@scalar/api-client 2.43.0 → 3.0.0

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthDataTable.vue.js.map

@@ -1 +1 @@
-{"version":3,"file":"RequestAuthDataTable.vue.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthDataTable.vue"],"sourcesContent":["<script setup lang=\"ts\">\nimport type {\n  ApiReferenceEvents,\n  AuthMeta,\n  WorkspaceEventBus,\n} from '@scalar/workspace-store/events'\nimport type { MergedSecuritySchemes } from '@scalar/workspace-store/request-example'\nimport type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments'\nimport type { ServerObject } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { computed } from 'vue'\n\nimport type { SecuritySchemeOption } from '@/v2/blocks/scalar-auth-selector-block/helpers/security-scheme'\nimport { DataTable } from '@/v2/components/data-table'\n\nimport RequestAuthTab from './RequestAuthTab.vue'\n\nconst {\n  environment,\n  isStatic,\n  selectedSchemeOptions,\n  activeAuthIndex,\n  securitySchemes = {},\n  server,\n  eventBus,\n  meta,\n} = defineProps<{\n  /** The current environment configuration */\n  environment: XScalarEnvironment\n  /** Controls border display for static (non-collapsible) layouts */\n  isStatic: boolean\n  /** Available authentication scheme options */\n  selectedSchemeOptions: SecuritySchemeOption[]\n  /** Index of the currently active authentication tab */\n  activeAuthIndex: number\n  /** Proxy URL */\n  proxyUrl: string\n  /** OpenAPI security scheme definitions */\n  securitySchemes: MergedSecuritySchemes\n  /** Current server configuration */\n  server: ServerObject | null\n  /** Event bus for authentication updates */\n  eventBus: WorkspaceEventBus\n  /** Metadata for authentication context */\n  meta: AuthMeta\n}>()\n\n/** Currently selected authentication scheme based on the active tab index */\nconst activeScheme = computed<SecuritySchemeOption | undefined>(\n  () => selectedSchemeOptions[activeAuthIndex],\n)\n\n/**\n * Whether to display multiple authentication tabs.\n * Only shows tabs when there are 2 or more schemes available.\n */\nconst shouldShowTabs = computed<boolean>(() => selectedSchemeOptions.length > 1)\n\n/** Handles authentication tab selection */\nconst handleTabChange = (index: number) =>\n  eventBus.emit('auth:update:active-index', {\n    index,\n    meta,\n  })\n\n/** Handles updates to OAuth scope selection */\nconst handleScopesUpdate = (\n  params: Omit<ApiReferenceEvents['auth:update:selected-scopes'], 'meta'>,\n): void =>\n  eventBus.emit('auth:update:selected-scopes', {\n    ...params,\n    meta,\n  })\n\n/** Determines if a tab is currently active */\nconst isTabActive = (index: number): boolean => activeAuthIndex === index\n\n/** Expose the active scheme for parent component access */\ndefineExpose({\n  activeScheme,\n})\n</script>\n\n<template>\n  <form @submit.prevent>\n    <!-- Authentication Tabs -->\n    <div\n      v-if=\"shouldShowTabs\"\n      class=\"box-content flex flex-wrap gap-x-2.5 overflow-hidden border border-b-0 px-3\"\n      :class=\"{ 'border-x-0': !isStatic }\"\n      data-testid=\"auth-tabs\">\n      <div\n        v-for=\"(option, index) in selectedSchemeOptions\"\n        :key=\"option.id\"\n        class=\"relative z-1 -mb-[var(--scalar-border-width)] flex h-8\">\n        <button\n          class=\"floating-bg relative cursor-pointer border-b border-transparent py-1 text-sm font-medium transition-colors\"\n          :class=\"isTabActive(index) ? 'text-c-1' : 'text-c-3'\"\n          type=\"button\"\n          @click=\"handleTabChange(index)\">\n          <span class=\"relative z-10 font-medium whitespace-nowrap\">\n            {{ option.label }}\n          </span>\n        </button>\n\n        <!-- Active Tab Indicator -->\n        <div\n          v-if=\"isTabActive(index)\"\n          class=\"absolute inset-x-1 bottom-[var(--scalar-border-width)] left-1/2 z-1 h-px w-full -translate-x-1/2 bg-current\" />\n      </div>\n    </div>\n\n    <!-- Active Authentication Scheme Content -->\n    <DataTable\n      v-if=\"activeScheme\"\n      class=\"flex-1\"\n      :class=\"{ 'bg-b-1 rounded-b-lg border border-t-0': isStatic }\"\n      :columns=\"['']\"\n      presentational>\n      <RequestAuthTab\n        :environment\n        :eventBus\n        :isStatic\n        :proxyUrl\n        :securitySchemes\n        :selectedSecuritySchemas=\"activeScheme.value\"\n        :server\n        @update:selectedScopes=\"handleScopesUpdate\" />\n    </DataTable>\n\n    <!-- Empty State -->\n    <div\n      v-else\n      class=\"bg-b-1 text-c-3 flex min-h-16 items-center justify-center border-t px-4 text-sm\"\n      :class=\"{ 'min-h-[calc(4rem+0.5px)] rounded-b-lg border': isStatic }\">\n      No authentication selected\n    </div>\n  </form>\n</template>\n"],"mappings":""}
+{"version":3,"file":"RequestAuthDataTable.vue.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthDataTable.vue"],"sourcesContent":["<script setup lang=\"ts\">\nimport type {\n  ApiReferenceEvents,\n  AuthMeta,\n  WorkspaceEventBus,\n} from '@scalar/workspace-store/events'\nimport type { MergedSecuritySchemes } from '@scalar/workspace-store/request-example'\nimport type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments'\nimport type { ServerObject } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { computed } from 'vue'\n\nimport type { OAuth2Options } from '@/v2/blocks/scalar-auth-selector-block/components/OAuth2.vue'\nimport type { SecuritySchemeOption } from '@/v2/blocks/scalar-auth-selector-block/helpers/security-scheme'\nimport { DataTable } from '@/v2/components/data-table'\n\nimport RequestAuthTab from './RequestAuthTab.vue'\n\nconst {\n  environment,\n  isStatic,\n  selectedSchemeOptions,\n  activeAuthIndex,\n  securitySchemes = {},\n  server,\n  eventBus,\n  meta,\n  options,\n} = defineProps<{\n  /** The current environment configuration */\n  environment: XScalarEnvironment\n  /** Controls border display for static (non-collapsible) layouts */\n  isStatic: boolean\n  /** Available authentication scheme options */\n  selectedSchemeOptions: SecuritySchemeOption[]\n  /** Index of the currently active authentication tab */\n  activeAuthIndex: number\n  /** Proxy URL */\n  proxyUrl: string\n  /** OpenAPI security scheme definitions */\n  securitySchemes: MergedSecuritySchemes\n  /** Current server configuration */\n  server: ServerObject | null\n  /** Event bus for authentication updates */\n  eventBus: WorkspaceEventBus\n  /** Metadata for authentication context */\n  meta: AuthMeta\n  /**  Any config options required for the OAuth2 flow */\n  options?: OAuth2Options\n}>()\n\n/** Currently selected authentication scheme based on the active tab index */\nconst activeScheme = computed<SecuritySchemeOption | undefined>(\n  () => selectedSchemeOptions[activeAuthIndex],\n)\n\n/**\n * Whether to display multiple authentication tabs.\n * Only shows tabs when there are 2 or more schemes available.\n */\nconst shouldShowTabs = computed<boolean>(() => selectedSchemeOptions.length > 1)\n\n/** Handles authentication tab selection */\nconst handleTabChange = (index: number) =>\n  eventBus.emit('auth:update:active-index', {\n    index,\n    meta,\n  })\n\n/** Handles updates to OAuth scope selection */\nconst handleScopesUpdate = (\n  params: Omit<ApiReferenceEvents['auth:update:selected-scopes'], 'meta'>,\n): void =>\n  eventBus.emit('auth:update:selected-scopes', {\n    ...params,\n    meta,\n  })\n\n/** Determines if a tab is currently active */\nconst isTabActive = (index: number): boolean => activeAuthIndex === index\n\n/** Expose the active scheme for parent component access */\ndefineExpose({\n  activeScheme,\n})\n</script>\n\n<template>\n  <form @submit.prevent>\n    <!-- Authentication Tabs -->\n    <div\n      v-if=\"shouldShowTabs\"\n      class=\"box-content flex flex-wrap gap-x-2.5 overflow-hidden border-x border-t px-3\"\n      :class=\"{ 'border-x-0': !isStatic }\"\n      data-testid=\"auth-tabs\">\n      <div\n        v-for=\"(option, index) in selectedSchemeOptions\"\n        :key=\"option.id\"\n        class=\"relative z-1 -mb-[var(--scalar-border-width)] flex h-8\">\n        <button\n          class=\"floating-bg relative cursor-pointer border-b border-transparent py-1 text-sm font-medium transition-colors\"\n          :class=\"isTabActive(index) ? 'text-c-1' : 'text-c-3'\"\n          type=\"button\"\n          @click=\"handleTabChange(index)\">\n          <span class=\"relative z-10 font-medium whitespace-nowrap\">\n            {{ option.label }}\n          </span>\n        </button>\n\n        <!-- Active Tab Indicator -->\n        <div\n          v-if=\"isTabActive(index)\"\n          class=\"absolute inset-x-1 bottom-[var(--scalar-border-width)] left-1/2 z-1 h-px w-full -translate-x-1/2 bg-current\" />\n      </div>\n    </div>\n\n    <!-- Active Authentication Scheme Content -->\n    <DataTable\n      v-if=\"activeScheme\"\n      class=\"flex-1\"\n      :class=\"{ 'bg-b-1 rounded-b-lg border-x border-b': isStatic }\"\n      :columns=\"['']\"\n      presentational>\n      <RequestAuthTab\n        :environment\n        :eventBus\n        :isStatic\n        :options\n        :proxyUrl\n        :securitySchemes\n        :selectedSecuritySchemas=\"activeScheme.value\"\n        :server\n        @update:selectedScopes=\"handleScopesUpdate\" />\n    </DataTable>\n\n    <!-- Empty State -->\n    <div\n      v-else\n      class=\"bg-b-1 text-c-3 flex min-h-16 items-center justify-center border-t px-4 text-sm\"\n      :class=\"{ 'min-h-[calc(4rem+0.5px)] rounded-b-lg border': isStatic }\">\n      No authentication selected\n    </div>\n  </form>\n</template>\n"],"mappings":""}

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthDataTable.vue.script.js

@@ -19,7 +19,8 @@ var RequestAuthDataTable_vue_vue_type_script_setup_true_lang_default = /* @__PUR
 		securitySchemes: { default: () => ({}) },
 		server: {},
 		eventBus: {},
-		meta: {}
+		meta: {},
+		options: {}
 	},
 	setup(__props, { expose: __expose }) {
 		/** Currently selected authentication scheme based on the active tab index */
@@ -46,7 +47,7 @@ var RequestAuthDataTable_vue_vue_type_script_setup_true_lang_default = /* @__PUR
 		return (_ctx, _cache) => {
 			return openBlock(), createElementBlock("form", { onSubmit: _cache[0] || (_cache[0] = withModifiers(() => {}, ["prevent"])) }, [shouldShowTabs.value ? (openBlock(), createElementBlock("div", {
 				key: 0,
-				class: normalizeClass(["box-content flex flex-wrap gap-x-2.5 overflow-hidden border border-b-0 px-3", { "border-x-0": !__props.isStatic }]),
+				class: normalizeClass(["box-content flex flex-wrap gap-x-2.5 overflow-hidden border-x border-t px-3", { "border-x-0": !__props.isStatic }]),
 				"data-testid": "auth-tabs"
 			}, [(openBlock(true), createElementBlock(Fragment, null, renderList(__props.selectedSchemeOptions, (option, index) => {
 				return openBlock(), createElementBlock("div", {
@@ -59,7 +60,7 @@ var RequestAuthDataTable_vue_vue_type_script_setup_true_lang_default = /* @__PUR
 				}, [createElementVNode("span", _hoisted_2, toDisplayString(option.label), 1)], 10, _hoisted_1), isTabActive(index) ? (openBlock(), createElementBlock("div", _hoisted_3)) : createCommentVNode("", true)]);
 			}), 128))], 2)) : createCommentVNode("", true), activeScheme.value ? (openBlock(), createBlock(unref(DataTable_default), {
 				key: 1,
-				class: normalizeClass(["flex-1", { "bg-b-1 rounded-b-lg border border-t-0": __props.isStatic }]),
+				class: normalizeClass(["flex-1", { "bg-b-1 rounded-b-lg border-x border-b": __props.isStatic }]),
 				columns: [""],
 				presentational: ""
 			}, {
@@ -67,6 +68,7 @@ var RequestAuthDataTable_vue_vue_type_script_setup_true_lang_default = /* @__PUR
 					environment: __props.environment,
 					eventBus: __props.eventBus,
 					isStatic: __props.isStatic,
+					options: __props.options,
 					proxyUrl: __props.proxyUrl,
 					securitySchemes: __props.securitySchemes,
 					selectedSecuritySchemas: activeScheme.value.value,
@@ -76,6 +78,7 @@ var RequestAuthDataTable_vue_vue_type_script_setup_true_lang_default = /* @__PUR
 					"environment",
 					"eventBus",
 					"isStatic",
+					"options",
 					"proxyUrl",
 					"securitySchemes",
 					"selectedSecuritySchemas",

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthDataTable.vue.script.js.map

@@ -1 +1 @@
-{"version":3,"file":"RequestAuthDataTable.vue.script.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthDataTable.vue"],"sourcesContent":["<script setup lang=\"ts\">\nimport type {\n  ApiReferenceEvents,\n  AuthMeta,\n  WorkspaceEventBus,\n} from '@scalar/workspace-store/events'\nimport type { MergedSecuritySchemes } from '@scalar/workspace-store/request-example'\nimport type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments'\nimport type { ServerObject } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { computed } from 'vue'\n\nimport type { SecuritySchemeOption } from '@/v2/blocks/scalar-auth-selector-block/helpers/security-scheme'\nimport { DataTable } from '@/v2/components/data-table'\n\nimport RequestAuthTab from './RequestAuthTab.vue'\n\nconst {\n  environment,\n  isStatic,\n  selectedSchemeOptions,\n  activeAuthIndex,\n  securitySchemes = {},\n  server,\n  eventBus,\n  meta,\n} = defineProps<{\n  /** The current environment configuration */\n  environment: XScalarEnvironment\n  /** Controls border display for static (non-collapsible) layouts */\n  isStatic: boolean\n  /** Available authentication scheme options */\n  selectedSchemeOptions: SecuritySchemeOption[]\n  /** Index of the currently active authentication tab */\n  activeAuthIndex: number\n  /** Proxy URL */\n  proxyUrl: string\n  /** OpenAPI security scheme definitions */\n  securitySchemes: MergedSecuritySchemes\n  /** Current server configuration */\n  server: ServerObject | null\n  /** Event bus for authentication updates */\n  eventBus: WorkspaceEventBus\n  /** Metadata for authentication context */\n  meta: AuthMeta\n}>()\n\n/** Currently selected authentication scheme based on the active tab index */\nconst activeScheme = computed<SecuritySchemeOption | undefined>(\n  () => selectedSchemeOptions[activeAuthIndex],\n)\n\n/**\n * Whether to display multiple authentication tabs.\n * Only shows tabs when there are 2 or more schemes available.\n */\nconst shouldShowTabs = computed<boolean>(() => selectedSchemeOptions.length > 1)\n\n/** Handles authentication tab selection */\nconst handleTabChange = (index: number) =>\n  eventBus.emit('auth:update:active-index', {\n    index,\n    meta,\n  })\n\n/** Handles updates to OAuth scope selection */\nconst handleScopesUpdate = (\n  params: Omit<ApiReferenceEvents['auth:update:selected-scopes'], 'meta'>,\n): void =>\n  eventBus.emit('auth:update:selected-scopes', {\n    ...params,\n    meta,\n  })\n\n/** Determines if a tab is currently active */\nconst isTabActive = (index: number): boolean => activeAuthIndex === index\n\n/** Expose the active scheme for parent component access */\ndefineExpose({\n  activeScheme,\n})\n</script>\n\n<template>\n  <form @submit.prevent>\n    <!-- Authentication Tabs -->\n    <div\n      v-if=\"shouldShowTabs\"\n      class=\"box-content flex flex-wrap gap-x-2.5 overflow-hidden border border-b-0 px-3\"\n      :class=\"{ 'border-x-0': !isStatic }\"\n      data-testid=\"auth-tabs\">\n      <div\n        v-for=\"(option, index) in selectedSchemeOptions\"\n        :key=\"option.id\"\n        class=\"relative z-1 -mb-[var(--scalar-border-width)] flex h-8\">\n        <button\n          class=\"floating-bg relative cursor-pointer border-b border-transparent py-1 text-sm font-medium transition-colors\"\n          :class=\"isTabActive(index) ? 'text-c-1' : 'text-c-3'\"\n          type=\"button\"\n          @click=\"handleTabChange(index)\">\n          <span class=\"relative z-10 font-medium whitespace-nowrap\">\n            {{ option.label }}\n          </span>\n        </button>\n\n        <!-- Active Tab Indicator -->\n        <div\n          v-if=\"isTabActive(index)\"\n          class=\"absolute inset-x-1 bottom-[var(--scalar-border-width)] left-1/2 z-1 h-px w-full -translate-x-1/2 bg-current\" />\n      </div>\n    </div>\n\n    <!-- Active Authentication Scheme Content -->\n    <DataTable\n      v-if=\"activeScheme\"\n      class=\"flex-1\"\n      :class=\"{ 'bg-b-1 rounded-b-lg border border-t-0': isStatic }\"\n      :columns=\"['']\"\n      presentational>\n      <RequestAuthTab\n        :environment\n        :eventBus\n        :isStatic\n        :proxyUrl\n        :securitySchemes\n        :selectedSecuritySchemas=\"activeScheme.value\"\n        :server\n        @update:selectedScopes=\"handleScopesUpdate\" />\n    </DataTable>\n\n    <!-- Empty State -->\n    <div\n      v-else\n      class=\"bg-b-1 text-c-3 flex min-h-16 items-center justify-center border-t px-4 text-sm\"\n      :class=\"{ 'min-h-[calc(4rem+0.5px)] rounded-b-lg border': isStatic }\">\n      No authentication selected\n    </div>\n  </form>\n</template>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;EA+CA,MAAM,eAAe,eACb,QAAA,sBAAsB,QAAA,iBAC9B;;;;;EAMA,MAAM,iBAAiB,eAAwB,QAAA,sBAAsB,SAAS,EAAC;;EAG/E,MAAM,mBAAmB,UACvB,QAAA,SAAS,KAAK,4BAA4B;GACxC;GACA,MAAG,QAAA;GACJ,CAAA;;EAGH,MAAM,sBACJ,WAEA,QAAA,SAAS,KAAK,+BAA+B;GAC3C,GAAG;GACH,MAAG,QAAA;GACJ,CAAA;;EAGH,MAAM,eAAe,UAA2B,QAAA,oBAAoB;;AAGpE,WAAa,EACX,cACD,CAAA;;uBAIC,mBAqDO,QAAA,EArDA,UAAM,OAAA,OAAA,OAAA,KAAA,oBAAP,IAAe,CAAA,UAAA,CAAA,GAAA,EAAA,CAGX,eAAA,SAAA,WAAA,EADR,mBAwBM,OAAA;;IAtBJ,OAAK,eAAA,CAAC,+EAA6E,EAAA,cAAA,CAC1D,QAAA,UAAQ,CAAA,CAAA;IACjC,eAAY;yBACZ,mBAkBM,UAAA,MAAA,WAjBsB,QAAA,wBAAlB,QAAQ,UAAK;wBADvB,mBAkBM,OAAA;KAhBH,KAAK,OAAO;KACb,OAAM;QACN,mBAQS,UAAA;KAPP,OAAK,eAAA,CAAC,8GACE,YAAY,MAAK,GAAA,aAAA,WAAA,CAAA;KACzB,MAAK;KACJ,UAAK,WAAE,gBAAgB,MAAK;QAC7B,mBAEO,QAFP,YAEO,gBADF,OAAO,MAAK,EAAA,EAAA,CAAA,EAAA,IAAA,WAAA,EAMX,YAAY,MAAK,IAAA,WAAA,EADzB,mBAEwH,OAFxH,WAEwH,IAAA,mBAAA,IAAA,KAAA,CAAA,CAAA;mDAMpH,aAAA,SAAA,WAAA,EADR,YAeY,MAAA,kBAAA,EAAA;;IAbV,OAAK,eAAA,CAAC,UAAQ,EAAA,yCACqC,QAAA,UAAQ,CAAA,CAAA;IAC1D,SAAS,CAAA,GAAI;IACd,gBAAA;;2BASgD,CARhD,YAQgD,wBAAA;KAP7C,aAAA,QAAA;KACA,UAAA,QAAA;KACA,UAAA,QAAA;KACA,UAAA,QAAA;KACA,iBAAA,QAAA;KACA,yBAAyB,aAAA,MAAa;KACtC,QAAA,QAAA;KACA,2BAAuB;;;;;;;;;;;qCAI5B,mBAKM,OAAA;;IAHJ,OAAK,eAAA,CAAC,mFAAiF,EAAA,gDAC7B,QAAA,UAAQ,CAAA,CAAA;MAAI,gCAExE,EAAA,EAAA,EAAA,GAAA"}
+{"version":3,"file":"RequestAuthDataTable.vue.script.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthDataTable.vue"],"sourcesContent":["<script setup lang=\"ts\">\nimport type {\n  ApiReferenceEvents,\n  AuthMeta,\n  WorkspaceEventBus,\n} from '@scalar/workspace-store/events'\nimport type { MergedSecuritySchemes } from '@scalar/workspace-store/request-example'\nimport type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments'\nimport type { ServerObject } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { computed } from 'vue'\n\nimport type { OAuth2Options } from '@/v2/blocks/scalar-auth-selector-block/components/OAuth2.vue'\nimport type { SecuritySchemeOption } from '@/v2/blocks/scalar-auth-selector-block/helpers/security-scheme'\nimport { DataTable } from '@/v2/components/data-table'\n\nimport RequestAuthTab from './RequestAuthTab.vue'\n\nconst {\n  environment,\n  isStatic,\n  selectedSchemeOptions,\n  activeAuthIndex,\n  securitySchemes = {},\n  server,\n  eventBus,\n  meta,\n  options,\n} = defineProps<{\n  /** The current environment configuration */\n  environment: XScalarEnvironment\n  /** Controls border display for static (non-collapsible) layouts */\n  isStatic: boolean\n  /** Available authentication scheme options */\n  selectedSchemeOptions: SecuritySchemeOption[]\n  /** Index of the currently active authentication tab */\n  activeAuthIndex: number\n  /** Proxy URL */\n  proxyUrl: string\n  /** OpenAPI security scheme definitions */\n  securitySchemes: MergedSecuritySchemes\n  /** Current server configuration */\n  server: ServerObject | null\n  /** Event bus for authentication updates */\n  eventBus: WorkspaceEventBus\n  /** Metadata for authentication context */\n  meta: AuthMeta\n  /**  Any config options required for the OAuth2 flow */\n  options?: OAuth2Options\n}>()\n\n/** Currently selected authentication scheme based on the active tab index */\nconst activeScheme = computed<SecuritySchemeOption | undefined>(\n  () => selectedSchemeOptions[activeAuthIndex],\n)\n\n/**\n * Whether to display multiple authentication tabs.\n * Only shows tabs when there are 2 or more schemes available.\n */\nconst shouldShowTabs = computed<boolean>(() => selectedSchemeOptions.length > 1)\n\n/** Handles authentication tab selection */\nconst handleTabChange = (index: number) =>\n  eventBus.emit('auth:update:active-index', {\n    index,\n    meta,\n  })\n\n/** Handles updates to OAuth scope selection */\nconst handleScopesUpdate = (\n  params: Omit<ApiReferenceEvents['auth:update:selected-scopes'], 'meta'>,\n): void =>\n  eventBus.emit('auth:update:selected-scopes', {\n    ...params,\n    meta,\n  })\n\n/** Determines if a tab is currently active */\nconst isTabActive = (index: number): boolean => activeAuthIndex === index\n\n/** Expose the active scheme for parent component access */\ndefineExpose({\n  activeScheme,\n})\n</script>\n\n<template>\n  <form @submit.prevent>\n    <!-- Authentication Tabs -->\n    <div\n      v-if=\"shouldShowTabs\"\n      class=\"box-content flex flex-wrap gap-x-2.5 overflow-hidden border-x border-t px-3\"\n      :class=\"{ 'border-x-0': !isStatic }\"\n      data-testid=\"auth-tabs\">\n      <div\n        v-for=\"(option, index) in selectedSchemeOptions\"\n        :key=\"option.id\"\n        class=\"relative z-1 -mb-[var(--scalar-border-width)] flex h-8\">\n        <button\n          class=\"floating-bg relative cursor-pointer border-b border-transparent py-1 text-sm font-medium transition-colors\"\n          :class=\"isTabActive(index) ? 'text-c-1' : 'text-c-3'\"\n          type=\"button\"\n          @click=\"handleTabChange(index)\">\n          <span class=\"relative z-10 font-medium whitespace-nowrap\">\n            {{ option.label }}\n          </span>\n        </button>\n\n        <!-- Active Tab Indicator -->\n        <div\n          v-if=\"isTabActive(index)\"\n          class=\"absolute inset-x-1 bottom-[var(--scalar-border-width)] left-1/2 z-1 h-px w-full -translate-x-1/2 bg-current\" />\n      </div>\n    </div>\n\n    <!-- Active Authentication Scheme Content -->\n    <DataTable\n      v-if=\"activeScheme\"\n      class=\"flex-1\"\n      :class=\"{ 'bg-b-1 rounded-b-lg border-x border-b': isStatic }\"\n      :columns=\"['']\"\n      presentational>\n      <RequestAuthTab\n        :environment\n        :eventBus\n        :isStatic\n        :options\n        :proxyUrl\n        :securitySchemes\n        :selectedSecuritySchemas=\"activeScheme.value\"\n        :server\n        @update:selectedScopes=\"handleScopesUpdate\" />\n    </DataTable>\n\n    <!-- Empty State -->\n    <div\n      v-else\n      class=\"bg-b-1 text-c-3 flex min-h-16 items-center justify-center border-t px-4 text-sm\"\n      :class=\"{ 'min-h-[calc(4rem+0.5px)] rounded-b-lg border': isStatic }\">\n      No authentication selected\n    </div>\n  </form>\n</template>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;EAmDA,MAAM,eAAe,eACb,QAAA,sBAAsB,QAAA,iBAC9B;;;;;EAMA,MAAM,iBAAiB,eAAwB,QAAA,sBAAsB,SAAS,EAAC;;EAG/E,MAAM,mBAAmB,UACvB,QAAA,SAAS,KAAK,4BAA4B;GACxC;GACA,MAAG,QAAA;GACJ,CAAA;;EAGH,MAAM,sBACJ,WAEA,QAAA,SAAS,KAAK,+BAA+B;GAC3C,GAAG;GACH,MAAG,QAAA;GACJ,CAAA;;EAGH,MAAM,eAAe,UAA2B,QAAA,oBAAoB;;AAGpE,WAAa,EACX,cACD,CAAA;;uBAIC,mBAsDO,QAAA,EAtDA,UAAM,OAAA,OAAA,OAAA,KAAA,oBAAP,IAAe,CAAA,UAAA,CAAA,GAAA,EAAA,CAGX,eAAA,SAAA,WAAA,EADR,mBAwBM,OAAA;;IAtBJ,OAAK,eAAA,CAAC,+EAA6E,EAAA,cAAA,CAC1D,QAAA,UAAQ,CAAA,CAAA;IACjC,eAAY;yBACZ,mBAkBM,UAAA,MAAA,WAjBsB,QAAA,wBAAlB,QAAQ,UAAK;wBADvB,mBAkBM,OAAA;KAhBH,KAAK,OAAO;KACb,OAAM;QACN,mBAQS,UAAA;KAPP,OAAK,eAAA,CAAC,8GACE,YAAY,MAAK,GAAA,aAAA,WAAA,CAAA;KACzB,MAAK;KACJ,UAAK,WAAE,gBAAgB,MAAK;QAC7B,mBAEO,QAFP,YAEO,gBADF,OAAO,MAAK,EAAA,EAAA,CAAA,EAAA,IAAA,WAAA,EAMX,YAAY,MAAK,IAAA,WAAA,EADzB,mBAEwH,OAFxH,WAEwH,IAAA,mBAAA,IAAA,KAAA,CAAA,CAAA;mDAMpH,aAAA,SAAA,WAAA,EADR,YAgBY,MAAA,kBAAA,EAAA;;IAdV,OAAK,eAAA,CAAC,UAAQ,EAAA,yCACqC,QAAA,UAAQ,CAAA,CAAA;IAC1D,SAAS,CAAA,GAAI;IACd,gBAAA;;2BAUgD,CAThD,YASgD,wBAAA;KAR7C,aAAA,QAAA;KACA,UAAA,QAAA;KACA,UAAA,QAAA;KACA,SAAA,QAAA;KACA,UAAA,QAAA;KACA,iBAAA,QAAA;KACA,yBAAyB,aAAA,MAAa;KACtC,QAAA,QAAA;KACA,2BAAuB;;;;;;;;;;;;qCAI5B,mBAKM,OAAA;;IAHJ,OAAK,eAAA,CAAC,mFAAiF,EAAA,gDAC7B,QAAA,UAAQ,CAAA,CAAA;MAAI,gCAExE,EAAA,EAAA,EAAA,GAAA"}

