npm - authhero - Versions diffs - 0.211.1 → 0.213.0 - Mend

authhero 0.211.1 → 0.213.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/authhero.mjs CHANGED Viewed

@@ -1510,7 +1510,7 @@ const ew = o.object({
   nameIdentifierProbes: o.array(o.string()).optional(),
   authnContextClassRef: o.string().optional(),
   mappings: o.record(o.string()).optional()
-}), mu = o.object({
+}), tw = o.object({
   id: o.string(),
   name: o.string(),
   callbacks: o.array(o.string()).default([]).optional().openapi({
@@ -1541,11 +1541,11 @@ const ew = o.object({
     description: "Prevents users from signing up using the hosted login page. This is not available in auth0"
   }),
   client_metadata: o.record(o.string().length(255)).optional()
-}), vi = o.object({
+}), gG = o.object({
   created_at: o.string().transform((t) => t === null ? "" : t),
   updated_at: o.string().transform((t) => t === null ? "" : t),
-  ...mu.shape
-}), tw = o.object({
+  ...tw.shape
+}), mu = o.object({
   client_id: o.string().openapi({
     description: "ID of this client."
   }),
@@ -1712,10 +1712,10 @@ const ew = o.object({
     description: "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"
   }),
   token_quota: o.record(o.any()).default({}).optional()
-}), gG = o.object({
+}), vi = o.object({
   created_at: o.string(),
   updated_at: o.string(),
-  ...tw.shape
+  ...mu.shape
 }), io = o.object({
   x: o.number(),
   y: o.number()
@@ -1981,7 +1981,10 @@ const _a = o.object({
 o.object({
   ...vi.shape,
   tenant: xs,
-  connections: o.array(Sn)
+  connections: o.array(Sn),
+  // Legacy fields for backward compatibility - these are now stored in client_metadata
+  disable_sign_ups: o.boolean(),
+  email_validation: o.string()
 });
 const mw = o.enum([
   "password_reset",
@@ -4694,7 +4697,7 @@ let av = (t) => crypto.getRandomValues(new Uint8Array(t)), cv = (t, e, n) => {
         if (a += t[l[u] & r] || "", a.length === s) return a;
     }
   };
-}, lv = (t, e = 21) => cv(t, e, av), Ve = (t = 21) => {
+}, lv = (t, e = 21) => cv(t, e, av), He = (t = 21) => {
   let e = "", n = crypto.getRandomValues(new Uint8Array(t));
   for (; t--; )
     e += ov[n[t] & 63];
@@ -4725,7 +4728,7 @@ function dv(t) {
     }), r) : t.users.create(e, n);
   };
 }
-function He(t, e) {
+function Ve(t, e) {
   return {
     type: e.type,
     description: e.description || "",
@@ -6206,7 +6209,7 @@ async function Kb(t, e, n, r, i) {
     });
   if (!(($ = e.addons) != null && $.samlp))
     throw new E(400, {
-      message: `SAML Addon is not enabled for client ${e.id}`
+      message: `SAML Addon is not enabled for client ${e.client_id}`
     });
   const { recipient: l, audience: u } = e.addons.samlp, d = n.state || "";
   if (!l || !d || !r || !n.state)
@@ -6234,7 +6237,7 @@ async function Kb(t, e, n, r, i) {
   );
 }
 async function Gb(t, e) {
-  const n = e.notBefore || (/* @__PURE__ */ new Date()).toISOString(), r = e.notAfter || new Date(new Date(n).getTime() + 10 * 60 * 1e3).toISOString(), i = e.issueInstant || n, s = e.sessionNotOnOrAfter || r, a = e.responseId || `_${Ve()}`, l = e.assertionId || `_${Ve()}`, u = [
+  const n = e.notBefore || (/* @__PURE__ */ new Date()).toISOString(), r = e.notAfter || new Date(new Date(n).getTime() + 10 * 60 * 1e3).toISOString(), i = e.issueInstant || n, s = e.sessionNotOnOrAfter || r, a = e.responseId || `_${He()}`, l = e.assertionId || `_${He()}`, u = [
     {
       "samlp:Response": [
         {
@@ -6662,7 +6665,7 @@ async function mc(t, e) {
 async function Zm(t, e) {
   return {
     code: (await t.env.data.codes.create(e.client.tenant.id, {
-      code_id: Ve(),
+      code_id: He(),
       user_id: e.user.user_id,
       code_type: "authorization_code",
       login_id: e.login_id,
