@rockcarver/frodo-cli 2.0.5 → 2.0.6-0

package/dist/app.cjs

@@ -46765,7 +46765,7 @@ var require_inquirer_autocomplete_prompt = _chunkMPPKDFVIcjs.__commonJS.call(voi
 // src/app.ts
 _chunkMPPKDFVIcjs.init_cjs_shims.call(void 0, );
 
-// node_modules/@rockcarver/frodo-lib/dist/esm/index.js
+// node_modules/@rockcarver/frodo-lib/dist/index.mjs
 _chunkMPPKDFVIcjs.init_cjs_shims.call(void 0, );
 var _crypto3 = require('crypto'); var _crypto4 = _interopRequireDefault(_crypto3);
 
@@ -123541,16 +123541,16 @@ function stringify(obj) {
 }
 var package_default = {
   name: "@rockcarver/frodo-lib",
-  version: "2.1.0",
+  version: "2.1.2-0",
   type: "commonjs",
   main: "./dist/index.js",
-  module: "./dist/esm/index.js",
+  module: "./dist/index.mjs",
   types: "./dist/index.d.ts",
   exports: {
     ".": {
       require: "./dist/index.js",
-      import: "./dist/esm/index.js",
-      default: "./dist/esm/index.js"
+      import: "./dist/index.mjs",
+      default: "./dist/index.mjs"
     }
   },
   scripts: {
@@ -123710,6 +123710,12 @@ var State_default = (initialState) => {
     getHost() {
       return state2.host || process.env.FRODO_HOST;
     },
+    setIdmHost(host2) {
+      state2.idmHost = host2;
+    },
+    getIdmHost() {
+      return state2.idmHost || process.env.FRODO_IDM_HOST;
+    },
     setUsername(username2) {
       state2.username = username2;
     },
@@ -123734,6 +123740,18 @@ var State_default = (initialState) => {
     getDeploymentType() {
       return state2.deploymentType;
     },
+    setAdminClientId(clientId) {
+      state2.adminClientId = clientId;
+    },
+    getAdminClientId() {
+      return state2.adminClientId || process.env.FRODO_LOGIN_CLIENT_ID;
+    },
+    setAdminClientRedirectUri(redirectUri) {
+      state2.adminClientRedirectUri = redirectUri;
+    },
+    getAdminClientRedirectUri() {
+      return state2.adminClientRedirectUri || process.env.FRODO_LOGIN_REDIRECT_URI;
+    },
     setAllowInsecureConnection(allowInsecureConnection) {
       state2.allowInsecureConnection = allowInsecureConnection;
     },
@@ -141383,7 +141401,7 @@ async function deleteRealm({
 }) {
   const urlString = _util2.default.format(
     realmURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     realmId
   );
   const { data: data2 } = await generateAmApi({
@@ -141647,8 +141665,15 @@ var ForgeRockUtils_default = (state2) => {
     getRealmName(realm2) {
       return getRealmName(realm2);
     },
+    getHostUrl(url5) {
+      return getHostOnlyUrl(url5);
+    },
+    getIdmBaseUrl() {
+      return getIdmBaseUrl(state2);
+    },
+    // deprecated
     getHostBaseUrl(url5) {
-      return getHostBaseUrl(url5);
+      return getHostOnlyUrl(url5);
     }
   };
 };
@@ -141721,10 +141746,16 @@ function getRealmName(realm2) {
   }
   return realmName;
 }
-function getHostBaseUrl(url5) {
+function getHostOnlyUrl(url5) {
   const parsedUrl = new URL(url5);
   return `${parsedUrl.protocol}//${parsedUrl.host}`;
 }
+function getIdmBaseUrl(state2) {
+  if (state2.getIdmHost()) {
+    return state2.getIdmHost();
+  }
+  return `${getHostOnlyUrl(state2.getHost())}/openidm`;
+}
 var authenticateUrlTemplate = "%s/json%s/authenticate";
 var authenticateWithServiceUrlTemplate = `${authenticateUrlTemplate}?authIndexType=service&authIndexValue=%s`;
 var apiVersion2 = "resource=2.0, protocol=1.0";
@@ -141771,7 +141802,7 @@ async function getSecrets({
 }) {
   const urlString = _util2.default.format(
     secretsListURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig3(),
@@ -141787,7 +141818,7 @@ async function getSecret({
 }) {
   const urlString = _util2.default.format(
     secretURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId
   );
   const { data: data2 } = await generateEnvApi({
@@ -141814,7 +141845,7 @@ async function putSecret({
   };
   const urlString = _util2.default.format(
     secretURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId
   );
   const { data: data2 } = await generateEnvApi({
@@ -141832,7 +141863,7 @@ async function setSecretDescription({
 }) {
   const urlString = _util2.default.format(
     secretSetDescriptionURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId
   );
   const { data: data2 } = await generateEnvApi({
@@ -141847,7 +141878,7 @@ async function deleteSecret({
 }) {
   const urlString = _util2.default.format(
     secretURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId
   );
   const { data: data2 } = await generateEnvApi({
@@ -141864,7 +141895,7 @@ async function getSecretVersions({
 }) {
   const urlString = _util2.default.format(
     secretListVersionsURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId
   );
   const { data: data2 } = await generateEnvApi({
@@ -141882,7 +141913,7 @@ async function createNewVersionOfSecret({
 }) {
   const urlString = _util2.default.format(
     secretCreateNewVersionURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId
   );
   const { data: data2 } = await generateEnvApi({
@@ -141898,7 +141929,7 @@ async function getVersionOfSecret({
 }) {
   const urlString = _util2.default.format(
     secretGetVersionURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId,
     version3
   );
@@ -141918,7 +141949,7 @@ async function setStatusOfVersionOfSecret({
 }) {
   const urlString = _util2.default.format(
     secretVersionStatusURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId,
     version3
   );
@@ -141935,7 +141966,7 @@ async function deleteVersionOfSecret({
 }) {
   const urlString = _util2.default.format(
     secretGetVersionURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     secretId,
     version3
   );
@@ -141947,16 +141978,13 @@ async function deleteVersionOfSecret({
   });
   return data2;
 }
-var idmAllConfigURLTemplate = "%s/openidm/config";
-var idmConfigURLTemplate = "%s/openidm/config/%s";
-var idmConfigEntityQueryTemplate = "%s/openidm/config?_queryFilter=%s";
+var idmAllConfigURLTemplate = "%s/config";
+var idmConfigURLTemplate = "%s/config/%s";
+var idmConfigEntityQueryTemplate = "%s/config?_queryFilter=%s";
 async function getConfigStubs({
   state: state2
 }) {
-  const urlString = _util2.default.format(
-    idmAllConfigURLTemplate,
-    getHostBaseUrl(state2.getHost())
-  );
+  const urlString = _util2.default.format(idmAllConfigURLTemplate, getIdmBaseUrl(state2));
   const { data: data2 } = await generateIdmApi({ state: state2 }).get(urlString);
