@rebornteam/reborn-api 4.9.0 → 4.9.1

package/README.md

@@ -1,4 +1,4 @@
-## @rebornteam/reborn-api@4.9.0
+## @rebornteam/reborn-api@4.9.1
 
 This generator creates TypeScript/JavaScript client that utilizes [axios](https://github.com/axios/axios). The generated Node module can be used in the following environments:
 
@@ -36,7 +36,7 @@ navigate to the folder of your consuming project and run one of the following co
 _published:_
 
 ```
-npm install @rebornteam/reborn-api@4.9.0 --save
+npm install @rebornteam/reborn-api@4.9.1 --save
 ```
 
 _unPublished (not recommended):_

package/api.ts

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication 
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  * 
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -6327,10 +6327,11 @@ export const AuthenticationApiAxiosParamCreator = function (configuration?: Conf
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        callback: async (code?: string | null, error?: string | null, options: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+        callback: async (code?: string | null, error?: string | null, state?: string | null, options: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
             const localVarPath = `/auth/discord/callback`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
@@ -6355,6 +6356,10 @@ export const AuthenticationApiAxiosParamCreator = function (configuration?: Conf
                 localVarQueryParameter['error'] = error;
             }
 
+            if (state !== undefined) {
+                localVarQueryParameter['state'] = state;
+            }
+
 
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
@@ -6366,12 +6371,13 @@ export const AuthenticationApiAxiosParamCreator = function (configuration?: Conf
             };
         },
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback. 
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        initiateLogin: async (options: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+        initiateLogin: async (redirect?: string | null, options: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
             const localVarPath = `/auth/discord`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
@@ -6388,6 +6394,10 @@ export const AuthenticationApiAxiosParamCreator = function (configuration?: Conf
             // http bearer authentication required
             await setBearerAuthToObject(localVarHeaderParameter, configuration)
 
+            if (redirect !== undefined) {
+                localVarQueryParameter['redirect'] = redirect;
+            }
+
 
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
@@ -6498,23 +6508,25 @@ export const AuthenticationApiFp = function(configuration?: Configuration) {
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        async callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.callback(code, error, options);
+        async callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.callback(code, error, state, options);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['AuthenticationApi.callback']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback. 
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        async initiateLogin(options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>> {
-            const localVarAxiosArgs = await localVarAxiosParamCreator.initiateLogin(options);
+        async initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.initiateLogin(redirect, options);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['AuthenticationApi.initiateLogin']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
@@ -6560,20 +6572,22 @@ export const AuthenticationApiFactory = function (configuration?: Configuration,
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void> {
-            return localVarFp.callback(code, error, options).then((request) => request(axios, basePath));
+        callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void> {
+            return localVarFp.callback(code, error, state, options).then((request) => request(axios, basePath));
         },
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback. 
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        initiateLogin(options?: RawAxiosRequestConfig): AxiosPromise<void> {
-            return localVarFp.initiateLogin(options).then((request) => request(axios, basePath));
+        initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void> {
+            return localVarFp.initiateLogin(redirect, options).then((request) => request(axios, basePath));
         },
         /**
          * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
@@ -6608,21 +6622,23 @@ export class AuthenticationApi extends BaseAPI {
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    public callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig) {
-        return AuthenticationApiFp(this.configuration).callback(code, error, options).then((request) => request(this.axios, this.basePath));
+    public callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig) {
+        return AuthenticationApiFp(this.configuration).callback(code, error, state, options).then((request) => request(this.axios, this.basePath));
     }
 
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback. 
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    public initiateLogin(options?: RawAxiosRequestConfig) {
-        return AuthenticationApiFp(this.configuration).initiateLogin(options).then((request) => request(this.axios, this.basePath));
+    public initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig) {
+        return AuthenticationApiFp(this.configuration).initiateLogin(redirect, options).then((request) => request(this.axios, this.basePath));
     }
 
     /**

package/base.ts

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication 
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  * 
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/common.ts

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication 
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  * 
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/configuration.ts