@@ -6689,9 +6692,9 @@ async function Qm(t, e) {
   return await t.env.data.refreshTokens.create(
     n.tenant.id,
     {
-      id: Ve(),
+      id: He(),
       session_id: s,
-      client_id: n.id,
+      client_id: n.client_id,
       idle_expires_at: new Date(
         Date.now() + hc * 1e3
       ).toISOString(),
@@ -6717,7 +6720,7 @@ async function Qm(t, e) {
 }
 async function e_(t, { user: e, client: n, loginSession: r }) {
   const i = await t.env.data.sessions.create(n.tenant.id, {
-    id: Ve(),
+    id: He(),
     user_id: e.user_id,
     login_session_id: r.id,
     idle_expires_at: new Date(
@@ -6732,7 +6735,7 @@ async function e_(t, { user: e, client: n, loginSession: r }) {
       initial_asn: "",
       last_asn: ""
     },
-    clients: [n.id]
+    clients: [n.client_id]
   });
   return await t.env.data.loginSessions.update(n.tenant.id, r.id, {
     session_id: i.id
@@ -6742,7 +6745,7 @@ async function In(t, e) {
   var A, I;
   const { authParams: n, client: r, ticketAuth: i } = e;
   let { user: s } = e;
-  const a = n.response_type || cn.CODE, l = n.response_mode || Hn.QUERY, u = He(t, {
+  const a = n.response_type || cn.CODE, l = n.response_mode || Hn.QUERY, u = Ve(t, {
     type: qe.SUCCESS_LOGIN,
     description: `Successful login for ${s.user_id}`,
     userId: s.user_id
@@ -6759,8 +6762,8 @@ async function In(t, e) {
       throw new E(500, {
         message: "Login session not found for ticket auth."
       });
-    const O = _v(), D = Ve(12), x = await t.env.data.codes.create(r.tenant.id, {
-      code_id: Ve(),
+    const O = _v(), D = He(12), x = await t.env.data.codes.create(r.tenant.id, {
+      code_id: He(),
       code_type: "ticket",
       login_id: e.loginSession.id,
       expires_at: new Date(Date.now() + xv).toISOString(),
@@ -6782,8 +6785,8 @@ async function In(t, e) {
       r.tenant.id,
       p
     );
-    O && !O.clients.includes(r.id) && await t.env.data.sessions.update(r.tenant.id, p, {
-      clients: [...O.clients, r.id]
+    O && !O.clients.includes(r.client_id) && await t.env.data.sessions.update(r.tenant.id, p, {
+      clients: [...O.clients, r.client_id]
     });
   } else if (!p) {
     if (!e.loginSession)
@@ -6933,16 +6936,32 @@ async function Yb(t, e, n) {
   const r = await t.env.data.tenants.get(e);
   if (!r)
     throw new Error(`Tenant not found: ${e}`);
-  return mc(t, {
-    client: {
-      id: t.env.ISSUER,
-      tenant: r,
-      created_at: (/* @__PURE__ */ new Date()).toISOString(),
-      updated_at: (/* @__PURE__ */ new Date()).toISOString(),
-      name: t.env.ISSUER,
-      disable_sign_ups: !1,
-      connections: []
+  const i = {
+    client_id: t.env.ISSUER,
+    tenant: r,
+    created_at: (/* @__PURE__ */ new Date()).toISOString(),
+    updated_at: (/* @__PURE__ */ new Date()).toISOString(),
+    name: t.env.ISSUER,
+    global: !1,
+    is_first_party: !1,
+    oidc_conformant: !1,
+    sso: !1,
+    sso_disabled: !1,
+    cross_origin_authentication: !1,
+    custom_login_page_on: !1,
+    require_pushed_authorization_requests: !1,
+    require_proof_of_possession: !1,
+    client_metadata: {
+      disable_sign_ups: "false",
+      email_validation: "disabled"
     },
+    // Legacy fields extracted from metadata
+    disable_sign_ups: !1,
+    email_validation: "disabled",
+    connections: []
+  };
+  return mc(t, {
+    client: i,
     authParams: {
       client_id: t.env.ISSUER,
       response_type: cn.TOKEN,
@@ -6961,7 +6980,7 @@ async function t_(t, e, n) {
       },
       body: JSON.stringify(n)
     })).ok) {
-      const a = He(t, {
+      const a = Ve(t, {
         type: qe.FAILED_HOOK,
         description: `Failed to invoke hook ${i.hook_id}`
       });