   return data2;
 }
@@ -141965,7 +141993,7 @@ async function getConfigEntities({
 }) {
   const urlString = _util2.default.format(
     idmConfigEntityQueryTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     "true"
   );
   const { data: data2 } = await generateIdmApi({ state: state2 }).get(urlString);
@@ -141977,7 +142005,7 @@ async function getConfigEntitiesByType({
 }) {
   const urlString = _util2.default.format(
     idmConfigEntityQueryTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     encodeURIComponent(`_id sw '${type}'`)
   );
   const { data: data2 } = await generateIdmApi({ state: state2 }).get(urlString);
@@ -141989,7 +142017,7 @@ async function getConfigEntity({
 }) {
   const urlString = _util2.default.format(
     idmConfigURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     entityId
   );
   const { data: data2 } = await generateIdmApi({ state: state2 }).get(urlString);
@@ -142003,7 +142031,7 @@ async function putConfigEntity({
 }) {
   const urlString = _util2.default.format(
     idmConfigURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     wait ? `${entityId}?waitForCompletion=true` : entityId
   );
   const { data: data2 } = await generateIdmApi({ state: state2 }).put(urlString, entityData);
@@ -142015,7 +142043,7 @@ async function deleteConfigEntity({
 }) {
   const urlString = _util2.default.format(
     idmConfigURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     entityId
   );
   const { data: data2 } = await generateIdmApi({ state: state2 }).delete(urlString, {
@@ -144516,10 +144544,10 @@ async function importOAuth2TrustedJwtIssuers({
   }
   return response2;
 }
-var createManagedObjectURLTemplate = "%s/openidm/managed/%s?_action=create";
-var managedObjectByIdURLTemplate = "%s/openidm/managed/%s/%s";
-var queryAllManagedObjectURLTemplate = `%s/openidm/managed/%s?_queryFilter=true&_pageSize=%s`;
-var queryManagedObjectURLTemplate = `%s/openidm/managed/%s?_queryFilter=%s&_pageSize=%s`;
+var createManagedObjectURLTemplate = "%s/managed/%s?_action=create";
+var managedObjectByIdURLTemplate = "%s/managed/%s/%s";
+var queryAllManagedObjectURLTemplate = `%s/managed/%s?_queryFilter=true&_pageSize=%s`;
+var queryManagedObjectURLTemplate = `%s/managed/%s?_queryFilter=%s&_pageSize=%s`;
 var DEFAULT_PAGE_SIZE = 1e3;
 async function getManagedObject({
   type,
@@ -144530,7 +144558,7 @@ async function getManagedObject({
   const fieldsParam = `_fields=${fields.join(",")}`;
   const urlString = _util2.default.format(
     `${managedObjectByIdURLTemplate}?${fieldsParam}`,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     type,
     id7
   );
@@ -144546,7 +144574,7 @@ async function createManagedObject({
 }) {
   const urlString = _util2.default.format(
     createManagedObjectURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     moType2
   );
   const { data: data2 } = await generateIdmApi({ requestOverride: {}, state: state2 }).post(
@@ -144564,7 +144592,7 @@ async function putManagedObject({
 }) {
   const urlString = _util2.default.format(
     managedObjectByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     type,
     id7
   );
@@ -144584,7 +144612,7 @@ async function patchManagedObject({
 }) {
   const urlString = _util2.default.format(
     managedObjectByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     type,
     id7
   );
@@ -144608,7 +144636,7 @@ async function queryManagedObjects({
     pageCookie ? `${queryManagedObjectURLTemplate}&${fieldsParam}&_pagedResultsCookie=${encodeURIComponent(
       pageCookie
     )}` : `${queryManagedObjectURLTemplate}&${fieldsParam}`,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     type,
     encodeURIComponent(filter2),
     pageSize
@@ -144631,7 +144659,7 @@ async function queryAllManagedObjectsByType({
   )}` : `${queryAllManagedObjectURLTemplate}${fieldsParam}`;
   const urlString = _util2.default.format(
     urlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     type,
     pageSize
   );
@@ -144645,7 +144673,7 @@ async function deleteManagedObject({
 }) {
   const urlString = _util2.default.format(
     managedObjectByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     type,
     id7
   );
@@ -149982,20 +150010,20 @@ ${providers.map((it) => it.split("|")[0]).join("\n")}.`,
     throw new FrodoError(`Error importing circles of trust`, error2);
   }
 }
-var systemActionsUrlTemplate = "%s/openidm/system?_action=%s";
-var systemTestUrlTemplate = "%s/openidm/system/%s?_action=test";
-var systemObjectActionsUrlTemplate = "%s/openidm/system/%s/%s?_action=%s";
-var systemRunScriptUrlTemplate = "%s/openidm/system/%s?_action=script&scriptId=%s&scriptExecuteMode=resource";
-var systemQueryAllUrlTemplate = "%s/openidm/system/%s/%s?_queryId=query-all-ids";
-var systemQueryByFilterUrlTemplate = "%s/openidm/system/%s/%s?_queryFilter=%s";
-var systemObjectUrlTemplate = "%s/openidm/system/%s/%s/%s";
+var systemActionsUrlTemplate = "%s/system?_action=%s";
+var systemTestUrlTemplate = "%s/system/%s?_action=test";
+var systemObjectActionsUrlTemplate = "%s/system/%s/%s?_action=%s";
+var systemRunScriptUrlTemplate = "%s/system/%s?_action=script&scriptId=%s&scriptExecuteMode=resource";
+var systemQueryAllUrlTemplate = "%s/system/%s/%s?_queryId=query-all-ids";
+var systemQueryByFilterUrlTemplate = "%s/system/%s/%s?_queryFilter=%s";
+var systemObjectUrlTemplate = "%s/system/%s/%s/%s";
 var DEFAULT_PAGE_SIZE2 = 1e3;
 async function testConnectorServers({
   state: state2
 }) {
   const urlString = _util2.default.format(
     systemActionsUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     "testConnectorServers"
   );
   const { data: data2 } = await generateIdmApi({ state: state2, requestOverride: {} }).post(
@@ -150008,7 +150036,7 @@ async function readAvailableSystems({
 }) {
   const urlString = _util2.default.format(
     systemActionsUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     "test"
   );
   const { data: data2 } = await generateIdmApi({ requestOverride: {}, state: state2 }).post(
@@ -150022,7 +150050,7 @@ async function readSystemStatus({
 }) {
   const urlString = _util2.default.format(
     systemTestUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName
   );
   const { data: data2 } = await generateIdmApi({ requestOverride: {}, state: state2 }).post(
@@ -150039,7 +150067,7 @@ async function authenticateSystemObject({