@@ -3,7 +3,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication 
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  * 
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/api.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -3883,17 +3883,19 @@ export declare const AuthenticationApiAxiosParamCreator: (configuration?: Config
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback: (code?: string | null, error?: string | null, options?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    callback: (code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin: (options?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    initiateLogin: (redirect?: string | null, options?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
      * @summary Get current user profile
@@ -3921,17 +3923,19 @@ export declare const AuthenticationApiFp: (configuration?: Configuration) => {
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>>;
+    callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>>;
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin(options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>>;
+    initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>>;
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
      * @summary Get current user profile
@@ -3959,17 +3963,19 @@ export declare const AuthenticationApiFactory: (configuration?: Configuration, b
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void>;
+    callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void>;
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin(options?: RawAxiosRequestConfig): AxiosPromise<void>;
+    initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void>;
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
      * @summary Get current user profile
@@ -3997,17 +4003,19 @@ export declare class AuthenticationApi extends BaseAPI {
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<void, any, {}>>;
+    callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<void, any, {}>>;
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin(options?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<void, any, {}>>;
+    initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<void, any, {}>>;
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
      * @summary Get current user profile

package/dist/api.js

@@ -5,7 +5,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -4214,10 +4214,11 @@ const AuthenticationApiAxiosParamCreator = function (configuration) {
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        callback: (code_1, error_1, ...args_1) => __awaiter(this, [code_1, error_1, ...args_1], void 0, function* (code, error, options = {}) {
+        callback: (code_1, error_1, state_1, ...args_1) => __awaiter(this, [code_1, error_1, state_1, ...args_1], void 0, function* (code, error, state, options = {}) {
             const localVarPath = `/auth/discord/callback`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, common_1.DUMMY_BASE_URL);
@@ -4237,6 +4238,9 @@ const AuthenticationApiAxiosParamCreator = function (configuration) {
             if (error !== undefined) {
                 localVarQueryParameter['error'] = error;
             }
+            if (state !== undefined) {
+                localVarQueryParameter['state'] = state;
+            }
             (0, common_1.setSearchParams)(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = Object.assign(Object.assign(Object.assign({}, localVarHeaderParameter), headersFromBaseOptions), options.headers);
@@ -4246,12 +4250,13 @@ const AuthenticationApiAxiosParamCreator = function (configuration) {
             };
         }),
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        initiateLogin: (...args_1) => __awaiter(this, [...args_1], void 0, function* (options = {}) {
+        initiateLogin: (redirect_1, ...args_1) => __awaiter(this, [redirect_1, ...args_1], void 0, function* (redirect, options = {}) {
             const localVarPath = `/auth/discord`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, common_1.DUMMY_BASE_URL);
@@ -4265,6 +4270,9 @@ const AuthenticationApiAxiosParamCreator = function (configuration) {
             // authentication DiscordAuth required
             // http bearer authentication required
             yield (0, common_1.setBearerAuthToObject)(localVarHeaderParameter, configuration);
+            if (redirect !== undefined) {
+                localVarQueryParameter['redirect'] = redirect;
+            }
             (0, common_1.setSearchParams)(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = Object.assign(Object.assign(Object.assign({}, localVarHeaderParameter), headersFromBaseOptions), options.headers);
@@ -4360,28 +4368,30 @@ const AuthenticationApiFp = function (configuration) {
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        callback(code, error, options) {
+        callback(code, error, state, options) {
             return __awaiter(this, void 0, void 0, function* () {
                 var _a, _b, _c;
-                const localVarAxiosArgs = yield localVarAxiosParamCreator.callback(code, error, options);
+                const localVarAxiosArgs = yield localVarAxiosParamCreator.callback(code, error, state, options);
                 const localVarOperationServerIndex = (_a = configuration === null || configuration === void 0 ? void 0 : configuration.serverIndex) !== null && _a !== void 0 ? _a : 0;
                 const localVarOperationServerBasePath = (_c = (_b = base_1.operationServerMap['AuthenticationApi.callback']) === null || _b === void 0 ? void 0 : _b[localVarOperationServerIndex]) === null || _c === void 0 ? void 0 : _c.url;
                 return (axios, basePath) => (0, common_1.createRequestFunction)(localVarAxiosArgs, axios_1.default, base_1.BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
             });
         },
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        initiateLogin(options) {
+        initiateLogin(redirect, options) {
             return __awaiter(this, void 0, void 0, function* () {
                 var _a, _b, _c;
-                const localVarAxiosArgs = yield localVarAxiosParamCreator.initiateLogin(options);
+                const localVarAxiosArgs = yield localVarAxiosParamCreator.initiateLogin(redirect, options);
                 const localVarOperationServerIndex = (_a = configuration === null || configuration === void 0 ? void 0 : configuration.serverIndex) !== null && _a !== void 0 ? _a : 0;
                 const localVarOperationServerBasePath = (_c = (_b = base_1.operationServerMap['AuthenticationApi.initiateLogin']) === null || _b === void 0 ? void 0 : _b[localVarOperationServerIndex]) === null || _c === void 0 ? void 0 : _c.url;
                 return (axios, basePath) => (0, common_1.createRequestFunction)(localVarAxiosArgs, axios_1.default, base_1.BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
@@ -4434,20 +4444,22 @@ const AuthenticationApiFactory = function (configuration, basePath, axios) {
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        callback(code, error, options) {
-            return localVarFp.callback(code, error, options).then((request) => request(axios, basePath));
+        callback(code, error, state, options) {
+            return localVarFp.callback(code, error, state, options).then((request) => request(axios, basePath));
         },
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        initiateLogin(options) {
-            return localVarFp.initiateLogin(options).then((request) => request(axios, basePath));
+        initiateLogin(redirect, options) {
+            return localVarFp.initiateLogin(redirect, options).then((request) => request(axios, basePath));
         },
         /**
          * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
@@ -4482,20 +4494,22 @@ class AuthenticationApi extends base_1.BaseAPI {
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback(code, error, options) {
-        return (0, exports.AuthenticationApiFp)(this.configuration).callback(code, error, options).then((request) => request(this.axios, this.basePath));
+    callback(code, error, state, options) {
+        return (0, exports.AuthenticationApiFp)(this.configuration).callback(code, error, state, options).then((request) => request(this.axios, this.basePath));
     }
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin(options) {
-        return (0, exports.AuthenticationApiFp)(this.configuration).initiateLogin(options).then((request) => request(this.axios, this.basePath));
+    initiateLogin(redirect, options) {
+        return (0, exports.AuthenticationApiFp)(this.configuration).initiateLogin(redirect, options).then((request) => request(this.axios, this.basePath));
     }
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.

