npm - authhero - Versions diffs - 0.75.0 → 0.76.0 - Mend

authhero 0.75.0 → 0.76.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/authhero.mjs CHANGED Viewed

@@ -361,8 +361,8 @@ class ts extends zs {
     }
     const h = this.resolve(e, n);
     let m = h == null ? void 0 : h.res;
-    const v = (h == null ? void 0 : h.usedKey) || o, f = (h == null ? void 0 : h.exactUsedKey) || o, _ = Object.prototype.toString.apply(m), w = ["[object Number]", "[object Function]", "[object RegExp]"], S = n.joinArrays !== void 0 ? n.joinArrays : this.options.joinArrays, N = !this.i18nFormat || this.i18nFormat.handleAsObject, T = !re(m) && typeof m != "boolean" && typeof m != "number";
-    if (N && m && T && w.indexOf(_) < 0 && !(re(S) && Array.isArray(m))) {
+    const v = (h == null ? void 0 : h.usedKey) || o, f = (h == null ? void 0 : h.exactUsedKey) || o, _ = Object.prototype.toString.apply(m), w = ["[object Number]", "[object Function]", "[object RegExp]"], S = n.joinArrays !== void 0 ? n.joinArrays : this.options.joinArrays, $ = !this.i18nFormat || this.i18nFormat.handleAsObject, T = !re(m) && typeof m != "boolean" && typeof m != "number";
+    if ($ && m && T && w.indexOf(_) < 0 && !(re(S) && Array.isArray(m))) {
       if (!n.returnObjects && !this.options.returnObjects) {
         this.options.returnedObjectHandler || this.logger.warn("accessing an object - but returnObjects options is not enabled!");
         const L = this.options.returnedObjectHandler ? this.options.returnedObjectHandler(v, m, {
@@ -384,7 +384,7 @@ class ts extends zs {
           }
         m = ne;
       }
-    } else if (N && re(S) && Array.isArray(m))
+    } else if ($ && re(S) && Array.isArray(m))
       m = m.join(S), m && (m = this.extendTranslation(m, e, n, r));
     else {
       let L = !1, ne = !1;
@@ -480,8 +480,8 @@ class ts extends zs {
       this.options.fallbackNS && (h = h.concat(this.options.fallbackNS));
       const m = n.count !== void 0 && !re(n.count), v = m && !n.ordinal && n.count === 0, f = n.context !== void 0 && (re(n.context) || typeof n.context == "number") && n.context !== "", _ = n.lngs ? n.lngs : this.languageUtils.toResolveHierarchy(n.lng || this.language, n.fallbackLng);
       h.forEach((w) => {
-        var S, N;
-        this.isValidLookup(r) || (c = w, !ku[`${_[0]}-${w}`] && ((S = this.utils) != null && S.hasLoadedNamespace) && !((N = this.utils) != null && N.hasLoadedNamespace(c)) && (ku[`${_[0]}-${w}`] = !0, this.logger.warn(`key "${i}" for languages "${_.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`, "This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")), _.forEach((T) => {
+        var S, $;
+        this.isValidLookup(r) || (c = w, !ku[`${_[0]}-${w}`] && ((S = this.utils) != null && S.hasLoadedNamespace) && !(($ = this.utils) != null && $.hasLoadedNamespace(c)) && (ku[`${_[0]}-${w}`] = !0, this.logger.warn(`key "${i}" for languages "${_.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`, "This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")), _.forEach((T) => {
           var ge;
           if (this.isValidLookup(r)) return;
           o = T;
@@ -700,9 +700,9 @@ class vm {
       nestingSuffixEscaped: _,
       nestingOptionsSeparator: w,
       maxReplaces: S,
-      alwaysFormat: N
+      alwaysFormat: $
     } = e.interpolation;
-    this.escape = n !== void 0 ? n : pm, this.escapeValue = r !== void 0 ? r : !0, this.useRawValueToEscape = i !== void 0 ? i : !1, this.prefix = s ? Un(s) : o || "{{", this.suffix = c ? Un(c) : l || "}}", this.formatSeparator = u || ",", this.unescapePrefix = p ? "" : h || "-", this.unescapeSuffix = this.unescapePrefix ? "" : p || "", this.nestingPrefix = m ? Un(m) : v || Un("$t("), this.nestingSuffix = f ? Un(f) : _ || Un(")"), this.nestingOptionsSeparator = w || ",", this.maxReplaces = S || 1e3, this.alwaysFormat = N !== void 0 ? N : !1, this.resetRegExp();
+    this.escape = n !== void 0 ? n : pm, this.escapeValue = r !== void 0 ? r : !0, this.useRawValueToEscape = i !== void 0 ? i : !1, this.prefix = s ? Un(s) : o || "{{", this.suffix = c ? Un(c) : l || "}}", this.formatSeparator = u || ",", this.unescapePrefix = p ? "" : h || "-", this.unescapeSuffix = this.unescapePrefix ? "" : p || "", this.nestingPrefix = m ? Un(m) : v || Un("$t("), this.nestingSuffix = f ? Un(f) : _ || Un(")"), this.nestingOptionsSeparator = w || ",", this.maxReplaces = S || 1e3, this.alwaysFormat = $ !== void 0 ? $ : !1, this.resetRegExp();
   }
   reset() {
     this.options && this.init(this.options);
@@ -716,12 +716,12 @@ class vm {
     let s, o, c;
     const l = this.options && this.options.interpolation && this.options.interpolation.defaultVariables || {}, u = (f) => {
       if (f.indexOf(this.formatSeparator) < 0) {
-        const N = Eu(n, l, f, this.options.keySeparator, this.options.ignoreJSONStructure);
-        return this.alwaysFormat ? this.format(N, void 0, r, {
+        const $ = Eu(n, l, f, this.options.keySeparator, this.options.ignoreJSONStructure);
+        return this.alwaysFormat ? this.format($, void 0, r, {
           ...i,
           ...n,
           interpolationkey: f
-        }) : N;
+        }) : $;
       }
       const _ = f.split(this.formatSeparator), w = _.shift().trim(), S = _.join(this.formatSeparator).trim();
       return this.format(Eu(n, l, w, this.options.keySeparator, this.options.ignoreJSONStructure), S, r, {
@@ -2064,7 +2064,7 @@ const Km = new le().openapi(
     return await t.env.data.branding.set(e, n), t.text("OK");
   }
 );
-var $ = class extends Error {
+var N = class extends Error {
   constructor(e = 500, n) {
     super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
     te(this, "res");
@@ -2478,7 +2478,7 @@ const Jm = {}, Zm = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineP
     Date.now = Date.now || function() {
       return +/* @__PURE__ */ new Date();
     };
-    var f = 16, _ = 10, w = 16, S = 100, N = [
+    var f = 16, _ = 10, w = 16, S = 100, $ = [
       608135816,
       2242054355,
       320440878,
@@ -3571,7 +3571,7 @@ const Jm = {}, Zm = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineP
           throw Q;
       E = 1 << E >>> 0;
       var J, se, ue = 0, H;
-      Int32Array ? (J = new Int32Array(N), se = new Int32Array(T)) : (J = N.slice(), se = T.slice()), ze(C, j, J, se);
+      Int32Array ? (J = new Int32Array($), se = new Int32Array(T)) : (J = $.slice(), se = T.slice()), ze(C, j, J, se);
       function Ne() {
         if (k && k(ue / E), ue < E)
           for (var me = Date.now(); ue < E && (ue = ue + 1, de(j, J, se), de(C, J, se), !(Date.now() - me > S)); )
@@ -3865,7 +3865,7 @@ const Bu = jn.extend({
         v.linked_to
       );
       if (!f)
-        throw new $(500, {
+        throw new N(500, {
           message: "Primary account not found"
         });
       return t.json([Ot.parse(f)]);
@@ -3920,9 +3920,9 @@ const Bu = jn.extend({
   async (t) => {
     const { user_id: e } = t.req.valid("param"), { "tenant-id": n } = t.req.valid("header"), r = await t.env.data.users.get(n, e);
     if (!r)
-      throw new $(404);
+      throw new N(404);
     if (r.linked_to)
-      throw new $(404, {
+      throw new N(404, {
         message: "User is linked to another user"
       });
     return t.json(r);
@@ -3954,7 +3954,7 @@ const Bu = jn.extend({
   async (t) => {
     const { user_id: e } = t.req.valid("param"), { "tenant-id": n } = t.req.valid("header");
     if (!await t.env.data.users.remove(n, e))
-      throw new $(404);
+      throw new N(404);
     return t.text("OK");
   }
 ).openapi(
@@ -3995,7 +3995,7 @@ const Bu = jn.extend({
     t.set("body", n);
     const { email: r } = n;
     if (!r)
-      throw new $(400, { message: "Email is required" });
+      throw new N(400, { message: "Email is required" });
     const i = r.toLowerCase(), s = `${n.provider}|${n.user_id || ci()}`;
     try {
       const o = await t.env.data.users.create(e, {
@@ -4032,7 +4032,7 @@ const Bu = jn.extend({
         status: 201
       });
     } catch (o) {
-      throw o.message === "User already exists" ? new $(409, {
+      throw o.message === "User already exists" ? new N(409, {
         message: "User already exists"
       }) : o;
     }
@@ -4076,7 +4076,7 @@ const Bu = jn.extend({
     var u;
     const { "tenant-id": e } = t.req.valid("header"), n = t.req.valid("json"), { user_id: r } = t.req.valid("param"), { verify_email: i, password: s, ...o } = n, c = await t.env.data.users.get(e, r);
     if (!c)
-      throw new $(404);
+      throw new N(404);
     if (o.email && o.email !== c.email) {
       const p = await Ds(
         t.env.data.users,
@@ -4084,12 +4084,12 @@ const Bu = jn.extend({
         o.email
       );
       if (p.length && p.some((h) => h.user_id !== r))
-        throw new $(409, {
+        throw new N(409, {
           message: "Another user with the same email address already exists."