@@ -7070,7 +7089,7 @@ function n3(t, e) {
           }
         );
       } catch {
-        const p = He(t, {
+        const p = Ve(t, {
           type: qe.FAILED_SIGNUP,
           description: "Pre user registration hook failed"
         });
@@ -7090,7 +7109,7 @@ function n3(t, e) {
           }
         );
       } catch {
-        const p = He(t, {
+        const p = Ve(t, {
           type: qe.FAILED_SIGNUP,
           description: "Post user registration hook failed"
         });
@@ -7133,7 +7152,7 @@ function r3(t, e) {
       } catch (u) {
         if (u instanceof E)
           throw u;
-        const d = He(t, {
+        const d = Ve(t, {
           type: qe.FAILED_HOOK,
           description: "Pre user update hook failed"
         });
@@ -7142,7 +7161,7 @@ function r3(t, e) {
         });
       }
     if (await e.users.update(n, r, i), i.email) {
-      const u = He(t, {
+      const u = Ve(t, {
         type: qe.SUCCESS_CHANGE_EMAIL,
         description: `Email updated to ${i.email}`,
         userId: r
@@ -7161,7 +7180,7 @@ async function i3(t, e, n, r) {
       tenant_id: e.tenant.id,
       email: r
     })) {
-      const u = He(t, {
+      const u = Ve(t, {
         type: qe.FAILED_SIGNUP,
         description: "Public signup is disabled"
       });
@@ -7241,7 +7260,7 @@ async function s3(t, e, n, r, i, s) {
           })
         });
       } catch {
-        const h = He(t, {
+        const h = Ve(t, {
           type: qe.FAILED_HOOK,
           description: `Failed to invoke post-user-login webhook: ${d.url}`
         });
@@ -7585,7 +7604,7 @@ const xh = Qt.extend({
         last_login: (/* @__PURE__ */ new Date()).toISOString()
       });
       t.set("user_id", h.user_id);
-      const g = He(t, {
+      const g = Ve(t, {
         type: qe.SUCCESS_API_OPERATION,
         description: "User created"
       });
@@ -17053,7 +17072,7 @@ async function Kd(t) {
     hash: "SHA-256",
     publicExponent: new Uint8Array([1, 0, 1]),
     modulusLength: 2048
-  }, n = await crypto.subtle.generateKey(e, !0, ["sign", "verify"]), r = Ve(), i = Eu(new TextEncoder().encode(r)), s = await r$.createSelfSigned({
+  }, n = await crypto.subtle.generateKey(e, !0, ["sign", "verify"]), r = He(), i = Eu(new TextEncoder().encode(r)), s = await r$.createSelfSigned({
     serialNumber: i,
     name: t.name,
     notBefore: /* @__PURE__ */ new Date(),
@@ -17289,10 +17308,7 @@ const o$ = 1e3 * 60 * 60 * 24, a$ = new $e().openapi(
       200: {
         content: {
           "application/json": {
-            schema: o.union([
-              l$,
-              o.array(vi)
-            ])
+            schema: o.union([l$, o.array(vi)])
           }
         },
         description: "List of clients"
@@ -17300,13 +17316,13 @@ const o$ = 1e3 * 60 * 60 * 24, a$ = new $e().openapi(
     }
   }),
   async (t) => {
-    const { "tenant-id": e } = t.req.valid("header"), { page: n, per_page: r, include_totals: i, sort: s, q: a } = t.req.valid("query"), u = (await t.env.data.applications.list(e, {
+    const { "tenant-id": e } = t.req.valid("header"), { page: n, per_page: r, include_totals: i, sort: s, q: a } = t.req.valid("query"), u = (await t.env.data.clients.list(e, {
       page: n,
       per_page: r,
       include_totals: i,
       sort: bt(s),
       q: a
-    })).applications;
+    })).clients;
     return i ? t.json({
       clients: u,
       start: 0,
@@ -17339,19 +17355,15 @@ const o$ = 1e3 * 60 * 60 * 24, a$ = new $e().openapi(
             schema: vi
           }
         },
-        description: "An application"
+        description: "A client"
       }
     }
   }),
   async (t) => {
-    const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), i = (await t.env.data.applications.list(e, {