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthDataTableInput.vue.d.ts

@@ -24,8 +24,8 @@ declare const __VLS_base: import("vue").DefineComponent<__VLS_PublicProps, {}, {
     inputFocus: () => any;
     inputBlur: () => any;
 }, string, import("vue").PublicProps, Readonly<__VLS_PublicProps> & Readonly<{
-    onSelectVariable?: ((value: string) => any) | undefined;
     "onUpdate:modelValue"?: ((value: string) => any) | undefined;
+    onSelectVariable?: ((value: string) => any) | undefined;
     onInputFocus?: (() => any) | undefined;
     onInputBlur?: (() => any) | undefined;
 }>, {}, {}, {}, {}, string, import("vue").ComponentProvideOptions, false, {}, any>;

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue.d.ts

@@ -2,6 +2,7 @@ import type { WorkspaceEventBus } from '@scalar/workspace-store/events';
 import type { MergedSecuritySchemes } from '@scalar/workspace-store/request-example';
 import type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments';
 import type { SecurityRequirementObject, ServerObject } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document';
+import { type OAuth2Options } from './OAuth2.vue.js';
 type __VLS_Props = {
     /** Current environment configuration */
     environment: XScalarEnvironment;
@@ -17,6 +18,8 @@ type __VLS_Props = {
     server: ServerObject | null;
     /** Event bus for authentication updates */
     eventBus: WorkspaceEventBus;
+    /**  Any config options required for the OAuth2 flow */
+    options?: OAuth2Options;
 };
 declare const __VLS_export: import("vue").DefineComponent<__VLS_Props, {}, {}, {}, {}, import("vue").ComponentOptionsMixin, import("vue").ComponentOptionsMixin, {} & {
     "update:selectedScopes": (payload: Omit<{

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"RequestAuthTab.vue.d.ts","sourceRoot":"","sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue"],"names":[],"mappings":"AA0XA,OAAO,KAAK,EAEV,iBAAiB,EAClB,MAAM,gCAAgC,CAAA;AAEvC,OAAO,KAAK,EACV,qBAAqB,EAEtB,MAAM,yCAAyC,CAAA;AAChD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2EAA2E,CAAA;AACnH,OAAO,KAAK,EAEV,yBAAyB,EACzB,YAAY,EACb,MAAM,8DAA8D,CAAA;AAerE,KAAK,WAAW,GAAG;IACjB,wCAAwC;IACxC,WAAW,EAAE,kBAAkB,CAAA;IAC/B,yFAAyF;IACzF,QAAQ,EAAE,OAAO,CAAA;IACjB,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,+BAA+B;IAC/B,uBAAuB,EAAE,yBAAyB,CAAA;IAClD,oGAAoG;IACpG,eAAe,EAAE,qBAAqB,CAAA;IACtC,mCAAmC;IACnC,MAAM,EAAE,YAAY,GAAG,IAAI,CAAA;IAC3B,2CAA2C;IAC3C,QAAQ,EAAE,iBAAiB,CAAA;CAC5B,CAAC;AAsoBF,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;kFAGhB,CAAC;wBACkB,OAAO,YAAY;AAAxC,wBAAyC"}
+{"version":3,"file":"RequestAuthTab.vue.d.ts","sourceRoot":"","sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue"],"names":[],"mappings":"AA8XA,OAAO,KAAK,EAEV,iBAAiB,EAClB,MAAM,gCAAgC,CAAA;AAEvC,OAAO,KAAK,EACV,qBAAqB,EAEtB,MAAM,yCAAyC,CAAA;AAChD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2EAA2E,CAAA;AACnH,OAAO,KAAK,EAEV,yBAAyB,EACzB,YAAY,EACb,MAAM,8DAA8D,CAAA;AAKrE,OAAe,EAAE,KAAK,aAAa,EAAE,MAAM,cAAc,CAAA;AAUzD,KAAK,WAAW,GAAG;IACjB,wCAAwC;IACxC,WAAW,EAAE,kBAAkB,CAAA;IAC/B,yFAAyF;IACzF,QAAQ,EAAE,OAAO,CAAA;IACjB,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,+BAA+B;IAC/B,uBAAuB,EAAE,yBAAyB,CAAA;IAClD,oGAAoG;IACpG,eAAe,EAAE,qBAAqB,CAAA;IACtC,mCAAmC;IACnC,MAAM,EAAE,YAAY,GAAG,IAAI,CAAA;IAC3B,2CAA2C;IAC3C,QAAQ,EAAE,iBAAiB,CAAA;IAC3B,uDAAuD;IACvD,OAAO,CAAC,EAAE,aAAa,CAAA;CACxB,CAAC;AAyoBF,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;kFAGhB,CAAC;wBACkB,OAAO,YAAY;AAAxC,wBAAyC"}