         });
     }
     if (c.linked_to)
-      throw new $(404, {
+      throw new N(404, {
         // not the auth0 error message but I'd rather deviate here
         message: "User is linked to another user"
       });
@@ -4098,7 +4098,7 @@ const Bu = jn.extend({
         (h) => h.connection === "Username-Password-Authentication"
       );
       if (!p)
-        throw new $(400, {
+        throw new N(400, {
           message: "User does not have a password identity"
         });
       await t.env.data.passwords.update(e, {
@@ -4109,7 +4109,7 @@ const Bu = jn.extend({
     }
     const l = await t.env.data.users.get(e, r);
     if (!l)
-      throw new $(500);
+      throw new N(500);
     return t.json(l);
   }
 ).openapi(
@@ -4165,7 +4165,7 @@ const Bu = jn.extend({
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), n = t.req.valid("json"), { user_id: r } = t.req.valid("param"), i = "link_with" in n ? n.link_with : n.user_id, s = await t.env.data.users.get(e, r);
     if (!s)
-      throw new $(400, {
+      throw new N(400, {
         message: "Linking an inexistent identity is not allowed."
       });
     await t.env.data.users.update(e, i, {
@@ -4225,7 +4225,7 @@ const Bu = jn.extend({
     );
     const s = await t.env.data.users.get(e, n);
     if (!s)
-      throw new $(404);
+      throw new N(404);
     return t.json([Ot.parse(s)]);
   }
 ).openapi(
@@ -4331,7 +4331,7 @@ var Tu;
         return A[I];
       }
     }, h = Object.getPrototypeOf(Function), m = typeof Map == "function" && typeof Map.prototype.entries == "function" ? Map : em(), v = typeof Set == "function" && typeof Set.prototype.entries == "function" ? Set : tm(), f = typeof WeakMap == "function" ? WeakMap : nm(), _ = i ? Symbol.for("@reflect-metadata:registry") : void 0, w = Yg(), S = Xg(w);
-    function N(A, I, B, q) {
+    function $(A, I, B, q) {
       if (H(B)) {
         if (!lu(A))
           throw new TypeError();
@@ -4348,7 +4348,7 @@ var Tu;
         return Ne(q) && (q = void 0), B = wt(B), E(A, I, B, q);
       }
     }
-    e("decorate", N);
+    e("decorate", $);
     function T(A, I) {
       function B(q, ee) {
         if (!me(q))
@@ -8158,8 +8158,8 @@ var lh = { exports: {} };
     function u(f, _) {
       if (f.indexOf("::") !== f.lastIndexOf("::"))
         return null;
-      let w = 0, S = -1, N = (f.match(l.zoneIndex) || [])[0], T, L;
-      for (N && (N = N.substring(1), f = f.replace(/%.+$/, "")); (S = f.indexOf(":", S + 1)) >= 0; )
+      let w = 0, S = -1, $ = (f.match(l.zoneIndex) || [])[0], T, L;
+      for ($ && ($ = $.substring(1), f = f.replace(/%.+$/, "")); (S = f.indexOf(":", S + 1)) >= 0; )
         w++;
       if (f.substr(0, 2) === "::" && w--, f.substr(-2, 2) === "::" && w--, w > _)
         return null;
@@ -8172,17 +8172,17 @@ var lh = { exports: {} };
         return ge;
       }(), {
         parts: _,
-        zoneId: N
+        zoneId: $
       };
     }
     function p(f, _, w, S) {
       if (f.length !== _.length)
         throw new Error("ipaddr: cannot match CIDR for objects with different lengths");
-      let N = 0, T;
+      let $ = 0, T;
       for (; S > 0; ) {
-        if (T = w - S, T < 0 && (T = 0), f[N] >> T !== _[N] >> T)
+        if (T = w - S, T < 0 && (T = 0), f[$] >> T !== _[$] >> T)
           return !1;
-        S -= w, N += 1;
+        S -= w, $ += 1;
       }
       return !0;
     }
@@ -8268,9 +8268,9 @@ var lh = { exports: {} };
           254: 1,
           255: 0
         };
-        let N, T, L;
-        for (N = 3; N >= 0; N -= 1)
-          if (T = this.octets[N], T in S) {
+        let $, T, L;
+        for ($ = 3; $ >= 0; $ -= 1)
+          if (T = this.octets[$], T in S) {
             if (L = S[T], w && L !== 0)
               return null;
             L !== 8 && (w = !0), _ += L;
@@ -8290,11 +8290,11 @@ var lh = { exports: {} };
       }, f;
     }(), v.IPv4.broadcastAddressFromCIDR = function(f) {
       try {
-        const _ = this.parseCIDR(f), w = _[0].toByteArray(), S = this.subnetMaskFromPrefixLength(_[1]).toByteArray(), N = [];
+        const _ = this.parseCIDR(f), w = _[0].toByteArray(), S = this.subnetMaskFromPrefixLength(_[1]).toByteArray(), $ = [];
         let T = 0;
         for (; T < 4; )
-          N.push(parseInt(w[T], 10) | parseInt(S[T], 10) ^ 255), T++;
-        return new this(N);
+          $.push(parseInt(w[T], 10) | parseInt(S[T], 10) ^ 255), T++;
+        return new this($);
       } catch {
         throw new Error("ipaddr: the address does not have IPv4 CIDR format");
       }
@@ -8315,11 +8315,11 @@ var lh = { exports: {} };
     }, v.IPv4.isValidFourPartDecimal = function(f) {
       return !!(v.IPv4.isValid(f) && f.match(/^(0|[1-9]\d*)(\.(0|[1-9]\d*)){3}$/));
     }, v.IPv4.networkAddressFromCIDR = function(f) {
-      let _, w, S, N, T;
+      let _, w, S, $, T;
       try {
-        for (_ = this.parseCIDR(f), S = _[0].toByteArray(), T = this.subnetMaskFromPrefixLength(_[1]).toByteArray(), N = [], w = 0; w < 4; )
-          N.push(parseInt(S[w], 10) & parseInt(T[w], 10)), w++;
-        return new this(N);
+        for (_ = this.parseCIDR(f), S = _[0].toByteArray(), T = this.subnetMaskFromPrefixLength(_[1]).toByteArray(), $ = [], w = 0; w < 4; )
+          $.push(parseInt(S[w], 10) & parseInt(T[w], 10)), w++;
+        return new this($);
       } catch {
         throw new Error("ipaddr: the address does not have IPv4 CIDR format");
       }
@@ -8346,31 +8346,31 @@ var lh = { exports: {} };
       let _, w, S;
       if (_ = f.match(r.fourOctet))
         return function() {
-          const N = _.slice(1, 6), T = [];
-          for (let L = 0; L < N.length; L++)
-            w = N[L], T.push(h(w));
+          const $ = _.slice(1, 6), T = [];
+          for (let L = 0; L < $.length; L++)
+            w = $[L], T.push(h(w));
           return T;
         }();
       if (_ = f.match(r.longValue)) {
         if (S = h(_[1]), S > 4294967295 || S < 0)
           throw new Error("ipaddr: address outside defined range");
         return function() {
-          const N = [];
+          const $ = [];
           let T;
           for (T = 0; T <= 24; T += 8)
-            N.push(S >> T & 255);
-          return N;
+            $.push(S >> T & 255);
+          return $;
         }().reverse();
       } else return (_ = f.match(r.twoOctet)) ? function() {
-        const N = _.slice(1, 4), T = [];
-        if (S = h(N[1]), S > 16777215 || S < 0)
+        const $ = _.slice(1, 4), T = [];
+        if (S = h($[1]), S > 16777215 || S < 0)
           throw new Error("ipaddr: address outside defined range");
-        return T.push(h(N[0])), T.push(S >> 16 & 255), T.push(S >> 8 & 255), T.push(S & 255), T;
+        return T.push(h($[0])), T.push(S >> 16 & 255), T.push(S >> 8 & 255), T.push(S & 255), T;
       }() : (_ = f.match(r.threeOctet)) ? function() {
-        const N = _.slice(1, 5), T = [];
-        if (S = h(N[2]), S > 65535 || S < 0)
+        const $ = _.slice(1, 5), T = [];
+        if (S = h($[2]), S > 65535 || S < 0)
           throw new Error("ipaddr: address outside defined range");
-        return T.push(h(N[0])), T.push(h(N[1])), T.push(S >> 8 & 255), T.push(S & 255), T;
+        return T.push(h($[0])), T.push(h($[1])), T.push(S >> 8 & 255), T.push(S & 255), T;
       }() : null;
     }, v.IPv4.subnetMaskFromPrefixLength = function(f) {
       if (f = parseInt(f), f < 0 || f > 32)
@@ -8383,7 +8383,7 @@ var lh = { exports: {} };
       return S < 4 && (_[S] = Math.pow(2, f % 8) - 1 << 8 - f % 8), new this(_);
     }, v.IPv6 = function() {
       function f(_, w) {
-        let S, N;