-      page: 1,
-      per_page: 0,
-      include_totals: !1
-    })).applications.find((s) => s.id === n);
-    if (!i)
+    const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), r = await t.env.data.clients.get(e, n);
+    if (!r)
       throw new E(404);
-    return t.json(i);
+    return t.json(r);
   }
 ).openapi(
   U({
@@ -17379,8 +17391,8 @@ const o$ = 1e3 * 60 * 60 * 24, a$ = new $e().openapi(
   }),
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param");
-    if (!await t.env.data.applications.remove(e, n))
-      throw new E(404, { message: "Application not found" });
+    if (!await t.env.data.clients.remove(e, n))
+      throw new E(404, { message: "Client not found" });
     return t.text("OK");
   }
 ).openapi(
@@ -17415,16 +17427,16 @@ const o$ = 1e3 * 60 * 60 * 24, a$ = new $e().openapi(
             schema: vi
           }
         },
-        description: "The update application"
+        description: "The updated client"
       }
     }
   }),
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), i = t.req.valid("json");
-    await t.env.data.applications.update(e, n, i);
-    const s = await t.env.data.applications.get(e, n);
+    await t.env.data.clients.update(e, n, i);
+    const s = await t.env.data.clients.get(e, n);
     if (!s)
-      throw new E(404, { message: "Application not found" });
+      throw new E(404, { message: "Client not found" });
     return t.json(s);
   }
 ).openapi(
@@ -17456,19 +17468,15 @@ const o$ = 1e3 * 60 * 60 * 24, a$ = new $e().openapi(
             schema: o.object(vi.shape)
           }
         },
-        description: "An application"
+        description: "A client"
       }
     }
   }),
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), n = t.req.valid("json"), r = {
       ...n,
-      id: n.id || Ve(),
-      client_secret: n.client_secret || Ve()
-    }, i = await t.env.data.applications.create(
-      e,
-      r
-    );
+      client_secret: n.client_secret || He()
+    }, i = await t.env.data.clients.create(e, r);
     return t.json(i, { status: 201 });
   }
 );
@@ -20355,7 +20363,7 @@ const Z$ = Qt.extend({
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), n = t.req.valid("json"), r = {
       ...n,
-      id: n.id || Ve()
+      id: n.id || He()
     }, i = await t.env.data.organizations.create(
       e,
       r
@@ -21541,7 +21549,7 @@ async function Rx(t, e) {
     n.kid,
     r,
     i
-  ), a = Ve(), l = await s.createAuthorizationURL(
+  ), a = He(), l = await s.createAuthorizationURL(
     a,
     ((d = n.scope) == null ? void 0 : d.split(" ")) || ["name", "email"]
   );
@@ -21585,7 +21593,7 @@ async function Bx(t, e) {
     n.client_id,
     n.client_secret,
     r
-  ), s = Ve();
+  ), s = He();
   return {
     redirectUrl: i.createAuthorizationURL(
       s,
@@ -21633,7 +21641,7 @@ async function Ux(t, e) {
     n.client_id,
     n.client_secret,
     r
-  ), s = Ve(), a = bx();
+  ), s = He(), a = bx();
   return {
     redirectUrl: i.createAuthorizationURL(
       s,
@@ -21680,7 +21688,7 @@ async function zx(t, e) {
     n.client_id,
     n.client_secret,
     `${ut(t.env)}callback`
-  ), i = Ve(), s = r.createAuthorizationURL(
+  ), i = He(), s = r.createAuthorizationURL(
     "https://api.vipps.no/access-management-1.0/access/oauth2/auth",
     i,
     ((a = n.scope) == null ? void 0 : a.split(" ")) || [
@@ -21809,8 +21817,8 @@ async function og(t, e, n, r) {
     throw new E(400, { message: "State not found" });
   const i = e.connections.find((u) => u.name === n);
   if (!i) {
-    t.set("client_id", e.id);
-    const u = He(t, {
+    t.set("client_id", e.client_id);
+    const u = Ve(t, {
       type: qe.FAILED_LOGIN,