 }) {
   const urlString = _util2.default.format(
     systemObjectActionsUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     systemObjectType,
     "authenticate"
@@ -150057,7 +150085,7 @@ async function runSystemScript({
 }) {
   const urlString = _util2.default.format(
     systemRunScriptUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     scriptName
   );
@@ -150077,7 +150105,7 @@ async function queryAllSystemObjectIds({
   const urlTemplate = pageCookie ? `${systemQueryAllUrlTemplate}${pagingParams}&_pagedResultsCookie=${pageCookie}` : `${systemQueryAllUrlTemplate}${pagingParams}`;
   const urlString = _util2.default.format(
     urlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     systemObjectType
   );
@@ -150098,7 +150126,7 @@ async function querySystemObjects({
   const urlTemplate = pageCookie ? `${systemQueryByFilterUrlTemplate}${pagingParams}${fieldsParam}&_pagedResultsCookie=${pageCookie}` : `${systemQueryByFilterUrlTemplate}${pagingParams}${fieldsParam}`;
   const urlString = _util2.default.format(
     urlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     systemObjectType,
     decodeURIComponent(filter2) === filter2 ? encodeURIComponent(filter2) : filter2
@@ -150118,7 +150146,7 @@ async function getSystemObject({
   const fieldsParam = `_fields=${fields.join(",")}`;
   const urlString = _util2.default.format(
     `${systemObjectUrlTemplate}?${fieldsParam}`,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     systemObjectType,
     systemObjectId
@@ -150136,7 +150164,7 @@ async function createSystemObject({
 }) {
   const urlString = _util2.default.format(
     systemObjectActionsUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     systemObjectType,
     "create"
@@ -150157,7 +150185,7 @@ async function putSystemObject({
 }) {
   const urlString = _util2.default.format(
     systemObjectUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     systemObjectType,
     systemObjectId
@@ -150178,7 +150206,7 @@ async function patchSystemObject({
 }) {
   const urlString = _util2.default.format(
     systemObjectUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     systemObjectType,
     systemObjectId
@@ -150197,7 +150225,7 @@ async function deleteSystemObject({
 }) {
   const urlString = _util2.default.format(
     systemObjectUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     systemName,
     systemObjectType,
     systemObjectId
@@ -153207,7 +153235,7 @@ var getApiConfig12 = () => ({
 async function getFeatures({ state: state2 }) {
   const urlString = _util2.default.format(
     envInfoURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateAmApi({ resource: getApiConfig12(), state: state2 }).get(
     urlString,
@@ -153512,6 +153540,12 @@ var ConnectionProfileOps_default = (state2) => {
     async getConnectionProfile() {
       return getConnectionProfile({ state: state2 });
     },
+    async loadConnectionProfileByHost(host2) {
+      return loadConnectionProfileByHost({ host: host2, state: state2 });
+    },
+    async loadConnectionProfile() {
+      return loadConnectionProfile({ state: state2 });
+    },
     async saveConnectionProfile(host2) {
       return saveConnectionProfile({ host: host2, state: state2 });
     },
@@ -153680,6 +153714,7 @@ Specify a sub-string uniquely identifying a single connection profile host URL.`
   }
   return {
     tenant: profiles[0].tenant,
+    idmHost: profiles[0].idmHost ? profiles[0].idmHost : null,
     allowInsecureConnection: profiles[0].allowInsecureConnection,
     deploymentType: profiles[0].deploymentType,
     username: profiles[0].username ? profiles[0].username : null,
@@ -153688,6 +153723,8 @@ Specify a sub-string uniquely identifying a single connection profile host URL.`
     logApiSecret: profiles[0].encodedLogApiSecret ? await dataProtection.decrypt(profiles[0].encodedLogApiSecret) : null,
     authenticationService: profiles[0].authenticationService ? profiles[0].authenticationService : null,
     authenticationHeaderOverrides: profiles[0].authenticationHeaderOverrides ? profiles[0].authenticationHeaderOverrides : {},
+    adminClientId: profiles[0].adminClientId ? profiles[0].adminClientId : null,
+    adminClientRedirectUri: profiles[0].adminClientRedirectUri ? profiles[0].adminClientRedirectUri : null,
     svcacctName: profiles[0].svcacctName ? profiles[0].svcacctName : null,
     svcacctId: profiles[0].svcacctId ? profiles[0].svcacctId : null,
     svcacctJwk: profiles[0].encodedSvcacctJwk ? await dataProtection.decrypt(profiles[0].encodedSvcacctJwk) : null,
@@ -153699,6 +153736,33 @@ async function getConnectionProfile({
 }) {
   return getConnectionProfileByHost({ host: state2.getHost(), state: state2 });
 }
+async function loadConnectionProfileByHost({
+  host: host2,
+  state: state2
+}) {
+  const conn = await getConnectionProfileByHost({ host: host2, state: state2 });
+  state2.setHost(conn.tenant);
+  state2.setIdmHost(state2.getIdmHost() || conn.idmHost);
+  state2.setAllowInsecureConnection(conn.allowInsecureConnection);
+  state2.setDeploymentType(state2.getDeploymentType() || conn.deploymentType);
+  state2.setAdminClientId(state2.getAdminClientId() || conn.adminClientId);
+  state2.setAdminClientRedirectUri(
+    state2.getAdminClientRedirectUri() || conn.adminClientRedirectUri
+  );
+  state2.setUsername(conn.username);
+  state2.setPassword(conn.password);
+  state2.setAuthenticationService(conn.authenticationService);
+  state2.setAuthenticationHeaderOverrides(conn.authenticationHeaderOverrides);
+  state2.setServiceAccountId(conn.svcacctId);
+  state2.setServiceAccountJwk(conn.svcacctJwk);
+  state2.setServiceAccountScope(conn.svcacctScope);
+  return true;
+}
+async function loadConnectionProfile({
+  state: state2
+}) {
+  return loadConnectionProfileByHost({ host: state2.getHost(), state: state2 });
+}
 async function saveConnectionProfile({
   host: host2,
   state: state2
@@ -153752,10 +153816,15 @@ async function saveConnectionProfile({
         state: state2
       });
     }
+    if (state2.getIdmHost()) profile.idmHost = state2.getIdmHost();
     if (state2.getAllowInsecureConnection())
       profile.allowInsecureConnection = state2.getAllowInsecureConnection();
     if (state2.getDeploymentType())
       profile.deploymentType = state2.getDeploymentType();
+    if (state2.getAdminClientId())