+        let S, $;
         if (_.length === 16)
           for (this.parts = [], S = 0; S <= 14; S += 2)
             this.parts.push(_[S] << 8 | _[S + 1]);
@@ -8392,7 +8392,7 @@ var lh = { exports: {} };
         else
           throw new Error("ipaddr: ipv6 part count should be 8 or 16");
         for (S = 0; S < this.parts.length; S++)
-          if (N = this.parts[S], !(0 <= N && N <= 65535))
+          if ($ = this.parts[S], !(0 <= $ && $ <= 65535))
             throw new Error("ipaddr: ipv6 part should fit in 16 bits");
         w && (this.zoneId = w);
       }
@@ -8461,10 +8461,10 @@ var lh = { exports: {} };
           65534: 1,
           65535: 0
         };
-        let N, T;
+        let $, T;
         for (let L = 7; L >= 0; L -= 1)
-          if (N = this.parts[L], N in S) {
-            if (T = S[N], w && T !== 0)
+          if ($ = this.parts[L], $ in S) {
+            if (T = S[$], w && T !== 0)
               return null;
             T !== 16 && (w = !0), _ += T;
           } else
@@ -8475,14 +8475,14 @@ var lh = { exports: {} };
       }, f.prototype.toByteArray = function() {
         let _;
         const w = [], S = this.parts;
-        for (let N = 0; N < S.length; N++)
-          _ = S[N], w.push(_ >> 8), w.push(_ & 255);
+        for (let $ = 0; $ < S.length; $++)
+          _ = S[$], w.push(_ >> 8), w.push(_ & 255);
         return w;
       }, f.prototype.toFixedLengthString = function() {
         const _ = (function() {
           const S = [];
-          for (let N = 0; N < this.parts.length; N++)
-            S.push(m(this.parts[N].toString(16), 4));
+          for (let $ = 0; $ < this.parts.length; $++)
+            S.push(m(this.parts[$].toString(16), 4));
           return S;
         }).call(this).join(":");
         let w = "";
@@ -8495,28 +8495,28 @@ var lh = { exports: {} };
       }, f.prototype.toNormalizedString = function() {
         const _ = (function() {
           const S = [];
-          for (let N = 0; N < this.parts.length; N++)
-            S.push(this.parts[N].toString(16));
+          for (let $ = 0; $ < this.parts.length; $++)
+            S.push(this.parts[$].toString(16));
           return S;
         }).call(this).join(":");
         let w = "";
         return this.zoneId && (w = `%${this.zoneId}`), _ + w;
       }, f.prototype.toRFC5952String = function() {
         const _ = /((^|:)(0(:|$)){2,})/g, w = this.toNormalizedString();
-        let S = 0, N = -1, T;
+        let S = 0, $ = -1, T;
         for (; T = _.exec(w); )
-          T[0].length > N && (S = T.index, N = T[0].length);
-        return N < 0 ? w : `${w.substring(0, S)}::${w.substring(S + N)}`;
+          T[0].length > $ && (S = T.index, $ = T[0].length);
+        return $ < 0 ? w : `${w.substring(0, S)}::${w.substring(S + $)}`;
       }, f.prototype.toString = function() {
         return this.toRFC5952String();
       }, f;
     }(), v.IPv6.broadcastAddressFromCIDR = function(f) {
       try {
-        const _ = this.parseCIDR(f), w = _[0].toByteArray(), S = this.subnetMaskFromPrefixLength(_[1]).toByteArray(), N = [];
+        const _ = this.parseCIDR(f), w = _[0].toByteArray(), S = this.subnetMaskFromPrefixLength(_[1]).toByteArray(), $ = [];
         let T = 0;
         for (; T < 16; )
-          N.push(parseInt(w[T], 10) | parseInt(S[T], 10) ^ 255), T++;
-        return new this(N);
+          $.push(parseInt(w[T], 10) | parseInt(S[T], 10) ^ 255), T++;
+        return new this($);
       } catch (_) {
         throw new Error(`ipaddr: the address does not have IPv6 CIDR format (${_})`);
       }
@@ -8540,11 +8540,11 @@ var lh = { exports: {} };
         return !1;
       }
     }, v.IPv6.networkAddressFromCIDR = function(f) {
-      let _, w, S, N, T;
+      let _, w, S, $, T;
       try {
-        for (_ = this.parseCIDR(f), S = _[0].toByteArray(), T = this.subnetMaskFromPrefixLength(_[1]).toByteArray(), N = [], w = 0; w < 16; )
-          N.push(parseInt(S[w], 10) & parseInt(T[w], 10)), w++;
-        return new this(N);
+        for (_ = this.parseCIDR(f), S = _[0].toByteArray(), T = this.subnetMaskFromPrefixLength(_[1]).toByteArray(), $ = [], w = 0; w < 16; )
+          $.push(parseInt(S[w], 10) & parseInt(T[w], 10)), w++;
+        return new this($);
       } catch (L) {
         throw new Error(`ipaddr: the address does not have IPv6 CIDR format (${L})`);
       }
@@ -8563,7 +8563,7 @@ var lh = { exports: {} };
         }), S;
       throw new Error("ipaddr: string is not formatted like an IPv6 CIDR range");
     }, v.IPv6.parser = function(f) {
-      let _, w, S, N, T, L;
+      let _, w, S, $, T, L;
       if (S = f.match(l.deprecatedTransitional))
         return this.parser(`::ffff:${S[1]}`);
       if (l.native.test(f))
@@ -8575,7 +8575,7 @@ var lh = { exports: {} };
           parseInt(S[4]),
           parseInt(S[5])
         ], w = 0; w < T.length; w++)
-          if (N = T[w], !(0 <= N && N <= 255))
+          if ($ = T[w], !(0 <= $ && $ <= 255))
             return null;
         return _.parts.push(T[0] << 8 | T[1]), _.parts.push(T[2] << 8 | T[3]), {
           parts: _.parts,
@@ -8623,13 +8623,13 @@ var lh = { exports: {} };
       const _ = this.parse(f);
       return _.kind() === "ipv6" && _.isIPv4MappedAddress() ? _.toIPv4Address() : _;
     }, v.subnetMatch = function(f, _, w) {
-      let S, N, T, L;
+      let S, $, T, L;
       w == null && (w = "unicast");
-      for (N in _)
-        if (Object.prototype.hasOwnProperty.call(_, N)) {
-          for (T = _[N], T[0] && !(T[0] instanceof Array) && (T = [T]), S = 0; S < T.length; S++)
+      for ($ in _)
+        if (Object.prototype.hasOwnProperty.call(_, $)) {
+          for (T = _[$], T[0] && !(T[0] instanceof Array) && (T = [T]), S = 0; S < T.length; S++)
             if (L = T[S], f.kind() === L[0].kind() && f.match.apply(f, L))
-              return N;
+              return $;
         }
       return w;
     }, t.exports ? t.exports = v : e.ipaddr = v;
@@ -13597,7 +13597,7 @@ const ay = 1e3 * 60 * 60 * 24, cy = new le().openapi(
   async (t) => {
     const { kid: e } = t.req.valid("param"), r = (await t.env.data.keys.list()).find((i) => i.kid === e);
     if (!r)
-      throw new $(404, { message: "Key not found" });
+      throw new N(404, { message: "Key not found" });
     return t.json(r);
   }
 ).openapi(
@@ -13661,7 +13661,7 @@ const ay = 1e3 * 60 * 60 * 24, cy = new le().openapi(
     if (!await t.env.data.keys.update(e, {
       revoked_at: (/* @__PURE__ */ new Date()).toISOString()
     }))
-      throw new $(404, { message: "Key not found" });
+      throw new N(404, { message: "Key not found" });
     const r = await qc({
       name: `CN=${t.env.ORGANIZATION_NAME}`
     });
@@ -13783,7 +13783,7 @@ const ay = 1e3 * 60 * 60 * 24, cy = new le().openapi(
       include_totals: !1
     })).applications.find((s) => s.id === n);
     if (!i)
-      throw new $(404);
+      throw new N(404);
     return t.json(i);
   }
 ).openapi(
@@ -13813,7 +13813,7 @@ const ay = 1e3 * 60 * 60 * 24, cy = new le().openapi(
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param");
     if (!await t.env.data.applications.remove(e, n))
-      throw new $(404, { message: "Application not found" });
+      throw new N(404, { message: "Application not found" });
     return t.text("OK");
   }
 ).openapi(
@@ -13857,7 +13857,7 @@ const ay = 1e3 * 60 * 60 * 24, cy = new le().openapi(
     await t.env.data.applications.update(e, n, i);
     const s = await t.env.data.applications.get(e, n);
     if (!s)
-      throw new $(404, { message: "Application not found" });