       description: "Connection not found"
     });
@@ -21827,7 +21835,7 @@ async function og(t, e, n, r) {
         Date.now() + Ur * 1e3
       ).toISOString(),
       authParams: r,
-      csrf_token: Ve(),
+      csrf_token: He(),
       ip: u,
       useragent: d,
       auth0Client: Zn(p)
@@ -21882,19 +21890,19 @@ async function ag(t, { code: e, state: n }) {
     r,
     s.authParams.client_id
   );
-  t.set("client_id", a.id), t.set("tenant_id", a.tenant.id);
+  t.set("client_id", a.client_id), t.set("tenant_id", a.tenant.id);
   const l = a.connections.find(
     (I) => I.id === i.connection_id
   );
   if (!l) {
-    const I = He(t, {
+    const I = Ve(t, {
       type: qe.FAILED_LOGIN,
       description: "Connection not found"
     });
     throw await r.data.logs.create(a.tenant.id, I), new E(403, { message: "Connection not found" });
   }
   if (t.set("connection", l.name), !s.authParams.redirect_uri) {
-    const I = He(t, {
+    const I = Ve(t, {
       type: qe.FAILED_LOGIN,
       description: "Redirect URI not defined"
     });
@@ -21944,7 +21952,7 @@ async function cg(t, e, n, r, i, s) {
   const { redirect_uri: u } = l.authParams;
   if (!u)
     throw new E(400, { message: "Redirect uri not found" });
-  const d = He(t, {
+  const d = Ve(t, {
     type: qe.FAILED_LOGIN,
     description: `Failed connection login: ${i} ${n}, ${r}`
   });
@@ -22218,7 +22226,7 @@ const Wx = new $e().openapi(
         }
       }
     }
-    const l = He(t, {
+    const l = Ve(t, {
       type: qe.SUCCESS_LOGOUT,
       description: "User successfully logged out"
     });
@@ -22422,7 +22430,7 @@ async function Yx(t, e) {
   if (n.client_secret && !oa(n.client_secret, e.client_secret))
     throw new E(403, { message: "Invalid client credentials" });
   const r = {
-    client_id: n.id,
+    client_id: n.client_id,
     scope: e.scope,
     audience: e.audience
   };
@@ -22506,7 +22514,7 @@ async function Qx(t, e) {
       response_mode: Hn.WEB_MESSAGE,
       // Pass through other relevant authParams from the loginSession or original request if necessary
       // For authorization_code grant, these are usually fixed or derived, not directly from params
-      client_id: n.id,
+      client_id: n.client_id,
       // ensure client_id is from the validated client
       scope: i.authParams.scope,
       // scope from original authorization request
@@ -22571,7 +22579,7 @@ async function t5(t, e) {
     refresh_token: r.id,
     session_id: r.session_id,
     authParams: {
-      client_id: n.id,
+      client_id: n.client_id,
       audience: s == null ? void 0 : s.audience,
       scope: s == null ? void 0 : s.scopes,
       response_mode: Hn.WEB_MESSAGE
@@ -24683,7 +24691,7 @@ async function wl(t, { to: e, code: n }) {
     code: n,
     from: r.name
   });
-  const l = He(t, {
+  const l = Ve(t, {
     type: qe.CODE_LINK_SENT,
     description: e
   });
@@ -24739,7 +24747,7 @@ async function kf(t, { to: e, code: n, authParams: r }) {
     throw new E(400, {
       message: "Only email and SMS connections are supported for magic links"
     });
-  const u = He(t, {
+  const u = Ve(t, {
     type: qe.CODE_LINK_SENT,
     description: e
   });
@@ -24846,7 +24854,7 @@ const mE = new $e().openapi(
       throw new E(400, {
         message: "Client not found"
       });
-    if (t.set("client_id", i.id), t.set("tenant_id", i.tenant.id), !Sf(n))
+    if (t.set("client_id", i.client_id), t.set("tenant_id", i.tenant.id), !Sf(n))
       throw new E(400, {
         message: "Password does not meet the requirements"
       });
@@ -24872,7 +24880,7 @@ const mE = new $e().openapi(
       password: l,
       algorithm: "bcrypt"
     }), await Nf(t, a);
-    const u = He(t, {
+    const u = Ve(t, {