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue.js.map

@@ -1 +1 @@
-{"version":3,"file":"RequestAuthTab.vue.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue"],"sourcesContent":["<script setup lang=\"ts\">\nimport { ScalarMarkdownSummary } from '@scalar/components'\nimport type {\n  SecretsApiKey,\n  SecretsHttp,\n} from '@scalar/workspace-store/entities/auth'\nimport type {\n  ApiReferenceEvents,\n  WorkspaceEventBus,\n} from '@scalar/workspace-store/events'\nimport { getResolvedRef } from '@scalar/workspace-store/helpers/get-resolved-ref'\nimport type {\n  MergedSecuritySchemes,\n  SecuritySchemeObjectSecret,\n} from '@scalar/workspace-store/request-example'\nimport type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments'\nimport type {\n  ApiKeyObject,\n  SecurityRequirementObject,\n  ServerObject,\n} from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { capitalize, computed, ref } from 'vue'\n\nimport { DataTableCell, DataTableRow } from '@/v2/components/data-table'\n\nimport OAuth2 from './OAuth2.vue'\nimport OpenIDConnect from './OpenIDConnect.vue'\nimport RequestAuthDataTableInput from './RequestAuthDataTableInput.vue'\n\ntype SecurityItem = {\n  scheme: SecuritySchemeObjectSecret | undefined\n  name: string\n  scopes: string[]\n}\n\nconst {\n  environment,\n  isStatic,\n  proxyUrl,\n  selectedSecuritySchemas,\n  securitySchemes,\n  server,\n  eventBus,\n} = defineProps<{\n  /** Current environment configuration */\n  environment: XScalarEnvironment\n  /** Controls the display of certain borders which are used when we are non-collapsible */\n  isStatic: boolean\n  /** Proxy URL */\n  proxyUrl: string\n  /** Selected security schemes*/\n  selectedSecuritySchemas: SecurityRequirementObject\n  /** Merged security schemes from the document and the config together with the auth store secrets */\n  securitySchemes: MergedSecuritySchemes\n  /** Current server configuration */\n  server: ServerObject | null\n  /** Event bus for authentication updates */\n  eventBus: WorkspaceEventBus\n}>()\n\nconst emits = defineEmits<{\n  (\n    e: 'update:selectedScopes',\n    payload: Omit<ApiReferenceEvents['auth:update:selected-scopes'], 'meta'>,\n  ): void\n}>()\n\n/**\n * Resolves security schemes from the OpenAPI document and combines them with their selected scopes.\n * Each item includes the scheme definition, name, and associated scopes.\n */\nconst security = computed<SecurityItem[]>(() =>\n  Object.entries(selectedSecuritySchemas).map(([name, scopes = []]) => ({\n    scheme: getResolvedRef(securitySchemes[name]),\n    name,\n    scopes,\n  })),\n)\n\n/** Tracks which OAuth2 flow is currently active when multiple flows are available. */\nconst activeFlow = ref<string>('')\n\n/** Keeps the selected flow in sync with currently available flow keys. */\nconst selectedFlow = computed<string>(() => {\n  const authFlowKeys = security.value.flatMap(({ scheme }) => {\n    if (scheme?.type !== 'oauth2' && scheme?.type !== 'openIdConnect') {\n      return []\n    }\n\n    return Object.keys(scheme.flows ?? {})\n  })\n\n  return authFlowKeys.includes(activeFlow.value) ? activeFlow.value : ''\n})\n\nconst setActiveFlow = (flow: string): void => {\n  activeFlow.value = flow\n}\n\n/** Determines if multiple auth schemes are configured, which affects the UI layout. */\nconst hasMultipleSchemes = computed<boolean>(() => security.value.length > 1)\n\n/**\n * Generates a human-readable label for the security scheme.\n * Intentionally omits the description here — it is rendered separately as\n * rich text via ScalarMarkdownSummary so markdown formatting is preserved.\n */\nconst generateLabel = (\n  name: string,\n  scheme: SecuritySchemeObjectSecret,\n): string => {\n  const capitalizedName = capitalize(name)\n\n  switch (scheme.type) {\n    case 'apiKey':\n      return `${capitalizedName}: ${scheme.in}`\n\n    case 'openIdConnect':\n    case 'oauth2': {\n      const firstFlow = Object.keys(scheme.flows ?? {})[0]\n      const currentFlow = selectedFlow.value || firstFlow\n      if (!currentFlow) {\n        return capitalizedName\n      }\n      return `${capitalizedName}: ${currentFlow}`\n    }\n\n    case 'http':\n      return `${capitalizedName}: ${scheme.scheme}`\n\n    default:\n      return capitalizedName\n  }\n}\n\n/**\n * Determines if an OAuth2 flow tab should be active.\n * The first flow is active by default if no flow is explicitly selected.\n */\nconst isFlowActive = (flowKey: string, index: number): boolean =>\n  selectedFlow.value === flowKey || (index === 0 && !selectedFlow.value)\n\n/** Computes the container class for static display mode. */\nconst getStaticBorderClass = (): string | false => isStatic && 'border-t'\n\nconst handleHttpSecretsUpdate = (\n  payload: Omit<Partial<SecretsHttp>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme-secrets', {\n    payload: { type: 'http', ...payload },\n    name,\n  })\n\nconst handleApiKeySecretsUpdate = (\n  payload: Omit<Partial<SecretsApiKey>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme-secrets', {\n    payload: { type: 'apiKey', ...payload },\n    name,\n  })\n\nconst handleApiKeySecuritySchemeUpdate = (\n  payload: Omit<Partial<ApiKeyObject>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme', {\n    payload: { type: 'apiKey', ...payload },\n    name,\n  })\n\n/** Handles scope selection updates for OAuth2 */\nconst handleScopesUpdate = (\n  name: string,\n  event: { scopes: string[] },\n): void => {\n  emits('update:selectedScopes', {\n    id: Object.keys(selectedSecuritySchemas),\n    name,\n    ...event,\n  })\n}\n\n/**\n * Computes dynamic classes for OAuth2 flow tabs based on active state.\n */\nconst getFlowTabClasses = (flowKey: string, index: number): string => {\n  const baseClasses =\n    'floating-bg text-c-3 relative cursor-pointer border-b border-transparent py-1 text-base font-medium'\n  const activeClasses = '!text-c-1 !rounded-none border-b !border-current'\n\n  return isFlowActive(flowKey, index)\n    ? `${baseClasses} ${activeClasses} ${isStatic ? 'opacity-100' : ''}`\n    : baseClasses\n}\n</script>\n<template>\n  <template\n    v-for=\"{ scheme, name, scopes } in security\"\n    :key=\"name\">\n    <!--\n      Header row for AND'ed schemes: label (bold) and description (rich text) are\n      combined.\n    -->\n    <DataTableRow v-if=\"hasMultipleSchemes && scheme\">\n      <DataTableCell\n        :aria-label=\"generateLabel(name, scheme)\"\n        class=\"max-h-[auto]\">\n        <div class=\"bg-b-1 min-w-0 flex-1 px-3 py-1.25\">\n          <p class=\"text-c-1 leading-5.5 font-medium\">\n            {{ generateLabel(name, scheme) }}\n          </p>\n          <ScalarMarkdownSummary\n            v-if=\"scheme.description\"\n            class=\"auth-description text-c-2 w-full\"\n            :value=\"scheme.description\" />\n        </div>\n      </DataTableCell>\n    </DataTableRow>\n\n    <!-- Description: shown for single auth schemes with descriptions -->\n    <DataTableRow v-if=\"scheme?.description && !hasMultipleSchemes\">\n      <DataTableCell\n        :aria-label=\"scheme.description\"\n        class=\"max-h-[auto]\">\n        <ScalarMarkdownSummary\n          class=\"auth-description bg-b-1 text-c-2 min-w-0 flex-1 px-3 py-1.25\"\n          :value=\"scheme.description\" />\n      </DataTableCell>\n    </DataTableRow>\n\n    <!-- HTTP Authentication -->\n    <template v-if=\"scheme?.type === 'http'\">\n      <!-- Bearer Token -->\n      <DataTableRow v-if=\"scheme.scheme === 'bearer'\">\n        <RequestAuthDataTableInput\n          :containerClass=\"getStaticBorderClass()\"\n          :environment\n          :modelValue=\"scheme['x-scalar-secret-token']\"\n          placeholder=\"Token\"\n          type=\"password\"\n          @update:modelValue=\"\n            (v) => handleHttpSecretsUpdate({ 'x-scalar-secret-token': v }, name)\n          \">\n          Bearer Token\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n\n      <!-- HTTP Basic Authentication -->\n      <template v-else-if=\"scheme?.scheme === 'basic'\">\n        <DataTableRow>\n          <RequestAuthDataTableInput\n            class=\"text-c-2\"\n            :environment\n            :modelValue=\"scheme['x-scalar-secret-username']\"\n            placeholder=\"janedoe\"\n            required\n            @update:modelValue=\"\n              (v) =>\n                handleHttpSecretsUpdate({ 'x-scalar-secret-username': v }, name)\n            \">\n            Username\n          </RequestAuthDataTableInput>\n        </DataTableRow>\n        <DataTableRow>\n          <RequestAuthDataTableInput\n            :environment\n            :modelValue=\"scheme['x-scalar-secret-password']\"\n            placeholder=\"********\"\n            type=\"password\"\n            @update:modelValue=\"\n              (v) =>\n                handleHttpSecretsUpdate({ 'x-scalar-secret-password': v }, name)\n            \">\n            Password\n          </RequestAuthDataTableInput>\n        </DataTableRow>\n      </template>\n    </template>\n\n    <!-- API Key Authentication -->\n    <template v-else-if=\"scheme?.type === 'apiKey'\">\n      <DataTableRow>\n        <RequestAuthDataTableInput\n          :containerClass=\"getStaticBorderClass()\"\n          :environment\n          :modelValue=\"scheme.name\"\n          placeholder=\"api-key\"\n          @update:modelValue=\"\n            (v) => handleApiKeySecuritySchemeUpdate({ name: v }, name)\n          \">\n          Name\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n      <DataTableRow>\n        <RequestAuthDataTableInput\n          :environment\n          :modelValue=\"scheme['x-scalar-secret-token']\"\n          placeholder=\"QUxMIFlPVVIgQkFTRSBBUkUgQkVMT05HIFRPIFVT\"\n          type=\"password\"\n          @update:modelValue=\"\n            (v) =>\n              handleApiKeySecretsUpdate({ 'x-scalar-secret-token': v }, name)\n          \">\n          Value\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n    </template>\n\n    <!-- OAuth 2.0  / OpenID Connect Authentication -->\n    <template\n      v-else-if=\"scheme?.type === 'oauth2' || scheme?.type === 'openIdConnect'\">\n      <!-- OpenID Connect -->\n      <OpenIDConnect\n        v-if=\"\n          scheme?.type === 'openIdConnect' &&\n          !Object.keys(scheme.flows ?? {}).length\n        \"\n        :environment\n        :eventBus\n        :getStaticBorderClass\n        :name\n        :proxyUrl\n        :scheme />\n\n      <!-- Flow selector tabs: shown when multiple flows are available -->\n      <DataTableRow v-if=\"Object.keys(scheme.flows ?? {}).length > 1\">\n        <div class=\"flex min-h-8 border-t text-base\">\n          <div class=\"flex h-8 max-w-full gap-2.5 overflow-x-auto px-3\">\n            <button\n              v-for=\"(_, key, ind) in scheme.flows\"\n              :key=\"key\"\n              :class=\"getFlowTabClasses(key, ind)\"\n              type=\"button\"\n              @click=\"setActiveFlow(key)\">\n              <span class=\"relative z-10\">{{ key }}</span>\n            </button>\n          </div>\n        </div>\n      </DataTableRow>\n\n      <!-- OAuth2 flow configuration -->\n      <template\n        v-for=\"(_flow, key, ind) in scheme.flows\"\n        :key=\"key\">\n        <OAuth2\n          v-if=\"scheme.flows && isFlowActive(key, ind)\"\n          :environment\n          :eventBus\n          :flows=\"scheme.flows\"\n          :name=\"name\"\n          :proxyUrl\n          :scheme\n          :selectedScopes=\"scopes\"\n          :server=\"server\"\n          :type=\"key\"\n          @update:selectedScopes=\"(event) => handleScopesUpdate(name, event)\" />\n      </template>\n    </template>\n\n    <!-- Scheme is missing type -->\n    <div\n      v-else\n      class=\"text-c-3 flex items-center justify-center border-t p-4 px-4 text-center text-xs text-balance\">\n      The security scheme is missing a type, please double check your OpenAPI\n      document or Authentication Configuration\n    </div>\n  </template>\n</template>\n"],"mappings":""}
+{"version":3,"file":"RequestAuthTab.vue.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue"],"sourcesContent":["<script setup lang=\"ts\">\nimport { ScalarMarkdownSummary } from '@scalar/components'\nimport type {\n  SecretsApiKey,\n  SecretsHttp,\n} from '@scalar/workspace-store/entities/auth'\nimport type {\n  ApiReferenceEvents,\n  WorkspaceEventBus,\n} from '@scalar/workspace-store/events'\nimport { getResolvedRef } from '@scalar/workspace-store/helpers/get-resolved-ref'\nimport type {\n  MergedSecuritySchemes,\n  SecuritySchemeObjectSecret,\n} from '@scalar/workspace-store/request-example'\nimport type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments'\nimport type {\n  ApiKeyObject,\n  SecurityRequirementObject,\n  ServerObject,\n} from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { capitalize, computed, ref } from 'vue'\n\nimport { DataTableCell, DataTableRow } from '@/v2/components/data-table'\n\nimport OAuth2, { type OAuth2Options } from './OAuth2.vue'\nimport OpenIDConnect from './OpenIDConnect.vue'\nimport RequestAuthDataTableInput from './RequestAuthDataTableInput.vue'\n\ntype SecurityItem = {\n  scheme: SecuritySchemeObjectSecret | undefined\n  name: string\n  scopes: string[]\n}\n\nconst {\n  environment,\n  isStatic,\n  proxyUrl,\n  selectedSecuritySchemas,\n  securitySchemes,\n  server,\n  eventBus,\n  options,\n} = defineProps<{\n  /** Current environment configuration */\n  environment: XScalarEnvironment\n  /** Controls the display of certain borders which are used when we are non-collapsible */\n  isStatic: boolean\n  /** Proxy URL */\n  proxyUrl: string\n  /** Selected security schemes*/\n  selectedSecuritySchemas: SecurityRequirementObject\n  /** Merged security schemes from the document and the config together with the auth store secrets */\n  securitySchemes: MergedSecuritySchemes\n  /** Current server configuration */\n  server: ServerObject | null\n  /** Event bus for authentication updates */\n  eventBus: WorkspaceEventBus\n  /**  Any config options required for the OAuth2 flow */\n  options?: OAuth2Options\n}>()\n\nconst emits = defineEmits<{\n  (\n    e: 'update:selectedScopes',\n    payload: Omit<ApiReferenceEvents['auth:update:selected-scopes'], 'meta'>,\n  ): void\n}>()\n\n/**\n * Resolves security schemes from the OpenAPI document and combines them with their selected scopes.\n * Each item includes the scheme definition, name, and associated scopes.\n */\nconst security = computed<SecurityItem[]>(() =>\n  Object.entries(selectedSecuritySchemas).map(([name, scopes = []]) => ({\n    scheme: getResolvedRef(securitySchemes[name]),\n    name,\n    scopes,\n  })),\n)\n\n/** Tracks which OAuth2 flow is currently active when multiple flows are available. */\nconst activeFlow = ref<string>('')\n\n/** Keeps the selected flow in sync with currently available flow keys. */\nconst selectedFlow = computed<string>(() => {\n  const authFlowKeys = security.value.flatMap(({ scheme }) => {\n    if (scheme?.type !== 'oauth2' && scheme?.type !== 'openIdConnect') {\n      return []\n    }\n\n    return Object.keys(scheme.flows ?? {})\n  })\n\n  return authFlowKeys.includes(activeFlow.value) ? activeFlow.value : ''\n})\n\nconst setActiveFlow = (flow: string): void => {\n  activeFlow.value = flow\n}\n\n/** Determines if multiple auth schemes are configured, which affects the UI layout. */\nconst hasMultipleSchemes = computed<boolean>(() => security.value.length > 1)\n\n/**\n * Generates a human-readable label for the security scheme.\n * Intentionally omits the description here — it is rendered separately as\n * rich text via ScalarMarkdownSummary so markdown formatting is preserved.\n */\nconst generateLabel = (\n  name: string,\n  scheme: SecuritySchemeObjectSecret,\n): string => {\n  const capitalizedName = capitalize(name)\n\n  switch (scheme.type) {\n    case 'apiKey':\n      return `${capitalizedName}: ${scheme.in}`\n\n    case 'openIdConnect':\n    case 'oauth2': {\n      const firstFlow = Object.keys(scheme.flows ?? {})[0]\n      const currentFlow = selectedFlow.value || firstFlow\n      if (!currentFlow) {\n        return capitalizedName\n      }\n      return `${capitalizedName}: ${currentFlow}`\n    }\n\n    case 'http':\n      return `${capitalizedName}: ${scheme.scheme}`\n\n    default:\n      return capitalizedName\n  }\n}\n\n/**\n * Determines if an OAuth2 flow tab should be active.\n * The first flow is active by default if no flow is explicitly selected.\n */\nconst isFlowActive = (flowKey: string, index: number): boolean =>\n  selectedFlow.value === flowKey || (index === 0 && !selectedFlow.value)\n\n/** Computes the container class for static display mode. */\nconst getStaticBorderClass = (): string | false => isStatic && 'border-t'\n\nconst handleHttpSecretsUpdate = (\n  payload: Omit<Partial<SecretsHttp>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme-secrets', {\n    payload: { type: 'http', ...payload },\n    name,\n  })\n\nconst handleApiKeySecretsUpdate = (\n  payload: Omit<Partial<SecretsApiKey>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme-secrets', {\n    payload: { type: 'apiKey', ...payload },\n    name,\n  })\n\nconst handleApiKeySecuritySchemeUpdate = (\n  payload: Omit<Partial<ApiKeyObject>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme', {\n    payload: { type: 'apiKey', ...payload },\n    name,\n  })\n\n/** Handles scope selection updates for OAuth2 */\nconst handleScopesUpdate = (\n  name: string,\n  event: { scopes: string[] },\n): void => {\n  emits('update:selectedScopes', {\n    id: Object.keys(selectedSecuritySchemas),\n    name,\n    ...event,\n  })\n}\n\n/**\n * Computes dynamic classes for OAuth2 flow tabs based on active state.\n */\nconst getFlowTabClasses = (flowKey: string, index: number): string => {\n  const baseClasses =\n    'floating-bg text-c-3 relative cursor-pointer border-b border-transparent py-1 text-base font-medium'\n  const activeClasses = '!text-c-1 !rounded-none border-b !border-current'\n\n  return isFlowActive(flowKey, index)\n    ? `${baseClasses} ${activeClasses} ${isStatic ? 'opacity-100' : ''}`\n    : baseClasses\n}\n</script>\n<template>\n  <template\n    v-for=\"{ scheme, name, scopes } in security\"\n    :key=\"name\">\n    <!--\n      Header row for AND'ed schemes: label (bold) and description (rich text) are\n      combined.\n    -->\n    <DataTableRow v-if=\"hasMultipleSchemes && scheme\">\n      <DataTableCell\n        :aria-label=\"generateLabel(name, scheme)\"\n        class=\"max-h-[auto]\">\n        <div class=\"bg-b-1 min-w-0 flex-1 px-3 py-1.25\">\n          <p class=\"text-c-1 leading-5.5 font-medium\">\n            {{ generateLabel(name, scheme) }}\n          </p>\n          <ScalarMarkdownSummary\n            v-if=\"scheme.description\"\n            class=\"auth-description text-c-2 w-full\"\n            :value=\"scheme.description\" />\n        </div>\n      </DataTableCell>\n    </DataTableRow>\n\n    <!-- Description: shown for single auth schemes with descriptions -->\n    <DataTableRow v-if=\"scheme?.description && !hasMultipleSchemes\">\n      <DataTableCell\n        :aria-label=\"scheme.description\"\n        class=\"max-h-[auto]\">\n        <ScalarMarkdownSummary\n          class=\"auth-description bg-b-1 text-c-2 min-w-0 flex-1 px-3 py-1.25\"\n          :value=\"scheme.description\" />\n      </DataTableCell>\n    </DataTableRow>\n\n    <!-- HTTP Authentication -->\n    <template v-if=\"scheme?.type === 'http'\">\n      <!-- Bearer Token -->\n      <DataTableRow v-if=\"scheme.scheme === 'bearer'\">\n        <RequestAuthDataTableInput\n          :containerClass=\"getStaticBorderClass()\"\n          :environment\n          :modelValue=\"scheme['x-scalar-secret-token']\"\n          placeholder=\"Token\"\n          type=\"password\"\n          @update:modelValue=\"\n            (v) => handleHttpSecretsUpdate({ 'x-scalar-secret-token': v }, name)\n          \">\n          Bearer Token\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n\n      <!-- HTTP Basic Authentication -->\n      <template v-else-if=\"scheme?.scheme === 'basic'\">\n        <DataTableRow>\n          <RequestAuthDataTableInput\n            class=\"text-c-2\"\n            :environment\n            :modelValue=\"scheme['x-scalar-secret-username']\"\n            placeholder=\"janedoe\"\n            required\n            @update:modelValue=\"\n              (v) =>\n                handleHttpSecretsUpdate({ 'x-scalar-secret-username': v }, name)\n            \">\n            Username\n          </RequestAuthDataTableInput>\n        </DataTableRow>\n        <DataTableRow>\n          <RequestAuthDataTableInput\n            :environment\n            :modelValue=\"scheme['x-scalar-secret-password']\"\n            placeholder=\"********\"\n            type=\"password\"\n            @update:modelValue=\"\n              (v) =>\n                handleHttpSecretsUpdate({ 'x-scalar-secret-password': v }, name)\n            \">\n            Password\n          </RequestAuthDataTableInput>\n        </DataTableRow>\n      </template>\n    </template>\n\n    <!-- API Key Authentication -->\n    <template v-else-if=\"scheme?.type === 'apiKey'\">\n      <DataTableRow>\n        <RequestAuthDataTableInput\n          :containerClass=\"getStaticBorderClass()\"\n          :environment\n          :modelValue=\"scheme.name\"\n          placeholder=\"api-key\"\n          @update:modelValue=\"\n            (v) => handleApiKeySecuritySchemeUpdate({ name: v }, name)\n          \">\n          Name\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n      <DataTableRow>\n        <RequestAuthDataTableInput\n          :environment\n          :modelValue=\"scheme['x-scalar-secret-token']\"\n          placeholder=\"QUxMIFlPVVIgQkFTRSBBUkUgQkVMT05HIFRPIFVT\"\n          type=\"password\"\n          @update:modelValue=\"\n            (v) =>\n              handleApiKeySecretsUpdate({ 'x-scalar-secret-token': v }, name)\n          \">\n          Value\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n    </template>\n\n    <!-- OAuth 2.0  / OpenID Connect Authentication -->\n    <template\n      v-else-if=\"scheme?.type === 'oauth2' || scheme?.type === 'openIdConnect'\">\n      <!-- OpenID Connect -->\n      <OpenIDConnect\n        v-if=\"\n          scheme?.type === 'openIdConnect' &&\n          !Object.keys(scheme.flows ?? {}).length\n        \"\n        :environment\n        :eventBus\n        :getStaticBorderClass\n        :name\n        :proxyUrl\n        :scheme />\n\n      <!-- Flow selector tabs: shown when multiple flows are available -->\n      <DataTableRow v-if=\"Object.keys(scheme.flows ?? {}).length > 1\">\n        <div class=\"flex min-h-8 border-t text-base\">\n          <div class=\"flex h-8 max-w-full gap-2.5 overflow-x-auto px-3\">\n            <button\n              v-for=\"(_, key, ind) in scheme.flows\"\n              :key=\"key\"\n              :class=\"getFlowTabClasses(key, ind)\"\n              type=\"button\"\n              @click=\"setActiveFlow(key)\">\n              <span class=\"relative z-10\">{{ key }}</span>\n            </button>\n          </div>\n        </div>\n      </DataTableRow>\n\n      <!-- OAuth2 flow configuration -->\n      <template\n        v-for=\"(_flow, key, ind) in scheme.flows\"\n        :key=\"key\">\n        <OAuth2\n          v-if=\"scheme.flows && isFlowActive(key, ind)\"\n          :environment\n          :eventBus\n          :flows=\"scheme.flows\"\n          :name\n          :options\n          :proxyUrl\n          :scheme\n          :selectedScopes=\"scopes\"\n          :server\n          :type=\"key\"\n          @update:selectedScopes=\"(event) => handleScopesUpdate(name, event)\" />\n      </template>\n    </template>\n\n    <!-- Scheme is missing type -->\n    <div\n      v-else\n      class=\"text-c-3 flex items-center justify-center border-t p-4 px-4 text-center text-xs text-balance\">\n      The security scheme is missing a type, please double check your OpenAPI\n      document or Authentication Configuration\n    </div>\n  </template>\n</template>\n"],"mappings":""}

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue.script.js

@@ -26,7 +26,8 @@ var RequestAuthTab_vue_vue_type_script_setup_true_lang_default = /* @__PURE__ */
 		selectedSecuritySchemas: {},
 		securitySchemes: {},
 		server: {},
-		eventBus: {}
+		eventBus: {},
+		options: {}
 	},
 	emits: ["update:selectedScopes"],
 	setup(__props, { emit: __emit }) {
@@ -265,6 +266,7 @@ var RequestAuthTab_vue_vue_type_script_setup_true_lang_default = /* @__PURE__ */
 								eventBus: __props.eventBus,
 								flows: scheme.flows,
 								name,
+								options: __props.options,
 								proxyUrl: __props.proxyUrl,
 								scheme,
 								selectedScopes: scopes,
@@ -276,6 +278,7 @@ var RequestAuthTab_vue_vue_type_script_setup_true_lang_default = /* @__PURE__ */
 								"eventBus",
 								"flows",
 								"name",
+								"options",
 								"proxyUrl",
 								"scheme",
 								"selectedScopes",

package/dist/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue.script.js.map