+      throw new N(404, { message: "Application not found" });
     return t.json(s);
   }
 ).openapi(
@@ -13983,7 +13983,7 @@ const py = jn.extend({
   async (t) => {
     const { id: e } = t.req.valid("param"), n = await t.env.data.tenants.get(e);
     if (!n)
-      throw new $(404);
+      throw new N(404);
     return t.json(n);
   }
 ).openapi(
@@ -14148,7 +14148,7 @@ const py = jn.extend({
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), r = await t.env.data.logs.get(e, n);
     if (!r)
-      throw new $(404);
+      throw new N(404);
     return t.json(r);
   }
 ), my = jn.extend({
@@ -14271,7 +14271,7 @@ const py = jn.extend({
     await t.env.data.hooks.update(e, n, r);
     const i = await t.env.data.hooks.get(e, n);
     if (!i)
-      throw new $(404, { message: "Hook not found" });
+      throw new N(404, { message: "Hook not found" });
     return t.json(i);
   }
 ).openapi(
@@ -14309,7 +14309,7 @@ const py = jn.extend({
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { hook_id: n } = t.req.valid("param"), r = await t.env.data.hooks.get(e, n);
     if (!r)
-      throw new $(404, { message: "Hook not found" });
+      throw new N(404, { message: "Hook not found" });
     return t.json(r);
   }
 ).openapi(
@@ -14339,7 +14339,7 @@ const py = jn.extend({
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { hook_id: n } = t.req.valid("param");
     if (!await t.env.data.hooks.remove(e, n))
-      throw new $(404, { message: "Hook not found" });
+      throw new N(404, { message: "Hook not found" });
     return t.text("OK");
   }
 ), yy = jn.extend({
@@ -14422,7 +14422,7 @@ const py = jn.extend({
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), r = await t.env.data.connections.get(e, n);
     if (!r)
-      throw new $(404);
+      throw new N(404);
     return t.json(r);
   }
 ).openapi(
@@ -14452,7 +14452,7 @@ const py = jn.extend({
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param");
     if (!await t.env.data.connections.remove(e, n))
-      throw new $(404, {
+      throw new N(404, {
         message: "Connection not found"
       });
     return t.text("OK");
@@ -14496,12 +14496,12 @@ const py = jn.extend({
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), r = t.req.valid("json");
     if (!await t.env.data.connections.update(e, n, r))
-      throw new $(404, {
+      throw new N(404, {
         message: "Connection not found"
       });
     const s = await t.env.data.connections.get(e, n);
     if (!s)
-      throw new $(404, {
+      throw new N(404, {
         message: "Connection not found"
       });
     return t.json(s);
@@ -14640,7 +14640,7 @@ async function by(t) {
       throw new Error("Failed to fetch jwks");
     return (await e.json()).keys;
   } catch (e) {
-    throw new $(500, {
+    throw new N(500, {
       message: `Failed to fetch jwks: ${e.message}`
     });
   }
@@ -14684,17 +14684,17 @@ function tg(t) {
         return await n();
       const l = e.req.header("authorization") || "", [u, p] = l.split(" ");
       if ((u == null ? void 0 : u.toLowerCase()) !== "bearer" || !p)
-        throw new $(401, {
+        throw new N(401, {
           message: "Missing bearer token"
         });
       const h = xy(p);
       if (!h || !await ky(e, h))
-        throw new $(403, { message: "Invalid JWT signature" });
+        throw new N(403, { message: "Invalid JWT signature" });
       e.set("user_id", h.payload.sub), e.set("user", h.payload);
       const m = h.payload.permissions || [], v = ((o = h.payload.scope) == null ? void 0 : o.split(" ")) || [];
       if (c.length && !// Should we check both?
       (c.some((f) => m.includes(f)) || c.some((f) => v.includes(f))))
-        throw new $(403, { message: "Unauthorized" });
+        throw new N(403, { message: "Unauthorized" });
     }
     return await n();
   };
@@ -14728,7 +14728,7 @@ const Sy = new le().openapi(
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), n = await t.env.data.emailProviders.get(e);
     if (!n)
-      throw new $(404, { message: "Email provider not found" });
+      throw new N(404, { message: "Email provider not found" });
     return t.json(n);
   }
 ).openapi(
@@ -14827,7 +14827,7 @@ const Sy = new le().openapi(
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), r = await t.env.data.sessions.get(e, n);
     if (!r)
-      throw new $(404);
+      throw new N(404);
     return t.json(r);
   }
 ).openapi(
@@ -14857,7 +14857,7 @@ const Sy = new le().openapi(
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param");
     if (!await t.env.data.sessions.remove(e, n))
-      throw new $(404, {
+      throw new N(404, {
         message: "Session not found"
       });
     return t.text("OK");
@@ -14891,7 +14891,7 @@ const Sy = new le().openapi(
     if (!await t.env.data.sessions.update(e, n, {
       revoked_at: (/* @__PURE__ */ new Date()).toDateString()
     }))
-      throw new $(404, {
+      throw new N(404, {
         message: "Session not found"
       });
     return t.text("Session deletion request accepted.", { status: 202 });
@@ -14928,7 +14928,7 @@ const Sy = new le().openapi(
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), r = await t.env.data.refreshTokens.get(e, n);
     if (!r)
-      throw new $(404);
+      throw new N(404);
     return t.json(r);
   }
 ).openapi(
@@ -14958,7 +14958,7 @@ const Sy = new le().openapi(
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param");
     if (!await t.env.data.refreshTokens.remove(e, n))
-      throw new $(404, {
+      throw new N(404, {
         message: "Session not found"
       });
     return t.text("OK");
@@ -15026,7 +15026,7 @@ const Sy = new le().openapi(
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param"), r = await t.env.data.customDomains.get(e, n);
     if (!r)
-      throw new $(404);
+      throw new N(404);
     return t.json(r);
   }
 ).openapi(
@@ -15056,7 +15056,7 @@ const Sy = new le().openapi(
   async (t) => {
     const { "tenant-id": e } = t.req.valid("header"), { id: n } = t.req.valid("param");
     if (!await t.env.data.customDomains.remove(e, n))
-      throw new $(404, {
+      throw new N(404, {
         message: "Custom domain not found"
       });
     return t.text("OK");
@@ -15104,10 +15104,10 @@ const Sy = new le().openapi(
       n,
       r
     ))
-      throw new $(404);
+      throw new N(404);
     const s = await t.env.data.customDomains.get(e, n);
     if (!s)
-      throw new $(404);
+      throw new N(404);
     return t.json(s);
   }
 ).openapi(
@@ -15153,14 +15153,19 @@ const Sy = new le().openapi(
 );
 function Cy() {
   const t = new le();
-  t.use(tg(t));
+  eg(t), t.use(tg(t));
   const e = t.route("/branding", Km).route("/custom-domains", Iy).route("/email/providers", Sy).route("/users", c_).route("/keys", cy).route("/users-by-email", ly).route("/clients", dy).route("/tenants", fy).route("/logs", gy).route("/hooks", _y).route("/connections", vy).route("/prompts", wy).route("/sessions", Ay).route("/refresh_tokens", Ey);
-  return eg(e), e.doc("/spec", {
+  return e.doc("/spec", {
     openapi: "3.0.0",
     info: {
       version: "1.0.0",
       title: "Management api"
-    }
+    },
+    security: [
+      {
+        oauth2: ["openid", "email", "profile"]
+      }
+    ]
   }), e;
 }
 function Ny(t, e) {
@@ -16233,7 +16238,7 @@ async function vv(t, e, n) {
     }
   );
   if (!l.ok)
-    throw new $(400, { message: "Failed to get user from vipps" });
+    throw new N(400, { message: "Failed to get user from vipps" });
   return await l.json();
 }
 const wv = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