+      profile.adminClientId = state2.getAdminClientId();
+    if (state2.getAdminClientRedirectUri())
+      profile.adminClientRedirectUri = state2.getAdminClientRedirectUri();
     if (state2.getUsername()) profile.username = state2.getUsername();
     if (state2.getPassword())
       profile.encodedPassword = await dataProtection.encrypt(
@@ -154721,32 +154790,54 @@ function determineDefaultRealm(state2) {
   }
 }
 async function determineDeploymentType(state2) {
+  debugMessage({
+    message: `AuthenticateOps.determineDeploymentType: start`,
+    state: state2
+  });
   const cookieValue = state2.getCookieValue();
   let deploymentType = state2.getDeploymentType();
   switch (deploymentType) {
     case Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY:
+      adminClientId = state2.getAdminClientId() || fidcClientId;
+      debugMessage({
+        message: `AuthenticateOps.determineDeploymentType: end [type=${deploymentType}]`,
+        state: state2
+      });
       return deploymentType;
     case Constants_default.FORGEOPS_DEPLOYMENT_TYPE_KEY:
-      adminClientId = forgeopsClientId;
+      adminClientId = state2.getAdminClientId() || forgeopsClientId;
+      debugMessage({
+        message: `AuthenticateOps.determineDeploymentType: end [type=${deploymentType}]`,
+        state: state2
+      });
       return deploymentType;
     case Constants_default.CLASSIC_DEPLOYMENT_TYPE_KEY:
+      debugMessage({
+        message: `AuthenticateOps.determineDeploymentType: end [type=${deploymentType}]`,
+        state: state2
+      });
       return deploymentType;
     default: {
-      if (state2.getUseBearerTokenForAmApis())
+      if (state2.getUseBearerTokenForAmApis()) {
+        debugMessage({
+          message: `AuthenticateOps.determineDeploymentType: end [type=${Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY}]`,
+          state: state2
+        });
         return Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY;
+      }
       const verifier = encodeBase64Url(_crypto3.randomBytes.call(void 0, 32));
       const challenge = encodeBase64Url(
         _crypto3.createHash.call(void 0, "sha256").update(verifier).digest()
       );
       const challengeMethod = "S256";
-      const redirectURL = _url2.default.resolve(state2.getHost(), redirectUrlTemplate);
+      const redirectUri = _url2.default.resolve(state2.getHost(), redirectUrlTemplate);
       const config = {
         maxRedirects: 0,
         headers: {
           [state2.getCookieName()]: state2.getCookieValue()
         }
       };
-      let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
+      let bodyFormData = `redirect_uri=${redirectUri}&scope=${cloudAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
       deploymentType = Constants_default.CLASSIC_DEPLOYMENT_TYPE_KEY;
       try {
         await authorize2({
@@ -154764,7 +154855,7 @@ async function determineDeploymentType(state2) {
           deploymentType = Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY;
         } else {
           try {
-            bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state2.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
+            bodyFormData = `redirect_uri=${redirectUri}&scope=${forgeopsAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state2.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
             await authorize2({
               amBaseUrl: state2.getHost(),
               data: bodyFormData,
@@ -154773,7 +154864,7 @@ async function determineDeploymentType(state2) {
             });
           } catch (ex) {
             if (_optionalChain([ex, 'access', _114 => _114.response, 'optionalAccess', _115 => _115.status]) === 302 && _optionalChain([ex, 'access', _116 => _116.response, 'access', _117 => _117.headers, 'optionalAccess', _118 => _118.location, 'optionalAccess', _119 => _119.indexOf, 'call', _120 => _120("code=")]) > -1) {
-              adminClientId = forgeopsClientId;
+              adminClientId = state2.getAdminClientId() || forgeopsClientId;
               verboseMessage({
                 message: `ForgeOps deployment`["brightCyan"] + ` detected.`,
                 state: state2
@@ -154788,6 +154879,10 @@ async function determineDeploymentType(state2) {
           }
         }
       }
+      debugMessage({
+        message: `AuthenticateOps.determineDeploymentType: end [type=${deploymentType}]`,
+        state: state2
+      });
       return deploymentType;
     }
   }
@@ -154897,9 +154992,9 @@ async function getUserSessionToken(otpCallback, state2) {
   });
   return token;
 }
-async function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod, state2) {
+async function getAuthCode(redirectUri, codeChallenge, codeChallengeMethod, state2) {
   try {
-    const bodyFormData = `redirect_uri=${redirectURL}&scope=${state2.getDeploymentType() === Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY ? cloudAdminScopes : forgeopsAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state2.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;
+    const bodyFormData = `redirect_uri=${redirectUri}&scope=${state2.getDeploymentType() === Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY ? cloudAdminScopes : forgeopsAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state2.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;
     const config = {
       headers: {
         "Content-Type": "application/x-www-form-urlencoded"
@@ -154943,9 +155038,12 @@ async function getFreshUserBearerToken({
       _crypto3.createHash.call(void 0, "sha256").update(verifier).digest()
     );
     const challengeMethod = "S256";
-    const redirectURL = _url2.default.resolve(state2.getHost(), redirectUrlTemplate);
+    const redirectUri = _url2.default.resolve(
+      state2.getHost(),
+      state2.getAdminClientRedirectUri() || redirectUrlTemplate
+    );
     const authCode = await getAuthCode(
-      redirectURL,
+      redirectUri,
       challenge,
       challengeMethod,
       state2
@@ -154958,7 +155056,7 @@ async function getFreshUserBearerToken({
           password: adminClientPassword
         }
       };
-      const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;
+      const bodyFormData = `redirect_uri=${redirectUri}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;
       response2 = await accessToken2({
         amBaseUrl: state2.getHost(),