@@ -1 +1 @@
-{"version":3,"file":"RequestAuthTab.vue.script.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue"],"sourcesContent":["<script setup lang=\"ts\">\nimport { ScalarMarkdownSummary } from '@scalar/components'\nimport type {\n  SecretsApiKey,\n  SecretsHttp,\n} from '@scalar/workspace-store/entities/auth'\nimport type {\n  ApiReferenceEvents,\n  WorkspaceEventBus,\n} from '@scalar/workspace-store/events'\nimport { getResolvedRef } from '@scalar/workspace-store/helpers/get-resolved-ref'\nimport type {\n  MergedSecuritySchemes,\n  SecuritySchemeObjectSecret,\n} from '@scalar/workspace-store/request-example'\nimport type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments'\nimport type {\n  ApiKeyObject,\n  SecurityRequirementObject,\n  ServerObject,\n} from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { capitalize, computed, ref } from 'vue'\n\nimport { DataTableCell, DataTableRow } from '@/v2/components/data-table'\n\nimport OAuth2 from './OAuth2.vue'\nimport OpenIDConnect from './OpenIDConnect.vue'\nimport RequestAuthDataTableInput from './RequestAuthDataTableInput.vue'\n\ntype SecurityItem = {\n  scheme: SecuritySchemeObjectSecret | undefined\n  name: string\n  scopes: string[]\n}\n\nconst {\n  environment,\n  isStatic,\n  proxyUrl,\n  selectedSecuritySchemas,\n  securitySchemes,\n  server,\n  eventBus,\n} = defineProps<{\n  /** Current environment configuration */\n  environment: XScalarEnvironment\n  /** Controls the display of certain borders which are used when we are non-collapsible */\n  isStatic: boolean\n  /** Proxy URL */\n  proxyUrl: string\n  /** Selected security schemes*/\n  selectedSecuritySchemas: SecurityRequirementObject\n  /** Merged security schemes from the document and the config together with the auth store secrets */\n  securitySchemes: MergedSecuritySchemes\n  /** Current server configuration */\n  server: ServerObject | null\n  /** Event bus for authentication updates */\n  eventBus: WorkspaceEventBus\n}>()\n\nconst emits = defineEmits<{\n  (\n    e: 'update:selectedScopes',\n    payload: Omit<ApiReferenceEvents['auth:update:selected-scopes'], 'meta'>,\n  ): void\n}>()\n\n/**\n * Resolves security schemes from the OpenAPI document and combines them with their selected scopes.\n * Each item includes the scheme definition, name, and associated scopes.\n */\nconst security = computed<SecurityItem[]>(() =>\n  Object.entries(selectedSecuritySchemas).map(([name, scopes = []]) => ({\n    scheme: getResolvedRef(securitySchemes[name]),\n    name,\n    scopes,\n  })),\n)\n\n/** Tracks which OAuth2 flow is currently active when multiple flows are available. */\nconst activeFlow = ref<string>('')\n\n/** Keeps the selected flow in sync with currently available flow keys. */\nconst selectedFlow = computed<string>(() => {\n  const authFlowKeys = security.value.flatMap(({ scheme }) => {\n    if (scheme?.type !== 'oauth2' && scheme?.type !== 'openIdConnect') {\n      return []\n    }\n\n    return Object.keys(scheme.flows ?? {})\n  })\n\n  return authFlowKeys.includes(activeFlow.value) ? activeFlow.value : ''\n})\n\nconst setActiveFlow = (flow: string): void => {\n  activeFlow.value = flow\n}\n\n/** Determines if multiple auth schemes are configured, which affects the UI layout. */\nconst hasMultipleSchemes = computed<boolean>(() => security.value.length > 1)\n\n/**\n * Generates a human-readable label for the security scheme.\n * Intentionally omits the description here — it is rendered separately as\n * rich text via ScalarMarkdownSummary so markdown formatting is preserved.\n */\nconst generateLabel = (\n  name: string,\n  scheme: SecuritySchemeObjectSecret,\n): string => {\n  const capitalizedName = capitalize(name)\n\n  switch (scheme.type) {\n    case 'apiKey':\n      return `${capitalizedName}: ${scheme.in}`\n\n    case 'openIdConnect':\n    case 'oauth2': {\n      const firstFlow = Object.keys(scheme.flows ?? {})[0]\n      const currentFlow = selectedFlow.value || firstFlow\n      if (!currentFlow) {\n        return capitalizedName\n      }\n      return `${capitalizedName}: ${currentFlow}`\n    }\n\n    case 'http':\n      return `${capitalizedName}: ${scheme.scheme}`\n\n    default:\n      return capitalizedName\n  }\n}\n\n/**\n * Determines if an OAuth2 flow tab should be active.\n * The first flow is active by default if no flow is explicitly selected.\n */\nconst isFlowActive = (flowKey: string, index: number): boolean =>\n  selectedFlow.value === flowKey || (index === 0 && !selectedFlow.value)\n\n/** Computes the container class for static display mode. */\nconst getStaticBorderClass = (): string | false => isStatic && 'border-t'\n\nconst handleHttpSecretsUpdate = (\n  payload: Omit<Partial<SecretsHttp>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme-secrets', {\n    payload: { type: 'http', ...payload },\n    name,\n  })\n\nconst handleApiKeySecretsUpdate = (\n  payload: Omit<Partial<SecretsApiKey>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme-secrets', {\n    payload: { type: 'apiKey', ...payload },\n    name,\n  })\n\nconst handleApiKeySecuritySchemeUpdate = (\n  payload: Omit<Partial<ApiKeyObject>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme', {\n    payload: { type: 'apiKey', ...payload },\n    name,\n  })\n\n/** Handles scope selection updates for OAuth2 */\nconst handleScopesUpdate = (\n  name: string,\n  event: { scopes: string[] },\n): void => {\n  emits('update:selectedScopes', {\n    id: Object.keys(selectedSecuritySchemas),\n    name,\n    ...event,\n  })\n}\n\n/**\n * Computes dynamic classes for OAuth2 flow tabs based on active state.\n */\nconst getFlowTabClasses = (flowKey: string, index: number): string => {\n  const baseClasses =\n    'floating-bg text-c-3 relative cursor-pointer border-b border-transparent py-1 text-base font-medium'\n  const activeClasses = '!text-c-1 !rounded-none border-b !border-current'\n\n  return isFlowActive(flowKey, index)\n    ? `${baseClasses} ${activeClasses} ${isStatic ? 'opacity-100' : ''}`\n    : baseClasses\n}\n</script>\n<template>\n  <template\n    v-for=\"{ scheme, name, scopes } in security\"\n    :key=\"name\">\n    <!--\n      Header row for AND'ed schemes: label (bold) and description (rich text) are\n      combined.\n    -->\n    <DataTableRow v-if=\"hasMultipleSchemes && scheme\">\n      <DataTableCell\n        :aria-label=\"generateLabel(name, scheme)\"\n        class=\"max-h-[auto]\">\n        <div class=\"bg-b-1 min-w-0 flex-1 px-3 py-1.25\">\n          <p class=\"text-c-1 leading-5.5 font-medium\">\n            {{ generateLabel(name, scheme) }}\n          </p>\n          <ScalarMarkdownSummary\n            v-if=\"scheme.description\"\n            class=\"auth-description text-c-2 w-full\"\n            :value=\"scheme.description\" />\n        </div>\n      </DataTableCell>\n    </DataTableRow>\n\n    <!-- Description: shown for single auth schemes with descriptions -->\n    <DataTableRow v-if=\"scheme?.description && !hasMultipleSchemes\">\n      <DataTableCell\n        :aria-label=\"scheme.description\"\n        class=\"max-h-[auto]\">\n        <ScalarMarkdownSummary\n          class=\"auth-description bg-b-1 text-c-2 min-w-0 flex-1 px-3 py-1.25\"\n          :value=\"scheme.description\" />\n      </DataTableCell>\n    </DataTableRow>\n\n    <!-- HTTP Authentication -->\n    <template v-if=\"scheme?.type === 'http'\">\n      <!-- Bearer Token -->\n      <DataTableRow v-if=\"scheme.scheme === 'bearer'\">\n        <RequestAuthDataTableInput\n          :containerClass=\"getStaticBorderClass()\"\n          :environment\n          :modelValue=\"scheme['x-scalar-secret-token']\"\n          placeholder=\"Token\"\n          type=\"password\"\n          @update:modelValue=\"\n            (v) => handleHttpSecretsUpdate({ 'x-scalar-secret-token': v }, name)\n          \">\n          Bearer Token\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n\n      <!-- HTTP Basic Authentication -->\n      <template v-else-if=\"scheme?.scheme === 'basic'\">\n        <DataTableRow>\n          <RequestAuthDataTableInput\n            class=\"text-c-2\"\n            :environment\n            :modelValue=\"scheme['x-scalar-secret-username']\"\n            placeholder=\"janedoe\"\n            required\n            @update:modelValue=\"\n              (v) =>\n                handleHttpSecretsUpdate({ 'x-scalar-secret-username': v }, name)\n            \">\n            Username\n          </RequestAuthDataTableInput>\n        </DataTableRow>\n        <DataTableRow>\n          <RequestAuthDataTableInput\n            :environment\n            :modelValue=\"scheme['x-scalar-secret-password']\"\n            placeholder=\"********\"\n            type=\"password\"\n            @update:modelValue=\"\n              (v) =>\n                handleHttpSecretsUpdate({ 'x-scalar-secret-password': v }, name)\n            \">\n            Password\n          </RequestAuthDataTableInput>\n        </DataTableRow>\n      </template>\n    </template>\n\n    <!-- API Key Authentication -->\n    <template v-else-if=\"scheme?.type === 'apiKey'\">\n      <DataTableRow>\n        <RequestAuthDataTableInput\n          :containerClass=\"getStaticBorderClass()\"\n          :environment\n          :modelValue=\"scheme.name\"\n          placeholder=\"api-key\"\n          @update:modelValue=\"\n            (v) => handleApiKeySecuritySchemeUpdate({ name: v }, name)\n          \">\n          Name\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n      <DataTableRow>\n        <RequestAuthDataTableInput\n          :environment\n          :modelValue=\"scheme['x-scalar-secret-token']\"\n          placeholder=\"QUxMIFlPVVIgQkFTRSBBUkUgQkVMT05HIFRPIFVT\"\n          type=\"password\"\n          @update:modelValue=\"\n            (v) =>\n              handleApiKeySecretsUpdate({ 'x-scalar-secret-token': v }, name)\n          \">\n          Value\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n    </template>\n\n    <!-- OAuth 2.0  / OpenID Connect Authentication -->\n    <template\n      v-else-if=\"scheme?.type === 'oauth2' || scheme?.type === 'openIdConnect'\">\n      <!-- OpenID Connect -->\n      <OpenIDConnect\n        v-if=\"\n          scheme?.type === 'openIdConnect' &&\n          !Object.keys(scheme.flows ?? {}).length\n        \"\n        :environment\n        :eventBus\n        :getStaticBorderClass\n        :name\n        :proxyUrl\n        :scheme />\n\n      <!-- Flow selector tabs: shown when multiple flows are available -->\n      <DataTableRow v-if=\"Object.keys(scheme.flows ?? {}).length > 1\">\n        <div class=\"flex min-h-8 border-t text-base\">\n          <div class=\"flex h-8 max-w-full gap-2.5 overflow-x-auto px-3\">\n            <button\n              v-for=\"(_, key, ind) in scheme.flows\"\n              :key=\"key\"\n              :class=\"getFlowTabClasses(key, ind)\"\n              type=\"button\"\n              @click=\"setActiveFlow(key)\">\n              <span class=\"relative z-10\">{{ key }}</span>\n            </button>\n          </div>\n        </div>\n      </DataTableRow>\n\n      <!-- OAuth2 flow configuration -->\n      <template\n        v-for=\"(_flow, key, ind) in scheme.flows\"\n        :key=\"key\">\n        <OAuth2\n          v-if=\"scheme.flows && isFlowActive(key, ind)\"\n          :environment\n          :eventBus\n          :flows=\"scheme.flows\"\n          :name=\"name\"\n          :proxyUrl\n          :scheme\n          :selectedScopes=\"scopes\"\n          :server=\"server\"\n          :type=\"key\"\n          @update:selectedScopes=\"(event) => handleScopesUpdate(name, event)\" />\n      </template>\n    </template>\n\n    <!-- Scheme is missing type -->\n    <div\n      v-else\n      class=\"text-c-3 flex items-center justify-center border-t p-4 px-4 text-center text-xs text-balance\">\n      The security scheme is missing a type, please double check your OpenAPI\n      document or Authentication Configuration\n    </div>\n  </template>\n</template>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4DA,MAAM,QAAQ;;;;;EAWd,MAAM,WAAW,eACf,OAAO,QAAQ,QAAA,wBAAwB,CAAC,KAAK,CAAC,MAAM,SAAS,EAAE,OAAO;GACpE,QAAQ,eAAe,QAAA,gBAAgB,MAAM;GAC7C;GACA;GACD,EAAE,CACL;;EAGA,MAAM,aAAa,IAAY,GAAE;;EAGjC,MAAM,eAAe,eAAuB;AAS1C,UARqB,SAAS,MAAM,SAAS,EAAE,aAAa;AAC1D,QAAI,QAAQ,SAAS,YAAY,QAAQ,SAAS,gBAChD,QAAO,EAAC;AAGV,WAAO,OAAO,KAAK,OAAO,SAAS,EAAE,CAAA;KACtC,CAEmB,SAAS,WAAW,MAAM,GAAG,WAAW,QAAQ;IACrE;EAED,MAAM,iBAAiB,SAAuB;AAC5C,cAAW,QAAQ;;;EAIrB,MAAM,qBAAqB,eAAwB,SAAS,MAAM,SAAS,EAAC;;;;;;EAO5E,MAAM,iBACJ,MACA,WACW;GACX,MAAM,kBAAkB,WAAW,KAAI;AAEvC,WAAQ,OAAO,MAAf;IACE,KAAK,SACH,QAAO,GAAG,gBAAgB,IAAI,OAAO;IAEvC,KAAK;IACL,KAAK,UAAU;KACb,MAAM,YAAY,OAAO,KAAK,OAAO,SAAS,EAAE,CAAC,CAAC;KAClD,MAAM,cAAc,aAAa,SAAS;AAC1C,SAAI,CAAC,YACH,QAAO;AAET,YAAO,GAAG,gBAAgB,IAAI;;IAGhC,KAAK,OACH,QAAO,GAAG,gBAAgB,IAAI,OAAO;IAEvC,QACE,QAAO;;;;;;;EAQb,MAAM,gBAAgB,SAAiB,UACrC,aAAa,UAAU,WAAY,UAAU,KAAK,CAAC,aAAa;;EAGlE,MAAM,6BAA6C,QAAA,YAAY;EAE/D,MAAM,2BACJ,SACA,SAEA,QAAA,SAAS,KAAK,uCAAuC;GACnD,SAAS;IAAE,MAAM;IAAQ,GAAG;IAAS;GACrC;GACD,CAAA;EAEH,MAAM,6BACJ,SACA,SAEA,QAAA,SAAS,KAAK,uCAAuC;GACnD,SAAS;IAAE,MAAM;IAAU,GAAG;IAAS;GACvC;GACD,CAAA;EAEH,MAAM,oCACJ,SACA,SAEA,QAAA,SAAS,KAAK,+BAA+B;GAC3C,SAAS;IAAE,MAAM;IAAU,GAAG;IAAS;GACvC;GACD,CAAA;;EAGH,MAAM,sBACJ,MACA,UACS;AACT,SAAM,yBAAyB;IAC7B,IAAI,OAAO,KAAK,QAAA,wBAAwB;IACxC;IACA,GAAG;IACJ,CAAA;;;;;EAMH,MAAM,qBAAqB,SAAiB,UAA0B;GACpE,MAAM,cACJ;AAGF,UAAO,aAAa,SAAS,MAAK,GAC9B,GAAG,YAAY,oDAAoB,QAAA,WAAW,gBAAgB,OAC9D;;;2BAIJ,mBA0KW,UAAA,MAAA,WAzK0B,SAAA,QAAQ,EAAlC,QAAQ,MAAM,aAAM;4DACvB,MAAI,EAAA;KAKU,mBAAA,SAAsB,UAAA,WAAA,EAA1C,YAce,MAAA,qBAAA,EAAA,EAAA,KAAA,GAAA,EAAA;6BADG,CAZhB,YAYgB,MAAA,sBAAA,EAAA;OAXb,cAAY,cAAc,MAAM,OAAM;OACvC,OAAM;;8BASA,CARN,mBAQM,OARN,YAQM,CAPJ,mBAEI,KAFJ,YAEI,gBADC,cAAc,MAAM,OAAM,CAAA,EAAA,EAAA,EAGvB,OAAO,eAAA,WAAA,EADf,YAGgC,MAAA,sBAAA,EAAA;;QAD9B,OAAM;QACL,OAAO,OAAO;;;;;;KAMH,QAAQ,eAAW,CAAK,mBAAA,SAAA,WAAA,EAA5C,YAQe,MAAA,qBAAA,EAAA,EAAA,KAAA,GAAA,EAAA;6BADG,CANhB,YAMgB,MAAA,sBAAA,EAAA;OALb,cAAY,OAAO;OACpB,OAAM;;8BAG0B,CAFhC,YAEgC,MAAA,sBAAA,EAAA;QAD9B,OAAM;QACL,OAAO,OAAO;;;;;;KAKL,QAAQ,SAAI,UAAA,WAAA,EAA5B,mBA8CW,UAAA,EAAA,KAAA,GAAA,EAAA,CA5CW,OAAO,WAAM,YAAA,WAAA,EAAjC,YAYe,MAAA,qBAAA,EAAA,EAAA,KAAA,GAAA,EAAA;6BADe,CAV5B,YAU4B,mCAAA;OATzB,gBAAgB,sBAAoB;OACpC,aAAA,QAAA;OACA,YAAY,OAAM;OACnB,aAAY;OACZ,MAAK;OACJ,wBAAiC,MAAM,wBAAuB,EAAA,yBAA4B,GAAC,EAAI,KAAI;;8BAItG,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,kBAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;;iBAImB,QAAQ,WAAM,WAAA,WAAA,EAAnC,mBA4BW,UAAA,EAAA,KAAA,GAAA,EAAA,CA3BT,YAae,MAAA,qBAAA,EAAA,MAAA;6BADe,CAX5B,YAW4B,mCAAA;OAV1B,OAAM;OACL,aAAA,QAAA;OACA,YAAY,OAAM;OACnB,aAAY;OACZ,UAAA;OACC,wBAAmC,MAAsB,wBAAuB,EAAA,4BAA+B,GAAC,EAAI,KAAI;;8BAK3H,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,cAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;eAEF,YAYe,MAAA,qBAAA,EAAA,MAAA;6BADe,CAV5B,YAU4B,mCAAA;OATzB,aAAA,QAAA;OACA,YAAY,OAAM;OACnB,aAAY;OACZ,MAAK;OACJ,wBAAmC,MAAsB,wBAAuB,EAAA,4BAA+B,GAAC,EAAI,KAAI;;8BAK3H,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,cAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;6DAMe,QAAQ,SAAI,YAAA,WAAA,EAAjC,mBA0BW,UAAA,EAAA,KAAA,GAAA,EAAA,CAzBT,YAWe,MAAA,qBAAA,EAAA,MAAA;6BADe,CAT5B,YAS4B,mCAAA;OARzB,gBAAgB,sBAAoB;OACpC,aAAA,QAAA;OACA,YAAY,OAAO;OACpB,aAAY;OACX,wBAAiC,MAAM,iCAAgC,EAAA,MAAS,GAAC,EAAI,KAAI;;8BAI5F,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,UAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;;eAEF,YAYe,MAAA,qBAAA,EAAA,MAAA;6BADe,CAV5B,YAU4B,mCAAA;OATzB,aAAA,QAAA;OACA,YAAY,OAAM;OACnB,aAAY;OACZ,MAAK;OACJ,wBAAiC,MAAoB,0BAAyB,EAAA,yBAA4B,GAAC,EAAI,KAAI;;8BAKtH,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,WAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;uBAMS,QAAQ,SAAI,YAAiB,QAAQ,SAAI,mBAAA,WAAA,EADtD,mBAgDW,UAAA,EAAA,KAAA,GAAA,EAAA;MA5CU,QAAQ,SAAI,mBAAA,CAAmC,OAAO,KAAK,OAAO,SAAK,EAAA,CAAA,CAAQ,UAAA,WAAA,EADlG,YAUY,uBAAA;;OALT,aAAA,QAAA;OACA,UAAA,QAAA;OACA;OACA;OACA,UAAA,QAAA;OACA;;;;;;;;MAGiB,OAAO,KAAK,OAAO,SAAK,EAAA,CAAA,CAAQ,SAAM,KAAA,WAAA,EAA1D,YAae,MAAA,qBAAA,EAAA,EAAA,KAAA,GAAA,EAAA;8BADP,CAXN,mBAWM,OAXN,YAWM,CAVJ,mBASM,OATN,YASM,EAAA,UAAA,KAAA,EARJ,mBAOS,UAAA,MAAA,WANiB,OAAO,QAAvB,GAAG,KAAK,QAAG;4BADrB,mBAOS,UAAA;SALD;SACL,OAAK,eAAE,kBAAkB,KAAK,IAAG,CAAA;SAClC,MAAK;SACJ,UAAK,WAAE,cAAc,IAAG;YACzB,mBAA4C,QAA5C,YAA4C,gBAAb,IAAG,EAAA,EAAA,CAAA,EAAA,IAAA,WAAA;;;;wBAO1C,mBAeW,UAAA,MAAA,WAdmB,OAAO,QAA3B,OAAO,KAAK,QAAG;0DACjB,KAAG,EAAA,CAED,OAAO,SAAS,aAAa,KAAK,IAAG,IAAA,WAAA,EAD7C,YAWwE,gBAAA;;QATrE,aAAA,QAAA;QACA,UAAA,QAAA;QACA,OAAO,OAAO;QACR;QACN,UAAA,QAAA;QACA;QACA,gBAAgB;QAChB,QAAQ,QAAA;QACR,MAAM;QACN,4BAAwB,UAAU,mBAAmB,MAAM,MAAK;;;;;;;;;;;;;;6BAKvE,mBAKM,OALN,YAEuG,qHAGvG"}
+{"version":3,"file":"RequestAuthTab.vue.script.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/components/RequestAuthTab.vue"],"sourcesContent":["<script setup lang=\"ts\">\nimport { ScalarMarkdownSummary } from '@scalar/components'\nimport type {\n  SecretsApiKey,\n  SecretsHttp,\n} from '@scalar/workspace-store/entities/auth'\nimport type {\n  ApiReferenceEvents,\n  WorkspaceEventBus,\n} from '@scalar/workspace-store/events'\nimport { getResolvedRef } from '@scalar/workspace-store/helpers/get-resolved-ref'\nimport type {\n  MergedSecuritySchemes,\n  SecuritySchemeObjectSecret,\n} from '@scalar/workspace-store/request-example'\nimport type { XScalarEnvironment } from '@scalar/workspace-store/schemas/extensions/document/x-scalar-environments'\nimport type {\n  ApiKeyObject,\n  SecurityRequirementObject,\n  ServerObject,\n} from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { capitalize, computed, ref } from 'vue'\n\nimport { DataTableCell, DataTableRow } from '@/v2/components/data-table'\n\nimport OAuth2, { type OAuth2Options } from './OAuth2.vue'\nimport OpenIDConnect from './OpenIDConnect.vue'\nimport RequestAuthDataTableInput from './RequestAuthDataTableInput.vue'\n\ntype SecurityItem = {\n  scheme: SecuritySchemeObjectSecret | undefined\n  name: string\n  scopes: string[]\n}\n\nconst {\n  environment,\n  isStatic,\n  proxyUrl,\n  selectedSecuritySchemas,\n  securitySchemes,\n  server,\n  eventBus,\n  options,\n} = defineProps<{\n  /** Current environment configuration */\n  environment: XScalarEnvironment\n  /** Controls the display of certain borders which are used when we are non-collapsible */\n  isStatic: boolean\n  /** Proxy URL */\n  proxyUrl: string\n  /** Selected security schemes*/\n  selectedSecuritySchemas: SecurityRequirementObject\n  /** Merged security schemes from the document and the config together with the auth store secrets */\n  securitySchemes: MergedSecuritySchemes\n  /** Current server configuration */\n  server: ServerObject | null\n  /** Event bus for authentication updates */\n  eventBus: WorkspaceEventBus\n  /**  Any config options required for the OAuth2 flow */\n  options?: OAuth2Options\n}>()\n\nconst emits = defineEmits<{\n  (\n    e: 'update:selectedScopes',\n    payload: Omit<ApiReferenceEvents['auth:update:selected-scopes'], 'meta'>,\n  ): void\n}>()\n\n/**\n * Resolves security schemes from the OpenAPI document and combines them with their selected scopes.\n * Each item includes the scheme definition, name, and associated scopes.\n */\nconst security = computed<SecurityItem[]>(() =>\n  Object.entries(selectedSecuritySchemas).map(([name, scopes = []]) => ({\n    scheme: getResolvedRef(securitySchemes[name]),\n    name,\n    scopes,\n  })),\n)\n\n/** Tracks which OAuth2 flow is currently active when multiple flows are available. */\nconst activeFlow = ref<string>('')\n\n/** Keeps the selected flow in sync with currently available flow keys. */\nconst selectedFlow = computed<string>(() => {\n  const authFlowKeys = security.value.flatMap(({ scheme }) => {\n    if (scheme?.type !== 'oauth2' && scheme?.type !== 'openIdConnect') {\n      return []\n    }\n\n    return Object.keys(scheme.flows ?? {})\n  })\n\n  return authFlowKeys.includes(activeFlow.value) ? activeFlow.value : ''\n})\n\nconst setActiveFlow = (flow: string): void => {\n  activeFlow.value = flow\n}\n\n/** Determines if multiple auth schemes are configured, which affects the UI layout. */\nconst hasMultipleSchemes = computed<boolean>(() => security.value.length > 1)\n\n/**\n * Generates a human-readable label for the security scheme.\n * Intentionally omits the description here — it is rendered separately as\n * rich text via ScalarMarkdownSummary so markdown formatting is preserved.\n */\nconst generateLabel = (\n  name: string,\n  scheme: SecuritySchemeObjectSecret,\n): string => {\n  const capitalizedName = capitalize(name)\n\n  switch (scheme.type) {\n    case 'apiKey':\n      return `${capitalizedName}: ${scheme.in}`\n\n    case 'openIdConnect':\n    case 'oauth2': {\n      const firstFlow = Object.keys(scheme.flows ?? {})[0]\n      const currentFlow = selectedFlow.value || firstFlow\n      if (!currentFlow) {\n        return capitalizedName\n      }\n      return `${capitalizedName}: ${currentFlow}`\n    }\n\n    case 'http':\n      return `${capitalizedName}: ${scheme.scheme}`\n\n    default:\n      return capitalizedName\n  }\n}\n\n/**\n * Determines if an OAuth2 flow tab should be active.\n * The first flow is active by default if no flow is explicitly selected.\n */\nconst isFlowActive = (flowKey: string, index: number): boolean =>\n  selectedFlow.value === flowKey || (index === 0 && !selectedFlow.value)\n\n/** Computes the container class for static display mode. */\nconst getStaticBorderClass = (): string | false => isStatic && 'border-t'\n\nconst handleHttpSecretsUpdate = (\n  payload: Omit<Partial<SecretsHttp>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme-secrets', {\n    payload: { type: 'http', ...payload },\n    name,\n  })\n\nconst handleApiKeySecretsUpdate = (\n  payload: Omit<Partial<SecretsApiKey>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme-secrets', {\n    payload: { type: 'apiKey', ...payload },\n    name,\n  })\n\nconst handleApiKeySecuritySchemeUpdate = (\n  payload: Omit<Partial<ApiKeyObject>, 'type'>,\n  name: string,\n): void =>\n  eventBus.emit('auth:update:security-scheme', {\n    payload: { type: 'apiKey', ...payload },\n    name,\n  })\n\n/** Handles scope selection updates for OAuth2 */\nconst handleScopesUpdate = (\n  name: string,\n  event: { scopes: string[] },\n): void => {\n  emits('update:selectedScopes', {\n    id: Object.keys(selectedSecuritySchemas),\n    name,\n    ...event,\n  })\n}\n\n/**\n * Computes dynamic classes for OAuth2 flow tabs based on active state.\n */\nconst getFlowTabClasses = (flowKey: string, index: number): string => {\n  const baseClasses =\n    'floating-bg text-c-3 relative cursor-pointer border-b border-transparent py-1 text-base font-medium'\n  const activeClasses = '!text-c-1 !rounded-none border-b !border-current'\n\n  return isFlowActive(flowKey, index)\n    ? `${baseClasses} ${activeClasses} ${isStatic ? 'opacity-100' : ''}`\n    : baseClasses\n}\n</script>\n<template>\n  <template\n    v-for=\"{ scheme, name, scopes } in security\"\n    :key=\"name\">\n    <!--\n      Header row for AND'ed schemes: label (bold) and description (rich text) are\n      combined.\n    -->\n    <DataTableRow v-if=\"hasMultipleSchemes && scheme\">\n      <DataTableCell\n        :aria-label=\"generateLabel(name, scheme)\"\n        class=\"max-h-[auto]\">\n        <div class=\"bg-b-1 min-w-0 flex-1 px-3 py-1.25\">\n          <p class=\"text-c-1 leading-5.5 font-medium\">\n            {{ generateLabel(name, scheme) }}\n          </p>\n          <ScalarMarkdownSummary\n            v-if=\"scheme.description\"\n            class=\"auth-description text-c-2 w-full\"\n            :value=\"scheme.description\" />\n        </div>\n      </DataTableCell>\n    </DataTableRow>\n\n    <!-- Description: shown for single auth schemes with descriptions -->\n    <DataTableRow v-if=\"scheme?.description && !hasMultipleSchemes\">\n      <DataTableCell\n        :aria-label=\"scheme.description\"\n        class=\"max-h-[auto]\">\n        <ScalarMarkdownSummary\n          class=\"auth-description bg-b-1 text-c-2 min-w-0 flex-1 px-3 py-1.25\"\n          :value=\"scheme.description\" />\n      </DataTableCell>\n    </DataTableRow>\n\n    <!-- HTTP Authentication -->\n    <template v-if=\"scheme?.type === 'http'\">\n      <!-- Bearer Token -->\n      <DataTableRow v-if=\"scheme.scheme === 'bearer'\">\n        <RequestAuthDataTableInput\n          :containerClass=\"getStaticBorderClass()\"\n          :environment\n          :modelValue=\"scheme['x-scalar-secret-token']\"\n          placeholder=\"Token\"\n          type=\"password\"\n          @update:modelValue=\"\n            (v) => handleHttpSecretsUpdate({ 'x-scalar-secret-token': v }, name)\n          \">\n          Bearer Token\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n\n      <!-- HTTP Basic Authentication -->\n      <template v-else-if=\"scheme?.scheme === 'basic'\">\n        <DataTableRow>\n          <RequestAuthDataTableInput\n            class=\"text-c-2\"\n            :environment\n            :modelValue=\"scheme['x-scalar-secret-username']\"\n            placeholder=\"janedoe\"\n            required\n            @update:modelValue=\"\n              (v) =>\n                handleHttpSecretsUpdate({ 'x-scalar-secret-username': v }, name)\n            \">\n            Username\n          </RequestAuthDataTableInput>\n        </DataTableRow>\n        <DataTableRow>\n          <RequestAuthDataTableInput\n            :environment\n            :modelValue=\"scheme['x-scalar-secret-password']\"\n            placeholder=\"********\"\n            type=\"password\"\n            @update:modelValue=\"\n              (v) =>\n                handleHttpSecretsUpdate({ 'x-scalar-secret-password': v }, name)\n            \">\n            Password\n          </RequestAuthDataTableInput>\n        </DataTableRow>\n      </template>\n    </template>\n\n    <!-- API Key Authentication -->\n    <template v-else-if=\"scheme?.type === 'apiKey'\">\n      <DataTableRow>\n        <RequestAuthDataTableInput\n          :containerClass=\"getStaticBorderClass()\"\n          :environment\n          :modelValue=\"scheme.name\"\n          placeholder=\"api-key\"\n          @update:modelValue=\"\n            (v) => handleApiKeySecuritySchemeUpdate({ name: v }, name)\n          \">\n          Name\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n      <DataTableRow>\n        <RequestAuthDataTableInput\n          :environment\n          :modelValue=\"scheme['x-scalar-secret-token']\"\n          placeholder=\"QUxMIFlPVVIgQkFTRSBBUkUgQkVMT05HIFRPIFVT\"\n          type=\"password\"\n          @update:modelValue=\"\n            (v) =>\n              handleApiKeySecretsUpdate({ 'x-scalar-secret-token': v }, name)\n          \">\n          Value\n        </RequestAuthDataTableInput>\n      </DataTableRow>\n    </template>\n\n    <!-- OAuth 2.0  / OpenID Connect Authentication -->\n    <template\n      v-else-if=\"scheme?.type === 'oauth2' || scheme?.type === 'openIdConnect'\">\n      <!-- OpenID Connect -->\n      <OpenIDConnect\n        v-if=\"\n          scheme?.type === 'openIdConnect' &&\n          !Object.keys(scheme.flows ?? {}).length\n        \"\n        :environment\n        :eventBus\n        :getStaticBorderClass\n        :name\n        :proxyUrl\n        :scheme />\n\n      <!-- Flow selector tabs: shown when multiple flows are available -->\n      <DataTableRow v-if=\"Object.keys(scheme.flows ?? {}).length > 1\">\n        <div class=\"flex min-h-8 border-t text-base\">\n          <div class=\"flex h-8 max-w-full gap-2.5 overflow-x-auto px-3\">\n            <button\n              v-for=\"(_, key, ind) in scheme.flows\"\n              :key=\"key\"\n              :class=\"getFlowTabClasses(key, ind)\"\n              type=\"button\"\n              @click=\"setActiveFlow(key)\">\n              <span class=\"relative z-10\">{{ key }}</span>\n            </button>\n          </div>\n        </div>\n      </DataTableRow>\n\n      <!-- OAuth2 flow configuration -->\n      <template\n        v-for=\"(_flow, key, ind) in scheme.flows\"\n        :key=\"key\">\n        <OAuth2\n          v-if=\"scheme.flows && isFlowActive(key, ind)\"\n          :environment\n          :eventBus\n          :flows=\"scheme.flows\"\n          :name\n          :options\n          :proxyUrl\n          :scheme\n          :selectedScopes=\"scopes\"\n          :server\n          :type=\"key\"\n          @update:selectedScopes=\"(event) => handleScopesUpdate(name, event)\" />\n      </template>\n    </template>\n\n    <!-- Scheme is missing type -->\n    <div\n      v-else\n      class=\"text-c-3 flex items-center justify-center border-t p-4 px-4 text-center text-xs text-balance\">\n      The security scheme is missing a type, please double check your OpenAPI\n      document or Authentication Configuration\n    </div>\n  </template>\n</template>\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+DA,MAAM,QAAQ;;;;;EAWd,MAAM,WAAW,eACf,OAAO,QAAQ,QAAA,wBAAwB,CAAC,KAAK,CAAC,MAAM,SAAS,EAAE,OAAO;GACpE,QAAQ,eAAe,QAAA,gBAAgB,MAAM;GAC7C;GACA;GACD,EAAE,CACL;;EAGA,MAAM,aAAa,IAAY,GAAE;;EAGjC,MAAM,eAAe,eAAuB;AAS1C,UARqB,SAAS,MAAM,SAAS,EAAE,aAAa;AAC1D,QAAI,QAAQ,SAAS,YAAY,QAAQ,SAAS,gBAChD,QAAO,EAAC;AAGV,WAAO,OAAO,KAAK,OAAO,SAAS,EAAE,CAAA;KACtC,CAEmB,SAAS,WAAW,MAAM,GAAG,WAAW,QAAQ;IACrE;EAED,MAAM,iBAAiB,SAAuB;AAC5C,cAAW,QAAQ;;;EAIrB,MAAM,qBAAqB,eAAwB,SAAS,MAAM,SAAS,EAAC;;;;;;EAO5E,MAAM,iBACJ,MACA,WACW;GACX,MAAM,kBAAkB,WAAW,KAAI;AAEvC,WAAQ,OAAO,MAAf;IACE,KAAK,SACH,QAAO,GAAG,gBAAgB,IAAI,OAAO;IAEvC,KAAK;IACL,KAAK,UAAU;KACb,MAAM,YAAY,OAAO,KAAK,OAAO,SAAS,EAAE,CAAC,CAAC;KAClD,MAAM,cAAc,aAAa,SAAS;AAC1C,SAAI,CAAC,YACH,QAAO;AAET,YAAO,GAAG,gBAAgB,IAAI;;IAGhC,KAAK,OACH,QAAO,GAAG,gBAAgB,IAAI,OAAO;IAEvC,QACE,QAAO;;;;;;;EAQb,MAAM,gBAAgB,SAAiB,UACrC,aAAa,UAAU,WAAY,UAAU,KAAK,CAAC,aAAa;;EAGlE,MAAM,6BAA6C,QAAA,YAAY;EAE/D,MAAM,2BACJ,SACA,SAEA,QAAA,SAAS,KAAK,uCAAuC;GACnD,SAAS;IAAE,MAAM;IAAQ,GAAG;IAAS;GACrC;GACD,CAAA;EAEH,MAAM,6BACJ,SACA,SAEA,QAAA,SAAS,KAAK,uCAAuC;GACnD,SAAS;IAAE,MAAM;IAAU,GAAG;IAAS;GACvC;GACD,CAAA;EAEH,MAAM,oCACJ,SACA,SAEA,QAAA,SAAS,KAAK,+BAA+B;GAC3C,SAAS;IAAE,MAAM;IAAU,GAAG;IAAS;GACvC;GACD,CAAA;;EAGH,MAAM,sBACJ,MACA,UACS;AACT,SAAM,yBAAyB;IAC7B,IAAI,OAAO,KAAK,QAAA,wBAAwB;IACxC;IACA,GAAG;IACJ,CAAA;;;;;EAMH,MAAM,qBAAqB,SAAiB,UAA0B;GACpE,MAAM,cACJ;AAGF,UAAO,aAAa,SAAS,MAAK,GAC9B,GAAG,YAAY,oDAAoB,QAAA,WAAW,gBAAgB,OAC9D;;;2BAIJ,mBA2KW,UAAA,MAAA,WA1K0B,SAAA,QAAQ,EAAlC,QAAQ,MAAM,aAAM;4DACvB,MAAI,EAAA;KAKU,mBAAA,SAAsB,UAAA,WAAA,EAA1C,YAce,MAAA,qBAAA,EAAA,EAAA,KAAA,GAAA,EAAA;6BADG,CAZhB,YAYgB,MAAA,sBAAA,EAAA;OAXb,cAAY,cAAc,MAAM,OAAM;OACvC,OAAM;;8BASA,CARN,mBAQM,OARN,YAQM,CAPJ,mBAEI,KAFJ,YAEI,gBADC,cAAc,MAAM,OAAM,CAAA,EAAA,EAAA,EAGvB,OAAO,eAAA,WAAA,EADf,YAGgC,MAAA,sBAAA,EAAA;;QAD9B,OAAM;QACL,OAAO,OAAO;;;;;;KAMH,QAAQ,eAAW,CAAK,mBAAA,SAAA,WAAA,EAA5C,YAQe,MAAA,qBAAA,EAAA,EAAA,KAAA,GAAA,EAAA;6BADG,CANhB,YAMgB,MAAA,sBAAA,EAAA;OALb,cAAY,OAAO;OACpB,OAAM;;8BAG0B,CAFhC,YAEgC,MAAA,sBAAA,EAAA;QAD9B,OAAM;QACL,OAAO,OAAO;;;;;;KAKL,QAAQ,SAAI,UAAA,WAAA,EAA5B,mBA8CW,UAAA,EAAA,KAAA,GAAA,EAAA,CA5CW,OAAO,WAAM,YAAA,WAAA,EAAjC,YAYe,MAAA,qBAAA,EAAA,EAAA,KAAA,GAAA,EAAA;6BADe,CAV5B,YAU4B,mCAAA;OATzB,gBAAgB,sBAAoB;OACpC,aAAA,QAAA;OACA,YAAY,OAAM;OACnB,aAAY;OACZ,MAAK;OACJ,wBAAiC,MAAM,wBAAuB,EAAA,yBAA4B,GAAC,EAAI,KAAI;;8BAItG,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,kBAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;;iBAImB,QAAQ,WAAM,WAAA,WAAA,EAAnC,mBA4BW,UAAA,EAAA,KAAA,GAAA,EAAA,CA3BT,YAae,MAAA,qBAAA,EAAA,MAAA;6BADe,CAX5B,YAW4B,mCAAA;OAV1B,OAAM;OACL,aAAA,QAAA;OACA,YAAY,OAAM;OACnB,aAAY;OACZ,UAAA;OACC,wBAAmC,MAAsB,wBAAuB,EAAA,4BAA+B,GAAC,EAAI,KAAI;;8BAK3H,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,cAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;eAEF,YAYe,MAAA,qBAAA,EAAA,MAAA;6BADe,CAV5B,YAU4B,mCAAA;OATzB,aAAA,QAAA;OACA,YAAY,OAAM;OACnB,aAAY;OACZ,MAAK;OACJ,wBAAmC,MAAsB,wBAAuB,EAAA,4BAA+B,GAAC,EAAI,KAAI;;8BAK3H,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,cAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;6DAMe,QAAQ,SAAI,YAAA,WAAA,EAAjC,mBA0BW,UAAA,EAAA,KAAA,GAAA,EAAA,CAzBT,YAWe,MAAA,qBAAA,EAAA,MAAA;6BADe,CAT5B,YAS4B,mCAAA;OARzB,gBAAgB,sBAAoB;OACpC,aAAA,QAAA;OACA,YAAY,OAAO;OACpB,aAAY;OACX,wBAAiC,MAAM,iCAAgC,EAAA,MAAS,GAAC,EAAI,KAAI;;8BAI5F,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,UAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;;eAEF,YAYe,MAAA,qBAAA,EAAA,MAAA;6BADe,CAV5B,YAU4B,mCAAA;OATzB,aAAA,QAAA;OACA,YAAY,OAAM;OACnB,aAAY;OACZ,MAAK;OACJ,wBAAiC,MAAoB,0BAAyB,EAAA,yBAA4B,GAAC,EAAI,KAAI;;8BAKtH,CAAA,GAAA,OAAA,OAAA,OAAA,KAAA,CAAA,gBAFI,WAEJ,GAAA,CAAA,EAAA,CAAA;;;;;;;;uBAMS,QAAQ,SAAI,YAAiB,QAAQ,SAAI,mBAAA,WAAA,EADtD,mBAiDW,UAAA,EAAA,KAAA,GAAA,EAAA;MA7CU,QAAQ,SAAI,mBAAA,CAAmC,OAAO,KAAK,OAAO,SAAK,EAAA,CAAA,CAAQ,UAAA,WAAA,EADlG,YAUY,uBAAA;;OALT,aAAA,QAAA;OACA,UAAA,QAAA;OACA;OACA;OACA,UAAA,QAAA;OACA;;;;;;;;MAGiB,OAAO,KAAK,OAAO,SAAK,EAAA,CAAA,CAAQ,SAAM,KAAA,WAAA,EAA1D,YAae,MAAA,qBAAA,EAAA,EAAA,KAAA,GAAA,EAAA;8BADP,CAXN,mBAWM,OAXN,YAWM,CAVJ,mBASM,OATN,YASM,EAAA,UAAA,KAAA,EARJ,mBAOS,UAAA,MAAA,WANiB,OAAO,QAAvB,GAAG,KAAK,QAAG;4BADrB,mBAOS,UAAA;SALD;SACL,OAAK,eAAE,kBAAkB,KAAK,IAAG,CAAA;SAClC,MAAK;SACJ,UAAK,WAAE,cAAc,IAAG;YACzB,mBAA4C,QAA5C,YAA4C,gBAAb,IAAG,EAAA,EAAA,CAAA,EAAA,IAAA,WAAA;;;;wBAO1C,mBAgBW,UAAA,MAAA,WAfmB,OAAO,QAA3B,OAAO,KAAK,QAAG;0DACjB,KAAG,EAAA,CAED,OAAO,SAAS,aAAa,KAAK,IAAG,IAAA,WAAA,EAD7C,YAYwE,gBAAA;;QAVrE,aAAA,QAAA;QACA,UAAA,QAAA;QACA,OAAO,OAAO;QACd;QACA,SAAA,QAAA;QACA,UAAA,QAAA;QACA;QACA,gBAAgB;QAChB,QAAA,QAAA;QACA,MAAM;QACN,4BAAwB,UAAU,mBAAmB,MAAM,MAAK;;;;;;;;;;;;;;;6BAKvE,mBAKM,OALN,YAEuG,qHAGvG"}