       type: qe.SUCCESS_SIGNUP,
       description: "Successful signup"
     });
@@ -24914,7 +24922,7 @@ const mE = new $e().openapi(
       throw new E(400, {
         message: "Client not found"
       });
-    if (t.set("client_id", r.id), t.set("tenant_id", r.tenant.id), !await Gi({
+    if (t.set("client_id", r.client_id), t.set("tenant_id", r.tenant.id), !await Gi({
       userAdapter: t.env.data.users,
       tenant_id: r.tenant.id,
       username: e,
@@ -24933,7 +24941,7 @@ const mE = new $e().openapi(
           Date.now() + Ur * 1e3
         ).toISOString(),
         authParams: s,
-        csrf_token: Ve(),
+        csrf_token: He(),
         ip: t.get("ip"),
         useragent: t.get("useragent"),
         auth0Client: Zn(t.get("auth0_client"))
@@ -24997,13 +25005,13 @@ const _E = new $e().openapi(
       throw new E(400, {
         message: "Client not found"
       });
-    t.set("client_id", l.id), t.set("tenant_id", l.tenant.id);
+    t.set("client_id", l.client_id), t.set("tenant_id", l.tenant.id);
     const u = a === "email" ? e.email : e.phone_number, d = t.get("ip"), p = t.get("useragent"), h = t.get("auth0_client"), g = Zn(h), $ = await n.data.loginSessions.create(
       l.tenant.id,
       {
         authParams: { ...s, client_id: r, username: u },
         expires_at: new Date(Date.now() + ea).toISOString(),
-        csrf_token: Ve(),
+        csrf_token: He(),
         ip: d,
         useragent: p,
         auth0Client: g
@@ -25088,7 +25096,7 @@ const _E = new $e().openapi(
       response_type: d,
       nonce: p
     } = t.req.valid("query"), h = await ss(e, n);
-    t.set("client_id", h.id), t.set("tenant_id", h.tenant.id), t.set("connection", "email");
+    t.set("client_id", h.client_id), t.set("tenant_id", h.tenant.id), t.set("connection", "email");
     const g = {
       client_id: n,
       redirect_uri: s,
@@ -25123,7 +25131,7 @@ const _E = new $e().openapi(
           username: r
         },
         expires_at: new Date(Date.now() + ea).toISOString(),
-        csrf_token: Ve(),
+        csrf_token: He(),
         ip: A,
         useragent: I,
         auth0Client: D
@@ -25156,7 +25164,7 @@ async function E1(t, e, n, r) {
     provider: "auth2"
   });
   if (!a) {
-    const $ = He(t, {
+    const $ = Ve(t, {
       type: qe.FAILED_LOGIN_INCORRECT_PASSWORD,
       description: "Invalid user"
     });
@@ -25174,7 +25182,7 @@ async function E1(t, e, n, r) {
   t.set("connection", a.connection), t.set("user_id", l.user_id);
   const u = await i.passwords.get(e.tenant.id, a.user_id);
   if (!(u && await so.compare(n.password, u.password))) {
-    const $ = He(t, {
+    const $ = Ve(t, {
       type: qe.FAILED_LOGIN_INCORRECT_PASSWORD,
       description: "Invalid password"
     });
@@ -25191,7 +25199,7 @@ async function E1(t, e, n, r) {
   })).logs.filter(
     ($) => $.type === qe.FAILED_LOGIN_INCORRECT_PASSWORD && new Date($.date) > new Date(Date.now() - 1e3 * 60 * 5)
   ).length >= 3) {
-    const $ = He(t, {
+    const $ = Ve(t, {
       // TODO: change to BLOCKED_ACCOUNT_EMAIL
       type: qe.FAILED_LOGIN,
       description: "Too many failed login attempts"
@@ -25203,7 +25211,7 @@ async function E1(t, e, n, r) {
   }
   if (!a.email_verified && e.email_validation === "enforced") {
     await Nf(t, a);
-    const $ = He(t, {
+    const $ = Ve(t, {
       type: qe.FAILED_LOGIN,
       description: "Email not verified"
     });
@@ -25212,7 +25220,7 @@ async function E1(t, e, n, r) {
       code: "EMAIL_NOT_VERIFIED"
     });
   }
-  const g = He(t, {
+  const g = Ve(t, {
     type: qe.SUCCESS_LOGIN,
     description: "Successful login",
     strategy_type: "Username-Password-Authentication",
@@ -25260,10 +25268,10 @@ async function yE(t, e, n, r) {