         data: bodyFormData,
@@ -154966,7 +155064,7 @@ async function getFreshUserBearerToken({
         state: state2
       });
     } else {
-      const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;
+      const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectUri}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;
       response2 = await accessToken2({
         amBaseUrl: state2.getHost(),
         data: bodyFormData,
@@ -155221,20 +155319,7 @@ async function getTokens({
   let usingConnectionProfile = false;
   try {
     if (state2.getUsername() == null && state2.getPassword() == null && !state2.getServiceAccountId() && !state2.getServiceAccountJwk()) {
-      const conn = await getConnectionProfile({ state: state2 });
-      usingConnectionProfile = true;
-      state2.setHost(conn.tenant);
-      state2.setAllowInsecureConnection(conn.allowInsecureConnection);
-      state2.setDeploymentType(conn.deploymentType);
-      state2.setUsername(conn.username);
-      state2.setPassword(conn.password);
-      state2.setAuthenticationService(conn.authenticationService);
-      state2.setAuthenticationHeaderOverrides(
-        conn.authenticationHeaderOverrides
-      );
-      state2.setServiceAccountId(conn.svcacctId);
-      state2.setServiceAccountJwk(conn.svcacctJwk);
-      state2.setServiceAccountScope(conn.svcacctScope);
+      usingConnectionProfile = await loadConnectionProfile({ state: state2 });
       if (state2.getDeploymentType() && !types.includes(state2.getDeploymentType())) {
         throw new FrodoError(
           `Unsupported deployment type '${state2.getDeploymentType()}'`
@@ -155253,14 +155338,14 @@ async function getTokens({
       }
     }
     state2.setCookieName(await determineCookieName(state2));
-    if (!forceLoginAsUser && state2.getServiceAccountId() && state2.getServiceAccountJwk()) {
+    if (!forceLoginAsUser && (state2.getDeploymentType() === Constants_default.CLOUD_DEPLOYMENT_TYPE_KEY || state2.getDeploymentType() === void 0) && state2.getServiceAccountId() && state2.getServiceAccountJwk()) {
       debugMessage({
         message: `AuthenticateOps.getTokens: Authenticating with service account ${state2.getServiceAccountId()}`,
         state: state2
       });
       try {
         const token = await getSaBearerToken({ state: state2 });
-        state2.setBearerTokenMeta(token);
+        if (token) state2.setBearerTokenMeta(token);
         if (usingConnectionProfile && !token.from_cache) {
           saveConnectionProfile({ host: state2.getHost(), state: state2 });
         }
@@ -155281,6 +155366,9 @@ async function getTokens({
       });
       const token = await getUserSessionToken(callbackHandler, state2);
       if (token) state2.setUserSessionTokenMeta(token);
+      if (usingConnectionProfile && !token.from_cache) {
+        saveConnectionProfile({ host: state2.getHost(), state: state2 });
+      }
       await determineDeploymentTypeAndDefaultRealmAndVersion(state2);
       if (state2.getDeploymentType() && !types.includes(state2.getDeploymentType())) {
         throw new FrodoError(
@@ -155957,7 +156045,7 @@ async function getCertificates({
 }) {
   const urlString = _util2.default.format(
     certificatesURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig16(),
@@ -155975,7 +156063,7 @@ async function createCertificate({
 }) {
   const urlString = _util2.default.format(
     certificatesURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig16(),
@@ -155993,7 +156081,7 @@ async function deleteCertificate({
 }) {
   const urlString = _util2.default.format(
     certificateByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     certificateId
   );
   const { data: data2 } = await generateEnvApi({
@@ -156010,7 +156098,7 @@ async function getCertificate({
 }) {
   const urlString = _util2.default.format(
     certificateByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     certificateId
   );
   const { data: data2 } = await generateEnvApi({
@@ -156028,7 +156116,7 @@ async function updateCertificate({
 }) {
   const urlString = _util2.default.format(
     certificateByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     certificateId
   );
   const { data: data2 } = await generateEnvApi({
@@ -156485,7 +156573,7 @@ async function getEnforcedContentSecurityPolicy({
 }) {
   const urlString = _util2.default.format(
     enforcedPolicyURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig17(),
@@ -156501,7 +156589,7 @@ async function setEnforcedContentSecurityPolicy({
 }) {
   const urlString = _util2.default.format(
     enforcedPolicyURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig17(),
@@ -156514,7 +156602,7 @@ async function getReportOnlyContentSecurityPolicy({
 }) {
   const urlString = _util2.default.format(
     reportOnlyPolicyURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig17(),
@@ -156530,7 +156618,7 @@ async function setReportOnlyContentSecurityPolicy({
 }) {
   const urlString = _util2.default.format(
     reportOnlyPolicyURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig17(),
@@ -156620,7 +156708,7 @@ async function getCookieDomains({
 }) {
   const urlString = _util2.default.format(
     cookieDomainsURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig18(),
@@ -156636,7 +156724,7 @@ async function setCookieDomains({
 }) {
   const urlString = _util2.default.format(
     cookieDomainsURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig18(),
@@ -156688,7 +156776,7 @@ async function getCSRs({
 }) {
   const urlString = _util2.default.format(
     csrsURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig19(),
@@ -156704,7 +156792,7 @@ async function createCSR({
 }) {
   const urlString = _util2.default.format(
     csrsURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig19(),
@@ -156718,7 +156806,7 @@ async function deleteCSR({
 }) {
   const urlString = _util2.default.format(
     csrByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     csrId
   );
   const { data: data2 } = await generateEnvApi({
@@ -156735,7 +156823,7 @@ async function getCSR({
 }) {
   const urlString = _util2.default.format(
     csrByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     csrId
   );
   const { data: data2 } = await generateEnvApi({
@@ -156753,7 +156841,7 @@ async function updateCSR({
 }) {
   const urlString = _util2.default.format(
     csrByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     csrId
   );
   const { data: data2 } = await generateEnvApi({
@@ -156924,7 +157012,7 @@ async function verifyCNAME({
 }) {
   const urlString = _util2.default.format(
     verifyCNAMEURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig20(),
@@ -156937,7 +157025,7 @@ async function getCustomDomains({
 }) {
   const urlString = _util2.default.format(
     customDomainsURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     getCurrentRealmName(state2)
   );
   const { data: data2 } = await generateEnvApi({
@@ -156954,7 +157042,7 @@ async function setCustomDomains({
 }) {
   const urlString = _util2.default.format(
     customDomainsURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     getCurrentRealmName(state2)
   );
   const { data: data2 } = await generateEnvApi({
@@ -157027,7 +157115,7 @@ async function getFederationEnforcement({
 }) {
   const urlString = _util2.default.format(
     federationEnforcementURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig21(),
@@ -157043,7 +157131,7 @@ async function setFederationEnforcement({
 }) {
   const urlString = _util2.default.format(
     federationEnforcementURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig21(),
@@ -157130,7 +157218,7 @@ async function lockEnvironment({
 }) {
   const urlString = _util2.default.format(
     lockEnvURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157144,7 +157232,7 @@ async function unlockEnvironment({
 }) {
   const urlString = _util2.default.format(
     unlockEnvByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     promotionId
   );
   const { data: data2 } = await generateEnvApi({
@@ -157160,7 +157248,7 @@ async function getLockStatus({
 }) {
   const urlString = _util2.default.format(
     lockStatusURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157176,7 +157264,7 @@ async function promoteConfiguration({
 }) {
   const urlString = _util2.default.format(
     lockEnvURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157189,7 +157277,7 @@ async function getPromotionStatus({
 }) {
   const urlString = _util2.default.format(
     promoteEnvURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157204,7 +157292,7 @@ async function getLastPromotionReport({
 }) {
   const urlString = _util2.default.format(
     reportURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157220,7 +157308,7 @@ async function getPromotionReport({
 }) {
   const urlString = _util2.default.format(
     reportByIdURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     reportId
   );
   const { data: data2 } = await generateEnvApi({
@@ -157236,7 +157324,7 @@ async function getProvisionalPromotionReport({
 }) {
   const urlString = _util2.default.format(
     provisionalPromotionReportURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157251,7 +157339,7 @@ async function getProvisionalRollbackReport({
 }) {
   const urlString = _util2.default.format(
     provisionalRollbackReportURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157266,7 +157354,7 @@ async function getPromotionReports({
 }) {
   const urlString = _util2.default.format(
     reportsURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157282,7 +157370,7 @@ async function rollbackPromotion({
 }) {
   const urlString = _util2.default.format(
     rollbackURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig22(),
@@ -157456,7 +157544,7 @@ async function getRelease({
 }) {
   const urlString = _util2.default.format(
     releaseURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig23(),
@@ -157499,7 +157587,7 @@ async function getSSOCookieConfig({
 }) {
   const urlString = _util2.default.format(
     ssoCookieConfigURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig24(),
@@ -157514,7 +157602,7 @@ async function resetSSOCookieConfig({
 }) {
   const urlString = _util2.default.format(
     resetSsoCookieConfigURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig24(),
@@ -157528,7 +157616,7 @@ async function setSSOCookieConfig({
 }) {
   const urlString = _util2.default.format(
     ssoCookieConfigURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig24(),
@@ -157592,7 +157680,7 @@ async function getEsvCount({
 }) {
   const urlString = _util2.default.format(
     countOfESVsURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig25(),
@@ -157631,7 +157719,7 @@ async function getLogApiKey({
 }) {
   const urlString = _util2.default.format(
     logsAPIKeyURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     keyId
   );
   const { data: data2 } = await generateLogKeysApi({ state: state2 }).get(urlString);
@@ -157642,7 +157730,7 @@ async function getLogApiKeys({
 }) {
   const urlString = _util2.default.format(
     logsGetAPIKeysURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateLogKeysApi({ state: state2 }).get(urlString);
   return data2;
@@ -157652,7 +157740,7 @@ async function getSources({
 }) {
   const urlString = _util2.default.format(
     logsSourcesURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateLogApi({ state: state2 }).get(urlString);
   return data2;
@@ -157671,7 +157759,7 @@ async function isLogApiKeyValid({
     };
     const urlString = _util2.default.format(
       logsSourcesURLTemplate,
-      getHostBaseUrl(state2.getHost())
+      getHostOnlyUrl(state2.getHost())
     );
     await generateLogApi({ requestOverride, state: state2 }).get(urlString);
     return true;
@@ -157685,7 +157773,7 @@ async function createLogApiKey({
 }) {
   const urlString = _util2.default.format(
     logsCreateAPIKeyAndSecretURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateLogKeysApi({ state: state2 }).post(urlString, {
     name: keyName
@@ -157698,7 +157786,7 @@ async function deleteLogApiKey({
 }) {
   const urlString = _util2.default.format(
     logsAPIKeyURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     keyId
   );
   const { data: data2 } = await generateLogKeysApi({ state: state2 }).delete(urlString, {
@@ -157713,7 +157801,7 @@ async function tail({
 }) {
   let urlString = _util2.default.format(
     logsTailURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     encodeURIComponent(source)
   );
   if (cookie) {
@@ -157731,7 +157819,7 @@ async function fetch2({
 }) {
   let urlString = _util2.default.format(
     logsFetchURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     encodeURIComponent(source),