package/dist/v2/blocks/scalar-auth-selector-block/helpers/fetch-openid-connect-discovery.d.ts

@@ -1,5 +1,5 @@
+import type { ErrorResponse } from '@scalar/helpers/errors/normalize-error';
 import { type Static } from '@scalar/typebox';
-import type { ErrorResponse } from '../../../../libs/errors.js';
 /**
  * OpenID Connect Discovery Document (subset)
  * Represents the metadata fields consumed by the auth selector flow conversion.

package/dist/v2/blocks/scalar-auth-selector-block/helpers/fetch-openid-connect-discovery.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fetch-openid-connect-discovery.d.ts","sourceRoot":"","sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/fetch-openid-connect-discovery.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,MAAM,EAAQ,MAAM,iBAAiB,CAAA;AAGnD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAElD;;;;;GAKG;AACH,QAAA,MAAM,4BAA4B;IAChC,kDAAkD;;IAElD,0CAA0C;;IAE1C,+DAA+D;;IAE/D,oEAAoE;;IAEpE,uDAAuD;;EAEvD,CAAA;AAEF,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,OAAO,4BAA4B,CAAC,CAAA;AAEhF;;;GAGG;AACH,eAAO,MAAM,YAAY,WAAW,CAAA;AAEpC;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,GACtC,KAAK,MAAM,EACX,UAAU,MAAM,KACf,OAAO,CAAC,aAAa,CAAC,sBAAsB,CAAC,CA2C/C,CAAA"}
+{"version":3,"file":"fetch-openid-connect-discovery.d.ts","sourceRoot":"","sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/fetch-openid-connect-discovery.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wCAAwC,CAAA;AAE3E,OAAO,EAAE,KAAK,MAAM,EAAQ,MAAM,iBAAiB,CAAA;AAGnD;;;;;GAKG;AACH,QAAA,MAAM,4BAA4B;IAChC,kDAAkD;;IAElD,0CAA0C;;IAE1C,+DAA+D;;IAE/D,oEAAoE;;IAEpE,uDAAuD;;EAEvD,CAAA;AAEF,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,OAAO,4BAA4B,CAAC,CAAA;AAEhF;;;GAGG;AACH,eAAO,MAAM,YAAY,WAAW,CAAA;AAEpC;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,GACtC,KAAK,MAAM,EACX,UAAU,MAAM,KACf,OAAO,CAAC,aAAa,CAAC,sBAAsB,CAAC,CA2C/C,CAAA"}

package/dist/v2/blocks/scalar-auth-selector-block/helpers/fetch-openid-connect-discovery.js.map