         Date.now() + Ev
       ).toISOString(),
       authParams: {
-        client_id: e.id,
+        client_id: e.client_id,
         username: n
       },
-      csrf_token: Ve(),
+      csrf_token: He(),
       ip: a,
       useragent: l,
       auth0Client: d
@@ -25347,7 +25355,7 @@ const wE = new $e().openapi(
             client_id: n,
             username: s
           },
-          csrf_token: Ve(),
+          csrf_token: He(),
           ip: a,
           useragent: l,
           auth0Client: Zn(u)
@@ -25411,7 +25419,7 @@ async function vE({
         Date.now() + Ur * 1e3
       ).toISOString(),
       authParams: r,
-      csrf_token: Ve(),
+      csrf_token: He(),
       authorization_url: a.toString(),
       ip: l,
       useragent: d,
@@ -25519,7 +25527,7 @@ async function xE({
 }) {
   const { env: h } = t, g = new URL(r), $ = `${g.protocol}//${g.host}`;
   async function A(K = "Login required") {
-    const W = He(t, {
+    const W = Ve(t, {
       type: qe.FAILED_SILENT_AUTH,
       description: K
     });
@@ -25544,7 +25552,7 @@ async function xE({
   const D = {
     client: e,
     authParams: {
-      client_id: e.id,
+      client_id: e.client_id,
       audience: u,
       code_challenge_method: a,
       code_challenge: l,
@@ -25574,7 +25582,7 @@ async function xE({
       Date.now() + hc * 1e3
     ).toISOString() : void 0
   });
-  const z = He(t, {
+  const z = Ve(t, {
     type: qe.SUCCESS_SILENT_AUTH,
     description: "Successful silent authentication"
   });
@@ -25696,7 +25704,7 @@ const AE = ["email", "sms", "Username-Password-Authentication"], EE = new $e().o
     } = t.req.valid("query");
     t.set("log", "authorize");
     const M = await ss(e, n);
-    t.set("client_id", M.id), t.set("tenant_id", M.tenant.id);
+    t.set("client_id", M.client_id), t.set("tenant_id", M.tenant.id);
     const K = {
       redirect_uri: i.split("#")[0],
       // Remove fragment if present
@@ -25822,7 +25830,7 @@ const AE = ["email", "sms", "Username-Password-Authentication"], EE = new $e().o
     const { env: e } = t, { client_id: n, redirect_url: r, login_hint: i, screen_hint: s } = t.req.valid("query");
     t.set("log", "account");
     const a = await ss(e, n);
-    t.set("client_id", a.id), t.set("tenant_id", a.tenant.id);
+    t.set("client_id", a.client_id), t.set("tenant_id", a.tenant.id);
     const l = {
       redirect_uri: r || t.req.url,
       client_id: n,
@@ -25853,7 +25861,7 @@ const AE = ["email", "sms", "Username-Password-Authentication"], EE = new $e().o
           Date.now() + Ur * 1e3
         ).toISOString(),
         authParams: l,
-        csrf_token: Ve(),
+        csrf_token: He(),
         authorization_url: g.toString(),
         ip: $,
         useragent: I,
@@ -26326,7 +26334,7 @@ async function ze(t, e, n = !1) {
     r,
     i.authParams.client_id
   );
-  t.set("client_id", s.id), t.set("tenant_id", s.tenant.id);
+  t.set("client_id", s.client_id), t.set("tenant_id", s.tenant.id);
   const a = await r.data.tenants.get(s.tenant.id);
   if (a) {
     if (i.session_id && !n) {
@@ -26936,7 +26944,7 @@ const YE = (t, e) => {
       t,
       n
     );
-    t.set("client_id", i.id);
+    t.set("client_id", i.client_id);
     const u = t.get("countryCode"), { normalized: d, connectionType: p } = yl(
       r.username,
       u
@@ -26966,7 +26974,7 @@ const YE = (t, e) => {
       try {
         await i3(t, i, t.env.data, d);
       } catch {
-        const O = He(t, {
+        const O = Ve(t, {
           type: qe.FAILED_SIGNUP,
           description: "Public signup is disabled"
         });
@@ -27844,9 +27852,9 @@ const eo = (t) => {
         message: B.t("username_not_found_error") || "Username not found in session."