@@ -16256,7 +16261,7 @@ function ug(t, e) {
 async function Lo(t, e) {
   const n = await t.data.clients.get(e);
   if (!n)
-    throw new $(403, { message: "Client not found" });
+    throw new N(403, { message: "Client not found" });
   const r = t.DEFAULT_CLIENT_ID ? await t.data.clients.get(t.DEFAULT_CLIENT_ID) : void 0, i = await t.data.connections.list(n.tenant.id), s = t.DEFAULT_TENANT_ID ? await t.data.connections.list(t.DEFAULT_TENANT_ID) : { connections: [] }, o = i.connections.map((c) => {
     var p;
     const l = (p = s.connections) == null ? void 0 : p.find(
@@ -17443,21 +17448,21 @@ function Hw(t, e, n) {
 async function Kw(t, e, n, r, i) {
   var m, v, f;
   if (!n.redirect_uri)
-    throw new $(400, {
+    throw new N(400, {
       message: "Missing redirect_uri in authParams"
     });
   const [s] = await t.env.data.keys.list();
   if (!s)
-    throw new $(500, {
+    throw new N(500, {
       message: "No signing key found"
     });
   if (!((m = e.addons) != null && m.samlp))
-    throw new $(400, {
+    throw new N(400, {
       message: `SAML Addon is not enabled for client ${e.id}`
     });
   const { recipient: o, audience: c } = e.addons.samlp, l = n.state || "";
   if (!o || !l || !r || !n.state)
-    throw new $(400, {
+    throw new N(400, {
       message: "Missing recipient or inResponseTo"
     });
   const u = JSON.parse(n.state), p = new URL(n.redirect_uri), h = await Ww(t, {
@@ -17836,7 +17841,7 @@ async function Mo(t, e) {
     (S) => !S.revoked_at || new Date(S.revoked_at) > /* @__PURE__ */ new Date()
   ), l = c[c.length - 1];
   if (!(l != null && l.pkcs7))
-    throw new $(500, { message: "No signing key available" });
+    throw new N(500, { message: "No signing key available" });
   const u = xv(l.pkcs7), p = {
     // TODO: consider if the dafault should be removed
     aud: n.audience || "default",
@@ -17870,22 +17875,22 @@ async function Mo(t, e) {
     },
     {
       accessToken: {
-        setCustomClaim: (S, N) => {
+        setCustomClaim: (S, $) => {
           if (Ap.includes(S))
             throw new Error(`Cannot overwrite reserved claim '${S}'`);
-          p[S] = N;
+          p[S] = $;
         }
       },
       idToken: {
-        setCustomClaim: (S, N) => {
+        setCustomClaim: (S, $) => {
           if (Ap.includes(S))
             throw new Error(`Cannot overwrite reserved claim '${S}'`);
-          h && (h[S] = N);
+          h && (h[S] = $);
         }
       },
       access: {
         deny: (S) => {
-          throw new $(400, {
+          throw new N(400, {
             message: `Access denied: ${S}`
           });
         }
@@ -17990,7 +17995,7 @@ async function on(t, e) {
     })
   ), s) {
     if (!e.loginSession)
-      throw new $(500, {
+      throw new N(500, {
         message: "Login session not found"
       });
     const f = kv(), _ = Ve(12), w = await t.env.data.codes.create(i.tenant.id, {
@@ -18044,7 +18049,7 @@ async function on(t, e) {
     });
   if ((n.response_type || mn.CODE) === mn.CODE) {
     if (!e.loginSession)
-      throw new $(500, {
+      throw new N(500, {
         message: "Login session not found"
       });
     const f = await t.env.data.codes.create(i.tenant.id, {
@@ -18056,10 +18061,12 @@ async function on(t, e) {
         Date.now() + jy * 1e3
       ).toISOString()
     });
-    h.set(
-      "location",
-      `${n.redirect_uri}?state=${e.authParams.state}&code=${f.code_id}`
-    );
+    if (!n.redirect_uri)
+      throw new N(400, {
+        message: "Redirect uri not found"
+      });
+    const _ = new URL(n.redirect_uri);
+    _.searchParams.set("code", f.code_id), n.state && _.searchParams.set("state", n.state), h.set("location", _.toString());
   }
   return new Response("Redirecting", {
     status: 302,
@@ -18097,7 +18104,7 @@ async function bg(t, e, n, r) {
       type: ve.FAILED_SIGNUP,
       description: "Public signup is disabled"
     });
-    throw await t.env.data.logs.create(e.tenant.id, s), new $(400, {
+    throw await t.env.data.logs.create(e.tenant.id, s), new N(400, {
       message: "Signups are disabled for this client"
     });
   }
@@ -18111,7 +18118,7 @@ function tb(t, e) {
 }
 async function nb(t, e, n, r) {
   if (!r.state)
-    throw new $(400, { message: "State not found" });
+    throw new N(400, { message: "State not found" });
   const i = e.connections.find((l) => l.name === n);
   if (!i) {
     t.set("client_id", e.id);
@@ -18119,7 +18126,7 @@ async function nb(t, e, n, r) {
       type: ve.FAILED_LOGIN,
       description: "Connection not found"
     });
-    throw await t.env.data.logs.create(e.tenant.id, l), new $(403, { message: "Connection Not Found" });
+    throw await t.env.data.logs.create(e.tenant.id, l), new N(403, { message: "Connection Not Found" });
   }
   let s = await t.env.data.logins.get(
     e.tenant.id,
@@ -18152,13 +18159,13 @@ async function Ep(t, { code: e, state: n }) {
     "oauth2_state"
   );
   if (!i || !i.connection_id)
-    throw new $(403, { message: "State not found" });
+    throw new N(403, { message: "State not found" });
   const s = await r.data.logins.get(
     t.var.tenant_id || "",
     i.login_id
   );
   if (!s)
-    throw new $(403, { message: "Session not found" });
+    throw new N(403, { message: "Session not found" });
   const o = await Lo(
     r,
     s.authParams.client_id
@@ -18172,14 +18179,14 @@ async function Ep(t, { code: e, state: n }) {
       type: ve.FAILED_LOGIN,
       description: "Connection not found"
     });
-    throw await r.data.logs.create(o.tenant.id, _), new $(403, { message: "Connection not found" });
+    throw await r.data.logs.create(o.tenant.id, _), new N(403, { message: "Connection not found" });
   }
   if (t.set("connection", c.name), !s.authParams.redirect_uri) {
     const _ = xe(t, {
       type: ve.FAILED_LOGIN,
       description: "Redirect URI not defined"
     });
-    throw await r.data.logs.create(o.tenant.id, _), new $(403, { message: "Redirect URI not defined" });
+    throw await r.data.logs.create(o.tenant.id, _), new N(403, { message: "Redirect URI not defined" });
   }
   if (!Uo(
     s.authParams.redirect_uri,
@@ -18190,7 +18197,7 @@ async function Ep(t, { code: e, state: n }) {
       type: ve.FAILED_LOGIN,
       description: _
     });
-    throw await r.data.logs.create(o.tenant.id, w), new $(403, {
+    throw await r.data.logs.create(o.tenant.id, w), new N(403, {
       message: _
     });
   }
@@ -18214,7 +18221,7 @@ async function Ep(t, { code: e, state: n }) {
       await bg(t, o, t.env.data, m);
     } catch (_) {
       const w = _;
-      throw new $(500, {
+      throw new N(500, {
         message: `Failed to run preUserSignupHook: ${w.message}`
       });
     }
@@ -18246,16 +18253,16 @@ async function Ip(t, e, n, r, i, s) {
     "oauth2_state"
   );
   if (!o)
-    throw new $(400, { message: "State not found" });
+    throw new N(400, { message: "State not found" });
   const c = await t.env.data.logins.get(
     t.var.tenant_id,
     o.login_id
   );
   if (!c)
-    throw new $(400, { message: "Login not found" });
+    throw new N(400, { message: "Login not found" });
   const { redirect_uri: l } = c.authParams;
   if (!l)
-    throw new $(400, { message: "Redirect uri not found" });
+    throw new N(400, { message: "Redirect uri not found" });
   const u = xe(t, {
     type: ve.FAILED_LOGIN,
     description: `Failed connection login: ${i} ${n}, ${r}`
@@ -18314,7 +18321,7 @@ const rb = new le().openapi(
         o
       );
     if (!n)
-      throw new $(400, { message: "Code is required" });