package/dist/base.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/base.js

@@ -5,7 +5,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/common.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/common.js

@@ -5,7 +5,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/configuration.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/configuration.js

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/esm/api.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -3883,17 +3883,19 @@ export declare const AuthenticationApiAxiosParamCreator: (configuration?: Config
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback: (code?: string | null, error?: string | null, options?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    callback: (code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin: (options?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    initiateLogin: (redirect?: string | null, options?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
      * @summary Get current user profile
@@ -3921,17 +3923,19 @@ export declare const AuthenticationApiFp: (configuration?: Configuration) => {
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>>;
+    callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>>;
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin(options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>>;
+    initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<void>>;
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
      * @summary Get current user profile
@@ -3959,17 +3963,19 @@ export declare const AuthenticationApiFactory: (configuration?: Configuration, b
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void>;
+    callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void>;
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin(options?: RawAxiosRequestConfig): AxiosPromise<void>;
+    initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig): AxiosPromise<void>;
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
      * @summary Get current user profile
@@ -3997,17 +4003,19 @@ export declare class AuthenticationApi extends BaseAPI {
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\&#39;s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback(code?: string | null, error?: string | null, options?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<void, any, {}>>;
+    callback(code?: string | null, error?: string | null, state?: string | null, options?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<void, any, {}>>;
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin(options?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<void, any, {}>>;
+    initiateLogin(redirect?: string | null, options?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<void, any, {}>>;
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
      * @summary Get current user profile