@@ -1 +1 @@
-{"version":3,"file":"fetch-openid-connect-discovery.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/fetch-openid-connect-discovery.ts"],"sourcesContent":["import { redirectToProxy } from '@scalar/helpers/url/redirect-to-proxy'\nimport { type Static, Type } from '@scalar/typebox'\nimport { coerceValue } from '@scalar/workspace-store/schemas/typebox-coerce'\n\nimport type { ErrorResponse } from '@/libs/errors'\n\n/**\n * OpenID Connect Discovery Document (subset)\n * Represents the metadata fields consumed by the auth selector flow conversion.\n *\n * @see https://openid.net/specs/openid-connect-discovery-1_0.html\n */\nconst OpenIDConnectDiscoverySchema = Type.Object({\n  /** URL of the OAuth 2.0 Authorization Endpoint */\n  authorization_endpoint: Type.Optional(Type.String()),\n  /** URL of the OAuth 2.0 Token Endpoint */\n  token_endpoint: Type.Optional(Type.String()),\n  /** List of OAuth 2.0 scope values that this server supports */\n  scopes_supported: Type.Optional(Type.Array(Type.String())),\n  /** List of OAuth 2.0 grant type values that this server supports */\n  grant_types_supported: Type.Optional(Type.Array(Type.String())),\n  /** Supported PKCE code challenge methods (RFC 7636) */\n  code_challenge_methods_supported: Type.Optional(Type.Array(Type.String())),\n})\n\nexport type OpenIDConnectDiscovery = Static<typeof OpenIDConnectDiscoverySchema>\n\n/**\n * The required scope for OpenID Connect requests.\n * If this scope is present, the request is an OIDC request; otherwise, it is a standard OAuth 2.0 request.\n */\nexport const OPENID_SCOPE = 'openid'\n\n/**\n * Fetches the OpenID Connect discovery document from the specified URL.\n * Supports both full discovery URLs and issuer URLs.\n *\n * @param url - The OpenID Connect discovery URL or issuer URL\n * @returns The discovery document or an error\n */\nexport const fetchOpenIDConnectDiscovery = async (\n  url: string,\n  proxyUrl: string,\n): Promise<ErrorResponse<OpenIDConnectDiscovery>> => {\n  try {\n    // If the URL does not end with the well-known path, append it\n    let discoveryUrl = url.trim()\n\n    if (!discoveryUrl) {\n      return [new Error('URL cannot be empty'), null]\n    }\n\n    // Remove trailing slash if present\n    if (discoveryUrl.endsWith('/')) {\n      discoveryUrl = discoveryUrl.slice(0, -1)\n    }\n\n    // If the URL does not already include the well-known path, append it\n    if (!discoveryUrl.includes('/.well-known/openid-configuration')) {\n      discoveryUrl = `${discoveryUrl}/.well-known/openid-configuration`\n    }\n\n    const proxiedUrl = redirectToProxy(proxyUrl, discoveryUrl)\n    const response = await fetch(proxiedUrl)\n\n    if (!response.ok) {\n      return [\n        new Error(`Failed to fetch OpenID Connect discovery document: ${response.status} ${response.statusText}`),\n        null,\n      ]\n    }\n\n    const data = coerceValue(OpenIDConnectDiscoverySchema, await response.json())\n\n    // Validate that we have the essential fields\n    if (!data.authorization_endpoint && !data.token_endpoint) {\n      return [new Error('Invalid OpenID Connect discovery document: missing required endpoints'), null]\n    }\n\n    return [null, data]\n  } catch (error) {\n    if (error instanceof Error) {\n      return [error, null]\n    }\n    return [new Error('Failed to fetch OpenID Connect discovery document'), null]\n  }\n}\n"],"mappings":";;;;;;;;;;AAYA,IAAM,+BAA+B,KAAK,OAAO;CAE/C,wBAAwB,KAAK,SAAS,KAAK,QAAQ,CAAC;CAEpD,gBAAgB,KAAK,SAAS,KAAK,QAAQ,CAAC;CAE5C,kBAAkB,KAAK,SAAS,KAAK,MAAM,KAAK,QAAQ,CAAC,CAAC;CAE1D,uBAAuB,KAAK,SAAS,KAAK,MAAM,KAAK,QAAQ,CAAC,CAAC;CAE/D,kCAAkC,KAAK,SAAS,KAAK,MAAM,KAAK,QAAQ,CAAC,CAAC;CAC3E,CAAC;;;;;;;;AAiBF,IAAa,8BAA8B,OACzC,KACA,aACmD;AACnD,KAAI;EAEF,IAAI,eAAe,IAAI,MAAM;AAE7B,MAAI,CAAC,aACH,QAAO,iBAAC,IAAI,MAAM,sBAAsB,EAAE,KAAK;AAIjD,MAAI,aAAa,SAAS,IAAI,CAC5B,gBAAe,aAAa,MAAM,GAAG,GAAG;AAI1C,MAAI,CAAC,aAAa,SAAS,oCAAoC,CAC7D,gBAAe,GAAG,aAAa;EAGjC,MAAM,aAAa,gBAAgB,UAAU,aAAa;EAC1D,MAAM,WAAW,MAAM,MAAM,WAAW;AAExC,MAAI,CAAC,SAAS,GACZ,QAAO,iBACL,IAAI,MAAM,sDAAsD,SAAS,OAAO,GAAG,SAAS,aAAa,EACzG,KACD;EAGH,MAAM,OAAO,YAAY,8BAA8B,MAAM,SAAS,MAAM,CAAC;AAG7E,MAAI,CAAC,KAAK,0BAA0B,CAAC,KAAK,eACxC,QAAO,iBAAC,IAAI,MAAM,wEAAwE,EAAE,KAAK;AAGnG,SAAO,CAAC,MAAM,KAAK;UACZ,OAAO;AACd,MAAI,iBAAiB,MACnB,QAAO,CAAC,OAAO,KAAK;AAEtB,SAAO,iBAAC,IAAI,MAAM,oDAAoD,EAAE,KAAK"}
+{"version":3,"file":"fetch-openid-connect-discovery.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/fetch-openid-connect-discovery.ts"],"sourcesContent":["import type { ErrorResponse } from '@scalar/helpers/errors/normalize-error'\nimport { redirectToProxy } from '@scalar/helpers/url/redirect-to-proxy'\nimport { type Static, Type } from '@scalar/typebox'\nimport { coerceValue } from '@scalar/workspace-store/schemas/typebox-coerce'\n\n/**\n * OpenID Connect Discovery Document (subset)\n * Represents the metadata fields consumed by the auth selector flow conversion.\n *\n * @see https://openid.net/specs/openid-connect-discovery-1_0.html\n */\nconst OpenIDConnectDiscoverySchema = Type.Object({\n  /** URL of the OAuth 2.0 Authorization Endpoint */\n  authorization_endpoint: Type.Optional(Type.String()),\n  /** URL of the OAuth 2.0 Token Endpoint */\n  token_endpoint: Type.Optional(Type.String()),\n  /** List of OAuth 2.0 scope values that this server supports */\n  scopes_supported: Type.Optional(Type.Array(Type.String())),\n  /** List of OAuth 2.0 grant type values that this server supports */\n  grant_types_supported: Type.Optional(Type.Array(Type.String())),\n  /** Supported PKCE code challenge methods (RFC 7636) */\n  code_challenge_methods_supported: Type.Optional(Type.Array(Type.String())),\n})\n\nexport type OpenIDConnectDiscovery = Static<typeof OpenIDConnectDiscoverySchema>\n\n/**\n * The required scope for OpenID Connect requests.\n * If this scope is present, the request is an OIDC request; otherwise, it is a standard OAuth 2.0 request.\n */\nexport const OPENID_SCOPE = 'openid'\n\n/**\n * Fetches the OpenID Connect discovery document from the specified URL.\n * Supports both full discovery URLs and issuer URLs.\n *\n * @param url - The OpenID Connect discovery URL or issuer URL\n * @returns The discovery document or an error\n */\nexport const fetchOpenIDConnectDiscovery = async (\n  url: string,\n  proxyUrl: string,\n): Promise<ErrorResponse<OpenIDConnectDiscovery>> => {\n  try {\n    // If the URL does not end with the well-known path, append it\n    let discoveryUrl = url.trim()\n\n    if (!discoveryUrl) {\n      return [new Error('URL cannot be empty'), null]\n    }\n\n    // Remove trailing slash if present\n    if (discoveryUrl.endsWith('/')) {\n      discoveryUrl = discoveryUrl.slice(0, -1)\n    }\n\n    // If the URL does not already include the well-known path, append it\n    if (!discoveryUrl.includes('/.well-known/openid-configuration')) {\n      discoveryUrl = `${discoveryUrl}/.well-known/openid-configuration`\n    }\n\n    const proxiedUrl = redirectToProxy(proxyUrl, discoveryUrl)\n    const response = await fetch(proxiedUrl)\n\n    if (!response.ok) {\n      return [\n        new Error(`Failed to fetch OpenID Connect discovery document: ${response.status} ${response.statusText}`),\n        null,\n      ]\n    }\n\n    const data = coerceValue(OpenIDConnectDiscoverySchema, await response.json())\n\n    // Validate that we have the essential fields\n    if (!data.authorization_endpoint && !data.token_endpoint) {\n      return [new Error('Invalid OpenID Connect discovery document: missing required endpoints'), null]\n    }\n\n    return [null, data]\n  } catch (error) {\n    if (error instanceof Error) {\n      return [error, null]\n    }\n    return [new Error('Failed to fetch OpenID Connect discovery document'), null]\n  }\n}\n"],"mappings":";;;;;;;;;;AAWA,IAAM,+BAA+B,KAAK,OAAO;CAE/C,wBAAwB,KAAK,SAAS,KAAK,QAAQ,CAAC;CAEpD,gBAAgB,KAAK,SAAS,KAAK,QAAQ,CAAC;CAE5C,kBAAkB,KAAK,SAAS,KAAK,MAAM,KAAK,QAAQ,CAAC,CAAC;CAE1D,uBAAuB,KAAK,SAAS,KAAK,MAAM,KAAK,QAAQ,CAAC,CAAC;CAE/D,kCAAkC,KAAK,SAAS,KAAK,MAAM,KAAK,QAAQ,CAAC,CAAC;CAC3E,CAAC;;;;;;;;AAiBF,IAAa,8BAA8B,OACzC,KACA,aACmD;AACnD,KAAI;EAEF,IAAI,eAAe,IAAI,MAAM;AAE7B,MAAI,CAAC,aACH,QAAO,iBAAC,IAAI,MAAM,sBAAsB,EAAE,KAAK;AAIjD,MAAI,aAAa,SAAS,IAAI,CAC5B,gBAAe,aAAa,MAAM,GAAG,GAAG;AAI1C,MAAI,CAAC,aAAa,SAAS,oCAAoC,CAC7D,gBAAe,GAAG,aAAa;EAGjC,MAAM,aAAa,gBAAgB,UAAU,aAAa;EAC1D,MAAM,WAAW,MAAM,MAAM,WAAW;AAExC,MAAI,CAAC,SAAS,GACZ,QAAO,iBACL,IAAI,MAAM,sDAAsD,SAAS,OAAO,GAAG,SAAS,aAAa,EACzG,KACD;EAGH,MAAM,OAAO,YAAY,8BAA8B,MAAM,SAAS,MAAM,CAAC;AAG7E,MAAI,CAAC,KAAK,0BAA0B,CAAC,KAAK,eACxC,QAAO,iBAAC,IAAI,MAAM,wEAAwE,EAAE,KAAK;AAGnG,SAAO,CAAC,MAAM,KAAK;UACZ,OAAO;AACd,MAAI,iBAAiB,MACnB,QAAO,CAAC,OAAO,KAAK;AAEtB,SAAO,iBAAC,IAAI,MAAM,oDAAoD,EAAE,KAAK"}

package/dist/v2/blocks/scalar-auth-selector-block/helpers/oauth.d.ts

@@ -1,6 +1,6 @@
+import type { ErrorResponse } from '@scalar/helpers/errors/normalize-error';
 import type { OAuthFlowsObjectSecret } from '@scalar/workspace-store/request-example';
 import type { ServerObject } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document';
-import type { ErrorResponse } from '../../../../libs/errors.js';
 export type OAuth2Tokens = {
     accessToken: string;
     refreshToken?: string;

package/dist/v2/blocks/scalar-auth-selector-block/helpers/oauth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/oauth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAA;AAErF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8DAA8D,CAAA;AAGhG,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAWlD,MAAM,MAAM,YAAY,GAAG;IACzB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AA4DD;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC1B,OAAO,sBAAsB,EAC7B,MAAM,MAAM,sBAAsB,EAClC,gBAAgB,MAAM,EAAE;AACxB,wEAAwE;AACxE,cAAc,YAAY,GAAG,IAAI;AACjC,kCAAkC;AAClC,UAAU,MAAM;AAChB,6FAA6F;AAC7F,uBAAsB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,KAChD,OAAO,CAAC,aAAa,CAAC,YAAY,CAAC,CAwLrC,CAAA"}
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wCAAwC,CAAA;AAK3E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAA;AAErF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8DAA8D,CAAA;AAYhG,MAAM,MAAM,YAAY,GAAG;IACzB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AA4DD;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC1B,OAAO,sBAAsB,EAC7B,MAAM,MAAM,sBAAsB,EAClC,gBAAgB,MAAM,EAAE;AACxB,wEAAwE;AACxE,cAAc,YAAY,GAAG,IAAI;AACjC,kCAAkC;AAClC,UAAU,MAAM;AAChB,6FAA6F;AAC7F,uBAAsB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,KAChD,OAAO,CAAC,aAAa,CAAC,YAAY,CAAC,CAwLrC,CAAA"}

package/dist/v2/blocks/scalar-auth-selector-block/helpers/oauth.js

@@ -1,9 +1,9 @@
-import { encode, fromUint8Array } from "js-base64";
-import { shouldUseProxy } from "@scalar/helpers/url/redirect-to-proxy";
+import { makeUrlAbsolute } from "@scalar/helpers/url/make-url-absolute";
 import { getServerVariables } from "@scalar/workspace-store/request-example";
+import { encode, fromUint8Array } from "js-base64";
 import { replaceEnvVariables, replacePathVariables } from "@scalar/helpers/regex/replace-variables";
 import { isRelativePath } from "@scalar/helpers/url/is-relative-path";
-import { makeUrlAbsolute } from "@scalar/helpers/url/make-url-absolute";
+import { shouldUseProxy } from "@scalar/helpers/url/redirect-to-proxy";
 //#region src/v2/blocks/scalar-auth-selector-block/helpers/oauth.ts
 var getServerUrl = (activeServer, environmentVariables = {}) => {
 	return replaceEnvVariables(replacePathVariables(activeServer?.url ?? "", getServerVariables(activeServer)), environmentVariables);