+      throw new N(400, { message: "Code is required" });
     return Ep(t, {
       code: n,
       state: e
@@ -18368,7 +18375,7 @@ const rb = new le().openapi(
         o
       );
     if (!n)
-      throw new $(400, { message: "Code is required" });
+      throw new N(400, { message: "Code is required" });
     return Ep(t, {
       code: n,
       state: e
@@ -18411,7 +18418,7 @@ const rb = new le().openapi(
       ],
       { allowPathWildcards: !0 }
     ))
-      throw new $(400, {
+      throw new N(400, {
         message: "Invalid redirect uri"
       });
     const o = t.req.header("cookie");
@@ -18474,13 +18481,13 @@ const rb = new le().openapi(
   }),
   async (t) => {
     if (!t.var.user)
-      throw new $(404, { message: "User not found" });
+      throw new N(404, { message: "User not found" });
     const e = await t.env.data.users.get(
       t.var.user.tenant_id,
       t.var.user.sub
     );
     if (!e)
-      throw new $(404, {
+      throw new N(404, {
         message: "User not found"
       });
     return t.json(Cp.parse({ ...e, sub: e.user_id }));
@@ -18639,9 +18646,9 @@ const kg = a.object({
 async function ab(t, e) {
   const n = await t.env.data.clients.get(e.client_id);
   if (!n)
-    throw new $(403, { message: "Invalid client credentials" });
+    throw new N(403, { message: "Invalid client credentials" });
   if (n.client_secret && !Ki(n.client_secret, e.client_secret))
-    throw new $(403, { message: "Invalid client credentials" });
+    throw new N(403, { message: "Invalid client credentials" });
   const r = {
     client_id: n.id,
     scope: e.scope,
@@ -18665,41 +18672,41 @@ const cb = a.object({
 async function lb(t, e) {
   const n = await t.env.data.clients.get(e.client_id);
   if (!n)
-    throw new $(403, { message: "Client not found" });
+    throw new N(403, { message: "Client not found" });
   const r = await t.env.data.codes.get(
     n.tenant.id,
     e.code,
     "authorization_code"
   );
   if (!r || !r.user_id)
-    throw new $(403, { message: "Invalid client credentials" });
+    throw new N(403, { message: "Invalid client credentials" });
   if (new Date(r.expires_at) < /* @__PURE__ */ new Date())
-    throw new $(403, { message: "Code expired" });
+    throw new N(403, { message: "Code expired" });
   if (r.used_at)
-    throw new $(403, { message: "Code already used" });
+    throw new N(403, { message: "Code already used" });
   const i = await t.env.data.logins.get(
     n.tenant.id,
     r.login_id
   );
   if (!i)
-    throw new $(403, { message: "Invalid login" });
+    throw new N(403, { message: "Invalid login" });
   if ("client_secret" in e) {
     const o = await t.env.data.clients.get("DEFAULT_CLIENT");
     if (!Ki(n.client_secret, e.client_secret) && !Ki(o == null ? void 0 : o.client_secret, e.client_secret))
-      throw new $(403, { message: "Invalid client credentials" });
+      throw new N(403, { message: "Invalid client credentials" });
   } else if ("code_verifier" in e && typeof e.code_verifier == "string" && "code_challenge_method" in i.authParams && typeof i.authParams.code_challenge_method == "string") {
     const o = await Sv(
       e.code_verifier,
       i.authParams.code_challenge_method
     );
     if (!Ki(o, i.authParams.code_challenge || ""))
-      throw new $(403, { message: "Invalid client credentials" });
+      throw new N(403, { message: "Invalid client credentials" });
   }
   if (i.authParams.redirect_uri && i.authParams.redirect_uri !== e.redirect_uri)
-    throw new $(403, { message: "Invalid redirect uri" });
+    throw new N(403, { message: "Invalid redirect uri" });
   const s = await t.env.data.users.get(n.tenant.id, r.user_id);
   if (!s)
-    throw new $(403, { message: "User not found" });
+    throw new N(403, { message: "User not found" });
   return await t.env.data.codes.used(n.tenant.id, e.code), on(t, {
     user: s,
     client: n,
@@ -18719,20 +18726,20 @@ const ub = a.object({
 async function db(t, e) {
   const n = await t.env.data.clients.get(e.client_id);
   if (!n)
-    throw new $(403, { message: "Client not found" });
+    throw new N(403, { message: "Client not found" });
   const r = await t.env.data.refreshTokens.get(
     n.tenant.id,
     e.refresh_token
   );
   if (r) {
     if (r.expires_at && new Date(r.expires_at) < /* @__PURE__ */ new Date() || r.idle_expires_at && new Date(r.idle_expires_at) < /* @__PURE__ */ new Date())
-      throw new $(403, {
+      throw new N(403, {
         message: JSON.stringify({
           error: "invalid_grant",
           error_description: "Refresh token has expired"
         })
       });
-  } else throw new $(403, {
+  } else throw new N(403, {
     message: JSON.stringify({
       error: "invalid_grant",
       error_description: "Invalid refresh token"
@@ -18743,7 +18750,7 @@ async function db(t, e) {
     r.user_id
   );
   if (!i)
-    throw new $(403, { message: "User not found" });
+    throw new N(403, { message: "User not found" });
   const s = r.resource_servers[0];
   if (r.idle_expires_at) {
     const o = new Date(
@@ -18841,7 +18848,7 @@ const hb = new le().openapi(
   async (t) => {
     const e = t.req.valid("form"), n = fb(t.req.header("Authorization")), r = { ...e, ...n };
     if (!r.client_id)
-      throw new $(400, { message: "client_id is required" });
+      throw new N(400, { message: "client_id is required" });
     switch (e.grant_type) {
       case Mi.AuthorizationCode:
         return lb(
@@ -18856,7 +18863,7 @@ const hb = new le().openapi(
       case Mi.RefreshToken:
         return db(t, ub.parse(r));
       default:
-        throw new $(400, { message: "Not implemented" });
+        throw new N(400, { message: "Not implemented" });
     }
   }
 );
@@ -18927,10 +18934,10 @@ async function qo(t, e) {
   const n = await t.env.data.emailProviders.get(t.var.tenant_id) || // Fallback to default tenant
   (t.env.DEFAULT_TENANT_ID ? await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID) : null);
   if (!n)
-    throw new $(500, { message: "Email provider not found" });
+    throw new N(500, { message: "Email provider not found" });
   const r = (i = t.env.emailProviders) == null ? void 0 : i[n.name];
   if (!r)
-    throw new $(500, { message: "Email provider not found" });
+    throw new N(500, { message: "Email provider not found" });
   await r({
     emailProvider: n,
     ...e,
@@ -18940,7 +18947,7 @@ async function qo(t, e) {
 async function Sg(t, e, n, r) {
   const i = await t.env.data.tenants.get(t.var.tenant_id);
   if (!i)
-    throw new $(500, { message: "Tenant not found" });
+    throw new N(500, { message: "Tenant not found" });
   const s = `${Et(t.env)}reset-password?state=${r}&code=${n}`, o = {
     vendorName: i.name,
     lng: i.language || "en"
@@ -18971,7 +18978,7 @@ async function Sg(t, e, n, r) {
 async function Ag(t, e, n) {
   const r = await t.env.data.tenants.get(t.var.tenant_id);
   if (!r)
-    throw new $(500, { message: "Tenant not found" });
+    throw new N(500, { message: "Tenant not found" });
   const i = {
     vendorName: r.name,
     code: n,
@@ -19008,9 +19015,9 @@ async function Ag(t, e, n) {
 async function Xl(t, e, n, r) {
   const i = await t.env.data.tenants.get(t.var.tenant_id);
   if (!i)
-    throw new $(500, { message: "Tenant not found" });
+    throw new N(500, { message: "Tenant not found" });
   if (!r.redirect_uri)
-    throw new $(400, { message: "redirect_uri is required" });
+    throw new N(400, { message: "redirect_uri is required" });
   const s = new URL(je(t.env));
