too many attempts";
+    case "SERVER_ERROR":
+      return "Something went wrong";
+    default:
+      return "An error occurred";
+  }
+}
+function formatCountdown(seconds) {
+  if (seconds === null) return "";
+  const mins = Math.floor(seconds / 60);
+  const secs = seconds % 60;
+  return `${mins}:${secs.toString().padStart(2, "0")}`;
+}
+
 const PassflowProvider = ({
   children,
   navigate: initialNavigate,
   router = "default",
   ...config
 }) => {
+  const needsDiscovery = !config.appId;
   const [state, dispatch] = useReducer(passflowReducer, {
     ...initialState,
-    ...config
+    ...config,
+    isDiscoveringAppId: needsDiscovery
   });
   const [navigate, setNavigate] = useState(() => {
     if (initialNavigate) {
@@ -5079,6 +6354,52 @@ const PassflowProvider = ({
     return defaultNavigate;
   });
   const passflow = useMemo(() => new Passflow(state), [state]);
+  const discoveryAttemptedRef = useRef(false);
+  useEffect(() => {
+    if (needsDiscovery && !discoveryAttemptedRef.current && state.isDiscoveringAppId) {
+      discoveryAttemptedRef.current = true;
+      const discoverAppId = async () => {
+        const urlsToTry = ["/settings"];
+        if (config.url) {
+          urlsToTry.push(`${config.url}/settings`);
+        }
+        for (const url of urlsToTry) {
+          try {
+            const response = await fetch(url);
+            if (response.ok) {
+              const settings = await response.json();
+              const discoveredAppId = settings.login_app?.app_id || settings.appId;
+              if (discoveredAppId) {
+                passflow.setAppId(discoveredAppId);
+                dispatch({
+                  type: "SET_PASSFLOW_STATE",
+                  payload: {
+                    ...state,
+                    appId: discoveredAppId,
+                    scopes: settings.login_app?.scopes || settings.scopes || state.scopes,
+                    createTenantForNewUser: settings.login_app?.create_tenant_for_new_user ?? settings.createTenantForNewUser ?? state.createTenantForNewUser,
+                    isDiscoveringAppId: false
+                  }
+                });
+                return;
+              }
+            }
+          } catch (error) {
+            continue;
+          }
+        }
+        console.warn("Failed to discover appId from /settings");
+        dispatch({
+          type: "SET_PASSFLOW_STATE",
+          payload: {
+            ...state,
+            isDiscoveringAppId: false
+          }
+        });
+      };
+      void discoverAppId();
+    }
+  }, [needsDiscovery, state.isDiscoveringAppId, config.url, passflow, state]);
   const passflowValue = useMemo(() => ({ state, dispatch, passflow }), [state, passflow]);
   const handleSetNavigate = useCallback((newNavigate) => {
     setNavigate(() => newNavigate || defaultNavigate);
@@ -5094,5 +6415,5 @@ const PassflowProvider = ({
   return /* @__PURE__ */ jsx(PassflowContext.Provider, { value: passflowValue, children: /* @__PURE__ */ jsx(NavigationContext$1.Provider, { value: navigationValue, children: /* @__PURE__ */ jsx(AuthProvider, { children }) }) });
 };
 
-export { Button, Dialog, DialogClose, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogOverlay, DialogPortal, DialogTitle, DialogTrigger, FieldPassword, FieldPhone, FieldText, ForgotPassword, ForgotPasswordSuccess, Icon, InvitationJoin, Link, PassflowFlow, PassflowProvider, Popover, PopoverAnchor, PopoverContent, PopoverTrigger, ProvidersBox, ResetPassword, SignIn, SignInForm, SignUp, SignUpForm, Switch, VerifyChallengeMagicLink, VerifyChallengeOTP, Wrapper, useAppSettings, useAuth, useAuthCloudRedirect, useForgotPassword, useJoinInvite, useLogout, useNavigation, useOutsideClick, usePassflow, usePasswordlessComplete, useProvider, useResetPassword, useSignIn, useSignUp, useUserPasskeys };
+export { Button, Dialog, DialogClose, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogOverlay, DialogPortal, DialogTitle, DialogTrigger, FieldPassword, FieldPhone, FieldText, ForgotPassword, ForgotPasswordSuccess, Icon, InvitationJoin, Link, PassflowFlow, PassflowProvider, Popover, PopoverAnchor, PopoverContent, PopoverTrigger, ProvidersBox, ResetPassword, SignIn, SignInForm, SignUp, SignUpForm, Switch, TwoFactorRecoveryForm, TwoFactorSetupForm, TwoFactorSetupMagicLinkFlow, TwoFactorVerifyForm, VerifyChallengeMagicLink, VerifyChallengeOTP, Wrapper, useAppSettings, useAuth, useAuthCloudRedirect, useForgotPassword, useJoinInvite, useLogout, useNavigation, useOutsideClick, usePassflow, usePasswordlessComplete, useProvider, useResetPassword, useSignIn, useSignUp, useTwoFactorManage, useTwoFactorSetup, useTwoFactorSetupMagicLink, useTwoFactorStatus, useTwoFactorVerify, useUserPasskeys };
 //# sourceMappingURL=index.es.js.map