package/dist/v2/blocks/scalar-auth-selector-block/helpers/oauth.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/oauth.ts"],"sourcesContent":["import { replaceEnvVariables, replacePathVariables } from '@scalar/helpers/regex/replace-variables'\nimport { isRelativePath } from '@scalar/helpers/url/is-relative-path'\nimport { makeUrlAbsolute } from '@scalar/helpers/url/make-url-absolute'\nimport { shouldUseProxy } from '@scalar/helpers/url/redirect-to-proxy'\nimport type { OAuthFlowsObjectSecret } from '@scalar/workspace-store/request-example'\nimport { getServerVariables } from '@scalar/workspace-store/request-example'\nimport type { ServerObject } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { encode, fromUint8Array } from 'js-base64'\n\nimport type { ErrorResponse } from '@/libs/errors'\n\n/** Oauth2 security schemes which are not implicit */\ntype NonImplicitFlows = Omit<OAuthFlowsObjectSecret, 'implicit'>\n\ntype PKCEState = {\n  codeVerifier: string\n  codeChallenge: string\n  codeChallengeMethod: string\n}\n\nexport type OAuth2Tokens = {\n  accessToken: string\n  refreshToken?: string\n}\n\nconst getServerUrl = (activeServer: ServerObject | null, environmentVariables: Record<string, string> = {}) => {\n  return replaceEnvVariables(\n    replacePathVariables(activeServer?.url ?? '', getServerVariables(activeServer)),\n    environmentVariables,\n  )\n}\n\nconst getActiveServerBase = (activeServer: ServerObject | null, environmentVariables: Record<string, string> = {}) => {\n  const serverUrl = getServerUrl(activeServer, environmentVariables)\n\n  if (!serverUrl) {\n    return {}\n  }\n\n  if (isRelativePath(serverUrl)) {\n    return typeof window === 'undefined' ? {} : { basePath: serverUrl }\n  }\n\n  return { baseUrl: serverUrl }\n}\n\n/**\n * Generates a random string for PKCE code verifier\n *\n * @see https://www.rfc-editor.org/rfc/rfc7636#page-8\n */\nconst generateCodeVerifier = (): string => {\n  // Generate 32 random bytes\n  const buffer = new Uint8Array(32)\n  crypto.getRandomValues(buffer)\n\n  // Base64URL encode the bytes\n  return fromUint8Array(buffer, true)\n}\n\n/**\n * Creates a code challenge from the code verifier\n */\nconst generateCodeChallenge = async (verifier: string, encoding: 'SHA-256' | 'plain'): Promise<string> => {\n  if (encoding === 'plain') {\n    return verifier\n  }\n\n  // If crypto.subtle.digest is not a function, we cannot use SHA-256\n  if (typeof crypto?.subtle?.digest !== 'function') {\n    console.warn('SHA-256 is only supported when using https, using a plain text code challenge instead.')\n    return verifier\n  }\n\n  // ASCII encoding is just taking the lower 8 bits of each character\n  const encoder = new TextEncoder()\n  const data = encoder.encode(verifier)\n  const digest = await crypto.subtle.digest('SHA-256', data)\n\n  // Base64URL encode the bytes\n  return fromUint8Array(new Uint8Array(digest), true)\n}\n\n/**\n * Authorize oauth2 flow\n *\n * @returns the resolved oauth2 tokens\n */\nexport const authorizeOauth2 = async (\n  flows: OAuthFlowsObjectSecret,\n  type: keyof OAuthFlowsObjectSecret,\n  selectedScopes: string[],\n  /** We use the active server to set a base for relative redirect uris */\n  activeServer: ServerObject | null,\n  /** If we want to use the proxy */\n  proxyUrl: string,\n  /** Flattened environment variables used to resolve server URL templates like `{protocol}` */\n  environmentVariables: Record<string, string> = {},\n): Promise<ErrorResponse<OAuth2Tokens>> => {\n  const flow = flows[type]\n\n  try {\n    if (!flow) {\n      return [new Error('Flow not found'), null]\n    }\n\n    const scopes = selectedScopes.join(' ')\n\n    // Client Credentials or Password Flow\n    if (type === 'clientCredentials' || type === 'password') {\n      return authorizeServers(\n        flows,\n        type,\n        scopes,\n        {\n          proxyUrl,\n        },\n        activeServer,\n        environmentVariables,\n      )\n    }\n\n    // Generate a random state string with the length of 8 characters\n    const state = (Math.random() + 1).toString(36).substring(2, 10)\n\n    const authorizationUrl = makeUrlAbsolute(\n      flows[type]!['x-scalar-secret-auth-url'] ?? flows[type]!.authorizationUrl,\n      getActiveServerBase(activeServer, environmentVariables),\n    )\n\n    const url = new URL(authorizationUrl)\n\n    /** Special PKCE state */\n    let pkce: PKCEState | null = null\n\n    // Params unique to the flows\n    if (type === 'implicit') {\n      url.searchParams.set('response_type', 'token')\n    } else if (type === 'authorizationCode') {\n      const typedFlow = flows[type]! // Safe to assert due to earlier check\n\n      url.searchParams.set('response_type', 'code')\n\n      // PKCE\n      if (typedFlow['x-usePkce'] !== 'no') {\n        const codeVerifier = generateCodeVerifier()\n        const codeChallenge = await generateCodeChallenge(codeVerifier, typedFlow['x-usePkce'])\n\n        // Set state for later verification\n        pkce = {\n          codeVerifier,\n          codeChallenge,\n          codeChallengeMethod: typedFlow['x-usePkce'] === 'SHA-256' ? 'S256' : 'plain',\n        }\n\n        // Set the code challenge and method on the url\n        url.searchParams.set('code_challenge', codeChallenge)\n        url.searchParams.set('code_challenge_method', pkce.codeChallengeMethod)\n      }\n    }\n\n    const typedFlow = flows[type]! // Safe to assert due to earlier check\n\n    // Handle relative redirect uris\n    if (typedFlow['x-scalar-secret-redirect-uri'].startsWith('/')) {\n      const baseUrl =\n        getServerUrl(activeServer, environmentVariables) || window.location.origin + window.location.pathname\n      const redirectUri = new URL(typedFlow['x-scalar-secret-redirect-uri'], baseUrl).toString()\n\n      url.searchParams.set('redirect_uri', redirectUri)\n    } else {\n      url.searchParams.set('redirect_uri', typedFlow['x-scalar-secret-redirect-uri'])\n    }\n\n    if (flow['x-scalar-security-query']) {\n      Object.keys(flow['x-scalar-security-query']).forEach((key: string): void => {\n        const value = flow['x-scalar-security-query']?.[key]\n        if (!value) {\n          return\n        }\n        url.searchParams.set(key, value)\n      })\n    }\n\n    // Common to all flows\n    url.searchParams.set('client_id', flow['x-scalar-secret-client-id'])\n    url.searchParams.set('state', state)\n    if (scopes) {\n      url.searchParams.set('scope', scopes)\n    }\n\n    const windowFeatures = 'left=100,top=100,width=800,height=600'\n    const authWindow = window.open(url, 'openAuth2Window', windowFeatures)\n\n    // Open up a window and poll until closed or we have the data we want\n    if (authWindow) {\n      // We need to return a promise here due to the setInterval\n      return new Promise<ErrorResponse<OAuth2Tokens>>((resolve) => {\n        const checkWindowClosed = setInterval(() => {\n          let accessToken: string | null = null\n          let refreshToken: string | null = null\n          let code: string | null = null\n          let error: string | null = null\n          let errorDescription: string | null = null\n\n          try {\n            const urlParams = new URL(authWindow.location.href).searchParams\n            const tokenName = flow['x-tokenName'] || 'access_token'\n            accessToken = urlParams.get(tokenName)\n            refreshToken = urlParams.get('refresh_token')\n            code = urlParams.get('code')\n\n            error = urlParams.get('error')\n            errorDescription = urlParams.get('error_description')\n\n            // We may get the properties in a hash\n            const hashParams = new URLSearchParams(authWindow.location.href.split('#')[1])\n            accessToken ||= hashParams.get(tokenName)\n            refreshToken ||= hashParams.get('refresh_token')\n            code ||= hashParams.get('code')\n            error ||= hashParams.get('error')\n            errorDescription ||= hashParams.get('error_description')\n          } catch (_e) {\n            // Ignore CORS error from popup\n          }\n\n          // The window has closed OR we have what we are looking for so we stop polling\n          if (authWindow.closed || accessToken || code || error) {\n            clearInterval(checkWindowClosed)\n            authWindow.close()\n\n            if (error) {\n              resolve([new Error(`OAuth error: ${error}${errorDescription ? ` (${errorDescription})` : ''}`), null])\n            }\n\n            // Implicit Flow\n            else if (accessToken) {\n              // State is a hash fragment and cannot be found through search params\n              const _state = authWindow.location.href.match(/state=([^&]*)/)?.[1]\n\n              if (_state === state) {\n                resolve([null, { accessToken, ...(refreshToken ? { refreshToken } : {}) }])\n              } else {\n                resolve([new Error('State mismatch'), null])\n              }\n            }\n\n            // Authorization Code Server Flow\n            else if (code && type === 'authorizationCode') {\n              const _state = new URL(authWindow.location.href).searchParams.get('state')\n\n              if (_state === state) {\n                // biome-ignore lint/nursery/noFloatingPromises: output of authorizeServers must be returned\n                authorizeServers(\n                  flows,\n                  type,\n                  scopes,\n                  {\n                    code,\n                    pkce,\n                    proxyUrl,\n                  },\n                  activeServer,\n                  environmentVariables,\n                ).then(resolve)\n              } else {\n                resolve([new Error('State mismatch'), null])\n              }\n            }\n            // User closed window without authorizing\n            else {\n              clearInterval(checkWindowClosed)\n              resolve([new Error('Window was closed without granting authorization'), null])\n            }\n          }\n        }, 200)\n      })\n    }\n    return [new Error('Failed to open auth window'), null]\n  } catch (_) {\n    return [new Error('Failed to authorize oauth2 flow'), null]\n  }\n}\n\n/**\n * Makes the BE authorization call to grab the token server to server\n * Used for clientCredentials and authorizationCode\n */\nconst authorizeServers = async (\n  flows: NonImplicitFlows,\n  type: keyof NonImplicitFlows,\n  scopes: string,\n  {\n    code,\n    pkce,\n    proxyUrl,\n  }: {\n    code?: string\n    pkce?: PKCEState | null\n    proxyUrl?: string\n  } = {},\n  activeServer: ServerObject | null,\n  environmentVariables: Record<string, string> = {},\n): Promise<ErrorResponse<OAuth2Tokens>> => {\n  const flow = flows[type]\n\n  if (!flow) {\n    return [new Error('OAuth2 flow was not defined'), null]\n  }\n\n  const formData = new URLSearchParams()\n\n  // Only client credentials and password flows support scopes in the token request\n  if (scopes && (type === 'clientCredentials' || type === 'password')) {\n    formData.set('scope', scopes)\n  }\n\n  /** Where to add the credentials */\n  const addCredentialsToBody = flow['x-scalar-credentials-location'] === 'body'\n  const hasClientSecret = Boolean(flow['x-scalar-secret-client-secret'])\n  /**\n   * Public authorization-code clients still need client_id in the token body.\n   * We only send it implicitly for that case to avoid conflicting with Basic auth.\n   */\n  const shouldSendClientIdInBody = addCredentialsToBody || (type === 'authorizationCode' && !hasClientSecret)\n\n  if (shouldSendClientIdInBody) {\n    formData.set('client_id', flow['x-scalar-secret-client-id'])\n  }\n  if (addCredentialsToBody && hasClientSecret) {\n    formData.set('client_secret', flow['x-scalar-secret-client-secret'])\n  }\n  if ('x-scalar-secret-redirect-uri' in flow && flow['x-scalar-secret-redirect-uri']) {\n    formData.set('redirect_uri', flow['x-scalar-secret-redirect-uri'])\n  }\n\n  // Authorization Code\n  if (code) {\n    formData.set('code', code)\n    formData.set('grant_type', 'authorization_code')\n\n    // PKCE\n    if (pkce) {\n      formData.set('code_verifier', pkce.codeVerifier)\n    }\n  }\n  // Password\n  else if (type === 'password') {\n    const typedFlow = flows[type]! // Safe to assert due to earlier check\n    formData.set('grant_type', 'password')\n    formData.set('username', typedFlow['x-scalar-secret-username'])\n    formData.set('password', typedFlow['x-scalar-secret-password'])\n  }\n  // Client Credentials\n  else {\n    formData.set('grant_type', 'client_credentials')\n  }\n\n  // Additional request body parameters\n  if (flow['x-scalar-security-body']) {\n    Object.entries(flow['x-scalar-security-body']).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        formData.set(key, String(value))\n      }\n    })\n  }\n\n  try {\n    const headers: Record<string, string> = {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    }\n\n    // Add client id + secret to headers for confidential clients.\n    if (!addCredentialsToBody && hasClientSecret) {\n      headers.Authorization = `Basic ${encode(`${flow['x-scalar-secret-client-id']}:${flow['x-scalar-secret-client-secret']}`)}`\n    }\n\n    // Check if we should use the proxy\n    const tokenUrl = makeUrlAbsolute(\n      flow['x-scalar-secret-token-url'] ?? flow.tokenUrl,\n      getActiveServerBase(activeServer, environmentVariables),\n    )\n    const url = shouldUseProxy(proxyUrl, tokenUrl)\n      ? `${proxyUrl}?${new URLSearchParams([['scalar_url', tokenUrl]]).toString()}`\n      : tokenUrl\n\n    // Make the call\n    const resp = await fetch(url, {\n      method: 'POST',\n      headers,\n      body: formData,\n    })\n    const responseData = await resp.json()\n\n    // Use custom token name if specified, otherwise default to access_token\n    const tokenName = flow['x-tokenName'] || 'access_token'\n    const accessToken = responseData[tokenName]\n    const refreshToken = responseData.refresh_token\n\n    return [null, { accessToken, ...(typeof refreshToken === 'string' ? { refreshToken } : {}) }]\n  } catch {\n    return [new Error('Failed to get an access token. Please check your credentials.'), null]\n  }\n}\n"],"mappings":";;;;;;;AAyBA,IAAM,gBAAgB,cAAmC,uBAA+C,EAAE,KAAK;AAC7G,QAAO,oBACL,qBAAqB,cAAc,OAAO,IAAI,mBAAmB,aAAa,CAAC,EAC/E,qBACD;;AAGH,IAAM,uBAAuB,cAAmC,uBAA+C,EAAE,KAAK;CACpH,MAAM,YAAY,aAAa,cAAc,qBAAqB;AAElE,KAAI,CAAC,UACH,QAAO,EAAE;AAGX,KAAI,eAAe,UAAU,CAC3B,QAAO,OAAO,WAAW,cAAc,EAAE,GAAG,EAAE,UAAU,WAAW;AAGrE,QAAO,EAAE,SAAS,WAAW;;;;;;;AAQ/B,IAAM,6BAAqC;CAEzC,MAAM,SAAS,IAAI,WAAW,GAAG;AACjC,QAAO,gBAAgB,OAAO;AAG9B,QAAO,eAAe,QAAQ,KAAK;;;;;AAMrC,IAAM,wBAAwB,OAAO,UAAkB,aAAmD;AACxG,KAAI,aAAa,QACf,QAAO;AAIT,KAAI,OAAO,QAAQ,QAAQ,WAAW,YAAY;AAChD,UAAQ,KAAK,yFAAyF;AACtG,SAAO;;CAKT,MAAM,OADU,IAAI,aAAa,CACZ,OAAO,SAAS;CACrC,MAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK;AAG1D,QAAO,eAAe,IAAI,WAAW,OAAO,EAAE,KAAK;;;;;;;AAQrD,IAAa,kBAAkB,OAC7B,OACA,MACA,gBAEA,cAEA,UAEA,uBAA+C,EAAE,KACR;CACzC,MAAM,OAAO,MAAM;AAEnB,KAAI;AACF,MAAI,CAAC,KACH,QAAO,iBAAC,IAAI,MAAM,iBAAiB,EAAE,KAAK;EAG5C,MAAM,SAAS,eAAe,KAAK,IAAI;AAGvC,MAAI,SAAS,uBAAuB,SAAS,WAC3C,QAAO,iBACL,OACA,MACA,QACA,EACE,UACD,EACD,cACA,qBACD;EAIH,MAAM,SAAS,KAAK,QAAQ,GAAG,GAAG,SAAS,GAAG,CAAC,UAAU,GAAG,GAAG;EAE/D,MAAM,mBAAmB,gBACvB,MAAM,MAAO,+BAA+B,MAAM,MAAO,kBACzD,oBAAoB,cAAc,qBAAqB,CACxD;EAED,MAAM,MAAM,IAAI,IAAI,iBAAiB;;EAGrC,IAAI,OAAyB;AAG7B,MAAI,SAAS,WACX,KAAI,aAAa,IAAI,iBAAiB,QAAQ;WACrC,SAAS,qBAAqB;GACvC,MAAM,YAAY,MAAM;AAExB,OAAI,aAAa,IAAI,iBAAiB,OAAO;AAG7C,OAAI,UAAU,iBAAiB,MAAM;IACnC,MAAM,eAAe,sBAAsB;IAC3C,MAAM,gBAAgB,MAAM,sBAAsB,cAAc,UAAU,aAAa;AAGvF,WAAO;KACL;KACA;KACA,qBAAqB,UAAU,iBAAiB,YAAY,SAAS;KACtE;AAGD,QAAI,aAAa,IAAI,kBAAkB,cAAc;AACrD,QAAI,aAAa,IAAI,yBAAyB,KAAK,oBAAoB;;;EAI3E,MAAM,YAAY,MAAM;AAGxB,MAAI,UAAU,gCAAgC,WAAW,IAAI,EAAE;GAC7D,MAAM,UACJ,aAAa,cAAc,qBAAqB,IAAI,OAAO,SAAS,SAAS,OAAO,SAAS;GAC/F,MAAM,cAAc,IAAI,IAAI,UAAU,iCAAiC,QAAQ,CAAC,UAAU;AAE1F,OAAI,aAAa,IAAI,gBAAgB,YAAY;QAEjD,KAAI,aAAa,IAAI,gBAAgB,UAAU,gCAAgC;AAGjF,MAAI,KAAK,2BACP,QAAO,KAAK,KAAK,2BAA2B,CAAC,SAAS,QAAsB;GAC1E,MAAM,QAAQ,KAAK,6BAA6B;AAChD,OAAI,CAAC,MACH;AAEF,OAAI,aAAa,IAAI,KAAK,MAAM;IAChC;AAIJ,MAAI,aAAa,IAAI,aAAa,KAAK,6BAA6B;AACpE,MAAI,aAAa,IAAI,SAAS,MAAM;AACpC,MAAI,OACF,KAAI,aAAa,IAAI,SAAS,OAAO;EAIvC,MAAM,aAAa,OAAO,KAAK,KAAK,mBADb,wCAC+C;AAGtE,MAAI,WAEF,QAAO,IAAI,SAAsC,YAAY;GAC3D,MAAM,oBAAoB,kBAAkB;IAC1C,IAAI,cAA6B;IACjC,IAAI,eAA8B;IAClC,IAAI,OAAsB;IAC1B,IAAI,QAAuB;IAC3B,IAAI,mBAAkC;AAEtC,QAAI;KACF,MAAM,YAAY,IAAI,IAAI,WAAW,SAAS,KAAK,CAAC;KACpD,MAAM,YAAY,KAAK,kBAAkB;AACzC,mBAAc,UAAU,IAAI,UAAU;AACtC,oBAAe,UAAU,IAAI,gBAAgB;AAC7C,YAAO,UAAU,IAAI,OAAO;AAE5B,aAAQ,UAAU,IAAI,QAAQ;AAC9B,wBAAmB,UAAU,IAAI,oBAAoB;KAGrD,MAAM,aAAa,IAAI,gBAAgB,WAAW,SAAS,KAAK,MAAM,IAAI,CAAC,GAAG;AAC9E,qBAAgB,WAAW,IAAI,UAAU;AACzC,sBAAiB,WAAW,IAAI,gBAAgB;AAChD,cAAS,WAAW,IAAI,OAAO;AAC/B,eAAU,WAAW,IAAI,QAAQ;AACjC,0BAAqB,WAAW,IAAI,oBAAoB;aACjD,IAAI;AAKb,QAAI,WAAW,UAAU,eAAe,QAAQ,OAAO;AACrD,mBAAc,kBAAkB;AAChC,gBAAW,OAAO;AAElB,SAAI,MACF,SAAQ,iBAAC,IAAI,MAAM,gBAAgB,QAAQ,mBAAmB,KAAK,iBAAiB,KAAK,KAAK,EAAE,KAAK,CAAC;cAI/F,YAIP,KAFe,WAAW,SAAS,KAAK,MAAM,gBAAgB,GAAG,OAElD,MACb,SAAQ,CAAC,MAAM;MAAE;MAAa,GAAI,eAAe,EAAE,cAAc,GAAG,EAAE;MAAG,CAAC,CAAC;SAE3E,SAAQ,iBAAC,IAAI,MAAM,iBAAiB,EAAE,KAAK,CAAC;cAKvC,QAAQ,SAAS,oBAGxB,KAFe,IAAI,IAAI,WAAW,SAAS,KAAK,CAAC,aAAa,IAAI,QAAQ,KAE3D,MAEb,kBACE,OACA,MACA,QACA;MACE;MACA;MACA;MACD,EACD,cACA,qBACD,CAAC,KAAK,QAAQ;SAEf,SAAQ,iBAAC,IAAI,MAAM,iBAAiB,EAAE,KAAK,CAAC;UAI3C;AACH,oBAAc,kBAAkB;AAChC,cAAQ,iBAAC,IAAI,MAAM,mDAAmD,EAAE,KAAK,CAAC;;;MAGjF,IAAI;IACP;AAEJ,SAAO,iBAAC,IAAI,MAAM,6BAA6B,EAAE,KAAK;UAC/C,GAAG;AACV,SAAO,iBAAC,IAAI,MAAM,kCAAkC,EAAE,KAAK;;;;;;;AAQ/D,IAAM,mBAAmB,OACvB,OACA,MACA,QACA,EACE,MACA,MACA,aAKE,EAAE,EACN,cACA,uBAA+C,EAAE,KACR;CACzC,MAAM,OAAO,MAAM;AAEnB,KAAI,CAAC,KACH,QAAO,iBAAC,IAAI,MAAM,8BAA8B,EAAE,KAAK;CAGzD,MAAM,WAAW,IAAI,iBAAiB;AAGtC,KAAI,WAAW,SAAS,uBAAuB,SAAS,YACtD,UAAS,IAAI,SAAS,OAAO;;CAI/B,MAAM,uBAAuB,KAAK,qCAAqC;CACvE,MAAM,kBAAkB,QAAQ,KAAK,iCAAiC;AAOtE,KAFiC,wBAAyB,SAAS,uBAAuB,CAAC,gBAGzF,UAAS,IAAI,aAAa,KAAK,6BAA6B;AAE9D,KAAI,wBAAwB,gBAC1B,UAAS,IAAI,iBAAiB,KAAK,iCAAiC;AAEtE,KAAI,kCAAkC,QAAQ,KAAK,gCACjD,UAAS,IAAI,gBAAgB,KAAK,gCAAgC;AAIpE,KAAI,MAAM;AACR,WAAS,IAAI,QAAQ,KAAK;AAC1B,WAAS,IAAI,cAAc,qBAAqB;AAGhD,MAAI,KACF,UAAS,IAAI,iBAAiB,KAAK,aAAa;YAI3C,SAAS,YAAY;EAC5B,MAAM,YAAY,MAAM;AACxB,WAAS,IAAI,cAAc,WAAW;AACtC,WAAS,IAAI,YAAY,UAAU,4BAA4B;AAC/D,WAAS,IAAI,YAAY,UAAU,4BAA4B;OAI/D,UAAS,IAAI,cAAc,qBAAqB;AAIlD,KAAI,KAAK,0BACP,QAAO,QAAQ,KAAK,0BAA0B,CAAC,SAAS,CAAC,KAAK,WAAW;AACvE,MAAI,UAAU,KAAA,KAAa,UAAU,KACnC,UAAS,IAAI,KAAK,OAAO,MAAM,CAAC;GAElC;AAGJ,KAAI;EACF,MAAM,UAAkC,EACtC,gBAAgB,qCACjB;AAGD,MAAI,CAAC,wBAAwB,gBAC3B,SAAQ,gBAAgB,SAAS,OAAO,GAAG,KAAK,6BAA6B,GAAG,KAAK,mCAAmC;EAI1H,MAAM,WAAW,gBACf,KAAK,gCAAgC,KAAK,UAC1C,oBAAoB,cAAc,qBAAqB,CACxD;EACD,MAAM,MAAM,eAAe,UAAU,SAAS,GAC1C,GAAG,SAAS,GAAG,IAAI,gBAAgB,CAAC,CAAC,cAAc,SAAS,CAAC,CAAC,CAAC,UAAU,KACzE;EAQJ,MAAM,eAAe,OALR,MAAM,MAAM,KAAK;GAC5B,QAAQ;GACR;GACA,MAAM;GACP,CAAC,EAC8B,MAAM;EAItC,MAAM,cAAc,aADF,KAAK,kBAAkB;EAEzC,MAAM,eAAe,aAAa;AAElC,SAAO,CAAC,MAAM;GAAE;GAAa,GAAI,OAAO,iBAAiB,WAAW,EAAE,cAAc,GAAG,EAAE;GAAG,CAAC;SACvF;AACN,SAAO,iBAAC,IAAI,MAAM,gEAAgE,EAAE,KAAK"}
+{"version":3,"file":"oauth.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/oauth.ts"],"sourcesContent":["import type { ErrorResponse } from '@scalar/helpers/errors/normalize-error'\nimport { replaceEnvVariables, replacePathVariables } from '@scalar/helpers/regex/replace-variables'\nimport { isRelativePath } from '@scalar/helpers/url/is-relative-path'\nimport { makeUrlAbsolute } from '@scalar/helpers/url/make-url-absolute'\nimport { shouldUseProxy } from '@scalar/helpers/url/redirect-to-proxy'\nimport type { OAuthFlowsObjectSecret } from '@scalar/workspace-store/request-example'\nimport { getServerVariables } from '@scalar/workspace-store/request-example'\nimport type { ServerObject } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document'\nimport { encode, fromUint8Array } from 'js-base64'\n\n/** Oauth2 security schemes which are not implicit */\ntype NonImplicitFlows = Omit<OAuthFlowsObjectSecret, 'implicit'>\n\ntype PKCEState = {\n  codeVerifier: string\n  codeChallenge: string\n  codeChallengeMethod: string\n}\n\nexport type OAuth2Tokens = {\n  accessToken: string\n  refreshToken?: string\n}\n\nconst getServerUrl = (activeServer: ServerObject | null, environmentVariables: Record<string, string> = {}) => {\n  return replaceEnvVariables(\n    replacePathVariables(activeServer?.url ?? '', getServerVariables(activeServer)),\n    environmentVariables,\n  )\n}\n\nconst getActiveServerBase = (activeServer: ServerObject | null, environmentVariables: Record<string, string> = {}) => {\n  const serverUrl = getServerUrl(activeServer, environmentVariables)\n\n  if (!serverUrl) {\n    return {}\n  }\n\n  if (isRelativePath(serverUrl)) {\n    return typeof window === 'undefined' ? {} : { basePath: serverUrl }\n  }\n\n  return { baseUrl: serverUrl }\n}\n\n/**\n * Generates a random string for PKCE code verifier\n *\n * @see https://www.rfc-editor.org/rfc/rfc7636#page-8\n */\nconst generateCodeVerifier = (): string => {\n  // Generate 32 random bytes\n  const buffer = new Uint8Array(32)\n  crypto.getRandomValues(buffer)\n\n  // Base64URL encode the bytes\n  return fromUint8Array(buffer, true)\n}\n\n/**\n * Creates a code challenge from the code verifier\n */\nconst generateCodeChallenge = async (verifier: string, encoding: 'SHA-256' | 'plain'): Promise<string> => {\n  if (encoding === 'plain') {\n    return verifier\n  }\n\n  // If crypto.subtle.digest is not a function, we cannot use SHA-256\n  if (typeof crypto?.subtle?.digest !== 'function') {\n    console.warn('SHA-256 is only supported when using https, using a plain text code challenge instead.')\n    return verifier\n  }\n\n  // ASCII encoding is just taking the lower 8 bits of each character\n  const encoder = new TextEncoder()\n  const data = encoder.encode(verifier)\n  const digest = await crypto.subtle.digest('SHA-256', data)\n\n  // Base64URL encode the bytes\n  return fromUint8Array(new Uint8Array(digest), true)\n}\n\n/**\n * Authorize oauth2 flow\n *\n * @returns the resolved oauth2 tokens\n */\nexport const authorizeOauth2 = async (\n  flows: OAuthFlowsObjectSecret,\n  type: keyof OAuthFlowsObjectSecret,\n  selectedScopes: string[],\n  /** We use the active server to set a base for relative redirect uris */\n  activeServer: ServerObject | null,\n  /** If we want to use the proxy */\n  proxyUrl: string,\n  /** Flattened environment variables used to resolve server URL templates like `{protocol}` */\n  environmentVariables: Record<string, string> = {},\n): Promise<ErrorResponse<OAuth2Tokens>> => {\n  const flow = flows[type]\n\n  try {\n    if (!flow) {\n      return [new Error('Flow not found'), null]\n    }\n\n    const scopes = selectedScopes.join(' ')\n\n    // Client Credentials or Password Flow\n    if (type === 'clientCredentials' || type === 'password') {\n      return authorizeServers(\n        flows,\n        type,\n        scopes,\n        {\n          proxyUrl,\n        },\n        activeServer,\n        environmentVariables,\n      )\n    }\n\n    // Generate a random state string with the length of 8 characters\n    const state = (Math.random() + 1).toString(36).substring(2, 10)\n\n    const authorizationUrl = makeUrlAbsolute(\n      flows[type]!['x-scalar-secret-auth-url'] ?? flows[type]!.authorizationUrl,\n      getActiveServerBase(activeServer, environmentVariables),\n    )\n\n    const url = new URL(authorizationUrl)\n\n    /** Special PKCE state */\n    let pkce: PKCEState | null = null\n\n    // Params unique to the flows\n    if (type === 'implicit') {\n      url.searchParams.set('response_type', 'token')\n    } else if (type === 'authorizationCode') {\n      const typedFlow = flows[type]! // Safe to assert due to earlier check\n\n      url.searchParams.set('response_type', 'code')\n\n      // PKCE\n      if (typedFlow['x-usePkce'] !== 'no') {\n        const codeVerifier = generateCodeVerifier()\n        const codeChallenge = await generateCodeChallenge(codeVerifier, typedFlow['x-usePkce'])\n\n        // Set state for later verification\n        pkce = {\n          codeVerifier,\n          codeChallenge,\n          codeChallengeMethod: typedFlow['x-usePkce'] === 'SHA-256' ? 'S256' : 'plain',\n        }\n\n        // Set the code challenge and method on the url\n        url.searchParams.set('code_challenge', codeChallenge)\n        url.searchParams.set('code_challenge_method', pkce.codeChallengeMethod)\n      }\n    }\n\n    const typedFlow = flows[type]! // Safe to assert due to earlier check\n\n    // Handle relative redirect uris\n    if (typedFlow['x-scalar-secret-redirect-uri'].startsWith('/')) {\n      const baseUrl =\n        getServerUrl(activeServer, environmentVariables) || window.location.origin + window.location.pathname\n      const redirectUri = new URL(typedFlow['x-scalar-secret-redirect-uri'], baseUrl).toString()\n\n      url.searchParams.set('redirect_uri', redirectUri)\n    } else {\n      url.searchParams.set('redirect_uri', typedFlow['x-scalar-secret-redirect-uri'])\n    }\n\n    if (flow['x-scalar-security-query']) {\n      Object.keys(flow['x-scalar-security-query']).forEach((key: string): void => {\n        const value = flow['x-scalar-security-query']?.[key]\n        if (!value) {\n          return\n        }\n        url.searchParams.set(key, value)\n      })\n    }\n\n    // Common to all flows\n    url.searchParams.set('client_id', flow['x-scalar-secret-client-id'])\n    url.searchParams.set('state', state)\n    if (scopes) {\n      url.searchParams.set('scope', scopes)\n    }\n\n    const windowFeatures = 'left=100,top=100,width=800,height=600'\n    const authWindow = window.open(url, 'openAuth2Window', windowFeatures)\n\n    // Open up a window and poll until closed or we have the data we want\n    if (authWindow) {\n      // We need to return a promise here due to the setInterval\n      return new Promise<ErrorResponse<OAuth2Tokens>>((resolve) => {\n        const checkWindowClosed = setInterval(() => {\n          let accessToken: string | null = null\n          let refreshToken: string | null = null\n          let code: string | null = null\n          let error: string | null = null\n          let errorDescription: string | null = null\n\n          try {\n            const urlParams = new URL(authWindow.location.href).searchParams\n            const tokenName = flow['x-tokenName'] || 'access_token'\n            accessToken = urlParams.get(tokenName)\n            refreshToken = urlParams.get('refresh_token')\n            code = urlParams.get('code')\n\n            error = urlParams.get('error')\n            errorDescription = urlParams.get('error_description')\n\n            // We may get the properties in a hash\n            const hashParams = new URLSearchParams(authWindow.location.href.split('#')[1])\n            accessToken ||= hashParams.get(tokenName)\n            refreshToken ||= hashParams.get('refresh_token')\n            code ||= hashParams.get('code')\n            error ||= hashParams.get('error')\n            errorDescription ||= hashParams.get('error_description')\n          } catch (_e) {\n            // Ignore CORS error from popup\n          }\n\n          // The window has closed OR we have what we are looking for so we stop polling\n          if (authWindow.closed || accessToken || code || error) {\n            clearInterval(checkWindowClosed)\n            authWindow.close()\n\n            if (error) {\n              resolve([new Error(`OAuth error: ${error}${errorDescription ? ` (${errorDescription})` : ''}`), null])\n            }\n\n            // Implicit Flow\n            else if (accessToken) {\n              // State is a hash fragment and cannot be found through search params\n              const _state = authWindow.location.href.match(/state=([^&]*)/)?.[1]\n\n              if (_state === state) {\n                resolve([null, { accessToken, ...(refreshToken ? { refreshToken } : {}) }])\n              } else {\n                resolve([new Error('State mismatch'), null])\n              }\n            }\n\n            // Authorization Code Server Flow\n            else if (code && type === 'authorizationCode') {\n              const _state = new URL(authWindow.location.href).searchParams.get('state')\n\n              if (_state === state) {\n                // biome-ignore lint/nursery/noFloatingPromises: output of authorizeServers must be returned\n                authorizeServers(\n                  flows,\n                  type,\n                  scopes,\n                  {\n                    code,\n                    pkce,\n                    proxyUrl,\n                  },\n                  activeServer,\n                  environmentVariables,\n                ).then(resolve)\n              } else {\n                resolve([new Error('State mismatch'), null])\n              }\n            }\n            // User closed window without authorizing\n            else {\n              clearInterval(checkWindowClosed)\n              resolve([new Error('Window was closed without granting authorization'), null])\n            }\n          }\n        }, 200)\n      })\n    }\n    return [new Error('Failed to open auth window'), null]\n  } catch (_) {\n    return [new Error('Failed to authorize oauth2 flow'), null]\n  }\n}\n\n/**\n * Makes the BE authorization call to grab the token server to server\n * Used for clientCredentials and authorizationCode\n */\nconst authorizeServers = async (\n  flows: NonImplicitFlows,\n  type: keyof NonImplicitFlows,\n  scopes: string,\n  {\n    code,\n    pkce,\n    proxyUrl,\n  }: {\n    code?: string\n    pkce?: PKCEState | null\n    proxyUrl?: string\n  } = {},\n  activeServer: ServerObject | null,\n  environmentVariables: Record<string, string> = {},\n): Promise<ErrorResponse<OAuth2Tokens>> => {\n  const flow = flows[type]\n\n  if (!flow) {\n    return [new Error('OAuth2 flow was not defined'), null]\n  }\n\n  const formData = new URLSearchParams()\n\n  // Only client credentials and password flows support scopes in the token request\n  if (scopes && (type === 'clientCredentials' || type === 'password')) {\n    formData.set('scope', scopes)\n  }\n\n  /** Where to add the credentials */\n  const addCredentialsToBody = flow['x-scalar-credentials-location'] === 'body'\n  const hasClientSecret = Boolean(flow['x-scalar-secret-client-secret'])\n  /**\n   * Public authorization-code clients still need client_id in the token body.\n   * We only send it implicitly for that case to avoid conflicting with Basic auth.\n   */\n  const shouldSendClientIdInBody = addCredentialsToBody || (type === 'authorizationCode' && !hasClientSecret)\n\n  if (shouldSendClientIdInBody) {\n    formData.set('client_id', flow['x-scalar-secret-client-id'])\n  }\n  if (addCredentialsToBody && hasClientSecret) {\n    formData.set('client_secret', flow['x-scalar-secret-client-secret'])\n  }\n  if ('x-scalar-secret-redirect-uri' in flow && flow['x-scalar-secret-redirect-uri']) {\n    formData.set('redirect_uri', flow['x-scalar-secret-redirect-uri'])\n  }\n\n  // Authorization Code\n  if (code) {\n    formData.set('code', code)\n    formData.set('grant_type', 'authorization_code')\n\n    // PKCE\n    if (pkce) {\n      formData.set('code_verifier', pkce.codeVerifier)\n    }\n  }\n  // Password\n  else if (type === 'password') {\n    const typedFlow = flows[type]! // Safe to assert due to earlier check\n    formData.set('grant_type', 'password')\n    formData.set('username', typedFlow['x-scalar-secret-username'])\n    formData.set('password', typedFlow['x-scalar-secret-password'])\n  }\n  // Client Credentials\n  else {\n    formData.set('grant_type', 'client_credentials')\n  }\n\n  // Additional request body parameters\n  if (flow['x-scalar-security-body']) {\n    Object.entries(flow['x-scalar-security-body']).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        formData.set(key, String(value))\n      }\n    })\n  }\n\n  try {\n    const headers: Record<string, string> = {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    }\n\n    // Add client id + secret to headers for confidential clients.\n    if (!addCredentialsToBody && hasClientSecret) {\n      headers.Authorization = `Basic ${encode(`${flow['x-scalar-secret-client-id']}:${flow['x-scalar-secret-client-secret']}`)}`\n    }\n\n    // Check if we should use the proxy\n    const tokenUrl = makeUrlAbsolute(\n      flow['x-scalar-secret-token-url'] ?? flow.tokenUrl,\n      getActiveServerBase(activeServer, environmentVariables),\n    )\n    const url = shouldUseProxy(proxyUrl, tokenUrl)\n      ? `${proxyUrl}?${new URLSearchParams([['scalar_url', tokenUrl]]).toString()}`\n      : tokenUrl\n\n    // Make the call\n    const resp = await fetch(url, {\n      method: 'POST',\n      headers,\n      body: formData,\n    })\n    const responseData = await resp.json()\n\n    // Use custom token name if specified, otherwise default to access_token\n    const tokenName = flow['x-tokenName'] || 'access_token'\n    const accessToken = responseData[tokenName]\n    const refreshToken = responseData.refresh_token\n\n    return [null, { accessToken, ...(typeof refreshToken === 'string' ? { refreshToken } : {}) }]\n  } catch {\n    return [new Error('Failed to get an access token. Please check your credentials.'), null]\n  }\n}\n"],"mappings":";;;;;;;AAwBA,IAAM,gBAAgB,cAAmC,uBAA+C,EAAE,KAAK;AAC7G,QAAO,oBACL,qBAAqB,cAAc,OAAO,IAAI,mBAAmB,aAAa,CAAC,EAC/E,qBACD;;AAGH,IAAM,uBAAuB,cAAmC,uBAA+C,EAAE,KAAK;CACpH,MAAM,YAAY,aAAa,cAAc,qBAAqB;AAElE,KAAI,CAAC,UACH,QAAO,EAAE;AAGX,KAAI,eAAe,UAAU,CAC3B,QAAO,OAAO,WAAW,cAAc,EAAE,GAAG,EAAE,UAAU,WAAW;AAGrE,QAAO,EAAE,SAAS,WAAW;;;;;;;AAQ/B,IAAM,6BAAqC;CAEzC,MAAM,SAAS,IAAI,WAAW,GAAG;AACjC,QAAO,gBAAgB,OAAO;AAG9B,QAAO,eAAe,QAAQ,KAAK;;;;;AAMrC,IAAM,wBAAwB,OAAO,UAAkB,aAAmD;AACxG,KAAI,aAAa,QACf,QAAO;AAIT,KAAI,OAAO,QAAQ,QAAQ,WAAW,YAAY;AAChD,UAAQ,KAAK,yFAAyF;AACtG,SAAO;;CAKT,MAAM,OADU,IAAI,aAAa,CACZ,OAAO,SAAS;CACrC,MAAM,SAAS,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK;AAG1D,QAAO,eAAe,IAAI,WAAW,OAAO,EAAE,KAAK;;;;;;;AAQrD,IAAa,kBAAkB,OAC7B,OACA,MACA,gBAEA,cAEA,UAEA,uBAA+C,EAAE,KACR;CACzC,MAAM,OAAO,MAAM;AAEnB,KAAI;AACF,MAAI,CAAC,KACH,QAAO,iBAAC,IAAI,MAAM,iBAAiB,EAAE,KAAK;EAG5C,MAAM,SAAS,eAAe,KAAK,IAAI;AAGvC,MAAI,SAAS,uBAAuB,SAAS,WAC3C,QAAO,iBACL,OACA,MACA,QACA,EACE,UACD,EACD,cACA,qBACD;EAIH,MAAM,SAAS,KAAK,QAAQ,GAAG,GAAG,SAAS,GAAG,CAAC,UAAU,GAAG,GAAG;EAE/D,MAAM,mBAAmB,gBACvB,MAAM,MAAO,+BAA+B,MAAM,MAAO,kBACzD,oBAAoB,cAAc,qBAAqB,CACxD;EAED,MAAM,MAAM,IAAI,IAAI,iBAAiB;;EAGrC,IAAI,OAAyB;AAG7B,MAAI,SAAS,WACX,KAAI,aAAa,IAAI,iBAAiB,QAAQ;WACrC,SAAS,qBAAqB;GACvC,MAAM,YAAY,MAAM;AAExB,OAAI,aAAa,IAAI,iBAAiB,OAAO;AAG7C,OAAI,UAAU,iBAAiB,MAAM;IACnC,MAAM,eAAe,sBAAsB;IAC3C,MAAM,gBAAgB,MAAM,sBAAsB,cAAc,UAAU,aAAa;AAGvF,WAAO;KACL;KACA;KACA,qBAAqB,UAAU,iBAAiB,YAAY,SAAS;KACtE;AAGD,QAAI,aAAa,IAAI,kBAAkB,cAAc;AACrD,QAAI,aAAa,IAAI,yBAAyB,KAAK,oBAAoB;;;EAI3E,MAAM,YAAY,MAAM;AAGxB,MAAI,UAAU,gCAAgC,WAAW,IAAI,EAAE;GAC7D,MAAM,UACJ,aAAa,cAAc,qBAAqB,IAAI,OAAO,SAAS,SAAS,OAAO,SAAS;GAC/F,MAAM,cAAc,IAAI,IAAI,UAAU,iCAAiC,QAAQ,CAAC,UAAU;AAE1F,OAAI,aAAa,IAAI,gBAAgB,YAAY;QAEjD,KAAI,aAAa,IAAI,gBAAgB,UAAU,gCAAgC;AAGjF,MAAI,KAAK,2BACP,QAAO,KAAK,KAAK,2BAA2B,CAAC,SAAS,QAAsB;GAC1E,MAAM,QAAQ,KAAK,6BAA6B;AAChD,OAAI,CAAC,MACH;AAEF,OAAI,aAAa,IAAI,KAAK,MAAM;IAChC;AAIJ,MAAI,aAAa,IAAI,aAAa,KAAK,6BAA6B;AACpE,MAAI,aAAa,IAAI,SAAS,MAAM;AACpC,MAAI,OACF,KAAI,aAAa,IAAI,SAAS,OAAO;EAIvC,MAAM,aAAa,OAAO,KAAK,KAAK,mBADb,wCAC+C;AAGtE,MAAI,WAEF,QAAO,IAAI,SAAsC,YAAY;GAC3D,MAAM,oBAAoB,kBAAkB;IAC1C,IAAI,cAA6B;IACjC,IAAI,eAA8B;IAClC,IAAI,OAAsB;IAC1B,IAAI,QAAuB;IAC3B,IAAI,mBAAkC;AAEtC,QAAI;KACF,MAAM,YAAY,IAAI,IAAI,WAAW,SAAS,KAAK,CAAC;KACpD,MAAM,YAAY,KAAK,kBAAkB;AACzC,mBAAc,UAAU,IAAI,UAAU;AACtC,oBAAe,UAAU,IAAI,gBAAgB;AAC7C,YAAO,UAAU,IAAI,OAAO;AAE5B,aAAQ,UAAU,IAAI,QAAQ;AAC9B,wBAAmB,UAAU,IAAI,oBAAoB;KAGrD,MAAM,aAAa,IAAI,gBAAgB,WAAW,SAAS,KAAK,MAAM,IAAI,CAAC,GAAG;AAC9E,qBAAgB,WAAW,IAAI,UAAU;AACzC,sBAAiB,WAAW,IAAI,gBAAgB;AAChD,cAAS,WAAW,IAAI,OAAO;AAC/B,eAAU,WAAW,IAAI,QAAQ;AACjC,0BAAqB,WAAW,IAAI,oBAAoB;aACjD,IAAI;AAKb,QAAI,WAAW,UAAU,eAAe,QAAQ,OAAO;AACrD,mBAAc,kBAAkB;AAChC,gBAAW,OAAO;AAElB,SAAI,MACF,SAAQ,iBAAC,IAAI,MAAM,gBAAgB,QAAQ,mBAAmB,KAAK,iBAAiB,KAAK,KAAK,EAAE,KAAK,CAAC;cAI/F,YAIP,KAFe,WAAW,SAAS,KAAK,MAAM,gBAAgB,GAAG,OAElD,MACb,SAAQ,CAAC,MAAM;MAAE;MAAa,GAAI,eAAe,EAAE,cAAc,GAAG,EAAE;MAAG,CAAC,CAAC;SAE3E,SAAQ,iBAAC,IAAI,MAAM,iBAAiB,EAAE,KAAK,CAAC;cAKvC,QAAQ,SAAS,oBAGxB,KAFe,IAAI,IAAI,WAAW,SAAS,KAAK,CAAC,aAAa,IAAI,QAAQ,KAE3D,MAEb,kBACE,OACA,MACA,QACA;MACE;MACA;MACA;MACD,EACD,cACA,qBACD,CAAC,KAAK,QAAQ;SAEf,SAAQ,iBAAC,IAAI,MAAM,iBAAiB,EAAE,KAAK,CAAC;UAI3C;AACH,oBAAc,kBAAkB;AAChC,cAAQ,iBAAC,IAAI,MAAM,mDAAmD,EAAE,KAAK,CAAC;;;MAGjF,IAAI;IACP;AAEJ,SAAO,iBAAC,IAAI,MAAM,6BAA6B,EAAE,KAAK;UAC/C,GAAG;AACV,SAAO,iBAAC,IAAI,MAAM,kCAAkC,EAAE,KAAK;;;;;;;AAQ/D,IAAM,mBAAmB,OACvB,OACA,MACA,QACA,EACE,MACA,MACA,aAKE,EAAE,EACN,cACA,uBAA+C,EAAE,KACR;CACzC,MAAM,OAAO,MAAM;AAEnB,KAAI,CAAC,KACH,QAAO,iBAAC,IAAI,MAAM,8BAA8B,EAAE,KAAK;CAGzD,MAAM,WAAW,IAAI,iBAAiB;AAGtC,KAAI,WAAW,SAAS,uBAAuB,SAAS,YACtD,UAAS,IAAI,SAAS,OAAO;;CAI/B,MAAM,uBAAuB,KAAK,qCAAqC;CACvE,MAAM,kBAAkB,QAAQ,KAAK,iCAAiC;AAOtE,KAFiC,wBAAyB,SAAS,uBAAuB,CAAC,gBAGzF,UAAS,IAAI,aAAa,KAAK,6BAA6B;AAE9D,KAAI,wBAAwB,gBAC1B,UAAS,IAAI,iBAAiB,KAAK,iCAAiC;AAEtE,KAAI,kCAAkC,QAAQ,KAAK,gCACjD,UAAS,IAAI,gBAAgB,KAAK,gCAAgC;AAIpE,KAAI,MAAM;AACR,WAAS,IAAI,QAAQ,KAAK;AAC1B,WAAS,IAAI,cAAc,qBAAqB;AAGhD,MAAI,KACF,UAAS,IAAI,iBAAiB,KAAK,aAAa;YAI3C,SAAS,YAAY;EAC5B,MAAM,YAAY,MAAM;AACxB,WAAS,IAAI,cAAc,WAAW;AACtC,WAAS,IAAI,YAAY,UAAU,4BAA4B;AAC/D,WAAS,IAAI,YAAY,UAAU,4BAA4B;OAI/D,UAAS,IAAI,cAAc,qBAAqB;AAIlD,KAAI,KAAK,0BACP,QAAO,QAAQ,KAAK,0BAA0B,CAAC,SAAS,CAAC,KAAK,WAAW;AACvE,MAAI,UAAU,KAAA,KAAa,UAAU,KACnC,UAAS,IAAI,KAAK,OAAO,MAAM,CAAC;GAElC;AAGJ,KAAI;EACF,MAAM,UAAkC,EACtC,gBAAgB,qCACjB;AAGD,MAAI,CAAC,wBAAwB,gBAC3B,SAAQ,gBAAgB,SAAS,OAAO,GAAG,KAAK,6BAA6B,GAAG,KAAK,mCAAmC;EAI1H,MAAM,WAAW,gBACf,KAAK,gCAAgC,KAAK,UAC1C,oBAAoB,cAAc,qBAAqB,CACxD;EACD,MAAM,MAAM,eAAe,UAAU,SAAS,GAC1C,GAAG,SAAS,GAAG,IAAI,gBAAgB,CAAC,CAAC,cAAc,SAAS,CAAC,CAAC,CAAC,UAAU,KACzE;EAQJ,MAAM,eAAe,OALR,MAAM,MAAM,KAAK;GAC5B,QAAQ;GACR;GACA,MAAM;GACP,CAAC,EAC8B,MAAM;EAItC,MAAM,cAAc,aADF,KAAK,kBAAkB;EAEzC,MAAM,eAAe,aAAa;AAElC,SAAO,CAAC,MAAM;GAAE;GAAa,GAAI,OAAO,iBAAiB,WAAW,EAAE,cAAc,GAAG,EAAE;GAAG,CAAC;SACvF;AACN,SAAO,iBAAC,IAAI,MAAM,gEAAgE,EAAE,KAAK"}