   s.pathname = "passwordless/verify_redirect", s.searchParams.set("verification_code", n), s.searchParams.set("connection", "email"), s.searchParams.set("client_id", r.client_id), s.searchParams.set("redirect_uri", r.redirect_uri), s.searchParams.set("email", e), r.response_type && s.searchParams.set("response_type", r.response_type), r.scope && s.searchParams.set("scope", r.scope), r.state && s.searchParams.set("state", r.state), r.nonce && s.searchParams.set("nonce", r.nonce), r.code_challenge && s.searchParams.set("code_challenge", r.code_challenge), r.code_challenge_method && s.searchParams.set(
     "code_challenge_method",
@@ -19052,7 +19059,7 @@ async function Xl(t, e, n, r) {
 async function Ql(t, e) {
   const n = await t.env.data.tenants.get(t.var.tenant_id);
   if (!n)
-    throw new $(500, { message: "Tenant not found" });
+    throw new N(500, { message: "Tenant not found" });
   const r = {
     vendorName: n.name,
     lng: n.language || "en"
@@ -19115,11 +19122,11 @@ const mb = new le().openapi(
   async (t) => {
     const { email: e, password: n, client_id: r } = t.req.valid("json"), i = await t.env.data.clients.get(r);
     if (!i)
-      throw new $(400, {
+      throw new N(400, {
         message: "Client not found"
       });
     if (t.set("client_id", i.id), t.set("tenant_id", i.tenant.id), !Yl(n))
-      throw new $(400, {
+      throw new N(400, {
         message: "Password does not meet the requirements"
       });
     if (await yn({
@@ -19128,7 +19135,7 @@ const mb = new le().openapi(
       email: e,
       provider: "auth2"
     }))
-      throw new $(400, { message: "Invalid sign up" });
+      throw new N(400, { message: "Invalid sign up" });
     const o = await t.env.data.users.create(i.tenant.id, {
       user_id: `auth2|${ci()}`,
       email: e,
@@ -19183,7 +19190,7 @@ const mb = new le().openapi(
   async (t) => {
     const { email: e, client_id: n } = t.req.valid("json"), r = await t.env.data.clients.get(n);
     if (!r)
-      throw new $(400, {
+      throw new N(400, {
         message: "Client not found"
       });
     if (t.set("client_id", r.id), t.set("tenant_id", r.tenant.id), !await Gn({
@@ -19229,15 +19236,15 @@ async function eu(t, e, n, r, i, s) {
     "otp"
   );
   if (!c)
-    throw new $(400, {
+    throw new N(400, {
       message: "Code not found or expired"
     });
   if (c.expires_at < (/* @__PURE__ */ new Date()).toISOString())
-    throw new $(400, {
+    throw new N(400, {
       message: "Code expired"
     });
   if (c.used_at)
-    throw new $(400, {
+    throw new N(400, {
       message: "Code already used"
     });
   const l = await o.data.logins.get(
@@ -19245,7 +19252,7 @@ async function eu(t, e, n, r, i, s) {
     c.login_id
   );
   if (!l || l.authParams.username !== r)
-    throw new $(400, {
+    throw new N(400, {
       message: "Code not found or expired"
     });
   const u = Pn(t.req);
@@ -19256,7 +19263,7 @@ async function eu(t, e, n, r, i, s) {
   if (n.redirect_uri && !Uo(n.redirect_uri, e.callbacks, {
     allowPathWildcards: !0
   }))
-    throw new $(400, {
+    throw new N(400, {
       message: `Invalid redirect URI - ${n.redirect_uri}`
     });
   let p = await yn({
@@ -19271,7 +19278,7 @@ async function eu(t, e, n, r, i, s) {
       e.tenant.id,
       r
     )).length)
-      throw new $(400, {
+      throw new N(400, {
         message: "User not found"
       });
     p = await o.data.users.create(e.tenant.id, {
@@ -19320,7 +19327,7 @@ const _b = new le().openapi(
   async (t) => {
     const e = t.req.valid("json"), { env: n } = t, { client_id: r, email: i, send: s, authParams: o } = e, c = await t.env.data.clients.get(r);
     if (!c)
-      throw new $(400, {
+      throw new N(400, {
         message: "Client not found"
       });
     t.set("client_id", c.id), t.set("tenant_id", c.tenant.id);
@@ -19390,7 +19397,7 @@ const _b = new le().openapi(
     );
   }
 );
-class Cr extends $ {
+class Cr extends N {
   constructor(n, r) {
     super(n, r);
     te(this, "_code");
@@ -19403,7 +19410,7 @@ class Cr extends $ {
 async function tu(t, e, n, r, i) {
   const { env: s } = t, o = n.username;
   if (t.set("username", o), !o)
-    throw new $(400, { message: "Username is required" });
+    throw new N(400, { message: "Username is required" });
   const c = await Gn({
     userAdapter: t.env.data.users,
     tenant_id: e.tenant.id,
@@ -19584,7 +19591,7 @@ const vb = new le().openapi(
     t.set("username", r);
     const i = await t.env.data.clients.get(n);
     if (!i)
-      throw new $(400, {
+      throw new N(400, {
         message: "Client not found"
       });
     t.set("client_id", n), t.set("tenant_id", i.tenant.id);
@@ -19624,7 +19631,7 @@ const vb = new le().openapi(
         !0
       );
     } else
-      throw new $(400, { message: "Code or password required" });
+      throw new N(400, { message: "Code or password required" });
   }
 );
 function wb(t, e) {
@@ -19695,7 +19702,7 @@ function kb(t) {
     return "auth2";
   if (t === "email")
     return "email";
-  throw new $(403, { message: "Invalid realm" });
+  throw new N(403, { message: "Invalid realm" });
 }
 async function xb(t, e, n, r, i) {
   var m;
@@ -19703,13 +19710,13 @@ async function xb(t, e, n, r, i) {
   t.set("connection", i);
   const o = await s.data.codes.get(e, n, "ticket");
   if (!o || o.used_at)
-    throw new $(403, { message: "Ticket not found" });
+    throw new N(403, { message: "Ticket not found" });
   const c = await s.data.logins.get(e, o.login_id);
   if (!c || !c.authParams.username)
-    throw new $(403, { message: "Session not found" });
+    throw new N(403, { message: "Session not found" });
   const l = await s.data.clients.get(c.authParams.client_id);
   if (!l)
-    throw new $(403, { message: "Client not found" });
+    throw new N(403, { message: "Client not found" });
   t.set("client_id", c.authParams.client_id), await s.data.codes.used(e, n);
   const u = kb(i);
   let p = await yn({
@@ -19834,11 +19841,11 @@ async function Sb({
           Date.now() + Po * 1e3
         ).toISOString()
       });
-      const N = xe(t, {
+      const $ = xe(t, {
         type: ve.SUCCESS_SILENT_AUTH,
         description: "Successful silent authentication"
       });
-      return await t.env.data.logs.create(e.tenant.id, N), t.html(
+      return await t.env.data.logs.create(e.tenant.id, $), t.html(
         $p(
           `${m.protocol}//${m.host}`,
           JSON.stringify(S)
@@ -19919,7 +19926,7 @@ const Ab = new le().openapi(
       login_ticket: _,
       realm: w,
       auth0Client: S,
-      login_hint: N,
+      login_hint: $,
       ui_locales: T
     } = t.req.valid("query");
     t.set("log", "authorize");
@@ -19938,17 +19945,17 @@ const Ab = new le().openapi(
       response_mode: h,
       code_challenge: m,
       code_challenge_method: v,
-      username: N,
+      username: $,
       ui_locales: T
     }, ge = t.req.header("origin");
     if (ge && !wb(ge, L.web_origins || []))
-      throw new $(403, {
+      throw new N(403, {
         message: `Origin ${ge} not allowed`
       });
     if (ne.redirect_uri && !Uo(ne.redirect_uri, L.callbacks || [], {
       allowPathWildcards: !0
     }))
-      throw new $(400, {
+      throw new N(400, {
         message: `Invalid redirect URI - ${ne.redirect_uri}`
       });
     const de = Vs(
@@ -19957,7 +19964,7 @@ const Ab = new le().openapi(
     ), ze = de ? await e.data.sessions.get(L.tenant.id, de) : void 0;
     if (f == "none") {
       if (!p)
-        throw new $(400, {
+        throw new N(400, {
           message: "Missing response_type"
         });
       return Sb({