package/dist/esm/api.js

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -4178,10 +4178,11 @@ export const AuthenticationApiAxiosParamCreator = function (configuration) {
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        callback: (code_1, error_1, ...args_1) => __awaiter(this, [code_1, error_1, ...args_1], void 0, function* (code, error, options = {}) {
+        callback: (code_1, error_1, state_1, ...args_1) => __awaiter(this, [code_1, error_1, state_1, ...args_1], void 0, function* (code, error, state, options = {}) {
             const localVarPath = `/auth/discord/callback`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
@@ -4201,6 +4202,9 @@ export const AuthenticationApiAxiosParamCreator = function (configuration) {
             if (error !== undefined) {
                 localVarQueryParameter['error'] = error;
             }
+            if (state !== undefined) {
+                localVarQueryParameter['state'] = state;
+            }
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = Object.assign(Object.assign(Object.assign({}, localVarHeaderParameter), headersFromBaseOptions), options.headers);
@@ -4210,12 +4214,13 @@ export const AuthenticationApiAxiosParamCreator = function (configuration) {
             };
         }),
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        initiateLogin: (...args_1) => __awaiter(this, [...args_1], void 0, function* (options = {}) {
+        initiateLogin: (redirect_1, ...args_1) => __awaiter(this, [redirect_1, ...args_1], void 0, function* (redirect, options = {}) {
             const localVarPath = `/auth/discord`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
@@ -4229,6 +4234,9 @@ export const AuthenticationApiAxiosParamCreator = function (configuration) {
             // authentication DiscordAuth required
             // http bearer authentication required
             yield setBearerAuthToObject(localVarHeaderParameter, configuration);
+            if (redirect !== undefined) {
+                localVarQueryParameter['redirect'] = redirect;
+            }
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = Object.assign(Object.assign(Object.assign({}, localVarHeaderParameter), headersFromBaseOptions), options.headers);
@@ -4323,28 +4331,30 @@ export const AuthenticationApiFp = function (configuration) {
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        callback(code, error, options) {
+        callback(code, error, state, options) {
             return __awaiter(this, void 0, void 0, function* () {
                 var _a, _b, _c;
-                const localVarAxiosArgs = yield localVarAxiosParamCreator.callback(code, error, options);
+                const localVarAxiosArgs = yield localVarAxiosParamCreator.callback(code, error, state, options);
                 const localVarOperationServerIndex = (_a = configuration === null || configuration === void 0 ? void 0 : configuration.serverIndex) !== null && _a !== void 0 ? _a : 0;
                 const localVarOperationServerBasePath = (_c = (_b = operationServerMap['AuthenticationApi.callback']) === null || _b === void 0 ? void 0 : _b[localVarOperationServerIndex]) === null || _c === void 0 ? void 0 : _c.url;
                 return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
             });
         },
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        initiateLogin(options) {
+        initiateLogin(redirect, options) {
             return __awaiter(this, void 0, void 0, function* () {
                 var _a, _b, _c;
-                const localVarAxiosArgs = yield localVarAxiosParamCreator.initiateLogin(options);
+                const localVarAxiosArgs = yield localVarAxiosParamCreator.initiateLogin(redirect, options);
                 const localVarOperationServerIndex = (_a = configuration === null || configuration === void 0 ? void 0 : configuration.serverIndex) !== null && _a !== void 0 ? _a : 0;
                 const localVarOperationServerBasePath = (_c = (_b = operationServerMap['AuthenticationApi.initiateLogin']) === null || _b === void 0 ? void 0 : _b[localVarOperationServerIndex]) === null || _c === void 0 ? void 0 : _c.url;
                 return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
@@ -4396,20 +4406,22 @@ export const AuthenticationApiFactory = function (configuration, basePath, axios
          * @summary Discord - OAuth2 callback
          * @param {string | null} [code] Authorization code provided by Discord on successful approval
          * @param {string | null} [error] Error code provided by Discord if the user denied access
+         * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        callback(code, error, options) {
-            return localVarFp.callback(code, error, options).then((request) => request(axios, basePath));
+        callback(code, error, state, options) {
+            return localVarFp.callback(code, error, state, options).then((request) => request(axios, basePath));
         },
         /**
-         * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+         * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
          * @summary Discord - Initiate login
+         * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
          * @param {*} [options] Override http request option.
          * @throws {RequiredError}
          */
-        initiateLogin(options) {
-            return localVarFp.initiateLogin(options).then((request) => request(axios, basePath));
+        initiateLogin(redirect, options) {
+            return localVarFp.initiateLogin(redirect, options).then((request) => request(axios, basePath));
         },
         /**
          * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.
@@ -4443,20 +4455,22 @@ export class AuthenticationApi extends BaseAPI {
      * @summary Discord - OAuth2 callback
      * @param {string | null} [code] Authorization code provided by Discord on successful approval
      * @param {string | null} [error] Error code provided by Discord if the user denied access
+     * @param {string | null} [state] Opaque value echoed back by Discord — carries the client\'s chosen redirect target
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    callback(code, error, options) {
-        return AuthenticationApiFp(this.configuration).callback(code, error, options).then((request) => request(this.axios, this.basePath));
+    callback(code, error, state, options) {
+        return AuthenticationApiFp(this.configuration).callback(code, error, state, options).then((request) => request(this.axios, this.basePath));
     }
     /**
-     * Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+     * Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback.
      * @summary Discord - Initiate login
+     * @param {string | null} [redirect] Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend.
      * @param {*} [options] Override http request option.
      * @throws {RequiredError}
      */
-    initiateLogin(options) {
-        return AuthenticationApiFp(this.configuration).initiateLogin(options).then((request) => request(this.axios, this.basePath));
+    initiateLogin(redirect, options) {
+        return AuthenticationApiFp(this.configuration).initiateLogin(redirect, options).then((request) => request(this.axios, this.basePath));
     }
     /**
      * Returns the authenticated user\'s profile from their JWT claims. The session is already validated by the security rule before this endpoint is reached.