package/dist/v2/blocks/scalar-auth-selector-block/helpers/resolve-default-oauth2-redirect-url.d.ts

@@ -0,0 +1,11 @@
+import type { ApiClientConfiguration } from '@scalar/types/api-reference';
+/**
+ * Resolve the default OAuth2 redirect URI.
+ *
+ * Priority:
+ * 1. Explicit oauth2RedirectUri config override.
+ * 2. Empty string in non-browser and file:// contexts.
+ * 3. Browser origin + pathname fallback.
+ */
+export declare const resolveDefaultOAuth2RedirectUri: (config: Pick<ApiClientConfiguration, "oauth2RedirectUri">) => string;
+//# sourceMappingURL=resolve-default-oauth2-redirect-url.d.ts.map

package/dist/v2/blocks/scalar-auth-selector-block/helpers/resolve-default-oauth2-redirect-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-default-oauth2-redirect-url.d.ts","sourceRoot":"","sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/resolve-default-oauth2-redirect-url.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAA;AAEzE;;;;;;;GAOG;AACH,eAAO,MAAM,+BAA+B,GAAI,QAAQ,IAAI,CAAC,sBAAsB,EAAE,mBAAmB,CAAC,KAAG,MAU3G,CAAA"}

package/dist/v2/blocks/scalar-auth-selector-block/helpers/resolve-default-oauth2-redirect-url.js

@@ -0,0 +1,18 @@
+//#region src/v2/blocks/scalar-auth-selector-block/helpers/resolve-default-oauth2-redirect-url.ts
+/**
+* Resolve the default OAuth2 redirect URI.
+*
+* Priority:
+* 1. Explicit oauth2RedirectUri config override.
+* 2. Empty string in non-browser and file:// contexts.
+* 3. Browser origin + pathname fallback.
+*/
+var resolveDefaultOAuth2RedirectUri = (config) => {
+	if (config.oauth2RedirectUri) return config.oauth2RedirectUri;
+	if (typeof window === "undefined" || window.location.protocol === "file:") return "";
+	return window.location.origin + window.location.pathname;
+};
+//#endregion
+export { resolveDefaultOAuth2RedirectUri };
+
+//# sourceMappingURL=resolve-default-oauth2-redirect-url.js.map

package/dist/v2/blocks/scalar-auth-selector-block/helpers/resolve-default-oauth2-redirect-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-default-oauth2-redirect-url.js","names":[],"sources":["../../../../../src/v2/blocks/scalar-auth-selector-block/helpers/resolve-default-oauth2-redirect-url.ts"],"sourcesContent":["import type { ApiClientConfiguration } from '@scalar/types/api-reference'\n\n/**\n * Resolve the default OAuth2 redirect URI.\n *\n * Priority:\n * 1. Explicit oauth2RedirectUri config override.\n * 2. Empty string in non-browser and file:// contexts.\n * 3. Browser origin + pathname fallback.\n */\nexport const resolveDefaultOAuth2RedirectUri = (config: Pick<ApiClientConfiguration, 'oauth2RedirectUri'>): string => {\n  if (config.oauth2RedirectUri) {\n    return config.oauth2RedirectUri\n  }\n\n  if (typeof window === 'undefined' || window.location.protocol === 'file:') {\n    return ''\n  }\n\n  return window.location.origin + window.location.pathname\n}\n"],"mappings":";;;;;;;;;AAUA,IAAa,mCAAmC,WAAsE;AACpH,KAAI,OAAO,kBACT,QAAO,OAAO;AAGhB,KAAI,OAAO,WAAW,eAAe,OAAO,SAAS,aAAa,QAChE,QAAO;AAGT,QAAO,OAAO,SAAS,SAAS,OAAO,SAAS"}

package/dist/v2/components/code-input/CodeInput.vue.d.ts

@@ -11,7 +11,8 @@ export type CodeInputModelValue = string | number | boolean | Array<string | num
  * - Select mode: Dropdown for enums, booleans, or examples
  * - Editor mode: CodeMirror with environment variable support
  *
- * Type `{{` to trigger environment variable autocomplete when an environment is provided.
+ * Type `{{` to trigger autocomplete for environment variables and runtime context functions
+ * (for example `{{$guid}}`) when an environment is provided.
  * It takes in any data but always will emit a string value,
  * this string should then be parsed in accordance to the schema or content type.
  *
@@ -102,7 +103,7 @@ declare const __VLS_export: __VLS_WithSlots<import("vue").DefineComponent<{
     cursorPosition: () => number | undefined;
     serializeValue: (value: CodeInputModelValue) => string;
 }, {}, {}, {}, import("vue").ComponentOptionsMixin, import("vue").ComponentOptionsMixin, {
-    submit: (value: string, event: KeyboardEvent | FocusEvent) => any;
+    submit: (value: string, event: FocusEvent | KeyboardEvent) => any;
     "update:modelValue": (value: string) => any;
     blur: (value: string, event: FocusEvent) => any;
     navigate: (route: {
@@ -164,7 +165,7 @@ declare const __VLS_export: __VLS_WithSlots<import("vue").DefineComponent<{
     /** Put a linethrough on the input text */
     linethrough?: boolean;
 }> & Readonly<{
-    onSubmit?: ((value: string, event: KeyboardEvent | FocusEvent) => any) | undefined;
+    onSubmit?: ((value: string, event: FocusEvent | KeyboardEvent) => any) | undefined;
     "onUpdate:modelValue"?: ((value: string) => any) | undefined;
     onBlur?: ((value: string, event: FocusEvent) => any) | undefined;
     onNavigate?: ((route: {