@@ -19987,7 +19994,7 @@ const Ab = new le().openapi(
       authParams: ne,
       session: ze || void 0,
       connection: u,
-      login_hint: N
+      login_hint: $
     });
   }
 );
@@ -20000,7 +20007,12 @@ function Eb() {
     info: {
       version: "1.0.0",
       title: "Oauth API"
-    }
+    },
+    security: [
+      {
+        oauth2: ["openid", "email", "profile"]
+      }
+    ]
   }), eg(e), e;
 }
 var Ib = {
@@ -20461,13 +20473,13 @@ async function We(t, e) {
   var l;
   const { env: n } = t, r = await n.data.logins.get(t.var.tenant_id || "", e);
   if (!r)
-    throw new $(400, { message: "Session not found" });
+    throw new N(400, { message: "Session not found" });
   t.set("login", r);
   const i = await Lo(n, r.authParams.client_id);
   t.set("client_id", i.id), t.set("tenant_id", i.tenant.id);
   const s = await n.data.tenants.get(i.tenant.id);
   if (!s)
-    throw new $(400, { message: "Tenant not found" });
+    throw new N(400, { message: "Tenant not found" });
   const o = await Pg(
     n,
     i.id,
@@ -21322,7 +21334,7 @@ var si = "_hp", c1 = {
         let w;
         if (h && h.length) {
           const S = h.findIndex(
-            Bt(_) ? (N) => Bt(N) : _.key !== void 0 ? (N) => N.key === _.key && N.tag === _.tag : (N) => N.tag === _.tag
+            Bt(_) ? ($) => Bt($) : _.key !== void 0 ? ($) => $.key === _.key && $.tag === _.tag : ($) => $.tag === _.tag
           );
           S !== -1 && (w = h[S], h.splice(S, 1));
         }
@@ -21355,11 +21367,11 @@ var si = "_hp", c1 = {
       const _ = () => Yi([0, !1, t[2]], f), w = Zi.get(f) || [];
       w.push(_), Zi.set(f, w);
       const S = v(h, () => {
-        const N = Zi.get(f);
-        if (N) {
-          const T = N.indexOf(_);
+        const $ = Zi.get(f);
+        if ($) {
+          const T = $.indexOf(_);
           if (T !== -1)
-            return N.splice(T, 1), _();
+            return $.splice(T, 1), _();
         }
       });
       if (S) {
@@ -21540,9 +21552,9 @@ var si = "_hp", c1 = {
   const v = Wi[t];
   let f;
   if (v.length > 0) {
-    const N = s.querySelectorAll(t);
+    const $ = s.querySelectorAll(t);
     e:
-      for (const T of N)
+      for (const T of $)
         for (const L of Wi[t])
           if (T.getAttribute(L) === e[L]) {
             h = T;
@@ -21564,48 +21576,48 @@ var si = "_hp", c1 = {
     f = s.querySelectorAll(t);
   l = r ? l ?? "" : void 0, r && (p[Gi] = l);
   const _ = ou(
-    (N) => {
+    ($) => {
       if (v.length > 0) {
         let T = !1;
         for (const L of s.querySelectorAll(t)) {
           if (T && L.getAttribute(Gi) !== l) {
-            s.insertBefore(N, L);
+            s.insertBefore($, L);
             return;
           }
           L.getAttribute(Gi) === l && (T = !0);
         }
-        s.appendChild(N);
+        s.appendChild($);
       } else if (f) {
         let T = !1;
         for (const L of f)
-          if (L === N) {
+          if (L === $) {
             T = !0;
             break;
           }
         T || s.insertBefore(
-          N,
+          $,
           s.contains(f[0]) ? f[0] : s.querySelector(t)
         ), f = void 0;
       }
     },
     [l]
-  ), w = au(e.ref, (N) => {
+  ), w = au(e.ref, ($) => {
     var ne;
     const T = v[0];
-    if (n === 2 && (N.innerHTML = ""), (m || f) && _(N), !c && !o)
+    if (n === 2 && ($.innerHTML = ""), (m || f) && _($), !c && !o)
       return;
-    let L = zn[ne = N.getAttribute(T)] || (zn[ne] = new Promise(
+    let L = zn[ne = $.getAttribute(T)] || (zn[ne] = new Promise(
       (ge, de) => {
-        N.addEventListener("load", ge), N.addEventListener("error", de);
+        $.addEventListener("load", ge), $.addEventListener("error", de);
       }
     ));
     o && (L = L.then(o)), c && (L = L.catch(c)), L.catch(() => {
     });
   });
   if (i && u === "render") {
-    const N = Wi[t][0];
-    if (e[N]) {
-      const T = e[N], L = zn[T] || (zn[T] = new Promise((ne, ge) => {
+    const $ = Wi[t][0];
+    if (e[$]) {
+      const T = e[$], L = zn[T] || (zn[T] = new Promise((ne, ge) => {
         _(h), h.addEventListener("load", ne), h.addEventListener("error", ge);
       }));
       y1(L);
@@ -21835,7 +21847,7 @@ const Hg = (t) => {
       e
     );
     if (!r.authParams.username)
-      throw new $(400, {
+      throw new N(400, {
         message: "Username not found in state"
       });
     const s = await yn({
@@ -21890,7 +21902,7 @@ const Hg = (t) => {
       e
     );
     if (t.set("client_id", i.id), !r.authParams.username)
-      throw new $(400, {
+      throw new N(400, {
         message: "Username not found in state"
       });
     try {
@@ -22032,7 +22044,7 @@ const Hg = (t) => {
       e
     );
     if (!i.authParams.username)
-      throw new $(400, { message: "Username required" });
+      throw new N(400, { message: "Username required" });
     return t.html(
       /* @__PURE__ */ y(
         ga,
@@ -22078,7 +22090,7 @@ const Hg = (t) => {
       e
     ), { username: c } = o.authParams;
     if (!c)
-      throw new $(400, { message: "Username required" });
+      throw new N(400, { message: "Username required" });
     try {
       return await tu(
         t,
@@ -22209,7 +22221,7 @@ const Hg = (t) => {
   async (t) => {
     const { state: e, code: n } = t.req.valid("query"), { vendorSettings: r, session: i } = await We(t, e), { username: s } = i.authParams;
     if (!s)
-      throw new $(400, { message: "Username required" });
+      throw new N(400, { message: "Username required" });
     return n ? t.html(
       /* @__PURE__ */ y(
         Nr,
@@ -22269,7 +22281,7 @@ const Hg = (t) => {
     t.set("client_id", s.id), t.set("connection", c);
     const l = o.authParams.username;
     if (!l)
-      throw new $(400, { message: "Username required" });
+      throw new N(400, { message: "Username required" });
     if (n.password !== n["re-enter-password"])
       return t.html(
         /* @__PURE__ */ y(
@@ -22313,7 +22325,7 @@ const Hg = (t) => {
         email: l,
         provider: "auth2"
       }))
-        throw new $(400, { message: "Invalid sign up" });
+        throw new N(400, { message: "Invalid sign up" });
       const m = (p == null ? void 0 : p.authParams.username) === l, v = await t.env.data.users.create(s.tenant.id, {
         user_id: `auth2|${ci()}`,
         email: l,
@@ -22328,7 +22340,7 @@ const Hg = (t) => {
         provider: "auth2"
       });
       if (!f)
-        throw new $(400, { message: "Invalid sign up" });
+        throw new N(400, { message: "Invalid sign up" });
       return await r.data.passwords.create(s.tenant.id, {
         user_id: f.user_id,
         password: await ai.hash(n.password, 10),
@@ -22431,7 +22443,7 @@ const Hg = (t) => {
   async (t) => {
     const { state: e } = t.req.valid("query"), { vendorSettings: n, session: r } = await We(t, e);
     if (!r.authParams.username)
-      throw new $(400, { message: "Username required" });
+      throw new N(400, { message: "Username required" });
     return t.html(
       /* @__PURE__ */ y(
         $r,
@@ -22479,7 +22491,7 @@ const Hg = (t) => {
       e
     );
     if (!l.authParams.username)
-      throw new $(400, { message: "Username required" });
+      throw new N(400, { message: "Username required" });
     if (r !== i)
       return t.html(
         /* @__PURE__ */ y(
@@ -22511,7 +22523,7 @@ const Hg = (t) => {
       provider: "auth2"
     });
     if (!u)
-      throw new $(400, { message: "User not found" });
+      throw new N(400, { message: "User not found" });
     try {
       if (!await s.data.codes.get(
         c.tenant.id,