       });
     try {
-      t.set("client_id", s.id);
+      t.set("client_id", s.client_id);
       const u = await xf(t, {
-        client_id: s.id,
+        client_id: s.client_id,
         authParams: a.authParams,
         username: a.authParams.username,
         otp: n
@@ -29040,7 +29048,7 @@ const su = (t) => {
                 className: "bg-gray-200/40 p-2 rounded-md hover:bg-gray-200/75",
                 title: B.t("edit"),
                 "aria-label": B.t("edit"),
-                href: l ? `/u/account/change-email?state=${encodeURIComponent(l)}` : `/u/account/change-email?client_id=${encodeURIComponent(i.id)}`,
+                href: l ? `/u/account/change-email?state=${encodeURIComponent(l)}` : `/u/account/change-email?client_id=${encodeURIComponent(i.client_id)}`,
                 children: /* @__PURE__ */ _(M8, {})
               }
             )
@@ -29166,7 +29174,7 @@ const su = (t) => {
     let u, d;
     try {
       if (r.action === "update_email" && r.email) {
-        const h = Ve();
+        const h = He();
         await e.data.codes.create(a.tenant.id, {
           code_id: h,
           login_id: "",
@@ -29405,7 +29413,7 @@ const su = (t) => {
           }
         )
       );
-    const d = er(), p = Ve();
+    const d = er(), p = He();
     return await e.data.codes.create(a.tenant.id, {
       code_id: p,
       login_id: "",
@@ -29465,7 +29473,7 @@ const su = (t) => {
         tt,
         {
           Component: "a",
-          href: l || (a ? `/u/account?state=${encodeURIComponent(a)}` : `/u/account?client_id=${encodeURIComponent(r.id)}`),
+          href: l || (a ? `/u/account?state=${encodeURIComponent(a)}` : `/u/account?client_id=${encodeURIComponent(r.client_id)}`),
           className: "sm:mt-4 !text-base",
           children: [
             /* @__PURE__ */ _("span", { children: B.t("continue") }),
@@ -29534,7 +29542,7 @@ const su = (t) => {
           "a",
           {
             className: "block text-primary hover:text-primaryHover text-center",
-            href: a ? `/u/account?state=${encodeURIComponent(a)}` : `/u/account?client_id=${encodeURIComponent(r.id)}`,
+            href: a ? `/u/account?state=${encodeURIComponent(a)}` : `/u/account?client_id=${encodeURIComponent(r.client_id)}`,
             children: B.t("go_back")
           }
         )
@@ -38555,7 +38563,7 @@ const kS = new $e().openapi(
     const i = r.map(
       (d) => new al(d.cert).toString("base64")
     ), s = t.env.ISSUER, a = SS({
-      entityId: ((u = (l = n.addons) == null ? void 0 : l.samlp) == null ? void 0 : u.audience) || n.id,
+      entityId: ((u = (l = n.addons) == null ? void 0 : l.samlp) == null ? void 0 : u.audience) || n.client_id,
       certificates: i,
       assertionConsumerServiceUrl: `${s}samlp/${e}`,
       singleLogoutServiceUrl: `${s}samlp/${e}/logout`
@@ -38602,11 +38610,11 @@ const kS = new $e().openapi(
       throw new E(404, {
         message: "Client not found"
       });
-    t.set("client_id", i.id), t.set("tenant_id", i.tenant.id);
+    t.set("client_id", i.client_id), t.set("tenant_id", i.tenant.id);
     const s = await ES(n), a = s["samlp:AuthnRequest"]["saml:Issuer"]["#text"], l = await t.env.data.loginSessions.create(
       t.var.tenant_id,
       {
-        csrf_token: Ve(),
+        csrf_token: He(),
         authParams: {
           client_id: e,
           state: JSON.stringify({
@@ -40146,8 +40154,8 @@ export {
   N8 as UnverifiedEmailPage,
   OX as UserNotFoundPage,
   n8 as VippsLogo,
-  mu as applicationInsertSchema,
-  vi as applicationSchema,
+  tw as applicationInsertSchema,
+  gG as applicationSchema,
   mG as auth0FlowInsertSchema,
   gw as auth0FlowSchema,
   Un as auth0UserResponseSchema,
@@ -40156,8 +40164,8 @@ export {
   Tw as bordersSchema,
   oh as brandingSchema,
   rw as buttonComponentSchema,
-  tw as clientInsertSchema,
-  gG as clientSchema,
+  mu as clientInsertSchema,
+  vi as clientSchema,
   _w as codeInsertSchema,
   _G as codeSchema,
   mw as codeTypeSchema,