     startTs,
     endTs
@@ -158108,14 +158196,14 @@ async function fetch3({
     throw new FrodoError(`Error fetching logs`, error2);
   }
 }
-var scriptActionsUrlTemplate = "%s/openidm/script?_action=%s";
+var scriptActionsUrlTemplate = "%s/script?_action=%s";
 async function compileScript({
   script,
   state: state2
 }) {
   const urlString = _util2.default.format(
     scriptActionsUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     "compile"
   );
   const postData = {
@@ -158135,7 +158223,7 @@ async function evaluateScript({
 }) {
   const urlString = _util2.default.format(
     scriptActionsUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     "eval"
   );
   const postData = {
@@ -159055,7 +159143,7 @@ async function getStatus({
 }) {
   const urlString = _util2.default.format(
     startupURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig26(),
@@ -159072,7 +159160,7 @@ async function initiateRestart({
   if (restartStatus === "ready") {
     const urlString = _util2.default.format(
       startupInitiateRestartURLTemplate,
-      getHostBaseUrl(state2.getHost())
+      getHostOnlyUrl(state2.getHost())
     );
     const { data: data2 } = await generateEnvApi({
       resource: getApiConfig26(),
@@ -159098,7 +159186,7 @@ async function getVariables({
 }) {
   const urlString = _util2.default.format(
     variablesListURLTemplate,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateEnvApi({
     resource: getApiConfig27(),
@@ -159114,7 +159202,7 @@ async function getVariable({
 }) {
   const urlString = _util2.default.format(
     variableURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     variableId
   );
   const { data: data2 } = await generateEnvApi({
@@ -159139,7 +159227,7 @@ async function putVariable({
   };
   const urlString = _util2.default.format(
     variableURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     variableId
   );
   const { data: data2 } = await generateEnvApi({
@@ -159157,7 +159245,7 @@ async function setVariableDescription({
 }) {
   const urlString = _util2.default.format(
     variableSetDescriptionURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     variableId
   );
   const { data: data2 } = await generateEnvApi({
@@ -159172,7 +159260,7 @@ async function deleteVariable({
 }) {
   const urlString = _util2.default.format(
     variableURLTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getHostOnlyUrl(state2.getHost()),
     variableId
   );
   const { data: data2 } = await generateEnvApi({
@@ -167288,7 +167376,7 @@ async function getEnvInfo({
 }) {
   const urlString = _util2.default.format(
     envInfoURLTemplate2,
-    getHostBaseUrl(state2.getHost())
+    getHostOnlyUrl(state2.getHost())
   );
   const { data: data2 } = await generateAmApi({
     resource: getApiConfig33(),
@@ -167358,18 +167446,15 @@ async function getInfo(state2) {
 }
 var apiVersion35 = "resource=1.0";
 var apiConfig = { headers: { "Accept-API-Version": apiVersion35 } };
-var reconUrlTemplate = "%s/openidm/recon";
-var reconByIdUrlTemplate = "%s/openidm/recon/%s";
-var startReconUrlTemplate = "%s/openidm/recon?_action=recon&mapping=%s";
-var startReconByIdUrlTemplate = "%s/openidm/recon?_action=reconById&mapping=%s&id=%s";
-var cancelReconUrlTemplate = "%s/openidm/recon/%s?_action=cancel";
+var reconUrlTemplate = "%s/recon";
+var reconByIdUrlTemplate = "%s/recon/%s";
+var startReconUrlTemplate = "%s/recon?_action=recon&mapping=%s";
+var startReconByIdUrlTemplate = "%s/recon?_action=reconById&mapping=%s&id=%s";
+var cancelReconUrlTemplate = "%s/recon/%s?_action=cancel";
 async function getRecons({
   state: state2
 }) {
-  const urlString = _util2.default.format(
-    reconUrlTemplate,
-    getHostBaseUrl(state2.getHost())
-  );
+  const urlString = _util2.default.format(reconUrlTemplate, getIdmBaseUrl(state2));
   const { data: data2 } = await generateIdmApi({
     requestOverride: apiConfig,
     state: state2
@@ -167382,7 +167467,7 @@ async function getRecon({
 }) {
   const urlString = _util2.default.format(
     reconByIdUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     reconId
   );
   const { data: data2 } = await generateIdmApi({
@@ -167397,7 +167482,7 @@ async function startRecon({
 }) {
   const urlString = _util2.default.format(
     startReconUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     mappingName
   );
   const { data: data2 } = await generateIdmApi({
@@ -167413,7 +167498,7 @@ async function startReconById({
 }) {
   const urlString = _util2.default.format(
     startReconByIdUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     mappingName,
     objectId
   );
@@ -167429,7 +167514,7 @@ async function cancelRecon({
 }) {
   const urlString = _util2.default.format(
     cancelReconUrlTemplate,
-    getHostBaseUrl(state2.getHost()),
+    getIdmBaseUrl(state2),
     reconId
   );
   const { data: data2 } = await generateIdmApi({
@@ -168157,7 +168242,7 @@ function createObjectTable(object, keyMap = {}) {
 var { DEFAULT_REALM_KEY: DEFAULT_REALM_KEY2, DEPLOYMENT_TYPES: DEPLOYMENT_TYPES2 } = frodo.utils.constants;
 var hostArgument = new Argument(
   "[host]",
-  "Access Management base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring."
+  "AM base URL, e.g.: https://cdk.iam.example.com/am. To use a connection profile, just specify a unique substring."
 );
 var realmArgument = new Argument(
   "[realm]",
@@ -168172,6 +168257,18 @@ var usernameArgument = new Argument(
   "Username to login with. Must be an admin user with appropriate rights to manage authentication journeys/trees."
 );
 var passwordArgument = new Argument("[password]", "Password.");
+var idmHostOption = new Option(
+  "--idm-host <idm-host>",
+  'IDM base URL, e.g.: https://cdk.idm.example.com/myidm. Use only if your IDM installation resides in a different domain and/or if the base path differs from the default "/openidm".'
+);
+var loginClientId = new Option(
+  "--login-client-id <client-id>",
+  'Specify a custom OAuth2 client id to use a your own oauth2 client for IDM API calls in deployments of type "cloud" or "forgeops". Your custom client must be configured as a public client and allow the authorization code grant using the "openid fr:idm:*" scope. Use the "--redirect-uri" parameter if you have configured a custom redirect uri (default: "<host>/platform/appAuthHelperRedirect.html").'