package/dist/esm/base.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/esm/base.js

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/esm/common.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/esm/common.js

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/esm/configuration.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/esm/configuration.js

@@ -3,7 +3,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/esm/index.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/esm/index.js

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/index.d.ts

@@ -2,7 +2,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/index.js

@@ -5,7 +5,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  *
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/docs/AuthenticationApi.md

@@ -27,10 +27,12 @@ const apiInstance = new AuthenticationApi(configuration);
 
 let code: string; //Authorization code provided by Discord on successful approval (optional) (default to undefined)
 let error: string; //Error code provided by Discord if the user denied access (optional) (default to undefined)
+let state: string; //Opaque value echoed back by Discord — carries the client\'s chosen redirect target (optional) (default to undefined)
 
 const { status, data } = await apiInstance.callback(
     code,
-    error
+    error,
+    state
 );
 ```
 
@@ -40,6 +42,7 @@ const { status, data } = await apiInstance.callback(
 |------------- | ------------- | ------------- | -------------|
 | **code** | [**string**] | Authorization code provided by Discord on successful approval | (optional) defaults to undefined|
 | **error** | [**string**] | Error code provided by Discord if the user denied access | (optional) defaults to undefined|
+| **state** | [**string**] | Opaque value echoed back by Discord — carries the client\'s chosen redirect target | (optional) defaults to undefined|
 
 
 ### Return type
@@ -66,7 +69,7 @@ void (empty response body)
 # **initiateLogin**
 > initiateLogin()
 
-Redirects the browser to Discord\'s OAuth2 authorization page. Not called directly — the admin frontend navigates to this URL to begin the login flow.
+Redirects the browser (or native in-app browser session) to Discord\'s OAuth2 authorization page. The optional `redirect` parameter names the final destination the signed JWT should be sent to once auth completes — the web app URL (default) or a native deep-link scheme such as `reborn://auth/callback`. It must be allowlisted (DISCORD_ADMIN_FRONTEND_URL or one of DISCORD_ADMIN_ALLOWED_REDIRECTS); the value is carried through Discord via the OAuth `state` parameter and re-validated on the callback. 
 
 ### Example
 
@@ -79,11 +82,18 @@ import {
 const configuration = new Configuration();
 const apiInstance = new AuthenticationApi(configuration);
 
-const { status, data } = await apiInstance.initiateLogin();
+let redirect: string; //Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend. (optional) (default to undefined)
+
+const { status, data } = await apiInstance.initiateLogin(
+    redirect
+);
 ```
 
 ### Parameters
-This endpoint does not have any parameters.
+
+|Name | Type | Description  | Notes|
+|------------- | ------------- | ------------- | -------------|
+| **redirect** | [**string**] | Final redirect target for the JWT (web URL or native deep link). Must be allowlisted. Defaults to the web admin frontend. | (optional) defaults to undefined|
 
 
 ### Return type
@@ -104,6 +114,7 @@ void (empty response body)
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 |**302** | Redirect to Discord authorization URL |  -  |
+|**400** | The requested `redirect` is not allowlisted |  -  |
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 

package/index.ts

@@ -4,7 +4,7 @@
  * Reborn API
  * The Reborn API serves as the central backend for the platform, orchestrating secure communication between game clients and data services. This API supports two authentication methods: - **OAuth 2.0 Client Credentials**: For programmatic API access - **Discord SSO Bearer Token**: For admin endpoints requiring Discord authentication 
  *
- * The version of the OpenAPI document: 4.9.0
+ * The version of the OpenAPI document: 4.9.1
  * 
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rebornteam/reborn-api",
-  "version": "4.9.0",
+  "version": "4.9.1",
   "description": "OpenAPI client for @rebornteam/reborn-api",
   "author": "OpenAPI-Generator Contributors",
   "repository": {