+);
+var loginRedirectUri = new Option(
+  "--login-redirect-uri <redirect-uri>",
+  'Specify a custom redirect URI to use with your custom OAuth2 client (efault: "<host>/platform/appAuthHelperRedirect.html").'
+);
 var serviceAccountIdOption = new Option(
   "--sa-id <sa-id>",
   "Service account id."
@@ -168216,6 +168313,9 @@ var defaultArgs = [
   passwordArgument
 ];
 var defaultOpts = [
+  idmHostOption,
+  loginClientId,
+  loginRedirectUri,
   serviceAccountIdOption,
   serviceAccountJwkFileOption,
   deploymentOption,
@@ -168232,6 +168332,9 @@ var stateMap = {
   [realmArgument.name()]: (realm2) => state.setRealm(realm2),
   [usernameArgument.name()]: (username2) => state.setUsername(username2),
   [passwordArgument.name()]: (password3) => state.setPassword(password3),
+  [idmHostOption.attributeName()]: (idmHost) => state.setIdmHost(idmHost),
+  [loginClientId.attributeName()]: (clientId) => state.setAdminClientId(clientId),
+  [loginRedirectUri.attributeName()]: (redirectUri) => state.setAdminClientRedirectUri(redirectUri),
   [serviceAccountIdOption.attributeName()]: (saId2) => state.setServiceAccountId(saId2),
   [serviceAccountJwkFileOption.attributeName()]: (file) => {
     try {
@@ -168323,18 +168426,21 @@ var FrodoCommand = class extends FrodoStubCommand {
       "after",
       `
 Environment Variables:
-  FRODO_HOST: Access Management base URL. Overrides 'host' argument.
-  FRODO_REALM: Realm. Overrides 'realm' argument.
-  FRODO_USERNAME: Username. Overrides 'username' argument.
-  FRODO_PASSWORD: Password. Overrides 'password' argument.
-  FRODO_SA_ID: Service account uuid. Overrides '--sa-id' option.
-  FRODO_SA_JWK: Service account JWK. Overrides '--sa-jwk-file' option but takes the actual JWK as a value, not a file name.
+  FRODO_HOST: AM base URL. Overridden by 'host' argument.
+  FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option.
+  FRODO_REALM: Realm. Overridden by 'realm' argument.
+  FRODO_USERNAME: Username. Overridden by 'username' argument.
+  FRODO_PASSWORD: Password. Overridden by 'password' argument.
+  FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option.
+  FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option.
+  FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option.
+  FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name.
   FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option.
   FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'.
-` + ("frodo conn save" === this.name() ? `  FRODO_LOG_KEY: Log API key. Overrides '--log-api-key' option.
-  FRODO_LOG_SECRET: Log API secret. Overrides '--log-api-secret' option.
-` : ``) + (this.name().startsWith("frodo log") ? `  FRODO_LOG_KEY: Log API key. Overrides 'username' argument.
-  FRODO_LOG_SECRET: Log API secret. Overrides 'password' argument.
+` + ("frodo conn save" === this.name() ? `  FRODO_LOG_KEY: Log API key. Overridden by '--log-api-key' option.
+  FRODO_LOG_SECRET: Log API secret. Overridden by '--log-api-secret' option.
+` : ``) + (this.name().startsWith("frodo log") ? `  FRODO_LOG_KEY: Log API key. Overridden by 'username' argument.
+  FRODO_LOG_SECRET: Log API secret. Overridden by 'password' argument.
 ` : ``) + `  FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'.
   FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use.
   FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'.
@@ -178707,12 +178813,21 @@ async function describeConnectionProfile(host2, showSecrets) {
       if (profile.logApiSecret) profile.logApiSecret = present;
       if (profile.svcacctJwk) profile["svcacctJwk"] = present;
     }
+    if (!profile.idmHost) {
+      delete profile.idmHost;
+    }
     if (profile.allowInsecureConnection === void 0) {
       delete profile.allowInsecureConnection;
     }
     if (!profile.deploymentType) {
       delete profile.deploymentType;
     }
+    if (!profile.adminClientId) {
+      delete profile.adminClientId;
+    }
+    if (!profile.adminClientRedirectUri) {
+      delete profile.adminClientRedirectUri;
+    }
     if (!profile.username) {
       delete profile.username;
       delete profile.password;
@@ -188164,9 +188279,9 @@ function setup175() {
   Launch a frodo shell using explicit login parameters:
 ` + `  $ frodo shell ${amBaseUrl} ${username} '${password2}'
 `["brightCyan"] + `  Launch a frodo shell using a connection profile (identified by the full AM base URL):
-` + `  $ frodo shell ${amBaseUrl}'
+` + `  $ frodo shell ${amBaseUrl}
 `["brightCyan"] + `  Launch a frodo shell using a connection profile (identified by a unique substring of the AM base URL):
-` + `  $ frodo shell ${connId}'
+` + `  $ frodo shell ${connId}
 `["brightCyan"]
   ).action(async (host, realm, user, password, options, command) => {
     command.handleDefaultArgsAndOpts(
@@ -188567,7 +188682,7 @@ var compareVersions = (v12, v2) => {
 // package.json
 var package_default2 = {
   name: "@rockcarver/frodo-cli",
-  version: "2.0.5",
+  version: "2.0.6-0",
   type: "module",
   description: "A command line interface to manage ForgeRock Identity Cloud tenants, ForgeOps deployments, and classic deployments.",
   keywords: [
@@ -188681,7 +188796,7 @@ var package_default2 = {
     ]
   },
   devDependencies: {
-    "@rockcarver/frodo-lib": "2.1.0",
+    "@rockcarver/frodo-lib": "2.1.2-0",
     "@types/colors": "^1.2.1",
     "@types/fs-extra": "^11.0.1",
     "@types/jest": "^29.2.3",
@@ -188978,7 +189093,7 @@ tmp/lib/tmp.js:
    * MIT Licensed
    *)
 
-@rockcarver/frodo-lib/dist/esm/index.js:
+@rockcarver/frodo-lib/dist/index.mjs:
   (*! Bundled license information:
   
   humanize-ms/index.js: