authhero 4.117.0 → 4.118.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/authhero.cjs +7 -7
  2. package/dist/authhero.mjs +69 -29
  3. package/dist/stats.html +1 -1
  4. package/package.json +3 -3
package/dist/authhero.cjs CHANGED
@@ -1,4 +1,4 @@
1
- "use strict";var dN=Object.create;var E1=Object.defineProperty;var uN=Object.getOwnPropertyDescriptor;var pN=Object.getOwnPropertyNames;var fN=Object.getPrototypeOf,hN=Object.prototype.hasOwnProperty;var gN=(e,t,n,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of pN(t))!hN.call(e,r)&&r!==n&&E1(e,r,{get:()=>t[r],enumerable:!(i=uN(t,r))||i.enumerable});return e};var mN=(e,t,n)=>(n=e!=null?dN(fN(e)):{},gN(t||!e||!e.__esModule?E1(n,"default",{value:e,enumerable:!0}):n,e));Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const s=require("@hono/zod-openapi");var z=class extends Error{res;status;constructor(e=500,t){super(t?.message,{cause:t?.cause}),this.res=t?.res,this.status=e}getResponse(){return this.res?new Response(this.res.body,{status:this.status,headers:this.res.headers}):new Response(this.message,{status:this.status})}};const Ee=e=>typeof e=="string",Nc=()=>{let e,t;const n=new Promise((i,r)=>{e=i,t=r});return n.resolve=e,n.reject=t,n},x1=e=>e==null?"":""+e,yN=(e,t,n)=>{e.forEach(i=>{t[i]&&(n[i]=t[i])})},_N=/###/g,C1=e=>e&&e.indexOf("###")>-1?e.replace(_N,"."):e,T1=e=>!e||Ee(e),Cl=(e,t,n)=>{const i=Ee(t)?t.split("."):t;let r=0;for(;r<i.length-1;){if(T1(e))return{};const o=C1(i[r]);!e[o]&&n&&(e[o]=new n),Object.prototype.hasOwnProperty.call(e,o)?e=e[o]:e={},++r}return T1(e)?{}:{obj:e,k:C1(i[r])}},$1=(e,t,n)=>{const{obj:i,k:r}=Cl(e,t,Object);if(i!==void 0||t.length===1){i[r]=n;return}let o=t[t.length-1],a=t.slice(0,t.length-1),c=Cl(e,a,Object);for(;c.obj===void 0&&a.length;)o=`${a[a.length-1]}.${o}`,a=a.slice(0,a.length-1),c=Cl(e,a,Object),c?.obj&&typeof c.obj[`${c.k}.${o}`]<"u"&&(c.obj=void 0);c.obj[`${c.k}.${o}`]=n},wN=(e,t,n,i)=>{const{obj:r,k:o}=Cl(e,t,Object);r[o]=r[o]||[],r[o].push(n)},hp=(e,t)=>{const{obj:n,k:i}=Cl(e,t);if(n&&Object.prototype.hasOwnProperty.call(n,i))return n[i]},bN=(e,t,n)=>{const i=hp(e,n);return i!==void 0?i:hp(t,n)},j4=(e,t,n)=>{for(const i in t)i!=="__proto__"&&i!=="constructor"&&(i in e?Ee(e[i])||e[i]instanceof String||Ee(t[i])||t[i]instanceof String?n&&(e[i]=t[i]):j4(e[i],t[i],n):e[i]=t[i]);return e},yo=e=>e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&");var vN={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;"};const AN=e=>Ee(e)?e.replace(/[&<>"'\/]/g,t=>vN[t]):e;class kN{constructor(t){this.capacity=t,this.regExpMap=new Map,this.regExpQueue=[]}getRegExp(t){const n=this.regExpMap.get(t);if(n!==void 0)return n;const i=new RegExp(t);return this.regExpQueue.length===this.capacity&&this.regExpMap.delete(this.regExpQueue.shift()),this.regExpMap.set(t,i),this.regExpQueue.push(t),i}}const SN=[" ",",","?","!",";"],EN=new kN(20),xN=(e,t,n)=>{t=t||"",n=n||"";const i=SN.filter(a=>t.indexOf(a)<0&&n.indexOf(a)<0);if(i.length===0)return!0;const r=EN.getRegExp(`(${i.map(a=>a==="?"?"\\?":a).join("|")})`);let o=!r.test(e);if(!o){const a=e.indexOf(n);a>0&&!r.test(e.substring(0,a))&&(o=!0)}return o},oy=(e,t,n=".")=>{if(!e)return;if(e[t])return Object.prototype.hasOwnProperty.call(e,t)?e[t]:void 0;const i=t.split(n);let r=e;for(let o=0;o<i.length;){if(!r||typeof r!="object")return;let a,c="";for(let l=o;l<i.length;++l)if(l!==o&&(c+=n),c+=i[l],a=r[c],a!==void 0){if(["string","number","boolean"].indexOf(typeof a)>-1&&l<i.length-1)continue;o+=l-o+1;break}r=a}return r},Dl=e=>e?.replace(/_/g,"-"),CN={type:"logger",log(e){this.output("log",e)},warn(e){this.output("warn",e)},error(e){this.output("error",e)},output(e,t){console?.[e]?.apply?.(console,t)}};class gp{constructor(t,n={}){this.init(t,n)}init(t,n={}){this.prefix=n.prefix||"i18next:",this.logger=t||CN,this.options=n,this.debug=n.debug}log(...t){return this.forward(t,"log","",!0)}warn(...t){return this.forward(t,"warn","",!0)}error(...t){return this.forward(t,"error","")}deprecate(...t){return this.forward(t,"warn","WARNING DEPRECATED: ",!0)}forward(t,n,i,r){return r&&!this.debug?null:(Ee(t[0])&&(t[0]=`${i}${this.prefix} ${t[0]}`),this.logger[n](t))}create(t){return new gp(this.logger,{prefix:`${this.prefix}:${t}:`,...this.options})}clone(t){return t=t||this.options,t.prefix=t.prefix||this.prefix,new gp(this.logger,t)}}var Ii=new gp;class oh{constructor(){this.observers={}}on(t,n){return t.split(" ").forEach(i=>{this.observers[i]||(this.observers[i]=new Map);const r=this.observers[i].get(n)||0;this.observers[i].set(n,r+1)}),this}off(t,n){if(this.observers[t]){if(!n){delete this.observers[t];return}this.observers[t].delete(n)}}emit(t,...n){this.observers[t]&&Array.from(this.observers[t].entries()).forEach(([r,o])=>{for(let a=0;a<o;a++)r(...n)}),this.observers["*"]&&Array.from(this.observers["*"].entries()).forEach(([r,o])=>{for(let a=0;a<o;a++)r.apply(r,[t,...n])})}}class I1 extends oh{constructor(t,n={ns:["translation"],defaultNS:"translation"}){super(),this.data=t||{},this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.options.ignoreJSONStructure===void 0&&(this.options.ignoreJSONStructure=!0)}addNamespaces(t){this.options.ns.indexOf(t)<0&&this.options.ns.push(t)}removeNamespaces(t){const n=this.options.ns.indexOf(t);n>-1&&this.options.ns.splice(n,1)}getResource(t,n,i,r={}){const o=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,a=r.ignoreJSONStructure!==void 0?r.ignoreJSONStructure:this.options.ignoreJSONStructure;let c;t.indexOf(".")>-1?c=t.split("."):(c=[t,n],i&&(Array.isArray(i)?c.push(...i):Ee(i)&&o?c.push(...i.split(o)):c.push(i)));const l=hp(this.data,c);return!l&&!n&&!i&&t.indexOf(".")>-1&&(t=c[0],n=c[1],i=c.slice(2).join(".")),l||!a||!Ee(i)?l:oy(this.data?.[t]?.[n],i,o)}addResource(t,n,i,r,o={silent:!1}){const a=o.keySeparator!==void 0?o.keySeparator:this.options.keySeparator;let c=[t,n];i&&(c=c.concat(a?i.split(a):i)),t.indexOf(".")>-1&&(c=t.split("."),r=n,n=c[1]),this.addNamespaces(n),$1(this.data,c,r),o.silent||this.emit("added",t,n,i,r)}addResources(t,n,i,r={silent:!1}){for(const o in i)(Ee(i[o])||Array.isArray(i[o]))&&this.addResource(t,n,o,i[o],{silent:!0});r.silent||this.emit("added",t,n,i)}addResourceBundle(t,n,i,r,o,a={silent:!1,skipCopy:!1}){let c=[t,n];t.indexOf(".")>-1&&(c=t.split("."),r=i,i=n,n=c[1]),this.addNamespaces(n);let l=hp(this.data,c)||{};a.skipCopy||(i=JSON.parse(JSON.stringify(i))),r?j4(l,i,o):l={...l,...i},$1(this.data,c,l),a.silent||this.emit("added",t,n,i)}removeResourceBundle(t,n){this.hasResourceBundle(t,n)&&delete this.data[t][n],this.removeNamespaces(n),this.emit("removed",t,n)}hasResourceBundle(t,n){return this.getResource(t,n)!==void 0}getResourceBundle(t,n){return n||(n=this.options.defaultNS),this.getResource(t,n)}getDataByLanguage(t){return this.data[t]}hasLanguageSomeTranslations(t){const n=this.getDataByLanguage(t);return!!(n&&Object.keys(n)||[]).find(r=>n[r]&&Object.keys(n[r]).length>0)}toJSON(){return this.data}}var R4={processors:{},addPostProcessor(e){this.processors[e.name]=e},handle(e,t,n,i,r){return e.forEach(o=>{t=this.processors[o]?.process(t,n,i,r)??t}),t}};const D4=Symbol("i18next/PATH_KEY");function TN(){const e=[],t=Object.create(null);let n;return t.get=(i,r)=>(n?.revoke?.(),r===D4?e:(e.push(r),n=Proxy.revocable(i,t),n.proxy)),Proxy.revocable(Object.create(null),t).proxy}function _a(e,t){const{[D4]:n}=e(TN()),i=t?.keySeparator??".",r=t?.nsSeparator??":";if(n.length>1&&r){const o=t?.ns,a=Array.isArray(o)?o:null;if(a&&a.length>1&&a.slice(1).includes(n[0]))return`${n[0]}${r}${n.slice(1).join(i)}`}return n.join(i)}const z1={},Hg=e=>!Ee(e)&&typeof e!="boolean"&&typeof e!="number";class mp extends oh{constructor(t,n={}){super(),yN(["resourceStore","languageUtils","pluralResolver","interpolator","backendConnector","i18nFormat","utils"],t,this),this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.logger=Ii.create("translator")}changeLanguage(t){t&&(this.language=t)}exists(t,n={interpolation:{}}){const i={...n};if(t==null)return!1;const r=this.resolve(t,i);if(r?.res===void 0)return!1;const o=Hg(r.res);return!(i.returnObjects===!1&&o)}extractFromKey(t,n){let i=n.nsSeparator!==void 0?n.nsSeparator:this.options.nsSeparator;i===void 0&&(i=":");const r=n.keySeparator!==void 0?n.keySeparator:this.options.keySeparator;let o=n.ns||this.options.defaultNS||[];const a=i&&t.indexOf(i)>-1,c=!this.options.userDefinedKeySeparator&&!n.keySeparator&&!this.options.userDefinedNsSeparator&&!n.nsSeparator&&!xN(t,i,r);if(a&&!c){const l=t.match(this.interpolator.nestingRegexp);if(l&&l.length>0)return{key:t,namespaces:Ee(o)?[o]:o};const d=t.split(i);(i!==r||i===r&&this.options.ns.indexOf(d[0])>-1)&&(o=d.shift()),t=d.join(r)}return{key:t,namespaces:Ee(o)?[o]:o}}translate(t,n,i){let r=typeof n=="object"?{...n}:n;if(typeof r!="object"&&this.options.overloadTranslationOptionHandler&&(r=this.options.overloadTranslationOptionHandler(arguments)),typeof r=="object"&&(r={...r}),r||(r={}),t==null)return"";typeof t=="function"&&(t=_a(t,{...this.options,...r})),Array.isArray(t)||(t=[String(t)]),t=t.map(N=>typeof N=="function"?_a(N,{...this.options,...r}):String(N));const o=r.returnDetails!==void 0?r.returnDetails:this.options.returnDetails,a=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,{key:c,namespaces:l}=this.extractFromKey(t[t.length-1],r),d=l[l.length-1];let u=r.nsSeparator!==void 0?r.nsSeparator:this.options.nsSeparator;u===void 0&&(u=":");const p=r.lng||this.language,f=r.appendNamespaceToCIMode||this.options.appendNamespaceToCIMode;if(p?.toLowerCase()==="cimode")return f?o?{res:`${d}${u}${c}`,usedKey:c,exactUsedKey:c,usedLng:p,usedNS:d,usedParams:this.getUsedParamsDetails(r)}:`${d}${u}${c}`:o?{res:c,usedKey:c,exactUsedKey:c,usedLng:p,usedNS:d,usedParams:this.getUsedParamsDetails(r)}:c;const h=this.resolve(t,r);let g=h?.res;const m=h?.usedKey||c,_=h?.exactUsedKey||c,y=["[object Number]","[object Function]","[object RegExp]"],w=r.joinArrays!==void 0?r.joinArrays:this.options.joinArrays,b=!this.i18nFormat||this.i18nFormat.handleAsObject,A=r.count!==void 0&&!Ee(r.count),v=mp.hasDefaultValue(r),k=A?this.pluralResolver.getSuffix(p,r.count,r):"",x=r.ordinal&&A?this.pluralResolver.getSuffix(p,r.count,{ordinal:!1}):"",T=A&&!r.ordinal&&r.count===0,I=T&&r[`defaultValue${this.options.pluralSeparator}zero`]||r[`defaultValue${k}`]||r[`defaultValue${x}`]||r.defaultValue;let F=g;b&&!g&&v&&(F=I);const $=Hg(F),P=Object.prototype.toString.apply(F);if(b&&F&&$&&y.indexOf(P)<0&&!(Ee(w)&&Array.isArray(F))){if(!r.returnObjects&&!this.options.returnObjects){this.options.returnedObjectHandler||this.logger.warn("accessing an object - but returnObjects options is not enabled!");const N=this.options.returnedObjectHandler?this.options.returnedObjectHandler(m,F,{...r,ns:l}):`key '${c} (${this.language})' returned an object instead of string.`;return o?(h.res=N,h.usedParams=this.getUsedParamsDetails(r),h):N}if(a){const N=Array.isArray(F),D=N?[]:{},B=N?_:m;for(const V in F)if(Object.prototype.hasOwnProperty.call(F,V)){const Z=`${B}${a}${V}`;v&&!g?D[V]=this.translate(Z,{...r,defaultValue:Hg(I)?I[V]:void 0,joinArrays:!1,ns:l}):D[V]=this.translate(Z,{...r,joinArrays:!1,ns:l}),D[V]===Z&&(D[V]=F[V])}g=D}}else if(b&&Ee(w)&&Array.isArray(g))g=g.join(w),g&&(g=this.extendTranslation(g,t,r,i));else{let N=!1,D=!1;!this.isValidLookup(g)&&v&&(N=!0,g=I),this.isValidLookup(g)||(D=!0,g=c);const V=(r.missingKeyNoValueFallbackToKey||this.options.missingKeyNoValueFallbackToKey)&&D?void 0:g,Z=v&&I!==g&&this.options.updateMissing;if(D||N||Z){if(this.logger.log(Z?"updateKey":"missingKey",p,d,c,Z?I:g),a){const me=this.resolve(c,{...r,keySeparator:!1});me&&me.res&&this.logger.warn("Seems the loaded translations were in flat JSON format instead of nested. Either set keySeparator: false on init or make sure your translations are published in nested format.")}let te=[];const Q=this.languageUtils.getFallbackCodes(this.options.fallbackLng,r.lng||this.language);if(this.options.saveMissingTo==="fallback"&&Q&&Q[0])for(let me=0;me<Q.length;me++)te.push(Q[me]);else this.options.saveMissingTo==="all"?te=this.languageUtils.toResolveHierarchy(r.lng||this.language):te.push(r.lng||this.language);const ie=(me,Ae,G)=>{const Ne=v&&G!==g?G:V;this.options.missingKeyHandler?this.options.missingKeyHandler(me,d,Ae,Ne,Z,r):this.backendConnector?.saveMissing&&this.backendConnector.saveMissing(me,d,Ae,Ne,Z,r),this.emit("missingKey",me,d,Ae,g)};this.options.saveMissing&&(this.options.saveMissingPlurals&&A?te.forEach(me=>{const Ae=this.pluralResolver.getSuffixes(me,r);T&&r[`defaultValue${this.options.pluralSeparator}zero`]&&Ae.indexOf(`${this.options.pluralSeparator}zero`)<0&&Ae.push(`${this.options.pluralSeparator}zero`),Ae.forEach(G=>{ie([me],c+G,r[`defaultValue${G}`]||I)})}):ie(te,c,I))}g=this.extendTranslation(g,t,r,h,i),D&&g===c&&this.options.appendNamespaceToMissingKey&&(g=`${d}${u}${c}`),(D||N)&&this.options.parseMissingKeyHandler&&(g=this.options.parseMissingKeyHandler(this.options.appendNamespaceToMissingKey?`${d}${u}${c}`:c,N?g:void 0,r))}return o?(h.res=g,h.usedParams=this.getUsedParamsDetails(r),h):g}extendTranslation(t,n,i,r,o){if(this.i18nFormat?.parse)t=this.i18nFormat.parse(t,{...this.options.interpolation.defaultVariables,...i},i.lng||this.language||r.usedLng,r.usedNS,r.usedKey,{resolved:r});else if(!i.skipInterpolation){i.interpolation&&this.interpolator.init({...i,interpolation:{...this.options.interpolation,...i.interpolation}});const l=Ee(t)&&(i?.interpolation?.skipOnVariables!==void 0?i.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables);let d;if(l){const p=t.match(this.interpolator.nestingRegexp);d=p&&p.length}let u=i.replace&&!Ee(i.replace)?i.replace:i;if(this.options.interpolation.defaultVariables&&(u={...this.options.interpolation.defaultVariables,...u}),t=this.interpolator.interpolate(t,u,i.lng||this.language||r.usedLng,i),l){const p=t.match(this.interpolator.nestingRegexp),f=p&&p.length;d<f&&(i.nest=!1)}!i.lng&&r&&r.res&&(i.lng=this.language||r.usedLng),i.nest!==!1&&(t=this.interpolator.nest(t,(...p)=>o?.[0]===p[0]&&!i.context?(this.logger.warn(`It seems you are nesting recursively key: ${p[0]} in key: ${n[0]}`),null):this.translate(...p,n),i)),i.interpolation&&this.interpolator.reset()}const a=i.postProcess||this.options.postProcess,c=Ee(a)?[a]:a;return t!=null&&c?.length&&i.applyPostProcessor!==!1&&(t=R4.handle(c,t,n,this.options&&this.options.postProcessPassResolved?{i18nResolved:{...r,usedParams:this.getUsedParamsDetails(i)},...i}:i,this)),t}resolve(t,n={}){let i,r,o,a,c;return Ee(t)&&(t=[t]),Array.isArray(t)&&(t=t.map(l=>typeof l=="function"?_a(l,{...this.options,...n}):l)),t.forEach(l=>{if(this.isValidLookup(i))return;const d=this.extractFromKey(l,n),u=d.key;r=u;let p=d.namespaces;this.options.fallbackNS&&(p=p.concat(this.options.fallbackNS));const f=n.count!==void 0&&!Ee(n.count),h=f&&!n.ordinal&&n.count===0,g=n.context!==void 0&&(Ee(n.context)||typeof n.context=="number")&&n.context!=="",m=n.lngs?n.lngs:this.languageUtils.toResolveHierarchy(n.lng||this.language,n.fallbackLng);p.forEach(_=>{this.isValidLookup(i)||(c=_,!z1[`${m[0]}-${_}`]&&this.utils?.hasLoadedNamespace&&!this.utils?.hasLoadedNamespace(c)&&(z1[`${m[0]}-${_}`]=!0,this.logger.warn(`key "${r}" for languages "${m.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")),m.forEach(y=>{if(this.isValidLookup(i))return;a=y;const w=[u];if(this.i18nFormat?.addLookupKeys)this.i18nFormat.addLookupKeys(w,u,y,_,n);else{let A;f&&(A=this.pluralResolver.getSuffix(y,n.count,n));const v=`${this.options.pluralSeparator}zero`,k=`${this.options.pluralSeparator}ordinal${this.options.pluralSeparator}`;if(f&&(n.ordinal&&A.indexOf(k)===0&&w.push(u+A.replace(k,this.options.pluralSeparator)),w.push(u+A),h&&w.push(u+v)),g){const x=`${u}${this.options.contextSeparator||"_"}${n.context}`;w.push(x),f&&(n.ordinal&&A.indexOf(k)===0&&w.push(x+A.replace(k,this.options.pluralSeparator)),w.push(x+A),h&&w.push(x+v))}}let b;for(;b=w.pop();)this.isValidLookup(i)||(o=b,i=this.getResource(y,_,b,n))}))})}),{res:i,usedKey:r,exactUsedKey:o,usedLng:a,usedNS:c}}isValidLookup(t){return t!==void 0&&!(!this.options.returnNull&&t===null)&&!(!this.options.returnEmptyString&&t==="")}getResource(t,n,i,r={}){return this.i18nFormat?.getResource?this.i18nFormat.getResource(t,n,i,r):this.resourceStore.getResource(t,n,i,r)}getUsedParamsDetails(t={}){const n=["defaultValue","ordinal","context","replace","lng","lngs","fallbackLng","ns","keySeparator","nsSeparator","returnObjects","returnDetails","joinArrays","postProcess","interpolation"],i=t.replace&&!Ee(t.replace);let r=i?t.replace:t;if(i&&typeof t.count<"u"&&(r.count=t.count),this.options.interpolation.defaultVariables&&(r={...this.options.interpolation.defaultVariables,...r}),!i){r={...r};for(const o of n)delete r[o]}return r}static hasDefaultValue(t){const n="defaultValue";for(const i in t)if(Object.prototype.hasOwnProperty.call(t,i)&&n===i.substring(0,n.length)&&t[i]!==void 0)return!0;return!1}}class P1{constructor(t){this.options=t,this.supportedLngs=this.options.supportedLngs||!1,this.logger=Ii.create("languageUtils")}getScriptPartFromCode(t){if(t=Dl(t),!t||t.indexOf("-")<0)return null;const n=t.split("-");return n.length===2||(n.pop(),n[n.length-1].toLowerCase()==="x")?null:this.formatLanguageCode(n.join("-"))}getLanguagePartFromCode(t){if(t=Dl(t),!t||t.indexOf("-")<0)return t;const n=t.split("-");return this.formatLanguageCode(n[0])}formatLanguageCode(t){if(Ee(t)&&t.indexOf("-")>-1){let n;try{n=Intl.getCanonicalLocales(t)[0]}catch{}return n&&this.options.lowerCaseLng&&(n=n.toLowerCase()),n||(this.options.lowerCaseLng?t.toLowerCase():t)}return this.options.cleanCode||this.options.lowerCaseLng?t.toLowerCase():t}isSupportedCode(t){return(this.options.load==="languageOnly"||this.options.nonExplicitSupportedLngs)&&(t=this.getLanguagePartFromCode(t)),!this.supportedLngs||!this.supportedLngs.length||this.supportedLngs.indexOf(t)>-1}getBestMatchFromCodes(t){if(!t)return null;let n;return t.forEach(i=>{if(n)return;const r=this.formatLanguageCode(i);(!this.options.supportedLngs||this.isSupportedCode(r))&&(n=r)}),!n&&this.options.supportedLngs&&t.forEach(i=>{if(n)return;const r=this.getScriptPartFromCode(i);if(this.isSupportedCode(r))return n=r;const o=this.getLanguagePartFromCode(i);if(this.isSupportedCode(o))return n=o;n=this.options.supportedLngs.find(a=>{if(a===o)return a;if(!(a.indexOf("-")<0&&o.indexOf("-")<0)&&(a.indexOf("-")>0&&o.indexOf("-")<0&&a.substring(0,a.indexOf("-"))===o||a.indexOf(o)===0&&o.length>1))return a})}),n||(n=this.getFallbackCodes(this.options.fallbackLng)[0]),n}getFallbackCodes(t,n){if(!t)return[];if(typeof t=="function"&&(t=t(n)),Ee(t)&&(t=[t]),Array.isArray(t))return t;if(!n)return t.default||[];let i=t[n];return i||(i=t[this.getScriptPartFromCode(n)]),i||(i=t[this.formatLanguageCode(n)]),i||(i=t[this.getLanguagePartFromCode(n)]),i||(i=t.default),i||[]}toResolveHierarchy(t,n){const i=this.getFallbackCodes((n===!1?[]:n)||this.options.fallbackLng||[],t),r=[],o=a=>{a&&(this.isSupportedCode(a)?r.push(a):this.logger.warn(`rejecting language code not found in supportedLngs: ${a}`))};return Ee(t)&&(t.indexOf("-")>-1||t.indexOf("_")>-1)?(this.options.load!=="languageOnly"&&o(this.formatLanguageCode(t)),this.options.load!=="languageOnly"&&this.options.load!=="currentOnly"&&o(this.getScriptPartFromCode(t)),this.options.load!=="currentOnly"&&o(this.getLanguagePartFromCode(t))):Ee(t)&&o(this.formatLanguageCode(t)),i.forEach(a=>{r.indexOf(a)<0&&o(this.formatLanguageCode(a))}),r}}const N1={zero:0,one:1,two:2,few:3,many:4,other:5},F1={select:e=>e===1?"one":"other",resolvedOptions:()=>({pluralCategories:["one","other"]})};class $N{constructor(t,n={}){this.languageUtils=t,this.options=n,this.logger=Ii.create("pluralResolver"),this.pluralRulesCache={}}clearCache(){this.pluralRulesCache={}}getRule(t,n={}){const i=Dl(t==="dev"?"en":t),r=n.ordinal?"ordinal":"cardinal",o=JSON.stringify({cleanedCode:i,type:r});if(o in this.pluralRulesCache)return this.pluralRulesCache[o];let a;try{a=new Intl.PluralRules(i,{type:r})}catch{if(typeof Intl>"u")return this.logger.error("No Intl support, please use an Intl polyfill!"),F1;if(!t.match(/-|_/))return F1;const l=this.languageUtils.getLanguagePartFromCode(t);a=this.getRule(l,n)}return this.pluralRulesCache[o]=a,a}needsPlural(t,n={}){let i=this.getRule(t,n);return i||(i=this.getRule("dev",n)),i?.resolvedOptions().pluralCategories.length>1}getPluralFormsOfKey(t,n,i={}){return this.getSuffixes(t,i).map(r=>`${n}${r}`)}getSuffixes(t,n={}){let i=this.getRule(t,n);return i||(i=this.getRule("dev",n)),i?i.resolvedOptions().pluralCategories.sort((r,o)=>N1[r]-N1[o]).map(r=>`${this.options.prepend}${n.ordinal?`ordinal${this.options.prepend}`:""}${r}`):[]}getSuffix(t,n,i={}){const r=this.getRule(t,i);return r?`${this.options.prepend}${i.ordinal?`ordinal${this.options.prepend}`:""}${r.select(n)}`:(this.logger.warn(`no plural rule found for: ${t}`),this.getSuffix("dev",n,i))}}const O1=(e,t,n,i=".",r=!0)=>{let o=bN(e,t,n);return!o&&r&&Ee(n)&&(o=oy(e,n,i),o===void 0&&(o=oy(t,n,i))),o},Vg=e=>e.replace(/\$/g,"$$$$");class j1{constructor(t={}){this.logger=Ii.create("interpolator"),this.options=t,this.format=t?.interpolation?.format||(n=>n),this.init(t)}init(t={}){t.interpolation||(t.interpolation={escapeValue:!0});const{escape:n,escapeValue:i,useRawValueToEscape:r,prefix:o,prefixEscaped:a,suffix:c,suffixEscaped:l,formatSeparator:d,unescapeSuffix:u,unescapePrefix:p,nestingPrefix:f,nestingPrefixEscaped:h,nestingSuffix:g,nestingSuffixEscaped:m,nestingOptionsSeparator:_,maxReplaces:y,alwaysFormat:w}=t.interpolation;this.escape=n!==void 0?n:AN,this.escapeValue=i!==void 0?i:!0,this.useRawValueToEscape=r!==void 0?r:!1,this.prefix=o?yo(o):a||"{{",this.suffix=c?yo(c):l||"}}",this.formatSeparator=d||",",this.unescapePrefix=u?"":p||"-",this.unescapeSuffix=this.unescapePrefix?"":u||"",this.nestingPrefix=f?yo(f):h||yo("$t("),this.nestingSuffix=g?yo(g):m||yo(")"),this.nestingOptionsSeparator=_||",",this.maxReplaces=y||1e3,this.alwaysFormat=w!==void 0?w:!1,this.resetRegExp()}reset(){this.options&&this.init(this.options)}resetRegExp(){const t=(n,i)=>n?.source===i?(n.lastIndex=0,n):new RegExp(i,"g");this.regexp=t(this.regexp,`${this.prefix}(.+?)${this.suffix}`),this.regexpUnescape=t(this.regexpUnescape,`${this.prefix}${this.unescapePrefix}(.+?)${this.unescapeSuffix}${this.suffix}`),this.nestingRegexp=t(this.nestingRegexp,`${this.nestingPrefix}((?:[^()"']+|"[^"]*"|'[^']*'|\\((?:[^()]|"[^"]*"|'[^']*')*\\))*?)${this.nestingSuffix}`)}interpolate(t,n,i,r){let o,a,c;const l=this.options&&this.options.interpolation&&this.options.interpolation.defaultVariables||{},d=h=>{if(h.indexOf(this.formatSeparator)<0){const y=O1(n,l,h,this.options.keySeparator,this.options.ignoreJSONStructure);return this.alwaysFormat?this.format(y,void 0,i,{...r,...n,interpolationkey:h}):y}const g=h.split(this.formatSeparator),m=g.shift().trim(),_=g.join(this.formatSeparator).trim();return this.format(O1(n,l,m,this.options.keySeparator,this.options.ignoreJSONStructure),_,i,{...r,...n,interpolationkey:m})};this.resetRegExp();const u=r?.missingInterpolationHandler||this.options.missingInterpolationHandler,p=r?.interpolation?.skipOnVariables!==void 0?r.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables;return[{regex:this.regexpUnescape,safeValue:h=>Vg(h)},{regex:this.regexp,safeValue:h=>this.escapeValue?Vg(this.escape(h)):Vg(h)}].forEach(h=>{for(c=0;o=h.regex.exec(t);){const g=o[1].trim();if(a=d(g),a===void 0)if(typeof u=="function"){const _=u(t,o,r);a=Ee(_)?_:""}else if(r&&Object.prototype.hasOwnProperty.call(r,g))a="";else if(p){a=o[0];continue}else this.logger.warn(`missed to pass in variable ${g} for interpolating ${t}`),a="";else!Ee(a)&&!this.useRawValueToEscape&&(a=x1(a));const m=h.safeValue(a);if(t=t.replace(o[0],m),p?(h.regex.lastIndex+=a.length,h.regex.lastIndex-=o[0].length):h.regex.lastIndex=0,c++,c>=this.maxReplaces)break}}),t}nest(t,n,i={}){let r,o,a;const c=(l,d)=>{const u=this.nestingOptionsSeparator;if(l.indexOf(u)<0)return l;const p=l.split(new RegExp(`${yo(u)}[ ]*{`));let f=`{${p[1]}`;l=p[0],f=this.interpolate(f,a);const h=f.match(/'/g),g=f.match(/"/g);((h?.length??0)%2===0&&!g||(g?.length??0)%2!==0)&&(f=f.replace(/'/g,'"'));try{a=JSON.parse(f),d&&(a={...d,...a})}catch(m){return this.logger.warn(`failed parsing options string in nesting for key ${l}`,m),`${l}${u}${f}`}return a.defaultValue&&a.defaultValue.indexOf(this.prefix)>-1&&delete a.defaultValue,l};for(;r=this.nestingRegexp.exec(t);){let l=[];a={...i},a=a.replace&&!Ee(a.replace)?a.replace:a,a.applyPostProcessor=!1,delete a.defaultValue;const d=/{.*}/.test(r[1])?r[1].lastIndexOf("}")+1:r[1].indexOf(this.formatSeparator);if(d!==-1&&(l=r[1].slice(d).split(this.formatSeparator).map(u=>u.trim()).filter(Boolean),r[1]=r[1].slice(0,d)),o=n(c.call(this,r[1].trim(),a),a),o&&r[0]===t&&!Ee(o))return o;Ee(o)||(o=x1(o)),o||(this.logger.warn(`missed to resolve ${r[1]} for nesting ${t}`),o=""),l.length&&(o=l.reduce((u,p)=>this.format(u,p,i.lng,{...i,interpolationkey:r[1].trim()}),o.trim())),t=t.replace(r[0],o),this.regexp.lastIndex=0}return t}}const IN=e=>{let t=e.toLowerCase().trim();const n={};if(e.indexOf("(")>-1){const i=e.split("(");t=i[0].toLowerCase().trim();const r=i[1].substring(0,i[1].length-1);t==="currency"&&r.indexOf(":")<0?n.currency||(n.currency=r.trim()):t==="relativetime"&&r.indexOf(":")<0?n.range||(n.range=r.trim()):r.split(";").forEach(a=>{if(a){const[c,...l]=a.split(":"),d=l.join(":").trim().replace(/^'+|'+$/g,""),u=c.trim();n[u]||(n[u]=d),d==="false"&&(n[u]=!1),d==="true"&&(n[u]=!0),isNaN(d)||(n[u]=parseInt(d,10))}})}return{formatName:t,formatOptions:n}},R1=e=>{const t={};return(n,i,r)=>{let o=r;r&&r.interpolationkey&&r.formatParams&&r.formatParams[r.interpolationkey]&&r[r.interpolationkey]&&(o={...o,[r.interpolationkey]:void 0});const a=i+JSON.stringify(o);let c=t[a];return c||(c=e(Dl(i),r),t[a]=c),c(n)}},zN=e=>(t,n,i)=>e(Dl(n),i)(t);class PN{constructor(t={}){this.logger=Ii.create("formatter"),this.options=t,this.init(t)}init(t,n={interpolation:{}}){this.formatSeparator=n.interpolation.formatSeparator||",";const i=n.cacheInBuiltFormats?R1:zN;this.formats={number:i((r,o)=>{const a=new Intl.NumberFormat(r,{...o});return c=>a.format(c)}),currency:i((r,o)=>{const a=new Intl.NumberFormat(r,{...o,style:"currency"});return c=>a.format(c)}),datetime:i((r,o)=>{const a=new Intl.DateTimeFormat(r,{...o});return c=>a.format(c)}),relativetime:i((r,o)=>{const a=new Intl.RelativeTimeFormat(r,{...o});return c=>a.format(c,o.range||"day")}),list:i((r,o)=>{const a=new Intl.ListFormat(r,{...o});return c=>a.format(c)})}}add(t,n){this.formats[t.toLowerCase().trim()]=n}addCached(t,n){this.formats[t.toLowerCase().trim()]=R1(n)}format(t,n,i,r={}){const o=n.split(this.formatSeparator);if(o.length>1&&o[0].indexOf("(")>1&&o[0].indexOf(")")<0&&o.find(c=>c.indexOf(")")>-1)){const c=o.findIndex(l=>l.indexOf(")")>-1);o[0]=[o[0],...o.splice(1,c)].join(this.formatSeparator)}return o.reduce((c,l)=>{const{formatName:d,formatOptions:u}=IN(l);if(this.formats[d]){let p=c;try{const f=r?.formatParams?.[r.interpolationkey]||{},h=f.locale||f.lng||r.locale||r.lng||i;p=this.formats[d](c,h,{...u,...r,...f})}catch(f){this.logger.warn(f)}return p}else this.logger.warn(`there was no format function for ${d}`);return c},t)}}const NN=(e,t)=>{e.pending[t]!==void 0&&(delete e.pending[t],e.pendingCount--)};class FN extends oh{constructor(t,n,i,r={}){super(),this.backend=t,this.store=n,this.services=i,this.languageUtils=i.languageUtils,this.options=r,this.logger=Ii.create("backendConnector"),this.waitingReads=[],this.maxParallelReads=r.maxParallelReads||10,this.readingCalls=0,this.maxRetries=r.maxRetries>=0?r.maxRetries:5,this.retryTimeout=r.retryTimeout>=1?r.retryTimeout:350,this.state={},this.queue=[],this.backend?.init?.(i,r.backend,r)}queueLoad(t,n,i,r){const o={},a={},c={},l={};return t.forEach(d=>{let u=!0;n.forEach(p=>{const f=`${d}|${p}`;!i.reload&&this.store.hasResourceBundle(d,p)?this.state[f]=2:this.state[f]<0||(this.state[f]===1?a[f]===void 0&&(a[f]=!0):(this.state[f]=1,u=!1,a[f]===void 0&&(a[f]=!0),o[f]===void 0&&(o[f]=!0),l[p]===void 0&&(l[p]=!0)))}),u||(c[d]=!0)}),(Object.keys(o).length||Object.keys(a).length)&&this.queue.push({pending:a,pendingCount:Object.keys(a).length,loaded:{},errors:[],callback:r}),{toLoad:Object.keys(o),pending:Object.keys(a),toLoadLanguages:Object.keys(c),toLoadNamespaces:Object.keys(l)}}loaded(t,n,i){const r=t.split("|"),o=r[0],a=r[1];n&&this.emit("failedLoading",o,a,n),!n&&i&&this.store.addResourceBundle(o,a,i,void 0,void 0,{skipCopy:!0}),this.state[t]=n?-1:2,n&&i&&(this.state[t]=0);const c={};this.queue.forEach(l=>{wN(l.loaded,[o],a),NN(l,t),n&&l.errors.push(n),l.pendingCount===0&&!l.done&&(Object.keys(l.loaded).forEach(d=>{c[d]||(c[d]={});const u=l.loaded[d];u.length&&u.forEach(p=>{c[d][p]===void 0&&(c[d][p]=!0)})}),l.done=!0,l.errors.length?l.callback(l.errors):l.callback())}),this.emit("loaded",c),this.queue=this.queue.filter(l=>!l.done)}read(t,n,i,r=0,o=this.retryTimeout,a){if(!t.length)return a(null,{});if(this.readingCalls>=this.maxParallelReads){this.waitingReads.push({lng:t,ns:n,fcName:i,tried:r,wait:o,callback:a});return}this.readingCalls++;const c=(d,u)=>{if(this.readingCalls--,this.waitingReads.length>0){const p=this.waitingReads.shift();this.read(p.lng,p.ns,p.fcName,p.tried,p.wait,p.callback)}if(d&&u&&r<this.maxRetries){setTimeout(()=>{this.read.call(this,t,n,i,r+1,o*2,a)},o);return}a(d,u)},l=this.backend[i].bind(this.backend);if(l.length===2){try{const d=l(t,n);d&&typeof d.then=="function"?d.then(u=>c(null,u)).catch(c):c(null,d)}catch(d){c(d)}return}return l(t,n,c)}prepareLoading(t,n,i={},r){if(!this.backend)return this.logger.warn("No backend was added via i18next.use. Will not load resources."),r&&r();Ee(t)&&(t=this.languageUtils.toResolveHierarchy(t)),Ee(n)&&(n=[n]);const o=this.queueLoad(t,n,i,r);if(!o.toLoad.length)return o.pending.length||r(),null;o.toLoad.forEach(a=>{this.loadOne(a)})}load(t,n,i){this.prepareLoading(t,n,{},i)}reload(t,n,i){this.prepareLoading(t,n,{reload:!0},i)}loadOne(t,n=""){const i=t.split("|"),r=i[0],o=i[1];this.read(r,o,"read",void 0,void 0,(a,c)=>{a&&this.logger.warn(`${n}loading namespace ${o} for language ${r} failed`,a),!a&&c&&this.logger.log(`${n}loaded namespace ${o} for language ${r}`,c),this.loaded(t,a,c)})}saveMissing(t,n,i,r,o,a={},c=()=>{}){if(this.services?.utils?.hasLoadedNamespace&&!this.services?.utils?.hasLoadedNamespace(n)){this.logger.warn(`did not save key "${i}" as the namespace "${n}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!");return}if(!(i==null||i==="")){if(this.backend?.create){const l={...a,isUpdate:o},d=this.backend.create.bind(this.backend);if(d.length<6)try{let u;d.length===5?u=d(t,n,i,r,l):u=d(t,n,i,r),u&&typeof u.then=="function"?u.then(p=>c(null,p)).catch(c):c(null,u)}catch(u){c(u)}else d(t,n,i,r,c,l)}!t||!t[0]||this.store.addResource(t[0],n,i,r)}}}const Kg=()=>({debug:!1,initAsync:!0,ns:["translation"],defaultNS:["translation"],fallbackLng:["dev"],fallbackNS:!1,supportedLngs:!1,nonExplicitSupportedLngs:!1,load:"all",preload:!1,simplifyPluralSuffix:!0,keySeparator:".",nsSeparator:":",pluralSeparator:"_",contextSeparator:"_",partialBundledLanguages:!1,saveMissing:!1,updateMissing:!1,saveMissingTo:"fallback",saveMissingPlurals:!0,missingKeyHandler:!1,missingInterpolationHandler:!1,postProcess:!1,postProcessPassResolved:!1,returnNull:!1,returnEmptyString:!0,returnObjects:!1,joinArrays:!1,returnedObjectHandler:!1,parseMissingKeyHandler:!1,appendNamespaceToMissingKey:!1,appendNamespaceToCIMode:!1,overloadTranslationOptionHandler:e=>{let t={};if(typeof e[1]=="object"&&(t=e[1]),Ee(e[1])&&(t.defaultValue=e[1]),Ee(e[2])&&(t.tDescription=e[2]),typeof e[2]=="object"||typeof e[3]=="object"){const n=e[3]||e[2];Object.keys(n).forEach(i=>{t[i]=n[i]})}return t},interpolation:{escapeValue:!0,format:e=>e,prefix:"{{",suffix:"}}",formatSeparator:",",unescapePrefix:"-",nestingPrefix:"$t(",nestingSuffix:")",nestingOptionsSeparator:",",maxReplaces:1e3,skipOnVariables:!0},cacheInBuiltFormats:!0}),D1=e=>(Ee(e.ns)&&(e.ns=[e.ns]),Ee(e.fallbackLng)&&(e.fallbackLng=[e.fallbackLng]),Ee(e.fallbackNS)&&(e.fallbackNS=[e.fallbackNS]),e.supportedLngs?.indexOf?.("cimode")<0&&(e.supportedLngs=e.supportedLngs.concat(["cimode"])),typeof e.initImmediate=="boolean"&&(e.initAsync=e.initImmediate),e),bu=()=>{},ON=e=>{Object.getOwnPropertyNames(Object.getPrototypeOf(e)).forEach(n=>{typeof e[n]=="function"&&(e[n]=e[n].bind(e))})},B4="__i18next_supportNoticeShown",jN=()=>!!(typeof globalThis<"u"&&globalThis[B4]||typeof process<"u"&&process.env&&process.env.I18NEXT_NO_SUPPORT_NOTICE||typeof process<"u"&&process.env&&process.env.NODE_ENV==="production"),RN=()=>{typeof globalThis<"u"&&(globalThis[B4]=!0)},DN=e=>!!(e?.modules?.backend?.name?.indexOf("Locize")>0||e?.modules?.backend?.constructor?.name?.indexOf("Locize")>0||e?.options?.backend?.backends&&e.options.backend.backends.some(t=>t?.name?.indexOf("Locize")>0||t?.constructor?.name?.indexOf("Locize")>0)||e?.options?.backend?.projectId||e?.options?.backend?.backendOptions&&e.options.backend.backendOptions.some(t=>t?.projectId));class Tl extends oh{constructor(t={},n){if(super(),this.options=D1(t),this.services={},this.logger=Ii,this.modules={external:[]},ON(this),n&&!this.isInitialized&&!t.isClone){if(!this.options.initAsync)return this.init(t,n),this;setTimeout(()=>{this.init(t,n)},0)}}init(t={},n){this.isInitializing=!0,typeof t=="function"&&(n=t,t={}),t.defaultNS==null&&t.ns&&(Ee(t.ns)?t.defaultNS=t.ns:t.ns.indexOf("translation")<0&&(t.defaultNS=t.ns[0]));const i=Kg();this.options={...i,...this.options,...D1(t)},this.options.interpolation={...i.interpolation,...this.options.interpolation},t.keySeparator!==void 0&&(this.options.userDefinedKeySeparator=t.keySeparator),t.nsSeparator!==void 0&&(this.options.userDefinedNsSeparator=t.nsSeparator),typeof this.options.overloadTranslationOptionHandler!="function"&&(this.options.overloadTranslationOptionHandler=i.overloadTranslationOptionHandler),this.options.showSupportNotice!==!1&&!DN(this)&&!jN()&&(typeof console<"u"&&typeof console.info<"u"&&console.info("🌐 i18next is made possible by our own product, Locize — consider powering your project with managed localization (AI, CDN, integrations): https://locize.com 💙"),RN());const r=d=>d?typeof d=="function"?new d:d:null;if(!this.options.isClone){this.modules.logger?Ii.init(r(this.modules.logger),this.options):Ii.init(null,this.options);let d;this.modules.formatter?d=this.modules.formatter:d=PN;const u=new P1(this.options);this.store=new I1(this.options.resources,this.options);const p=this.services;p.logger=Ii,p.resourceStore=this.store,p.languageUtils=u,p.pluralResolver=new $N(u,{prepend:this.options.pluralSeparator,simplifyPluralSuffix:this.options.simplifyPluralSuffix}),this.options.interpolation.format&&this.options.interpolation.format!==i.interpolation.format&&this.logger.deprecate("init: you are still using the legacy format function, please use the new approach: https://www.i18next.com/translation-function/formatting"),d&&(!this.options.interpolation.format||this.options.interpolation.format===i.interpolation.format)&&(p.formatter=r(d),p.formatter.init&&p.formatter.init(p,this.options),this.options.interpolation.format=p.formatter.format.bind(p.formatter)),p.interpolator=new j1(this.options),p.utils={hasLoadedNamespace:this.hasLoadedNamespace.bind(this)},p.backendConnector=new FN(r(this.modules.backend),p.resourceStore,p,this.options),p.backendConnector.on("*",(h,...g)=>{this.emit(h,...g)}),this.modules.languageDetector&&(p.languageDetector=r(this.modules.languageDetector),p.languageDetector.init&&p.languageDetector.init(p,this.options.detection,this.options)),this.modules.i18nFormat&&(p.i18nFormat=r(this.modules.i18nFormat),p.i18nFormat.init&&p.i18nFormat.init(this)),this.translator=new mp(this.services,this.options),this.translator.on("*",(h,...g)=>{this.emit(h,...g)}),this.modules.external.forEach(h=>{h.init&&h.init(this)})}if(this.format=this.options.interpolation.format,n||(n=bu),this.options.fallbackLng&&!this.services.languageDetector&&!this.options.lng){const d=this.services.languageUtils.getFallbackCodes(this.options.fallbackLng);d.length>0&&d[0]!=="dev"&&(this.options.lng=d[0])}!this.services.languageDetector&&!this.options.lng&&this.logger.warn("init: no languageDetector is used and no lng is defined"),["getResource","hasResourceBundle","getResourceBundle","getDataByLanguage"].forEach(d=>{this[d]=(...u)=>this.store[d](...u)}),["addResource","addResources","addResourceBundle","removeResourceBundle"].forEach(d=>{this[d]=(...u)=>(this.store[d](...u),this)});const c=Nc(),l=()=>{const d=(u,p)=>{this.isInitializing=!1,this.isInitialized&&!this.initializedStoreOnce&&this.logger.warn("init: i18next is already initialized. You should call init just once!"),this.isInitialized=!0,this.options.isClone||this.logger.log("initialized",this.options),this.emit("initialized",this.options),c.resolve(p),n(u,p)};if(this.languages&&!this.isInitialized)return d(null,this.t.bind(this));this.changeLanguage(this.options.lng,d)};return this.options.resources||!this.options.initAsync?l():setTimeout(l,0),c}loadResources(t,n=bu){let i=n;const r=Ee(t)?t:this.language;if(typeof t=="function"&&(i=t),!this.options.resources||this.options.partialBundledLanguages){if(r?.toLowerCase()==="cimode"&&(!this.options.preload||this.options.preload.length===0))return i();const o=[],a=c=>{if(!c||c==="cimode")return;this.services.languageUtils.toResolveHierarchy(c).forEach(d=>{d!=="cimode"&&o.indexOf(d)<0&&o.push(d)})};r?a(r):this.services.languageUtils.getFallbackCodes(this.options.fallbackLng).forEach(l=>a(l)),this.options.preload?.forEach?.(c=>a(c)),this.services.backendConnector.load(o,this.options.ns,c=>{!c&&!this.resolvedLanguage&&this.language&&this.setResolvedLanguage(this.language),i(c)})}else i(null)}reloadResources(t,n,i){const r=Nc();return typeof t=="function"&&(i=t,t=void 0),typeof n=="function"&&(i=n,n=void 0),t||(t=this.languages),n||(n=this.options.ns),i||(i=bu),this.services.backendConnector.reload(t,n,o=>{r.resolve(),i(o)}),r}use(t){if(!t)throw new Error("You are passing an undefined module! Please check the object you are passing to i18next.use()");if(!t.type)throw new Error("You are passing a wrong module! Please check the object you are passing to i18next.use()");return t.type==="backend"&&(this.modules.backend=t),(t.type==="logger"||t.log&&t.warn&&t.error)&&(this.modules.logger=t),t.type==="languageDetector"&&(this.modules.languageDetector=t),t.type==="i18nFormat"&&(this.modules.i18nFormat=t),t.type==="postProcessor"&&R4.addPostProcessor(t),t.type==="formatter"&&(this.modules.formatter=t),t.type==="3rdParty"&&this.modules.external.push(t),this}setResolvedLanguage(t){if(!(!t||!this.languages)&&!(["cimode","dev"].indexOf(t)>-1)){for(let n=0;n<this.languages.length;n++){const i=this.languages[n];if(!(["cimode","dev"].indexOf(i)>-1)&&this.store.hasLanguageSomeTranslations(i)){this.resolvedLanguage=i;break}}!this.resolvedLanguage&&this.languages.indexOf(t)<0&&this.store.hasLanguageSomeTranslations(t)&&(this.resolvedLanguage=t,this.languages.unshift(t))}}changeLanguage(t,n){this.isLanguageChangingTo=t;const i=Nc();this.emit("languageChanging",t);const r=c=>{this.language=c,this.languages=this.services.languageUtils.toResolveHierarchy(c),this.resolvedLanguage=void 0,this.setResolvedLanguage(c)},o=(c,l)=>{l?this.isLanguageChangingTo===t&&(r(l),this.translator.changeLanguage(l),this.isLanguageChangingTo=void 0,this.emit("languageChanged",l),this.logger.log("languageChanged",l)):this.isLanguageChangingTo=void 0,i.resolve((...d)=>this.t(...d)),n&&n(c,(...d)=>this.t(...d))},a=c=>{!t&&!c&&this.services.languageDetector&&(c=[]);const l=Ee(c)?c:c&&c[0],d=this.store.hasLanguageSomeTranslations(l)?l:this.services.languageUtils.getBestMatchFromCodes(Ee(c)?[c]:c);d&&(this.language||r(d),this.translator.language||this.translator.changeLanguage(d),this.services.languageDetector?.cacheUserLanguage?.(d)),this.loadResources(d,u=>{o(u,d)})};return!t&&this.services.languageDetector&&!this.services.languageDetector.async?a(this.services.languageDetector.detect()):!t&&this.services.languageDetector&&this.services.languageDetector.async?this.services.languageDetector.detect.length===0?this.services.languageDetector.detect().then(a):this.services.languageDetector.detect(a):a(t),i}getFixedT(t,n,i){const r=(o,a,...c)=>{let l;typeof a!="object"?l=this.options.overloadTranslationOptionHandler([o,a].concat(c)):l={...a},l.lng=l.lng||r.lng,l.lngs=l.lngs||r.lngs,l.ns=l.ns||r.ns,l.keyPrefix!==""&&(l.keyPrefix=l.keyPrefix||i||r.keyPrefix);const d={...this.options,...l};typeof l.keyPrefix=="function"&&(l.keyPrefix=_a(l.keyPrefix,d));const u=this.options.keySeparator||".";let p;return l.keyPrefix&&Array.isArray(o)?p=o.map(f=>(typeof f=="function"&&(f=_a(f,d)),`${l.keyPrefix}${u}${f}`)):(typeof o=="function"&&(o=_a(o,d)),p=l.keyPrefix?`${l.keyPrefix}${u}${o}`:o),this.t(p,l)};return Ee(t)?r.lng=t:r.lngs=t,r.ns=n,r.keyPrefix=i,r}t(...t){return this.translator?.translate(...t)}exists(...t){return this.translator?.exists(...t)}setDefaultNamespace(t){this.options.defaultNS=t}hasLoadedNamespace(t,n={}){if(!this.isInitialized)return this.logger.warn("hasLoadedNamespace: i18next was not initialized",this.languages),!1;if(!this.languages||!this.languages.length)return this.logger.warn("hasLoadedNamespace: i18n.languages were undefined or empty",this.languages),!1;const i=n.lng||this.resolvedLanguage||this.languages[0],r=this.options?this.options.fallbackLng:!1,o=this.languages[this.languages.length-1];if(i.toLowerCase()==="cimode")return!0;const a=(c,l)=>{const d=this.services.backendConnector.state[`${c}|${l}`];return d===-1||d===0||d===2};if(n.precheck){const c=n.precheck(this,a);if(c!==void 0)return c}return!!(this.hasResourceBundle(i,t)||!this.services.backendConnector.backend||this.options.resources&&!this.options.partialBundledLanguages||a(i,t)&&(!r||a(o,t)))}loadNamespaces(t,n){const i=Nc();return this.options.ns?(Ee(t)&&(t=[t]),t.forEach(r=>{this.options.ns.indexOf(r)<0&&this.options.ns.push(r)}),this.loadResources(r=>{i.resolve(),n&&n(r)}),i):(n&&n(),Promise.resolve())}loadLanguages(t,n){const i=Nc();Ee(t)&&(t=[t]);const r=this.options.preload||[],o=t.filter(a=>r.indexOf(a)<0&&this.services.languageUtils.isSupportedCode(a));return o.length?(this.options.preload=r.concat(o),this.loadResources(a=>{i.resolve(),n&&n(a)}),i):(n&&n(),Promise.resolve())}dir(t){if(t||(t=this.resolvedLanguage||(this.languages?.length>0?this.languages[0]:this.language)),!t)return"rtl";try{const r=new Intl.Locale(t);if(r&&r.getTextInfo){const o=r.getTextInfo();if(o&&o.direction)return o.direction}}catch{}const n=["ar","shu","sqr","ssh","xaa","yhd","yud","aao","abh","abv","acm","acq","acw","acx","acy","adf","ads","aeb","aec","afb","ajp","apc","apd","arb","arq","ars","ary","arz","auz","avl","ayh","ayl","ayn","ayp","bbz","pga","he","iw","ps","pbt","pbu","pst","prp","prd","ug","ur","ydd","yds","yih","ji","yi","hbo","men","xmn","fa","jpr","peo","pes","prs","dv","sam","ckb"],i=this.services?.languageUtils||new P1(Kg());return t.toLowerCase().indexOf("-latn")>1?"ltr":n.indexOf(i.getLanguagePartFromCode(t))>-1||t.toLowerCase().indexOf("-arab")>1?"rtl":"ltr"}static createInstance(t={},n){const i=new Tl(t,n);return i.createInstance=Tl.createInstance,i}cloneInstance(t={},n=bu){const i=t.forkResourceStore;i&&delete t.forkResourceStore;const r={...this.options,...t,isClone:!0},o=new Tl(r);if((t.debug!==void 0||t.prefix!==void 0)&&(o.logger=o.logger.clone(t)),["store","services","language"].forEach(c=>{o[c]=this[c]}),o.services={...this.services},o.services.utils={hasLoadedNamespace:o.hasLoadedNamespace.bind(o)},i){const c=Object.keys(this.store.data).reduce((l,d)=>(l[d]={...this.store.data[d]},l[d]=Object.keys(l[d]).reduce((u,p)=>(u[p]={...l[d][p]},u),l[d]),l),{});o.store=new I1(c,r),o.services.resourceStore=o.store}if(t.interpolation){const l={...Kg().interpolation,...this.options.interpolation,...t.interpolation},d={...r,interpolation:l};o.services.interpolator=new j1(d)}return o.translator=new mp(o.services,r),o.translator.on("*",(c,...l)=>{o.emit(c,...l)}),o.init(r,n),o.translator.options=r,o.translator.backendConnector.services.utils={hasLoadedNamespace:o.hasLoadedNamespace.bind(o)},o}toJSON(){return{options:this.options,store:this.store,language:this.language,languages:this.languages,resolvedLanguage:this.resolvedLanguage}}}const L=Tl.createInstance();L.createInstance;L.dir;L.init;L.loadResources;L.reloadResources;L.use;L.changeLanguage;L.getFixedT;const ee=L.t;L.exists;L.setDefaultNamespace;L.hasLoadedNamespace;L.loadNamespaces;L.loadLanguages;const Mn=s.z.object({created_at:s.z.string(),updated_at:s.z.string()}),Cw=s.z.object({id:s.z.string(),version:s.z.string().optional()}),Tw=s.z.object({name:s.z.string(),version:s.z.string()}),$w=s.z.object({name:s.z.string(),value:s.z.string().optional()}),Bl=s.z.object({name:s.z.string().max(255),code:s.z.string().max(1e5),supported_triggers:s.z.array(Cw).optional(),runtime:s.z.string().max(50).optional(),dependencies:s.z.array(Tw).optional(),secrets:s.z.array($w).optional()}),BN=Bl.partial().extend({status:s.z.enum(["draft","built"]).optional(),deployed_at:s.z.string().optional()}),Xi=Bl.extend({id:s.z.string(),tenant_id:s.z.string(),status:s.z.enum(["draft","built"]).default("built"),deployed_at:s.z.string().optional(),secrets:s.z.array(s.z.object({name:s.z.string(),value:s.z.string().optional()})).optional(),...Mn.shape}),L4=s.z.object({action_id:s.z.string(),code:s.z.string().max(1e5),runtime:s.z.string().max(50).optional(),dependencies:s.z.array(Tw).optional(),secrets:s.z.array($w).optional(),supported_triggers:s.z.array(Cw).optional(),deployed:s.z.boolean().default(!0)}),sh=L4.extend({id:s.z.string(),tenant_id:s.z.string(),number:s.z.number().int(),...Mn.shape}),M4=s.z.enum(["user_action","admin_action","system","api"]),U4=s.z.object({type:s.z.enum(["user","admin","system","api_key","client_credentials"]),id:s.z.string().optional(),email:s.z.string().optional(),org_id:s.z.string().optional(),org_name:s.z.string().optional(),scopes:s.z.array(s.z.string()).optional(),client_id:s.z.string().optional()}),q4=s.z.object({type:s.z.string(),id:s.z.string(),before:s.z.record(s.z.unknown()).optional(),after:s.z.record(s.z.unknown()).optional(),diff:s.z.record(s.z.object({old:s.z.unknown(),new:s.z.unknown()})).optional()}),H4=s.z.object({method:s.z.string(),path:s.z.string(),query:s.z.record(s.z.string()).optional(),body:s.z.unknown().optional(),ip:s.z.string(),user_agent:s.z.string().optional(),correlation_id:s.z.string().optional()}),V4=s.z.object({status_code:s.z.number(),body:s.z.unknown().optional()}),K4=s.z.object({country_code:s.z.string(),city_name:s.z.string(),latitude:s.z.string(),longitude:s.z.string(),time_zone:s.z.string(),continent_code:s.z.string()}),G4=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.record(s.z.string()).optional()}),W4=s.z.object({tenant_id:s.z.string(),event_type:s.z.string(),log_type:s.z.string(),description:s.z.string().optional(),category:M4,actor:U4,target:q4,request:H4,response:V4.optional(),connection:s.z.string().optional(),strategy:s.z.string().optional(),strategy_type:s.z.string().optional(),audience:s.z.string().optional(),scope:s.z.string().optional(),location:K4.optional(),auth0_client:G4.optional(),hostname:s.z.string(),is_mobile:s.z.boolean().optional(),timestamp:s.z.string()}),J4=W4.extend({id:s.z.string()}),LN=s.z.enum(["AUTH0","EMAIL","REDIRECT"]),MN=s.z.enum(["CREATE_USER","GET_USER","UPDATE_USER","SEND_REQUEST","SEND_EMAIL"]),UN=s.z.enum(["VERIFY_EMAIL"]),Y4=s.z.object({require_mx_record:s.z.boolean().optional(),block_aliases:s.z.boolean().optional(),block_free_emails:s.z.boolean().optional(),block_disposable_emails:s.z.boolean().optional(),blocklist:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional()}),Q4=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("AUTH0"),action:s.z.literal("UPDATE_USER"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({connection_id:s.z.string().optional(),user_id:s.z.string(),changes:s.z.record(s.z.string(),s.z.any())})}),Z4=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("EMAIL"),action:s.z.literal("VERIFY_EMAIL"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({email:s.z.string(),rules:Y4.optional()})}),X4=s.z.enum(["change-email","account","custom"]),ex=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("REDIRECT"),action:s.z.literal("REDIRECT_USER"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({target:X4.openapi({description:"The predefined target to redirect to, or 'custom' for a custom URL"}),custom_url:s.z.string().optional().openapi({description:"Custom URL to redirect to when target is 'custom'"})})}),tx=s.z.union([Q4,Z4,ex]),yp=s.z.object({name:s.z.string().min(1).max(150).openapi({description:"The name of the flow"}),actions:s.z.array(tx).optional().default([]).openapi({description:"The list of actions to execute in sequence"})}),oa=yp.extend({...Mn.shape,id:s.z.string().openapi({description:"Unique identifier for the flow",example:"af_12tMpdJ3iek7svMyZkSh5M"})}),qN=s.z.object({page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"The page number where 0 is the first page"}),per_page:s.z.string().min(1).optional().default("10").transform(e=>parseInt(e,10)).openapi({description:"The number of items per page"}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"If the total number of items should be included in the response"}),sort:s.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"A property that should have the format 'string:-1' or 'string:1'"}),q:s.z.string().optional().openapi({description:"A lucene query string used to filter the results"})}),Et=s.z.object({start:s.z.number(),limit:s.z.number(),length:s.z.number(),total:s.z.number().optional()}),nx=s.z.object({email:s.z.string().optional(),email_verified:s.z.boolean().optional(),name:s.z.string().optional(),username:s.z.string().optional(),given_name:s.z.string().optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),family_name:s.z.string().optional()}).catchall(s.z.any()),_p=s.z.object({connection:s.z.string(),user_id:s.z.string(),provider:s.z.string(),isSocial:s.z.boolean(),email:s.z.string().optional(),email_verified:s.z.boolean().optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),username:s.z.string().optional(),access_token:s.z.string().optional(),access_token_secret:s.z.string().optional(),refresh_token:s.z.string().optional(),profileData:nx.optional()}),ix=s.z.object({formatted:s.z.string().optional(),street_address:s.z.string().optional(),locality:s.z.string().optional(),region:s.z.string().optional(),postal_code:s.z.string().optional(),country:s.z.string().optional()}).optional(),ah=s.z.object({email:s.z.string().optional().transform(e=>e&&e.toLowerCase()),username:s.z.string().refine(e=>!e.includes("@"),{message:'Usernames must not contain "@". Use the email field for email addresses.'}).optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),given_name:s.z.string().optional(),family_name:s.z.string().optional(),nickname:s.z.string().optional(),name:s.z.string().optional(),picture:s.z.string().optional(),locale:s.z.string().optional(),linked_to:s.z.string().optional(),profileData:s.z.string().optional(),user_id:s.z.string().optional(),app_metadata:s.z.any().default({}).optional(),user_metadata:s.z.any().default({}).optional(),middle_name:s.z.string().optional(),preferred_username:s.z.string().optional(),profile:s.z.string().optional(),website:s.z.string().optional(),gender:s.z.string().optional(),birthdate:s.z.string().optional(),zoneinfo:s.z.string().optional(),address:ix}),wp=ah.extend({email_verified:s.z.boolean().default(!1),verify_email:s.z.boolean().optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string().optional(),provider:s.z.string().optional(),connection:s.z.string(),is_social:s.z.boolean().optional(),registration_completed_at:s.z.string().optional(),password:s.z.object({hash:s.z.string(),algorithm:s.z.string()}).optional()}),Iw=s.z.object({...wp.omit({password:!0}).shape,...Mn.shape,user_id:s.z.string(),provider:s.z.string(),is_social:s.z.boolean(),email:s.z.string().optional(),login_count:s.z.number().default(0),identities:s.z.array(_p).optional()}),zn=Iw.omit({registration_completed_at:!0}),HN=ah.extend({login_count:s.z.number(),multifactor:s.z.array(s.z.string()).optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string()}).catchall(s.z.any());let VN="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",KN=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=VN[n[e]&63];return t};const bp=s.z.object({client_id:s.z.string().optional().openapi({description:"ID of this client. Generated server-side if omitted (Auth0 behavior)."}),name:s.z.string().min(1).openapi({description:"Name of this client (min length: 1 character, does not allow < or >)."}),description:s.z.string().max(140).optional().openapi({description:"Free text description of this client (max length: 140 characters)."}),global:s.z.boolean().default(!1).openapi({description:"Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false)."}),client_secret:s.z.string().default(()=>KN()).optional().openapi({description:"Client secret (which you must not make public)."}),app_type:s.z.enum(["native","spa","regular_web","non_interactive","resource_server","express_configuration","rms","box","cloudbees","concur","dropbox","mscrm","echosign","egnyte","newrelic","office365","salesforce","sentry","sharepoint","slack","springcm","zendesk","zoom","sso_integration","oag"]).default("regular_web").optional().openapi({description:"The type of application this client represents"}),logo_uri:s.z.string().url().optional().openapi({description:"URL of the logo to display for this client. Recommended size is 150x150 pixels."}),is_first_party:s.z.boolean().default(!1).openapi({description:"Whether this client a first party client (true) or not (false)."}),oidc_conformant:s.z.boolean().default(!0).openapi({description:"Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false)."}),auth0_conformant:s.z.boolean().default(!0).openapi({description:"Whether this client follows Auth0-compatible behavior (true) or strict OIDC behavior (false). When true, profile/email claims are included in the ID token when scopes are requested. When false, these claims are only available from the userinfo endpoint (strict OIDC 5.4 compliance)."}),callbacks:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication."}),allowed_origins:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs."}),web_origins:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."}),client_aliases:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of audiences/realms for SAML protocol. Used by the wsfed addon."}),allowed_clients:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed."}),connections:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of connection IDs enabled for this client. The order determines the display order on the login page."}),allowed_logout_urls:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."}),session_transfer:s.z.record(s.z.any()).default({}).optional().openapi({description:"Native to Web SSO Configuration"}),oidc_logout:s.z.record(s.z.any()).default({}).optional().openapi({description:"Configuration for OIDC backchannel logout"}),grant_types:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of grant types supported for this application. Can include authorization_code, implicit, refresh_token, client_credentials, password, http://auth0.com/oauth/grant-type/password-realm, http://auth0.com/oauth/grant-type/mfa-oob, http://auth0.com/oauth/grant-type/mfa-otp, http://auth0.com/oauth/grant-type/mfa-recovery-code, urn:openid:params:grant-type:ciba, and urn:ietf:params:oauth:grant-type:device_code."}),jwt_configuration:s.z.record(s.z.any()).default({}).optional().openapi({description:"Configuration related to JWTs for the client."}),signing_keys:s.z.array(s.z.record(s.z.any())).default([]).optional().openapi({description:"Signing certificates associated with this client."}),encryption_key:s.z.record(s.z.any()).default({}).optional().openapi({description:"Encryption used for WsFed responses with this client."}),sso:s.z.boolean().default(!1).openapi({description:"Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false)."}),sso_disabled:s.z.boolean().default(!1).openapi({description:"Whether Single Sign On is disabled for this client. When true, existing SSO sessions will not be reused and users must authenticate every time."}),cross_origin_authentication:s.z.boolean().default(!1).openapi({description:"Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."}),cross_origin_loc:s.z.string().url().optional().openapi({description:"URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page."}),custom_login_page_on:s.z.boolean().default(!1).openapi({description:"Whether a custom login page is to be used (true) or the default provided login page (false)."}),custom_login_page:s.z.string().optional().openapi({description:"The content (HTML, CSS, JS) of the custom login page."}),custom_login_page_preview:s.z.string().optional().openapi({description:"The content (HTML, CSS, JS) of the custom login page. (Used on Previews)"}),form_template:s.z.string().optional().openapi({description:"HTML form template to be used for WS-Federation."}),addons:s.z.record(s.z.any()).default({}).optional().openapi({description:"Addons enabled for this client and their associated configurations."}),token_endpoint_auth_method:s.z.enum(["none","client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"]).default("client_secret_basic").optional().openapi({description:"Defines the requested authentication method for the token endpoint. `none` (public client), `client_secret_post` / `client_secret_basic` (HTTP POST / Basic), `client_secret_jwt` (RFC 7523 HMAC assertion using client_secret), or `private_key_jwt` (RFC 7523 asymmetric assertion verified against the client's `jwks` / `jwks_uri`)."}),client_metadata:s.z.record(s.z.string().max(255)).default({}).optional().openapi({description:'Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/()<>@ [Tab][Space]'}),mobile:s.z.record(s.z.any()).default({}).optional().openapi({description:"Additional configuration for native mobile apps."}),initiate_login_uri:s.z.string().url().optional().openapi({description:"Initiate login uri, must be https"}),native_social_login:s.z.record(s.z.any()).default({}).optional(),refresh_token:s.z.object({rotation_type:s.z.enum(["rotating","non-rotating"]).optional().openapi({description:"Whether refresh tokens for this client are rotated on every exchange (Auth0 'rotating' behavior) or kept stable (legacy non-rotating). Defaults to 'non-rotating' when unset."}),leeway:s.z.number().int().min(0).max(600).optional().openapi({description:"Seconds after a parent token's first rotation during which presenting it again still mints a fresh sibling child instead of triggering reuse-detection. Defaults to 30s when unset."}),expiration_type:s.z.enum(["expiring","non-expiring"]).optional().openapi({description:"Auth0-compatible: whether refresh tokens expire."}),token_lifetime:s.z.number().int().min(0).optional().openapi({description:"Auth0-compatible: refresh-token absolute lifetime in seconds."}),infinite_token_lifetime:s.z.boolean().optional().openapi({description:"Auth0-compatible: when true, refresh tokens have no absolute expiry."}),idle_token_lifetime:s.z.number().int().min(0).optional().openapi({description:"Auth0-compatible: refresh-token idle (sliding) lifetime in seconds."}),infinite_idle_token_lifetime:s.z.boolean().optional().openapi({description:"Auth0-compatible: when true, refresh tokens have no idle expiry."})}).default({}).optional().openapi({description:"Refresh token configuration"}),default_organization:s.z.record(s.z.any()).default({}).optional().openapi({description:"Defines the default Organization ID and flows"}),organization_usage:s.z.enum(["deny","allow","require"]).default("deny").optional().openapi({description:"Defines how to proceed during an authentication transaction with regards an organization. Can be deny (default), allow or require."}),organization_require_behavior:s.z.enum(["no_prompt","pre_login_prompt","post_login_prompt"]).default("no_prompt").optional().openapi({description:"Defines how to proceed during an authentication transaction when client.organization_usage: 'require'. Can be no_prompt (default), pre_login_prompt or post_login_prompt. post_login_prompt requires oidc_conformant: true."}),client_authentication_methods:s.z.record(s.z.any()).default({}).optional().openapi({description:"Defines client authentication methods."}),require_pushed_authorization_requests:s.z.boolean().default(!1).openapi({description:"Makes the use of Pushed Authorization Requests mandatory for this client"}),require_proof_of_possession:s.z.boolean().default(!1).openapi({description:"Makes the use of Proof-of-Possession mandatory for this client"}),signed_request_object:s.z.record(s.z.any()).default({}).optional().openapi({description:"JWT-secured Authorization Requests (JAR) settings."}),compliance_level:s.z.enum(["none","fapi1_adv_pkj_par","fapi1_adv_mtls_par","fapi2_sp_pkj_mtls","fapi2_sp_mtls_mtls"]).optional().openapi({description:"Defines the compliance level for this client, which may restrict it's capabilities"}),par_request_expiry:s.z.number().optional().openapi({description:"Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"}),token_quota:s.z.record(s.z.any()).default({}).optional(),owner_user_id:s.z.string().optional().openapi({description:"User ID of the consenting user when this client was created via IAT-gated Dynamic Client Registration. NULL for clients created via the Management API or open DCR."}),registration_type:s.z.enum(["manual","open_dcr","iat_dcr"]).optional().openapi({description:"Provenance of this client. `manual` = Management API; `open_dcr` = RFC 7591 without IAT; `iat_dcr` = RFC 7591 with an Initial Access Token."}),registration_metadata:s.z.record(s.z.any()).default({}).optional().openapi({description:"Arbitrary metadata captured at Dynamic Client Registration time that isn't a first-class client field (e.g. integration_type, domain). Also stores `iat_constraints` for clients created via IAT so RFC 7592 PUT can enforce field immutability."}),user_linking_mode:s.z.enum(["builtin","off"]).optional().openapi({description:"Per-client override for the built-in email-based user-linking path. `builtin` runs the legacy in-process linking at user creation/email update. `off` disables the legacy path; linking only happens if the tenant has enabled the `account-linking` template hook. When unset, the service-level `userLinkingMode` default applies."})}),Do=s.z.object({created_at:s.z.string(),updated_at:s.z.string(),...bp.shape,client_id:s.z.string()}),vp=s.z.object({client_id:s.z.string().min(1).openapi({description:"ID of the client."}),audience:s.z.string().min(1).openapi({description:"The audience (API identifier) of this client grant."}),scope:s.z.array(s.z.string()).optional().openapi({description:"Scopes allowed for this client grant."}),organization_usage:s.z.enum(["deny","allow","require"]).optional().openapi({description:"Defines whether organizations can be used with client credentials exchanges for this grant."}),allow_any_organization:s.z.boolean().optional().openapi({description:"If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations."}),is_system:s.z.boolean().optional().openapi({description:"If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."}),subject_type:s.z.enum(["client","user"]).optional().openapi({description:"The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."}),authorization_details_types:s.z.array(s.z.string()).optional().openapi({description:"Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."})}),Bo=s.z.object({id:s.z.string().openapi({description:"ID of the client grant."}),...vp.shape,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),GN=s.z.array(Bo),rx=s.z.enum(["iat","rat"]),ox=s.z.object({id:s.z.string(),token_hash:s.z.string(),type:rx,client_id:s.z.string().optional(),sub:s.z.string().optional(),constraints:s.z.record(s.z.unknown()).optional(),single_use:s.z.boolean().default(!1),expires_at:s.z.string().optional()}),WN=s.z.object({created_at:s.z.string(),used_at:s.z.string().optional(),revoked_at:s.z.string().optional(),...ox.shape}),ws=s.z.object({x:s.z.number(),y:s.z.number()});var zw=(e=>(e.RICH_TEXT="RICH_TEXT",e.NEXT_BUTTON="NEXT_BUTTON",e.BACK_BUTTON="BACK_BUTTON",e.SUBMIT_BUTTON="SUBMIT_BUTTON",e.DIVIDER="DIVIDER",e.TEXT="TEXT",e.EMAIL="EMAIL",e.PASSWORD="PASSWORD",e.NUMBER="NUMBER",e.PHONE="PHONE",e.DATE="DATE",e.CHECKBOX="CHECKBOX",e.RADIO="RADIO",e.SELECT="SELECT",e.HIDDEN="HIDDEN",e.LEGAL="LEGAL",e))(zw||{}),Pw=(e=>(e.BLOCK="BLOCK",e.FIELD="FIELD",e))(Pw||{});const ch=s.z.object({id:s.z.string(),category:s.z.nativeEnum(Pw),type:s.z.nativeEnum(zw)}),sx=ch.extend({category:s.z.literal("BLOCK"),type:s.z.literal("RICH_TEXT"),config:s.z.object({content:s.z.string()}).passthrough()}),ax=ch.extend({category:s.z.literal("BLOCK"),type:s.z.union([s.z.literal("NEXT_BUTTON"),s.z.literal("BACK_BUTTON"),s.z.literal("SUBMIT_BUTTON")]),config:s.z.object({text:s.z.string()}).passthrough()}),cx=ch.extend({category:s.z.literal("FIELD"),type:s.z.literal("LEGAL"),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional(),config:s.z.object({text:s.z.string()}).passthrough()}),lx=ch.extend({category:s.z.literal("FIELD"),type:s.z.union([s.z.literal("TEXT"),s.z.literal("EMAIL"),s.z.literal("PASSWORD"),s.z.literal("NUMBER"),s.z.literal("PHONE"),s.z.literal("DATE"),s.z.literal("CHECKBOX"),s.z.literal("RADIO"),s.z.literal("SELECT"),s.z.literal("HIDDEN")]),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional(),config:s.z.object({label:s.z.string().optional(),placeholder:s.z.string().optional()}).passthrough()}),dx=s.z.object({id:s.z.string(),category:s.z.string(),type:s.z.string()}).passthrough(),ux=s.z.union([sx,ax,cx,lx,dx]);var px=(e=>(e.STEP="STEP",e.FLOW="FLOW",e.CONDITION="CONDITION",e.ACTION="ACTION",e))(px||{});const fx=s.z.object({id:s.z.string(),type:s.z.literal("STEP"),coordinates:ws,alias:s.z.string().optional(),config:s.z.object({components:s.z.array(ux),next_node:s.z.string()}).passthrough()}),hx=s.z.object({id:s.z.string(),type:s.z.literal("FLOW"),coordinates:ws,alias:s.z.string().optional(),config:s.z.object({flow_id:s.z.string(),next_node:s.z.string()})}),gx=s.z.object({id:s.z.string(),type:s.z.literal("ACTION"),coordinates:ws,alias:s.z.string().optional(),config:s.z.object({action_type:s.z.enum(["REDIRECT"]).openapi({description:"The type of action to perform"}),target:s.z.enum(["change-email","account","custom"]).openapi({description:"The predefined target to redirect to"}),custom_url:s.z.string().optional().openapi({description:"Custom URL when target is 'custom'"}),next_node:s.z.string().openapi({description:"The next node to navigate to after action (for non-redirect actions)"})}).passthrough()}),mx=s.z.object({id:s.z.string(),type:s.z.string(),coordinates:ws}).passthrough(),yx=s.z.union([fx,hx,gx,mx]),_x=s.z.object({next_node:s.z.string(),coordinates:ws}).passthrough(),wx=s.z.object({resume_flow:s.z.boolean().optional(),coordinates:ws}).passthrough(),bx=s.z.object({id:s.z.string(),name:s.z.string(),languages:s.z.object({primary:s.z.string()}).passthrough(),nodes:s.z.array(yx),start:_x,ending:wx,created_at:s.z.string(),updated_at:s.z.string(),links:s.z.object({sdkSrc:s.z.string().optional(),sdk_src:s.z.string().optional()}).passthrough()}).passthrough(),JN=bx.omit({id:!0,created_at:!0,updated_at:!0});var Sn=(e=>(e.TOKEN="token",e.ID_TOKEN="id_token",e.TOKEN_ID_TOKEN="id_token token",e.CODE="code",e.CODE_ID_TOKEN="code id_token",e.CODE_TOKEN="code token",e.CODE_ID_TOKEN_TOKEN="code id_token token",e))(Sn||{}),vt=(e=>(e.QUERY="query",e.FRAGMENT="fragment",e.FORM_POST="form_post",e.WEB_MESSAGE="web_message",e.SAML_POST="saml_post",e))(vt||{}),lh=(e=>(e.S256="S256",e.Plain="plain",e))(lh||{});const Ll=s.z.object({client_id:s.z.string(),act_as:s.z.string().optional(),response_type:s.z.nativeEnum(Sn).optional(),response_mode:s.z.nativeEnum(vt).optional(),redirect_uri:s.z.string().optional(),audience:s.z.string().optional(),organization:s.z.string().optional(),state:s.z.string().optional(),nonce:s.z.string().optional(),scope:s.z.string().optional(),prompt:s.z.string().optional(),code_challenge_method:s.z.nativeEnum(lh).optional(),code_challenge:s.z.string().optional(),username:s.z.string().optional(),ui_locales:s.z.string().optional(),max_age:s.z.number().optional(),acr_values:s.z.string().optional(),vendor_id:s.z.string().optional()}),Ju=s.z.object({colors:s.z.object({primary:s.z.string(),page_background:s.z.union([s.z.string(),s.z.object({type:s.z.string().optional(),start:s.z.string().optional(),end:s.z.string().optional(),angle_deg:s.z.number().optional()})]).optional()}).optional(),logo_url:s.z.string().optional(),favicon_url:s.z.string().optional(),powered_by_logo_url:s.z.string().optional(),font:s.z.object({url:s.z.string()}).optional(),dark_mode:s.z.enum(["dark","light","auto"]).optional()}),vx=s.z.enum(["password_reset","email_verification","otp","mfa_otp","authorization_code","oauth2_state","ticket"]),Ax=s.z.object({code_id:s.z.string().openapi({description:"The code that will be used in for instance an email verification flow"}),login_id:s.z.string().openapi({description:"The id of the login session that the code is connected to"}),connection_id:s.z.string().optional().openapi({description:"The connection that the code is connected to"}),code_type:vx,code_verifier:s.z.string().optional().openapi({description:"The code verifier used in PKCE in outbound flows"}),code_challenge:s.z.string().optional().openapi({description:"The code challenge used in PKCE in outbound flows"}),code_challenge_method:s.z.enum(["plain","S256"]).optional().openapi({description:"The code challenge method used in PKCE in outbound flows"}),redirect_uri:s.z.string().optional().openapi({description:"The redirect URI associated with the code"}),otp:s.z.string().optional().openapi({description:"The one-time password value for OTP-based flows"}),nonce:s.z.string().optional().openapi({description:"The nonce value used for security in OIDC flows"}),state:s.z.string().optional().openapi({description:"The state parameter used for CSRF protection in OAuth flows"}),expires_at:s.z.string(),used_at:s.z.string().optional(),user_id:s.z.string().optional()}),YN=s.z.object({...Ax.shape,created_at:s.z.string()}),kx=s.z.object({kid:s.z.string().optional(),team_id:s.z.string().optional(),realms:s.z.string().optional(),authentication_method:s.z.string().optional(),client_id:s.z.string().optional(),client_secret:s.z.string().optional(),app_secret:s.z.string().optional(),scope:s.z.string().optional(),authorization_endpoint:s.z.string().optional(),token_endpoint:s.z.string().optional(),userinfo_endpoint:s.z.string().optional(),jwks_uri:s.z.string().optional(),discovery_url:s.z.string().optional(),issuer:s.z.string().optional(),provider:s.z.string().optional(),from:s.z.string().optional(),twilio_sid:s.z.string().optional(),twilio_token:s.z.string().optional(),icon_url:s.z.string().optional(),domain_aliases:s.z.array(s.z.string()).optional(),callback_url:s.z.string().url().optional(),passwordPolicy:s.z.enum(["none","low","fair","good","excellent"]).optional(),password_complexity_options:s.z.object({min_length:s.z.number().optional()}).optional(),password_history:s.z.object({enable:s.z.boolean().optional(),size:s.z.number().optional()}).optional(),password_no_personal_info:s.z.object({enable:s.z.boolean().optional()}).optional(),password_dictionary:s.z.object({enable:s.z.boolean().optional(),dictionary:s.z.array(s.z.string()).optional()}).optional(),disable_signup:s.z.boolean().optional(),brute_force_protection:s.z.boolean().optional(),import_mode:s.z.boolean().optional(),attributes:s.z.object({email:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional(),verification:s.z.object({active:s.z.boolean().optional()}).optional()}).optional(),validation:s.z.object({allowed:s.z.boolean().optional()}).optional(),unique:s.z.boolean().optional(),profile_required:s.z.boolean().optional(),verification_method:s.z.enum(["link","code"]).optional()}).optional(),username:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional()}).optional(),validation:s.z.object({max_length:s.z.number().optional(),min_length:s.z.number().optional(),allowed_types:s.z.object({email:s.z.boolean().optional(),phone_number:s.z.boolean().optional()}).optional()}).optional(),profile_required:s.z.boolean().optional()}).optional(),phone_number:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional()}).optional()}).optional()}).optional(),authentication_methods:s.z.object({password:s.z.object({enabled:s.z.boolean().optional()}).optional(),passkey:s.z.object({enabled:s.z.boolean().optional()}).optional()}).optional(),passkey_options:s.z.object({challenge_ui:s.z.enum(["both","autofill","button"]).optional(),local_enrollment_enabled:s.z.boolean().optional(),progressive_enrollment_enabled:s.z.boolean().optional()}).optional(),requires_username:s.z.boolean().optional(),validation:s.z.object({username:s.z.object({min:s.z.number().optional(),max:s.z.number().optional()}).optional()}).optional(),set_user_root_attributes:s.z.enum(["on_each_login","on_first_login","never_on_login"]).optional()});function sy(e){if(e!==null){if(Array.isArray(e))return e.filter(t=>t!==null).map(sy);if(e&&typeof e=="object"){const t={};for(const[n,i]of Object.entries(e))i!==null&&(t[n]=sy(i));return t}return e}}const Ap=s.z.object({id:s.z.string().optional(),name:s.z.string(),display_name:s.z.string().optional(),strategy:s.z.string(),options:s.z.preprocess(e=>e===null?{}:sy(e),kx).default({}),enabled_clients:s.z.array(s.z.string()).default([]).optional(),response_type:s.z.custom().optional(),response_mode:s.z.custom().optional(),is_domain_connection:s.z.boolean().optional(),show_as_button:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional(),is_system:s.z.boolean().optional()}),Dr=s.z.object({id:s.z.string(),created_at:s.z.string().transform(e=>e===null?"":e),updated_at:s.z.string().transform(e=>e===null?"":e)}).extend(Ap.shape),Nw=s.z.object({domain:s.z.string(),custom_domain_id:s.z.string().optional(),type:s.z.enum(["auth0_managed_certs","self_managed_certs"]),verification_method:s.z.enum(["txt"]).optional(),tls_policy:s.z.enum(["recommended"]).optional(),custom_client_ip_header:s.z.enum(["true-client-ip","cf-connecting-ip","x-forwarded-for","x-azure-clientip","null"]).optional(),domain_metadata:s.z.record(s.z.string().max(255)).optional()}),Sx=s.z.discriminatedUnion("name",[s.z.object({name:s.z.literal("txt"),record:s.z.string(),domain:s.z.string()}),s.z.object({name:s.z.literal("http"),http_body:s.z.string(),http_url:s.z.string()})]),Fr=s.z.object({...Nw.shape,custom_domain_id:s.z.string(),primary:s.z.boolean(),status:s.z.enum(["disabled","pending","pending_verification","ready"]),origin_domain_name:s.z.string().optional(),verification:s.z.object({methods:s.z.array(Sx)}).optional(),tls_policy:s.z.string().optional()}),QN=Fr.extend({tenant_id:s.z.string()}),Fw=s.z.object({id:s.z.string(),order:s.z.number().optional(),visible:s.z.boolean().optional().default(!0)}),oo=Fw.extend({category:s.z.literal("BLOCK").optional()}),ZN=oo.extend({type:s.z.literal("DIVIDER"),config:s.z.object({text:s.z.string().optional()}).optional()}),XN=oo.extend({type:s.z.literal("HTML"),config:s.z.object({content:s.z.string().optional()}).optional()}),e9=oo.extend({type:s.z.literal("IMAGE"),config:s.z.object({src:s.z.string().optional(),alt:s.z.string().optional(),width:s.z.number().optional(),height:s.z.number().optional()}).optional()}),t9=oo.extend({type:s.z.literal("JUMP_BUTTON"),config:s.z.object({text:s.z.string().optional(),target_step:s.z.string().optional()})}),n9=oo.extend({type:s.z.literal("RESEND_BUTTON"),config:s.z.object({text:s.z.string().optional(),resend_action:s.z.string().optional()})}),i9=oo.extend({type:s.z.literal("NEXT_BUTTON"),config:s.z.object({text:s.z.string().optional()})}),r9=oo.extend({type:s.z.literal("PREVIOUS_BUTTON"),config:s.z.object({text:s.z.string().optional()})}),o9=oo.extend({type:s.z.literal("RICH_TEXT"),config:s.z.object({content:s.z.string().optional()}).optional()}),Ow=Fw.extend({category:s.z.literal("WIDGET").optional(),label:s.z.string().min(1).optional(),hint:s.z.string().min(1).max(500).optional(),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional()}),s9=Ow.extend({type:s.z.literal("AUTH0_VERIFIABLE_CREDENTIALS"),config:s.z.object({credential_type:s.z.string().optional()})}),a9=Ow.extend({type:s.z.literal("GMAPS_ADDRESS"),config:s.z.object({api_key:s.z.string().optional()})}),c9=Ow.extend({type:s.z.literal("RECAPTCHA"),config:s.z.object({site_key:s.z.string().optional()})}),Lt=Fw.extend({category:s.z.literal("FIELD").optional(),label:s.z.string().min(1).optional(),hint:s.z.string().min(1).max(500).optional(),messages:s.z.array(s.z.object({id:s.z.number().optional(),text:s.z.string(),type:s.z.enum(["info","error","success","warning"])})).optional(),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional()}),l9=Lt.extend({type:s.z.literal("BOOLEAN"),config:s.z.object({default_value:s.z.boolean().optional()}).optional()}),d9=Lt.extend({type:s.z.literal("CARDS"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string(),description:s.z.string().optional(),image:s.z.string().optional()})).optional(),multi_select:s.z.boolean().optional()}).optional()}),u9=Lt.extend({type:s.z.literal("CHOICE"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string()})).optional(),display:s.z.enum(["radio","checkbox"]).optional(),multiple:s.z.boolean().optional(),default_value:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional()}).optional()}),p9=Lt.extend({type:s.z.literal("CUSTOM"),config:s.z.object({component:s.z.string().optional(),props:s.z.record(s.z.any()).optional(),schema:s.z.record(s.z.any()).optional(),code:s.z.string().optional()})}),f9=Lt.extend({type:s.z.literal("DATE"),config:s.z.object({format:s.z.string().optional(),min:s.z.string().optional(),max:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),h9=Lt.extend({type:s.z.literal("DROPDOWN"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string()})).optional(),placeholder:s.z.string().optional(),searchable:s.z.boolean().optional(),multiple:s.z.boolean().optional(),default_value:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional()}).optional()}),g9=Lt.extend({type:s.z.literal("EMAIL"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),m9=Lt.extend({type:s.z.literal("FILE"),config:s.z.object({accept:s.z.string().optional(),max_size:s.z.number().optional(),multiple:s.z.boolean().optional()}).optional()}),y9=Lt.extend({type:s.z.literal("LEGAL"),config:s.z.object({text:s.z.string(),html:s.z.boolean().optional()}).optional()}),_9=Lt.extend({type:s.z.literal("NUMBER"),config:s.z.object({placeholder:s.z.string().optional(),min:s.z.number().optional(),max:s.z.number().optional(),step:s.z.number().optional(),default_value:s.z.string().optional()}).optional()}),w9=Lt.extend({type:s.z.literal("PASSWORD"),config:s.z.object({placeholder:s.z.string().optional(),min_length:s.z.number().optional(),show_toggle:s.z.boolean().optional(),forgot_password_link:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),b9=Lt.extend({type:s.z.literal("PAYMENT"),config:s.z.object({provider:s.z.string().optional(),currency:s.z.string().optional()}).optional()}),v9=Lt.extend({type:s.z.literal("SOCIAL"),config:s.z.object({providers:s.z.array(s.z.string()).optional(),provider_details:s.z.array(s.z.object({name:s.z.string(),strategy:s.z.string().optional(),display_name:s.z.string().optional(),icon_url:s.z.string().optional(),href:s.z.string().optional()})).optional()}).optional()}),A9=Lt.extend({type:s.z.literal("TEL"),config:s.z.object({placeholder:s.z.string().optional(),default_country:s.z.string().optional(),default_value:s.z.string().optional(),allow_email:s.z.boolean().optional()}).optional()}),k9=Lt.extend({type:s.z.literal("TEXT"),config:s.z.object({placeholder:s.z.string().optional(),multiline:s.z.boolean().optional(),max_length:s.z.number().optional(),default_value:s.z.string().optional()}).optional()}),S9=Lt.extend({type:s.z.literal("COUNTRY"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),E9=Lt.extend({type:s.z.literal("URL"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),Ex=s.z.discriminatedUnion("type",[ZN,XN,e9,t9,n9,i9,r9,o9]),xx=s.z.discriminatedUnion("type",[s9,a9,c9]),Cx=s.z.discriminatedUnion("type",[l9,d9,u9,S9,p9,f9,h9,g9,m9,y9,_9,w9,b9,v9,A9,k9,E9]),jw=s.z.union([Ex,xx,Cx]),Rw=new Set(["BOOLEAN","CARDS","CHOICE","COUNTRY","DATE","DROPDOWN","EMAIL","LEGAL","NUMBER","PASSWORD","TEL","TEXT","URL"]),x9=s.z.object({id:s.z.string(),type:s.z.literal("submit"),label:s.z.string(),className:s.z.string().optional(),disabled:s.z.boolean().optional().default(!1),order:s.z.number().optional(),visible:s.z.boolean().optional().default(!0),customizations:s.z.record(s.z.string(),s.z.any()).optional()}),Ml=s.z.object({x:s.z.number(),y:s.z.number()}),C9=s.z.object({id:s.z.string(),type:s.z.literal("FLOW"),coordinates:Ml,alias:s.z.string().min(1).max(150).optional(),config:s.z.object({flow_id:s.z.string().max(30),next_node:s.z.string().optional()})}),T9=s.z.object({id:s.z.string(),type:s.z.literal("ROUTER"),coordinates:Ml,alias:s.z.string().min(1).max(150),config:s.z.object({rules:s.z.array(s.z.object({id:s.z.string(),alias:s.z.string().min(1).max(150).optional(),condition:s.z.any(),next_node:s.z.string()})),fallback:s.z.string()})}),$9=s.z.object({id:s.z.string(),type:s.z.literal("STEP"),coordinates:Ml,alias:s.z.string().min(1).max(150).optional(),config:s.z.object({components:s.z.array(jw),next_node:s.z.string().optional()})}),Tx=s.z.discriminatedUnion("type",[C9,T9,$9]),kp=s.z.object({name:s.z.string().openapi({description:"The name of the form"}),messages:s.z.object({errors:s.z.record(s.z.string(),s.z.any()).optional(),custom:s.z.record(s.z.string(),s.z.any()).optional()}).optional(),languages:s.z.object({primary:s.z.string().optional(),default:s.z.string().optional()}).optional(),translations:s.z.record(s.z.string(),s.z.any()).optional(),nodes:s.z.array(Tx).optional(),start:s.z.object({hidden_fields:s.z.array(s.z.object({key:s.z.string(),value:s.z.string()})).optional(),next_node:s.z.string().optional(),coordinates:Ml.optional()}).optional(),ending:s.z.object({redirection:s.z.object({delay:s.z.number().optional(),target:s.z.string().optional()}).optional(),after_submit:s.z.object({flow_id:s.z.string().optional()}).optional(),coordinates:Ml.optional(),resume_flow:s.z.boolean().optional()}).optional(),style:s.z.object({css:s.z.string().optional()}).optional(),links:s.z.object({sdkSrc:s.z.string().optional(),sdk_src:s.z.string().optional()}).optional()}).openapi({description:"Schema for flow-based forms (matches Auth0 Forms structure)"}),sa=s.z.object({...Mn.shape,...kp.shape,id:s.z.string()}),$x=s.z.object({id:s.z.number().optional(),text:s.z.string(),type:s.z.enum(["info","error","success","warning"])}),Ix=s.z.object({id:s.z.string().optional(),text:s.z.string(),href:s.z.string(),linkText:s.z.string().optional()}),I9=s.z.object({name:s.z.string().optional(),action:s.z.string(),method:s.z.enum(["POST","GET"]),title:s.z.string().optional(),description:s.z.string().optional(),components:s.z.array(jw),messages:s.z.array($x).optional(),links:s.z.array(Ix).optional(),footer:s.z.string().optional()});function z9(e){return e.category==="BLOCK"}function P9(e){return e.category==="WIDGET"}function N9(e){return e.category==="FIELD"}const zx=s.z.enum(["pre-user-registration","post-user-registration","post-user-login","post-user-update","validate-registration-username","pre-user-deletion","post-user-deletion"]),Px=s.z.enum(["pre-user-registration","post-user-registration","post-user-login","validate-registration-username","pre-user-deletion","post-user-deletion"]),Nx=s.z.enum(["post-user-login","post-user-registration","post-user-update","credentials-exchange"]),Fx=s.z.enum(["post-user-login","credentials-exchange","pre-user-registration","post-user-registration"]),Dw=s.z.enum(["ensure-username","set-preferred-username","account-linking"]),F9={"ensure-username":{name:"Ensure Username",description:"Automatically assigns a username to users who sign in without one. Creates a linked username account for social/email users.",trigger_ids:["post-user-login"]},"set-preferred-username":{name:"Set Preferred Username",description:"Sets the preferred_username claim on tokens based on the username from the primary or linked user.",trigger_ids:["credentials-exchange"]},"account-linking":{name:"Account Linking",description:"Links a user to an existing primary account with the same verified email. Idempotent — safe to run on every login, registration, and email update.",trigger_ids:["post-user-login","post-user-registration","post-user-update"]}},so={enabled:s.z.boolean().default(!1),synchronous:s.z.boolean().default(!1),priority:s.z.number().optional(),hook_id:s.z.string().optional(),metadata:s.z.record(s.z.unknown()).optional()},O9=s.z.object({...so,trigger_id:zx,url:s.z.string()}),j9=s.z.object({...so,trigger_id:Px,form_id:s.z.string()}),R9=s.z.object({...so,trigger_id:Nx,template_id:Dw}),D9=s.z.object({...so,trigger_id:Fx,code_id:s.z.string()}),ay=s.z.union([O9,j9,R9,D9]),B9=s.z.object({...so,trigger_id:zx,...Mn.shape,hook_id:s.z.string(),url:s.z.string()}),L9=s.z.object({...so,trigger_id:Px,...Mn.shape,hook_id:s.z.string(),form_id:s.z.string()}),M9=s.z.object({...so,trigger_id:Nx,...Mn.shape,hook_id:s.z.string(),template_id:Dw}),U9=s.z.object({...so,trigger_id:Fx,...Mn.shape,hook_id:s.z.string(),code_id:s.z.string()}),aa=s.z.union([B9,L9,M9,U9]),Sp=s.z.object({code:s.z.string().max(1e5),secrets:s.z.record(s.z.string()).optional()}),Bw=Sp.extend({id:s.z.string(),tenant_id:s.z.string(),...Mn.shape}),Ox=s.z.object({name:s.z.string().optional()}),jx=s.z.object({email:s.z.string().optional()}),Lw=s.z.object({organization_id:s.z.string().max(50),inviter:Ox,invitee:jx,invitation_url:s.z.string().url(),client_id:s.z.string(),connection_id:s.z.string().optional(),app_metadata:s.z.record(s.z.any()).default({}).optional(),user_metadata:s.z.record(s.z.any()).default({}).optional(),ttl_sec:s.z.number().int().max(2592e3).default(604800).optional(),roles:s.z.array(s.z.string()).default([]).optional(),send_invitation_email:s.z.boolean().default(!0).optional()}),$l=s.z.object({id:s.z.string(),organization_id:s.z.string().max(50),created_at:s.z.string().datetime(),expires_at:s.z.string().datetime(),ticket_id:s.z.string().optional()}).extend(Lw.shape),dh=s.z.object({alg:s.z.enum(["RS256","RS384","RS512","ES256","ES384","ES512","HS256","HS384","HS512"]),kid:s.z.string(),kty:s.z.enum(["RSA","EC","oct"]),use:s.z.enum(["sig","enc"]).optional(),n:s.z.string().optional(),e:s.z.string().optional(),crv:s.z.string().optional(),x:s.z.string().optional(),y:s.z.string().optional(),x5t:s.z.string().optional(),x5c:s.z.array(s.z.string()).optional()}).superRefine((e,t)=>{if(e.kty==="RSA")for(const n of["n","e"])e[n]||t.addIssue({code:s.z.ZodIssueCode.custom,path:[n],message:`RSA JWK is missing required member '${n}'`});else if(e.kty==="EC")for(const n of["crv","x","y"])e[n]||t.addIssue({code:s.z.ZodIssueCode.custom,path:[n],message:`EC JWK is missing required member '${n}'`})}),Ep=s.z.object({keys:s.z.array(dh)}),cy=s.z.object({issuer:s.z.string(),authorization_endpoint:s.z.string(),token_endpoint:s.z.string(),userinfo_endpoint:s.z.string(),jwks_uri:s.z.string(),registration_endpoint:s.z.string().optional(),revocation_endpoint:s.z.string(),end_session_endpoint:s.z.string().optional(),scopes_supported:s.z.array(s.z.string()),response_types_supported:s.z.array(s.z.string()),grant_types_supported:s.z.array(s.z.string()).optional(),code_challenge_methods_supported:s.z.array(s.z.string()),response_modes_supported:s.z.array(s.z.string()),subject_types_supported:s.z.array(s.z.string()),id_token_signing_alg_values_supported:s.z.array(s.z.string()),token_endpoint_auth_methods_supported:s.z.array(s.z.string()),claims_supported:s.z.array(s.z.string()),request_uri_parameter_supported:s.z.boolean(),request_parameter_supported:s.z.boolean(),request_object_signing_alg_values_supported:s.z.array(s.z.string()).optional(),token_endpoint_auth_signing_alg_values_supported:s.z.array(s.z.string())});var be=(e=>(e.PENDING="pending",e.AUTHENTICATED="authenticated",e.AWAITING_EMAIL_VERIFICATION="awaiting_email_verification",e.AWAITING_MFA="awaiting_mfa",e.AWAITING_HOOK="awaiting_hook",e.AWAITING_CONTINUATION="awaiting_continuation",e.COMPLETED="completed",e.FAILED="failed",e.EXPIRED="expired",e))(be||{});const Rx=s.z.nativeEnum(be),Dx=s.z.object({strategy:s.z.string(),strategy_type:s.z.string()}),Bx=s.z.object({csrf_token:s.z.string(),auth0Client:s.z.string().optional(),authParams:Ll,expires_at:s.z.string(),deleted_at:s.z.string().optional(),ip:s.z.string().optional(),useragent:s.z.string().optional(),session_id:s.z.string().optional(),authorization_url:s.z.string().optional(),state:Rx.optional().default("pending"),state_data:s.z.string().optional(),failure_reason:s.z.string().optional(),user_id:s.z.string().optional(),auth_connection:s.z.string().optional(),auth_strategy:Dx.optional(),authenticated_at:s.z.string().optional()}).openapi({description:"This represents a login sesion"}),q9=s.z.object({...Bx.shape,id:s.z.string().openapi({description:"This is is used as the state in the universal login"}),created_at:s.z.string(),updated_at:s.z.string()}),O={ACLS_SUMMARY:"acls_summary",ACTIONS_EXECUTION_FAILED:"actions_execution_failed",API_LIMIT:"api_limit",API_LIMIT_WARNING:"api_limit_warning",APPI:"appi",CIBA_EXCHANGE_FAILED:"ciba_exchange_failed",CIBA_EXCHANGE_SUCCEEDED:"ciba_exchange_succeeded",CIBA_START_FAILED:"ciba_start_failed",CIBA_START_SUCCEEDED:"ciba_start_succeeded",CODE_LINK_SENT:"cls",CODE_SENT:"cs",DEPRECATION_NOTICE:"depnote",FAILED_LOGIN:"f",FAILED_BY_CONNECTOR:"fc",FAILED_CHANGE_EMAIL:"fce",FAILED_BY_CORS:"fco",FAILED_CROSS_ORIGIN_AUTHENTICATION:"fcoa",FAILED_CHANGE_PASSWORD:"fcp",FAILED_POST_CHANGE_PASSWORD_HOOK:"fcph",FAILED_CHANGE_PHONE_NUMBER:"fcpn",FAILED_CHANGE_PASSWORD_REQUEST:"fcpr",FAILED_CONNECTOR_PROVISIONING:"fcpro",FAILED_CHANGE_USERNAME:"fcu",FAILED_DELEGATION:"fd",FAILED_DEVICE_ACTIVATION:"fdeac",FAILED_DEVICE_AUTHORIZATION_REQUEST:"fdeaz",USER_CANCELED_DEVICE_CONFIRMATION:"fdecc",FAILED_USER_DELETION:"fdu",FAILED_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN:"feacft",FAILED_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS:"feccft",FAILED_EXCHANGE_CUSTOM_TOKEN:"fecte",FAILED_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN:"fede",FAILED_FEDERATED_LOGOUT:"federated_logout_failed",FAILED_EXCHANGE_NATIVE_SOCIAL_LOGIN:"fens",FAILED_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN:"feoobft",FAILED_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN:"feotpft",FAILED_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN:"fepft",FAILED_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN:"fepotpft",FAILED_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN:"fercft",FAILED_EXCHANGE_ROTATING_REFRESH_TOKEN:"ferrt",FAILED_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN:"fertft",FAILED_HOOK:"fh",FAILED_IMPERSONATION:"fimp",FAILED_INVITE_ACCEPT:"fi",FAILED_LOGOUT:"flo",FLOWS_EXECUTION_COMPLETED:"flows_execution_completed",FLOWS_EXECUTION_FAILED:"flows_execution_failed",FAILED_SENDING_NOTIFICATION:"fn",FORMS_SUBMISSION_FAILED:"forms_submission_failed",FORMS_SUBMISSION_SUCCEEDED:"forms_submission_succeeded",FAILED_LOGIN_INCORRECT_PASSWORD:"fp",FAILED_PUSHED_AUTHORIZATION_REQUEST:"fpar",FAILED_POST_USER_REGISTRATION_HOOK:"fpurh",FAILED_SIGNUP:"fs",FAILED_SILENT_AUTH:"fsa",FAILED_LOGIN_INVALID_EMAIL_USERNAME:"fu",FAILED_USERS_IMPORT:"fui",FAILED_VERIFICATION_EMAIL:"fv",FAILED_VERIFICATION_EMAIL_REQUEST:"fvr",EMAIL_VERIFICATION_CONFIRMED:"gd_auth_email_verification",EMAIL_VERIFICATION_FAILED:"gd_auth_fail_email_verification",MFA_AUTH_FAILED:"gd_auth_failed",MFA_AUTH_REJECTED:"gd_auth_rejected",MFA_AUTH_SUCCESS:"gd_auth_succeed",MFA_ENROLLMENT_COMPLETE:"gd_enrollment_complete",TOO_MANY_MFA_FAILURES:"gd_otp_rate_limit_exceed",MFA_RECOVERY_FAILED:"gd_recovery_failed",MFA_RECOVERY_RATE_LIMIT_EXCEED:"gd_recovery_rate_limit_exceed",MFA_RECOVERY_SUCCESS:"gd_recovery_succeed",MFA_EMAIL_SENT:"gd_send_email",EMAIL_VERIFICATION_SENT:"gd_send_email_verification",EMAIL_VERIFICATION_SEND_FAILURE:"gd_send_email_verification_failure",PUSH_NOTIFICATION_SENT:"gd_send_pn",ERROR_SENDING_MFA_PUSH_NOTIFICATION:"gd_send_pn_failure",MFA_SMS_SENT:"gd_send_sms",ERROR_SENDING_MFA_SMS:"gd_send_sms_failure",MFA_VOICE_CALL_SUCCESS:"gd_send_voice",MFA_VOICE_CALL_FAILED:"gd_send_voice_failure",SECOND_FACTOR_STARTED:"gd_start_auth",MFA_ENROLL_STARTED:"gd_start_enroll",MFA_ENROLLMENT_FAILED:"gd_start_enroll_failed",GUARDIAN_TENANT_UPDATE:"gd_tenant_update",UNENROLL_DEVICE_ACCOUNT:"gd_unenroll",UPDATE_DEVICE_ACCOUNT:"gd_update_device_account",WEBAUTHN_CHALLENGE_FAILED:"gd_webauthn_challenge_failed",WEBAUTHN_ENROLLMENT_FAILED:"gd_webauthn_enrollment_failed",FAILED_KMS_API_OPERATION:"kms_key_management_failure",SUCCESS_KMS_API_OPERATION:"kms_key_management_success",KMS_KEY_STATE_CHANGED:"kms_key_state_changed",TOO_MANY_CALLS_TO_DELEGATION:"limit_delegation",BLOCKED_IP_ADDRESS:"limit_mu",BLOCKED_ACCOUNT_IP:"limit_sul",BLOCKED_ACCOUNT_EMAIL:"limit_wc",MFA_REQUIRED:"mfar",MANAGEMENT_API_READ_OPERATION:"mgmt_api_read",FAILED_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT:"my_account_authentication_method_failed",SUCCESSFUL_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT:"my_account_authentication_method_succeeded",FAILED_OIDC_BACKCHANNEL_LOGOUT:"oidc_backchannel_logout_failed",SUCCESSFUL_OIDC_BACKCHANNEL_LOGOUT:"oidc_backchannel_logout_succeeded",ORGANIZATION_MEMBER_ADDED:"organization_member_added",PASSKEY_CHALLENGE_FAILED:"passkey_challenge_failed",PASSKEY_CHALLENGE_STARTED:"passkey_challenge_started",PRE_LOGIN_ASSESSMENT:"pla",BREACHED_PASSWORD:"pwd_leak",BREACHED_PASSWORD_ON_RESET:"reset_pwd_leak",SUCCESS_RESOURCE_CLEANUP:"resource_cleanup",RICH_CONSENTS_ACCESS_ERROR:"rich_consents_access_error",SUCCESS_LOGIN:"s",SUCCESS_API_OPERATION:"sapi",FAILED_API_OPERATION:"fapi",SUCCESS_CHANGE_EMAIL:"sce",SUCCESS_CROSS_ORIGIN_AUTHENTICATION:"scoa",SUCCESS_CHANGE_PASSWORD:"scp",SUCCESS_CHANGE_PHONE_NUMBER:"scpn",SUCCESS_CHANGE_PASSWORD_REQUEST:"scpr",SUCCESS_CHANGE_USERNAME:"scu",SUCCESS_CREDENTIAL_VALIDATION:"scv",SUCCESS_DELEGATION:"sd",SUCCESS_USER_DELETION:"sdu",SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN:"seacft",SUCCESS_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS:"seccft",SUCCESS_EXCHANGE_CUSTOM_TOKEN:"secte",SUCCESS_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN:"sede",SUCCESS_EXCHANGE_NATIVE_SOCIAL_LOGIN:"sens",SUCCESS_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN:"seoobft",SUCCESS_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN:"seotpft",SUCCESS_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN:"sepft",SUCCESS_EXCHANGE_PASSKEY_OOB_FOR_ACCESS_TOKEN:"sepkoobft",SUCCESS_EXCHANGE_PASSKEY_OTP_FOR_ACCESS_TOKEN:"sepkotpft",SUCCESS_EXCHANGE_PASSKEY_MFA_RECOVERY_FOR_ACCESS_TOKEN:"sepkrcft",SUCCESS_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN:"sercft",SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN:"sertft",SUCCESS_IMPERSONATION:"simp",SUCCESSFULLY_ACCEPTED_USER_INVITE:"si",BREACHED_PASSWORD_ON_SIGNUP:"signup_pwd_leak",SUCCESS_LOGOUT:"slo",SUCCESS_HOOK:"sh",SUCCESS_REVOCATION:"srrt",SUCCESS_SIGNUP:"ss",FAILED_SS_SSO_OPERATION:"ss_sso_failure",INFORMATION_FROM_SS_SSO_OPERATION:"ss_sso_info",SUCCESS_SS_SSO_OPERATION:"ss_sso_success",SUCCESS_SILENT_AUTH:"ssa",SUCCESSFUL_SCIM_OPERATION:"sscim",SUCCESSFULLY_IMPORTED_USERS:"sui",SUCCESS_VERIFICATION_EMAIL:"sv",SUCCESS_VERIFICATION_EMAIL_REQUEST:"svr",MAX_AMOUNT_OF_AUTHENTICATORS:"too_many_records",USER_LOGIN_BLOCK_RELEASED:"ublkdu",FAILED_UNIVERSAL_LOGOUT:"universal_logout_failed",SUCCESSFUL_UNIVERSAL_LOGOUT:"universal_logout_succeeded",WARNING_DURING_LOGIN:"w",WARNING_SENDING_NOTIFICATION:"wn",WARNING_USER_MANAGEMENT:"wum"},H9=s.z.string().refine(e=>Object.values(O).includes(e),{message:"Invalid log type"}),Lx=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.object({node:s.z.string().optional()}).optional()}),Mx=s.z.object({country_code:s.z.string().length(2),city_name:s.z.string(),latitude:s.z.string(),longitude:s.z.string(),time_zone:s.z.string(),continent_code:s.z.string()}),Ux=s.z.object({type:H9,date:s.z.string(),description:s.z.string().optional(),ip:s.z.string().optional(),user_agent:s.z.string().optional(),details:s.z.any().optional(),isMobile:s.z.boolean(),user_id:s.z.string().optional(),user_name:s.z.string().optional(),connection:s.z.string().optional(),connection_id:s.z.string().optional(),client_id:s.z.string().optional(),client_name:s.z.string().optional(),audience:s.z.string().optional(),scope:s.z.string().optional(),strategy:s.z.string().optional(),strategy_type:s.z.string().optional(),hostname:s.z.string().optional(),auth0_client:Lx.optional(),log_id:s.z.string().optional(),location_info:Mx.optional()}),$a=s.z.object({...Ux.shape,log_id:s.z.string()}),qx=s.z.enum(["http","eventbridge","eventgrid","splunk","datadog","sumo"]),Mw=s.z.enum(["active","paused","suspended"]),Hx=s.z.object({type:s.z.string(),name:s.z.string()}),Uw=s.z.object({name:s.z.string(),type:qx,status:Mw.optional(),sink:s.z.record(s.z.string(),s.z.unknown()),filters:s.z.array(Hx).optional(),isPriority:s.z.boolean().optional()}),Gs=Uw.extend({id:s.z.string(),status:Mw,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),ca=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),admin_notification_frequency:s.z.array(s.z.string()).optional(),method:s.z.string().optional(),stage:s.z.object({"pre-user-registration":s.z.object({shields:s.z.array(s.z.string()).optional()}).optional(),"pre-change-password":s.z.object({shields:s.z.array(s.z.string()).optional()}).optional()}).optional()}),la=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional(),mode:s.z.string().optional(),max_attempts:s.z.number().optional()}),da=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional(),stage:s.z.object({"pre-login":s.z.object({max_attempts:s.z.number().optional(),rate:s.z.number().optional()}).optional(),"pre-user-registration":s.z.object({max_attempts:s.z.number().optional(),rate:s.z.number().optional()}).optional()}).optional()}),Vx=s.z.object({breached_password_detection:ca.optional(),brute_force_protection:la.optional(),suspicious_ip_throttling:da.optional()}),Kx=s.z.object({id:s.z.string().optional(),user_id:s.z.string(),password:s.z.string(),algorithm:s.z.enum(["bcrypt","argon2id"]).default("argon2id"),is_current:s.z.boolean().default(!0)}),V9=Kx.extend({id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}),Gx=s.z.object({initial_user_agent:s.z.string().describe("First user agent of the device from which this user logged in"),initial_ip:s.z.string().describe("First IP address associated with this session"),initial_asn:s.z.string().describe("First autonomous system number associated with this session"),last_user_agent:s.z.string().describe("Last user agent of the device from which this user logged in"),last_ip:s.z.string().describe("Last IP address from which this user logged in"),last_asn:s.z.string().describe("Last autonomous system number from which this user logged in")}),Wx=s.z.object({id:s.z.string(),revoked_at:s.z.string().optional(),used_at:s.z.string().optional(),user_id:s.z.string().describe("The user ID associated with the session"),expires_at:s.z.string().optional(),login_session_id:s.z.string(),idle_expires_at:s.z.string().optional(),device:Gx.describe("Metadata related to the device used in the session"),clients:s.z.array(s.z.string()).describe("List of client details for the session")}),uh=s.z.object({created_at:s.z.string(),updated_at:s.z.string(),authenticated_at:s.z.string(),last_interaction_at:s.z.string(),...Wx.shape}),ly=s.z.object({kid:s.z.string().openapi({description:"The key id of the signing key"}),tenant_id:s.z.string().optional().openapi({description:"The tenant the key belongs to. Omitted means the key is shared / control-plane scoped."}),cert:s.z.string().openapi({description:"The public certificate of the signing key"}),fingerprint:s.z.string().openapi({description:"The cert fingerprint"}),thumbprint:s.z.string().openapi({description:"The cert thumbprint"}),pkcs7:s.z.string().optional().openapi({description:"The private key in pkcs7 format"}),current:s.z.boolean().optional().openapi({description:"True if the key is the current key"}),next:s.z.boolean().optional().openapi({description:"True if the key is the next key"}),previous:s.z.boolean().optional().openapi({description:"True if the key is the previous key"}),current_since:s.z.string().optional().openapi({description:"The date and time when the key became the current key"}),current_until:s.z.string().optional().openapi({description:"The date and time when the current key was rotated"}),revoked:s.z.boolean().optional().openapi({description:"True if the key is revoked"}),revoked_at:s.z.string().optional().openapi({description:"The date and time when the key was revoked"}),connection:s.z.string().optional().openapi({description:"The connection identifier associated with the key"}),type:s.z.enum(["jwt_signing","saml_encryption"]).openapi({description:"The type of the signing key"})}),qw=s.z.object({id:s.z.string().optional(),audience:s.z.string(),friendly_name:s.z.string(),picture_url:s.z.string().optional(),support_email:s.z.string().optional(),support_url:s.z.string().optional(),sender_email:s.z.string().email(),sender_name:s.z.string(),session_lifetime:s.z.number().optional(),idle_session_lifetime:s.z.number().optional(),ephemeral_session_lifetime:s.z.number().optional(),idle_ephemeral_session_lifetime:s.z.number().optional(),session_cookie:s.z.object({mode:s.z.enum(["persistent","non-persistent"]).optional()}).optional(),allowed_logout_urls:s.z.array(s.z.string()).optional(),default_redirection_uri:s.z.string().optional(),default_client_id:s.z.string().optional(),enabled_locales:s.z.array(s.z.string()).optional(),default_directory:s.z.string().optional(),error_page:s.z.object({html:s.z.string().optional(),show_log_link:s.z.boolean().optional(),url:s.z.string().optional()}).nullish(),flags:s.z.object({allow_changing_enable_sso:s.z.boolean().optional(),allow_legacy_delegation_grant_types:s.z.boolean().optional(),allow_legacy_ro_grant_types:s.z.boolean().optional(),allow_legacy_tokeninfo_endpoint:s.z.boolean().optional(),change_pwd_flow_v1:s.z.boolean().optional(),custom_domains_provisioning:s.z.boolean().optional(),dashboard_insights_view:s.z.boolean().optional(),dashboard_log_streams_next:s.z.boolean().optional(),disable_clickjack_protection_headers:s.z.boolean().optional(),disable_fields_map_fix:s.z.boolean().optional(),disable_impersonation:s.z.boolean().optional(),disable_management_api_sms_obfuscation:s.z.boolean().optional(),enable_adfs_waad_email_verification:s.z.boolean().optional(),enable_apis_section:s.z.boolean().optional(),enable_client_connections:s.z.boolean().optional(),enable_custom_domain_in_emails:s.z.boolean().optional(),enable_dynamic_client_registration:s.z.boolean().optional(),dcr_require_initial_access_token:s.z.boolean().optional(),dcr_allowed_grant_types:s.z.array(s.z.string()).optional(),allow_http_return_to:s.z.array(s.z.string().refine(e=>{try{const t=new URL(e);return t.protocol==="http:"&&(t.pathname===""||t.pathname==="/")&&!t.search&&!t.hash&&e===t.origin}catch{return!1}},{message:"must be a fully-qualified http origin (scheme + host + port, no path)"})).optional(),enable_idtoken_api2:s.z.boolean().optional(),enable_legacy_logs_search_v2:s.z.boolean().optional(),enable_legacy_profile:s.z.boolean().optional(),enable_pipeline2:s.z.boolean().optional(),enable_public_signup_user_exists_error:s.z.boolean().optional(),enable_sso:s.z.boolean().optional(),enforce_client_authentication_on_passwordless_start:s.z.boolean().optional(),genai_trial:s.z.boolean().optional(),improved_signup_bot_detection_in_classic:s.z.boolean().optional(),mfa_show_factor_list_on_enrollment:s.z.boolean().optional(),no_disclose_enterprise_connections:s.z.boolean().optional(),remove_alg_from_jwks:s.z.boolean().optional(),revoke_refresh_token_grant:s.z.boolean().optional(),trust_azure_adfs_email_verified_connection_property:s.z.boolean().optional(),use_scope_descriptions_for_consent:s.z.boolean().optional(),inherit_global_permissions_in_organizations:s.z.boolean().optional()}).optional(),sandbox_version:s.z.string().optional(),legacy_sandbox_version:s.z.string().optional(),sandbox_versions_available:s.z.array(s.z.string()).optional(),change_password:s.z.object({enabled:s.z.boolean().optional(),html:s.z.string().optional()}).optional(),guardian_mfa_page:s.z.object({enabled:s.z.boolean().optional(),html:s.z.string().optional()}).optional(),device_flow:s.z.object({charset:s.z.enum(["base20","digits"]).optional(),mask:s.z.string().max(20).optional()}).optional(),default_token_quota:s.z.object({clients:s.z.object({client_credentials:s.z.record(s.z.any()).optional()}).optional(),organizations:s.z.object({client_credentials:s.z.record(s.z.any()).optional()}).optional()}).nullish(),default_audience:s.z.string().optional(),default_organization:s.z.string().optional(),sessions:s.z.object({oidc_logout_prompt_enabled:s.z.boolean().optional()}).optional(),oidc_logout:s.z.object({rp_logout_end_session_endpoint_discovery:s.z.boolean().optional()}).optional(),allow_organization_name_in_authentication_api:s.z.boolean().optional(),customize_mfa_in_postlogin_action:s.z.boolean().optional(),acr_values_supported:s.z.array(s.z.string()).optional(),mtls:s.z.object({enable_endpoint_aliases:s.z.boolean().optional()}).nullish(),pushed_authorization_requests_supported:s.z.boolean().optional(),authorization_response_iss_parameter_supported:s.z.boolean().optional(),attack_protection:Vx.optional(),mfa:s.z.object({policy:s.z.enum(["never","always"]).default("never").optional(),factors:s.z.object({sms:s.z.boolean().default(!1),otp:s.z.boolean().default(!1),email:s.z.boolean().default(!1),push_notification:s.z.boolean().default(!1),webauthn_roaming:s.z.boolean().default(!1),webauthn_platform:s.z.boolean().default(!1),recovery_code:s.z.boolean().default(!1),duo:s.z.boolean().default(!1)}).optional(),sms_provider:s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"]).optional()}).optional(),twilio:s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}).optional(),phone_message:s.z.object({message:s.z.string().optional()}).optional()}).optional()}),xp=s.z.object({created_at:s.z.string().nullable().transform(e=>e??""),updated_at:s.z.string().nullable().transform(e=>e??""),...qw.shape,id:s.z.string()});var Zt=(e=>(e.RefreshToken="refresh_token",e.AuthorizationCode="authorization_code",e.ClientCredential="client_credentials",e.Passwordless="passwordless",e.Password="password",e.OTP="http://auth0.com/oauth/grant-type/passwordless/otp",e))(Zt||{});const Hw=s.z.object({access_token:s.z.string(),id_token:s.z.string().optional(),scope:s.z.string().optional(),state:s.z.string().optional(),refresh_token:s.z.string().optional(),token_type:s.z.string(),expires_in:s.z.number()});s.z.object({code:s.z.string(),state:s.z.string().optional()});const Jx=s.z.object({button_border_radius:s.z.number(),button_border_weight:s.z.number(),buttons_style:s.z.enum(["pill","rounded","sharp"]),input_border_radius:s.z.number(),input_border_weight:s.z.number(),inputs_style:s.z.enum(["pill","rounded","sharp"]),show_widget_shadow:s.z.boolean(),widget_border_weight:s.z.number(),widget_corner_radius:s.z.number()}),Yx=s.z.object({base_focus_color:s.z.string(),base_hover_color:s.z.string(),body_text:s.z.string(),captcha_widget_theme:s.z.enum(["auto","dark","light"]),error:s.z.string(),header:s.z.string(),icons:s.z.string(),input_background:s.z.string(),input_border:s.z.string(),input_filled_text:s.z.string(),input_labels_placeholders:s.z.string(),links_focused_components:s.z.string(),primary_button:s.z.string(),primary_button_label:s.z.string(),secondary_button_border:s.z.string(),secondary_button_label:s.z.string(),success:s.z.string(),widget_background:s.z.string(),widget_border:s.z.string()}),Co=s.z.object({bold:s.z.boolean(),size:s.z.number()}),Qx=s.z.object({body_text:Co,buttons_text:Co,font_url:s.z.string(),input_labels:Co,links:Co,links_style:s.z.enum(["normal","underlined"]),reference_text_size:s.z.number(),subtitle:Co,title:Co}),Zx=s.z.object({background_color:s.z.string(),background_image_url:s.z.string(),page_layout:s.z.enum(["center","left","right"]),logo_placement:s.z.enum(["widget","chip","none"]).optional()}),Xx=s.z.object({header_text_alignment:s.z.enum(["center","left","right"]),logo_height:s.z.number(),logo_position:s.z.enum(["center","left","none","right"]),logo_url:s.z.string(),social_buttons_layout:s.z.enum(["bottom","top"])}),eC=s.z.object({borders:Jx,colors:Yx,displayName:s.z.string(),fonts:Qx,page_background:Zx,widget:Xx}),Yu=eC.extend({themeId:s.z.string()}),Ko=s.z.object({universal_login_experience:s.z.enum(["new","classic"]).default("new"),identifier_first:s.z.boolean().default(!0),password_first:s.z.boolean().default(!1),webauthn_platform_first_factor:s.z.boolean()}),Ws=s.z.object({name:s.z.string(),enabled:s.z.boolean().optional().default(!0),default_from_address:s.z.string().optional(),credentials:s.z.record(s.z.string(),s.z.unknown()),settings:s.z.object({}).optional()}),Vw=s.z.enum(["verify_email","verify_email_by_code","reset_email","reset_email_by_code","welcome_email","blocked_account","stolen_credentials","enrollment_email","mfa_oob_code","change_password","password_reset","user_invitation"]),Or=s.z.object({template:Vw,body:s.z.string(),from:s.z.string(),subject:s.z.string(),syntax:s.z.literal("liquid").default("liquid"),resultUrl:s.z.string().optional(),urlLifetimeInSeconds:s.z.number().int().nonnegative().optional(),includeEmailInRedirect:s.z.boolean().default(!1),enabled:s.z.boolean().default(!0)}),Kw=s.z.object({id:s.z.string(),login_id:s.z.string(),user_id:s.z.string(),client_id:s.z.string(),expires_at:s.z.string().optional(),idle_expires_at:s.z.string().optional(),last_exchanged_at:s.z.string().optional(),device:Gx,resource_servers:s.z.array(s.z.object({audience:s.z.string(),scopes:s.z.string()})),rotating:s.z.boolean(),token_lookup:s.z.string().optional(),token_hash:s.z.string().optional(),family_id:s.z.string().optional(),rotated_to:s.z.string().optional(),rotated_at:s.z.string().optional()}),K9=s.z.object({created_at:s.z.string(),revoked_at:s.z.string().optional(),...Kw.shape}),G9=s.z.object({to:s.z.string(),message:s.z.string()}),W9=s.z.object({name:s.z.string(),options:s.z.object({})}),tC=s.z.object({value:s.z.string(),description:s.z.string().optional()}),nC=s.z.object({token_dialect:s.z.enum(["access_token","access_token_authz"]).optional(),enforce_policies:s.z.boolean().optional(),allow_skipping_userinfo:s.z.boolean().optional(),skip_userinfo:s.z.boolean().optional(),persist_client_authorization:s.z.boolean().optional(),enable_introspection_endpoint:s.z.boolean().optional(),mtls:s.z.object({bound_access_tokens:s.z.boolean().optional()}).optional()}),Cp=s.z.object({id:s.z.string().optional(),name:s.z.string(),identifier:s.z.string(),scopes:s.z.array(tC).optional(),signing_alg:s.z.string().optional(),signing_secret:s.z.string().optional(),token_lifetime:s.z.number().default(86400),token_lifetime_for_web:s.z.number().default(7200),skip_consent_for_verifiable_first_party_clients:s.z.boolean().optional(),allow_offline_access:s.z.boolean().optional(),verificationKey:s.z.string().optional(),options:nC.optional(),is_system:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional()}),Lo=s.z.object({...Cp.shape,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),J9=s.z.array(Lo),iC=s.z.object({role_id:s.z.string(),resource_server_identifier:s.z.string(),permission_name:s.z.string()}),Gw=s.z.object({...iC.shape,created_at:s.z.string()}),rC=s.z.array(Gw),oC=s.z.object({user_id:s.z.string(),resource_server_identifier:s.z.string(),permission_name:s.z.string(),organization_id:s.z.string().optional()}),sC=s.z.object({...oC.shape,tenant_id:s.z.string(),created_at:s.z.string().optional()}),Y9=s.z.array(sC),aC=s.z.object({user_id:s.z.string(),resource_server_identifier:s.z.string(),resource_server_name:s.z.string(),permission_name:s.z.string(),description:s.z.string().nullable().optional(),created_at:s.z.string().optional(),organization_id:s.z.string().optional()}),cC=s.z.array(aC),lC=s.z.object({user_id:s.z.string(),role_id:s.z.string(),organization_id:s.z.string().optional()}),dC=s.z.object({...lC.shape,tenant_id:s.z.string(),created_at:s.z.string().optional()}),Q9=s.z.array(dC),Tp=s.z.object({id:s.z.string().optional().openapi({description:"The unique identifier of the role. If not provided, one will be generated."}),name:s.z.string().min(1).max(50).openapi({description:"The name of the role. Cannot include '<' or '>'"}),description:s.z.string().max(255).optional().openapi({description:"The description of the role"}),is_system:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional().openapi({description:"Metadata associated with the role. Can be used to control sync behavior in multi-tenancy scenarios."})}),Mo=Tp.extend({id:s.z.string().openapi({description:"The unique identifier of the role"}),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),$p=s.z.array(Mo),uC=s.z.object({logo_url:s.z.string().optional().openapi({description:"URL of the organization's logo"}),colors:s.z.object({primary:s.z.string().optional().openapi({description:"Primary color in hex format (e.g., #FF0000)"}),page_background:s.z.string().optional().openapi({description:"Page background color in hex format (e.g., #FFFFFF)"})}).optional()}).optional(),pC=s.z.object({connection_id:s.z.string().openapi({description:"ID of the connection"}),assign_membership_on_login:s.z.boolean().default(!1).openapi({description:"Whether to assign membership to the organization on login"}),show_as_button:s.z.boolean().default(!0).openapi({description:"Whether to show this connection as a button in the login screen"}),is_signup_enabled:s.z.boolean().default(!0).openapi({description:"Whether signup is enabled for this connection"})}),fC=s.z.object({client_credentials:s.z.object({enforce:s.z.boolean().default(!1).openapi({description:"Whether to enforce token quota limits"}),per_day:s.z.number().min(0).default(0).openapi({description:"Maximum tokens per day (0 = unlimited)"}),per_hour:s.z.number().min(0).default(0).openapi({description:"Maximum tokens per hour (0 = unlimited)"})}).optional()}).optional(),Ip=s.z.object({id:s.z.string().optional(),name:s.z.string().min(1).regex(/^[a-z0-9_-]+$/,{message:"Organization name must be lowercase and can only contain letters, numbers, hyphens, and underscores"}).openapi({description:"The name of the organization. Must be lowercase and can only contain letters, numbers, hyphens, and underscores."}),display_name:s.z.string().optional().openapi({description:"The display name of the organization"}),branding:uC,metadata:s.z.record(s.z.any()).default({}).optional().openapi({description:"Custom metadata for the organization"}),enabled_connections:s.z.array(pC).default([]).optional().openapi({description:"List of enabled connections for the organization"}),token_quota:fC}),Br=s.z.object({...Ip.shape,...Mn.shape,id:s.z.string(),name:s.z.string().min(1).openapi({description:"The name of the organization"})}),zp=s.z.object({connection_id:s.z.string().openapi({description:"ID of the tenant-level connection to enable for the org."}),assign_membership_on_login:s.z.boolean().optional().default(!1),show_as_button:s.z.boolean().optional().default(!0),is_signup_enabled:s.z.boolean().optional().default(!0)}),ua=s.z.object({...zp.shape,connection:s.z.object({name:s.z.string().optional(),strategy:s.z.string().optional()}).optional(),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),Z9=s.z.array(ua),hC=s.z.object({user_id:s.z.string().openapi({description:"ID of the user"}),organization_id:s.z.string().openapi({description:"ID of the organization"})}),X9=s.z.object({...hC.shape,...Mn.shape,id:s.z.string()}),eF=s.z.object({idle_session_lifetime:s.z.number().default(72),session_lifetime:s.z.number().default(168),session_cookie:s.z.object({mode:s.z.enum(["persistent","non-persistent"]).optional()}).optional(),enable_client_connections:s.z.boolean().optional(),default_redirection_uri:s.z.string().optional(),enabled_locales:s.z.array(s.z.string()).optional(),default_directory:s.z.string().optional(),error_page:s.z.object({html:s.z.string().optional(),show_log_link:s.z.boolean().optional(),url:s.z.string().optional()}).optional(),flags:s.z.object({allow_legacy_delegation_grant_types:s.z.boolean().optional(),allow_legacy_ro_grant_types:s.z.boolean().optional(),allow_legacy_tokeninfo_endpoint:s.z.boolean().optional(),disable_clickjack_protection_headers:s.z.boolean().optional(),enable_apis_section:s.z.boolean().optional(),enable_client_connections:s.z.boolean().optional(),enable_custom_domain_in_emails:s.z.boolean().optional(),enable_dynamic_client_registration:s.z.boolean().optional(),enable_idtoken_api2:s.z.boolean().optional(),enable_legacy_logs_search_v2:s.z.boolean().optional(),enable_legacy_profile:s.z.boolean().optional(),enable_pipeline2:s.z.boolean().optional(),enable_public_signup_user_exists_error:s.z.boolean().optional(),use_scope_descriptions_for_consent:s.z.boolean().optional(),disable_management_api_sms_obfuscation:s.z.boolean().optional(),enable_adfs_waad_email_verification:s.z.boolean().optional(),revoke_refresh_token_grant:s.z.boolean().optional(),dashboard_log_streams_next:s.z.boolean().optional(),dashboard_insights_view:s.z.boolean().optional(),disable_fields_map_fix:s.z.boolean().optional(),mfa_show_factor_list_on_enrollment:s.z.boolean().optional()}).optional(),friendly_name:s.z.string().optional(),picture_url:s.z.string().optional(),support_email:s.z.string().optional(),support_url:s.z.string().optional(),sandbox_version:s.z.string().optional(),sandbox_versions_available:s.z.array(s.z.string()).optional(),change_password:s.z.object({enabled:s.z.boolean(),html:s.z.string()}).optional(),guardian_mfa_page:s.z.object({enabled:s.z.boolean(),html:s.z.string()}).optional(),default_audience:s.z.string().optional(),default_organization:s.z.string().optional(),sessions:s.z.object({oidc_logout_prompt_enabled:s.z.boolean().optional()}).optional(),mfa:s.z.object({policy:s.z.enum(["never","always"]).default("never").optional(),factors:s.z.object({sms:s.z.boolean().default(!1),otp:s.z.boolean().default(!1),email:s.z.boolean().default(!1),push_notification:s.z.boolean().default(!1),webauthn_roaming:s.z.boolean().default(!1),webauthn_platform:s.z.boolean().default(!1),recovery_code:s.z.boolean().default(!1),duo:s.z.boolean().default(!1)}).optional(),sms_provider:s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"]).optional()}).optional(),twilio:s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}).optional(),phone_message:s.z.object({message:s.z.string().optional()}).optional()}).optional()}),gC=s.z.object({date:s.z.string().openapi({description:"Date these events occurred in ISO 8601 format",example:"2025-12-19"}),logins:s.z.number().openapi({description:"Number of logins on this date",example:150}),signups:s.z.number().openapi({description:"Number of signups on this date",example:25}),leaked_passwords:s.z.number().openapi({description:"Number of breached-password detections on this date (subscription required)",example:0}),updated_at:s.z.string().openapi({description:"Date and time this stats entry was last updated in ISO 8601 format",example:"2025-12-19T10:30:00.000Z"}),created_at:s.z.string().openapi({description:"Approximate date and time the first event occurred in ISO 8601 format",example:"2025-12-19T00:00:00.000Z"})}),tF=s.z.number().openapi({description:"Number of active users in the last 30 days",example:1234}),pa=s.z.enum(["login","login-id","login-password","signup","signup-id","signup-password","reset-password","consent","mfa","mfa-push","mfa-otp","mfa-voice","mfa-phone","mfa-webauthn","mfa-email","mfa-recovery-code","status","device-flow","email-verification","email-otp-challenge","organizations","invitation","common","passkeys","captcha","custom-form","login-passwordless","mfa-login-options"]),zo=s.z.record(s.z.string(),s.z.record(s.z.string(),s.z.string())).openapi({type:"object",additionalProperties:{type:"object",additionalProperties:{type:"string"}}}),nF=s.z.object({prompt:pa,language:s.z.string(),custom_text:zo}),W={EMAIL:"email",SMS:"sms",USERNAME_PASSWORD:"Username-Password-Authentication",GOOGLE_OAUTH2:"google-oauth2",APPLE:"apple",FACEBOOK:"facebook",GITHUB:"github",MICROSOFT:"microsoft",VIPPS:"vipps",OIDC:"oidc",OAUTH2:"oauth2",SAMLP:"samlp",WAAD:"waad",ADFS:"adfs",AUTH0:"auth0"},Ht={DATABASE:"database",SOCIAL:"social",PASSWORDLESS:"passwordless"},mC=s.z.enum(["phone","totp","email","push","webauthn-roaming","webauthn-platform","passkey"]),yC=s.z.object({user_id:s.z.string(),type:mC,phone_number:s.z.string().optional(),totp_secret:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().int().nonnegative().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),confirmed:s.z.boolean().default(!1)});function _C(e,t){e.type==="phone"&&!e.phone_number&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"phone_number is required when type is 'phone'",path:["phone_number"]}),e.type==="totp"&&!e.totp_secret&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"totp_secret is required when type is 'totp'",path:["totp_secret"]}),["webauthn-roaming","webauthn-platform","passkey"].includes(e.type)&&(e.credential_id||t.addIssue({code:s.z.ZodIssueCode.custom,message:`credential_id is required when type is '${e.type}'`,path:["credential_id"]}),e.public_key||t.addIssue({code:s.z.ZodIssueCode.custom,message:`public_key is required when type is '${e.type}'`,path:["public_key"]}))}const iF=yC.superRefine(_C),rF=s.z.object({...yC.shape,id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}).superRefine(_C);function oF(e){const[t,n]=e.split("|");if(!t||!n)throw new Error(`Invalid user_id: ${e}`);return{connection:t,id:n}}function sF(e){const{primary:t,secondaries:n,syncMethods:i=["create","rawCreate","update","remove","delete","set"]}=e,r={get(o,a){if(typeof a=="symbol")return o[a];const c=o[a];return typeof c!="function"?c:i.includes(a)?async(...l)=>{const d=await c.apply(o,l),u=[];for(const p of n){const f=p.adapter[a];if(typeof f!="function")continue;const h=(async()=>{try{await f.apply(p.adapter,l)}catch(g){try{p.onError?p.onError(g,a,l):console.error(`Passthrough adapter: secondary write failed for ${a}:`,g)}catch(m){console.error(`Passthrough adapter: onError handler threw for ${a}:`,m)}}})();p.blocking&&u.push(h)}return u.length>0&&await Promise.all(u),d}:c.bind(o)}};return new Proxy(t,r)}function aF(e){return e}function bs(e){var t,n,i,r,o,a,c,l,d,u,p,f;const h=e?.options;if(!h)return{usernameIdentifierActive:!1,emailIdentifierActive:!0,usernameMinLength:1,usernameMaxLength:15};const g=h.attributes;if(g){const m=((n=(t=g.username)==null?void 0:t.identifier)==null?void 0:n.active)===!0,_=((r=(i=g.email)==null?void 0:i.identifier)==null?void 0:r.active)!==!1,y=((a=(o=g.username)==null?void 0:o.validation)==null?void 0:a.min_length)??1,w=((l=(c=g.username)==null?void 0:c.validation)==null?void 0:l.max_length)??15;return{usernameIdentifierActive:m,emailIdentifierActive:_,usernameMinLength:y,usernameMaxLength:w}}return{usernameIdentifierActive:h.requires_username===!0,emailIdentifierActive:!0,usernameMinLength:((u=(d=h.validation)==null?void 0:d.username)==null?void 0:u.min)??1,usernameMaxLength:((f=(p=h.validation)==null?void 0:p.username)==null?void 0:f.max)??15}}function Pp(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}var cF={deno:"Deno",bun:"Bun",workerd:"Cloudflare-Workers",node:"Node.js"},Ww=()=>{const e=globalThis;if(typeof navigator<"u"&&typeof navigator.userAgent=="string"){for(const[n,i]of Object.entries(cF))if(lF(i))return n}return typeof e?.EdgeRuntime=="string"?"edge-light":e?.fastly!==void 0?"fastly":e?.process?.release?.name==="node"?"node":"other"},lF=e=>navigator.userAgent.startsWith(e);function ph(e,t){if(Ww()==="workerd")try{e.executionCtx.waitUntil(t);return}catch{}const n=t.then(()=>{},r=>{console.error("waitUntil promise error:",r)});let i;try{i=e.var?.backgroundPromises}catch{i=void 0}if(!Array.isArray(i)){if(typeof e.set!="function")return;i=[],e.set("backgroundPromises",i)}i.push(n)}async function dF(e){const t=e.var.backgroundPromises;if(!Array.isArray(t)||t.length===0)return;const n=t.splice(0,t.length);await Promise.all(n)}function uF(e){return[...e].reduce((t,[n,i])=>({...t,[n]:i}),{})}const pF=new Set(["password","password_hash","client_secret","signing_keys","credentials","encryption_key","otp_secret"]);function dy(e){if(!e)return;const t={};for(const[n,i]of Object.entries(e))pF.has(n)?t[n]="[REDACTED]":t[n]=i;return t}function wC(e){return e&&typeof e=="object"&&!Array.isArray(e)?dy(e):e}function fF(e,t){if(!e||!t)return;const n={},i=new Set([...Object.keys(e),...Object.keys(t)]);for(const r of i){const o=e[r],a=t[r];JSON.stringify(o)!==JSON.stringify(a)&&(n[r]={old:o,new:a})}return Object.keys(n).length>0?n:void 0}function hF(e,t){return e.var.user_id||t.actorUserId?"admin_action":t.userId?"user_action":e.var.client_id?"api":"system"}function bC(e,t,n){const i=e.env.outbox?.captureEntityState!==!1,r=i?dy(n.beforeState):void 0,o=i?dy(n.afterState):void 0;return{tenant_id:t,event_type:n.targetType?`${n.targetType}.${gF(e.req.method)}`:n.type,log_type:n.type,description:n.description,category:hF(e,n),actor:{type:e.var.user_id||n.actorUserId?"admin":n.userId?"user":e.var.client_id?"client_credentials":"system",id:e.var.user_id||n.actorUserId||n.userId||void 0,email:e.var.username||void 0,org_id:e.var.organization_id||e.var.user?.org_id||void 0,org_name:e.var.org_name||e.var.user?.org_name||void 0,scopes:e.var.user?.scope?e.var.user.scope.split(" "):void 0,client_id:e.var.client_id||void 0},target:{type:n.targetType||"unknown",id:n.targetId||n.userId||e.var.user_id||"",before:r,after:o,diff:fF(r,o)},request:{method:e.req.method,path:e.req.path,query:e.req.queries()?Object.fromEntries(Object.entries(e.req.queries()).map(([a,c])=>[a,Array.isArray(c)?c.join(","):c])):void 0,body:wC(n.body||e.var.body||void 0),ip:e.var.ip||"",user_agent:e.var.useragent||void 0},response:n.response?{status_code:n.response.statusCode,body:n.response.body}:void 0,connection:n.connection||e.var.connection||void 0,strategy:n.strategy||void 0,strategy_type:n.strategy_type||void 0,audience:n.audience||void 0,scope:n.scope||void 0,hostname:e.var.host||"",is_mobile:!1,auth0_client:e.var.auth0_client,timestamp:new Date().toISOString()}}function gF(e){switch(e){case"POST":return"created";case"PATCH":case"PUT":return"updated";case"DELETE":return"deleted";default:return"accessed"}}async function R(e,t,n){const i={};if(e.req.raw?.headers){const o=uF(e.req.raw.headers);for(const[a,c]of Object.entries(o))i[a.toLowerCase()]=c}if(e.env.outbox?.enabled&&e.env.data.outbox){const o=bC(e,t,n),a=e.env.data.outbox.create(t,o),c=e.var.outboxEventPromises||[];c.push(a),e.set("outboxEventPromises",c);return}const r=async()=>{let o;if(e.env.data.geo)try{o=await e.env.data.geo.getGeoInfo(i)||void 0}catch(c){console.warn("Failed to get geo information:",c)}const a={type:n.type,description:n.description||"",ip:e.var.ip,user_agent:e.var.useragent||"",auth0_client:e.var.auth0_client,date:new Date().toISOString(),details:n.details||{request:{method:e.req.method,path:e.req.path,qs:e.req.queries(),body:wC(n.body||e.var.body||"")},...n.response&&{response:n.response}},isMobile:!1,client_id:e.var.client_id,client_name:"",user_id:n.userId||e.var.user_id||"",hostname:e.var.host||"",user_name:e.var.username||"",connection_id:"",connection:n.connection||e.var.connection||"",strategy:n.strategy||"",strategy_type:n.strategy_type||"",audience:n.audience||"",scope:n.scope||"",location_info:o};await e.env.data.logs.create(t,a)};n.waitForCompletion?await r():ph(e,r())}async function vC(e,t,n,i){if(!e.env.outbox?.enabled||!t.outbox)return;const r=bC(e,n,i);return t.outbox.create(n,r)}const ct=s.z.object({page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),per_page:s.z.string().min(1).optional().default("10").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"Return results inside an object that contains the total result count (true) or as a direct array of results (false, default)."}),from:s.z.string().optional().openapi({description:"Optional Id from which to start selection."}),take:s.z.string().optional().transform(e=>e?parseInt(e,10):void 0).openapi({description:"Number of results per page. Defaults to 50."}),sort:s.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. e.g. created_at:1."}),q:s.z.string().optional().openapi({description:"A lucene query string used to filter the results"})});function kt(e){if(!e)return;const[t,n]=e.split(":"),i=n==="1"?"asc":"desc";if(!(!t||!i))return{sort_by:t,sort_order:i}}const mF=Et.extend({actions:s.z.array(Xi)}),yF=s.z.object({versions:s.z.array(sh)}),_F=Et.extend({versions:s.z.array(sh)});function vu(e,t,n,i){return e.actionVersions.create(t,{action_id:n.id,code:n.code,runtime:n.runtime,secrets:n.secrets,dependencies:n.dependencies,supported_triggers:n.supported_triggers,deployed:i})}const wF=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Xi),mF])}},description:"List of actions"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.actions.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o}),c=a.actions.map(l=>({...l,secrets:l.secrets?.map(d=>({name:d.name}))}));return i?e.json({...a,actions:c}):e.json(c)}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Bl}}}},security:[{Bearer:["create:actions","auth:write"]}],responses:{201:{content:{"application/json":{schema:Xi}},description:"The created action"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.actions.create(e.var.tenant_id,t);let i=!1;if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(n.id,t.code),i=!0}catch(r){await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy action ${n.id}: ${r instanceof Error?r.message:String(r)}`})}else i=!0;return await vu(e.env.data,e.var.tenant_id,n,i),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create action",targetType:"action",targetId:n.id}),e.json(n,{status:201})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"An action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actions.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Action not found"});return e.json({...n,secrets:n.secrets?.map(i=>({name:i.name}))})}).openapi(s.createRoute({tags:["actions"],method:"patch",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:Bl.partial()}}}},security:[{Bearer:["update:actions","auth:write"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"The updated action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.actions.update(e.var.tenant_id,t,n))throw new z(404,{message:"Action not found"});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new z(404,{message:"Action not found"});if(n.code!==void 0&&e.env.codeExecutor?.deploy){let o=!1;try{await e.env.codeExecutor.deploy(t,n.code),o=!0}catch(a){await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy action ${t}: ${a instanceof Error?a.message:String(a)}`})}await vu(e.env.data,e.var.tenant_id,r,o)}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update action",targetType:"action",targetId:t}),e.json({...r,secrets:r.secrets?.map(o=>({name:o.name}))})}).openapi(s.createRoute({tags:["actions"],method:"delete",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["delete:actions","auth:write"]}],responses:{200:{description:"Action deleted"},404:{description:"Action not found"},409:{description:"Action is bound to a trigger and cannot be deleted"}}}),async e=>{const{id:t}=e.req.valid("param");if((await e.env.data.hooks.list(e.var.tenant_id,{q:`code_id:"${t}"`})).hooks.length>0)throw new z(409,{message:"Action is bound to a trigger. Remove the binding before deleting."});if(!await e.env.data.actions.remove(e.var.tenant_id,t))throw new z(404,{message:"Action not found"});if(await e.env.data.actionVersions.removeForAction(e.var.tenant_id,t),e.env.codeExecutor?.remove)try{await e.env.codeExecutor.remove(t)}catch(r){await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to remove action worker ${t}: ${r instanceof Error?r.message:String(r)}`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete action",targetType:"action",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{id}/deploy",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["update:actions","auth:write"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"The deployed action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actions.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Action not found"});if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,n.code)}catch(i){throw await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy action ${t}: ${i instanceof Error?i.message:String(i)}`}),new z(500,{message:`Deployment failed: ${i instanceof Error?i.message:String(i)}`})}return await e.env.data.actions.update(e.var.tenant_id,t,{status:"built",deployed_at:new Date().toISOString()}),await vu(e.env.data,e.var.tenant_id,n,!0),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Deploy action",targetType:"action",targetId:t}),e.json({...n,status:"built",secrets:n.secrets?.map(i=>({name:i.name}))})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{actionId}/versions",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string()}),query:ct},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([yF,_F])}},description:"List of action versions"},404:{description:"Action not found"}}}),async e=>{const{actionId:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o}=e.req.valid("query");if(!await e.env.data.actions.get(e.var.tenant_id,t))throw new z(404,{message:"Action not found"});const c=await e.env.data.actionVersions.list(e.var.tenant_id,t,{page:n,per_page:i,include_totals:r,sort:kt(o)}),l=c.versions.map(d=>({...d,secrets:d.secrets?.map(u=>({name:u.name}))}));return r?e.json({...c,versions:l}):e.json({versions:l})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{actionId}/versions/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string(),id:s.z.string()})},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:sh}},description:"Action version"},404:{description:"Action version not found"}}}),async e=>{const{actionId:t,id:n}=e.req.valid("param"),i=await e.env.data.actionVersions.get(e.var.tenant_id,t,n);if(!i)throw new z(404,{message:"Action version not found"});return e.json({...i,secrets:i.secrets?.map(r=>({name:r.name}))})}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{actionId}/versions/{id}/deploy",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string(),id:s.z.string()})},security:[{Bearer:["update:actions","auth:write"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"The action after rollback"},404:{description:"Action version not found"}}}),async e=>{const{actionId:t,id:n}=e.req.valid("param"),i=await e.env.data.actionVersions.get(e.var.tenant_id,t,n);if(!i)throw new z(404,{message:"Action version not found"});if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,i.code)}catch(o){throw await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to roll back action ${t} to version ${n}: ${o instanceof Error?o.message:String(o)}`}),new z(500,{message:`Rollback failed: ${o instanceof Error?o.message:String(o)}`})}await e.env.data.actions.update(e.var.tenant_id,t,{code:i.code,runtime:i.runtime,secrets:i.secrets,dependencies:i.dependencies,supported_triggers:i.supported_triggers,status:"built",deployed_at:new Date().toISOString()});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new z(404,{message:"Action not found"});return await vu(e.env.data,e.var.tenant_id,r,!0),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:`Roll back action to version ${i.number}`,targetType:"action",targetId:t}),e.json({...r,secrets:r.secrets?.map(o=>({name:o.name}))})});let bF="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",vF=e=>crypto.getRandomValues(new Uint8Array(e)),AF=(e,t,n)=>{let i=256-256%e.length;if(i===256){let o=e.length-1;return(a=t)=>{if(!a)return"";let c="";for(;;){let l=n(a),d=a;for(;d--;)if(c+=e[l[d]&o],c.length>=a)return c}}}let r=Math.ceil(1.6*256*t/i);return(o=t)=>{if(!o)return"";let a="";for(;;){let c=n(r),l=r;for(;l--;)if(c[l]<i&&(a+=e[c[l]%e.length],a.length>=o))return a}}},AC=(e,t=21)=>AF(e,t|0,vF),Ue=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=bF[n[e]&63];return t};const kF=17,SF={organization:"org_",connection:"con_",action:"act_",hook:"h_",rule:"rul_",resource_server:"api_",guardian_factor:"gfa_",invite:"inv_",flow:"af_"};function fh(e){const i=AC("0123456789abcdefghijklmnopqrstuvwxyz",kF)();return`${SF[e]}${i}`}function EF(){return fh("organization")}function xF(){return fh("connection")}function kC(){return fh("hook")}function CF(){return fh("invite")}const SC={"post-login":"post-user-login","credentials-exchange":"credentials-exchange","pre-user-registration":"pre-user-registration","post-user-registration":"post-user-registration"},TF=Object.fromEntries(Object.entries(SC).map(([e,t])=>[t,e]));function B1(e){return SC[e]||e}function L1(e){return TF[e]||e}const $F=s.z.object({type:s.z.enum(["action_id","action_name"]).optional(),value:s.z.string().optional(),id:s.z.string().optional(),name:s.z.string().optional()}),IF=s.z.object({ref:$F,display_name:s.z.string().optional()}),zF=s.z.object({id:s.z.string(),trigger_id:s.z.string(),display_name:s.z.string(),action:Xi,created_at:s.z.string(),updated_at:s.z.string()}),M1=s.z.object({bindings:s.z.array(zF)}),PF=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/{triggerId}/bindings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({triggerId:s.z.string()})},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:M1}},description:"Trigger bindings"}}}),async e=>{const{triggerId:t}=e.req.valid("param"),n=B1(t),r=(await e.env.data.hooks.list(e.var.tenant_id,{q:`trigger_id:"${n}"`,per_page:100})).hooks.filter(a=>"code_id"in a&&a.code_id).sort((a,c)=>(c.priority||0)-(a.priority||0)),o=[];for(const a of r){const c=a.code_id,l=await e.env.data.actions.get(e.var.tenant_id,c);l&&o.push({id:a.hook_id,trigger_id:L1(a.trigger_id),display_name:l.name,action:{...l,secrets:l.secrets?.map(d=>({name:d.name}))},created_at:a.created_at,updated_at:a.updated_at})}return e.json({bindings:o})}).openapi(s.createRoute({tags:["actions"],method:"patch",path:"/{triggerId}/bindings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({triggerId:s.z.string()}),body:{content:{"application/json":{schema:s.z.object({bindings:s.z.array(IF)})}}}},security:[{Bearer:["update:actions","auth:write"]}],responses:{200:{content:{"application/json":{schema:M1}},description:"Updated trigger bindings"}}}),async e=>{const{triggerId:t}=e.req.valid("param"),{bindings:n}=e.req.valid("json"),i=B1(t),r=await e.env.data.hooks.list(e.var.tenant_id,{q:`trigger_id:"${i}"`,per_page:100});for(const a of r.hooks)"code_id"in a&&a.code_id&&await e.env.data.hooks.remove(e.var.tenant_id,a.hook_id);const o=[];for(let a=0;a<n.length;a++){const c=n[a];let l=c.ref.id;if(!l&&c.ref.type==="action_id"&&c.ref.value)l=c.ref.value;else if(!l&&c.ref.type==="action_name"&&c.ref.value){const p=c.ref.value,f=100;let h=0;for(;;){const g=await e.env.data.actions.list(e.var.tenant_id,{page:h,per_page:f,include_totals:!1}),m=g.actions.find(_=>_.name===p);if(m){l=m.id;break}if(g.actions.length<f)break;h++}}if(!l)throw new z(400,{message:`Binding at index ${a} must reference an action via ref.id or ref.value`});const d=await e.env.data.actions.get(e.var.tenant_id,l);if(!d)throw new z(404,{message:`Action ${l} not found`});const u=await e.env.data.hooks.create(e.var.tenant_id,{hook_id:kC(),trigger_id:i,code_id:l,enabled:!0,synchronous:!0,priority:n.length-a});o.push({id:u.hook_id,trigger_id:L1(u.trigger_id),display_name:c.display_name||d.name,action:{...d,secrets:d.secrets?.map(p=>({name:p.name}))},created_at:u.created_at,updated_at:u.updated_at})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:`Update trigger bindings for ${t}`,targetType:"action"}),e.json({bindings:o})}),Ul={themeId:"default",borders:{button_border_radius:8,button_border_weight:1,buttons_style:"pill",input_border_radius:8,input_border_weight:1,inputs_style:"pill",show_widget_shadow:!0,widget_border_weight:1,widget_corner_radius:16},colors:{base_focus_color:"#7D68F4",base_hover_color:"#A091F2",body_text:"#000000",captcha_widget_theme:"auto",error:"#FC5A5A",header:"#000000",icons:"#666666",input_background:"#FFFFFF",input_border:"#8E8CA0",input_filled_text:"#000000",input_labels_placeholders:"#88869F",links_focused_components:"#7D68F4",primary_button:"#7D68F4",primary_button_label:"#FFFFFF",secondary_button_border:"#8E8CA0",secondary_button_label:"#000000",success:"#36BF76",widget_background:"#FFFFFF",widget_border:"#8E8CA0"},displayName:"Default Theme",fonts:{body_text:{bold:!1,size:100},buttons_text:{bold:!0,size:100},font_url:"https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2",input_labels:{bold:!1,size:100},links:{bold:!0,size:100},links_style:"normal",reference_text_size:16,subtitle:{bold:!1,size:100},title:{bold:!0,size:150}},page_background:{background_color:"#F8F9FB",background_image_url:"",page_layout:"center"},widget:{logo_url:"",header_text_alignment:"center",logo_height:36,logo_position:"center",social_buttons_layout:"bottom"}};function Jw(e,t){const n=structuredClone(e);function i(r,o){for(const a in o)o[a]!==void 0&&typeof o[a]=="object"&&!Array.isArray(o[a])&&typeof r[a]=="object"&&r[a]!==null?i(r[a],o[a]):r[a]=o[a];return r}return i(n,t)}const NF=new s.OpenAPIHono().openapi(s.createRoute({tags:["branding"],method:"get",path:"/default",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:branding","auth:read"]}],responses:{200:{content:{"application/json":{schema:Yu}},description:"Default theme settings"}}}),async e=>{const t=await e.env.data.themes.get(e.var.tenant_id,"default");return t?e.json(t):e.json(Ul)}).openapi(s.createRoute({tags:["branding"],method:"patch",path:"/default",request:{body:{content:{"application/json":{schema:Yu.deepPartial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:branding","auth:write"]}],responses:{200:{content:{"application/json":{schema:Yu}},description:"Updated theme settings"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.themes.get(e.var.tenant_id,"default"),r=Jw(n||Ul,t);return n?await e.env.data.themes.update(e.var.tenant_id,"default",r):await e.env.data.themes.create(e.var.tenant_id,r,"default"),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Theme",targetType:"theme",targetId:"default",...n?{beforeState:n}:{},afterState:r}),e.json({...r,themeId:"default"})}),U1={colors:{primary:"#7D68F4",page_background:{type:"solid",start:"#F8F9FB",end:"#F8F9FB",angle_deg:0}},logo_url:"https://assets.sesamy.com/static/images/sesamy/logos/sesamy_logo_black.svg",favicon_url:"https://assets.sesamy.com/images/favicon.ico",font:{url:"https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2"}};var FF={Stringify:1},Wr=(e,t)=>{const n=new String(e);return n.isEscaped=!0,n.callbacks=t,n},OF=/[&<>'"]/,jF=async(e,t)=>{let n="";t||=[];const i=await Promise.all(e);for(let r=i.length-1;n+=i[r],r--,!(r<0);r--){let o=i[r];typeof o=="object"&&t.push(...o.callbacks||[]);const a=o.isEscaped;if(o=await(typeof o=="object"?o.toString():o),typeof o=="object"&&t.push(...o.callbacks||[]),o.isEscaped??a)n+=o;else{const c=[n];wa(o,c),n=c[0]}}return Wr(n,t)},wa=(e,t)=>{const n=e.search(OF);if(n===-1){t[0]+=e;return}let i,r,o=0;for(r=n;r<e.length;r++){switch(e.charCodeAt(r)){case 34:i="&quot;";break;case 39:i="&#39;";break;case 38:i="&amp;";break;case 60:i="&lt;";break;case 62:i="&gt;";break;default:continue}t[0]+=e.substring(o,r)+i,o=r+1}t[0]+=e.substring(o,r)},RF=e=>{const t=e.callbacks;if(!t?.length)return e;const n=[e],i={};return t.forEach(r=>r({phase:FF.Stringify,buffer:n,context:i})),n[0]},Yw=Symbol("RENDERER"),uy=Symbol("ERROR_HANDLER"),ut=Symbol("STASH"),EC=Symbol("INTERNAL"),DF=Symbol("MEMO"),Np=Symbol("PERMALINK"),q1=e=>(e[EC]=!0,e),xC=e=>({value:t,children:n})=>{if(!n)return;const i={children:[{tag:q1(()=>{e.push(t)}),props:{}}]};Array.isArray(n)?i.children.push(...n.flat()):i.children.push(n),i.children.push({tag:q1(()=>{e.pop()}),props:{}});const r={tag:"",props:i,type:""};return r[uy]=o=>{throw e.pop(),o},r},CC=e=>{const t=[e],n=xC(t);return n.values=t,n.Provider=n,Ia.push(n),n},Ia=[],TC=e=>{const t=[e],n=(i=>{t.push(i.value);let r;try{r=i.children?(Array.isArray(i.children)?new FC("",{},i.children):i.children).toString():""}catch(o){throw t.pop(),o}return r instanceof Promise?r.finally(()=>t.pop()).then(o=>Wr(o,o.callbacks)):(t.pop(),Wr(r))});return n.values=t,n.Provider=n,n[Yw]=xC(t),Ia.push(n),n},ac=e=>e.values.at(-1),Fp={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},py={},Po="data-precedence",$C=e=>e.rel==="stylesheet"&&"precedence"in e,IC=(e,t)=>e==="link"?t:Fp[e].length>0,Cd=e=>Array.isArray(e)?e:[e],H1=new WeakMap,V1=(e,t,n,i)=>({buffer:r,context:o})=>{if(!r)return;const a=H1.get(o)||{};H1.set(o,a);const c=a[e]||=[];let l=!1;const d=Fp[e],u=IC(e,i!==void 0);if(u){e:for(const[,p]of c)if(!(e==="link"&&!(p.rel==="stylesheet"&&p[Po]!==void 0))){for(const f of d)if((p?.[f]??null)===n?.[f]){l=!0;break e}}}if(l?r[0]=r[0].replaceAll(t,""):u||e==="link"?c.push([t,n,i]):c.unshift([t,n,i]),r[0].indexOf("</head>")!==-1){let p;if(e==="link"||i!==void 0){const f=[];p=c.map(([h,,g],m)=>{if(g===void 0)return[h,Number.MAX_SAFE_INTEGER,m];let _=f.indexOf(g);return _===-1&&(f.push(g),_=f.length-1),[h,_,m]}).sort((h,g)=>h[1]-g[1]||h[2]-g[2]).map(([h])=>h)}else p=c.map(([f])=>f);p.forEach(f=>{r[0]=r[0].replaceAll(f,"")}),r[0]=r[0].replace(/(?=<\/head>)/,p.join(""))}},Td=(e,t,n)=>Wr(new ai(e,n,Cd(t??[])).toString()),$d=(e,t,n,i)=>{if("itemProp"in n)return Td(e,t,n);let{precedence:r,blocking:o,...a}=n;r=i?r??"":void 0,i&&(a[Po]=r);const c=new ai(e,a,Cd(t||[])).toString();return c instanceof Promise?c.then(l=>Wr(c,[...l.callbacks||[],V1(e,l,a,r)])):Wr(c,[V1(e,c,a,r)])},BF=({children:e,...t})=>{const n=Qw();if(n){const i=ac(n);if(i==="svg"||i==="head")return new ai("title",t,Cd(e??[]))}return $d("title",e,t,!1)},LF=({children:e,...t})=>{const n=Qw();return["src","async"].some(i=>!t[i])||n&&ac(n)==="head"?Td("script",e,t):$d("script",e,t,!1)},MF=({children:e,...t})=>["href","precedence"].every(n=>n in t)?(t["data-href"]=t.href,delete t.href,$d("style",e,t,!0)):Td("style",e,t),UF=({children:e,...t})=>["onLoad","onError"].some(n=>n in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?Td("link",e,t):$d("link",e,t,$C(t)),qF=({children:e,...t})=>{const n=Qw();return n&&ac(n)==="head"?Td("meta",e,t):$d("meta",e,t,!1)},zC=(e,{children:t,...n})=>new ai(e,n,Cd(t??[])),HF=e=>(typeof e.action=="function"&&(e.action=Np in e.action?e.action[Np]:void 0),zC("form",e)),PC=(e,t)=>(typeof t.formAction=="function"&&(t.formAction=Np in t.formAction?t.formAction[Np]:void 0),zC(e,t)),VF=e=>PC("input",e),KF=e=>PC("button",e);const Gg=Object.freeze(Object.defineProperty({__proto__:null,button:KF,form:HF,input:VF,link:UF,meta:qF,script:LF,style:MF,title:BF},Symbol.toStringTag,{value:"Module"}));var GF=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),Op=e=>GF.get(e)||e,WF=/[\s"'<>/=`\\\x00-\x1f\x7f-\x9f]/,Wg=new Set,K1=1024,JF=/^[!?]|[\s"'<>/=`\\\x00-\x1f\x7f-\x9f]/,G1=new Set,YF=256,ql=(e,t,n)=>{e.size>=t&&e.clear(),e.add(n)},QF=e=>G1.has(e)?!0:typeof e!="string"?!1:e.length===0?!0:JF.test(e)?!1:(ql(G1,YF,e),!0),ZF=e=>{if(Wg.has(e))return!0;const t=e.length;if(t===0)return!1;for(let n=0;n<t;n++){const i=e.charCodeAt(n);if(!(i>=97&&i<=122||i>=65&&i<=90||i>=48&&i<=57||i===45||i===95||i===46||i===58))return WF.test(e)?!1:(ql(Wg,K1,e),!0)}return ql(Wg,K1,e),!0},XF=/[\s"'():;\\/\[\]{}\x00-\x1f\x7f-\x9f]/,Jg=new Set,W1=1024,eO=e=>{if(Jg.has(e))return!0;const t=e.length;if(t===0)return!1;for(let n=0;n<t;n++){const i=e.charCodeAt(n);if(!(i>=97&&i<=122||i>=65&&i<=90||i>=48&&i<=57||i===45||i===95))return XF.test(e)?!1:(ql(Jg,W1,e),!0)}return ql(Jg,W1,e),!0},tO=/[;"'\\/\[\](){}]/,nO=e=>{if(!tO.test(e))return!1;let t=0;const n=[];for(let i=0,r=e.length;i<r;i++){const o=e.charCodeAt(i);if(o===92){if(i===r-1)return!0;i++}else if(t!==0){if(o===10||o===12||o===13)return!0;o===t&&(t=0)}else if(o===47&&e.charCodeAt(i+1)===42){const a=e.indexOf("*/",i+2);if(a===-1)return!0;i=a+1}else if(o===34||o===39)t=o;else if(o===40)n.push(41);else if(o===91)n.push(93);else{if(o===123||o===125)return!0;if(o===41||o===93){if(n[n.length-1]!==o)return!0;n.pop()}else if(o===59&&n.length===0)return!0}}return t!==0||n.length!==0},NC=(e,t)=>{for(const[n,i]of Object.entries(e)){const r=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,a=>`-${a.toLowerCase()}`);if(!eO(r))continue;if(i==null){t(r,null);continue}let o;if(typeof i=="number")o=r.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${i}`:`${i}px`;else if(typeof i=="string"){if(nO(i))continue;o=i}else continue;t(r,o)}},Hl=void 0,Qw=()=>Hl,iO=e=>/[A-Z]/.test(e)&&e.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,rO=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],oO=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],Zw=(e,t)=>{for(let n=0,i=e.length;n<i;n++){const r=e[n];if(typeof r=="string")wa(r,t);else{if(typeof r=="boolean"||r===null||r===void 0)continue;r instanceof ai?r.toStringToBuffer(t):typeof r=="number"||r.isEscaped?t[0]+=r:r instanceof Promise?t.unshift("",r):Zw(r,t)}}},ai=class{tag;props;key;children;isEscaped=!0;localContexts;constructor(e,t,n){if(typeof e!="function"&&!QF(e))throw new Error(`Invalid JSX tag name: ${e}`);this.tag=e,this.props=t,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){const e=[""];this.localContexts?.forEach(([t,n])=>{t.values.push(n)});try{this.toStringToBuffer(e)}finally{this.localContexts?.forEach(([t])=>{t.values.pop()})}return e.length===1?"callbacks"in e?RF(Wr(e[0],e.callbacks)).toString():e[0]:jF(e,e.callbacks)}toStringToBuffer(e){const t=this.tag,n=this.props;let{children:i}=this;e[0]+=`<${t}`;const r=t==="svg"||Hl&&ac(Hl)==="svg"?o=>iO(Op(o)):o=>Op(o);for(let[o,a]of Object.entries(n))if(o=r(o),!!ZF(o)&&o!=="children"){if(o==="style"&&typeof a=="object"){let c="";NC(a,(l,d)=>{d!=null&&(c+=`${c?";":""}${l}:${d}`)}),e[0]+=' style="',wa(c,e),e[0]+='"'}else if(typeof a=="string")e[0]+=` ${o}="`,wa(a,e),e[0]+='"';else if(a!=null)if(typeof a=="number"||a.isEscaped)e[0]+=` ${o}="${a}"`;else if(typeof a=="boolean"&&oO.includes(o))a&&(e[0]+=` ${o}=""`);else if(o==="dangerouslySetInnerHTML"){if(i.length>0)throw new Error("Can only set one of `children` or `props.dangerouslySetInnerHTML`.");i=[Wr(a.__html)]}else if(a instanceof Promise)e[0]+=` ${o}="`,e.unshift('"',a);else if(typeof a=="function"){if(!o.startsWith("on")&&o!=="ref")throw new Error(`Invalid prop '${o}' of type 'function' supplied to '${t}'.`)}else e[0]+=` ${o}="`,wa(a.toString(),e),e[0]+='"'}if(rO.includes(t)&&i.length===0){e[0]+="/>";return}e[0]+=">",Zw(i,e),e[0]+=`</${t}>`}},Yg=class extends ai{toStringToBuffer(e){const{children:t}=this,n={...this.props};t.length&&(n.children=t.length===1?t[0]:t);const i=this.tag.call(null,n);if(!(typeof i=="boolean"||i==null))if(i instanceof Promise)if(Ia.length===0)e.unshift("",i);else{const r=Ia.map(o=>[o,o.values.at(-1)]);e.unshift("",i.then(o=>(o instanceof ai&&(o.localContexts=r),o)))}else i instanceof ai?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?(e[0]+=i,i.callbacks&&(e.callbacks||=[],e.callbacks.push(...i.callbacks))):wa(i,e)}},FC=class extends ai{toStringToBuffer(e){Zw(this.children,e)}},sO=(e,t,...n)=>{t??={},n.length&&(t.children=n.length===1?n[0]:n);const i=t.key;delete t.key;const r=Qu(e,t,n);return r.key=i,r},J1=!1,Qu=(e,t,n)=>{if(!J1){for(const i in py)Gg[i][Yw]=py[i];J1=!0}return typeof e=="function"?new Yg(e,t,n):Gg[e]?new Yg(Gg[e],t,n):e==="svg"||e==="head"?(Hl||=TC(""),new ai(e,t,[new Yg(Hl,{value:e},n)])):new ai(e,t,n)},za=({children:e})=>new FC("",{children:e},Array.isArray(e)?e:e?[e]:[]),aO=(e,t,...n)=>{let i;if(n.length>0)i=n;else{const r=e.props.children;i=Array.isArray(r)?r:[r]}return sO(e.tag,{...e.props,...t},...i)};function S(e,t,n){let i;if(!t||!("children"in t))i=Qu(e,t,[]);else{const r=t.children;i=Array.isArray(r)?Qu(e,t,r):Qu(e,t,[r])}return i.key=n,i}function Te(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#x27;")}function cO(e){return e.replace(/\\/g,"\\\\").replace(/"/g,'\\"').replace(/'/g,"\\'").replace(/\(/g,"\\(").replace(/\)/g,"\\)").replace(/\n/g,"").replace(/\r/g,"").replace(/\t/g,"")}function fn(e){if(!e)return"";try{const t=new URL(e);return["http:","https:","data:"].includes(t.protocol)?Te(e):""}catch{return e.startsWith("/")?Te(e):""}}function pn(e){return e&&/^(#[0-9a-fA-F]{3,8}|rgba?\([^)]+\)|hsla?\([^)]+\)|[a-zA-Z]+)$/.test(e.trim())?e.trim():""}function lO(e){if(!e)return"#f5f5f5";if(typeof e=="string")return pn(e)||"#f5f5f5";const{type:t,start:n,end:i,angle_deg:r}=e;if(t==="linear-gradient"&&n&&i){const o=pn(n),a=pn(i);if(o&&a)return`linear-gradient(${typeof r=="number"?r:180}deg, ${o}, ${a})`}if(n){const o=pn(n);if(o)return o}return"#f5f5f5"}function OC(e,t){if(e?.background_image_url){const n=fn(e.background_image_url);if(n)return`${pn(e.background_color)||"#f5f5f5"} url("${cO(n)}") center / cover no-repeat`}if(e?.background_color){const n=pn(e.background_color);if(n)return n}return lO(t)}var dO=(e,t)=>{try{return t(e)}catch{return e.replace(/(?:%[0-9A-Fa-f]{2})+/g,n=>{try{return t(n)}catch{return n}})}},uO=decodeURIComponent,jC=/^[\w!#$%&'*.^`|~+-]+$/,pO=/^[ !#-:<-[\]-~]*$/,Y1=e=>{let t=0,n=e.length;for(;t<n;){const i=e.charCodeAt(t);if(i!==32&&i!==9)break;t++}for(;n>t;){const i=e.charCodeAt(n-1);if(i!==32&&i!==9)break;n--}return t===0&&n===e.length?e:e.slice(t,n)},fO=(e,t)=>{if(e.indexOf(t)===-1)return{};const n=e.split(";"),i={};for(const r of n){const o=r.indexOf("=");if(o===-1)continue;const a=Y1(r.substring(0,o));if(t!==a||!jC.test(a))continue;let c=Y1(r.substring(o+1));if(c.startsWith('"')&&c.endsWith('"')&&(c=c.slice(1,-1)),pO.test(c)){i[a]=c.indexOf("%")!==-1?dO(c,uO):c;break}}return i},hO=(e,t,n={})=>{if(!jC.test(e))throw new Error("Invalid cookie name");let i=`${e}=${t}`;if(e.startsWith("__Secure-")&&!n.secure)throw new Error("__Secure- Cookie must have Secure attributes");if(e.startsWith("__Host-")){if(!n.secure)throw new Error("__Host- Cookie must have Secure attributes");if(n.path!=="/")throw new Error('__Host- Cookie must have Path attributes with "/"');if(n.domain)throw new Error("__Host- Cookie must not have Domain attributes")}for(const r of["domain","path"])if(n[r]&&/[;\r\n]/.test(n[r]))throw new Error(`${r} must not contain ";", "\\r", or "\\n"`);if(n&&typeof n.maxAge=="number"&&n.maxAge>=0){if(n.maxAge>3456e4)throw new Error("Cookies Max-Age SHOULD NOT be greater than 400 days (34560000 seconds) in duration.");i+=`; Max-Age=${n.maxAge|0}`}if(n.domain&&n.prefix!=="host"&&(i+=`; Domain=${n.domain}`),n.path&&(i+=`; Path=${n.path}`),n.expires){if(n.expires.getTime()-Date.now()>3456e7)throw new Error("Cookies Expires SHOULD NOT be greater than 400 days (34560000 seconds) in the future.");i+=`; Expires=${n.expires.toUTCString()}`}if(n.httpOnly&&(i+="; HttpOnly"),n.secure&&(i+="; Secure"),n.sameSite&&(i+=`; SameSite=${n.sameSite.charAt(0).toUpperCase()+n.sameSite.slice(1)}`),n.priority&&(i+=`; Priority=${n.priority.charAt(0).toUpperCase()+n.priority.slice(1)}`),n.partitioned){if(!n.secure)throw new Error("Partitioned Cookie must have Secure attributes");i+="; Partitioned"}return i},Qg=(e,t,n)=>(t=encodeURIComponent(t),hO(e,t,n)),gO=(e,t,n)=>{const i=e.req.raw.headers.get("Cookie");{if(!i)return;let r=t;return fO(i,r)[r]}},mO=(e,t,n)=>{let i;return n?.prefix==="secure"?i=Qg("__Secure-"+e,t,{path:"/",...n,secure:!0}):n?.prefix==="host"?i=Qg("__Host-"+e,t,{...n,path:"/",secure:!0,domain:void 0}):i=Qg(e,t,{path:"/",...n}),i},Q1=(e,t,n,i)=>{const r=mO(t,n,i);e.header("Set-Cookie",r,{append:!0})};const Vl="mp159brk",RC={common:{alertListTitle:"Upozornění",backText:"Vrátit se zpět",cancelText:"Zrušit",closeText:"Zavřít",contactSupportText:"Potřebujete pomoc?",continueText:"Pokračovat",copyrightText:"© ${currentYear} ${companyName}",errorText:"Něco se pokazilo. Zkuste to prosím znovu.",hidePasswordText:"Skrýt heslo",loadingText:"Načítání...",orText:"nebo",privacyPolicyText:"Zásady ochrany osobních údajů",showPasswordText:"Zobrazit heslo",termsOfServiceText:"Podmínky služby",termsShortText:"Podmínky",tryAgainText:"Zkusit znovu"}},DC={consent:{buttonText:"Přijmout",cancelButtonText:"Zamítnout",description:"${clientName} žádá o přístup k vašemu účtu",pageTitle:"Autorizace | ${clientName}",scopesTitle:"Tímto povolíte ${clientName}:",title:"Autorizovat ${clientName}"}},BC={invitation:{acceptButtonText:"Přijmout pozvánku",description:"${inviterName} vás pozval(a), abyste se připojili k ${organizationName} na ${clientName}",pageTitle:"Pozvánka | ${clientName}",title:"Byli jste pozváni"}},LC={login:{alertListTitle:"Upozornění",buttonText:"Pokračovat",description:"Přihlaste se k ${clientName}.",editEmailText:"Upravit",emailPlaceholder:"E-mailová adresa",enterACodeBtn:"Přihlásit se kódem",federatedConnectionButtonText:"Pokračovat s ${connectionName}",footerLinkText:"Zaregistrujte se",footerText:"Nemáte účet?",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo",invalidEmail:"Neplatný e-mail",invalidIdentifier:"Neplatný e-mail nebo uživatelské jméno",invitationDescription:"Přihlaste se pro přijetí pozvánky od ${inviterName} k připojení k ${companyName} na ${clientName}.",invitationTitle:"Byli jste pozváni!",logoAltText:"${companyName}","no-email":"Zadejte prosím e-mailovou adresu","no-password":"Heslo je povinné",pageTitle:"Přihlášení | ${clientName}",passwordLoginNotAvailable:"Přihlášení heslem není k dispozici",passwordPlaceholder:"Heslo",phonePlaceholder:"Telefonní číslo",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",signupActionLinkText:"${footerLinkText}",signupActionText:"${footerText}",title:"Vítejte",tooManyFailedLogins:"Příliš mnoho neúspěšných pokusů o přihlášení. Zkuste to prosím později.",unverifiedEmail:"Před přihlášením prosím ověřte svou e-mailovou adresu",userAccountDoesNotExist:"Uživatelský účet neexistuje",usernamePlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernameTooLong:"Uživatelské jméno musí mít nejvýše ${max} znaků",usernameTooShort:"Uživatelské jméno musí mít alespoň ${min} znaků",wrongCredentials:"Nesprávné uživatelské jméno nebo heslo",passkeyButtonText:"Přihlásit se pomocí passkey"}},MC={mfa:{backupCodeText:"Použít záložní kód",description:"Zvolte metodu ověření",pageTitle:"Vícefaktorové ověření | ${clientName}",title:"Ověřte svou identitu"}},UC={"passkey-enrollment-nudge":{title:"Zabezpečte svůj účet pomocí passkey",description:"Passkey používají biometrii nebo PIN vašeho zařízení k rychlejšímu a bezpečnějšímu přihlášení.",enrollButtonText:"Nastavit passkey",snoozeButtonText:"Možná později",optOutLinkText:"Nezobrazovat znovu",pageTitle:"Nastavení Passkey | ${clientName}"},"passkey-enrollment":{title:"Vytvořte svůj passkey",description:"Postupujte podle pokynů prohlížeče a vytvořte passkey pro tento účet.",errorMessage:"Vytvoření passkey se nezdařilo. Zkuste to prosím znovu.",cancelLinkText:"Prozatím přeskočit",retryButtonText:"Zkusit znovu",enrollmentComplete:"Váš passkey byl úspěšně nastaven. Tuto stránku můžete zavřít.",pageTitle:"Vytvoření Passkey | ${clientName}"},"passkey-challenge":{title:"Přihlásit se pomocí passkey",description:"Postupujte podle pokynů prohlížeče k ověření vaší identity.",errorMessage:"Ověření pomocí passkey selhalo. Zkuste to prosím znovu.",cancelLinkText:"Zpět na přihlášení",retryButtonText:"Zkusit znovu",pageTitle:"Přihlášení pomocí passkey | ${clientName}"}},qC={organizations:{description:"Vyberte, ke které organizaci se chcete přihlásit",pageTitle:"Výběr organizace | ${clientName}",searchPlaceholder:"Hledat organizace",title:"Vyberte svou organizaci"}},HC={signup:{buttonText:"Pokračovat",confirmPasswordPlaceholder:"Potvrzení hesla",description:"Zaregistrujte se a pokračujte","email-already-exists":"Tento e-mail je již zaregistrován",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}",hidePasswordText:"Skrýt heslo","invalid-email-format":"Neplatný e-mail",loginActionLinkText:"Přihlásit se",loginActionText:"Už máte účet?","no-email":"Zadejte prosím e-mailovou adresu","no-password":"Heslo je povinné","no-username":"Uživatelské jméno je povinné",pageTitle:"Registrace | ${clientName}",passwordPlaceholder:"Heslo",passwordsDidntMatch:"Hesla se neshodují",phonePlaceholder:"Telefonní číslo",privacyPolicyLinkText:"Zásady ochrany osobních údajů",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",termsOfServiceLinkText:"Podmínky služby",termsText:"Registrací souhlasíte s našimi",title:"Vytvořte svůj účet","username-already-exists":"Toto uživatelské jméno je již obsazeno",usernamePlaceholder:"Uživatelské jméno",verifyEmailText:"Zkontrolujte prosím svůj e-mail pro ověření účtu"}},VC={status:{continueButtonText:"Pokračovat",errorTitle:"Chyba",pageTitle:"Stav | ${clientName}",successTitle:"Hotovo",title:"Stav"}},yO={common:RC,consent:DC,"device-flow":{"device-flow":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Zadejte kód zobrazený na vašem zařízení","expired-code":"Platnost kódu vypršela","invalid-code":"Zadaný kód je neplatný",pageTitle:"Aktivace zařízení | ${clientName}",title:"Aktivujte své zařízení"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Přihlásit se",codeLabel:"Ověřovací kód",codePlaceholder:"Zadejte kód",defaultDescription:"Zadejte ověřovací kód zaslaný na váš e-mail",description:"Odeslali jsme kód na ${email}","invalid-code":"Neplatný kód",noCode:"Zadejte prosím ověřovací kód",pageTitle:"Zadejte kód | ${clientName}",resendText:"Opětovné odeslání kódu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zkontrolujte svůj e-mail",unexpectedError:"Došlo k neočekávané chybě"}},"email-verification":{"email-verification":{description:"Odeslali jsme e-mail na ${email}",pageTitle:"Ověření e-mailu | ${clientName}",resendText:"Opětovné odeslání kódu",successDescription:"Váš e-mail byl úspěšně ověřen.",successTitle:"E-mail ověřen",title:"Ověření e-mailu"}},invitation:BC,login:LC,"login-id":{"login-id":{alertListTitle:"Upozornění","auth0-users-validation":"Něco se pokazilo, zkuste to prosím později","authentication-failure":"Omlouváme se, při pokusu o přihlášení se něco pokazilo",buttonText:"Pokračovat","captcha-client-failure":"Nepodařilo se načíst bezpečnostní výzvu. Zkuste to prosím znovu. (Kód chyby: #{errorCode})","captcha-validation-failure":"Omlouváme se, při ověřování captcha došlo k chybě. Zkuste to prosím znovu.",captchaCodePlaceholder:"Zadejte kód zobrazený výše","custom-script-error-code":"Něco se pokazilo, zkuste to prosím později.",description:"Přihlaste se k ${clientName}.",editEmailText:"Upravit",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}",footerLinkText:"Zaregistrujte se",footerText:"Nemáte účet?",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo","invalid-captcha":"Vyřešte úlohu, abyste ověřili, že nejste robot.","invalid-code":"Neplatný kód","invalid-connection":"Neplatné připojení","invalid-email-format":"Neplatný e-mail","invalid-email-phone":"Zadejte platnou e-mailovou adresu nebo telefonní číslo. Telefonní čísla musí obsahovat předvolbu země.","invalid-email-phone-username":"Zadejte platnou e-mailovou adresu, telefonní číslo nebo uživatelské jméno. Telefonní čísla musí obsahovat předvolbu země.","invalid-email-username":"Zadejte platnou e-mailovou adresu nebo uživatelské jméno","invalid-expired-code":"Neplatný nebo vypršelý uživatelský kód","invalid-login-id":"Zadáno neplatné přihlašovací ID","invalid-phone-username":"Zadejte platné telefonní číslo nebo uživatelské jméno. Telefonní čísla musí obsahovat předvolbu země.","invalid-recaptcha":"Zaškrtněte políčko, abyste ověřili, že nejste robot.","invalid-username":"Uživatelské jméno může obsahovat pouze alfanumerické znaky nebo: '${characters}'. Uživatelské jméno musí mít ${min} až ${max} znaků.",invitationDescription:"Přihlaste se pro přijetí pozvánky od ${inviterName} k připojení k ${companyName} na ${clientName}.",invitationTitle:"Byli jste pozváni!","ip-blocked":"Zjistili jsme podezřelé přihlašovací chování a další pokusy budou blokovány. Kontaktujte prosím administrátora.",logoAltText:"${companyName}","no-db-connection":"Neplatné připojení","no-email":"Zadejte prosím e-mailovou adresu","no-email-phone":"Je vyžadována e-mailová adresa nebo telefonní číslo","no-email-phone-username":"Je vyžadováno telefonní číslo, uživatelské jméno nebo e-mailová adresa","no-email-username":"Je vyžadována e-mailová adresa nebo uživatelské jméno","no-password":"Heslo je povinné","no-phone":"Zadejte prosím telefonní číslo","no-phone-username":"Je vyžadováno telefonní číslo nebo uživatelské jméno","no-username":"Uživatelské jméno je povinné",pageTitle:"Přihlášení | ${clientName}","password-breached":"Zjistili jsme potenciální bezpečnostní problém s tímto účtem. Pro ochranu vašeho účtu jsme toto přihlášení zablokovali. Pro pokračování prosím resetujte své heslo.",passwordPlaceholder:"Heslo",phoneOrEmailPlaceholder:"E-mail nebo telefonní číslo",phoneOrUsernameOrEmailPlaceholder:"Telefon, uživatelské jméno nebo e-mail",phoneOrUsernamePlaceholder:"Telefonní číslo nebo uživatelské jméno",phonePlaceholder:"Telefonní číslo","same-user-login":"Příliš mnoho pokusů o přihlášení pro tohoto uživatele. Počkejte prosím a zkuste to znovu později.",selectCountryCode:"Vyberte předvolbu země, aktuálně nastaveno na ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",signupActionLinkText:"${footerLinkText}",signupActionText:"${footerText}",termsAndConditionsTemplate:'Pokračováním souhlasíte s našimi <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Podmínkami a pravidly</a>.',title:"Vítejte","user-blocked":"Váš účet byl zablokován po několika po sobě jdoucích neúspěšných pokusech o přihlášení.",userAccountDoesNotExist:"Uživatelský účet neexistuje",usernameOnlyPlaceholder:"Uživatelské jméno",usernameOrEmailPlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernamePlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernameTooLong:"Uživatelské jméno musí mít nejvýše ${max} znaků",usernameTooShort:"Uživatelské jméno musí mít alespoň ${min} znaků","wrong-credentials":"Nesprávné uživatelské jméno nebo heslo","wrong-email-credentials":"Nesprávný e-mail nebo heslo","wrong-email-phone-credentials":"Nesprávná e-mailová adresa, telefonní číslo nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-email-phone-username-credentials":"Nesprávná e-mailová adresa, telefonní číslo, uživatelské jméno nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-email-username-credentials":"Nesprávná e-mailová adresa, uživatelské jméno nebo heslo","wrong-phone-credentials":"Nesprávné telefonní číslo nebo heslo","wrong-phone-username-credentials":"Nesprávné telefonní číslo, uživatelské jméno nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-username-credentials":"Nesprávné uživatelské jméno nebo heslo",passkeyButtonText:"Přihlásit se pomocí passkey"}},"login-password":{"login-password":{buttonText:"Přihlásit se",description:"Přihlaste se k ${clientName}",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo","no-password":"Heslo je povinné",pageTitle:"Přihlášení | ${clientName}","password-breached":"Zjistili jsme potenciální bezpečnostní problém s tímto účtem. Pro ochranu vašeho účtu jsme toto přihlášení zablokovali. Pro pokračování prosím resetujte své heslo.",passwordPlaceholder:"Heslo",showPasswordText:"Zobrazit heslo",signingInAs:"Přihlášení jako ${email}",title:"Zadejte heslo",unverifiedEmail:"Před přihlášením prosím ověřte svou e-mailovou adresu","user-blocked":"Váš účet byl zablokován po několika po sobě jdoucích neúspěšných pokusech o přihlášení.","wrong-credentials":"Nesprávné heslo"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mailová adresa",authMethodEmailOrPhone:"e-mail nebo telefonní číslo",authMethodPhone:"telefonní číslo",description:"Přihlaste se pomocí ${authMethod}",emailOrPhonePlaceholder:"E-mailová adresa nebo telefonní číslo",emailPlaceholder:"E-mailová adresa",invalidEmail:"Zadejte prosím platnou e-mailovou adresu",invalidIdentifier:"Zadejte prosím platnou e-mailovou adresu nebo telefonní číslo",invalidPhone:"Zadejte prosím platné telefonní číslo s předvolbou země",noEmail:"Zadejte prosím svou e-mailovou adresu",noPhone:"Zadejte prosím své telefonní číslo",phonePlaceholder:"Telefonní číslo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Přihlásit se kódem",userAccountDoesNotExist:"Uživatelský účet neexistuje"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klikněte na odkaz ve svém e-mailu pro přihlášení",description:"Odeslali jsme odkaz na ${username}. Kliknutím na něj se přihlásíte.",resendText:"Odeslat odkaz znovu",spamText:"Nedostali jste e-mail? Zkontrolujte složku nevyžádané pošty.",title:"Zkontrolujte svůj e-mail"}},mfa:MC,"mfa-email":{"mfa-email":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Odeslali jsme kód na ${email}","invalid-code":"Zadaný kód je neplatný",pageTitle:"Ověření e-mailem | ${clientName}",resendText:"Opětovné odeslání kódu",title:"Zkontrolujte svůj e-mail"}},"mfa-otp":{"mfa-otp":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Zadejte šestimístný kód z vaší ověřovací aplikace","invalid-code":"Zadaný kód je neplatný",pageTitle:"Zadejte kód | ${clientName}",title:"Zadejte svůj kód"},"mfa-totp-enrollment":{title:"Nastavit ověřovací aplikaci",description:"Naskenujte QR kód níže pomocí ověřovací aplikace a poté zadejte šestimístný kód pro ověření",secretLabel:"Nebo zadejte tento kód ručně:",codePlaceholder:"Zadejte kód",continueButtonText:"Ověřit a aktivovat","invalid-code":"Zadaný kód je neplatný. Zkuste to prosím znovu.","transaction-not-found":"Platnost vaší registrace vypršela, budete muset začít znovu.",pageTitle:"Nastavení ověřovací aplikace | ${clientName}",unexpectedError:"Něco se pokazilo. Zkuste to prosím znovu.",enrollmentComplete:"Registrace MFA je dokončena. Tuto stránku můžete zavřít."},"mfa-totp-challenge":{title:"Ověřte svou identitu",description:"Zadejte šestimístný kód z vaší ověřovací aplikace",codePlaceholder:"Zadejte kód",continueButtonText:"Pokračovat","invalid-code":"Zadaný kód je neplatný","transaction-not-found":"Platnost vaší registrace vypršela, budete muset začít znovu.",unexpectedError:"Něco se pokazilo. Zkuste to prosím znovu.",pageTitle:"Ověření identity | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Použijte své telefonní číslo pro přihlášení | ${clientName}",title:"Ověřte svou identitu",description:"Odeslali jsme kód na ${phoneNumber}",continueButtonText:"Pokračovat",changePhoneText:"Zvolte jiné telefonní číslo.",smsButtonText:"Textová zpráva",voiceButtonText:"Hlasový hovor",chooseMessageTypeText:"Jak chcete kód přijmout?",pickAuthenticatorText:"Zkusit jinou metodu",logoAltText:"${companyName}",codePlaceholder:"Zadejte kód","send-sms-failed":"Při odesílání SMS došlo k problému","send-voice-failed":"Při uskutečnění hlasového hovoru došlo k problému","invalid-phone-format":"Telefonní číslo může obsahovat pouze číslice.","invalid-phone":"Zdá se, že vaše telefonní číslo není platné. Zkontrolujte a zkuste to znovu.","too-many-sms":"Překročili jste maximální počet telefonních zpráv za hodinu. Počkejte pár minut a zkuste to znovu.","too-many-voice":"Překročili jste maximální počet hlasových hovorů za hodinu. Počkejte pár minut a zkuste to znovu.","transaction-not-found":"Vaše registrační transakce vypršela, budete muset začít znovu.","no-phone":"Zadejte telefonní číslo",noCode:"Zadejte ověřovací kód",invalidCode:"Zadaný kód je neplatný. Zkuste to znovu.",unexpectedError:"Něco se pokazilo. Zkuste to znovu.",resendSuccess:"Odeslali jsme nový kód na váš telefon",enrollmentComplete:"Registrace MFA je dokončena. Tuto stránku můžete zavřít."},"mfa-phone-enrollment":{pageTitle:"Zadejte své telefonní číslo pro přihlášení pomocí telefonního kódu | ${clientName}",title:"Zabezpečte svůj účet",description:"Zadejte kód země a telefonní číslo, na které můžeme odeslat 6místný kód:",continueButtonText:"Pokračovat",smsButtonText:"Textová zpráva",voiceButtonText:"Hlasový hovor",chooseMessageTypeText:"Jak chcete kód přijmout?",pickAuthenticatorText:"Zkusit jinou metodu",placeholder:"Zadejte své telefonní číslo",logoAltText:"${companyName}",selectCountryCode:"Vyberte kód země, aktuálně nastaveno na ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Při odesílání SMS došlo k problému","send-voice-failed":"Při uskutečnění hlasového hovoru došlo k problému","sms-authenticator-error":"Nepodařilo se odeslat SMS. Zkuste to prosím později.","invalid-phone-format":"Telefonní číslo může obsahovat pouze číslice.","invalid-phone":"Zdá se, že vaše telefonní číslo není platné. Zkontrolujte a zkuste to znovu.","too-many-sms":"Překročili jste maximální počet telefonních zpráv za hodinu. Počkejte pár minut a zkuste to znovu.","too-many-voice":"Překročili jste maximální počet hlasových hovorů za hodinu. Počkejte pár minut a zkuste to znovu.","transaction-not-found":"Vaše registrační transakce vypršela, budete muset začít znovu.","no-phone":"Zadejte telefonní číslo","phone-is-too-short":"Telefonní číslo je příliš krátké","phone-is-too-long":"Telefonní číslo je příliš dlouhé"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Vyberte metodu ověření | ${clientName}",title:"Vyberte způsob ověření",description:"Zvolte, jak chcete ověřit svou identitu",authenticatorAppLabel:"Autentizační aplikace",authenticatorAppDescription:"Použijte autentizační aplikaci k získání ověřovacího kódu",smsLabel:"Textová zpráva",smsDescription:"Nechte si zaslat ověřovací kód na telefon",passkeyLabel:"Passkey",passkeyDescription:"Použijte biometrii zařízení nebo bezpečnostní klíč"}},"mfa-push":{"mfa-push":{description:"Odeslali jsme oznámení na vaše zařízení",pageTitle:"Push oznámení | ${clientName}",resendText:"Odeslat oznámení znovu",title:"Schvalte požadavek",useCodeText:"Zadat kód ručně"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Pokračovat",codePlaceholder:"Záložní kód",description:"Zadejte jeden z vašich záložních kódů","invalid-code":"Zadaný záložní kód je neplatný",pageTitle:"Záložní kód | ${clientName}",title:"Zadejte záložní kód"}},"mfa-voice":{"mfa-voice":{buttonText:"Zavolat mi",codePlaceholder:"Zadejte kód",description:"Zavoláme na ${phoneNumber} s vaším kódem","invalid-code":"Zadaný kód je neplatný",pageTitle:"Hlasový hovor | ${clientName}",title:"Přijmout telefonní hovor"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Zkusit znovu",description:"Vložte svůj bezpečnostní klíč a postupujte podle pokynů",pageTitle:"Bezpečnostní klíč | ${clientName}",title:"Použijte svůj bezpečnostní klíč"}},passkeys:UC,organizations:qC,"reset-password":{"reset-password":{backToLoginText:"Zpět na přihlášení",buttonText:"Pokračovat",codeExpired:"Platnost kódu pro obnovení hesla vypršela. Požádejte prosím o nový.",confirmPasswordLabel:"Potvrzení hesla",confirmPasswordPlaceholder:"Potvrzení hesla",description:"Zadejte svůj e-mail pro obnovení hesla",emailPlaceholder:"E-mailová adresa",failed:"Obnovení hesla se nezdařilo. Zkuste to prosím znovu.","invalid-email-format":"Neplatný e-mail","no-email":"Zadejte prosím e-mailovou adresu",pageTitle:"Obnovení hesla | ${clientName}",passwordLabel:"Nové heslo",passwordPlaceholder:"Nové heslo",passwordTooWeak:"Heslo je příliš slabé",passwordsDidntMatch:"Hesla se neshodují",successDescription:"Odkaz na obnovení hesla jsme odeslali na vaši e-mailovou adresu.",successTitle:"Zkontrolujte svůj e-mail",title:"Zapomněli jste heslo?","user-not-found":"Uživatel nenalezen"},"reset-password-code":{backToLoginText:"Zpět na přihlášení",buttonText:"Obnovit heslo",codeLabel:"Kód pro obnovení",codePlaceholder:"Zadejte 6místný kód",confirmPasswordLabel:"Potvrzení hesla",confirmPasswordPlaceholder:"Potvrzení hesla",defaultDescription:"Zadejte kód zaslaný na váš e-mail a zvolte nové heslo",description:"Odeslali jsme kód na ${email}",failed:"Obnovení hesla se nezdařilo. Zkuste to prosím znovu.",invalidCode:"Zadaný kód je neplatný nebo vypršel",noCode:"Zadejte prosím kód pro obnovení",pageTitle:"Zadejte kód pro obnovení | ${clientName}",passwordLabel:"Nové heslo",passwordPlaceholder:"Nové heslo",passwordTooWeak:"Heslo je příliš slabé",passwordsDidntMatch:"Hesla se neshodují",resendFailed:"Nepodařilo se znovu odeslat kód. Zkuste to prosím znovu.",resendSuccess:"Nový kód byl odeslán na váš e-mail",resendText:"Odeslat kód znovu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zadejte kód pro obnovení"}},signup:HC,"signup-id":{"signup-id":{buttonText:"Pokračovat",description:"Zaregistrujte se a pokračujte","email-already-exists":"Tento e-mail je již zaregistrován",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}","invalid-email-format":"Neplatný e-mail",loginActionLinkText:"Přihlásit se",loginActionText:"Už máte účet?","no-email":"Zadejte prosím e-mailovou adresu",pageTitle:"Registrace | ${clientName}",phonePlaceholder:"Telefonní číslo",separatorText:"nebo",title:"Vytvořte svůj účet",usernamePlaceholder:"Uživatelské jméno"}},"signup-password":{"signup-password":{buttonText:"Pokračovat",description:"Zaregistrujte se a pokračujte",hidePasswordText:"Skrýt heslo","no-password":"Heslo je povinné",pageTitle:"Registrace | ${clientName}","password-policy-not-met":"Heslo nesplňuje požadavky","password-too-weak":"Heslo je příliš slabé",passwordPlaceholder:"Heslo",showPasswordText:"Zobrazit heslo",title:"Vytvořte své heslo"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Pokračovat",codeLabel:"Ověřovací kód",codePlaceholder:"Zadejte kód",defaultDescription:"Zadejte ověřovací kód zaslaný na váš telefon",description:"Odeslali jsme kód na ${username}","invalid-code":"Neplatný kód",noCode:"Zadejte prosím ověřovací kód",pageTitle:"Zadejte kód | ${clientName}",resendText:"Opětovné odeslání kódu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zkontrolujte svůj telefon",unexpectedError:"Došlo k neočekávané chybě"}},status:VC},_O=Object.freeze(Object.defineProperty({__proto__:null,common:RC,consent:DC,default:yO,invitation:BC,login:LC,mfa:MC,organizations:qC,passkeys:UC,signup:HC,status:VC},Symbol.toStringTag,{value:"Module"})),KC={common:{alertListTitle:"Advarsler",backText:"Gå tilbage",cancelText:"Gå tilbage",closeText:"Luk",contactSupportText:"Har du brug for hjælp?",continueText:"Fortsæt",copyrightText:"© ${currentYear} ${companyName}",errorText:"Noget gik galt. Prøv venligst igen.",hidePasswordText:"Skjul adgangskode",loadingText:"Indlæser...",orText:"eller",privacyPolicyText:"Privatlivspolitik",showPasswordText:"Vis adgangskode",termsOfServiceText:"Servicevilkår",termsShortText:"Vilkår",tryAgainText:"Prøv igen"}},GC={consent:{buttonText:"Acceptér",cancelButtonText:"Afvis",description:"${clientName} anmoder om adgang til din konto",pageTitle:"Godkend | ${clientName}",scopesTitle:"Dette vil give ${clientName} tilladelse til at:",title:"Godkend ${clientName}"}},WC={invitation:{acceptButtonText:"Acceptér invitation",description:"${inviterName} har inviteret dig til at deltage i ${organizationName} på ${clientName}",pageTitle:"Invitation | ${clientName}",title:"Du er blevet inviteret"}},JC={login:{alertListTitle:"Advarsler",buttonText:"Fortsæt",description:"Log ind på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-mail-adresse",enterACodeBtn:"Log ind med en kode",federatedConnectionButtonText:"Fortsæt med ${connectionName}",footerLinkText:"Tilmeld dig",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode",invalidEmail:"Ugyldig e-mail",invalidIdentifier:"Ugyldig e-mail eller brugernavn",invitationDescription:"Log ind for at acceptere ${inviterName}s invitation til at deltage i ${companyName} på ${clientName}.",invitationTitle:"Du er blevet inviteret!",logoAltText:"${companyName}","no-email":"Indtast venligst en e-mailadresse","no-password":"Adgangskode er påkrævet",pageTitle:"Log ind | ${clientName}",passwordLoginNotAvailable:"Adgangskodegodkendelse er ikke tilgængelig",passwordPlaceholder:"Adgangskode",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",signupActionLinkText:"Tilmeld dig",signupActionText:"Har du ikke en konto?",title:"Velkommen",tooManyFailedLogins:"For mange mislykkede loginforsøg. Prøv venligst igen senere.",unverifiedEmail:"Bekræft venligst din e-mailadresse, før du logger ind",userAccountDoesNotExist:"Brugerkontoen findes ikke",usernamePlaceholder:"Brugernavn eller e-mailadresse",usernameTooLong:"Brugernavnet må højst være ${max} tegn",usernameTooShort:"Brugernavnet skal være mindst ${min} tegn",wrongCredentials:"Forkert brugernavn eller adgangskode",passkeyButtonText:"Log ind med passkey"}},YC={mfa:{backupCodeText:"Brug backupkode",description:"Vælg en bekræftelsesmetode",pageTitle:"Multifaktorgodkendelse | ${clientName}",title:"Bekræft din identitet"}},QC={"passkey-enrollment-nudge":{title:"Sikr din konto med en adgangsnøgle",description:"Adgangsnøgler bruger din enheds biometri eller PIN til at logge dig ind hurtigere og mere sikkert.",enrollButtonText:"Konfigurer adgangsnøgle",snoozeButtonText:"Måske senere",optOutLinkText:"Vis ikke dette igen",pageTitle:"Konfigurer Adgangsnøgle | ${clientName}"},"passkey-enrollment":{title:"Opret din adgangsnøgle",description:"Følg anvisningerne fra din browser for at oprette en adgangsnøgle til denne konto.",errorMessage:"Oprettelse af adgangsnøgle mislykkedes. Prøv venligst igen.",cancelLinkText:"Spring over for nu",retryButtonText:"Prøv igen",enrollmentComplete:"Din adgangsnøgle er konfigureret. Du kan lukke denne side.",pageTitle:"Opret Adgangsnøgle | ${clientName}"},"passkey-challenge":{title:"Log ind med passkey",description:"Følg anvisningerne fra din browser for at bekræfte din identitet.",errorMessage:"Godkendelse med passkey mislykkedes. Prøv venligst igen.",cancelLinkText:"Tilbage til login",retryButtonText:"Prøv igen",pageTitle:"Log ind med passkey | ${clientName}"}},ZC={organizations:{description:"Vælg hvilken organisation du vil logge ind på",pageTitle:"Vælg organisation | ${clientName}",searchPlaceholder:"Søg organisationer",title:"Vælg din organisation"}},XC={signup:{buttonText:"Tilmelding",confirmPasswordPlaceholder:"Bekræft adgangskode",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.","email-already-exists":"E-mailen er allerede optaget",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}",hidePasswordText:"Skjul adgangskode","invalid-email-format":"Ugyldig e-mail",loginActionLinkText:"Log ind",loginActionText:"Har du allerede en konto?","no-email":"Indtast venligst en e-mailadresse","no-password":"Adgangskode er påkrævet","no-username":"Brugernavn er påkrævet",pageTitle:"Tilmeld dig | ${clientName}",passwordPlaceholder:"Adgangskode",passwordsDidntMatch:"Adgangskoderne matcher ikke",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Privatlivspolitik",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",termsOfServiceLinkText:"Servicevilkår",termsText:"Ved at tilmelde dig accepterer du vores",title:"Vælg adgangskode","username-already-exists":"Dette brugernavn er allerede taget",usernamePlaceholder:"Brugernavn",verifyEmailText:"Tjek venligst din e-mail for at bekræfte din konto"}},eT={status:{continueButtonText:"Fortsæt",errorTitle:"Fejl",pageTitle:"Status | ${clientName}",successTitle:"Succes",title:"Status"}},wO={common:KC,consent:GC,"device-flow":{"device-flow":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Indtast koden, der vises på din enhed","expired-code":"Koden er udløbet","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Enhedsaktivering | ${clientName}",title:"Aktivér din enhed"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Log ind",codeLabel:"Bekræftelseskode",codePlaceholder:"Indtast kode",defaultDescription:"Indtast bekræftelseskoden, der blev sendt til din e-mail",description:"Vi sendte en kode til ${email}","invalid-code":"Ugyldig kode",noCode:"Indtast venligst bekræftelseskoden",pageTitle:"Indtast kode | ${clientName}",resendText:"Send koden igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Tjek din e-mail",unexpectedError:"Der opstod en uventet fejl"}},"email-verification":{"email-verification":{description:"Vi sendte en e-mail til ${email}",pageTitle:"Bekræft e-mail | ${clientName}",resendText:"Send koden igen",successDescription:"Din e-mail er blevet bekræftet.",successTitle:"E-mail bekræftet",title:"Bekræft din e-mail"}},invitation:WC,login:JC,"login-id":{"login-id":{alertListTitle:"Advarsler","auth0-users-validation":"Noget gik galt, prøv venligst igen senere","authentication-failure":"Vi beklager, noget gik galt under loginforsøget",buttonText:"Fortsæt","captcha-client-failure":"Vi kunne ikke indlæse sikkerhedsudfordringen. Prøv venligst igen. (Fejlkode: #{errorCode})","captcha-validation-failure":"Vi beklager, noget gik galt under validering af captcha-svaret. Prøv venligst igen.",captchaCodePlaceholder:"Indtast koden vist ovenfor","custom-script-error-code":"Noget gik galt, prøv venligst igen senere.",description:"Log ind på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}",footerLinkText:"Tilmeld dig",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode","invalid-captcha":"Løs sikkerhedsspørgsmålet for at bekræfte, at du ikke er en robot.","invalid-code":"Ugyldig kode","invalid-connection":"Ugyldig forbindelse","invalid-email-format":"Ugyldig e-mail","invalid-email-phone":"Indtast en gyldig e-mailadresse eller telefonnummer. Telefonnumre skal inkludere landekoden.","invalid-email-phone-username":"Indtast en gyldig e-mailadresse, telefonnummer eller brugernavn. Telefonnumre skal inkludere landekoden.","invalid-email-username":"Indtast en gyldig e-mailadresse eller brugernavn","invalid-expired-code":"Ugyldig eller udløbet brugerkode","invalid-login-id":"Ugyldigt login-ID indtastet","invalid-phone-username":"Indtast et gyldigt telefonnummer eller brugernavn. Telefonnumre skal inkludere landekoden.","invalid-recaptcha":"Markér afkrydsningsfeltet for at bekræfte, at du ikke er en robot.","invalid-username":"Brugernavnet kan kun indeholde alfanumeriske tegn eller: '${characters}'. Brugernavnet skal være mellem ${min} og ${max} tegn.",invitationDescription:"Log ind for at acceptere ${inviterName}s invitation til at deltage i ${companyName} på ${clientName}.",invitationTitle:"Du er blevet inviteret!","ip-blocked":"Vi har registreret mistænkelig loginadfærd, og yderligere forsøg vil blive blokeret. Kontakt venligst administratoren.",logoAltText:"${companyName}","no-db-connection":"Ugyldig forbindelse","no-email":"Indtast venligst en e-mailadresse","no-email-phone":"E-mailadresse eller telefonnummer er påkrævet","no-email-phone-username":"Telefonnummer, brugernavn eller e-mailadresse er påkrævet","no-email-username":"E-mailadresse eller brugernavn er påkrævet","no-password":"Adgangskode er påkrævet","no-phone":"Indtast venligst et telefonnummer","no-phone-username":"Telefonnummer eller brugernavn er påkrævet","no-username":"Brugernavn er påkrævet",pageTitle:"Log ind | ${clientName}","password-breached":"Vi har registreret et potentielt sikkerhedsproblem med denne konto. For at beskytte din konto har vi forhindret dette login. Nulstil venligst din adgangskode for at fortsætte.",passwordPlaceholder:"Adgangskode",phoneOrEmailPlaceholder:"E-mail eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, brugernavn eller e-mail",phoneOrUsernamePlaceholder:"Telefonnummer eller brugernavn",phonePlaceholder:"Telefonnummer","same-user-login":"For mange loginforsøg for denne bruger. Vent venligst, og prøv igen senere.",selectCountryCode:"Vælg landekode, i øjeblikket sat til ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",signupActionLinkText:"Tilmeld dig",signupActionText:"Har du ikke en konto?",termsAndConditionsTemplate:'Ved at fortsætte accepterer du vores <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Vilkår og betingelser</a>.',title:"Velkommen","user-blocked":"Din konto er blevet blokeret efter flere på hinanden følgende loginforsøg.",userAccountDoesNotExist:"Brugerkontoen findes ikke",usernameOnlyPlaceholder:"Brugernavn",usernameOrEmailPlaceholder:"Brugernavn eller e-mailadresse",usernamePlaceholder:"Brugernavn",usernameTooLong:"Brugernavnet må højst være ${max} tegn",usernameTooShort:"Brugernavnet skal være mindst ${min} tegn","wrong-credentials":"Forkert brugernavn eller adgangskode","wrong-email-credentials":"Forkert e-mail eller adgangskode","wrong-email-phone-credentials":"Forkert e-mailadresse, telefonnummer eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-email-phone-username-credentials":"Forkert e-mailadresse, telefonnummer, brugernavn eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-email-username-credentials":"Forkert e-mailadresse, brugernavn eller adgangskode","wrong-phone-credentials":"Forkert telefonnummer eller adgangskode","wrong-phone-username-credentials":"Forkert telefonnummer, brugernavn eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-username-credentials":"Forkert brugernavn eller adgangskode",passkeyButtonText:"Log ind med passkey"}},"login-password":{"login-password":{buttonText:"Log ind",description:"Indtast din e-mailadresse og adgangskode for at logge ind.",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode","no-password":"Adgangskode er påkrævet",pageTitle:"Log ind | ${clientName}","password-breached":"Vi har registreret et potentielt sikkerhedsproblem med denne konto. For at beskytte din konto har vi forhindret dette login. Nulstil venligst din adgangskode for at fortsætte.",passwordPlaceholder:"Adgangskode",showPasswordText:"Vis adgangskode",signingInAs:"Logger ind som ${email}",title:"Indtast adgangskode",unverifiedEmail:"Bekræft venligst din e-mailadresse, før du logger ind","user-blocked":"Din konto er blevet blokeret efter flere på hinanden følgende loginforsøg.","wrong-credentials":"Forkert adgangskode"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mail",authMethodEmailOrPhone:"e-mail eller telefonnummer",authMethodPhone:"telefonnummer",description:"Log ind med din ${authMethod}",emailOrPhonePlaceholder:"E-mailadresse eller telefonnummer",emailPlaceholder:"E-mail-adresse",invalidEmail:"Indtast venligst en gyldig e-mailadresse",invalidIdentifier:"Indtast venligst en gyldig e-mailadresse eller telefonnummer",invalidPhone:"Indtast venligst et gyldigt telefonnummer med landekode",noEmail:"Indtast venligst din e-mailadresse",noPhone:"Indtast venligst dit telefonnummer",phonePlaceholder:"Telefonnummer",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Log ind med en kode",userAccountDoesNotExist:"Brugerkontoen findes ikke"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klik på linket i din e-mail for at logge ind",description:"Vi sendte et link til ${username}. Klik på det for at logge ind.",resendText:"Send link igen",spamText:"Har du ikke modtaget e-mailen? Tjek din spam-mappe.",title:"Tjek din e-mail"}},mfa:YC,"mfa-email":{"mfa-email":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Vi sendte en kode til ${email}","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"E-mailbekræftelse | ${clientName}",resendText:"Send kode igen",title:"Tjek din e-mail"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Indtast den 6-cifrede kode fra din autentificeringsapp","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Indtast kode | ${clientName}",title:"Indtast din kode"},"mfa-totp-enrollment":{title:"Opsæt autentificeringsapp",description:"Scan QR-koden nedenfor med din autentificeringsapp, og indtast derefter den 6-cifrede kode for at bekræfte",secretLabel:"Eller indtast denne kode manuelt:",codePlaceholder:"Indtast kode",continueButtonText:"Bekræft og aktiver","invalid-code":"Den indtastede kode er ugyldig. Prøv venligst igen.","transaction-not-found":"Din tilmeldingssession er udløbet. Du skal starte forfra.",pageTitle:"Opsæt autentificeringsapp | ${clientName}",unexpectedError:"Noget gik galt. Prøv venligst igen.",enrollmentComplete:"MFA-tilmeldingen er fuldført. Du kan lukke denne side."},"mfa-totp-challenge":{title:"Bekræft din identitet",description:"Indtast den 6-cifrede kode fra din autentificeringsapp",codePlaceholder:"Indtast kode",continueButtonText:"Fortsæt","invalid-code":"Den indtastede kode er ugyldig","transaction-not-found":"Din session er udløbet. Du skal starte forfra.",unexpectedError:"Noget gik galt. Prøv venligst igen.",pageTitle:"Bekræft identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Brug dit telefonnummer til at logge ind | ${clientName}",title:"Bekræft din identitet",description:"Vi sendte en kode til ${phoneNumber}",continueButtonText:"Fortsæt",changePhoneText:"Vælg et andet telefonnummer.",smsButtonText:"SMS",voiceButtonText:"Taleopkald",chooseMessageTypeText:"Hvordan vil du modtage koden?",pickAuthenticatorText:"Prøv en anden metode",logoAltText:"${companyName}",codePlaceholder:"Indtast kode","send-sms-failed":"Der opstod et problem med at sende SMS'en","send-voice-failed":"Der opstod et problem med at foretage taleopkaldet","invalid-phone-format":"Telefonnummeret kan kun indeholde cifre.","invalid-phone":"Det ser ud til, at dit telefonnummer ikke er gyldigt. Kontrollér og prøv igen.","too-many-sms":"Du har overskredet det maksimale antal telefonbeskeder pr. time. Vent et par minutter og prøv igen.","too-many-voice":"Du har overskredet det maksimale antal telefonopkald pr. time. Vent et par minutter og prøv igen.","transaction-not-found":"Din registreringstransaktion er udløbet, du skal starte forfra.","no-phone":"Indtast et telefonnummer",noCode:"Indtast bekræftelseskoden",invalidCode:"Den indtastede kode er ugyldig. Prøv igen.",unexpectedError:"Noget gik galt. Prøv igen.",resendSuccess:"Vi sendte en ny kode til din telefon",enrollmentComplete:"MFA-tilmeldingen er fuldført. Du kan lukke denne side."},"mfa-phone-enrollment":{pageTitle:"Indtast dit telefonnummer for at logge ind med en telefonkode | ${clientName}",title:"Sikre din konto",description:"Indtast din landekode og telefonnummer, som vi kan sende en 6-cifret kode til:",continueButtonText:"Fortsæt",smsButtonText:"SMS",voiceButtonText:"Taleopkald",chooseMessageTypeText:"Hvordan vil du modtage koden?",pickAuthenticatorText:"Prøv en anden metode",placeholder:"Indtast dit telefonnummer",logoAltText:"${companyName}",selectCountryCode:"Vælg landekode, i øjeblikket sat til ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Der opstod et problem med at sende SMS'en","send-voice-failed":"Der opstod et problem med at foretage taleopkaldet","sms-authenticator-error":"Vi kunne ikke sende SMS'en. Prøv igen senere.","invalid-phone-format":"Telefonnummeret kan kun indeholde cifre.","invalid-phone":"Det ser ud til, at dit telefonnummer ikke er gyldigt. Kontrollér og prøv igen.","too-many-sms":"Du har overskredet det maksimale antal telefonbeskeder pr. time. Vent et par minutter og prøv igen.","too-many-voice":"Du har overskredet det maksimale antal telefonopkald pr. time. Vent et par minutter og prøv igen.","transaction-not-found":"Din registreringstransaktion er udløbet, du skal starte forfra.","no-phone":"Indtast et telefonnummer","phone-is-too-short":"Telefonnummeret er for kort","phone-is-too-long":"Telefonnummeret er for langt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Vælg bekræftelsesmetode | ${clientName}",title:"Vælg din bekræftelsesmetode",description:"Vælg hvordan du vil bekræfte din identitet",authenticatorAppLabel:"Godkendelsesapp",authenticatorAppDescription:"Brug din godkendelsesapp til at få en bekræftelseskode",smsLabel:"Sms-besked",smsDescription:"Få en bekræftelseskode sendt til din telefon",passkeyLabel:"Adgangsnøgle",passkeyDescription:"Brug din enheds biometri eller sikkerhedsnøgle"}},"mfa-push":{"mfa-push":{description:"Vi sendte en notifikation til din enhed",pageTitle:"Push-notifikation | ${clientName}",resendText:"Send notifikation igen",title:"Godkend anmodningen",useCodeText:"Indtast kode manuelt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsæt",codePlaceholder:"Gendannelseskode",description:"Indtast en af dine gendannelseskoder","invalid-code":"Den indtastede gendannelseskode er ugyldig",pageTitle:"Gendannelseskode | ${clientName}",title:"Indtast gendannelseskode"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring til mig",codePlaceholder:"Indtast kode",description:"Vi ringer til ${phoneNumber} med din kode","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Taleopkald | ${clientName}",title:"Modtag et telefonopkald"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Prøv igen",description:"Indsæt din sikkerhedsnøgle og følg instruktionerne",pageTitle:"Sikkerhedsnøgle | ${clientName}",title:"Brug din sikkerhedsnøgle"}},passkeys:QC,organizations:ZC,"reset-password":{"reset-password":{backToLoginText:"Gå tilbage",buttonText:"Send e-mail til nulstilling af adgangskode",codeExpired:"Din kode til nulstilling af adgangskode er udløbet. Anmod venligst om en ny.",confirmPasswordLabel:"Bekræft adgangskode",confirmPasswordPlaceholder:"Bekræft adgangskode",description:"Klik på knappen nedenfor, så sender vi instruktioner om, hvordan du nulstiller din adgangskode.",emailPlaceholder:"E-mail-adresse",failed:"Nulstilling af adgangskode mislykkedes. Prøv venligst igen.","invalid-email-format":"Ugyldig e-mail","no-email":"Indtast venligst en e-mailadresse",pageTitle:"Nulstil adgangskode | ${clientName}",passwordLabel:"Ny adgangskode",passwordPlaceholder:"Ny adgangskode",passwordTooWeak:"Adgangskoden er for svag",passwordsDidntMatch:"Adgangskoderne matcher ikke",successDescription:"Vi har sendt et link til nulstilling af adgangskode til din e-mailadresse.",successTitle:"E-mail til nulstilling af adgangskode sendt",title:"Har du glemt din adgangskode?","user-not-found":"Bruger ikke fundet"},"reset-password-code":{backToLoginText:"Tilbage til login",buttonText:"Nulstil adgangskode",codeLabel:"Nulstillingskode",codePlaceholder:"Indtast 6-cifret kode",confirmPasswordLabel:"Bekræft adgangskode",confirmPasswordPlaceholder:"Bekræft adgangskode",defaultDescription:"Indtast koden sendt til din e-mail og vælg en ny adgangskode",description:"Vi sendte en kode til ${email}",failed:"Nulstilling af adgangskode mislykkedes. Prøv venligst igen.",invalidCode:"Den indtastede kode er ugyldig eller udløbet",noCode:"Indtast venligst nulstillingskoden",pageTitle:"Indtast nulstillingskode | ${clientName}",passwordLabel:"Ny adgangskode",passwordPlaceholder:"Ny adgangskode",passwordTooWeak:"Adgangskoden er for svag",passwordsDidntMatch:"Adgangskoderne matcher ikke",resendFailed:"Kunne ikke sende koden igen. Prøv igen.",resendSuccess:"En ny kode er blevet sendt til din e-mail",resendText:"Send kode igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Indtast nulstillingskode"}},signup:XC,"signup-id":{"signup-id":{buttonText:"Fortsæt",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.","email-already-exists":"E-mailen er allerede optaget",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}","invalid-email-format":"Ugyldig e-mail",loginActionLinkText:"Log ind",loginActionText:"Har du allerede en konto?","no-email":"Indtast venligst en e-mailadresse",pageTitle:"Tilmeld dig | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Vælg adgangskode",usernamePlaceholder:"Brugernavn"}},"signup-password":{"signup-password":{buttonText:"Fortsæt",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.",hidePasswordText:"Skjul adgangskode","no-password":"Adgangskode er påkrævet",pageTitle:"Tilmeld dig | ${clientName}","password-policy-not-met":"Adgangskoden opfylder ikke kravene","password-too-weak":"Adgangskoden er for svag",passwordPlaceholder:"Adgangskode",showPasswordText:"Vis adgangskode",title:"Vælg adgangskode"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Log ind",codeLabel:"Bekræftelseskode",codePlaceholder:"Indtast kode",defaultDescription:"Indtast bekræftelseskoden, der blev sendt til din telefon",description:"Vi sendte en kode til ${username}","invalid-code":"Ugyldig kode",noCode:"Indtast venligst bekræftelseskoden",pageTitle:"Indtast kode | ${clientName}",resendText:"Send koden igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Tjek din telefon",unexpectedError:"Der opstod en uventet fejl"}},status:eT},bO=Object.freeze(Object.defineProperty({__proto__:null,common:KC,consent:GC,default:wO,invitation:WC,login:JC,mfa:YC,organizations:ZC,passkeys:QC,signup:XC,status:eT},Symbol.toStringTag,{value:"Module"})),tT={common:{alertListTitle:"Alerts",backText:"Back",cancelText:"Cancel",closeText:"Close",contactSupportText:"Contact Support",continueText:"Continue",copyrightText:"© ${currentYear} ${companyName}",errorText:"An error occurred",hidePasswordText:"Hide password",loadingText:"Loading...",orText:"or",privacyPolicyText:"Privacy Policy",showPasswordText:"Show password",termsOfServiceText:"Terms of Service",termsShortText:"Terms",tryAgainText:"Try again"}},nT={consent:{buttonText:"Accept",cancelButtonText:"Deny",description:"${clientName} is requesting access to your account",pageTitle:"Authorize | ${clientName}",scopesTitle:"This will allow ${clientName} to:",title:"Authorize ${clientName}"}},iT={invitation:{acceptButtonText:"Accept invitation",description:"${inviterName} has invited you to join ${organizationName} on ${clientName}",pageTitle:"Invitation | ${clientName}",title:"You've been invited"}},rT={login:{alertListTitle:"Alerts",buttonText:"Continue",description:"Log in to ${clientName}.",editEmailText:"Edit",emailPlaceholder:"Email address",enterACodeBtn:"Sign in with a code",federatedConnectionButtonText:"Continue with ${connectionName}",footerLinkText:"Sign up",footerText:"Don't have an account?",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password",invalidEmail:"Invalid email",invalidIdentifier:"Invalid email or username",invitationDescription:"Log in to accept ${inviterName}'s invitation to join ${companyName} on ${clientName}.",invitationTitle:"You've Been Invited!",logoAltText:"${companyName}","no-email":"Please enter an email address","no-password":"Password is required",pageTitle:"Log in | ${clientName}",passwordLoginNotAvailable:"Password authentication is not available",passwordPlaceholder:"Password",phonePlaceholder:"Phone number",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",signupActionLinkText:"Sign up",signupActionText:"Don't have an account?",title:"Welcome",tooManyFailedLogins:"Too many failed login attempts. Please try again later.",unverifiedEmail:"Please verify your email address before logging in",userAccountDoesNotExist:"User account does not exist",usernamePlaceholder:"Username or email address",usernameTooLong:"Username must be ${max} characters or less",usernameTooShort:"Username must be at least ${min} characters",passkeyButtonText:"Sign in with a passkey",wrongCredentials:"Wrong username or password"}},oT={mfa:{backupCodeText:"Use backup code",description:"Choose a verification method",pageTitle:"Multi-Factor Authentication | ${clientName}",title:"Verify your identity"}},sT={"passkey-enrollment-nudge":{title:"Secure your account with a passkey",description:"Passkeys use your device's biometrics or PIN to sign you in faster and more securely.",enrollButtonText:"Set up passkey",snoozeButtonText:"Maybe later",optOutLinkText:"Don't show this again",pageTitle:"Set Up Passkey | ${clientName}"},"passkey-enrollment":{title:"Create your passkey",description:"Follow the prompts from your browser to create a passkey for this account.",errorMessage:"Failed to create passkey. Please try again.",cancelLinkText:"Skip for now",retryButtonText:"Try again",enrollmentComplete:"Your passkey has been set up successfully. You can close this page.",pageTitle:"Create Passkey | ${clientName}"},"passkey-challenge":{title:"Sign in with a passkey",description:"Follow the prompts from your browser to verify your identity.",errorMessage:"Passkey authentication failed. Please try again.",cancelLinkText:"Back to login",retryButtonText:"Try again",pageTitle:"Sign In with Passkey | ${clientName}"}},aT={organizations:{description:"Choose which organization to log in to",pageTitle:"Select Organization | ${clientName}",searchPlaceholder:"Search organizations",title:"Select your organization"}},cT={signup:{buttonText:"Continue",confirmPasswordPlaceholder:"Confirm password",description:"Sign up to continue","email-already-exists":"This email is already registered",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}",hidePasswordText:"Hide password","invalid-email-format":"Email is not valid.",loginActionLinkText:"Log in",loginActionText:"Already have an account?","no-email":"Please enter an email address","no-password":"Password is required","no-username":"Username is required",pageTitle:"Sign up | ${clientName}",passwordPlaceholder:"Password",passwordsDidntMatch:"Passwords don't match",phonePlaceholder:"Phone number",privacyPolicyLinkText:"Privacy Policy",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",termsOfServiceLinkText:"Terms of Service",termsText:"By signing up, you agree to our",title:"Create your account","username-already-exists":"This username is already taken",usernamePlaceholder:"Username",verifyEmailText:"Please check your email to verify your account"}},lT={status:{continueButtonText:"Continue",errorTitle:"Error",pageTitle:"Status | ${clientName}",successTitle:"Success",title:"Status"}},vO={common:tT,consent:nT,"device-flow":{"device-flow":{buttonText:"Continue",codePlaceholder:"Enter code",description:"Enter the code shown on your device","expired-code":"The code has expired","invalid-code":"The code you entered is invalid",pageTitle:"Device Activation | ${clientName}",title:"Activate your device"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Continue",codeLabel:"Verification Code",codePlaceholder:"Enter code",defaultDescription:"Enter the verification code sent to your email",description:"We sent a code to ${email}","invalid-code":"The code you entered is invalid",noCode:"Please enter the verification code",pageTitle:"Enter Code | ${clientName}",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Check your email",unexpectedError:"An unexpected error occurred"}},"email-verification":{"email-verification":{description:"We sent an email to ${email}",pageTitle:"Verify Email | ${clientName}",resendText:"Resend email",successDescription:"Your email has been verified successfully.",successTitle:"Email verified",title:"Verify your email"}},invitation:iT,login:rT,"login-id":{"login-id":{alertListTitle:"Alerts","auth0-users-validation":"Something went wrong, please try again later","authentication-failure":"We are sorry, something went wrong when attempting to log in",buttonText:"Continue","captcha-client-failure":"We couldn't load the security challenge. Please try again. (Error code: #{errorCode})","captcha-validation-failure":"We are sorry, something went wrong while validating the captcha response. Please try again.",captchaCodePlaceholder:"Enter the code shown above","custom-script-error-code":"Something went wrong, please try again later.",description:"Log in to ${clientName}.",editEmailText:"Edit",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}",footerLinkText:"Sign up",footerText:"Don't have an account?",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password","invalid-captcha":"Solve the challenge question to verify you are not a robot.","invalid-code":"The code you entered is invalid","invalid-connection":"Invalid connection","invalid-email-format":"Email is not valid.","invalid-email-phone":"Enter a valid email address or phone number. Phone numbers must include the country code.","invalid-email-phone-username":"Enter a valid email address, phone number or username. Phone numbers must include the country code.","invalid-email-username":"Enter a valid email address or username","invalid-expired-code":"Invalid or expired user code","invalid-login-id":"Invalid Login ID entered","invalid-phone-username":"Enter a valid phone number or username. Phone numbers must include the country code.","invalid-recaptcha":"Select the checkbox to verify you are not a robot.","invalid-username":"Username can only contain alphanumeric characters or: '${characters}'. Username should have between ${min} and ${max} characters.",invitationDescription:"Log in to accept ${inviterName}'s invitation to join ${companyName} on ${clientName}.",invitationTitle:"You've Been Invited!","ip-blocked":"We have detected suspicious login behavior and further attempts will be blocked. Please contact the administrator.",logoAltText:"${companyName}","no-db-connection":"Invalid connection","no-email":"Please enter an email address","no-email-phone":"Email address or phone number is required","no-email-phone-username":"Phone number, username, or email address is required","no-email-username":"Email address or username is required","no-password":"Password is required","no-phone":"Please enter a phone number","no-phone-username":"Phone number or username is required","no-username":"Username is required",pageTitle:"Log in | ${clientName}","password-breached":"We have detected a potential security issue with this account. To protect your account, we have prevented this login. Please reset your password to proceed.",passwordPlaceholder:"Password",phoneOrEmailPlaceholder:"Phone number or Email address",phoneOrUsernameOrEmailPlaceholder:"Phone or Username or Email",phoneOrUsernamePlaceholder:"Phone Number or Username",phonePlaceholder:"Phone number","same-user-login":"Too many login attempts for this user. Please wait, and try again later.",selectCountryCode:"Select country code, currently set to ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",signupActionLinkText:"Sign up",signupActionText:"Don't have an account?",termsAndConditionsTemplate:'By continuing, you agree to our <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Terms and Conditions</a>.',title:"Welcome","user-blocked":"Your account has been blocked after multiple consecutive login attempts.",userAccountDoesNotExist:"User account does not exist",usernameOnlyPlaceholder:"Username",usernameOrEmailPlaceholder:"Username or Email address",usernamePlaceholder:"Username or email address",usernameTooLong:"Username must be ${max} characters or less",usernameTooShort:"Username must be at least ${min} characters","wrong-credentials":"Wrong username or password","wrong-email-credentials":"Wrong email or password","wrong-email-phone-credentials":"Incorrect email address, phone number, or password. Phone numbers must include the country code.","wrong-email-phone-username-credentials":"Incorrect email address, phone number, username, or password. Phone numbers must include the country code.","wrong-email-username-credentials":"Incorrect email address, username, or password","wrong-phone-credentials":"Incorrect phone number or password","wrong-phone-username-credentials":"Incorrect phone number, username or password. Phone numbers must include the country code.",passkeyButtonText:"Sign in with a passkey","wrong-username-credentials":"Incorrect username or password"}},"login-password":{"login-password":{buttonText:"Continue",description:"Log in to ${clientName}",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password","no-password":"Password is required",pageTitle:"Log in | ${clientName}","password-breached":"We have detected a potential security issue with this account. To protect your account, we have prevented this login. Please reset your password to proceed.",passwordPlaceholder:"Password",showPasswordText:"Show password",signingInAs:"Signing in as ${email}",title:"Enter your password",unverifiedEmail:"Please verify your email address before logging in","user-blocked":"Your account has been blocked after multiple consecutive login attempts.","wrong-credentials":"Wrong password"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"email",authMethodEmailOrPhone:"email or phone number",authMethodPhone:"phone number",description:"Sign in using your ${authMethod}",emailOrPhonePlaceholder:"Email address or phone number",emailPlaceholder:"Email address",invalidEmail:"Please enter a valid email address",invalidIdentifier:"Please enter a valid email address or phone number",invalidPhone:"Please enter a valid phone number with country code",noEmail:"Please enter your email address",noPhone:"Please enter your phone number",phonePlaceholder:"Phone number",sessionExpired:"Your session has expired. Please try again.",title:"Sign in with a code",userAccountDoesNotExist:"User account does not exist"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Click the link in your email to sign in",description:"We sent a link to ${username}. Click it to sign in.",resendText:"Resend link",spamText:"Didn't receive the email? Check your spam folder.",title:"Check your email"}},mfa:oT,"mfa-email":{"mfa-email":{buttonText:"Continue",codePlaceholder:"Enter code",description:"We sent a code to ${email}","invalid-code":"The code you entered is invalid",pageTitle:"Email Verification | ${clientName}",resendText:"Resend code",title:"Check your email"}},"mfa-otp":{"mfa-otp":{buttonText:"Continue",codePlaceholder:"Enter code",description:"Enter the 6-digit code from your authenticator app","invalid-code":"The code you entered is invalid",pageTitle:"Enter Code | ${clientName}",title:"Enter your code"},"mfa-totp-enrollment":{title:"Set up authenticator",description:"Scan the QR code below with your authenticator app, then enter the 6-digit code to verify",secretLabel:"Or enter this code manually:",codePlaceholder:"Enter code",continueButtonText:"Verify & Activate","invalid-code":"The code you entered is invalid. Please try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.",unexpectedError:"Something went wrong. Please try again.",pageTitle:"Set up Authenticator | ${clientName}",enrollmentComplete:"MFA enrollment is complete. You can close this page."},"mfa-totp-challenge":{title:"Verify your identity",description:"Enter the 6-digit code from your authenticator app",codePlaceholder:"Enter code",continueButtonText:"Continue","invalid-code":"The code you entered is invalid","transaction-not-found":"Your enrollment transaction expired, you will need to start again.",unexpectedError:"Something went wrong. Please try again.",pageTitle:"Verify Identity | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Use your phone number to log in | ${clientName}",title:"Verify Your Identity",description:"We sent a code to ${phoneNumber}",continueButtonText:"Continue",changePhoneText:"Choose another phone number.",smsButtonText:"Text message",voiceButtonText:"Voice call",chooseMessageTypeText:"How do you want to receive the code?",pickAuthenticatorText:"Try another method",logoAltText:"${companyName}",codePlaceholder:"Enter code","send-sms-failed":"There was a problem sending the SMS","send-voice-failed":"There was a problem making the voice call","invalid-phone-format":"Phone number can only include digits.","invalid-phone":"It seems that your phone number is not valid. Please check and retry.","too-many-sms":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","too-many-voice":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.","no-phone":"Please enter a phone number",noCode:"Please enter the verification code",invalidCode:"The code you entered is invalid. Please try again.",unexpectedError:"Something went wrong. Please try again.",resendSuccess:"We sent a new code to your phone",enrollmentComplete:"MFA enrollment is complete. You can close this page."},"mfa-phone-enrollment":{pageTitle:"Enter your phone number to log in using a phone code | ${clientName}",title:"Secure Your Account",description:"Enter your country code and phone number to which we can send a 6-digit code:",continueButtonText:"Continue",smsButtonText:"Text message",voiceButtonText:"Voice call",chooseMessageTypeText:"How do you want to receive the code?",pickAuthenticatorText:"Try another method",placeholder:"Enter your phone number",logoAltText:"${companyName}",selectCountryCode:"Select country code, currently set to ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"There was a problem sending the SMS","send-voice-failed":"There was a problem making the voice call","sms-authenticator-error":"We couldn't send the SMS. Please try again later.","invalid-phone-format":"Phone number can only include digits.","invalid-phone":"It seems that your phone number is not valid. Please check and retry.","too-many-sms":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","too-many-voice":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.","no-phone":"Please enter a phone number","phone-is-too-short":"Phone number is too short","phone-is-too-long":"Phone number is too long"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Choose Verification Method | ${clientName}",title:"Choose your verification method",description:"Select how you'd like to verify your identity",authenticatorAppLabel:"Authenticator App",authenticatorAppDescription:"Use your authenticator app to get a verification code",smsLabel:"Text Message",smsDescription:"Get a verification code sent to your phone",passkeyLabel:"Passkey",passkeyDescription:"Use your device's biometrics or security key"}},"mfa-push":{"mfa-push":{description:"We sent a notification to your device",pageTitle:"Push Notification | ${clientName}",resendText:"Resend notification",title:"Approve the request",useCodeText:"Enter code manually"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Continue",codePlaceholder:"Recovery code",description:"Enter one of your recovery codes","invalid-code":"The recovery code you entered is invalid",pageTitle:"Recovery Code | ${clientName}",title:"Enter recovery code"}},"mfa-voice":{"mfa-voice":{buttonText:"Call me",codePlaceholder:"Enter code",description:"We will call ${phoneNumber} with your code","invalid-code":"The code you entered is invalid",pageTitle:"Voice Call | ${clientName}",title:"Receive a phone call"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Try again",description:"Insert your security key and follow the instructions",pageTitle:"Security Key | ${clientName}",title:"Use your security key"}},passkeys:sT,organizations:aT,"reset-password":{"reset-password":{backToLoginText:"Back to login",buttonText:"Continue",codeExpired:"Your password reset code has expired. Please request a new one.",confirmPasswordLabel:"Confirm Password",confirmPasswordPlaceholder:"Confirm password",description:"Enter your email to reset your password",emailPlaceholder:"Email address",failed:"Password reset failed. Please try again.","invalid-email-format":"Email is not valid.","no-email":"Please enter an email address",pageTitle:"Reset Password | ${clientName}",passwordLabel:"New Password",passwordPlaceholder:"New password",passwordTooWeak:"Password is too weak",passwordsDidntMatch:"Passwords don't match",successDescription:"We have sent a password reset link to your email address.",successTitle:"Check your email",title:"Forgot your password?","user-not-found":"User not found"},"reset-password-code":{backToLoginText:"Back to login",buttonText:"Reset Password",codeLabel:"Reset Code",codePlaceholder:"Enter 6-digit code",confirmPasswordLabel:"Confirm Password",confirmPasswordPlaceholder:"Confirm password",defaultDescription:"Enter the code sent to your email and choose a new password",description:"We sent a code to ${email}",failed:"Password reset failed. Please try again.",invalidCode:"The code you entered is invalid or has expired",noCode:"Please enter the reset code",pageTitle:"Enter Reset Code | ${clientName}",passwordLabel:"New Password",passwordPlaceholder:"New password",passwordTooWeak:"Password is too weak",passwordsDidntMatch:"Passwords don't match",resendFailed:"Failed to resend the code. Please try again.",resendSuccess:"A new code has been sent to your email",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Enter reset code"}},signup:cT,"signup-id":{"signup-id":{buttonText:"Continue",description:"Sign up to continue","email-already-exists":"This email is already registered",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}","invalid-email-format":"Email is not valid.",loginActionLinkText:"Log in",loginActionText:"Already have an account?","no-email":"Please enter an email address",pageTitle:"Sign up | ${clientName}",phonePlaceholder:"Phone number",separatorText:"Or",title:"Create your account",usernamePlaceholder:"Username"}},"signup-password":{"signup-password":{buttonText:"Continue",description:"Sign up to continue",hidePasswordText:"Hide password","no-password":"Password is required",pageTitle:"Sign up | ${clientName}","password-policy-not-met":"Password does not meet the requirements","password-too-weak":"Password is too weak",passwordPlaceholder:"Password",showPasswordText:"Show password",title:"Create your password"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Continue",codeLabel:"Verification Code",codePlaceholder:"Enter code",defaultDescription:"Enter the verification code sent to your phone",description:"We sent a code to ${username}","invalid-code":"The code you entered is invalid",noCode:"Please enter the verification code",pageTitle:"Enter Code | ${clientName}",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Check your phone",unexpectedError:"An unexpected error occurred"}},status:lT},AO=Object.freeze(Object.defineProperty({__proto__:null,common:tT,consent:nT,default:vO,invitation:iT,login:rT,mfa:oT,organizations:aT,passkeys:sT,signup:cT,status:lT},Symbol.toStringTag,{value:"Module"})),dT={common:{alertListTitle:"Ilmoitukset",backText:"Palaa takaisin",cancelText:"Palaa takaisin",closeText:"Sulje",contactSupportText:"Tarvitsetko apua?",continueText:"Jatka",copyrightText:"© ${currentYear} ${companyName}",errorText:"Jokin meni pieleen. Yritä uudelleen.",hidePasswordText:"Piilota salasana",loadingText:"Ladataan...",orText:"tai",privacyPolicyText:"Tietosuojakäytäntö",showPasswordText:"Näytä salasana",termsOfServiceText:"Käyttöehdot",termsShortText:"Ehdot",tryAgainText:"Yritä uudelleen"}},uT={consent:{buttonText:"Hyväksy",cancelButtonText:"Hylkää",description:"${clientName} pyytää pääsyä tilillesi",pageTitle:"Valtuuta | ${clientName}",scopesTitle:"Tämä sallii sovelluksen ${clientName}:",title:"Valtuuta ${clientName}"}},pT={invitation:{acceptButtonText:"Hyväksy kutsu",description:"${inviterName} on kutsunut sinut liittymään organisaatioon ${organizationName} palvelussa ${clientName}",pageTitle:"Kutsu | ${clientName}",title:"Sinut on kutsuttu"}},fT={login:{alertListTitle:"Ilmoitukset",buttonText:"Jatka",description:"Kirjaudu sisään ${clientName}.",editEmailText:"Muokkaa",emailPlaceholder:"Sähköpostiosoite",enterACodeBtn:"Kirjaudu koodilla",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",footerLinkText:"Rekisteröidy",footerText:"Eikö sinulla ole tiliä?",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana",invalidEmail:"Virheellinen sähköpostiosoite",invalidIdentifier:"Virheellinen sähköpostiosoite tai käyttäjänimi",invitationDescription:"Kirjaudu sisään hyväksyäksesi käyttäjän ${inviterName} kutsun liittyä palveluun ${companyName} sovelluksessa ${clientName}.",invitationTitle:"Sinut on kutsuttu!",logoAltText:"${companyName}","no-email":"Sähköpostiosoite vaaditaan","no-password":"Salasana vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}",passwordLoginNotAvailable:"Salasanakirjautuminen ei ole käytettävissä",passwordPlaceholder:"Salasana",phonePlaceholder:"Puhelinnumero",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",signupActionLinkText:"Rekisteröidy",signupActionText:"Eikö sinulla ole tiliä?",title:"Tervetuloa",tooManyFailedLogins:"Liian monta epäonnistunutta kirjautumisyritystä. Yritä myöhemmin uudelleen.",unverifiedEmail:"Vahvista sähköpostiosoitteesi ennen kirjautumista",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa",usernamePlaceholder:"Käyttäjänimi tai sähköpostiosoite",usernameTooLong:"Käyttäjänimen on oltava enintään ${max} merkkiä",usernameTooShort:"Käyttäjänimen on oltava vähintään ${min} merkkiä",wrongCredentials:"Väärä käyttäjänimi tai salasana",passkeyButtonText:"Kirjaudu sisään passkey:llä"}},hT={mfa:{backupCodeText:"Käytä varakoodia",description:"Valitse vahvistusmenetelmä",pageTitle:"Monivaiheinen tunnistautuminen | ${clientName}",title:"Vahvista henkilöllisyytesi"}},gT={"passkey-enrollment-nudge":{title:"Suojaa tilisi tunnistautumisavaimella",description:"Tunnistautumisavaimet käyttävät laitteesi biometriikkaa tai PIN-koodia kirjautuaksesi nopeammin ja turvallisemmin.",enrollButtonText:"Määritä tunnistautumisavain",snoozeButtonText:"Ehkä myöhemmin",optOutLinkText:"Älä näytä tätä uudelleen",pageTitle:"Määritä Tunnistautumisavain | ${clientName}"},"passkey-enrollment":{title:"Luo tunnistautumisavain",description:"Seuraa selaimesi ohjeita luodaksesi tunnistautumisavaimen tälle tilille.",errorMessage:"Tunnistautumisavaimen luominen epäonnistui. Yritä uudelleen.",cancelLinkText:"Ohita toistaiseksi",retryButtonText:"Yritä uudelleen",enrollmentComplete:"Tunnistautumisavaimesi on määritetty onnistuneesti. Voit sulkea tämän sivun.",pageTitle:"Luo Tunnistautumisavain | ${clientName}"},"passkey-challenge":{title:"Kirjaudu sisään passkey:llä",description:"Noudata selaimesi ohjeita henkilöllisyytesi vahvistamiseksi.",errorMessage:"Passkey-todennus epäonnistui. Yritä uudelleen.",cancelLinkText:"Takaisin kirjautumiseen",retryButtonText:"Yritä uudelleen",pageTitle:"Kirjaudu sisään passkey:llä | ${clientName}"}},mT={organizations:{description:"Valitse organisaatio, johon haluat kirjautua",pageTitle:"Valitse organisaatio | ${clientName}",searchPlaceholder:"Hae organisaatioita",title:"Valitse organisaatiosi"}},yT={signup:{buttonText:"Rekisteröityminen",confirmPasswordPlaceholder:"Vahvista salasana",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.","email-already-exists":"Sähköposti on jo varattu",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",hidePasswordText:"Piilota salasana","invalid-email-format":"Virheellinen sähköpostiosoite",loginActionLinkText:"Kirjaudu sisään",loginActionText:"Onko sinulla jo tili?","no-email":"Sähköpostiosoite vaaditaan","no-password":"Salasana vaaditaan","no-username":"Käyttäjänimi vaaditaan",pageTitle:"Rekisteröidy | ${clientName}",passwordPlaceholder:"Salasana",passwordsDidntMatch:"Salasanat eivät täsmää",phonePlaceholder:"Puhelinnumero",privacyPolicyLinkText:"Tietosuojakäytäntö",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",termsOfServiceLinkText:"Käyttöehdot",termsText:"Rekisteröitymällä hyväksyt",title:"Valitse salasana","username-already-exists":"Tämä käyttäjänimi on jo varattu",usernamePlaceholder:"Käyttäjänimi",verifyEmailText:"Tarkista sähköpostisi vahvistaaksesi tilisi"}},_T={status:{continueButtonText:"Jatka",errorTitle:"Virhe",pageTitle:"Tila | ${clientName}",successTitle:"Onnistui",title:"Tila"}},kO={common:dT,consent:uT,"device-flow":{"device-flow":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Syötä laitteessasi näkyvä koodi","expired-code":"Koodi on vanhentunut","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Laitteen aktivointi | ${clientName}",title:"Aktivoi laitteesi"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Kirjaudu sisään",codeLabel:"Vahvistuskoodi",codePlaceholder:"Syötä koodi",defaultDescription:"Syötä sähköpostiisi lähetetty vahvistuskoodi",description:"Lähetimme koodin osoitteeseen ${email}","invalid-code":"Virheellinen koodi",noCode:"Syötä vahvistuskoodi",pageTitle:"Syötä koodi | ${clientName}",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Tarkista sähköpostisi",unexpectedError:"Odottamaton virhe tapahtui"}},"email-verification":{"email-verification":{description:"Lähetimme sähköpostin osoitteeseen ${email}",pageTitle:"Vahvista sähköposti | ${clientName}",resendText:"Lähetä koodi uudelleen",successDescription:"Sähköpostiosoitteesi on vahvistettu onnistuneesti.",successTitle:"Sähköposti vahvistettu",title:"Vahvista sähköpostiosoitteesi"}},invitation:pT,login:fT,"login-id":{"login-id":{alertListTitle:"Ilmoitukset","auth0-users-validation":"Jokin meni pieleen, yritä myöhemmin uudelleen","authentication-failure":"Valitettavasti jokin meni pieleen kirjautumisyrityksen aikana",buttonText:"Jatka","captcha-client-failure":"Turvatarkistuksen lataaminen epäonnistui. Yritä uudelleen. (Virhekoodi: #{errorCode})","captcha-validation-failure":"Valitettavasti jokin meni pieleen captcha-vastauksen tarkistuksessa. Yritä uudelleen.",captchaCodePlaceholder:"Syötä yllä näkyvä koodi","custom-script-error-code":"Jokin meni pieleen, yritä myöhemmin uudelleen.",description:"Kirjaudu sisään ${clientName}.",editEmailText:"Muokkaa",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",footerLinkText:"Rekisteröidy",footerText:"Eikö sinulla ole tiliä?",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana","invalid-captcha":"Ratkaise haaste varmistaaksesi, ettet ole robotti.","invalid-code":"Virheellinen koodi","invalid-connection":"Virheellinen yhteys","invalid-email-format":"Virheellinen sähköpostiosoite","invalid-email-phone":"Syötä kelvollinen sähköpostiosoite tai puhelinnumero. Puhelinnumeron tulee sisältää maatunnus.","invalid-email-phone-username":"Syötä kelvollinen sähköpostiosoite, puhelinnumero tai käyttäjänimi. Puhelinnumeron tulee sisältää maatunnus.","invalid-email-username":"Syötä kelvollinen sähköpostiosoite tai käyttäjänimi","invalid-expired-code":"Virheellinen tai vanhentunut käyttäjäkoodi","invalid-login-id":"Virheellinen kirjautumistunnus","invalid-phone-username":"Syötä kelvollinen puhelinnumero tai käyttäjänimi. Puhelinnumeron tulee sisältää maatunnus.","invalid-recaptcha":"Valitse valintaruutu varmistaaksesi, ettet ole robotti.","invalid-username":"Käyttäjänimi voi sisältää vain aakkosnumeerisia merkkejä tai: '${characters}'. Käyttäjänimen tulee olla ${min}–${max} merkkiä.",invitationDescription:"Kirjaudu sisään hyväksyäksesi käyttäjän ${inviterName} kutsun liittyä palveluun ${companyName} sovelluksessa ${clientName}.",invitationTitle:"Sinut on kutsuttu!","ip-blocked":"Olemme havainneet epäilyttävää kirjautumiskäyttäytymistä ja lisäyritykset estetään. Ota yhteyttä ylläpitäjään.",logoAltText:"${companyName}","no-db-connection":"Virheellinen yhteys","no-email":"Sähköpostiosoite vaaditaan","no-email-phone":"Sähköpostiosoite tai puhelinnumero vaaditaan","no-email-phone-username":"Puhelinnumero, käyttäjänimi tai sähköpostiosoite vaaditaan","no-email-username":"Sähköpostiosoite tai käyttäjänimi vaaditaan","no-password":"Salasana vaaditaan","no-phone":"Syötä puhelinnumero","no-phone-username":"Puhelinnumero tai käyttäjänimi vaaditaan","no-username":"Käyttäjänimi vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}","password-breached":"Olemme havainneet mahdollisen tietoturvaongelman tässä tilissä. Tilisi suojaamiseksi olemme estäneet tämän kirjautumisen. Vaihda salasanasi jatkaaksesi.",passwordPlaceholder:"Salasana",phoneOrEmailPlaceholder:"Sähköposti tai puhelinnumero",phoneOrUsernameOrEmailPlaceholder:"Puhelin, käyttäjänimi tai sähköposti",phoneOrUsernamePlaceholder:"Puhelinnumero tai käyttäjänimi",phonePlaceholder:"Puhelinnumero","same-user-login":"Liian monta kirjautumisyritystä tälle käyttäjälle. Odota hetki ja yritä myöhemmin uudelleen.",selectCountryCode:"Valitse maakoodi, tällä hetkellä ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",signupActionLinkText:"Rekisteröidy",signupActionText:"Eikö sinulla ole tiliä?",termsAndConditionsTemplate:'Jatkamalla hyväksyt <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Käyttöehdot</a>.',title:"Tervetuloa","user-blocked":"Tilisi on estetty useiden peräkkäisten kirjautumisyritysten jälkeen.",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa",usernameOnlyPlaceholder:"Käyttäjänimi",usernameOrEmailPlaceholder:"Käyttäjänimi tai sähköpostiosoite",usernamePlaceholder:"Käyttäjänimi",usernameTooLong:"Käyttäjänimen on oltava enintään ${max} merkkiä",usernameTooShort:"Käyttäjänimen on oltava vähintään ${min} merkkiä","wrong-credentials":"Väärä käyttäjänimi tai salasana","wrong-email-credentials":"Väärä sähköpostiosoite tai salasana","wrong-email-phone-credentials":"Virheellinen sähköpostiosoite, puhelinnumero tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-email-phone-username-credentials":"Virheellinen sähköpostiosoite, puhelinnumero, käyttäjänimi tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-email-username-credentials":"Virheellinen sähköpostiosoite, käyttäjänimi tai salasana","wrong-phone-credentials":"Virheellinen puhelinnumero tai salasana","wrong-phone-username-credentials":"Virheellinen puhelinnumero, käyttäjänimi tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-username-credentials":"Virheellinen käyttäjänimi tai salasana",passkeyButtonText:"Kirjaudu sisään passkey:llä"}},"login-password":{"login-password":{buttonText:"Kirjaudu sisään",description:"Anna sähköpostiosoitteesi ja salasanasi kirjautuaksesi sisään.",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana","no-password":"Salasana vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}","password-breached":"Olemme havainneet mahdollisen tietoturvaongelman tässä tilissä. Tilisi suojaamiseksi olemme estäneet tämän kirjautumisen. Vaihda salasanasi jatkaaksesi.",passwordPlaceholder:"Salasana",showPasswordText:"Näytä salasana",signingInAs:"Kirjaudutaan käyttäjänä ${email}",title:"Anna salasana",unverifiedEmail:"Vahvista sähköpostiosoitteesi ennen kirjautumista","user-blocked":"Tilisi on estetty useiden peräkkäisten kirjautumisyritysten jälkeen.","wrong-credentials":"Väärä salasana"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"sähköposti",authMethodEmailOrPhone:"sähköposti tai puhelinnumero",authMethodPhone:"puhelinnumero",description:"Kirjaudu sisään käyttämällä ${authMethod}",emailOrPhonePlaceholder:"Sähköpostiosoite tai puhelinnumero",emailPlaceholder:"Sähköpostiosoite",invalidEmail:"Syötä kelvollinen sähköpostiosoite",invalidIdentifier:"Syötä kelvollinen sähköpostiosoite tai puhelinnumero",invalidPhone:"Syötä kelvollinen puhelinnumero maatunnuksella",noEmail:"Syötä sähköpostiosoitteesi",noPhone:"Syötä puhelinnumerosi",phonePlaceholder:"Puhelinnumero",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Kirjaudu koodilla",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Napsauta sähköpostissasi olevaa linkkiä kirjautuaksesi sisään",description:"Lähetimme linkin osoitteeseen ${username}. Napsauta sitä kirjautuaksesi.",resendText:"Lähetä linkki uudelleen",spamText:"Etkö saanut sähköpostia? Tarkista roskapostikansiosi.",title:"Tarkista sähköpostisi"}},mfa:hT,"mfa-email":{"mfa-email":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Lähetimme koodin osoitteeseen ${email}","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Sähköpostivahvistus | ${clientName}",resendText:"Lähetä koodi uudelleen",title:"Tarkista sähköpostisi"}},"mfa-otp":{"mfa-otp":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Syötä 6-numeroinen koodi todentajasovelluksestasi","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Syötä koodi | ${clientName}",title:"Syötä koodisi"},"mfa-totp-enrollment":{title:"Ota todentajasovellus käyttöön",description:"Skannaa alla oleva QR-koodi todentajasovelluksellasi ja syötä sitten 6-numeroinen koodi vahvistaaksesi",secretLabel:"Tai syötä tämä koodi manuaalisesti:",codePlaceholder:"Syötä koodi",continueButtonText:"Vahvista ja aktivoi","invalid-code":"Syöttämäsi koodi on virheellinen. Yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.",pageTitle:"Ota todentaja käyttöön | ${clientName}",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",enrollmentComplete:"MFA-rekisteröinti on valmis. Voit sulkea tämän sivun."},"mfa-totp-challenge":{title:"Vahvista henkilöllisyytesi",description:"Syötä 6-numeroinen koodi todentajasovelluksestasi",codePlaceholder:"Syötä koodi",continueButtonText:"Jatka","invalid-code":"Syöttämäsi koodi on virheellinen","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",pageTitle:"Vahvista henkilöllisyys | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Käytä puhelinnumeroasi kirjautumiseen | ${clientName}",title:"Vahvista henkilöllisyytesi",description:"Lähetimme koodin numeroon ${phoneNumber}",continueButtonText:"Jatka",changePhoneText:"Valitse toinen puhelinnumero.",smsButtonText:"Tekstiviesti",voiceButtonText:"Äänipuhelu",chooseMessageTypeText:"Miten haluat vastaanottaa koodin?",pickAuthenticatorText:"Kokeile toista menetelmää",logoAltText:"${companyName}",codePlaceholder:"Syötä koodi","send-sms-failed":"Tekstiviestin lähettämisessä oli ongelma","send-voice-failed":"Äänipuhelun soittamisessa oli ongelma","invalid-phone-format":"Puhelinnumero voi sisältää vain numeroita.","invalid-phone":"Puhelinnumerosi ei vaikuta olevan kelvollinen. Tarkista ja yritä uudelleen.","too-many-sms":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","too-many-voice":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.","no-phone":"Syötä puhelinnumero",noCode:"Syötä vahvistuskoodi",invalidCode:"Antamasi koodi on virheellinen. Yritä uudelleen.",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",resendSuccess:"Lähetimme uuden koodin puhelimeesi",enrollmentComplete:"MFA-rekisteröinti on valmis. Voit sulkea tämän sivun."},"mfa-phone-enrollment":{pageTitle:"Syötä puhelinnumerosi kirjautuaksesi puhelinkoodilla | ${clientName}",title:"Suojaa tilisi",description:"Syötä maakoodisi ja puhelinnumero, johon voimme lähettää 6-numeroisen koodin:",continueButtonText:"Jatka",smsButtonText:"Tekstiviesti",voiceButtonText:"Äänipuhelu",chooseMessageTypeText:"Miten haluat vastaanottaa koodin?",pickAuthenticatorText:"Kokeile toista menetelmää",placeholder:"Syötä puhelinnumerosi",logoAltText:"${companyName}",selectCountryCode:"Valitse maakoodi, tällä hetkellä asetettu ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Tekstiviestin lähettämisessä oli ongelma","send-voice-failed":"Äänipuhelun soittamisessa oli ongelma","sms-authenticator-error":"Emme pystyneet lähettämään tekstiviestiä. Yritä myöhemmin uudelleen.","invalid-phone-format":"Puhelinnumero voi sisältää vain numeroita.","invalid-phone":"Puhelinnumerosi ei vaikuta olevan kelvollinen. Tarkista ja yritä uudelleen.","too-many-sms":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","too-many-voice":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.","no-phone":"Syötä puhelinnumero","phone-is-too-short":"Puhelinnumero on liian lyhyt","phone-is-too-long":"Puhelinnumero on liian pitkä"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Valitse vahvistusmenetelmä | ${clientName}",title:"Valitse vahvistusmenetelmä",description:"Valitse, miten haluat vahvistaa henkilöllisyytesi",authenticatorAppLabel:"Todennussovellus",authenticatorAppDescription:"Käytä todennussovellusta vahvistuskoodin saamiseksi",smsLabel:"Tekstiviesti",smsDescription:"Saat vahvistuskoodin puhelimeesi tekstiviestillä",passkeyLabel:"Tunnistautumisavain",passkeyDescription:"Käytä laitteesi biometriikkaa tai suojausavainta"}},"mfa-push":{"mfa-push":{description:"Lähetimme ilmoituksen laitteellesi",pageTitle:"Push-ilmoitus | ${clientName}",resendText:"Lähetä ilmoitus uudelleen",title:"Hyväksy pyyntö",useCodeText:"Syötä koodi manuaalisesti"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Jatka",codePlaceholder:"Palautuskoodi",description:"Syötä yksi palautuskoodeistasi","invalid-code":"Syöttämäsi palautuskoodi on virheellinen",pageTitle:"Palautuskoodi | ${clientName}",title:"Syötä palautuskoodi"}},"mfa-voice":{"mfa-voice":{buttonText:"Soita minulle",codePlaceholder:"Syötä koodi",description:"Soitamme numeroon ${phoneNumber} ja kerromme koodisi","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Äänipuhelu | ${clientName}",title:"Vastaanota puhelu"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Yritä uudelleen",description:"Aseta turva-avaimesi ja seuraa ohjeita",pageTitle:"Turva-avain | ${clientName}",title:"Käytä turva-avaintasi"}},passkeys:gT,organizations:mT,"reset-password":{"reset-password":{backToLoginText:"Palaa takaisin",buttonText:"Lähetä salasanan palautussähköposti",codeExpired:"Salasanan palautuskoodisi on vanhentunut. Pyydä uusi koodi.",confirmPasswordLabel:"Vahvista salasana",confirmPasswordPlaceholder:"Vahvista salasana",description:"Napsauta alla olevaa painiketta, niin lähetämme ohjeet salasanasi palauttamiseen.",emailPlaceholder:"Sähköpostiosoite",failed:"Salasanan vaihto epäonnistui. Yritä uudelleen.","invalid-email-format":"Virheellinen sähköpostiosoite","no-email":"Sähköpostiosoite vaaditaan",pageTitle:"Vaihda salasana | ${clientName}",passwordLabel:"Uusi salasana",passwordPlaceholder:"Uusi salasana",passwordTooWeak:"Salasana on liian heikko",passwordsDidntMatch:"Salasanat eivät täsmää",successDescription:"Olemme lähettäneet salasanan palautuslinkin sähköpostiosoitteeseesi.",successTitle:"Salasanan palautussähköposti lähetetty",title:"Unohditko salasanan?","user-not-found":"Käyttäjää ei löytynyt"},"reset-password-code":{backToLoginText:"Takaisin kirjautumiseen",buttonText:"Vaihda salasana",codeLabel:"Palautuskoodi",codePlaceholder:"Syötä 6-numeroinen koodi",confirmPasswordLabel:"Vahvista salasana",confirmPasswordPlaceholder:"Vahvista salasana",defaultDescription:"Syötä sähköpostiisi lähetetty koodi ja valitse uusi salasana",description:"Lähetimme koodin osoitteeseen ${email}",failed:"Salasanan vaihto epäonnistui. Yritä uudelleen.",invalidCode:"Syöttämäsi koodi on virheellinen tai vanhentunut",noCode:"Syötä palautuskoodi",pageTitle:"Syötä palautuskoodi | ${clientName}",passwordLabel:"Uusi salasana",passwordPlaceholder:"Uusi salasana",passwordTooWeak:"Salasana on liian heikko",passwordsDidntMatch:"Salasanat eivät täsmää",resendFailed:"Koodin uudelleenlähetys epäonnistui. Yritä uudelleen.",resendSuccess:"Uusi koodi on lähetetty sähköpostiisi",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Syötä palautuskoodi"}},signup:yT,"signup-id":{"signup-id":{buttonText:"Jatka",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.","email-already-exists":"Sähköposti on jo varattu",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}","invalid-email-format":"Virheellinen sähköpostiosoite",loginActionLinkText:"Kirjaudu sisään",loginActionText:"Onko sinulla jo tili?","no-email":"Sähköpostiosoite vaaditaan",pageTitle:"Rekisteröidy | ${clientName}",phonePlaceholder:"Puhelinnumero",separatorText:"tai",title:"Valitse salasana",usernamePlaceholder:"Käyttäjänimi"}},"signup-password":{"signup-password":{buttonText:"Jatka",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.",hidePasswordText:"Piilota salasana","no-password":"Salasana vaaditaan",pageTitle:"Rekisteröidy | ${clientName}","password-policy-not-met":"Salasana ei täytä vaatimuksia","password-too-weak":"Salasana on liian heikko",passwordPlaceholder:"Salasana",showPasswordText:"Näytä salasana",title:"Valitse salasana"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Jatka",codeLabel:"Vahvistuskoodi",codePlaceholder:"Syötä koodi",defaultDescription:"Syötä puhelimeesi lähetetty vahvistuskoodi",description:"Lähetimme koodin käyttäjälle ${username}","invalid-code":"Virheellinen koodi",noCode:"Syötä vahvistuskoodi",pageTitle:"Syötä koodi | ${clientName}",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Tarkista puhelimesi",unexpectedError:"Odottamaton virhe tapahtui"}},status:_T},SO=Object.freeze(Object.defineProperty({__proto__:null,common:dT,consent:uT,default:kO,invitation:pT,login:fT,mfa:hT,organizations:mT,passkeys:gT,signup:yT,status:_T},Symbol.toStringTag,{value:"Module"})),wT={common:{alertListTitle:"Avvisi",backText:"Torna indietro",cancelText:"Annulla",closeText:"Chiudi",contactSupportText:"Contatta l'assistenza",continueText:"Continua",copyrightText:"© ${currentYear} ${companyName}",errorText:"Si è verificato un errore",hidePasswordText:"Nascondi password",loadingText:"Caricamento...",orText:"o",privacyPolicyText:"Informativa sulla privacy",showPasswordText:"Mostra password",termsOfServiceText:"Termini di servizio",termsShortText:"Termini",tryAgainText:"Riprova"}},bT={consent:{buttonText:"Accetta",cancelButtonText:"Rifiuta",description:"${clientName} richiede l'accesso al tuo account",pageTitle:"Autorizza | ${clientName}",scopesTitle:"Questo permetterà a ${clientName} di:",title:"Autorizza ${clientName}"}},vT={invitation:{acceptButtonText:"Accetta invito",description:"${inviterName} ti ha invitato a unirti a ${organizationName} su ${clientName}",pageTitle:"Invito | ${clientName}",title:"Sei stato invitato"}},AT={login:{alertListTitle:"Avvisi",buttonText:"Continua",description:"Accedi a ${clientName}.",editEmailText:"Modifica",emailPlaceholder:"Indirizzo e-mail",enterACodeBtn:"Accedi con un codice",federatedConnectionButtonText:"Continua con ${connectionName}",footerLinkText:"Iscriviti",footerText:"Non hai un account?",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password",invalidEmail:"Email non valida",invalidIdentifier:"Email o nome utente non valido",invitationDescription:"Accedi per accettare l'invito di ${inviterName} a unirti a ${companyName} su ${clientName}.",invitationTitle:"Sei stato invitato!",logoAltText:"${companyName}","no-email":"Inserisci un indirizzo email","no-password":"La password è obbligatoria",pageTitle:"Accedi | ${clientName}",passwordLoginNotAvailable:"L'autenticazione con password non è disponibile",passwordPlaceholder:"Password",phonePlaceholder:"Numero di telefono",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",signupActionLinkText:"Iscriviti",signupActionText:"Non hai un account?",title:"Benvenuto",tooManyFailedLogins:"Troppi tentativi di accesso falliti. Riprova più tardi.",unverifiedEmail:"Verifica il tuo indirizzo email prima di accedere",userAccountDoesNotExist:"L'account utente non esiste",usernamePlaceholder:"Nome utente o indirizzo email",usernameTooLong:"Il nome utente deve avere al massimo ${max} caratteri",usernameTooShort:"Il nome utente deve avere almeno ${min} caratteri",wrongCredentials:"Nome utente o password errati",passkeyButtonText:"Accedi con una passkey"}},kT={mfa:{backupCodeText:"Usa codice di backup",description:"Scegli un metodo di verifica",pageTitle:"Autenticazione a più fattori | ${clientName}",title:"Verifica la tua identità"}},ST={"passkey-enrollment-nudge":{title:"Proteggi il tuo account con una passkey",description:"Le passkey utilizzano la biometria o il PIN del tuo dispositivo per accedere più velocemente e in modo più sicuro.",enrollButtonText:"Configura passkey",snoozeButtonText:"Forse più tardi",optOutLinkText:"Non mostrare più",pageTitle:"Configura Passkey | ${clientName}"},"passkey-enrollment":{title:"Crea la tua passkey",description:"Segui le istruzioni del browser per creare una passkey per questo account.",errorMessage:"Creazione della passkey non riuscita. Riprova.",cancelLinkText:"Salta per ora",retryButtonText:"Riprova",enrollmentComplete:"La tua passkey è stata configurata con successo. Puoi chiudere questa pagina.",pageTitle:"Crea Passkey | ${clientName}"},"passkey-challenge":{title:"Accedi con passkey",description:"Segui le istruzioni del browser per verificare la tua identità.",errorMessage:"Autenticazione con passkey non riuscita. Riprova.",cancelLinkText:"Torna al login",retryButtonText:"Riprova",pageTitle:"Accedi con passkey | ${clientName}"}},ET={organizations:{description:"Scegli a quale organizzazione accedere",pageTitle:"Seleziona organizzazione | ${clientName}",searchPlaceholder:"Cerca organizzazioni",title:"Seleziona la tua organizzazione"}},xT={signup:{buttonText:"Iscriviti",confirmPasswordPlaceholder:"Conferma password",description:"Registrati per continuare","email-already-exists":"Questa email è già registrata",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}",hidePasswordText:"Nascondi password","invalid-email-format":"Email non valida",loginActionLinkText:"Accedi",loginActionText:"Hai già un account?","no-email":"Inserisci un indirizzo email","no-password":"La password è obbligatoria","no-username":"Il nome utente è obbligatorio",pageTitle:"Registrati | ${clientName}",passwordPlaceholder:"Password",passwordsDidntMatch:"Le password non corrispondono",phonePlaceholder:"Numero di telefono",privacyPolicyLinkText:"Informativa sulla privacy",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",termsOfServiceLinkText:"Termini di servizio",termsText:"Registrandoti, accetti i nostri",title:"Crea il tuo account","username-already-exists":"Questo nome utente è già in uso",usernamePlaceholder:"Nome utente",verifyEmailText:"Controlla la tua email per verificare il tuo account"}},CT={status:{continueButtonText:"Continua",errorTitle:"Errore",pageTitle:"Stato | ${clientName}",successTitle:"Operazione riuscita",title:"Stato"}},EO={common:wT,consent:bT,"device-flow":{"device-flow":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Inserisci il codice mostrato sul tuo dispositivo","expired-code":"Il codice è scaduto","invalid-code":"Il codice inserito non è valido",pageTitle:"Attivazione dispositivo | ${clientName}",title:"Attiva il tuo dispositivo"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Continua",codeLabel:"Codice di verifica",codePlaceholder:"Inserisci il codice",defaultDescription:"Inserisci il codice di verifica inviato alla tua email",description:"Abbiamo inviato un codice a ${email}","invalid-code":"Codice non valido",noCode:"Inserisci il codice di verifica",pageTitle:"Inserisci il codice | ${clientName}",resendText:"Reinvio del codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Controlla la tua email",unexpectedError:"Si è verificato un errore imprevisto"}},"email-verification":{"email-verification":{description:"Abbiamo inviato un'email a ${email}",pageTitle:"Verifica email | ${clientName}",resendText:"Reinvia email",successDescription:"La tua email è stata verificata con successo.",successTitle:"Email verificata",title:"Verificare l'e-mail"}},invitation:vT,login:AT,"login-id":{"login-id":{alertListTitle:"Avvisi","auth0-users-validation":"Qualcosa è andato storto, riprova più tardi","authentication-failure":"Siamo spiacenti, si è verificato un errore durante il tentativo di accesso",buttonText:"Continua","captcha-client-failure":"Non è stato possibile caricare la verifica di sicurezza. Riprova. (Codice errore: #{errorCode})","captcha-validation-failure":"Siamo spiacenti, si è verificato un errore durante la convalida della risposta captcha. Riprova.",captchaCodePlaceholder:"Inserisci il codice mostrato sopra","custom-script-error-code":"Qualcosa è andato storto, riprova più tardi.",description:"Accedi a ${clientName}.",editEmailText:"Modifica",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}",footerLinkText:"Iscriviti",footerText:"Non hai un account?",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password","invalid-captcha":"Risolvi la domanda di verifica per confermare che non sei un robot.","invalid-code":"Codice non valido","invalid-connection":"Connessione non valida","invalid-email-format":"Email non valida","invalid-email-phone":"Inserisci un indirizzo email o un numero di telefono valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-email-phone-username":"Inserisci un indirizzo email, un numero di telefono o un nome utente valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-email-username":"Inserisci un indirizzo email o un nome utente valido","invalid-expired-code":"Codice utente non valido o scaduto","invalid-login-id":"ID di accesso non valido","invalid-phone-username":"Inserisci un numero di telefono o un nome utente valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-recaptcha":"Seleziona la casella per confermare che non sei un robot.","invalid-username":"Il nome utente può contenere solo caratteri alfanumerici o: '${characters}'. Il nome utente deve avere tra ${min} e ${max} caratteri.",invitationDescription:"Accedi per accettare l'invito di ${inviterName} a unirti a ${companyName} su ${clientName}.",invitationTitle:"Sei stato invitato!","ip-blocked":"Abbiamo rilevato un comportamento di accesso sospetto e ulteriori tentativi saranno bloccati. Contatta l'amministratore.",logoAltText:"${companyName}","no-db-connection":"Connessione non valida","no-email":"Inserisci un indirizzo email","no-email-phone":"È richiesto un indirizzo email o un numero di telefono","no-email-phone-username":"È richiesto un numero di telefono, un nome utente o un indirizzo email","no-email-username":"È richiesto un indirizzo email o un nome utente","no-password":"La password è obbligatoria","no-phone":"Inserisci un numero di telefono","no-phone-username":"È richiesto un numero di telefono o un nome utente","no-username":"Il nome utente è obbligatorio",pageTitle:"Accedi | ${clientName}","password-breached":"Abbiamo rilevato un potenziale problema di sicurezza con questo account. Per proteggere il tuo account, abbiamo impedito questo accesso. Reimposta la password per procedere.",passwordPlaceholder:"Password",phoneOrEmailPlaceholder:"Indirizzo e-mail o numero di telefono",phoneOrUsernameOrEmailPlaceholder:"Telefono, nome utente o email",phoneOrUsernamePlaceholder:"Numero di telefono o nome utente",phonePlaceholder:"Numero di telefono","same-user-login":"Troppi tentativi di accesso per questo utente. Attendi e riprova più tardi.",selectCountryCode:"Seleziona prefisso paese, attualmente impostato su ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",signupActionLinkText:"Iscriviti",signupActionText:"Non hai un account?",termsAndConditionsTemplate:'Continuando, accetti i nostri <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Termini e condizioni</a>.',title:"Benvenuto","user-blocked":"Il tuo account è stato bloccato dopo diversi tentativi di accesso consecutivi.",userAccountDoesNotExist:"L'account utente non esiste",usernameOnlyPlaceholder:"Nome utente",usernameOrEmailPlaceholder:"Nome utente o indirizzo email",usernamePlaceholder:"Nome utente",usernameTooLong:"Il nome utente deve avere al massimo ${max} caratteri",usernameTooShort:"Il nome utente deve avere almeno ${min} caratteri","wrong-credentials":"Nome utente o password errati","wrong-email-credentials":"Email o password errati","wrong-email-phone-credentials":"Indirizzo email, numero di telefono o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-email-phone-username-credentials":"Indirizzo email, numero di telefono, nome utente o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-email-username-credentials":"Indirizzo email, nome utente o password errati","wrong-phone-credentials":"Numero di telefono o password errati","wrong-phone-username-credentials":"Numero di telefono, nome utente o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-username-credentials":"Nome utente o password errati",passkeyButtonText:"Accedi con una passkey"}},"login-password":{"login-password":{buttonText:"Accedi",description:"Accedi a ${clientName}",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password","no-password":"La password è obbligatoria",pageTitle:"Accedi | ${clientName}","password-breached":"Abbiamo rilevato un potenziale problema di sicurezza con questo account. Per proteggere il tuo account, abbiamo impedito questo accesso. Reimposta la password per procedere.",passwordPlaceholder:"Password",showPasswordText:"Mostra password",signingInAs:"Accesso come ${email}",title:"Inserire la password",unverifiedEmail:"Verifica il tuo indirizzo email prima di accedere","user-blocked":"Il tuo account è stato bloccato dopo diversi tentativi di accesso consecutivi.","wrong-credentials":"Password errata"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"email",authMethodEmailOrPhone:"email o numero di telefono",authMethodPhone:"numero di telefono",description:"Accedi usando il tuo ${authMethod}",emailOrPhonePlaceholder:"Indirizzo email o numero di telefono",emailPlaceholder:"Indirizzo e-mail",invalidEmail:"Inserisci un indirizzo email valido",invalidIdentifier:"Inserisci un indirizzo email o un numero di telefono valido",invalidPhone:"Inserisci un numero di telefono valido con il prefisso internazionale",noEmail:"Inserisci il tuo indirizzo email",noPhone:"Inserisci il tuo numero di telefono",phonePlaceholder:"Numero di telefono",sessionExpired:"La sessione è scaduta. Riprova.",title:"Accedi con un codice",userAccountDoesNotExist:"L'account utente non esiste"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Clicca il link nella tua email per accedere",description:"Abbiamo inviato un link a ${username}. Cliccalo per accedere.",resendText:"Reinvia link",spamText:"Non hai ricevuto l'email? Controlla la cartella spam.",title:"Controlla la tua email"}},mfa:kT,"mfa-email":{"mfa-email":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Abbiamo inviato un codice a ${email}","invalid-code":"Il codice inserito non è valido",pageTitle:"Verifica email | ${clientName}",resendText:"Reinvia codice",title:"Controlla la tua email"}},"mfa-otp":{"mfa-otp":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Inserisci il codice a 6 cifre dalla tua app di autenticazione","invalid-code":"Il codice inserito non è valido",pageTitle:"Inserisci il codice | ${clientName}",title:"Inserisci il tuo codice"},"mfa-totp-enrollment":{title:"Configura l'autenticatore",description:"Scansiona il codice QR qui sotto con la tua app di autenticazione, poi inserisci il codice a 6 cifre per verificare",secretLabel:"Oppure inserisci questo codice manualmente:",codePlaceholder:"Inserisci il codice",continueButtonText:"Verifica e attiva","invalid-code":"Il codice inserito non è valido. Riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.",pageTitle:"Configura autenticatore | ${clientName}",unexpectedError:"Qualcosa è andato storto. Riprova.",enrollmentComplete:"La registrazione MFA è completata. Puoi chiudere questa pagina."},"mfa-totp-challenge":{title:"Verifica la tua identità",description:"Inserisci il codice a 6 cifre dalla tua app di autenticazione",codePlaceholder:"Inserisci il codice",continueButtonText:"Continua","invalid-code":"Il codice inserito non è valido","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.",unexpectedError:"Qualcosa è andato storto. Riprova.",pageTitle:"Verifica identità | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Usa il tuo numero di telefono per accedere | ${clientName}",title:"Verifica la tua identità",description:"Abbiamo inviato un codice a ${phoneNumber}",continueButtonText:"Continua",changePhoneText:"Scegli un altro numero di telefono.",smsButtonText:"Messaggio di testo",voiceButtonText:"Chiamata vocale",chooseMessageTypeText:"Come vuoi ricevere il codice?",pickAuthenticatorText:"Prova un altro metodo",logoAltText:"${companyName}",codePlaceholder:"Inserisci il codice","send-sms-failed":"Si è verificato un problema nell'invio dell'SMS","send-voice-failed":"Si è verificato un problema nell'effettuare la chiamata vocale","invalid-phone-format":"Il numero di telefono può contenere solo cifre.","invalid-phone":"Sembra che il tuo numero di telefono non sia valido. Controlla e riprova.","too-many-sms":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","too-many-voice":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.","no-phone":"Inserisci un numero di telefono",noCode:"Inserisci il codice di verifica",invalidCode:"Il codice inserito non è valido. Riprova.",unexpectedError:"Qualcosa è andato storto. Riprova.",resendSuccess:"Abbiamo inviato un nuovo codice al tuo telefono",enrollmentComplete:"La registrazione MFA è completata. Puoi chiudere questa pagina."},"mfa-phone-enrollment":{pageTitle:"Inserisci il tuo numero di telefono per accedere con un codice telefonico | ${clientName}",title:"Proteggi il tuo account",description:"Inserisci il prefisso del paese e il numero di telefono a cui possiamo inviare un codice a 6 cifre:",continueButtonText:"Continua",smsButtonText:"Messaggio di testo",voiceButtonText:"Chiamata vocale",chooseMessageTypeText:"Come vuoi ricevere il codice?",pickAuthenticatorText:"Prova un altro metodo",placeholder:"Inserisci il tuo numero di telefono",logoAltText:"${companyName}",selectCountryCode:"Seleziona prefisso paese, attualmente impostato su ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Si è verificato un problema nell'invio dell'SMS","send-voice-failed":"Si è verificato un problema nell'effettuare la chiamata vocale","sms-authenticator-error":"Non siamo riusciti a inviare l'SMS. Riprova più tardi.","invalid-phone-format":"Il numero di telefono può contenere solo cifre.","invalid-phone":"Sembra che il tuo numero di telefono non sia valido. Controlla e riprova.","too-many-sms":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","too-many-voice":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.","no-phone":"Inserisci un numero di telefono","phone-is-too-short":"Il numero di telefono è troppo corto","phone-is-too-long":"Il numero di telefono è troppo lungo"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Scegli il metodo di verifica | ${clientName}",title:"Scegli il metodo di verifica",description:"Seleziona come vuoi verificare la tua identità",authenticatorAppLabel:"App di autenticazione",authenticatorAppDescription:"Usa la tua app di autenticazione per ottenere un codice di verifica",smsLabel:"Messaggio di testo",smsDescription:"Ricevi un codice di verifica inviato al tuo telefono",passkeyLabel:"Passkey",passkeyDescription:"Usa la biometria del tuo dispositivo o una chiave di sicurezza"}},"mfa-push":{"mfa-push":{description:"Abbiamo inviato una notifica al tuo dispositivo",pageTitle:"Notifica push | ${clientName}",resendText:"Reinvia notifica",title:"Approva la richiesta",useCodeText:"Inserisci il codice manualmente"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Continua",codePlaceholder:"Codice di recupero",description:"Inserisci uno dei tuoi codici di recupero","invalid-code":"Il codice di recupero inserito non è valido",pageTitle:"Codice di recupero | ${clientName}",title:"Inserisci il codice di recupero"}},"mfa-voice":{"mfa-voice":{buttonText:"Chiamami",codePlaceholder:"Inserisci il codice",description:"Chiameremo ${phoneNumber} con il tuo codice","invalid-code":"Il codice inserito non è valido",pageTitle:"Chiamata vocale | ${clientName}",title:"Ricevi una telefonata"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Riprova",description:"Inserisci la tua chiave di sicurezza e segui le istruzioni",pageTitle:"Chiave di sicurezza | ${clientName}",title:"Usa la tua chiave di sicurezza"}},passkeys:ST,organizations:ET,"reset-password":{"reset-password":{backToLoginText:"Torna al login",buttonText:"Continua",codeExpired:"Il codice di reimpostazione della password è scaduto. Richiedine uno nuovo.",confirmPasswordLabel:"Conferma password",confirmPasswordPlaceholder:"Conferma password",description:"Inserisci la tua email per reimpostare la password",emailPlaceholder:"Indirizzo e-mail",failed:"Reimpostazione della password non riuscita. Riprova.","invalid-email-format":"Email non valida","no-email":"Inserisci un indirizzo email",pageTitle:"Reimposta password | ${clientName}",passwordLabel:"Nuova password",passwordPlaceholder:"Nuova password",passwordTooWeak:"La password è troppo debole",passwordsDidntMatch:"Le password non corrispondono",successDescription:"Abbiamo inviato un link per reimpostare la password al tuo indirizzo email.",successTitle:"Controlla la tua email",title:"Hai dimenticato la password?","user-not-found":"Utente non trovato"},"reset-password-code":{backToLoginText:"Torna al login",buttonText:"Reimposta password",codeLabel:"Codice di reimpostazione",codePlaceholder:"Inserisci il codice a 6 cifre",confirmPasswordLabel:"Conferma password",confirmPasswordPlaceholder:"Conferma password",defaultDescription:"Inserisci il codice inviato alla tua email e scegli una nuova password",description:"Abbiamo inviato un codice a ${email}",failed:"Reimpostazione della password non riuscita. Riprova.",invalidCode:"Il codice inserito non è valido o è scaduto",noCode:"Inserisci il codice di reimpostazione",pageTitle:"Inserisci il codice di reimpostazione | ${clientName}",passwordLabel:"Nuova password",passwordPlaceholder:"Nuova password",passwordTooWeak:"La password è troppo debole",passwordsDidntMatch:"Le password non corrispondono",resendFailed:"Impossibile reinviare il codice. Riprova.",resendSuccess:"Un nuovo codice è stato inviato alla tua email",resendText:"Reinvia codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Inserisci il codice di reimpostazione"}},signup:xT,"signup-id":{"signup-id":{buttonText:"Continua",description:"Registrati per continuare","email-already-exists":"Questa email è già registrata",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}","invalid-email-format":"Email non valida",loginActionLinkText:"Accedi",loginActionText:"Hai già un account?","no-email":"Inserisci un indirizzo email",pageTitle:"Registrati | ${clientName}",phonePlaceholder:"Numero di telefono",separatorText:"o",title:"Crea il tuo account",usernamePlaceholder:"Nome utente"}},"signup-password":{"signup-password":{buttonText:"Continua",description:"Registrati per continuare",hidePasswordText:"Nascondi password","no-password":"La password è obbligatoria",pageTitle:"Registrati | ${clientName}","password-policy-not-met":"La password non soddisfa i requisiti","password-too-weak":"La password è troppo debole",passwordPlaceholder:"Password",showPasswordText:"Mostra password",title:"Crea la tua password"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Continua",codeLabel:"Codice di verifica",codePlaceholder:"Inserisci il codice",defaultDescription:"Inserisci il codice di verifica inviato al tuo telefono",description:"Abbiamo inviato un codice a ${username}","invalid-code":"Codice non valido",noCode:"Inserisci il codice di verifica",pageTitle:"Inserisci il codice | ${clientName}",resendText:"Reinvia codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Controlla il tuo telefono",unexpectedError:"Si è verificato un errore imprevisto"}},status:CT},xO=Object.freeze(Object.defineProperty({__proto__:null,common:wT,consent:bT,default:EO,invitation:vT,login:AT,mfa:kT,organizations:ET,passkeys:ST,signup:xT,status:CT},Symbol.toStringTag,{value:"Module"})),TT={common:{alertListTitle:"Varsler",backText:"Gå tilbake",cancelText:"Avbryt",closeText:"Lukk",contactSupportText:"Kontakt kundestøtte",continueText:"Fortsett",copyrightText:"© ${currentYear} ${companyName}",errorText:"Det oppstod en feil",hidePasswordText:"Skjul passord",loadingText:"Laster...",orText:"eller",privacyPolicyText:"Personvernerklæring",showPasswordText:"Vis passord",termsOfServiceText:"Vilkår for bruk",termsShortText:"Vilkår",tryAgainText:"Prøv igjen"}},$T={consent:{buttonText:"Godta",cancelButtonText:"Avslå",description:"${clientName} ber om tilgang til kontoen din",pageTitle:"Godkjenn | ${clientName}",scopesTitle:"Dette vil gi ${clientName} tillatelse til å:",title:"Godkjenn ${clientName}"}},IT={invitation:{acceptButtonText:"Godta invitasjon",description:"${inviterName} har invitert deg til å bli med i ${organizationName} på ${clientName}",pageTitle:"Invitasjon | ${clientName}",title:"Du har blitt invitert"}},zT={login:{alertListTitle:"Varsler",buttonText:"Fortsett",description:"Logg inn på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-postadresse",enterACodeBtn:"Logg inn med en kode",federatedConnectionButtonText:"Fortsett med ${connectionName}",footerLinkText:"Registrer deg",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord",invalidEmail:"Ugyldig e-postadresse",invalidIdentifier:"Ugyldig e-postadresse eller brukernavn",invitationDescription:"Logg inn for å godta ${inviterName} sin invitasjon til å bli med i ${companyName} på ${clientName}.",invitationTitle:"Du har blitt invitert!",logoAltText:"${companyName}","no-email":"Vennligst oppgi en e-postadresse","no-password":"Passord er påkrevd",pageTitle:"Logg inn | ${clientName}",passwordLoginNotAvailable:"Passordautentisering er ikke tilgjengelig",passwordPlaceholder:"Passord",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",signupActionLinkText:"Registrer deg",signupActionText:"Har du ikke en konto?",title:"Velkommen",tooManyFailedLogins:"For mange mislykkede innloggingsforsøk. Vennligst prøv igjen senere.",unverifiedEmail:"Vennligst bekreft e-postadressen din før du logger inn",userAccountDoesNotExist:"Brukerkontoen finnes ikke",usernamePlaceholder:"Brukernavn eller e-postadresse",usernameTooLong:"Brukernavnet må være ${max} tegn eller færre",usernameTooShort:"Brukernavnet må være minst ${min} tegn",wrongCredentials:"Feil brukernavn eller passord",passkeyButtonText:"Logg inn med passkey"}},PT={mfa:{backupCodeText:"Bruk reservekode",description:"Velg en bekreftelsesmetode",pageTitle:"Flerfaktorautentisering | ${clientName}",title:"Bekreft identiteten din"}},NT={"passkey-enrollment-nudge":{title:"Sikre kontoen din med en passnøkkel",description:"Passnøkler bruker enhetens biometri eller PIN-kode for å logge deg inn raskere og sikrere.",enrollButtonText:"Sett opp passnøkkel",snoozeButtonText:"Kanskje senere",optOutLinkText:"Ikke vis dette igjen",pageTitle:"Sett Opp Passnøkkel | ${clientName}"},"passkey-enrollment":{title:"Opprett passnøkkelen din",description:"Følg instruksjonene fra nettleseren for å opprette en passnøkkel for denne kontoen.",errorMessage:"Kunne ikke opprette passnøkkel. Vennligst prøv igjen.",cancelLinkText:"Hopp over for nå",retryButtonText:"Prøv igjen",enrollmentComplete:"Passnøkkelen din er konfigurert. Du kan lukke denne siden.",pageTitle:"Opprett Passnøkkel | ${clientName}"},"passkey-challenge":{title:"Logg inn med passkey",description:"Følg instruksjonene fra nettleseren for å bekrefte identiteten din.",errorMessage:"Autentisering med passkey mislyktes. Vennligst prøv igjen.",cancelLinkText:"Tilbake til innlogging",retryButtonText:"Prøv igjen",pageTitle:"Logg inn med passkey | ${clientName}"}},FT={organizations:{description:"Velg hvilken organisasjon du vil logge inn på",pageTitle:"Velg organisasjon | ${clientName}",searchPlaceholder:"Søk etter organisasjoner",title:"Velg din organisasjon"}},OT={signup:{buttonText:"Registrer deg",confirmPasswordPlaceholder:"Bekreft passord",description:"Registrer deg for å fortsette","email-already-exists":"E-postadressen er allerede registrert",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}",hidePasswordText:"Skjul passord","invalid-email-format":"Ugyldig e-postadresse",loginActionLinkText:"Logg inn",loginActionText:"Har du allerede en konto?","no-email":"Vennligst oppgi en e-postadresse","no-password":"Passord er påkrevd","no-username":"Brukernavn er påkrevd",pageTitle:"Registrer deg | ${clientName}",passwordPlaceholder:"Passord",passwordsDidntMatch:"Passordene samsvarer ikke",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Personvernerklæring",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",termsOfServiceLinkText:"Vilkår for bruk",termsText:"Ved å registrere deg godtar du våre",title:"Opprett kontoen din","username-already-exists":"Dette brukernavnet er allerede tatt",usernamePlaceholder:"Brukernavn",verifyEmailText:"Sjekk e-posten din for å bekrefte kontoen"}},jT={status:{continueButtonText:"Fortsett",errorTitle:"Feil",pageTitle:"Status | ${clientName}",successTitle:"Vellykket",title:"Status"}},CO={common:TT,consent:$T,"device-flow":{"device-flow":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Skriv inn koden som vises på enheten din","expired-code":"Koden har utløpt","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Enhetsaktivering | ${clientName}",title:"Aktiver enheten din"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Fortsett",codeLabel:"Bekreftelseskode",codePlaceholder:"Skriv inn kode",defaultDescription:"Skriv inn bekreftelseskoden som ble sendt til e-posten din",description:"Vi sendte en kode til ${email}","invalid-code":"Ugyldig kode",noCode:"Vennligst skriv inn bekreftelseskoden",pageTitle:"Skriv inn kode | ${clientName}",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Sjekk e-posten din",unexpectedError:"En uventet feil oppstod"}},"email-verification":{"email-verification":{description:"Vi sendte en e-post til ${email}",pageTitle:"Bekreft e-post | ${clientName}",resendText:"Send e-post på nytt",successDescription:"E-postadressen din er bekreftet.",successTitle:"E-post bekreftet",title:"Bekreft e-posten din"}},invitation:IT,login:zT,"login-id":{"login-id":{alertListTitle:"Varsler","auth0-users-validation":"Noe gikk galt, vennligst prøv igjen senere","authentication-failure":"Beklager, noe gikk galt under innloggingsforsøket",buttonText:"Fortsett","captcha-client-failure":"Vi kunne ikke laste sikkerhetsutfordringen. Vennligst prøv igjen. (Feilkode: #{errorCode})","captcha-validation-failure":"Beklager, noe gikk galt under validering av captcha-svaret. Vennligst prøv igjen.",captchaCodePlaceholder:"Skriv inn koden som vises ovenfor","custom-script-error-code":"Noe gikk galt, vennligst prøv igjen senere.",description:"Logg inn på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}",footerLinkText:"Registrer deg",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord","invalid-captcha":"Løs utfordringen for å bekrefte at du ikke er en robot.","invalid-code":"Ugyldig kode","invalid-connection":"Ugyldig tilkobling","invalid-email-format":"Ugyldig e-postadresse","invalid-email-phone":"Skriv inn en gyldig e-postadresse eller telefonnummer. Telefonnumre må inkludere landskode.","invalid-email-phone-username":"Skriv inn en gyldig e-postadresse, telefonnummer eller brukernavn. Telefonnumre må inkludere landskode.","invalid-email-username":"Skriv inn en gyldig e-postadresse eller brukernavn","invalid-expired-code":"Ugyldig eller utløpt brukerkode","invalid-login-id":"Ugyldig innloggings-ID","invalid-phone-username":"Skriv inn et gyldig telefonnummer eller brukernavn. Telefonnumre må inkludere landskode.","invalid-recaptcha":"Kryss av i boksen for å bekrefte at du ikke er en robot.","invalid-username":"Brukernavnet kan bare inneholde alfanumeriske tegn eller: '${characters}'. Brukernavnet må ha mellom ${min} og ${max} tegn.",invitationDescription:"Logg inn for å godta ${inviterName} sin invitasjon til å bli med i ${companyName} på ${clientName}.",invitationTitle:"Du har blitt invitert!","ip-blocked":"Vi har oppdaget mistenkelig innloggingsaktivitet, og videre forsøk vil bli blokkert. Vennligst kontakt administratoren.",logoAltText:"${companyName}","no-db-connection":"Ugyldig tilkobling","no-email":"Vennligst oppgi en e-postadresse","no-email-phone":"E-postadresse eller telefonnummer er påkrevd","no-email-phone-username":"Telefonnummer, brukernavn eller e-postadresse er påkrevd","no-email-username":"E-postadresse eller brukernavn er påkrevd","no-password":"Passord er påkrevd","no-phone":"Vennligst oppgi et telefonnummer","no-phone-username":"Telefonnummer eller brukernavn er påkrevd","no-username":"Brukernavn er påkrevd",pageTitle:"Logg inn | ${clientName}","password-breached":"Vi har oppdaget et potensielt sikkerhetsproblem med denne kontoen. For å beskytte kontoen din har vi forhindret denne innloggingen. Vennligst tilbakestill passordet ditt for å fortsette.",passwordPlaceholder:"Passord",phoneOrEmailPlaceholder:"E-post eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, brukernavn eller e-post",phoneOrUsernamePlaceholder:"Telefonnummer eller brukernavn",phonePlaceholder:"Telefonnummer","same-user-login":"For mange innloggingsforsøk for denne brukeren. Vennligst vent og prøv igjen senere.",selectCountryCode:"Velg landskode, for øyeblikket satt til ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",signupActionLinkText:"Registrer deg",signupActionText:"Har du ikke en konto?",termsAndConditionsTemplate:'Ved å fortsette godtar du våre <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">vilkår</a>.',title:"Velkommen","user-blocked":"Kontoen din har blitt blokkert etter flere påfølgende innloggingsforsøk.",userAccountDoesNotExist:"Brukerkontoen finnes ikke",usernameOnlyPlaceholder:"Brukernavn",usernameOrEmailPlaceholder:"Brukernavn eller e-postadresse",usernamePlaceholder:"Brukernavn eller e-postadresse",usernameTooLong:"Brukernavnet må være ${max} tegn eller færre",usernameTooShort:"Brukernavnet må være minst ${min} tegn","wrong-credentials":"Feil brukernavn eller passord","wrong-email-credentials":"Feil e-postadresse eller passord","wrong-email-phone-credentials":"Feil e-postadresse, telefonnummer eller passord. Telefonnumre må inkludere landskode.","wrong-email-phone-username-credentials":"Feil e-postadresse, telefonnummer, brukernavn eller passord. Telefonnumre må inkludere landskode.","wrong-email-username-credentials":"Feil e-postadresse, brukernavn eller passord","wrong-phone-credentials":"Feil telefonnummer eller passord","wrong-phone-username-credentials":"Feil telefonnummer, brukernavn eller passord. Telefonnumre må inkludere landskode.","wrong-username-credentials":"Feil brukernavn eller passord",passkeyButtonText:"Logg inn med passkey"}},"login-password":{"login-password":{buttonText:"Logg inn",description:"Logg inn på ${clientName}",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord","no-password":"Passord er påkrevd",pageTitle:"Logg inn | ${clientName}","password-breached":"Vi har oppdaget et potensielt sikkerhetsproblem med denne kontoen. For å beskytte kontoen din har vi forhindret denne innloggingen. Vennligst tilbakestill passordet ditt for å fortsette.",passwordPlaceholder:"Passord",showPasswordText:"Vis passord",signingInAs:"Logger inn som ${email}",title:"Oppgi passord",unverifiedEmail:"Vennligst bekreft e-postadressen din før du logger inn","user-blocked":"Kontoen din har blitt blokkert etter flere påfølgende innloggingsforsøk.","wrong-credentials":"Feil passord"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-post",authMethodEmailOrPhone:"e-post eller telefonnummer",authMethodPhone:"telefonnummer",description:"Logg inn med din ${authMethod}",emailOrPhonePlaceholder:"E-postadresse eller telefonnummer",emailPlaceholder:"E-postadresse",invalidEmail:"Vennligst oppgi en gyldig e-postadresse",invalidIdentifier:"Vennligst oppgi en gyldig e-postadresse eller telefonnummer",invalidPhone:"Vennligst oppgi et gyldig telefonnummer med landskode",noEmail:"Vennligst oppgi e-postadressen din",noPhone:"Vennligst oppgi telefonnummeret ditt",phonePlaceholder:"Telefonnummer",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Logg inn med en kode",userAccountDoesNotExist:"Brukerkontoen finnes ikke"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klikk på lenken i e-posten for å logge inn",description:"Vi sendte en lenke til ${username}. Klikk på den for å logge inn.",resendText:"Send lenke på nytt",spamText:"Fikk du ikke e-posten? Sjekk søppelpostmappen.",title:"Sjekk e-posten din"}},mfa:PT,"mfa-email":{"mfa-email":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Vi sendte en kode til ${email}","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"E-postbekreftelse | ${clientName}",resendText:"Send kode på nytt",title:"Sjekk e-posten din"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Skriv inn den 6-sifrede koden fra autentiseringsappen din","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Skriv inn kode | ${clientName}",title:"Skriv inn koden din"},"mfa-totp-enrollment":{title:"Sett opp autentisering",description:"Skann QR-koden nedenfor med autentiseringsappen din, og skriv deretter inn den 6-sifrede koden for å verifisere",secretLabel:"Eller skriv inn denne koden manuelt:",codePlaceholder:"Skriv inn kode",continueButtonText:"Bekreft og aktiver","invalid-code":"Koden du skrev inn er ugyldig. Vennligst prøv igjen.","transaction-not-found":"Registreringsøkten din har utløpt, du må starte på nytt.",pageTitle:"Sett opp autentisering | ${clientName}",unexpectedError:"Noe gikk galt. Vennligst prøv igjen.",enrollmentComplete:"MFA-registreringen er fullført. Du kan lukke denne siden."},"mfa-totp-challenge":{title:"Bekreft identiteten din",description:"Skriv inn den 6-sifrede koden fra autentiseringsappen din",codePlaceholder:"Skriv inn kode",continueButtonText:"Fortsett","invalid-code":"Koden du skrev inn er ugyldig","transaction-not-found":"Registreringsøkten din har utløpt, du må starte på nytt.",unexpectedError:"Noe gikk galt. Vennligst prøv igjen.",pageTitle:"Bekreft identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Bruk telefonnummeret ditt for å logge inn | ${clientName}",title:"Bekreft identiteten din",description:"Vi sendte en kode til ${phoneNumber}",continueButtonText:"Fortsett",changePhoneText:"Velg et annet telefonnummer.",smsButtonText:"Tekstmelding",voiceButtonText:"Taleanrop",chooseMessageTypeText:"Hvordan vil du motta koden?",pickAuthenticatorText:"Prøv en annen metode",logoAltText:"${companyName}",codePlaceholder:"Skriv inn kode","send-sms-failed":"Det oppstod et problem med å sende SMS-en","send-voice-failed":"Det oppstod et problem med å ringe taleanropet","invalid-phone-format":"Telefonnummeret kan bare inneholde sifre.","invalid-phone":"Det ser ut som telefonnummeret ditt ikke er gyldig. Sjekk og prøv igjen.","too-many-sms":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","too-many-voice":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","transaction-not-found":"Registreringstransaksjonen din har utløpt, du må starte på nytt.","no-phone":"Skriv inn et telefonnummer",noCode:"Vennligst skriv inn bekreftelseskoden",invalidCode:"Koden du skrev inn er ugyldig. Prøv igjen.",unexpectedError:"Noe gikk galt. Prøv igjen.",resendSuccess:"Vi sendte en ny kode til telefonen din",enrollmentComplete:"MFA-registreringen er fullført. Du kan lukke denne siden."},"mfa-phone-enrollment":{pageTitle:"Skriv inn telefonnummeret ditt for å logge inn med en telefonkode | ${clientName}",title:"Sikre kontoen din",description:"Skriv inn landskoden og telefonnummeret vi kan sende en 6-sifret kode til:",continueButtonText:"Fortsett",smsButtonText:"Tekstmelding",voiceButtonText:"Taleanrop",chooseMessageTypeText:"Hvordan vil du motta koden?",pickAuthenticatorText:"Prøv en annen metode",placeholder:"Skriv inn telefonnummeret ditt",logoAltText:"${companyName}",selectCountryCode:"Velg landskode, for øyeblikket satt til ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Det oppstod et problem med å sende SMS-en","send-voice-failed":"Det oppstod et problem med å ringe taleanropet","sms-authenticator-error":"Vi kunne ikke sende SMS-en. Prøv igjen senere.","invalid-phone-format":"Telefonnummeret kan bare inneholde sifre.","invalid-phone":"Det ser ut som telefonnummeret ditt ikke er gyldig. Sjekk og prøv igjen.","too-many-sms":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","too-many-voice":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","transaction-not-found":"Registreringstransaksjonen din har utløpt, du må starte på nytt.","no-phone":"Skriv inn et telefonnummer","phone-is-too-short":"Telefonnummeret er for kort","phone-is-too-long":"Telefonnummeret er for langt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Velg bekreftelsesmetode | ${clientName}",title:"Velg bekreftelsesmetode",description:"Velg hvordan du vil bekrefte identiteten din",authenticatorAppLabel:"Autentiseringsapp",authenticatorAppDescription:"Bruk autentiseringsappen din for å få en bekreftelseskode",smsLabel:"Tekstmelding",smsDescription:"Få en bekreftelseskode sendt til telefonen din",passkeyLabel:"Passnøkkel",passkeyDescription:"Bruk enhetens biometri eller sikkerhetsnøkkel"}},"mfa-push":{"mfa-push":{description:"Vi sendte en varsling til enheten din",pageTitle:"Push-varsling | ${clientName}",resendText:"Send varsling på nytt",title:"Godkjenn forespørselen",useCodeText:"Skriv inn kode manuelt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsett",codePlaceholder:"Gjenopprettingskode",description:"Skriv inn en av gjenopprettingskodene dine","invalid-code":"Gjenopprettingskoden du skrev inn er ugyldig",pageTitle:"Gjenopprettingskode | ${clientName}",title:"Skriv inn gjenopprettingskode"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring meg",codePlaceholder:"Skriv inn kode",description:"Vi ringer ${phoneNumber} med koden din","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Taleanrop | ${clientName}",title:"Motta en telefonsamtale"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Prøv igjen",description:"Sett inn sikkerhetsnøkkelen din og følg instruksjonene",pageTitle:"Sikkerhetsnøkkel | ${clientName}",title:"Bruk sikkerhetsnøkkelen din"}},passkeys:NT,organizations:FT,"reset-password":{"reset-password":{backToLoginText:"Tilbake til innlogging",buttonText:"Fortsett",codeExpired:"Koden for tilbakestilling av passord har utløpt. Vennligst be om en ny.",confirmPasswordLabel:"Bekreft passord",confirmPasswordPlaceholder:"Bekreft passord",description:"Oppgi e-postadressen din for å tilbakestille passordet",emailPlaceholder:"E-postadresse",failed:"Tilbakestilling av passord mislyktes. Vennligst prøv igjen.","invalid-email-format":"Ugyldig e-postadresse","no-email":"Vennligst oppgi en e-postadresse",pageTitle:"Tilbakestill passord | ${clientName}",passwordLabel:"Nytt passord",passwordPlaceholder:"Nytt passord",passwordTooWeak:"Passordet er for svakt",passwordsDidntMatch:"Passordene samsvarer ikke",successDescription:"Vi har sendt en lenke for tilbakestilling av passord til e-postadressen din.",successTitle:"Sjekk e-posten din",title:"Har du glemt passordet?","user-not-found":"Brukeren ble ikke funnet"},"reset-password-code":{backToLoginText:"Tilbake til innlogging",buttonText:"Tilbakestill passord",codeLabel:"Tilbakestillingskode",codePlaceholder:"Skriv inn 6-sifret kode",confirmPasswordLabel:"Bekreft passord",confirmPasswordPlaceholder:"Bekreft passord",defaultDescription:"Skriv inn koden som ble sendt til e-posten din og velg et nytt passord",description:"Vi sendte en kode til ${email}",failed:"Tilbakestilling av passord mislyktes. Vennligst prøv igjen.",invalidCode:"Koden du skrev inn er ugyldig eller har utløpt",noCode:"Vennligst skriv inn tilbakestillingskoden",pageTitle:"Skriv inn tilbakestillingskode | ${clientName}",passwordLabel:"Nytt passord",passwordPlaceholder:"Nytt passord",passwordTooWeak:"Passordet er for svakt",passwordsDidntMatch:"Passordene samsvarer ikke",resendFailed:"Kunne ikke sende koden på nytt. Vennligst prøv igjen.",resendSuccess:"En ny kode har blitt sendt til e-posten din",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Skriv inn tilbakestillingskode"}},signup:OT,"signup-id":{"signup-id":{buttonText:"Fortsett",description:"Registrer deg for å fortsette","email-already-exists":"E-postadressen er allerede registrert",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}","invalid-email-format":"Ugyldig e-postadresse",loginActionLinkText:"Logg inn",loginActionText:"Har du allerede en konto?","no-email":"Vennligst oppgi en e-postadresse",pageTitle:"Registrer deg | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Opprett kontoen din",usernamePlaceholder:"Brukernavn"}},"signup-password":{"signup-password":{buttonText:"Fortsett",description:"Opprett et passord for å fortsette",hidePasswordText:"Skjul passord","no-password":"Passord er påkrevd",pageTitle:"Registrer deg | ${clientName}","password-policy-not-met":"Passordet oppfyller ikke kravene","password-too-weak":"Passordet er for svakt",passwordPlaceholder:"Passord",showPasswordText:"Vis passord",title:"Opprett passordet ditt"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Fortsett",codeLabel:"Bekreftelseskode",codePlaceholder:"Skriv inn kode",defaultDescription:"Skriv inn bekreftelseskoden som ble sendt til telefonen din",description:"Vi sendte en kode til ${username}","invalid-code":"Ugyldig kode",noCode:"Vennligst skriv inn bekreftelseskoden",pageTitle:"Skriv inn kode | ${clientName}",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Sjekk telefonen din",unexpectedError:"En uventet feil oppstod"}},status:jT},TO=Object.freeze(Object.defineProperty({__proto__:null,common:TT,consent:$T,default:CO,invitation:IT,login:zT,mfa:PT,organizations:FT,passkeys:NT,signup:OT,status:jT},Symbol.toStringTag,{value:"Module"})),RT={common:{alertListTitle:"Powiadomienia",backText:"Wróć",cancelText:"Anuluj",closeText:"Zamknij",contactSupportText:"Potrzebujesz pomocy?",continueText:"Kontynuuj",copyrightText:"© ${currentYear} ${companyName}",errorText:"Coś poszło nie tak. Spróbuj ponownie.",hidePasswordText:"Ukryj hasło",loadingText:"Ładowanie...",orText:"lub",privacyPolicyText:"Polityka prywatności",showPasswordText:"Pokaż hasło",termsOfServiceText:"Regulamin",termsShortText:"Zasady",tryAgainText:"Spróbuj ponownie"}},DT={consent:{buttonText:"Zaakceptuj",cancelButtonText:"Odmów",description:"${clientName} prosi o dostęp do Twojego konta",pageTitle:"Autoryzacja | ${clientName}",scopesTitle:"Umożliwi to ${clientName}:",title:"Autoryzuj ${clientName}"}},BT={invitation:{acceptButtonText:"Przyjmij zaproszenie",description:"${inviterName} zaprosił Cię do dołączenia do ${organizationName} w ${clientName}",pageTitle:"Zaproszenie | ${clientName}",title:"Otrzymałeś zaproszenie"}},LT={login:{alertListTitle:"Powiadomienia",buttonText:"Kontynuuj",description:"Zaloguj się do ${clientName}.",editEmailText:"Edytuj",emailPlaceholder:"Adres e-mail",enterACodeBtn:"Zaloguj się kodem",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",footerLinkText:"Zarejestruj się",footerText:"Nie masz konta?",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło",invalidEmail:"Nieprawidłowy adres e-mail",invalidIdentifier:"Nieprawidłowy adres e-mail lub nazwa użytkownika",invitationDescription:"Zaloguj się, aby przyjąć zaproszenie od ${inviterName} do dołączenia do ${companyName} w ${clientName}.",invitationTitle:"Otrzymałeś zaproszenie!",logoAltText:"${companyName}","no-email":"Wprowadź adres e-mail","no-password":"Hasło jest wymagane",pageTitle:"Logowanie | ${clientName}",passwordLoginNotAvailable:"Logowanie hasłem jest niedostępne",passwordPlaceholder:"Hasło",phonePlaceholder:"Numer telefonu",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",signupActionLinkText:"Zarejestruj się",signupActionText:"Nie masz konta?",title:"Witamy",tooManyFailedLogins:"Zbyt wiele nieudanych prób logowania. Spróbuj ponownie później.",unverifiedEmail:"Zweryfikuj swój adres e-mail przed zalogowaniem",userAccountDoesNotExist:"Konto użytkownika nie istnieje",usernamePlaceholder:"Nazwa użytkownika lub adres e-mail",usernameTooLong:"Nazwa użytkownika musi mieć maksymalnie ${max} znaków",usernameTooShort:"Nazwa użytkownika musi mieć co najmniej ${min} znaków",wrongCredentials:"Nieprawidłowa nazwa użytkownika lub hasło",passkeyButtonText:"Zaloguj się za pomocą passkey"}},MT={mfa:{backupCodeText:"Użyj kodu zapasowego",description:"Wybierz metodę weryfikacji",pageTitle:"Uwierzytelnianie wieloskładnikowe | ${clientName}",title:"Zweryfikuj swoją tożsamość"}},UT={"passkey-enrollment-nudge":{title:"Zabezpiecz swoje konto kluczem dostępu",description:"Klucze dostępu wykorzystują biometrię lub PIN urządzenia, aby logować się szybciej i bezpieczniej.",enrollButtonText:"Skonfiguruj klucz dostępu",snoozeButtonText:"Może później",optOutLinkText:"Nie pokazuj ponownie",pageTitle:"Konfiguracja Klucza Dostępu | ${clientName}"},"passkey-enrollment":{title:"Utwórz klucz dostępu",description:"Postępuj zgodnie z instrukcjami przeglądarki, aby utworzyć klucz dostępu dla tego konta.",errorMessage:"Nie udało się utworzyć klucza dostępu. Spróbuj ponownie.",cancelLinkText:"Pomiń na razie",retryButtonText:"Spróbuj ponownie",enrollmentComplete:"Twój klucz dostępu został pomyślnie skonfigurowany. Możesz zamknąć tę stronę.",pageTitle:"Tworzenie Klucza Dostępu | ${clientName}"},"passkey-challenge":{title:"Zaloguj się za pomocą passkey",description:"Postępuj zgodnie z instrukcjami przeglądarki, aby zweryfikować swoją tożsamość.",errorMessage:"Uwierzytelnianie za pomocą passkey nie powiodło się. Spróbuj ponownie.",cancelLinkText:"Powrót do logowania",retryButtonText:"Spróbuj ponownie",pageTitle:"Logowanie za pomocą passkey | ${clientName}"}},qT={organizations:{description:"Wybierz organizację, do której chcesz się zalogować",pageTitle:"Wybierz organizację | ${clientName}",searchPlaceholder:"Szukaj organizacji",title:"Wybierz swoją organizację"}},HT={signup:{buttonText:"Zarejestruj się",confirmPasswordPlaceholder:"Potwierdź hasło",description:"Zarejestruj się, aby kontynuować","email-already-exists":"Ten adres e-mail jest już zarejestrowany",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",hidePasswordText:"Ukryj hasło","invalid-email-format":"Nieprawidłowy adres e-mail",loginActionLinkText:"Zaloguj się",loginActionText:"Masz już konto?","no-email":"Wprowadź adres e-mail","no-password":"Hasło jest wymagane","no-username":"Nazwa użytkownika jest wymagana",pageTitle:"Rejestracja | ${clientName}",passwordPlaceholder:"Hasło",passwordsDidntMatch:"Hasła nie są zgodne",phonePlaceholder:"Numer telefonu",privacyPolicyLinkText:"Polityka prywatności",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",termsOfServiceLinkText:"Regulamin",termsText:"Rejestrując się, akceptujesz nasz",title:"Utwórz konto","username-already-exists":"Ta nazwa użytkownika jest już zajęta",usernamePlaceholder:"Nazwa użytkownika",verifyEmailText:"Sprawdź swoją pocztę, aby zweryfikować konto"}},VT={status:{continueButtonText:"Kontynuuj",errorTitle:"Błąd",pageTitle:"Status | ${clientName}",successTitle:"Sukces",title:"Status"}},$O={common:RT,consent:DT,"device-flow":{"device-flow":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wprowadź kod wyświetlony na Twoim urządzeniu","expired-code":"Kod wygasł","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Aktywacja urządzenia | ${clientName}",title:"Aktywuj swoje urządzenie"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Kontynuuj",codeLabel:"Kod weryfikacyjny",codePlaceholder:"Wprowadź kod",defaultDescription:"Wprowadź kod weryfikacyjny wysłany na Twój adres e-mail",description:"Wysłaliśmy kod na ${email}","invalid-code":"Nieprawidłowy kod",noCode:"Wprowadź kod weryfikacyjny",pageTitle:"Wprowadź kod | ${clientName}",resendText:"Wyślij ponownie kod",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Sprawdź swoją pocztę",unexpectedError:"Wystąpił nieoczekiwany błąd"}},"email-verification":{"email-verification":{description:"Wysłaliśmy wiadomość na ${email}",pageTitle:"Weryfikacja e-mail | ${clientName}",resendText:"Wyślij ponownie e-mail",successDescription:"Twój adres e-mail został pomyślnie zweryfikowany.",successTitle:"E-mail zweryfikowany",title:"Zweryfikuj swój adres e-mail"}},invitation:BT,login:LT,"login-id":{"login-id":{alertListTitle:"Powiadomienia","auth0-users-validation":"Coś poszło nie tak, spróbuj ponownie później","authentication-failure":"Przepraszamy, wystąpił błąd podczas logowania",buttonText:"Kontynuuj","captcha-client-failure":"Nie udało się załadować weryfikacji bezpieczeństwa. Spróbuj ponownie. (Kod błędu: #{errorCode})","captcha-validation-failure":"Przepraszamy, wystąpił błąd podczas weryfikacji captcha. Spróbuj ponownie.",captchaCodePlaceholder:"Wprowadź kod widoczny powyżej","custom-script-error-code":"Coś poszło nie tak, spróbuj ponownie później.",description:"Zaloguj się do ${clientName}.",editEmailText:"Edytuj",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",footerLinkText:"Zarejestruj się",footerText:"Nie masz konta?",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło","invalid-captcha":"Rozwiąż zadanie, aby potwierdzić, że nie jesteś robotem.","invalid-code":"Nieprawidłowy kod","invalid-connection":"Nieprawidłowe połączenie","invalid-email-format":"Nieprawidłowy adres e-mail","invalid-email-phone":"Wprowadź prawidłowy adres e-mail lub numer telefonu. Numery telefonów muszą zawierać kod kraju.","invalid-email-phone-username":"Wprowadź prawidłowy adres e-mail, numer telefonu lub nazwę użytkownika. Numery telefonów muszą zawierać kod kraju.","invalid-email-username":"Wprowadź prawidłowy adres e-mail lub nazwę użytkownika","invalid-expired-code":"Nieprawidłowy lub wygasły kod użytkownika","invalid-login-id":"Wprowadzono nieprawidłowy identyfikator logowania","invalid-phone-username":"Wprowadź prawidłowy numer telefonu lub nazwę użytkownika. Numery telefonów muszą zawierać kod kraju.","invalid-recaptcha":"Zaznacz pole wyboru, aby potwierdzić, że nie jesteś robotem.","invalid-username":"Nazwa użytkownika może zawierać tylko znaki alfanumeryczne lub: '${characters}'. Nazwa użytkownika powinna mieć od ${min} do ${max} znaków.",invitationDescription:"Zaloguj się, aby przyjąć zaproszenie od ${inviterName} do dołączenia do ${companyName} w ${clientName}.",invitationTitle:"Otrzymałeś zaproszenie!","ip-blocked":"Wykryliśmy podejrzaną aktywność logowania i dalsze próby zostaną zablokowane. Skontaktuj się z administratorem.",logoAltText:"${companyName}","no-db-connection":"Nieprawidłowe połączenie","no-email":"Wprowadź adres e-mail","no-email-phone":"Adres e-mail lub numer telefonu jest wymagany","no-email-phone-username":"Numer telefonu, nazwa użytkownika lub adres e-mail jest wymagany","no-email-username":"Adres e-mail lub nazwa użytkownika jest wymagany","no-password":"Hasło jest wymagane","no-phone":"Wprowadź numer telefonu","no-phone-username":"Numer telefonu lub nazwa użytkownika jest wymagany","no-username":"Nazwa użytkownika jest wymagana",pageTitle:"Logowanie | ${clientName}","password-breached":"Wykryliśmy potencjalny problem z bezpieczeństwem tego konta. Aby chronić Twoje konto, zablokowano to logowanie. Zresetuj hasło, aby kontynuować.",passwordPlaceholder:"Hasło",phoneOrEmailPlaceholder:"E-mail lub numer telefonu",phoneOrUsernameOrEmailPlaceholder:"Telefon, nazwa użytkownika lub e-mail",phoneOrUsernamePlaceholder:"Numer telefonu lub nazwa użytkownika",phonePlaceholder:"Numer telefonu","same-user-login":"Zbyt wiele prób logowania dla tego użytkownika. Poczekaj chwilę i spróbuj ponownie.",selectCountryCode:"Wybierz kod kraju, aktualnie ustawiony na ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",signupActionLinkText:"Zarejestruj się",signupActionText:"Nie masz konta?",termsAndConditionsTemplate:'Kontynuując, akceptujesz nasze <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Zasady i warunki</a>.',title:"Witamy","user-blocked":"Twoje konto zostało zablokowane po wielu kolejnych nieudanych próbach logowania.",userAccountDoesNotExist:"Konto użytkownika nie istnieje",usernameOnlyPlaceholder:"Nazwa użytkownika",usernameOrEmailPlaceholder:"Nazwa użytkownika lub adres e-mail",usernamePlaceholder:"Nazwa użytkownika",usernameTooLong:"Nazwa użytkownika musi mieć maksymalnie ${max} znaków",usernameTooShort:"Nazwa użytkownika musi mieć co najmniej ${min} znaków","wrong-credentials":"Nieprawidłowa nazwa użytkownika lub hasło","wrong-email-credentials":"Nieprawidłowy adres e-mail lub hasło","wrong-email-phone-credentials":"Nieprawidłowy adres e-mail, numer telefonu lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-email-phone-username-credentials":"Nieprawidłowy adres e-mail, numer telefonu, nazwa użytkownika lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-email-username-credentials":"Nieprawidłowy adres e-mail, nazwa użytkownika lub hasło","wrong-phone-credentials":"Nieprawidłowy numer telefonu lub hasło","wrong-phone-username-credentials":"Nieprawidłowy numer telefonu, nazwa użytkownika lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-username-credentials":"Nieprawidłowa nazwa użytkownika lub hasło",passkeyButtonText:"Zaloguj się za pomocą passkey"}},"login-password":{"login-password":{buttonText:"Zaloguj się",description:"Zaloguj się do ${clientName}",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło","no-password":"Hasło jest wymagane",pageTitle:"Logowanie | ${clientName}","password-breached":"Wykryliśmy potencjalny problem z bezpieczeństwem tego konta. Aby chronić Twoje konto, zablokowano to logowanie. Zresetuj hasło, aby kontynuować.",passwordPlaceholder:"Hasło",showPasswordText:"Pokaż hasło",signingInAs:"Logujesz się jako ${email}",title:"Wprowadź hasło",unverifiedEmail:"Zweryfikuj swój adres e-mail przed zalogowaniem","user-blocked":"Twoje konto zostało zablokowane po wielu kolejnych nieudanych próbach logowania.","wrong-credentials":"Nieprawidłowe hasło"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mail",authMethodEmailOrPhone:"e-mail lub numer telefonu",authMethodPhone:"numer telefonu",description:"Zaloguj się za pomocą swojego ${authMethod}",emailOrPhonePlaceholder:"Adres e-mail lub numer telefonu",emailPlaceholder:"Adres e-mail",invalidEmail:"Wprowadź prawidłowy adres e-mail",invalidIdentifier:"Wprowadź prawidłowy adres e-mail lub numer telefonu",invalidPhone:"Wprowadź prawidłowy numer telefonu z kodem kraju",noEmail:"Wprowadź swój adres e-mail",noPhone:"Wprowadź swój numer telefonu",phonePlaceholder:"Numer telefonu",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Zaloguj się kodem",userAccountDoesNotExist:"Konto użytkownika nie istnieje"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Kliknij link w wiadomości e-mail, aby się zalogować",description:"Wysłaliśmy link na ${username}. Kliknij go, aby się zalogować.",resendText:"Wyślij ponownie link",spamText:"Nie otrzymałeś wiadomości? Sprawdź folder spam.",title:"Sprawdź swoją pocztę"}},mfa:MT,"mfa-email":{"mfa-email":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wysłaliśmy kod na ${email}","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Weryfikacja e-mail | ${clientName}",resendText:"Wyślij ponownie kod",title:"Sprawdź swoją pocztę"}},"mfa-otp":{"mfa-otp":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wprowadź 6-cyfrowy kod z aplikacji uwierzytelniającej","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Wprowadź kod | ${clientName}",title:"Wprowadź swój kod"},"mfa-totp-enrollment":{title:"Skonfiguruj aplikację uwierzytelniającą",description:"Zeskanuj poniższy kod QR za pomocą aplikacji uwierzytelniającej, a następnie wprowadź 6-cyfrowy kod w celu weryfikacji",secretLabel:"Lub wprowadź ten kod ręcznie:",codePlaceholder:"Wprowadź kod",continueButtonText:"Zweryfikuj i aktywuj","invalid-code":"Wprowadzony kod jest nieprawidłowy. Spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.",pageTitle:"Konfiguracja uwierzytelniania | ${clientName}",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",enrollmentComplete:"Rejestracja MFA została zakończona. Możesz zamknąć tę stronę."},"mfa-totp-challenge":{title:"Zweryfikuj swoją tożsamość",description:"Wprowadź 6-cyfrowy kod z aplikacji uwierzytelniającej",codePlaceholder:"Wprowadź kod",continueButtonText:"Kontynuuj","invalid-code":"Wprowadzony kod jest nieprawidłowy","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",pageTitle:"Weryfikacja tożsamości | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Użyj swojego numeru telefonu, aby się zalogować | ${clientName}",title:"Zweryfikuj swoją tożsamość",description:"Wysłaliśmy kod na ${phoneNumber}",continueButtonText:"Kontynuuj",changePhoneText:"Wybierz inny numer telefonu.",smsButtonText:"Wiadomość tekstowa",voiceButtonText:"Połączenie głosowe",chooseMessageTypeText:"Jak chcesz otrzymać kod?",pickAuthenticatorText:"Wypróbuj inną metodę",logoAltText:"${companyName}",codePlaceholder:"Wpisz kod","send-sms-failed":"Wystąpił problem z wysłaniem SMS-a","send-voice-failed":"Wystąpił problem z wykonaniem połączenia głosowego","invalid-phone-format":"Numer telefonu może zawierać tylko cyfry.","invalid-phone":"Wygląda na to, że Twój numer telefonu jest nieprawidłowy. Sprawdź i spróbuj ponownie.","too-many-sms":"Przekroczono maksymalną liczbę wiadomości telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","too-many-voice":"Przekroczono maksymalną liczbę połączeń telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.","no-phone":"Wpisz numer telefonu",noCode:"Wprowadź kod weryfikacyjny",invalidCode:"Wprowadzony kod jest nieprawidłowy. Spróbuj ponownie.",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",resendSuccess:"Wysłaliśmy nowy kod na Twój telefon",enrollmentComplete:"Rejestracja MFA została zakończona. Możesz zamknąć tę stronę."},"mfa-phone-enrollment":{pageTitle:"Wpisz swój numer telefonu, aby zalogować się kodem telefonicznym | ${clientName}",title:"Zabezpiecz swoje konto",description:"Wpisz kod kraju i numer telefonu, na który możemy wysłać 6-cyfrowy kod:",continueButtonText:"Kontynuuj",smsButtonText:"Wiadomość tekstowa",voiceButtonText:"Połączenie głosowe",chooseMessageTypeText:"Jak chcesz otrzymać kod?",pickAuthenticatorText:"Wypróbuj inną metodę",placeholder:"Wpisz swój numer telefonu",logoAltText:"${companyName}",selectCountryCode:"Wybierz kod kraju, aktualnie ustawiony na ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Wystąpił problem z wysłaniem SMS-a","send-voice-failed":"Wystąpił problem z wykonaniem połączenia głosowego","sms-authenticator-error":"Nie udało się wysłać SMS-a. Spróbuj ponownie później.","invalid-phone-format":"Numer telefonu może zawierać tylko cyfry.","invalid-phone":"Wygląda na to, że Twój numer telefonu jest nieprawidłowy. Sprawdź i spróbuj ponownie.","too-many-sms":"Przekroczono maksymalną liczbę wiadomości telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","too-many-voice":"Przekroczono maksymalną liczbę połączeń telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.","no-phone":"Wpisz numer telefonu","phone-is-too-short":"Numer telefonu jest za krótki","phone-is-too-long":"Numer telefonu jest za długi"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Wybierz metodę weryfikacji | ${clientName}",title:"Wybierz metodę weryfikacji",description:"Wybierz, w jaki sposób chcesz zweryfikować swoją tożsamość",authenticatorAppLabel:"Aplikacja uwierzytelniająca",authenticatorAppDescription:"Użyj aplikacji uwierzytelniającej, aby uzyskać kod weryfikacyjny",smsLabel:"Wiadomość tekstowa",smsDescription:"Otrzymaj kod weryfikacyjny wysłany na swój telefon",passkeyLabel:"Klucz dostępu",passkeyDescription:"Użyj biometrii urządzenia lub klucza bezpieczeństwa"}},"mfa-push":{"mfa-push":{description:"Wysłaliśmy powiadomienie na Twoje urządzenie",pageTitle:"Powiadomienie push | ${clientName}",resendText:"Wyślij ponownie powiadomienie",title:"Zatwierdź żądanie",useCodeText:"Wprowadź kod ręcznie"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Kontynuuj",codePlaceholder:"Kod odzyskiwania",description:"Wprowadź jeden z kodów odzyskiwania","invalid-code":"Wprowadzony kod odzyskiwania jest nieprawidłowy",pageTitle:"Kod odzyskiwania | ${clientName}",title:"Wprowadź kod odzyskiwania"}},"mfa-voice":{"mfa-voice":{buttonText:"Zadzwoń do mnie",codePlaceholder:"Wprowadź kod",description:"Zadzwonimy na ${phoneNumber} z Twoim kodem","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Połączenie głosowe | ${clientName}",title:"Odbierz połączenie telefoniczne"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Spróbuj ponownie",description:"Włóż klucz bezpieczeństwa i postępuj zgodnie z instrukcjami",pageTitle:"Klucz bezpieczeństwa | ${clientName}",title:"Użyj klucza bezpieczeństwa"}},passkeys:UT,organizations:qT,"reset-password":{"reset-password":{backToLoginText:"Wróć do logowania",buttonText:"Kontynuuj",codeExpired:"Kod resetu hasła wygasł. Poproś o nowy.",confirmPasswordLabel:"Potwierdź hasło",confirmPasswordPlaceholder:"Potwierdź hasło",description:"Wprowadź swój adres e-mail, aby zresetować hasło",emailPlaceholder:"Adres e-mail",failed:"Reset hasła nie powiódł się. Spróbuj ponownie.","invalid-email-format":"Nieprawidłowy adres e-mail","no-email":"Wprowadź adres e-mail",pageTitle:"Resetowanie hasła | ${clientName}",passwordLabel:"Nowe hasło",passwordPlaceholder:"Nowe hasło",passwordTooWeak:"Hasło jest zbyt słabe",passwordsDidntMatch:"Hasła nie są zgodne",successDescription:"Wysłaliśmy link do resetowania hasła na Twój adres e-mail.",successTitle:"Sprawdź swoją pocztę",title:"Zapomniałeś hasła?","user-not-found":"Nie znaleziono użytkownika"},"reset-password-code":{backToLoginText:"Wróć do logowania",buttonText:"Zresetuj hasło",codeLabel:"Kod resetowania",codePlaceholder:"Wprowadź 6-cyfrowy kod",confirmPasswordLabel:"Potwierdź hasło",confirmPasswordPlaceholder:"Potwierdź hasło",defaultDescription:"Wprowadź kod wysłany na Twój e-mail i wybierz nowe hasło",description:"Wysłaliśmy kod na ${email}",failed:"Reset hasła nie powiódł się. Spróbuj ponownie.",invalidCode:"Wprowadzony kod jest nieprawidłowy lub wygasł",noCode:"Wprowadź kod resetowania",pageTitle:"Wprowadź kod resetowania | ${clientName}",passwordLabel:"Nowe hasło",passwordPlaceholder:"Nowe hasło",passwordTooWeak:"Hasło jest zbyt słabe",passwordsDidntMatch:"Hasła nie są zgodne",resendFailed:"Nie udało się ponownie wysłać kodu. Spróbuj ponownie.",resendSuccess:"Nowy kod został wysłany na Twój e-mail",resendText:"Wyślij kod ponownie",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Wprowadź kod resetowania"}},signup:HT,"signup-id":{"signup-id":{buttonText:"Kontynuuj",description:"Zarejestruj się, aby kontynuować","email-already-exists":"Ten adres e-mail jest już zarejestrowany",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}","invalid-email-format":"Nieprawidłowy adres e-mail",loginActionLinkText:"Zaloguj się",loginActionText:"Masz już konto?","no-email":"Wprowadź adres e-mail",pageTitle:"Rejestracja | ${clientName}",phonePlaceholder:"Numer telefonu",separatorText:"lub",title:"Utwórz konto",usernamePlaceholder:"Nazwa użytkownika"}},"signup-password":{"signup-password":{buttonText:"Kontynuuj",description:"Utwórz swoje hasło",hidePasswordText:"Ukryj hasło","no-password":"Hasło jest wymagane",pageTitle:"Rejestracja | ${clientName}","password-policy-not-met":"Hasło nie spełnia wymagań","password-too-weak":"Hasło jest zbyt słabe",passwordPlaceholder:"Hasło",showPasswordText:"Pokaż hasło",title:"Utwórz hasło"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Kontynuuj",codeLabel:"Kod weryfikacyjny",codePlaceholder:"Wprowadź kod",defaultDescription:"Wprowadź kod weryfikacyjny wysłany na Twój telefon",description:"Wysłaliśmy kod na ${username}","invalid-code":"Nieprawidłowy kod",noCode:"Wprowadź kod weryfikacyjny",pageTitle:"Wprowadź kod | ${clientName}",resendText:"Wyślij ponownie kod",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Sprawdź swój telefon",unexpectedError:"Wystąpił nieoczekiwany błąd"}},status:VT},IO=Object.freeze(Object.defineProperty({__proto__:null,common:RT,consent:DT,default:$O,invitation:BT,login:LT,mfa:MT,organizations:qT,passkeys:UT,signup:HT,status:VT},Symbol.toStringTag,{value:"Module"})),KT={common:{alertListTitle:"Meddelanden",backText:"Gå tillbaka",cancelText:"Gå tillbaka",closeText:"Stäng",contactSupportText:"Behöver du hjälp?",continueText:"Fortsätt",copyrightText:"© ${currentYear} ${companyName}",errorText:"Något gick fel. Vänligen försök igen.",hidePasswordText:"Dölj lösenord",loadingText:"Laddar...",orText:"eller",privacyPolicyText:"Integritetspolicy",showPasswordText:"Visa lösenord",termsOfServiceText:"Användarvillkor",termsShortText:"Villkor",tryAgainText:"Försök igen"}},GT={consent:{buttonText:"Godkänn",cancelButtonText:"Neka",description:"${clientName} begär åtkomst till ditt konto",pageTitle:"Auktorisera | ${clientName}",scopesTitle:"Detta ger ${clientName} tillåtelse att:",title:"Auktorisera ${clientName}"}},WT={invitation:{acceptButtonText:"Acceptera inbjudan",description:"${inviterName} har bjudit in dig att gå med i ${organizationName} på ${clientName}",pageTitle:"Inbjudan | ${clientName}",title:"Du har blivit inbjuden"}},JT={login:{alertListTitle:"Meddelanden",buttonText:"Fortsätt",description:"Logga in på ${clientName}.",editEmailText:"Redigera",emailPlaceholder:"E-postadress",enterACodeBtn:"Logga in med en kod",federatedConnectionButtonText:"Fortsätt med ${connectionName}",footerLinkText:"Registrera dig",footerText:"Har du inget konto?",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord",invalidEmail:"Ogiltig e-postadress",invalidIdentifier:"Ogiltig e-postadress eller användarnamn",invitationDescription:"Logga in för att acceptera ${inviterName}s inbjudan att gå med i ${companyName} på ${clientName}.",invitationTitle:"Du har blivit inbjuden!",logoAltText:"${companyName}","no-email":"Vänligen ange en e-postadress","no-password":"Lösenord krävs",pageTitle:"Logga in | ${clientName}",passwordLoginNotAvailable:"Lösenordsinloggning är inte tillgänglig",passwordPlaceholder:"Lösenord",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",signupActionLinkText:"Registrera dig",signupActionText:"Har du inget konto?",title:"Välkommen",tooManyFailedLogins:"För många misslyckade inloggningsförsök. Försök igen senare.",unverifiedEmail:"Verifiera din e-postadress innan du loggar in",userAccountDoesNotExist:"Användarkontot finns inte",usernamePlaceholder:"Användarnamn eller e-postadress",usernameTooLong:"Användarnamnet får vara högst ${max} tecken",usernameTooShort:"Användarnamnet måste vara minst ${min} tecken",wrongCredentials:"Fel användarnamn eller lösenord",passkeyButtonText:"Logga in med passkey"}},YT={mfa:{backupCodeText:"Använd reservkod",description:"Välj en verifieringsmetod",pageTitle:"Multifaktorautentisering | ${clientName}",title:"Verifiera din identitet"}},QT={"passkey-enrollment-nudge":{title:"Skydda ditt konto med en nyckel",description:"Nycklar använder enhetens biometri eller PIN-kod för att logga in snabbare och säkrare.",enrollButtonText:"Konfigurera nyckel",snoozeButtonText:"Kanske senare",optOutLinkText:"Visa inte detta igen",pageTitle:"Konfigurera Nyckel | ${clientName}"},"passkey-enrollment":{title:"Skapa din nyckel",description:"Följ anvisningarna från din webbläsare för att skapa en nyckel för detta konto.",errorMessage:"Det gick inte att skapa nyckeln. Försök igen.",cancelLinkText:"Hoppa över för nu",retryButtonText:"Försök igen",enrollmentComplete:"Din nyckel har konfigurerats. Du kan stänga denna sida.",pageTitle:"Skapa Nyckel | ${clientName}"},"passkey-challenge":{title:"Logga in med passkey",description:"Följ instruktionerna från din webbläsare för att verifiera din identitet.",errorMessage:"Autentisering med passkey misslyckades. Försök igen.",cancelLinkText:"Tillbaka till inloggning",retryButtonText:"Försök igen",pageTitle:"Logga in med passkey | ${clientName}"}},ZT={organizations:{description:"Välj vilken organisation du vill logga in på",pageTitle:"Välj organisation | ${clientName}",searchPlaceholder:"Sök organisationer",title:"Välj din organisation"}},XT={signup:{buttonText:"Registrera dig",confirmPasswordPlaceholder:"Bekräfta lösenord",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.","email-already-exists":"E-postadressen är redan upptagen",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}",hidePasswordText:"Dölj lösenord","invalid-email-format":"Ogiltig e-postadress",loginActionLinkText:"Logga in",loginActionText:"Har du redan ett konto?","no-email":"Vänligen ange en e-postadress","no-password":"Lösenord krävs","no-username":"Användarnamn krävs",pageTitle:"Registrera dig | ${clientName}",passwordPlaceholder:"Lösenord",passwordsDidntMatch:"Lösenorden matchar inte",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Integritetspolicy",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",termsOfServiceLinkText:"Användarvillkor",termsText:"Genom att registrera dig godkänner du våra",title:"Välj lösenord","username-already-exists":"Användarnamnet är redan taget",usernamePlaceholder:"Användarnamn",verifyEmailText:"Kontrollera din e-post för att verifiera ditt konto"}},e$={status:{continueButtonText:"Fortsätt",errorTitle:"Fel",pageTitle:"Status | ${clientName}",successTitle:"Klart",title:"Status"}},zO={common:KT,consent:GT,"device-flow":{"device-flow":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Ange koden som visas på din enhet","expired-code":"Koden har gått ut","invalid-code":"Koden du angav är ogiltig",pageTitle:"Enhetsaktivering | ${clientName}",title:"Aktivera din enhet"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Logga in",codeLabel:"Verifieringskod",codePlaceholder:"Ange kod",defaultDescription:"Ange verifieringskoden som skickades till din e-post",description:"Vi skickade en kod till ${email}","invalid-code":"Ogiltig kod",noCode:"Ange verifieringskoden",pageTitle:"Ange kod | ${clientName}",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Kolla din e-post",unexpectedError:"Ett oväntat fel uppstod"}},"email-verification":{"email-verification":{description:"Vi skickade ett e-postmeddelande till ${email}",pageTitle:"Verifiera e-post | ${clientName}",resendText:"Skicka koden igen",successDescription:"Din e-postadress har verifierats.",successTitle:"E-post verifierad",title:"Ange engångskod"}},invitation:WT,login:JT,"login-id":{"login-id":{alertListTitle:"Meddelanden","auth0-users-validation":"Något gick fel, försök igen senare","authentication-failure":"Vi beklagar, något gick fel vid inloggningsförsöket",buttonText:"Fortsätt","captcha-client-failure":"Vi kunde inte ladda säkerhetsutmaningen. Försök igen. (Felkod: #{errorCode})","captcha-validation-failure":"Vi beklagar, något gick fel vid validering av captcha-svaret. Försök igen.",captchaCodePlaceholder:"Ange koden som visas ovan","custom-script-error-code":"Något gick fel, försök igen senare.",description:"Logga in på ${clientName}.",editEmailText:"Redigera",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}",footerLinkText:"Registrera dig",footerText:"Har du inget konto?",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord","invalid-captcha":"Lös utmaningen för att verifiera att du inte är en robot.","invalid-code":"Ogiltig kod","invalid-connection":"Ogiltig anslutning","invalid-email-format":"Ogiltig e-postadress","invalid-email-phone":"Ange en giltig e-postadress eller telefonnummer. Telefonnummer måste innehålla landskod.","invalid-email-phone-username":"Ange en giltig e-postadress, telefonnummer eller användarnamn. Telefonnummer måste innehålla landskod.","invalid-email-username":"Ange en giltig e-postadress eller användarnamn","invalid-expired-code":"Ogiltig eller utgången användarkod","invalid-login-id":"Ogiltigt inloggnings-ID angivet","invalid-phone-username":"Ange ett giltigt telefonnummer eller användarnamn. Telefonnummer måste innehålla landskod.","invalid-recaptcha":"Markera kryssrutan för att verifiera att du inte är en robot.","invalid-username":"Användarnamn kan bara innehålla alfanumeriska tecken eller: '${characters}'. Användarnamn ska vara mellan ${min} och ${max} tecken.",invitationDescription:"Logga in för att acceptera ${inviterName}s inbjudan att gå med i ${companyName} på ${clientName}.",invitationTitle:"Du har blivit inbjuden!","ip-blocked":"Vi har upptäckt misstänkt inloggningsaktivitet och ytterligare försök kommer att blockeras. Kontakta administratören.",logoAltText:"${companyName}","no-db-connection":"Ogiltig anslutning","no-email":"Vänligen ange en e-postadress","no-email-phone":"E-postadress eller telefonnummer krävs","no-email-phone-username":"Telefonnummer, användarnamn eller e-postadress krävs","no-email-username":"E-postadress eller användarnamn krävs","no-password":"Lösenord krävs","no-phone":"Ange ett telefonnummer","no-phone-username":"Telefonnummer eller användarnamn krävs","no-username":"Användarnamn krävs",pageTitle:"Logga in | ${clientName}","password-breached":"Vi har upptäckt ett potentiellt säkerhetsproblem med detta konto. För att skydda ditt konto har vi förhindrat denna inloggning. Återställ ditt lösenord för att fortsätta.",passwordPlaceholder:"Lösenord",phoneOrEmailPlaceholder:"E-post eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, användarnamn eller e-post",phoneOrUsernamePlaceholder:"Telefonnummer eller användarnamn",phonePlaceholder:"Telefonnummer","same-user-login":"För många inloggningsförsök för denna användare. Vänta en stund och försök igen.",selectCountryCode:"Välj landskod, för närvarande inställd på ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",signupActionLinkText:"Registrera dig",signupActionText:"Har du inget konto?",termsAndConditionsTemplate:'Genom att fortsätta godkänner du våra <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Villkor</a>.',title:"Välkommen","user-blocked":"Ditt konto har blockerats efter flera misslyckade inloggningsförsök i rad.",userAccountDoesNotExist:"Användarkontot finns inte",usernameOnlyPlaceholder:"Användarnamn",usernameOrEmailPlaceholder:"Användarnamn eller e-postadress",usernamePlaceholder:"Användarnamn",usernameTooLong:"Användarnamnet får vara högst ${max} tecken",usernameTooShort:"Användarnamnet måste vara minst ${min} tecken","wrong-credentials":"Fel användarnamn eller lösenord","wrong-email-credentials":"Fel e-postadress eller lösenord","wrong-email-phone-credentials":"Fel e-postadress, telefonnummer eller lösenord. Telefonnummer måste innehålla landskod.","wrong-email-phone-username-credentials":"Fel e-postadress, telefonnummer, användarnamn eller lösenord. Telefonnummer måste innehålla landskod.","wrong-email-username-credentials":"Fel e-postadress, användarnamn eller lösenord","wrong-phone-credentials":"Fel telefonnummer eller lösenord","wrong-phone-username-credentials":"Fel telefonnummer, användarnamn eller lösenord. Telefonnummer måste innehålla landskod.","wrong-username-credentials":"Fel användarnamn eller lösenord",passkeyButtonText:"Logga in med passkey"}},"login-password":{"login-password":{buttonText:"Logga in",description:"Ange din e-postadress och ditt lösenord för att logga in.",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord","no-password":"Lösenord krävs",pageTitle:"Logga in | ${clientName}","password-breached":"Vi har upptäckt ett potentiellt säkerhetsproblem med detta konto. För att skydda ditt konto har vi förhindrat denna inloggning. Återställ ditt lösenord för att fortsätta.",passwordPlaceholder:"Lösenord",showPasswordText:"Visa lösenord",signingInAs:"Loggar in som ${email}",title:"Ange lösenord",unverifiedEmail:"Verifiera din e-postadress innan du loggar in","user-blocked":"Ditt konto har blockerats efter flera misslyckade inloggningsförsök i rad.","wrong-credentials":"Fel lösenord"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-post",authMethodEmailOrPhone:"e-post eller telefonnummer",authMethodPhone:"telefonnummer",description:"Logga in med din ${authMethod}",emailOrPhonePlaceholder:"E-postadress eller telefonnummer",emailPlaceholder:"E-postadress",invalidEmail:"Ange en giltig e-postadress",invalidIdentifier:"Ange en giltig e-postadress eller telefonnummer",invalidPhone:"Ange ett giltigt telefonnummer med landskod",noEmail:"Ange din e-postadress",noPhone:"Ange ditt telefonnummer",phonePlaceholder:"Telefonnummer",sessionExpired:"Din session har gått ut. Försök igen.",title:"Logga in med en kod",userAccountDoesNotExist:"Användarkontot finns inte"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klicka på länken i ditt e-postmeddelande för att logga in",description:"Vi skickade en länk till ${username}. Klicka på den för att logga in.",resendText:"Skicka länken igen",spamText:"Fick du inte e-postmeddelandet? Kolla din skräppost.",title:"Kolla din e-post"}},mfa:YT,"mfa-email":{"mfa-email":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Vi skickade en kod till ${email}","invalid-code":"Koden du angav är ogiltig",pageTitle:"E-postverifiering | ${clientName}",resendText:"Skicka koden igen",title:"Kolla din e-post"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Ange den 6-siffriga koden från din autentiseringsapp","invalid-code":"Koden du angav är ogiltig",pageTitle:"Ange kod | ${clientName}",title:"Ange din kod"},"mfa-totp-enrollment":{title:"Konfigurera autentiseringsapp",description:"Skanna QR-koden nedan med din autentiseringsapp och ange sedan den 6-siffriga koden för att verifiera",secretLabel:"Eller ange denna kod manuellt:",codePlaceholder:"Ange kod",continueButtonText:"Verifiera och aktivera","invalid-code":"Koden du angav är ogiltig. Försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.",pageTitle:"Konfigurera autentiseringsapp | ${clientName}",unexpectedError:"Något gick fel. Försök igen.",enrollmentComplete:"MFA-registreringen är klar. Du kan stänga denna sida."},"mfa-totp-challenge":{title:"Verifiera din identitet",description:"Ange den 6-siffriga koden från din autentiseringsapp",codePlaceholder:"Ange kod",continueButtonText:"Fortsätt","invalid-code":"Koden du angav är ogiltig","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.",unexpectedError:"Något gick fel. Försök igen.",pageTitle:"Verifiera identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Använd ditt telefonnummer för att logga in | ${clientName}",title:"Verifiera din identitet",description:"Vi skickade en kod till ${phoneNumber}",continueButtonText:"Fortsätt",changePhoneText:"Välj ett annat telefonnummer.",smsButtonText:"SMS",voiceButtonText:"Röstsamtal",chooseMessageTypeText:"Hur vill du ta emot koden?",pickAuthenticatorText:"Prova en annan metod",logoAltText:"${companyName}",codePlaceholder:"Ange kod","send-sms-failed":"Det gick inte att skicka SMS:et","send-voice-failed":"Det gick inte att ringa röstsamtalet","invalid-phone-format":"Telefonnumret kan bara innehålla siffror.","invalid-phone":"Det verkar som att ditt telefonnummer inte är giltigt. Kontrollera och försök igen.","too-many-sms":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","too-many-voice":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.","no-phone":"Ange ett telefonnummer",noCode:"Ange verifieringskoden",invalidCode:"Koden du angav är ogiltig. Försök igen.",unexpectedError:"Något gick fel. Försök igen.",resendSuccess:"Vi skickade en ny kod till din telefon",enrollmentComplete:"MFA-registreringen är klar. Du kan stänga denna sida."},"mfa-phone-enrollment":{pageTitle:"Ange ditt telefonnummer för att logga in med en telefonkod | ${clientName}",title:"Säkra ditt konto",description:"Ange din landskod och telefonnummer som vi kan skicka en 6-siffrig kod till:",continueButtonText:"Fortsätt",smsButtonText:"SMS",voiceButtonText:"Röstsamtal",chooseMessageTypeText:"Hur vill du ta emot koden?",pickAuthenticatorText:"Prova en annan metod",placeholder:"Ange ditt telefonnummer",logoAltText:"${companyName}",selectCountryCode:"Välj landskod, för närvarande inställd på ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Det gick inte att skicka SMS:et","send-voice-failed":"Det gick inte att ringa röstsamtalet","sms-authenticator-error":"Vi kunde inte skicka SMS:et. Försök igen senare.","invalid-phone-format":"Telefonnumret kan bara innehålla siffror.","invalid-phone":"Det verkar som att ditt telefonnummer inte är giltigt. Kontrollera och försök igen.","too-many-sms":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","too-many-voice":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.","no-phone":"Ange ett telefonnummer","phone-is-too-short":"Telefonnumret är för kort","phone-is-too-long":"Telefonnumret är för långt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Välj verifieringsmetod | ${clientName}",title:"Välj din verifieringsmetod",description:"Välj hur du vill verifiera din identitet",authenticatorAppLabel:"Autentiseringsapp",authenticatorAppDescription:"Använd din autentiseringsapp för att få en verifieringskod",smsLabel:"Sms",smsDescription:"Få en verifieringskod skickad till din telefon",passkeyLabel:"Lösenordsnyckel",passkeyDescription:"Använd din enhets biometri eller säkerhetsnyckel"}},"mfa-push":{"mfa-push":{description:"Vi skickade en notis till din enhet",pageTitle:"Push-notis | ${clientName}",resendText:"Skicka notisen igen",title:"Godkänn förfrågan",useCodeText:"Ange kod manuellt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsätt",codePlaceholder:"Återställningskod",description:"Ange en av dina återställningskoder","invalid-code":"Återställningskoden du angav är ogiltig",pageTitle:"Återställningskod | ${clientName}",title:"Ange återställningskod"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring mig",codePlaceholder:"Ange kod",description:"Vi ringer ${phoneNumber} med din kod","invalid-code":"Koden du angav är ogiltig",pageTitle:"Röstsamtal | ${clientName}",title:"Ta emot ett telefonsamtal"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Försök igen",description:"Sätt in din säkerhetsnyckel och följ instruktionerna",pageTitle:"Säkerhetsnyckel | ${clientName}",title:"Använd din säkerhetsnyckel"}},passkeys:QT,organizations:ZT,"reset-password":{"reset-password":{backToLoginText:"Gå tillbaka",buttonText:"Skicka",codeExpired:"Din kod för lösenordsåterställning har gått ut. Begär en ny.",confirmPasswordLabel:"Bekräfta lösenord",confirmPasswordPlaceholder:"Bekräfta lösenord",description:"Klicka på knappen nedan så skickar vi instruktioner om hur du återställer ditt lösenord.",emailPlaceholder:"E-postadress",failed:"Lösenordsåterställningen misslyckades. Försök igen.","invalid-email-format":"Ogiltig e-postadress","no-email":"Vänligen ange en e-postadress",pageTitle:"Återställ lösenord | ${clientName}",passwordLabel:"Nytt lösenord",passwordPlaceholder:"Nytt lösenord",passwordTooWeak:"Lösenordet är för svagt",passwordsDidntMatch:"Lösenorden matchar inte",successDescription:"Vi har skickat en länk för lösenordsåterställning till din e-postadress.",successTitle:"Vi har skickat ett e-postmeddelande med instruktioner om hur du återställer ditt lösenord till den e-postadress du angav.",title:"Har du glömt lösenordet?","user-not-found":"Användaren hittades inte"},"reset-password-code":{backToLoginText:"Tillbaka till inloggning",buttonText:"Återställ lösenord",codeLabel:"Återställningskod",codePlaceholder:"Ange 6-siffrig kod",confirmPasswordLabel:"Bekräfta lösenord",confirmPasswordPlaceholder:"Bekräfta lösenord",defaultDescription:"Ange koden som skickades till din e-post och välj ett nytt lösenord",description:"Vi skickade en kod till ${email}",failed:"Lösenordsåterställningen misslyckades. Försök igen.",invalidCode:"Koden du angav är ogiltig eller har gått ut",noCode:"Vänligen ange återställningskoden",pageTitle:"Ange återställningskod | ${clientName}",passwordLabel:"Nytt lösenord",passwordPlaceholder:"Nytt lösenord",passwordTooWeak:"Lösenordet är för svagt",passwordsDidntMatch:"Lösenorden matchar inte",resendFailed:"Kunde inte skicka koden igen. Försök igen.",resendSuccess:"En ny kod har skickats till din e-post",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Ange återställningskod"}},signup:XT,"signup-id":{"signup-id":{buttonText:"Fortsätt",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.","email-already-exists":"E-postadressen är redan upptagen",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}","invalid-email-format":"Ogiltig e-postadress",loginActionLinkText:"Logga in",loginActionText:"Har du redan ett konto?","no-email":"Vänligen ange en e-postadress",pageTitle:"Registrera dig | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Välj lösenord",usernamePlaceholder:"Användarnamn"}},"signup-password":{"signup-password":{buttonText:"Fortsätt",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.",hidePasswordText:"Dölj lösenord","no-password":"Lösenord krävs",pageTitle:"Registrera dig | ${clientName}","password-policy-not-met":"Lösenordet uppfyller inte kraven","password-too-weak":"Lösenordet är för svagt",passwordPlaceholder:"Lösenord",showPasswordText:"Visa lösenord",title:"Välj lösenord"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Fortsätt",codeLabel:"Verifieringskod",codePlaceholder:"Ange kod",defaultDescription:"Ange verifieringskoden som skickades till din telefon",description:"Vi skickade en kod till ${username}","invalid-code":"Ogiltig kod",noCode:"Ange verifieringskoden",pageTitle:"Ange kod | ${clientName}",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Kolla din telefon",unexpectedError:"Ett oväntat fel uppstod"}},status:e$},PO=Object.freeze(Object.defineProperty({__proto__:null,common:KT,consent:GT,default:zO,invitation:WT,login:JT,mfa:YT,organizations:ZT,passkeys:QT,signup:XT,status:e$},Symbol.toStringTag,{value:"Module"})),t$=["cs","da","en","fi","it","nb","pl","sv"],jp="en",NO={cs:"Čeština",da:"Dansk",en:"English",fi:"Suomi",it:"Italiano",nb:"Norsk",pl:"Polski",sv:"Svenska"},FO=NO;function OO(e){return FO[e]??e}const jO=Object.assign({"../../locales/cs.json":_O,"../../locales/da.json":bO,"../../locales/en.json":AO,"../../locales/fi.json":SO,"../../locales/it.json":xO,"../../locales/nb.json":TO,"../../locales/pl.json":IO,"../../locales/sv.json":PO}),Kl={};for(const[e,t]of Object.entries(jO)){const n=e.match(/\/(\w+)\.json$/)?.[1];n&&(Kl[n]=t.default||t)}const n$={},Z1=Kl[jp];if(Z1)for(const[e,t]of Object.entries(Z1))for(const[n,i]of Object.entries(t)){const r={};for(const o of Object.keys(i))r[o]=s.z.string();n$[`${e}.${n}`]=s.z.object(r)}function RO(e,t){if(!t)return e;let n=e;for(const[i,r]of Object.entries(t))if(r!==void 0){const o=i.replace(/[.*+?^${}()|[\]\\]/g,"\\$&");n=n.replace(new RegExp(`\\$\\{${o}\\}`,"g"),String(r)).replace(new RegExp(`#\\{${o}\\}`,"g"),String(r)).replace(new RegExp(`\\{${o}\\}`,"g"),String(r))}return n}function DO(e){const t=e.split("-")[0]?.toLowerCase()||jp;return t$.includes(t)?t:jp}function Se(e,t,n,i){const r=DO(n),o=Kl[jp]?.[e]?.[t]??{},a=Kl[r]?.[e]?.[t]??{},c={...o,...a},l=i?.[t]??{},d={...c,...l},u=n$[`${e}.${t}`];if(u){const h=u.safeParse(d);h.success||console.warn(`[i18n] Missing translations for ${e}.${t} (${r}):`,h.error.issues.map(g=>g.path.join(".")).join(", "))}const p={};for(const[h,g]of Object.entries(d))p[h]=m=>RO(g,m);return{m:new Proxy(p,{get:(h,g)=>h[g]??(()=>g)}),locale:r}}function BO(e){const t=e?.language?.split("-")[0]?.toLowerCase(),n=[];for(const[i,r]of Object.entries(Kl))if(!(t&&i!==t))for(const[o,a]of Object.entries(r))e?.prompt&&o!==e.prompt||n.push({prompt:o,language:i,custom_text:a});return n}function cc(e,t){const n=gO(e,"ah-dark-mode");if(n==="dark"||n==="light"||n==="auto")return n;const i=t?.dark_mode;return i==="dark"||i==="light"||i==="auto"?i:"auto"}const Rp={"--ah-color-text":"#f9fafb","--ah-color-text-muted":"#9ca3af","--ah-color-text-label":"#d1d5db","--ah-color-header":"#f9fafb","--ah-color-bg":"#1f2937","--ah-color-bg-hover":"#374151","--ah-color-bg-muted":"#374151","--ah-color-bg-disabled":"#4b5563","--ah-color-input-bg":"#374151","--ah-color-border":"#4b5563","--ah-color-border-hover":"#6b7280","--ah-color-border-muted":"#374151","--ah-color-error-bg":"rgba(220,38,38,0.2)","--ah-color-success-bg":"rgba(22,163,74,0.2)","--ah-color-link":"#60a5fa"};function i$(e){const t=e.replace("#",""),n=parseInt(t,16);return[n>>16&255,n>>8&255,n&255]}function X1(e){const[t,n,i]=i$(e).map(r=>{const o=r/255;return o<=.04045?o/12.92:Math.pow((o+.055)/1.055,2.4)});return .2126*t+.7152*n+.0722*i}function zi(e,t){const n=X1(e),i=X1(t);return(Math.max(n,i)+.05)/(Math.min(n,i)+.05)}function r$(e,t){const[n,i,r]=i$(e),o=a=>Math.min(255,Math.round(a+(255-a)*t)).toString(16).padStart(2,"0");return`#${o(n)}${o(i)}${o(r)}`}function e2(e,t){const n={...Rp};if(t){const r=Rp["--ah-color-bg"];if(zi(t,r)<3){let d=t;for(let u=1;u<=10&&(d=r$(t,u*.1),!(zi(d,r)>=3));u++);n["--ah-color-primary"]=d,n["--ah-color-primary-hover"]=d}const o=1.35,a=n["--ah-color-primary"]||t,c=zi(a,"#ffffff"),l=zi(a,"#000000");n["--ah-color-text-on-primary"]=l>c*o?"#000000":"#ffffff"}const i=Object.entries(n).map(([r,o])=>`${r}: ${o} !important`).join("; ");return`${e} { ${i}; }`}const LO="(function(btn){var h=document.documentElement;var cur=h.classList.contains('ah-dark-mode')?'dark':h.classList.contains('ah-light-mode')?'light':'auto';var next=cur==='auto'?'dark':cur==='dark'?'light':'auto';h.classList.remove('ah-dark-mode','ah-light-mode');if(next==='dark'){h.classList.add('ah-dark-mode');h.setAttribute('data-mode','dark')}else if(next==='light'){h.classList.add('ah-light-mode');h.setAttribute('data-mode','light')}else{h.removeAttribute('data-mode')}btn.querySelector('.icon-sun').style.display=next==='light'?'block':'none';btn.querySelector('.icon-moon').style.display=next==='dark'?'block':'none';btn.querySelector('.icon-auto').style.display=next==='auto'?'block':'none';document.cookie='ah-dark-mode='+next+';path=/;max-age=31536000;SameSite=Lax';if(window.__ahDarkMode){window.__ahDarkMode(next)}})(this)",MO="var p=new URLSearchParams(window.location.search);p.set('ui_locales',this.value);window.location.search=p.toString()";function o$({logoUrl:e,clientName:t}){const n=e?fn(e):null;return S("div",{class:"ah-chip ah-chip-logo","data-ah-slot":"top-left",children:n?S("img",{src:n,alt:t}):S("span",{class:"ah-logo-text",children:t})})}function s$({darkMode:e}){return S("button",{type:"button","aria-label":"Toggle dark mode",onclick:LO,children:[S("svg",{class:"icon-auto",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="auto"?void 0:"display:none",children:[S("circle",{cx:"12",cy:"12",r:"9"}),S("path",{d:"M12 3a9 9 0 0 1 0 18",fill:"currentColor"})]}),S("svg",{class:"icon-sun",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="light"?void 0:"display:none",children:[S("circle",{cx:"12",cy:"12",r:"5"}),S("line",{x1:"12",y1:"1",x2:"12",y2:"3"}),S("line",{x1:"12",y1:"21",x2:"12",y2:"23"}),S("line",{x1:"4.22",y1:"4.22",x2:"5.64",y2:"5.64"}),S("line",{x1:"18.36",y1:"18.36",x2:"19.78",y2:"19.78"}),S("line",{x1:"1",y1:"12",x2:"3",y2:"12"}),S("line",{x1:"21",y1:"12",x2:"23",y2:"12"})]}),S("svg",{class:"icon-moon",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="dark"?void 0:"display:none",children:S("path",{d:"M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"})})]})}function a$({language:e,availableLanguages:t}){return!t||t.length<2?null:S("div",{class:"ah-lang",children:[S("svg",{width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",children:[S("circle",{cx:"12",cy:"12",r:"10"}),S("path",{d:"M2 12h20"}),S("path",{d:"M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"})]}),S("select",{"aria-label":"Language",onchange:MO,children:t.map(n=>S("option",{value:n,selected:n===e,children:OO(n)}))})]})}function c$({darkMode:e,language:t,availableLanguages:n}){return S("div",{class:"ah-chip ah-chip-settings","data-ah-slot":"top-right",children:[S(s$,{darkMode:e}),n&&S(a$,{language:t,availableLanguages:n})]})}function l$({url:e,href:t,alt:n,height:i}){const r=fn(e),o=t?fn(t):null;if(!r)return null;const a=S("img",{src:r,alt:n||"",height:i||18});return S("div",{class:"ah-chip ah-chip-trust","data-ah-slot":"bottom-left",children:o?S("a",{href:o,target:"_blank",rel:"noopener noreferrer",children:a}):a})}function d$({termsAndConditionsUrl:e,language:t}){if(!e)return null;const{m:n}=Se("common","common",t||"en");return S("div",{class:"ah-chip-legal","data-ah-slot":"bottom-right",children:S("a",{href:e,target:"_blank",rel:"noopener noreferrer",children:n.termsShortText()})})}function u$(e,t){const n=[],i=pn(e?.colors?.primary);i&&n.push(`--ah-color-primary: ${i}`);const r=pn(t?.colors?.primary_button)||i;if(r){const a=zi(r,"#ffffff"),l=zi(r,"#000000")>a*1.35?"#000000":"#ffffff";n.push(`--ah-color-text-on-primary: ${l}`)}return n.length>0?n.join("; ")+"; width: clamp(320px, 100%, 400px);":"width: clamp(320px, 100%, 400px);"}function UO(e){const{primaryColor:t,themePrimary:n,widgetBackground:i}=e;return`
1
+ "use strict";var dN=Object.create;var E1=Object.defineProperty;var uN=Object.getOwnPropertyDescriptor;var pN=Object.getOwnPropertyNames;var fN=Object.getPrototypeOf,hN=Object.prototype.hasOwnProperty;var gN=(e,t,n,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of pN(t))!hN.call(e,r)&&r!==n&&E1(e,r,{get:()=>t[r],enumerable:!(i=uN(t,r))||i.enumerable});return e};var mN=(e,t,n)=>(n=e!=null?dN(fN(e)):{},gN(t||!e||!e.__esModule?E1(n,"default",{value:e,enumerable:!0}):n,e));Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const s=require("@hono/zod-openapi");var z=class extends Error{res;status;constructor(e=500,t){super(t?.message,{cause:t?.cause}),this.res=t?.res,this.status=e}getResponse(){return this.res?new Response(this.res.body,{status:this.status,headers:this.res.headers}):new Response(this.message,{status:this.status})}};const Ee=e=>typeof e=="string",Nc=()=>{let e,t;const n=new Promise((i,r)=>{e=i,t=r});return n.resolve=e,n.reject=t,n},x1=e=>e==null?"":""+e,yN=(e,t,n)=>{e.forEach(i=>{t[i]&&(n[i]=t[i])})},_N=/###/g,C1=e=>e&&e.indexOf("###")>-1?e.replace(_N,"."):e,T1=e=>!e||Ee(e),Cl=(e,t,n)=>{const i=Ee(t)?t.split("."):t;let r=0;for(;r<i.length-1;){if(T1(e))return{};const o=C1(i[r]);!e[o]&&n&&(e[o]=new n),Object.prototype.hasOwnProperty.call(e,o)?e=e[o]:e={},++r}return T1(e)?{}:{obj:e,k:C1(i[r])}},$1=(e,t,n)=>{const{obj:i,k:r}=Cl(e,t,Object);if(i!==void 0||t.length===1){i[r]=n;return}let o=t[t.length-1],a=t.slice(0,t.length-1),c=Cl(e,a,Object);for(;c.obj===void 0&&a.length;)o=`${a[a.length-1]}.${o}`,a=a.slice(0,a.length-1),c=Cl(e,a,Object),c?.obj&&typeof c.obj[`${c.k}.${o}`]<"u"&&(c.obj=void 0);c.obj[`${c.k}.${o}`]=n},wN=(e,t,n,i)=>{const{obj:r,k:o}=Cl(e,t,Object);r[o]=r[o]||[],r[o].push(n)},hp=(e,t)=>{const{obj:n,k:i}=Cl(e,t);if(n&&Object.prototype.hasOwnProperty.call(n,i))return n[i]},bN=(e,t,n)=>{const i=hp(e,n);return i!==void 0?i:hp(t,n)},j4=(e,t,n)=>{for(const i in t)i!=="__proto__"&&i!=="constructor"&&(i in e?Ee(e[i])||e[i]instanceof String||Ee(t[i])||t[i]instanceof String?n&&(e[i]=t[i]):j4(e[i],t[i],n):e[i]=t[i]);return e},yo=e=>e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&");var vN={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;"};const AN=e=>Ee(e)?e.replace(/[&<>"'\/]/g,t=>vN[t]):e;class kN{constructor(t){this.capacity=t,this.regExpMap=new Map,this.regExpQueue=[]}getRegExp(t){const n=this.regExpMap.get(t);if(n!==void 0)return n;const i=new RegExp(t);return this.regExpQueue.length===this.capacity&&this.regExpMap.delete(this.regExpQueue.shift()),this.regExpMap.set(t,i),this.regExpQueue.push(t),i}}const SN=[" ",",","?","!",";"],EN=new kN(20),xN=(e,t,n)=>{t=t||"",n=n||"";const i=SN.filter(a=>t.indexOf(a)<0&&n.indexOf(a)<0);if(i.length===0)return!0;const r=EN.getRegExp(`(${i.map(a=>a==="?"?"\\?":a).join("|")})`);let o=!r.test(e);if(!o){const a=e.indexOf(n);a>0&&!r.test(e.substring(0,a))&&(o=!0)}return o},oy=(e,t,n=".")=>{if(!e)return;if(e[t])return Object.prototype.hasOwnProperty.call(e,t)?e[t]:void 0;const i=t.split(n);let r=e;for(let o=0;o<i.length;){if(!r||typeof r!="object")return;let a,c="";for(let l=o;l<i.length;++l)if(l!==o&&(c+=n),c+=i[l],a=r[c],a!==void 0){if(["string","number","boolean"].indexOf(typeof a)>-1&&l<i.length-1)continue;o+=l-o+1;break}r=a}return r},Dl=e=>e?.replace(/_/g,"-"),CN={type:"logger",log(e){this.output("log",e)},warn(e){this.output("warn",e)},error(e){this.output("error",e)},output(e,t){console?.[e]?.apply?.(console,t)}};class gp{constructor(t,n={}){this.init(t,n)}init(t,n={}){this.prefix=n.prefix||"i18next:",this.logger=t||CN,this.options=n,this.debug=n.debug}log(...t){return this.forward(t,"log","",!0)}warn(...t){return this.forward(t,"warn","",!0)}error(...t){return this.forward(t,"error","")}deprecate(...t){return this.forward(t,"warn","WARNING DEPRECATED: ",!0)}forward(t,n,i,r){return r&&!this.debug?null:(Ee(t[0])&&(t[0]=`${i}${this.prefix} ${t[0]}`),this.logger[n](t))}create(t){return new gp(this.logger,{prefix:`${this.prefix}:${t}:`,...this.options})}clone(t){return t=t||this.options,t.prefix=t.prefix||this.prefix,new gp(this.logger,t)}}var Ii=new gp;class oh{constructor(){this.observers={}}on(t,n){return t.split(" ").forEach(i=>{this.observers[i]||(this.observers[i]=new Map);const r=this.observers[i].get(n)||0;this.observers[i].set(n,r+1)}),this}off(t,n){if(this.observers[t]){if(!n){delete this.observers[t];return}this.observers[t].delete(n)}}emit(t,...n){this.observers[t]&&Array.from(this.observers[t].entries()).forEach(([r,o])=>{for(let a=0;a<o;a++)r(...n)}),this.observers["*"]&&Array.from(this.observers["*"].entries()).forEach(([r,o])=>{for(let a=0;a<o;a++)r.apply(r,[t,...n])})}}class I1 extends oh{constructor(t,n={ns:["translation"],defaultNS:"translation"}){super(),this.data=t||{},this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.options.ignoreJSONStructure===void 0&&(this.options.ignoreJSONStructure=!0)}addNamespaces(t){this.options.ns.indexOf(t)<0&&this.options.ns.push(t)}removeNamespaces(t){const n=this.options.ns.indexOf(t);n>-1&&this.options.ns.splice(n,1)}getResource(t,n,i,r={}){const o=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,a=r.ignoreJSONStructure!==void 0?r.ignoreJSONStructure:this.options.ignoreJSONStructure;let c;t.indexOf(".")>-1?c=t.split("."):(c=[t,n],i&&(Array.isArray(i)?c.push(...i):Ee(i)&&o?c.push(...i.split(o)):c.push(i)));const l=hp(this.data,c);return!l&&!n&&!i&&t.indexOf(".")>-1&&(t=c[0],n=c[1],i=c.slice(2).join(".")),l||!a||!Ee(i)?l:oy(this.data?.[t]?.[n],i,o)}addResource(t,n,i,r,o={silent:!1}){const a=o.keySeparator!==void 0?o.keySeparator:this.options.keySeparator;let c=[t,n];i&&(c=c.concat(a?i.split(a):i)),t.indexOf(".")>-1&&(c=t.split("."),r=n,n=c[1]),this.addNamespaces(n),$1(this.data,c,r),o.silent||this.emit("added",t,n,i,r)}addResources(t,n,i,r={silent:!1}){for(const o in i)(Ee(i[o])||Array.isArray(i[o]))&&this.addResource(t,n,o,i[o],{silent:!0});r.silent||this.emit("added",t,n,i)}addResourceBundle(t,n,i,r,o,a={silent:!1,skipCopy:!1}){let c=[t,n];t.indexOf(".")>-1&&(c=t.split("."),r=i,i=n,n=c[1]),this.addNamespaces(n);let l=hp(this.data,c)||{};a.skipCopy||(i=JSON.parse(JSON.stringify(i))),r?j4(l,i,o):l={...l,...i},$1(this.data,c,l),a.silent||this.emit("added",t,n,i)}removeResourceBundle(t,n){this.hasResourceBundle(t,n)&&delete this.data[t][n],this.removeNamespaces(n),this.emit("removed",t,n)}hasResourceBundle(t,n){return this.getResource(t,n)!==void 0}getResourceBundle(t,n){return n||(n=this.options.defaultNS),this.getResource(t,n)}getDataByLanguage(t){return this.data[t]}hasLanguageSomeTranslations(t){const n=this.getDataByLanguage(t);return!!(n&&Object.keys(n)||[]).find(r=>n[r]&&Object.keys(n[r]).length>0)}toJSON(){return this.data}}var R4={processors:{},addPostProcessor(e){this.processors[e.name]=e},handle(e,t,n,i,r){return e.forEach(o=>{t=this.processors[o]?.process(t,n,i,r)??t}),t}};const D4=Symbol("i18next/PATH_KEY");function TN(){const e=[],t=Object.create(null);let n;return t.get=(i,r)=>(n?.revoke?.(),r===D4?e:(e.push(r),n=Proxy.revocable(i,t),n.proxy)),Proxy.revocable(Object.create(null),t).proxy}function _a(e,t){const{[D4]:n}=e(TN()),i=t?.keySeparator??".",r=t?.nsSeparator??":";if(n.length>1&&r){const o=t?.ns,a=Array.isArray(o)?o:null;if(a&&a.length>1&&a.slice(1).includes(n[0]))return`${n[0]}${r}${n.slice(1).join(i)}`}return n.join(i)}const z1={},Hg=e=>!Ee(e)&&typeof e!="boolean"&&typeof e!="number";class mp extends oh{constructor(t,n={}){super(),yN(["resourceStore","languageUtils","pluralResolver","interpolator","backendConnector","i18nFormat","utils"],t,this),this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.logger=Ii.create("translator")}changeLanguage(t){t&&(this.language=t)}exists(t,n={interpolation:{}}){const i={...n};if(t==null)return!1;const r=this.resolve(t,i);if(r?.res===void 0)return!1;const o=Hg(r.res);return!(i.returnObjects===!1&&o)}extractFromKey(t,n){let i=n.nsSeparator!==void 0?n.nsSeparator:this.options.nsSeparator;i===void 0&&(i=":");const r=n.keySeparator!==void 0?n.keySeparator:this.options.keySeparator;let o=n.ns||this.options.defaultNS||[];const a=i&&t.indexOf(i)>-1,c=!this.options.userDefinedKeySeparator&&!n.keySeparator&&!this.options.userDefinedNsSeparator&&!n.nsSeparator&&!xN(t,i,r);if(a&&!c){const l=t.match(this.interpolator.nestingRegexp);if(l&&l.length>0)return{key:t,namespaces:Ee(o)?[o]:o};const d=t.split(i);(i!==r||i===r&&this.options.ns.indexOf(d[0])>-1)&&(o=d.shift()),t=d.join(r)}return{key:t,namespaces:Ee(o)?[o]:o}}translate(t,n,i){let r=typeof n=="object"?{...n}:n;if(typeof r!="object"&&this.options.overloadTranslationOptionHandler&&(r=this.options.overloadTranslationOptionHandler(arguments)),typeof r=="object"&&(r={...r}),r||(r={}),t==null)return"";typeof t=="function"&&(t=_a(t,{...this.options,...r})),Array.isArray(t)||(t=[String(t)]),t=t.map(N=>typeof N=="function"?_a(N,{...this.options,...r}):String(N));const o=r.returnDetails!==void 0?r.returnDetails:this.options.returnDetails,a=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,{key:c,namespaces:l}=this.extractFromKey(t[t.length-1],r),d=l[l.length-1];let u=r.nsSeparator!==void 0?r.nsSeparator:this.options.nsSeparator;u===void 0&&(u=":");const p=r.lng||this.language,f=r.appendNamespaceToCIMode||this.options.appendNamespaceToCIMode;if(p?.toLowerCase()==="cimode")return f?o?{res:`${d}${u}${c}`,usedKey:c,exactUsedKey:c,usedLng:p,usedNS:d,usedParams:this.getUsedParamsDetails(r)}:`${d}${u}${c}`:o?{res:c,usedKey:c,exactUsedKey:c,usedLng:p,usedNS:d,usedParams:this.getUsedParamsDetails(r)}:c;const h=this.resolve(t,r);let g=h?.res;const m=h?.usedKey||c,_=h?.exactUsedKey||c,y=["[object Number]","[object Function]","[object RegExp]"],w=r.joinArrays!==void 0?r.joinArrays:this.options.joinArrays,b=!this.i18nFormat||this.i18nFormat.handleAsObject,A=r.count!==void 0&&!Ee(r.count),v=mp.hasDefaultValue(r),k=A?this.pluralResolver.getSuffix(p,r.count,r):"",x=r.ordinal&&A?this.pluralResolver.getSuffix(p,r.count,{ordinal:!1}):"",T=A&&!r.ordinal&&r.count===0,I=T&&r[`defaultValue${this.options.pluralSeparator}zero`]||r[`defaultValue${k}`]||r[`defaultValue${x}`]||r.defaultValue;let F=g;b&&!g&&v&&(F=I);const $=Hg(F),P=Object.prototype.toString.apply(F);if(b&&F&&$&&y.indexOf(P)<0&&!(Ee(w)&&Array.isArray(F))){if(!r.returnObjects&&!this.options.returnObjects){this.options.returnedObjectHandler||this.logger.warn("accessing an object - but returnObjects options is not enabled!");const N=this.options.returnedObjectHandler?this.options.returnedObjectHandler(m,F,{...r,ns:l}):`key '${c} (${this.language})' returned an object instead of string.`;return o?(h.res=N,h.usedParams=this.getUsedParamsDetails(r),h):N}if(a){const N=Array.isArray(F),D=N?[]:{},B=N?_:m;for(const V in F)if(Object.prototype.hasOwnProperty.call(F,V)){const Z=`${B}${a}${V}`;v&&!g?D[V]=this.translate(Z,{...r,defaultValue:Hg(I)?I[V]:void 0,joinArrays:!1,ns:l}):D[V]=this.translate(Z,{...r,joinArrays:!1,ns:l}),D[V]===Z&&(D[V]=F[V])}g=D}}else if(b&&Ee(w)&&Array.isArray(g))g=g.join(w),g&&(g=this.extendTranslation(g,t,r,i));else{let N=!1,D=!1;!this.isValidLookup(g)&&v&&(N=!0,g=I),this.isValidLookup(g)||(D=!0,g=c);const V=(r.missingKeyNoValueFallbackToKey||this.options.missingKeyNoValueFallbackToKey)&&D?void 0:g,Z=v&&I!==g&&this.options.updateMissing;if(D||N||Z){if(this.logger.log(Z?"updateKey":"missingKey",p,d,c,Z?I:g),a){const me=this.resolve(c,{...r,keySeparator:!1});me&&me.res&&this.logger.warn("Seems the loaded translations were in flat JSON format instead of nested. Either set keySeparator: false on init or make sure your translations are published in nested format.")}let te=[];const Q=this.languageUtils.getFallbackCodes(this.options.fallbackLng,r.lng||this.language);if(this.options.saveMissingTo==="fallback"&&Q&&Q[0])for(let me=0;me<Q.length;me++)te.push(Q[me]);else this.options.saveMissingTo==="all"?te=this.languageUtils.toResolveHierarchy(r.lng||this.language):te.push(r.lng||this.language);const ie=(me,Ae,G)=>{const Ne=v&&G!==g?G:V;this.options.missingKeyHandler?this.options.missingKeyHandler(me,d,Ae,Ne,Z,r):this.backendConnector?.saveMissing&&this.backendConnector.saveMissing(me,d,Ae,Ne,Z,r),this.emit("missingKey",me,d,Ae,g)};this.options.saveMissing&&(this.options.saveMissingPlurals&&A?te.forEach(me=>{const Ae=this.pluralResolver.getSuffixes(me,r);T&&r[`defaultValue${this.options.pluralSeparator}zero`]&&Ae.indexOf(`${this.options.pluralSeparator}zero`)<0&&Ae.push(`${this.options.pluralSeparator}zero`),Ae.forEach(G=>{ie([me],c+G,r[`defaultValue${G}`]||I)})}):ie(te,c,I))}g=this.extendTranslation(g,t,r,h,i),D&&g===c&&this.options.appendNamespaceToMissingKey&&(g=`${d}${u}${c}`),(D||N)&&this.options.parseMissingKeyHandler&&(g=this.options.parseMissingKeyHandler(this.options.appendNamespaceToMissingKey?`${d}${u}${c}`:c,N?g:void 0,r))}return o?(h.res=g,h.usedParams=this.getUsedParamsDetails(r),h):g}extendTranslation(t,n,i,r,o){if(this.i18nFormat?.parse)t=this.i18nFormat.parse(t,{...this.options.interpolation.defaultVariables,...i},i.lng||this.language||r.usedLng,r.usedNS,r.usedKey,{resolved:r});else if(!i.skipInterpolation){i.interpolation&&this.interpolator.init({...i,interpolation:{...this.options.interpolation,...i.interpolation}});const l=Ee(t)&&(i?.interpolation?.skipOnVariables!==void 0?i.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables);let d;if(l){const p=t.match(this.interpolator.nestingRegexp);d=p&&p.length}let u=i.replace&&!Ee(i.replace)?i.replace:i;if(this.options.interpolation.defaultVariables&&(u={...this.options.interpolation.defaultVariables,...u}),t=this.interpolator.interpolate(t,u,i.lng||this.language||r.usedLng,i),l){const p=t.match(this.interpolator.nestingRegexp),f=p&&p.length;d<f&&(i.nest=!1)}!i.lng&&r&&r.res&&(i.lng=this.language||r.usedLng),i.nest!==!1&&(t=this.interpolator.nest(t,(...p)=>o?.[0]===p[0]&&!i.context?(this.logger.warn(`It seems you are nesting recursively key: ${p[0]} in key: ${n[0]}`),null):this.translate(...p,n),i)),i.interpolation&&this.interpolator.reset()}const a=i.postProcess||this.options.postProcess,c=Ee(a)?[a]:a;return t!=null&&c?.length&&i.applyPostProcessor!==!1&&(t=R4.handle(c,t,n,this.options&&this.options.postProcessPassResolved?{i18nResolved:{...r,usedParams:this.getUsedParamsDetails(i)},...i}:i,this)),t}resolve(t,n={}){let i,r,o,a,c;return Ee(t)&&(t=[t]),Array.isArray(t)&&(t=t.map(l=>typeof l=="function"?_a(l,{...this.options,...n}):l)),t.forEach(l=>{if(this.isValidLookup(i))return;const d=this.extractFromKey(l,n),u=d.key;r=u;let p=d.namespaces;this.options.fallbackNS&&(p=p.concat(this.options.fallbackNS));const f=n.count!==void 0&&!Ee(n.count),h=f&&!n.ordinal&&n.count===0,g=n.context!==void 0&&(Ee(n.context)||typeof n.context=="number")&&n.context!=="",m=n.lngs?n.lngs:this.languageUtils.toResolveHierarchy(n.lng||this.language,n.fallbackLng);p.forEach(_=>{this.isValidLookup(i)||(c=_,!z1[`${m[0]}-${_}`]&&this.utils?.hasLoadedNamespace&&!this.utils?.hasLoadedNamespace(c)&&(z1[`${m[0]}-${_}`]=!0,this.logger.warn(`key "${r}" for languages "${m.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")),m.forEach(y=>{if(this.isValidLookup(i))return;a=y;const w=[u];if(this.i18nFormat?.addLookupKeys)this.i18nFormat.addLookupKeys(w,u,y,_,n);else{let A;f&&(A=this.pluralResolver.getSuffix(y,n.count,n));const v=`${this.options.pluralSeparator}zero`,k=`${this.options.pluralSeparator}ordinal${this.options.pluralSeparator}`;if(f&&(n.ordinal&&A.indexOf(k)===0&&w.push(u+A.replace(k,this.options.pluralSeparator)),w.push(u+A),h&&w.push(u+v)),g){const x=`${u}${this.options.contextSeparator||"_"}${n.context}`;w.push(x),f&&(n.ordinal&&A.indexOf(k)===0&&w.push(x+A.replace(k,this.options.pluralSeparator)),w.push(x+A),h&&w.push(x+v))}}let b;for(;b=w.pop();)this.isValidLookup(i)||(o=b,i=this.getResource(y,_,b,n))}))})}),{res:i,usedKey:r,exactUsedKey:o,usedLng:a,usedNS:c}}isValidLookup(t){return t!==void 0&&!(!this.options.returnNull&&t===null)&&!(!this.options.returnEmptyString&&t==="")}getResource(t,n,i,r={}){return this.i18nFormat?.getResource?this.i18nFormat.getResource(t,n,i,r):this.resourceStore.getResource(t,n,i,r)}getUsedParamsDetails(t={}){const n=["defaultValue","ordinal","context","replace","lng","lngs","fallbackLng","ns","keySeparator","nsSeparator","returnObjects","returnDetails","joinArrays","postProcess","interpolation"],i=t.replace&&!Ee(t.replace);let r=i?t.replace:t;if(i&&typeof t.count<"u"&&(r.count=t.count),this.options.interpolation.defaultVariables&&(r={...this.options.interpolation.defaultVariables,...r}),!i){r={...r};for(const o of n)delete r[o]}return r}static hasDefaultValue(t){const n="defaultValue";for(const i in t)if(Object.prototype.hasOwnProperty.call(t,i)&&n===i.substring(0,n.length)&&t[i]!==void 0)return!0;return!1}}class P1{constructor(t){this.options=t,this.supportedLngs=this.options.supportedLngs||!1,this.logger=Ii.create("languageUtils")}getScriptPartFromCode(t){if(t=Dl(t),!t||t.indexOf("-")<0)return null;const n=t.split("-");return n.length===2||(n.pop(),n[n.length-1].toLowerCase()==="x")?null:this.formatLanguageCode(n.join("-"))}getLanguagePartFromCode(t){if(t=Dl(t),!t||t.indexOf("-")<0)return t;const n=t.split("-");return this.formatLanguageCode(n[0])}formatLanguageCode(t){if(Ee(t)&&t.indexOf("-")>-1){let n;try{n=Intl.getCanonicalLocales(t)[0]}catch{}return n&&this.options.lowerCaseLng&&(n=n.toLowerCase()),n||(this.options.lowerCaseLng?t.toLowerCase():t)}return this.options.cleanCode||this.options.lowerCaseLng?t.toLowerCase():t}isSupportedCode(t){return(this.options.load==="languageOnly"||this.options.nonExplicitSupportedLngs)&&(t=this.getLanguagePartFromCode(t)),!this.supportedLngs||!this.supportedLngs.length||this.supportedLngs.indexOf(t)>-1}getBestMatchFromCodes(t){if(!t)return null;let n;return t.forEach(i=>{if(n)return;const r=this.formatLanguageCode(i);(!this.options.supportedLngs||this.isSupportedCode(r))&&(n=r)}),!n&&this.options.supportedLngs&&t.forEach(i=>{if(n)return;const r=this.getScriptPartFromCode(i);if(this.isSupportedCode(r))return n=r;const o=this.getLanguagePartFromCode(i);if(this.isSupportedCode(o))return n=o;n=this.options.supportedLngs.find(a=>{if(a===o)return a;if(!(a.indexOf("-")<0&&o.indexOf("-")<0)&&(a.indexOf("-")>0&&o.indexOf("-")<0&&a.substring(0,a.indexOf("-"))===o||a.indexOf(o)===0&&o.length>1))return a})}),n||(n=this.getFallbackCodes(this.options.fallbackLng)[0]),n}getFallbackCodes(t,n){if(!t)return[];if(typeof t=="function"&&(t=t(n)),Ee(t)&&(t=[t]),Array.isArray(t))return t;if(!n)return t.default||[];let i=t[n];return i||(i=t[this.getScriptPartFromCode(n)]),i||(i=t[this.formatLanguageCode(n)]),i||(i=t[this.getLanguagePartFromCode(n)]),i||(i=t.default),i||[]}toResolveHierarchy(t,n){const i=this.getFallbackCodes((n===!1?[]:n)||this.options.fallbackLng||[],t),r=[],o=a=>{a&&(this.isSupportedCode(a)?r.push(a):this.logger.warn(`rejecting language code not found in supportedLngs: ${a}`))};return Ee(t)&&(t.indexOf("-")>-1||t.indexOf("_")>-1)?(this.options.load!=="languageOnly"&&o(this.formatLanguageCode(t)),this.options.load!=="languageOnly"&&this.options.load!=="currentOnly"&&o(this.getScriptPartFromCode(t)),this.options.load!=="currentOnly"&&o(this.getLanguagePartFromCode(t))):Ee(t)&&o(this.formatLanguageCode(t)),i.forEach(a=>{r.indexOf(a)<0&&o(this.formatLanguageCode(a))}),r}}const N1={zero:0,one:1,two:2,few:3,many:4,other:5},F1={select:e=>e===1?"one":"other",resolvedOptions:()=>({pluralCategories:["one","other"]})};class $N{constructor(t,n={}){this.languageUtils=t,this.options=n,this.logger=Ii.create("pluralResolver"),this.pluralRulesCache={}}clearCache(){this.pluralRulesCache={}}getRule(t,n={}){const i=Dl(t==="dev"?"en":t),r=n.ordinal?"ordinal":"cardinal",o=JSON.stringify({cleanedCode:i,type:r});if(o in this.pluralRulesCache)return this.pluralRulesCache[o];let a;try{a=new Intl.PluralRules(i,{type:r})}catch{if(typeof Intl>"u")return this.logger.error("No Intl support, please use an Intl polyfill!"),F1;if(!t.match(/-|_/))return F1;const l=this.languageUtils.getLanguagePartFromCode(t);a=this.getRule(l,n)}return this.pluralRulesCache[o]=a,a}needsPlural(t,n={}){let i=this.getRule(t,n);return i||(i=this.getRule("dev",n)),i?.resolvedOptions().pluralCategories.length>1}getPluralFormsOfKey(t,n,i={}){return this.getSuffixes(t,i).map(r=>`${n}${r}`)}getSuffixes(t,n={}){let i=this.getRule(t,n);return i||(i=this.getRule("dev",n)),i?i.resolvedOptions().pluralCategories.sort((r,o)=>N1[r]-N1[o]).map(r=>`${this.options.prepend}${n.ordinal?`ordinal${this.options.prepend}`:""}${r}`):[]}getSuffix(t,n,i={}){const r=this.getRule(t,i);return r?`${this.options.prepend}${i.ordinal?`ordinal${this.options.prepend}`:""}${r.select(n)}`:(this.logger.warn(`no plural rule found for: ${t}`),this.getSuffix("dev",n,i))}}const O1=(e,t,n,i=".",r=!0)=>{let o=bN(e,t,n);return!o&&r&&Ee(n)&&(o=oy(e,n,i),o===void 0&&(o=oy(t,n,i))),o},Vg=e=>e.replace(/\$/g,"$$$$");class j1{constructor(t={}){this.logger=Ii.create("interpolator"),this.options=t,this.format=t?.interpolation?.format||(n=>n),this.init(t)}init(t={}){t.interpolation||(t.interpolation={escapeValue:!0});const{escape:n,escapeValue:i,useRawValueToEscape:r,prefix:o,prefixEscaped:a,suffix:c,suffixEscaped:l,formatSeparator:d,unescapeSuffix:u,unescapePrefix:p,nestingPrefix:f,nestingPrefixEscaped:h,nestingSuffix:g,nestingSuffixEscaped:m,nestingOptionsSeparator:_,maxReplaces:y,alwaysFormat:w}=t.interpolation;this.escape=n!==void 0?n:AN,this.escapeValue=i!==void 0?i:!0,this.useRawValueToEscape=r!==void 0?r:!1,this.prefix=o?yo(o):a||"{{",this.suffix=c?yo(c):l||"}}",this.formatSeparator=d||",",this.unescapePrefix=u?"":p||"-",this.unescapeSuffix=this.unescapePrefix?"":u||"",this.nestingPrefix=f?yo(f):h||yo("$t("),this.nestingSuffix=g?yo(g):m||yo(")"),this.nestingOptionsSeparator=_||",",this.maxReplaces=y||1e3,this.alwaysFormat=w!==void 0?w:!1,this.resetRegExp()}reset(){this.options&&this.init(this.options)}resetRegExp(){const t=(n,i)=>n?.source===i?(n.lastIndex=0,n):new RegExp(i,"g");this.regexp=t(this.regexp,`${this.prefix}(.+?)${this.suffix}`),this.regexpUnescape=t(this.regexpUnescape,`${this.prefix}${this.unescapePrefix}(.+?)${this.unescapeSuffix}${this.suffix}`),this.nestingRegexp=t(this.nestingRegexp,`${this.nestingPrefix}((?:[^()"']+|"[^"]*"|'[^']*'|\\((?:[^()]|"[^"]*"|'[^']*')*\\))*?)${this.nestingSuffix}`)}interpolate(t,n,i,r){let o,a,c;const l=this.options&&this.options.interpolation&&this.options.interpolation.defaultVariables||{},d=h=>{if(h.indexOf(this.formatSeparator)<0){const y=O1(n,l,h,this.options.keySeparator,this.options.ignoreJSONStructure);return this.alwaysFormat?this.format(y,void 0,i,{...r,...n,interpolationkey:h}):y}const g=h.split(this.formatSeparator),m=g.shift().trim(),_=g.join(this.formatSeparator).trim();return this.format(O1(n,l,m,this.options.keySeparator,this.options.ignoreJSONStructure),_,i,{...r,...n,interpolationkey:m})};this.resetRegExp();const u=r?.missingInterpolationHandler||this.options.missingInterpolationHandler,p=r?.interpolation?.skipOnVariables!==void 0?r.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables;return[{regex:this.regexpUnescape,safeValue:h=>Vg(h)},{regex:this.regexp,safeValue:h=>this.escapeValue?Vg(this.escape(h)):Vg(h)}].forEach(h=>{for(c=0;o=h.regex.exec(t);){const g=o[1].trim();if(a=d(g),a===void 0)if(typeof u=="function"){const _=u(t,o,r);a=Ee(_)?_:""}else if(r&&Object.prototype.hasOwnProperty.call(r,g))a="";else if(p){a=o[0];continue}else this.logger.warn(`missed to pass in variable ${g} for interpolating ${t}`),a="";else!Ee(a)&&!this.useRawValueToEscape&&(a=x1(a));const m=h.safeValue(a);if(t=t.replace(o[0],m),p?(h.regex.lastIndex+=a.length,h.regex.lastIndex-=o[0].length):h.regex.lastIndex=0,c++,c>=this.maxReplaces)break}}),t}nest(t,n,i={}){let r,o,a;const c=(l,d)=>{const u=this.nestingOptionsSeparator;if(l.indexOf(u)<0)return l;const p=l.split(new RegExp(`${yo(u)}[ ]*{`));let f=`{${p[1]}`;l=p[0],f=this.interpolate(f,a);const h=f.match(/'/g),g=f.match(/"/g);((h?.length??0)%2===0&&!g||(g?.length??0)%2!==0)&&(f=f.replace(/'/g,'"'));try{a=JSON.parse(f),d&&(a={...d,...a})}catch(m){return this.logger.warn(`failed parsing options string in nesting for key ${l}`,m),`${l}${u}${f}`}return a.defaultValue&&a.defaultValue.indexOf(this.prefix)>-1&&delete a.defaultValue,l};for(;r=this.nestingRegexp.exec(t);){let l=[];a={...i},a=a.replace&&!Ee(a.replace)?a.replace:a,a.applyPostProcessor=!1,delete a.defaultValue;const d=/{.*}/.test(r[1])?r[1].lastIndexOf("}")+1:r[1].indexOf(this.formatSeparator);if(d!==-1&&(l=r[1].slice(d).split(this.formatSeparator).map(u=>u.trim()).filter(Boolean),r[1]=r[1].slice(0,d)),o=n(c.call(this,r[1].trim(),a),a),o&&r[0]===t&&!Ee(o))return o;Ee(o)||(o=x1(o)),o||(this.logger.warn(`missed to resolve ${r[1]} for nesting ${t}`),o=""),l.length&&(o=l.reduce((u,p)=>this.format(u,p,i.lng,{...i,interpolationkey:r[1].trim()}),o.trim())),t=t.replace(r[0],o),this.regexp.lastIndex=0}return t}}const IN=e=>{let t=e.toLowerCase().trim();const n={};if(e.indexOf("(")>-1){const i=e.split("(");t=i[0].toLowerCase().trim();const r=i[1].substring(0,i[1].length-1);t==="currency"&&r.indexOf(":")<0?n.currency||(n.currency=r.trim()):t==="relativetime"&&r.indexOf(":")<0?n.range||(n.range=r.trim()):r.split(";").forEach(a=>{if(a){const[c,...l]=a.split(":"),d=l.join(":").trim().replace(/^'+|'+$/g,""),u=c.trim();n[u]||(n[u]=d),d==="false"&&(n[u]=!1),d==="true"&&(n[u]=!0),isNaN(d)||(n[u]=parseInt(d,10))}})}return{formatName:t,formatOptions:n}},R1=e=>{const t={};return(n,i,r)=>{let o=r;r&&r.interpolationkey&&r.formatParams&&r.formatParams[r.interpolationkey]&&r[r.interpolationkey]&&(o={...o,[r.interpolationkey]:void 0});const a=i+JSON.stringify(o);let c=t[a];return c||(c=e(Dl(i),r),t[a]=c),c(n)}},zN=e=>(t,n,i)=>e(Dl(n),i)(t);class PN{constructor(t={}){this.logger=Ii.create("formatter"),this.options=t,this.init(t)}init(t,n={interpolation:{}}){this.formatSeparator=n.interpolation.formatSeparator||",";const i=n.cacheInBuiltFormats?R1:zN;this.formats={number:i((r,o)=>{const a=new Intl.NumberFormat(r,{...o});return c=>a.format(c)}),currency:i((r,o)=>{const a=new Intl.NumberFormat(r,{...o,style:"currency"});return c=>a.format(c)}),datetime:i((r,o)=>{const a=new Intl.DateTimeFormat(r,{...o});return c=>a.format(c)}),relativetime:i((r,o)=>{const a=new Intl.RelativeTimeFormat(r,{...o});return c=>a.format(c,o.range||"day")}),list:i((r,o)=>{const a=new Intl.ListFormat(r,{...o});return c=>a.format(c)})}}add(t,n){this.formats[t.toLowerCase().trim()]=n}addCached(t,n){this.formats[t.toLowerCase().trim()]=R1(n)}format(t,n,i,r={}){const o=n.split(this.formatSeparator);if(o.length>1&&o[0].indexOf("(")>1&&o[0].indexOf(")")<0&&o.find(c=>c.indexOf(")")>-1)){const c=o.findIndex(l=>l.indexOf(")")>-1);o[0]=[o[0],...o.splice(1,c)].join(this.formatSeparator)}return o.reduce((c,l)=>{const{formatName:d,formatOptions:u}=IN(l);if(this.formats[d]){let p=c;try{const f=r?.formatParams?.[r.interpolationkey]||{},h=f.locale||f.lng||r.locale||r.lng||i;p=this.formats[d](c,h,{...u,...r,...f})}catch(f){this.logger.warn(f)}return p}else this.logger.warn(`there was no format function for ${d}`);return c},t)}}const NN=(e,t)=>{e.pending[t]!==void 0&&(delete e.pending[t],e.pendingCount--)};class FN extends oh{constructor(t,n,i,r={}){super(),this.backend=t,this.store=n,this.services=i,this.languageUtils=i.languageUtils,this.options=r,this.logger=Ii.create("backendConnector"),this.waitingReads=[],this.maxParallelReads=r.maxParallelReads||10,this.readingCalls=0,this.maxRetries=r.maxRetries>=0?r.maxRetries:5,this.retryTimeout=r.retryTimeout>=1?r.retryTimeout:350,this.state={},this.queue=[],this.backend?.init?.(i,r.backend,r)}queueLoad(t,n,i,r){const o={},a={},c={},l={};return t.forEach(d=>{let u=!0;n.forEach(p=>{const f=`${d}|${p}`;!i.reload&&this.store.hasResourceBundle(d,p)?this.state[f]=2:this.state[f]<0||(this.state[f]===1?a[f]===void 0&&(a[f]=!0):(this.state[f]=1,u=!1,a[f]===void 0&&(a[f]=!0),o[f]===void 0&&(o[f]=!0),l[p]===void 0&&(l[p]=!0)))}),u||(c[d]=!0)}),(Object.keys(o).length||Object.keys(a).length)&&this.queue.push({pending:a,pendingCount:Object.keys(a).length,loaded:{},errors:[],callback:r}),{toLoad:Object.keys(o),pending:Object.keys(a),toLoadLanguages:Object.keys(c),toLoadNamespaces:Object.keys(l)}}loaded(t,n,i){const r=t.split("|"),o=r[0],a=r[1];n&&this.emit("failedLoading",o,a,n),!n&&i&&this.store.addResourceBundle(o,a,i,void 0,void 0,{skipCopy:!0}),this.state[t]=n?-1:2,n&&i&&(this.state[t]=0);const c={};this.queue.forEach(l=>{wN(l.loaded,[o],a),NN(l,t),n&&l.errors.push(n),l.pendingCount===0&&!l.done&&(Object.keys(l.loaded).forEach(d=>{c[d]||(c[d]={});const u=l.loaded[d];u.length&&u.forEach(p=>{c[d][p]===void 0&&(c[d][p]=!0)})}),l.done=!0,l.errors.length?l.callback(l.errors):l.callback())}),this.emit("loaded",c),this.queue=this.queue.filter(l=>!l.done)}read(t,n,i,r=0,o=this.retryTimeout,a){if(!t.length)return a(null,{});if(this.readingCalls>=this.maxParallelReads){this.waitingReads.push({lng:t,ns:n,fcName:i,tried:r,wait:o,callback:a});return}this.readingCalls++;const c=(d,u)=>{if(this.readingCalls--,this.waitingReads.length>0){const p=this.waitingReads.shift();this.read(p.lng,p.ns,p.fcName,p.tried,p.wait,p.callback)}if(d&&u&&r<this.maxRetries){setTimeout(()=>{this.read.call(this,t,n,i,r+1,o*2,a)},o);return}a(d,u)},l=this.backend[i].bind(this.backend);if(l.length===2){try{const d=l(t,n);d&&typeof d.then=="function"?d.then(u=>c(null,u)).catch(c):c(null,d)}catch(d){c(d)}return}return l(t,n,c)}prepareLoading(t,n,i={},r){if(!this.backend)return this.logger.warn("No backend was added via i18next.use. Will not load resources."),r&&r();Ee(t)&&(t=this.languageUtils.toResolveHierarchy(t)),Ee(n)&&(n=[n]);const o=this.queueLoad(t,n,i,r);if(!o.toLoad.length)return o.pending.length||r(),null;o.toLoad.forEach(a=>{this.loadOne(a)})}load(t,n,i){this.prepareLoading(t,n,{},i)}reload(t,n,i){this.prepareLoading(t,n,{reload:!0},i)}loadOne(t,n=""){const i=t.split("|"),r=i[0],o=i[1];this.read(r,o,"read",void 0,void 0,(a,c)=>{a&&this.logger.warn(`${n}loading namespace ${o} for language ${r} failed`,a),!a&&c&&this.logger.log(`${n}loaded namespace ${o} for language ${r}`,c),this.loaded(t,a,c)})}saveMissing(t,n,i,r,o,a={},c=()=>{}){if(this.services?.utils?.hasLoadedNamespace&&!this.services?.utils?.hasLoadedNamespace(n)){this.logger.warn(`did not save key "${i}" as the namespace "${n}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!");return}if(!(i==null||i==="")){if(this.backend?.create){const l={...a,isUpdate:o},d=this.backend.create.bind(this.backend);if(d.length<6)try{let u;d.length===5?u=d(t,n,i,r,l):u=d(t,n,i,r),u&&typeof u.then=="function"?u.then(p=>c(null,p)).catch(c):c(null,u)}catch(u){c(u)}else d(t,n,i,r,c,l)}!t||!t[0]||this.store.addResource(t[0],n,i,r)}}}const Kg=()=>({debug:!1,initAsync:!0,ns:["translation"],defaultNS:["translation"],fallbackLng:["dev"],fallbackNS:!1,supportedLngs:!1,nonExplicitSupportedLngs:!1,load:"all",preload:!1,simplifyPluralSuffix:!0,keySeparator:".",nsSeparator:":",pluralSeparator:"_",contextSeparator:"_",partialBundledLanguages:!1,saveMissing:!1,updateMissing:!1,saveMissingTo:"fallback",saveMissingPlurals:!0,missingKeyHandler:!1,missingInterpolationHandler:!1,postProcess:!1,postProcessPassResolved:!1,returnNull:!1,returnEmptyString:!0,returnObjects:!1,joinArrays:!1,returnedObjectHandler:!1,parseMissingKeyHandler:!1,appendNamespaceToMissingKey:!1,appendNamespaceToCIMode:!1,overloadTranslationOptionHandler:e=>{let t={};if(typeof e[1]=="object"&&(t=e[1]),Ee(e[1])&&(t.defaultValue=e[1]),Ee(e[2])&&(t.tDescription=e[2]),typeof e[2]=="object"||typeof e[3]=="object"){const n=e[3]||e[2];Object.keys(n).forEach(i=>{t[i]=n[i]})}return t},interpolation:{escapeValue:!0,format:e=>e,prefix:"{{",suffix:"}}",formatSeparator:",",unescapePrefix:"-",nestingPrefix:"$t(",nestingSuffix:")",nestingOptionsSeparator:",",maxReplaces:1e3,skipOnVariables:!0},cacheInBuiltFormats:!0}),D1=e=>(Ee(e.ns)&&(e.ns=[e.ns]),Ee(e.fallbackLng)&&(e.fallbackLng=[e.fallbackLng]),Ee(e.fallbackNS)&&(e.fallbackNS=[e.fallbackNS]),e.supportedLngs?.indexOf?.("cimode")<0&&(e.supportedLngs=e.supportedLngs.concat(["cimode"])),typeof e.initImmediate=="boolean"&&(e.initAsync=e.initImmediate),e),bu=()=>{},ON=e=>{Object.getOwnPropertyNames(Object.getPrototypeOf(e)).forEach(n=>{typeof e[n]=="function"&&(e[n]=e[n].bind(e))})},B4="__i18next_supportNoticeShown",jN=()=>!!(typeof globalThis<"u"&&globalThis[B4]||typeof process<"u"&&process.env&&process.env.I18NEXT_NO_SUPPORT_NOTICE||typeof process<"u"&&process.env&&process.env.NODE_ENV==="production"),RN=()=>{typeof globalThis<"u"&&(globalThis[B4]=!0)},DN=e=>!!(e?.modules?.backend?.name?.indexOf("Locize")>0||e?.modules?.backend?.constructor?.name?.indexOf("Locize")>0||e?.options?.backend?.backends&&e.options.backend.backends.some(t=>t?.name?.indexOf("Locize")>0||t?.constructor?.name?.indexOf("Locize")>0)||e?.options?.backend?.projectId||e?.options?.backend?.backendOptions&&e.options.backend.backendOptions.some(t=>t?.projectId));class Tl extends oh{constructor(t={},n){if(super(),this.options=D1(t),this.services={},this.logger=Ii,this.modules={external:[]},ON(this),n&&!this.isInitialized&&!t.isClone){if(!this.options.initAsync)return this.init(t,n),this;setTimeout(()=>{this.init(t,n)},0)}}init(t={},n){this.isInitializing=!0,typeof t=="function"&&(n=t,t={}),t.defaultNS==null&&t.ns&&(Ee(t.ns)?t.defaultNS=t.ns:t.ns.indexOf("translation")<0&&(t.defaultNS=t.ns[0]));const i=Kg();this.options={...i,...this.options,...D1(t)},this.options.interpolation={...i.interpolation,...this.options.interpolation},t.keySeparator!==void 0&&(this.options.userDefinedKeySeparator=t.keySeparator),t.nsSeparator!==void 0&&(this.options.userDefinedNsSeparator=t.nsSeparator),typeof this.options.overloadTranslationOptionHandler!="function"&&(this.options.overloadTranslationOptionHandler=i.overloadTranslationOptionHandler),this.options.showSupportNotice!==!1&&!DN(this)&&!jN()&&(typeof console<"u"&&typeof console.info<"u"&&console.info("🌐 i18next is made possible by our own product, Locize — consider powering your project with managed localization (AI, CDN, integrations): https://locize.com 💙"),RN());const r=d=>d?typeof d=="function"?new d:d:null;if(!this.options.isClone){this.modules.logger?Ii.init(r(this.modules.logger),this.options):Ii.init(null,this.options);let d;this.modules.formatter?d=this.modules.formatter:d=PN;const u=new P1(this.options);this.store=new I1(this.options.resources,this.options);const p=this.services;p.logger=Ii,p.resourceStore=this.store,p.languageUtils=u,p.pluralResolver=new $N(u,{prepend:this.options.pluralSeparator,simplifyPluralSuffix:this.options.simplifyPluralSuffix}),this.options.interpolation.format&&this.options.interpolation.format!==i.interpolation.format&&this.logger.deprecate("init: you are still using the legacy format function, please use the new approach: https://www.i18next.com/translation-function/formatting"),d&&(!this.options.interpolation.format||this.options.interpolation.format===i.interpolation.format)&&(p.formatter=r(d),p.formatter.init&&p.formatter.init(p,this.options),this.options.interpolation.format=p.formatter.format.bind(p.formatter)),p.interpolator=new j1(this.options),p.utils={hasLoadedNamespace:this.hasLoadedNamespace.bind(this)},p.backendConnector=new FN(r(this.modules.backend),p.resourceStore,p,this.options),p.backendConnector.on("*",(h,...g)=>{this.emit(h,...g)}),this.modules.languageDetector&&(p.languageDetector=r(this.modules.languageDetector),p.languageDetector.init&&p.languageDetector.init(p,this.options.detection,this.options)),this.modules.i18nFormat&&(p.i18nFormat=r(this.modules.i18nFormat),p.i18nFormat.init&&p.i18nFormat.init(this)),this.translator=new mp(this.services,this.options),this.translator.on("*",(h,...g)=>{this.emit(h,...g)}),this.modules.external.forEach(h=>{h.init&&h.init(this)})}if(this.format=this.options.interpolation.format,n||(n=bu),this.options.fallbackLng&&!this.services.languageDetector&&!this.options.lng){const d=this.services.languageUtils.getFallbackCodes(this.options.fallbackLng);d.length>0&&d[0]!=="dev"&&(this.options.lng=d[0])}!this.services.languageDetector&&!this.options.lng&&this.logger.warn("init: no languageDetector is used and no lng is defined"),["getResource","hasResourceBundle","getResourceBundle","getDataByLanguage"].forEach(d=>{this[d]=(...u)=>this.store[d](...u)}),["addResource","addResources","addResourceBundle","removeResourceBundle"].forEach(d=>{this[d]=(...u)=>(this.store[d](...u),this)});const c=Nc(),l=()=>{const d=(u,p)=>{this.isInitializing=!1,this.isInitialized&&!this.initializedStoreOnce&&this.logger.warn("init: i18next is already initialized. You should call init just once!"),this.isInitialized=!0,this.options.isClone||this.logger.log("initialized",this.options),this.emit("initialized",this.options),c.resolve(p),n(u,p)};if(this.languages&&!this.isInitialized)return d(null,this.t.bind(this));this.changeLanguage(this.options.lng,d)};return this.options.resources||!this.options.initAsync?l():setTimeout(l,0),c}loadResources(t,n=bu){let i=n;const r=Ee(t)?t:this.language;if(typeof t=="function"&&(i=t),!this.options.resources||this.options.partialBundledLanguages){if(r?.toLowerCase()==="cimode"&&(!this.options.preload||this.options.preload.length===0))return i();const o=[],a=c=>{if(!c||c==="cimode")return;this.services.languageUtils.toResolveHierarchy(c).forEach(d=>{d!=="cimode"&&o.indexOf(d)<0&&o.push(d)})};r?a(r):this.services.languageUtils.getFallbackCodes(this.options.fallbackLng).forEach(l=>a(l)),this.options.preload?.forEach?.(c=>a(c)),this.services.backendConnector.load(o,this.options.ns,c=>{!c&&!this.resolvedLanguage&&this.language&&this.setResolvedLanguage(this.language),i(c)})}else i(null)}reloadResources(t,n,i){const r=Nc();return typeof t=="function"&&(i=t,t=void 0),typeof n=="function"&&(i=n,n=void 0),t||(t=this.languages),n||(n=this.options.ns),i||(i=bu),this.services.backendConnector.reload(t,n,o=>{r.resolve(),i(o)}),r}use(t){if(!t)throw new Error("You are passing an undefined module! Please check the object you are passing to i18next.use()");if(!t.type)throw new Error("You are passing a wrong module! Please check the object you are passing to i18next.use()");return t.type==="backend"&&(this.modules.backend=t),(t.type==="logger"||t.log&&t.warn&&t.error)&&(this.modules.logger=t),t.type==="languageDetector"&&(this.modules.languageDetector=t),t.type==="i18nFormat"&&(this.modules.i18nFormat=t),t.type==="postProcessor"&&R4.addPostProcessor(t),t.type==="formatter"&&(this.modules.formatter=t),t.type==="3rdParty"&&this.modules.external.push(t),this}setResolvedLanguage(t){if(!(!t||!this.languages)&&!(["cimode","dev"].indexOf(t)>-1)){for(let n=0;n<this.languages.length;n++){const i=this.languages[n];if(!(["cimode","dev"].indexOf(i)>-1)&&this.store.hasLanguageSomeTranslations(i)){this.resolvedLanguage=i;break}}!this.resolvedLanguage&&this.languages.indexOf(t)<0&&this.store.hasLanguageSomeTranslations(t)&&(this.resolvedLanguage=t,this.languages.unshift(t))}}changeLanguage(t,n){this.isLanguageChangingTo=t;const i=Nc();this.emit("languageChanging",t);const r=c=>{this.language=c,this.languages=this.services.languageUtils.toResolveHierarchy(c),this.resolvedLanguage=void 0,this.setResolvedLanguage(c)},o=(c,l)=>{l?this.isLanguageChangingTo===t&&(r(l),this.translator.changeLanguage(l),this.isLanguageChangingTo=void 0,this.emit("languageChanged",l),this.logger.log("languageChanged",l)):this.isLanguageChangingTo=void 0,i.resolve((...d)=>this.t(...d)),n&&n(c,(...d)=>this.t(...d))},a=c=>{!t&&!c&&this.services.languageDetector&&(c=[]);const l=Ee(c)?c:c&&c[0],d=this.store.hasLanguageSomeTranslations(l)?l:this.services.languageUtils.getBestMatchFromCodes(Ee(c)?[c]:c);d&&(this.language||r(d),this.translator.language||this.translator.changeLanguage(d),this.services.languageDetector?.cacheUserLanguage?.(d)),this.loadResources(d,u=>{o(u,d)})};return!t&&this.services.languageDetector&&!this.services.languageDetector.async?a(this.services.languageDetector.detect()):!t&&this.services.languageDetector&&this.services.languageDetector.async?this.services.languageDetector.detect.length===0?this.services.languageDetector.detect().then(a):this.services.languageDetector.detect(a):a(t),i}getFixedT(t,n,i){const r=(o,a,...c)=>{let l;typeof a!="object"?l=this.options.overloadTranslationOptionHandler([o,a].concat(c)):l={...a},l.lng=l.lng||r.lng,l.lngs=l.lngs||r.lngs,l.ns=l.ns||r.ns,l.keyPrefix!==""&&(l.keyPrefix=l.keyPrefix||i||r.keyPrefix);const d={...this.options,...l};typeof l.keyPrefix=="function"&&(l.keyPrefix=_a(l.keyPrefix,d));const u=this.options.keySeparator||".";let p;return l.keyPrefix&&Array.isArray(o)?p=o.map(f=>(typeof f=="function"&&(f=_a(f,d)),`${l.keyPrefix}${u}${f}`)):(typeof o=="function"&&(o=_a(o,d)),p=l.keyPrefix?`${l.keyPrefix}${u}${o}`:o),this.t(p,l)};return Ee(t)?r.lng=t:r.lngs=t,r.ns=n,r.keyPrefix=i,r}t(...t){return this.translator?.translate(...t)}exists(...t){return this.translator?.exists(...t)}setDefaultNamespace(t){this.options.defaultNS=t}hasLoadedNamespace(t,n={}){if(!this.isInitialized)return this.logger.warn("hasLoadedNamespace: i18next was not initialized",this.languages),!1;if(!this.languages||!this.languages.length)return this.logger.warn("hasLoadedNamespace: i18n.languages were undefined or empty",this.languages),!1;const i=n.lng||this.resolvedLanguage||this.languages[0],r=this.options?this.options.fallbackLng:!1,o=this.languages[this.languages.length-1];if(i.toLowerCase()==="cimode")return!0;const a=(c,l)=>{const d=this.services.backendConnector.state[`${c}|${l}`];return d===-1||d===0||d===2};if(n.precheck){const c=n.precheck(this,a);if(c!==void 0)return c}return!!(this.hasResourceBundle(i,t)||!this.services.backendConnector.backend||this.options.resources&&!this.options.partialBundledLanguages||a(i,t)&&(!r||a(o,t)))}loadNamespaces(t,n){const i=Nc();return this.options.ns?(Ee(t)&&(t=[t]),t.forEach(r=>{this.options.ns.indexOf(r)<0&&this.options.ns.push(r)}),this.loadResources(r=>{i.resolve(),n&&n(r)}),i):(n&&n(),Promise.resolve())}loadLanguages(t,n){const i=Nc();Ee(t)&&(t=[t]);const r=this.options.preload||[],o=t.filter(a=>r.indexOf(a)<0&&this.services.languageUtils.isSupportedCode(a));return o.length?(this.options.preload=r.concat(o),this.loadResources(a=>{i.resolve(),n&&n(a)}),i):(n&&n(),Promise.resolve())}dir(t){if(t||(t=this.resolvedLanguage||(this.languages?.length>0?this.languages[0]:this.language)),!t)return"rtl";try{const r=new Intl.Locale(t);if(r&&r.getTextInfo){const o=r.getTextInfo();if(o&&o.direction)return o.direction}}catch{}const n=["ar","shu","sqr","ssh","xaa","yhd","yud","aao","abh","abv","acm","acq","acw","acx","acy","adf","ads","aeb","aec","afb","ajp","apc","apd","arb","arq","ars","ary","arz","auz","avl","ayh","ayl","ayn","ayp","bbz","pga","he","iw","ps","pbt","pbu","pst","prp","prd","ug","ur","ydd","yds","yih","ji","yi","hbo","men","xmn","fa","jpr","peo","pes","prs","dv","sam","ckb"],i=this.services?.languageUtils||new P1(Kg());return t.toLowerCase().indexOf("-latn")>1?"ltr":n.indexOf(i.getLanguagePartFromCode(t))>-1||t.toLowerCase().indexOf("-arab")>1?"rtl":"ltr"}static createInstance(t={},n){const i=new Tl(t,n);return i.createInstance=Tl.createInstance,i}cloneInstance(t={},n=bu){const i=t.forkResourceStore;i&&delete t.forkResourceStore;const r={...this.options,...t,isClone:!0},o=new Tl(r);if((t.debug!==void 0||t.prefix!==void 0)&&(o.logger=o.logger.clone(t)),["store","services","language"].forEach(c=>{o[c]=this[c]}),o.services={...this.services},o.services.utils={hasLoadedNamespace:o.hasLoadedNamespace.bind(o)},i){const c=Object.keys(this.store.data).reduce((l,d)=>(l[d]={...this.store.data[d]},l[d]=Object.keys(l[d]).reduce((u,p)=>(u[p]={...l[d][p]},u),l[d]),l),{});o.store=new I1(c,r),o.services.resourceStore=o.store}if(t.interpolation){const l={...Kg().interpolation,...this.options.interpolation,...t.interpolation},d={...r,interpolation:l};o.services.interpolator=new j1(d)}return o.translator=new mp(o.services,r),o.translator.on("*",(c,...l)=>{o.emit(c,...l)}),o.init(r,n),o.translator.options=r,o.translator.backendConnector.services.utils={hasLoadedNamespace:o.hasLoadedNamespace.bind(o)},o}toJSON(){return{options:this.options,store:this.store,language:this.language,languages:this.languages,resolvedLanguage:this.resolvedLanguage}}}const L=Tl.createInstance();L.createInstance;L.dir;L.init;L.loadResources;L.reloadResources;L.use;L.changeLanguage;L.getFixedT;const ee=L.t;L.exists;L.setDefaultNamespace;L.hasLoadedNamespace;L.loadNamespaces;L.loadLanguages;const Mn=s.z.object({created_at:s.z.string(),updated_at:s.z.string()}),Cw=s.z.object({id:s.z.string(),version:s.z.string().optional()}),Tw=s.z.object({name:s.z.string(),version:s.z.string()}),$w=s.z.object({name:s.z.string(),value:s.z.string().optional()}),Bl=s.z.object({name:s.z.string().max(255),code:s.z.string().max(1e5),supported_triggers:s.z.array(Cw).optional(),runtime:s.z.string().max(50).optional(),dependencies:s.z.array(Tw).optional(),secrets:s.z.array($w).optional()}),BN=Bl.partial().extend({status:s.z.enum(["draft","built"]).optional(),deployed_at:s.z.string().optional()}),Xi=Bl.extend({id:s.z.string(),tenant_id:s.z.string(),status:s.z.enum(["draft","built"]).default("built"),deployed_at:s.z.string().optional(),secrets:s.z.array(s.z.object({name:s.z.string(),value:s.z.string().optional()})).optional(),...Mn.shape}),L4=s.z.object({action_id:s.z.string(),code:s.z.string().max(1e5),runtime:s.z.string().max(50).optional(),dependencies:s.z.array(Tw).optional(),secrets:s.z.array($w).optional(),supported_triggers:s.z.array(Cw).optional(),deployed:s.z.boolean().default(!0)}),sh=L4.extend({id:s.z.string(),tenant_id:s.z.string(),number:s.z.number().int(),...Mn.shape}),M4=s.z.enum(["user_action","admin_action","system","api"]),U4=s.z.object({type:s.z.enum(["user","admin","system","api_key","client_credentials"]),id:s.z.string().optional(),email:s.z.string().optional(),org_id:s.z.string().optional(),org_name:s.z.string().optional(),scopes:s.z.array(s.z.string()).optional(),client_id:s.z.string().optional()}),q4=s.z.object({type:s.z.string(),id:s.z.string(),before:s.z.record(s.z.unknown()).optional(),after:s.z.record(s.z.unknown()).optional(),diff:s.z.record(s.z.object({old:s.z.unknown(),new:s.z.unknown()})).optional()}),H4=s.z.object({method:s.z.string(),path:s.z.string(),query:s.z.record(s.z.string()).optional(),body:s.z.unknown().optional(),ip:s.z.string(),user_agent:s.z.string().optional(),correlation_id:s.z.string().optional()}),V4=s.z.object({status_code:s.z.number(),body:s.z.unknown().optional()}),K4=s.z.object({country_code:s.z.string(),city_name:s.z.string(),latitude:s.z.string(),longitude:s.z.string(),time_zone:s.z.string(),continent_code:s.z.string()}),G4=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.record(s.z.string()).optional()}),W4=s.z.object({tenant_id:s.z.string(),event_type:s.z.string(),log_type:s.z.string(),description:s.z.string().optional(),category:M4,actor:U4,target:q4,request:H4,response:V4.optional(),connection:s.z.string().optional(),strategy:s.z.string().optional(),strategy_type:s.z.string().optional(),audience:s.z.string().optional(),scope:s.z.string().optional(),location:K4.optional(),auth0_client:G4.optional(),hostname:s.z.string(),is_mobile:s.z.boolean().optional(),timestamp:s.z.string()}),J4=W4.extend({id:s.z.string()}),LN=s.z.enum(["AUTH0","EMAIL","REDIRECT"]),MN=s.z.enum(["CREATE_USER","GET_USER","UPDATE_USER","SEND_REQUEST","SEND_EMAIL"]),UN=s.z.enum(["VERIFY_EMAIL"]),Y4=s.z.object({require_mx_record:s.z.boolean().optional(),block_aliases:s.z.boolean().optional(),block_free_emails:s.z.boolean().optional(),block_disposable_emails:s.z.boolean().optional(),blocklist:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional()}),Q4=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("AUTH0"),action:s.z.literal("UPDATE_USER"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({connection_id:s.z.string().optional(),user_id:s.z.string(),changes:s.z.record(s.z.string(),s.z.any())})}),Z4=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("EMAIL"),action:s.z.literal("VERIFY_EMAIL"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({email:s.z.string(),rules:Y4.optional()})}),X4=s.z.enum(["change-email","account","custom"]),ex=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("REDIRECT"),action:s.z.literal("REDIRECT_USER"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({target:X4.openapi({description:"The predefined target to redirect to, or 'custom' for a custom URL"}),custom_url:s.z.string().optional().openapi({description:"Custom URL to redirect to when target is 'custom'"})})}),tx=s.z.union([Q4,Z4,ex]),yp=s.z.object({name:s.z.string().min(1).max(150).openapi({description:"The name of the flow"}),actions:s.z.array(tx).optional().default([]).openapi({description:"The list of actions to execute in sequence"})}),oa=yp.extend({...Mn.shape,id:s.z.string().openapi({description:"Unique identifier for the flow",example:"af_12tMpdJ3iek7svMyZkSh5M"})}),qN=s.z.object({page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"The page number where 0 is the first page"}),per_page:s.z.string().min(1).optional().default("10").transform(e=>parseInt(e,10)).openapi({description:"The number of items per page"}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"If the total number of items should be included in the response"}),sort:s.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"A property that should have the format 'string:-1' or 'string:1'"}),q:s.z.string().optional().openapi({description:"A lucene query string used to filter the results"})}),Et=s.z.object({start:s.z.number(),limit:s.z.number(),length:s.z.number(),total:s.z.number().optional()}),nx=s.z.object({email:s.z.string().optional(),email_verified:s.z.boolean().optional(),name:s.z.string().optional(),username:s.z.string().optional(),given_name:s.z.string().optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),family_name:s.z.string().optional()}).catchall(s.z.any()),_p=s.z.object({connection:s.z.string(),user_id:s.z.string(),provider:s.z.string(),isSocial:s.z.boolean(),email:s.z.string().optional(),email_verified:s.z.boolean().optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),username:s.z.string().optional(),access_token:s.z.string().optional(),access_token_secret:s.z.string().optional(),refresh_token:s.z.string().optional(),profileData:nx.optional()}),ix=s.z.object({formatted:s.z.string().optional(),street_address:s.z.string().optional(),locality:s.z.string().optional(),region:s.z.string().optional(),postal_code:s.z.string().optional(),country:s.z.string().optional()}).optional(),ah=s.z.object({email:s.z.string().optional().transform(e=>e&&e.toLowerCase()),username:s.z.string().refine(e=>!e.includes("@"),{message:'Usernames must not contain "@". Use the email field for email addresses.'}).optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),given_name:s.z.string().optional(),family_name:s.z.string().optional(),nickname:s.z.string().optional(),name:s.z.string().optional(),picture:s.z.string().optional(),locale:s.z.string().optional(),linked_to:s.z.string().optional(),profileData:s.z.string().optional(),user_id:s.z.string().optional(),app_metadata:s.z.any().default({}).optional(),user_metadata:s.z.any().default({}).optional(),middle_name:s.z.string().optional(),preferred_username:s.z.string().optional(),profile:s.z.string().optional(),website:s.z.string().optional(),gender:s.z.string().optional(),birthdate:s.z.string().optional(),zoneinfo:s.z.string().optional(),address:ix}),wp=ah.extend({email_verified:s.z.boolean().default(!1),verify_email:s.z.boolean().optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string().optional(),provider:s.z.string().optional(),connection:s.z.string(),is_social:s.z.boolean().optional(),registration_completed_at:s.z.string().optional(),password:s.z.object({hash:s.z.string(),algorithm:s.z.string()}).optional()}),Iw=s.z.object({...wp.omit({password:!0}).shape,...Mn.shape,user_id:s.z.string(),provider:s.z.string(),is_social:s.z.boolean(),email:s.z.string().optional(),login_count:s.z.number().default(0),identities:s.z.array(_p).optional()}),zn=Iw.omit({registration_completed_at:!0}),HN=ah.extend({login_count:s.z.number(),multifactor:s.z.array(s.z.string()).optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string()}).catchall(s.z.any());let VN="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",KN=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=VN[n[e]&63];return t};const bp=s.z.object({client_id:s.z.string().optional().openapi({description:"ID of this client. Generated server-side if omitted (Auth0 behavior)."}),name:s.z.string().min(1).openapi({description:"Name of this client (min length: 1 character, does not allow < or >)."}),description:s.z.string().max(140).optional().openapi({description:"Free text description of this client (max length: 140 characters)."}),global:s.z.boolean().default(!1).openapi({description:"Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false)."}),client_secret:s.z.string().default(()=>KN()).optional().openapi({description:"Client secret (which you must not make public)."}),app_type:s.z.enum(["native","spa","regular_web","non_interactive","resource_server","express_configuration","rms","box","cloudbees","concur","dropbox","mscrm","echosign","egnyte","newrelic","office365","salesforce","sentry","sharepoint","slack","springcm","zendesk","zoom","sso_integration","oag"]).default("regular_web").optional().openapi({description:"The type of application this client represents"}),logo_uri:s.z.string().url().optional().openapi({description:"URL of the logo to display for this client. Recommended size is 150x150 pixels."}),is_first_party:s.z.boolean().default(!1).openapi({description:"Whether this client a first party client (true) or not (false)."}),oidc_conformant:s.z.boolean().default(!0).openapi({description:"Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false)."}),auth0_conformant:s.z.boolean().default(!0).openapi({description:"Whether this client follows Auth0-compatible behavior (true) or strict OIDC behavior (false). When true, profile/email claims are included in the ID token when scopes are requested. When false, these claims are only available from the userinfo endpoint (strict OIDC 5.4 compliance)."}),callbacks:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication."}),allowed_origins:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs."}),web_origins:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."}),client_aliases:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of audiences/realms for SAML protocol. Used by the wsfed addon."}),allowed_clients:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed."}),connections:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of connection IDs enabled for this client. The order determines the display order on the login page."}),allowed_logout_urls:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."}),session_transfer:s.z.record(s.z.any()).default({}).optional().openapi({description:"Native to Web SSO Configuration"}),oidc_logout:s.z.record(s.z.any()).default({}).optional().openapi({description:"Configuration for OIDC backchannel logout"}),grant_types:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of grant types supported for this application. Can include authorization_code, implicit, refresh_token, client_credentials, password, http://auth0.com/oauth/grant-type/password-realm, http://auth0.com/oauth/grant-type/mfa-oob, http://auth0.com/oauth/grant-type/mfa-otp, http://auth0.com/oauth/grant-type/mfa-recovery-code, urn:openid:params:grant-type:ciba, and urn:ietf:params:oauth:grant-type:device_code."}),jwt_configuration:s.z.record(s.z.any()).default({}).optional().openapi({description:"Configuration related to JWTs for the client."}),signing_keys:s.z.array(s.z.record(s.z.any())).default([]).optional().openapi({description:"Signing certificates associated with this client."}),encryption_key:s.z.record(s.z.any()).default({}).optional().openapi({description:"Encryption used for WsFed responses with this client."}),sso:s.z.boolean().default(!1).openapi({description:"Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false)."}),sso_disabled:s.z.boolean().default(!1).openapi({description:"Whether Single Sign On is disabled for this client. When true, existing SSO sessions will not be reused and users must authenticate every time."}),cross_origin_authentication:s.z.boolean().default(!1).openapi({description:"Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."}),cross_origin_loc:s.z.string().url().optional().openapi({description:"URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page."}),custom_login_page_on:s.z.boolean().default(!1).openapi({description:"Whether a custom login page is to be used (true) or the default provided login page (false)."}),custom_login_page:s.z.string().optional().openapi({description:"The content (HTML, CSS, JS) of the custom login page."}),custom_login_page_preview:s.z.string().optional().openapi({description:"The content (HTML, CSS, JS) of the custom login page. (Used on Previews)"}),form_template:s.z.string().optional().openapi({description:"HTML form template to be used for WS-Federation."}),addons:s.z.record(s.z.any()).default({}).optional().openapi({description:"Addons enabled for this client and their associated configurations."}),token_endpoint_auth_method:s.z.enum(["none","client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"]).default("client_secret_basic").optional().openapi({description:"Defines the requested authentication method for the token endpoint. `none` (public client), `client_secret_post` / `client_secret_basic` (HTTP POST / Basic), `client_secret_jwt` (RFC 7523 HMAC assertion using client_secret), or `private_key_jwt` (RFC 7523 asymmetric assertion verified against the client's `jwks` / `jwks_uri`)."}),client_metadata:s.z.record(s.z.string().max(255)).default({}).optional().openapi({description:'Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/()<>@ [Tab][Space]'}),mobile:s.z.record(s.z.any()).default({}).optional().openapi({description:"Additional configuration for native mobile apps."}),initiate_login_uri:s.z.string().url().optional().openapi({description:"Initiate login uri, must be https"}),native_social_login:s.z.record(s.z.any()).default({}).optional(),refresh_token:s.z.object({rotation_type:s.z.enum(["rotating","non-rotating"]).optional().openapi({description:"Whether refresh tokens for this client are rotated on every exchange (Auth0 'rotating' behavior) or kept stable (legacy non-rotating). Defaults to 'non-rotating' when unset."}),leeway:s.z.number().int().min(0).max(600).optional().openapi({description:"Seconds after a parent token's first rotation during which presenting it again still mints a fresh sibling child instead of triggering reuse-detection. Defaults to 30s when unset."}),expiration_type:s.z.enum(["expiring","non-expiring"]).optional().openapi({description:"Auth0-compatible: whether refresh tokens expire."}),token_lifetime:s.z.number().int().min(0).optional().openapi({description:"Auth0-compatible: refresh-token absolute lifetime in seconds."}),infinite_token_lifetime:s.z.boolean().optional().openapi({description:"Auth0-compatible: when true, refresh tokens have no absolute expiry."}),idle_token_lifetime:s.z.number().int().min(0).optional().openapi({description:"Auth0-compatible: refresh-token idle (sliding) lifetime in seconds."}),infinite_idle_token_lifetime:s.z.boolean().optional().openapi({description:"Auth0-compatible: when true, refresh tokens have no idle expiry."})}).default({}).optional().openapi({description:"Refresh token configuration"}),default_organization:s.z.record(s.z.any()).default({}).optional().openapi({description:"Defines the default Organization ID and flows"}),organization_usage:s.z.enum(["deny","allow","require"]).default("deny").optional().openapi({description:"Defines how to proceed during an authentication transaction with regards an organization. Can be deny (default), allow or require."}),organization_require_behavior:s.z.enum(["no_prompt","pre_login_prompt","post_login_prompt"]).default("no_prompt").optional().openapi({description:"Defines how to proceed during an authentication transaction when client.organization_usage: 'require'. Can be no_prompt (default), pre_login_prompt or post_login_prompt. post_login_prompt requires oidc_conformant: true."}),client_authentication_methods:s.z.record(s.z.any()).default({}).optional().openapi({description:"Defines client authentication methods."}),require_pushed_authorization_requests:s.z.boolean().default(!1).openapi({description:"Makes the use of Pushed Authorization Requests mandatory for this client"}),require_proof_of_possession:s.z.boolean().default(!1).openapi({description:"Makes the use of Proof-of-Possession mandatory for this client"}),signed_request_object:s.z.record(s.z.any()).default({}).optional().openapi({description:"JWT-secured Authorization Requests (JAR) settings."}),compliance_level:s.z.enum(["none","fapi1_adv_pkj_par","fapi1_adv_mtls_par","fapi2_sp_pkj_mtls","fapi2_sp_mtls_mtls"]).optional().openapi({description:"Defines the compliance level for this client, which may restrict it's capabilities"}),par_request_expiry:s.z.number().optional().openapi({description:"Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"}),token_quota:s.z.record(s.z.any()).default({}).optional(),owner_user_id:s.z.string().optional().openapi({description:"User ID of the consenting user when this client was created via IAT-gated Dynamic Client Registration. NULL for clients created via the Management API or open DCR."}),registration_type:s.z.enum(["manual","open_dcr","iat_dcr"]).optional().openapi({description:"Provenance of this client. `manual` = Management API; `open_dcr` = RFC 7591 without IAT; `iat_dcr` = RFC 7591 with an Initial Access Token."}),registration_metadata:s.z.record(s.z.any()).default({}).optional().openapi({description:"Arbitrary metadata captured at Dynamic Client Registration time that isn't a first-class client field (e.g. integration_type, domain). Also stores `iat_constraints` for clients created via IAT so RFC 7592 PUT can enforce field immutability."}),user_linking_mode:s.z.enum(["builtin","off"]).optional().openapi({description:"Per-client override for the built-in email-based user-linking path. `builtin` runs the legacy in-process linking at user creation/email update. `off` disables the legacy path; linking only happens if the tenant has enabled the `account-linking` template hook. When unset, the service-level `userLinkingMode` default applies."})}),Do=s.z.object({created_at:s.z.string(),updated_at:s.z.string(),...bp.shape,client_id:s.z.string()}),vp=s.z.object({client_id:s.z.string().min(1).openapi({description:"ID of the client."}),audience:s.z.string().min(1).openapi({description:"The audience (API identifier) of this client grant."}),scope:s.z.array(s.z.string()).optional().openapi({description:"Scopes allowed for this client grant."}),organization_usage:s.z.enum(["deny","allow","require"]).optional().openapi({description:"Defines whether organizations can be used with client credentials exchanges for this grant."}),allow_any_organization:s.z.boolean().optional().openapi({description:"If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations."}),is_system:s.z.boolean().optional().openapi({description:"If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."}),subject_type:s.z.enum(["client","user"]).optional().openapi({description:"The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."}),authorization_details_types:s.z.array(s.z.string()).optional().openapi({description:"Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."})}),Bo=s.z.object({id:s.z.string().openapi({description:"ID of the client grant."}),...vp.shape,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),GN=s.z.array(Bo),rx=s.z.enum(["iat","rat"]),ox=s.z.object({id:s.z.string(),token_hash:s.z.string(),type:rx,client_id:s.z.string().optional(),sub:s.z.string().optional(),constraints:s.z.record(s.z.unknown()).optional(),single_use:s.z.boolean().default(!1),expires_at:s.z.string().optional()}),WN=s.z.object({created_at:s.z.string(),used_at:s.z.string().optional(),revoked_at:s.z.string().optional(),...ox.shape}),ws=s.z.object({x:s.z.number(),y:s.z.number()});var zw=(e=>(e.RICH_TEXT="RICH_TEXT",e.NEXT_BUTTON="NEXT_BUTTON",e.BACK_BUTTON="BACK_BUTTON",e.SUBMIT_BUTTON="SUBMIT_BUTTON",e.DIVIDER="DIVIDER",e.TEXT="TEXT",e.EMAIL="EMAIL",e.PASSWORD="PASSWORD",e.NUMBER="NUMBER",e.PHONE="PHONE",e.DATE="DATE",e.CHECKBOX="CHECKBOX",e.RADIO="RADIO",e.SELECT="SELECT",e.HIDDEN="HIDDEN",e.LEGAL="LEGAL",e))(zw||{}),Pw=(e=>(e.BLOCK="BLOCK",e.FIELD="FIELD",e))(Pw||{});const ch=s.z.object({id:s.z.string(),category:s.z.nativeEnum(Pw),type:s.z.nativeEnum(zw)}),sx=ch.extend({category:s.z.literal("BLOCK"),type:s.z.literal("RICH_TEXT"),config:s.z.object({content:s.z.string()}).passthrough()}),ax=ch.extend({category:s.z.literal("BLOCK"),type:s.z.union([s.z.literal("NEXT_BUTTON"),s.z.literal("BACK_BUTTON"),s.z.literal("SUBMIT_BUTTON")]),config:s.z.object({text:s.z.string()}).passthrough()}),cx=ch.extend({category:s.z.literal("FIELD"),type:s.z.literal("LEGAL"),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional(),config:s.z.object({text:s.z.string()}).passthrough()}),lx=ch.extend({category:s.z.literal("FIELD"),type:s.z.union([s.z.literal("TEXT"),s.z.literal("EMAIL"),s.z.literal("PASSWORD"),s.z.literal("NUMBER"),s.z.literal("PHONE"),s.z.literal("DATE"),s.z.literal("CHECKBOX"),s.z.literal("RADIO"),s.z.literal("SELECT"),s.z.literal("HIDDEN")]),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional(),config:s.z.object({label:s.z.string().optional(),placeholder:s.z.string().optional()}).passthrough()}),dx=s.z.object({id:s.z.string(),category:s.z.string(),type:s.z.string()}).passthrough(),ux=s.z.union([sx,ax,cx,lx,dx]);var px=(e=>(e.STEP="STEP",e.FLOW="FLOW",e.CONDITION="CONDITION",e.ACTION="ACTION",e))(px||{});const fx=s.z.object({id:s.z.string(),type:s.z.literal("STEP"),coordinates:ws,alias:s.z.string().optional(),config:s.z.object({components:s.z.array(ux),next_node:s.z.string()}).passthrough()}),hx=s.z.object({id:s.z.string(),type:s.z.literal("FLOW"),coordinates:ws,alias:s.z.string().optional(),config:s.z.object({flow_id:s.z.string(),next_node:s.z.string()})}),gx=s.z.object({id:s.z.string(),type:s.z.literal("ACTION"),coordinates:ws,alias:s.z.string().optional(),config:s.z.object({action_type:s.z.enum(["REDIRECT"]).openapi({description:"The type of action to perform"}),target:s.z.enum(["change-email","account","custom"]).openapi({description:"The predefined target to redirect to"}),custom_url:s.z.string().optional().openapi({description:"Custom URL when target is 'custom'"}),next_node:s.z.string().openapi({description:"The next node to navigate to after action (for non-redirect actions)"})}).passthrough()}),mx=s.z.object({id:s.z.string(),type:s.z.string(),coordinates:ws}).passthrough(),yx=s.z.union([fx,hx,gx,mx]),_x=s.z.object({next_node:s.z.string(),coordinates:ws}).passthrough(),wx=s.z.object({resume_flow:s.z.boolean().optional(),coordinates:ws}).passthrough(),bx=s.z.object({id:s.z.string(),name:s.z.string(),languages:s.z.object({primary:s.z.string()}).passthrough(),nodes:s.z.array(yx),start:_x,ending:wx,created_at:s.z.string(),updated_at:s.z.string(),links:s.z.object({sdkSrc:s.z.string().optional(),sdk_src:s.z.string().optional()}).passthrough()}).passthrough(),JN=bx.omit({id:!0,created_at:!0,updated_at:!0});var Sn=(e=>(e.TOKEN="token",e.ID_TOKEN="id_token",e.TOKEN_ID_TOKEN="id_token token",e.CODE="code",e.CODE_ID_TOKEN="code id_token",e.CODE_TOKEN="code token",e.CODE_ID_TOKEN_TOKEN="code id_token token",e))(Sn||{}),vt=(e=>(e.QUERY="query",e.FRAGMENT="fragment",e.FORM_POST="form_post",e.WEB_MESSAGE="web_message",e.SAML_POST="saml_post",e))(vt||{}),lh=(e=>(e.S256="S256",e.Plain="plain",e))(lh||{});const Ll=s.z.object({client_id:s.z.string(),act_as:s.z.string().optional(),response_type:s.z.nativeEnum(Sn).optional(),response_mode:s.z.nativeEnum(vt).optional(),redirect_uri:s.z.string().optional(),audience:s.z.string().optional(),organization:s.z.string().optional(),state:s.z.string().optional(),nonce:s.z.string().optional(),scope:s.z.string().optional(),prompt:s.z.string().optional(),code_challenge_method:s.z.nativeEnum(lh).optional(),code_challenge:s.z.string().optional(),username:s.z.string().optional(),ui_locales:s.z.string().optional(),max_age:s.z.number().optional(),acr_values:s.z.string().optional(),vendor_id:s.z.string().optional()}),Ju=s.z.object({colors:s.z.object({primary:s.z.string(),page_background:s.z.union([s.z.string(),s.z.object({type:s.z.string().optional(),start:s.z.string().optional(),end:s.z.string().optional(),angle_deg:s.z.number().optional()})]).optional()}).optional(),logo_url:s.z.string().optional(),favicon_url:s.z.string().optional(),powered_by_logo_url:s.z.string().optional(),font:s.z.object({url:s.z.string()}).optional(),dark_mode:s.z.enum(["dark","light","auto"]).optional()}),vx=s.z.enum(["password_reset","email_verification","otp","mfa_otp","authorization_code","oauth2_state","ticket"]),Ax=s.z.object({code_id:s.z.string().openapi({description:"The code that will be used in for instance an email verification flow"}),login_id:s.z.string().openapi({description:"The id of the login session that the code is connected to"}),connection_id:s.z.string().optional().openapi({description:"The connection that the code is connected to"}),code_type:vx,code_verifier:s.z.string().optional().openapi({description:"The code verifier used in PKCE in outbound flows"}),code_challenge:s.z.string().optional().openapi({description:"The code challenge used in PKCE in outbound flows"}),code_challenge_method:s.z.enum(["plain","S256"]).optional().openapi({description:"The code challenge method used in PKCE in outbound flows"}),redirect_uri:s.z.string().optional().openapi({description:"The redirect URI associated with the code"}),otp:s.z.string().optional().openapi({description:"The one-time password value for OTP-based flows"}),nonce:s.z.string().optional().openapi({description:"The nonce value used for security in OIDC flows"}),state:s.z.string().optional().openapi({description:"The state parameter used for CSRF protection in OAuth flows"}),expires_at:s.z.string(),used_at:s.z.string().optional(),user_id:s.z.string().optional()}),YN=s.z.object({...Ax.shape,created_at:s.z.string()}),kx=s.z.object({kid:s.z.string().optional(),team_id:s.z.string().optional(),realms:s.z.string().optional(),authentication_method:s.z.string().optional(),client_id:s.z.string().optional(),client_secret:s.z.string().optional(),app_secret:s.z.string().optional(),scope:s.z.string().optional(),authorization_endpoint:s.z.string().optional(),token_endpoint:s.z.string().optional(),userinfo_endpoint:s.z.string().optional(),jwks_uri:s.z.string().optional(),discovery_url:s.z.string().optional(),issuer:s.z.string().optional(),provider:s.z.string().optional(),from:s.z.string().optional(),twilio_sid:s.z.string().optional(),twilio_token:s.z.string().optional(),icon_url:s.z.string().optional(),domain_aliases:s.z.array(s.z.string()).optional(),callback_url:s.z.string().url().optional(),passwordPolicy:s.z.enum(["none","low","fair","good","excellent"]).optional(),password_complexity_options:s.z.object({min_length:s.z.number().optional()}).optional(),password_history:s.z.object({enable:s.z.boolean().optional(),size:s.z.number().optional()}).optional(),password_no_personal_info:s.z.object({enable:s.z.boolean().optional()}).optional(),password_dictionary:s.z.object({enable:s.z.boolean().optional(),dictionary:s.z.array(s.z.string()).optional()}).optional(),disable_signup:s.z.boolean().optional(),brute_force_protection:s.z.boolean().optional(),import_mode:s.z.boolean().optional(),attributes:s.z.object({email:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional(),verification:s.z.object({active:s.z.boolean().optional()}).optional()}).optional(),validation:s.z.object({allowed:s.z.boolean().optional()}).optional(),unique:s.z.boolean().optional(),profile_required:s.z.boolean().optional(),verification_method:s.z.enum(["link","code"]).optional()}).optional(),username:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional()}).optional(),validation:s.z.object({max_length:s.z.number().optional(),min_length:s.z.number().optional(),allowed_types:s.z.object({email:s.z.boolean().optional(),phone_number:s.z.boolean().optional()}).optional()}).optional(),profile_required:s.z.boolean().optional()}).optional(),phone_number:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional()}).optional()}).optional()}).optional(),authentication_methods:s.z.object({password:s.z.object({enabled:s.z.boolean().optional()}).optional(),passkey:s.z.object({enabled:s.z.boolean().optional()}).optional()}).optional(),passkey_options:s.z.object({challenge_ui:s.z.enum(["both","autofill","button"]).optional(),local_enrollment_enabled:s.z.boolean().optional(),progressive_enrollment_enabled:s.z.boolean().optional()}).optional(),requires_username:s.z.boolean().optional(),validation:s.z.object({username:s.z.object({min:s.z.number().optional(),max:s.z.number().optional()}).optional()}).optional(),set_user_root_attributes:s.z.enum(["on_each_login","on_first_login","never_on_login"]).optional()});function sy(e){if(e!==null){if(Array.isArray(e))return e.filter(t=>t!==null).map(sy);if(e&&typeof e=="object"){const t={};for(const[n,i]of Object.entries(e))i!==null&&(t[n]=sy(i));return t}return e}}const Ap=s.z.object({id:s.z.string().optional(),name:s.z.string(),display_name:s.z.string().optional(),strategy:s.z.string(),options:s.z.preprocess(e=>e===null?{}:sy(e),kx).default({}),enabled_clients:s.z.array(s.z.string()).default([]).optional(),response_type:s.z.custom().optional(),response_mode:s.z.custom().optional(),is_domain_connection:s.z.boolean().optional(),show_as_button:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional(),is_system:s.z.boolean().optional()}),Dr=s.z.object({id:s.z.string(),created_at:s.z.string().transform(e=>e===null?"":e),updated_at:s.z.string().transform(e=>e===null?"":e)}).extend(Ap.shape),Nw=s.z.object({domain:s.z.string(),custom_domain_id:s.z.string().optional(),type:s.z.enum(["auth0_managed_certs","self_managed_certs"]),verification_method:s.z.enum(["txt"]).optional(),tls_policy:s.z.enum(["recommended"]).optional(),custom_client_ip_header:s.z.enum(["true-client-ip","cf-connecting-ip","x-forwarded-for","x-azure-clientip","null"]).optional(),domain_metadata:s.z.record(s.z.string().max(255)).optional()}),Sx=s.z.discriminatedUnion("name",[s.z.object({name:s.z.literal("txt"),record:s.z.string(),domain:s.z.string()}),s.z.object({name:s.z.literal("http"),http_body:s.z.string(),http_url:s.z.string()})]),Fr=s.z.object({...Nw.shape,custom_domain_id:s.z.string(),primary:s.z.boolean(),status:s.z.enum(["disabled","pending","pending_verification","ready"]),origin_domain_name:s.z.string().optional(),verification:s.z.object({methods:s.z.array(Sx)}).optional(),tls_policy:s.z.string().optional()}),QN=Fr.extend({tenant_id:s.z.string()}),Fw=s.z.object({id:s.z.string(),order:s.z.number().optional(),visible:s.z.boolean().optional().default(!0)}),oo=Fw.extend({category:s.z.literal("BLOCK").optional()}),ZN=oo.extend({type:s.z.literal("DIVIDER"),config:s.z.object({text:s.z.string().optional()}).optional()}),XN=oo.extend({type:s.z.literal("HTML"),config:s.z.object({content:s.z.string().optional()}).optional()}),e9=oo.extend({type:s.z.literal("IMAGE"),config:s.z.object({src:s.z.string().optional(),alt:s.z.string().optional(),width:s.z.number().optional(),height:s.z.number().optional()}).optional()}),t9=oo.extend({type:s.z.literal("JUMP_BUTTON"),config:s.z.object({text:s.z.string().optional(),target_step:s.z.string().optional()})}),n9=oo.extend({type:s.z.literal("RESEND_BUTTON"),config:s.z.object({text:s.z.string().optional(),resend_action:s.z.string().optional()})}),i9=oo.extend({type:s.z.literal("NEXT_BUTTON"),config:s.z.object({text:s.z.string().optional()})}),r9=oo.extend({type:s.z.literal("PREVIOUS_BUTTON"),config:s.z.object({text:s.z.string().optional()})}),o9=oo.extend({type:s.z.literal("RICH_TEXT"),config:s.z.object({content:s.z.string().optional()}).optional()}),Ow=Fw.extend({category:s.z.literal("WIDGET").optional(),label:s.z.string().min(1).optional(),hint:s.z.string().min(1).max(500).optional(),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional()}),s9=Ow.extend({type:s.z.literal("AUTH0_VERIFIABLE_CREDENTIALS"),config:s.z.object({credential_type:s.z.string().optional()})}),a9=Ow.extend({type:s.z.literal("GMAPS_ADDRESS"),config:s.z.object({api_key:s.z.string().optional()})}),c9=Ow.extend({type:s.z.literal("RECAPTCHA"),config:s.z.object({site_key:s.z.string().optional()})}),Lt=Fw.extend({category:s.z.literal("FIELD").optional(),label:s.z.string().min(1).optional(),hint:s.z.string().min(1).max(500).optional(),messages:s.z.array(s.z.object({id:s.z.number().optional(),text:s.z.string(),type:s.z.enum(["info","error","success","warning"])})).optional(),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional()}),l9=Lt.extend({type:s.z.literal("BOOLEAN"),config:s.z.object({default_value:s.z.boolean().optional()}).optional()}),d9=Lt.extend({type:s.z.literal("CARDS"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string(),description:s.z.string().optional(),image:s.z.string().optional()})).optional(),multi_select:s.z.boolean().optional()}).optional()}),u9=Lt.extend({type:s.z.literal("CHOICE"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string()})).optional(),display:s.z.enum(["radio","checkbox"]).optional(),multiple:s.z.boolean().optional(),default_value:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional()}).optional()}),p9=Lt.extend({type:s.z.literal("CUSTOM"),config:s.z.object({component:s.z.string().optional(),props:s.z.record(s.z.any()).optional(),schema:s.z.record(s.z.any()).optional(),code:s.z.string().optional()})}),f9=Lt.extend({type:s.z.literal("DATE"),config:s.z.object({format:s.z.string().optional(),min:s.z.string().optional(),max:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),h9=Lt.extend({type:s.z.literal("DROPDOWN"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string()})).optional(),placeholder:s.z.string().optional(),searchable:s.z.boolean().optional(),multiple:s.z.boolean().optional(),default_value:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional()}).optional()}),g9=Lt.extend({type:s.z.literal("EMAIL"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),m9=Lt.extend({type:s.z.literal("FILE"),config:s.z.object({accept:s.z.string().optional(),max_size:s.z.number().optional(),multiple:s.z.boolean().optional()}).optional()}),y9=Lt.extend({type:s.z.literal("LEGAL"),config:s.z.object({text:s.z.string(),html:s.z.boolean().optional()}).optional()}),_9=Lt.extend({type:s.z.literal("NUMBER"),config:s.z.object({placeholder:s.z.string().optional(),min:s.z.number().optional(),max:s.z.number().optional(),step:s.z.number().optional(),default_value:s.z.string().optional()}).optional()}),w9=Lt.extend({type:s.z.literal("PASSWORD"),config:s.z.object({placeholder:s.z.string().optional(),min_length:s.z.number().optional(),show_toggle:s.z.boolean().optional(),forgot_password_link:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),b9=Lt.extend({type:s.z.literal("PAYMENT"),config:s.z.object({provider:s.z.string().optional(),currency:s.z.string().optional()}).optional()}),v9=Lt.extend({type:s.z.literal("SOCIAL"),config:s.z.object({providers:s.z.array(s.z.string()).optional(),provider_details:s.z.array(s.z.object({name:s.z.string(),strategy:s.z.string().optional(),display_name:s.z.string().optional(),icon_url:s.z.string().optional(),href:s.z.string().optional()})).optional()}).optional()}),A9=Lt.extend({type:s.z.literal("TEL"),config:s.z.object({placeholder:s.z.string().optional(),default_country:s.z.string().optional(),default_value:s.z.string().optional(),allow_email:s.z.boolean().optional()}).optional()}),k9=Lt.extend({type:s.z.literal("TEXT"),config:s.z.object({placeholder:s.z.string().optional(),multiline:s.z.boolean().optional(),max_length:s.z.number().optional(),default_value:s.z.string().optional()}).optional()}),S9=Lt.extend({type:s.z.literal("COUNTRY"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),E9=Lt.extend({type:s.z.literal("URL"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),Ex=s.z.discriminatedUnion("type",[ZN,XN,e9,t9,n9,i9,r9,o9]),xx=s.z.discriminatedUnion("type",[s9,a9,c9]),Cx=s.z.discriminatedUnion("type",[l9,d9,u9,S9,p9,f9,h9,g9,m9,y9,_9,w9,b9,v9,A9,k9,E9]),jw=s.z.union([Ex,xx,Cx]),Rw=new Set(["BOOLEAN","CARDS","CHOICE","COUNTRY","DATE","DROPDOWN","EMAIL","LEGAL","NUMBER","PASSWORD","TEL","TEXT","URL"]),x9=s.z.object({id:s.z.string(),type:s.z.literal("submit"),label:s.z.string(),className:s.z.string().optional(),disabled:s.z.boolean().optional().default(!1),order:s.z.number().optional(),visible:s.z.boolean().optional().default(!0),customizations:s.z.record(s.z.string(),s.z.any()).optional()}),Ml=s.z.object({x:s.z.number(),y:s.z.number()}),C9=s.z.object({id:s.z.string(),type:s.z.literal("FLOW"),coordinates:Ml,alias:s.z.string().min(1).max(150).optional(),config:s.z.object({flow_id:s.z.string().max(30),next_node:s.z.string().optional()})}),T9=s.z.object({id:s.z.string(),type:s.z.literal("ROUTER"),coordinates:Ml,alias:s.z.string().min(1).max(150),config:s.z.object({rules:s.z.array(s.z.object({id:s.z.string(),alias:s.z.string().min(1).max(150).optional(),condition:s.z.any(),next_node:s.z.string()})),fallback:s.z.string()})}),$9=s.z.object({id:s.z.string(),type:s.z.literal("STEP"),coordinates:Ml,alias:s.z.string().min(1).max(150).optional(),config:s.z.object({components:s.z.array(jw),next_node:s.z.string().optional()})}),Tx=s.z.discriminatedUnion("type",[C9,T9,$9]),kp=s.z.object({name:s.z.string().openapi({description:"The name of the form"}),messages:s.z.object({errors:s.z.record(s.z.string(),s.z.any()).optional(),custom:s.z.record(s.z.string(),s.z.any()).optional()}).optional(),languages:s.z.object({primary:s.z.string().optional(),default:s.z.string().optional()}).optional(),translations:s.z.record(s.z.string(),s.z.any()).optional(),nodes:s.z.array(Tx).optional(),start:s.z.object({hidden_fields:s.z.array(s.z.object({key:s.z.string(),value:s.z.string()})).optional(),next_node:s.z.string().optional(),coordinates:Ml.optional()}).optional(),ending:s.z.object({redirection:s.z.object({delay:s.z.number().optional(),target:s.z.string().optional()}).optional(),after_submit:s.z.object({flow_id:s.z.string().optional()}).optional(),coordinates:Ml.optional(),resume_flow:s.z.boolean().optional()}).optional(),style:s.z.object({css:s.z.string().optional()}).optional(),links:s.z.object({sdkSrc:s.z.string().optional(),sdk_src:s.z.string().optional()}).optional()}).openapi({description:"Schema for flow-based forms (matches Auth0 Forms structure)"}),sa=s.z.object({...Mn.shape,...kp.shape,id:s.z.string()}),$x=s.z.object({id:s.z.number().optional(),text:s.z.string(),type:s.z.enum(["info","error","success","warning"])}),Ix=s.z.object({id:s.z.string().optional(),text:s.z.string(),href:s.z.string(),linkText:s.z.string().optional()}),I9=s.z.object({name:s.z.string().optional(),action:s.z.string(),method:s.z.enum(["POST","GET"]),title:s.z.string().optional(),description:s.z.string().optional(),components:s.z.array(jw),messages:s.z.array($x).optional(),links:s.z.array(Ix).optional(),footer:s.z.string().optional()});function z9(e){return e.category==="BLOCK"}function P9(e){return e.category==="WIDGET"}function N9(e){return e.category==="FIELD"}const zx=s.z.enum(["pre-user-registration","post-user-registration","post-user-login","post-user-update","validate-registration-username","pre-user-deletion","post-user-deletion"]),Px=s.z.enum(["pre-user-registration","post-user-registration","post-user-login","validate-registration-username","pre-user-deletion","post-user-deletion"]),Nx=s.z.enum(["post-user-login","post-user-registration","post-user-update","credentials-exchange"]),Fx=s.z.enum(["post-user-login","credentials-exchange","pre-user-registration","post-user-registration"]),Dw=s.z.enum(["ensure-username","set-preferred-username","account-linking"]),F9={"ensure-username":{name:"Ensure Username",description:"Automatically assigns a username to users who sign in without one. Creates a linked username account for social/email users.",trigger_ids:["post-user-login"]},"set-preferred-username":{name:"Set Preferred Username",description:"Sets the preferred_username claim on tokens based on the username from the primary or linked user.",trigger_ids:["credentials-exchange"]},"account-linking":{name:"Account Linking",description:"Links a user to an existing primary account with the same verified email. Idempotent — safe to run on every login, registration, and email update.",trigger_ids:["post-user-login","post-user-registration","post-user-update"]}},so={enabled:s.z.boolean().default(!1),synchronous:s.z.boolean().default(!1),priority:s.z.number().optional(),hook_id:s.z.string().optional(),metadata:s.z.record(s.z.unknown()).optional()},O9=s.z.object({...so,trigger_id:zx,url:s.z.string()}),j9=s.z.object({...so,trigger_id:Px,form_id:s.z.string()}),R9=s.z.object({...so,trigger_id:Nx,template_id:Dw}),D9=s.z.object({...so,trigger_id:Fx,code_id:s.z.string()}),ay=s.z.union([O9,j9,R9,D9]),B9=s.z.object({...so,trigger_id:zx,...Mn.shape,hook_id:s.z.string(),url:s.z.string()}),L9=s.z.object({...so,trigger_id:Px,...Mn.shape,hook_id:s.z.string(),form_id:s.z.string()}),M9=s.z.object({...so,trigger_id:Nx,...Mn.shape,hook_id:s.z.string(),template_id:Dw}),U9=s.z.object({...so,trigger_id:Fx,...Mn.shape,hook_id:s.z.string(),code_id:s.z.string()}),aa=s.z.union([B9,L9,M9,U9]),Sp=s.z.object({code:s.z.string().max(1e5),secrets:s.z.record(s.z.string()).optional()}),Bw=Sp.extend({id:s.z.string(),tenant_id:s.z.string(),...Mn.shape}),Ox=s.z.object({name:s.z.string().optional()}),jx=s.z.object({email:s.z.string().optional()}),Lw=s.z.object({organization_id:s.z.string().max(50),inviter:Ox,invitee:jx,invitation_url:s.z.string().url(),client_id:s.z.string(),connection_id:s.z.string().optional(),app_metadata:s.z.record(s.z.any()).default({}).optional(),user_metadata:s.z.record(s.z.any()).default({}).optional(),ttl_sec:s.z.number().int().max(2592e3).default(604800).optional(),roles:s.z.array(s.z.string()).default([]).optional(),send_invitation_email:s.z.boolean().default(!0).optional()}),$l=s.z.object({id:s.z.string(),organization_id:s.z.string().max(50),created_at:s.z.string().datetime(),expires_at:s.z.string().datetime(),ticket_id:s.z.string().optional()}).extend(Lw.shape),dh=s.z.object({alg:s.z.enum(["RS256","RS384","RS512","ES256","ES384","ES512","HS256","HS384","HS512"]),kid:s.z.string(),kty:s.z.enum(["RSA","EC","oct"]),use:s.z.enum(["sig","enc"]).optional(),n:s.z.string().optional(),e:s.z.string().optional(),crv:s.z.string().optional(),x:s.z.string().optional(),y:s.z.string().optional(),x5t:s.z.string().optional(),x5c:s.z.array(s.z.string()).optional()}).superRefine((e,t)=>{if(e.kty==="RSA")for(const n of["n","e"])e[n]||t.addIssue({code:s.z.ZodIssueCode.custom,path:[n],message:`RSA JWK is missing required member '${n}'`});else if(e.kty==="EC")for(const n of["crv","x","y"])e[n]||t.addIssue({code:s.z.ZodIssueCode.custom,path:[n],message:`EC JWK is missing required member '${n}'`})}),Ep=s.z.object({keys:s.z.array(dh)}),cy=s.z.object({issuer:s.z.string(),authorization_endpoint:s.z.string(),token_endpoint:s.z.string(),userinfo_endpoint:s.z.string(),jwks_uri:s.z.string(),registration_endpoint:s.z.string().optional(),revocation_endpoint:s.z.string(),end_session_endpoint:s.z.string().optional(),scopes_supported:s.z.array(s.z.string()),response_types_supported:s.z.array(s.z.string()),grant_types_supported:s.z.array(s.z.string()).optional(),code_challenge_methods_supported:s.z.array(s.z.string()),response_modes_supported:s.z.array(s.z.string()),subject_types_supported:s.z.array(s.z.string()),id_token_signing_alg_values_supported:s.z.array(s.z.string()),token_endpoint_auth_methods_supported:s.z.array(s.z.string()),claims_supported:s.z.array(s.z.string()),request_uri_parameter_supported:s.z.boolean(),request_parameter_supported:s.z.boolean(),request_object_signing_alg_values_supported:s.z.array(s.z.string()).optional(),token_endpoint_auth_signing_alg_values_supported:s.z.array(s.z.string())});var be=(e=>(e.PENDING="pending",e.AUTHENTICATED="authenticated",e.AWAITING_EMAIL_VERIFICATION="awaiting_email_verification",e.AWAITING_MFA="awaiting_mfa",e.AWAITING_HOOK="awaiting_hook",e.AWAITING_CONTINUATION="awaiting_continuation",e.COMPLETED="completed",e.FAILED="failed",e.EXPIRED="expired",e))(be||{});const Rx=s.z.nativeEnum(be),Dx=s.z.object({strategy:s.z.string(),strategy_type:s.z.string()}),Bx=s.z.object({csrf_token:s.z.string(),auth0Client:s.z.string().optional(),authParams:Ll,expires_at:s.z.string(),deleted_at:s.z.string().optional(),ip:s.z.string().optional(),useragent:s.z.string().optional(),session_id:s.z.string().optional(),authorization_url:s.z.string().optional(),state:Rx.optional().default("pending"),state_data:s.z.string().optional(),failure_reason:s.z.string().optional(),user_id:s.z.string().optional(),auth_connection:s.z.string().optional(),auth_strategy:Dx.optional(),authenticated_at:s.z.string().optional()}).openapi({description:"This represents a login sesion"}),q9=s.z.object({...Bx.shape,id:s.z.string().openapi({description:"This is is used as the state in the universal login"}),created_at:s.z.string(),updated_at:s.z.string()}),O={ACLS_SUMMARY:"acls_summary",ACTIONS_EXECUTION_FAILED:"actions_execution_failed",API_LIMIT:"api_limit",API_LIMIT_WARNING:"api_limit_warning",APPI:"appi",CIBA_EXCHANGE_FAILED:"ciba_exchange_failed",CIBA_EXCHANGE_SUCCEEDED:"ciba_exchange_succeeded",CIBA_START_FAILED:"ciba_start_failed",CIBA_START_SUCCEEDED:"ciba_start_succeeded",CODE_LINK_SENT:"cls",CODE_SENT:"cs",DEPRECATION_NOTICE:"depnote",FAILED_LOGIN:"f",FAILED_BY_CONNECTOR:"fc",FAILED_CHANGE_EMAIL:"fce",FAILED_BY_CORS:"fco",FAILED_CROSS_ORIGIN_AUTHENTICATION:"fcoa",FAILED_CHANGE_PASSWORD:"fcp",FAILED_POST_CHANGE_PASSWORD_HOOK:"fcph",FAILED_CHANGE_PHONE_NUMBER:"fcpn",FAILED_CHANGE_PASSWORD_REQUEST:"fcpr",FAILED_CONNECTOR_PROVISIONING:"fcpro",FAILED_CHANGE_USERNAME:"fcu",FAILED_DELEGATION:"fd",FAILED_DEVICE_ACTIVATION:"fdeac",FAILED_DEVICE_AUTHORIZATION_REQUEST:"fdeaz",USER_CANCELED_DEVICE_CONFIRMATION:"fdecc",FAILED_USER_DELETION:"fdu",FAILED_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN:"feacft",FAILED_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS:"feccft",FAILED_EXCHANGE_CUSTOM_TOKEN:"fecte",FAILED_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN:"fede",FAILED_FEDERATED_LOGOUT:"federated_logout_failed",FAILED_EXCHANGE_NATIVE_SOCIAL_LOGIN:"fens",FAILED_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN:"feoobft",FAILED_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN:"feotpft",FAILED_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN:"fepft",FAILED_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN:"fepotpft",FAILED_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN:"fercft",FAILED_EXCHANGE_ROTATING_REFRESH_TOKEN:"ferrt",FAILED_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN:"fertft",FAILED_HOOK:"fh",FAILED_IMPERSONATION:"fimp",FAILED_INVITE_ACCEPT:"fi",FAILED_LOGOUT:"flo",FLOWS_EXECUTION_COMPLETED:"flows_execution_completed",FLOWS_EXECUTION_FAILED:"flows_execution_failed",FAILED_SENDING_NOTIFICATION:"fn",FORMS_SUBMISSION_FAILED:"forms_submission_failed",FORMS_SUBMISSION_SUCCEEDED:"forms_submission_succeeded",FAILED_LOGIN_INCORRECT_PASSWORD:"fp",FAILED_PUSHED_AUTHORIZATION_REQUEST:"fpar",FAILED_POST_USER_REGISTRATION_HOOK:"fpurh",FAILED_SIGNUP:"fs",FAILED_SILENT_AUTH:"fsa",FAILED_LOGIN_INVALID_EMAIL_USERNAME:"fu",FAILED_USERS_IMPORT:"fui",FAILED_VERIFICATION_EMAIL:"fv",FAILED_VERIFICATION_EMAIL_REQUEST:"fvr",EMAIL_VERIFICATION_CONFIRMED:"gd_auth_email_verification",EMAIL_VERIFICATION_FAILED:"gd_auth_fail_email_verification",MFA_AUTH_FAILED:"gd_auth_failed",MFA_AUTH_REJECTED:"gd_auth_rejected",MFA_AUTH_SUCCESS:"gd_auth_succeed",MFA_ENROLLMENT_COMPLETE:"gd_enrollment_complete",TOO_MANY_MFA_FAILURES:"gd_otp_rate_limit_exceed",MFA_RECOVERY_FAILED:"gd_recovery_failed",MFA_RECOVERY_RATE_LIMIT_EXCEED:"gd_recovery_rate_limit_exceed",MFA_RECOVERY_SUCCESS:"gd_recovery_succeed",MFA_EMAIL_SENT:"gd_send_email",EMAIL_VERIFICATION_SENT:"gd_send_email_verification",EMAIL_VERIFICATION_SEND_FAILURE:"gd_send_email_verification_failure",PUSH_NOTIFICATION_SENT:"gd_send_pn",ERROR_SENDING_MFA_PUSH_NOTIFICATION:"gd_send_pn_failure",MFA_SMS_SENT:"gd_send_sms",ERROR_SENDING_MFA_SMS:"gd_send_sms_failure",MFA_VOICE_CALL_SUCCESS:"gd_send_voice",MFA_VOICE_CALL_FAILED:"gd_send_voice_failure",SECOND_FACTOR_STARTED:"gd_start_auth",MFA_ENROLL_STARTED:"gd_start_enroll",MFA_ENROLLMENT_FAILED:"gd_start_enroll_failed",GUARDIAN_TENANT_UPDATE:"gd_tenant_update",UNENROLL_DEVICE_ACCOUNT:"gd_unenroll",UPDATE_DEVICE_ACCOUNT:"gd_update_device_account",WEBAUTHN_CHALLENGE_FAILED:"gd_webauthn_challenge_failed",WEBAUTHN_ENROLLMENT_FAILED:"gd_webauthn_enrollment_failed",FAILED_KMS_API_OPERATION:"kms_key_management_failure",SUCCESS_KMS_API_OPERATION:"kms_key_management_success",KMS_KEY_STATE_CHANGED:"kms_key_state_changed",TOO_MANY_CALLS_TO_DELEGATION:"limit_delegation",BLOCKED_IP_ADDRESS:"limit_mu",BLOCKED_ACCOUNT_IP:"limit_sul",BLOCKED_ACCOUNT_EMAIL:"limit_wc",MFA_REQUIRED:"mfar",MANAGEMENT_API_READ_OPERATION:"mgmt_api_read",FAILED_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT:"my_account_authentication_method_failed",SUCCESSFUL_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT:"my_account_authentication_method_succeeded",FAILED_OIDC_BACKCHANNEL_LOGOUT:"oidc_backchannel_logout_failed",SUCCESSFUL_OIDC_BACKCHANNEL_LOGOUT:"oidc_backchannel_logout_succeeded",ORGANIZATION_MEMBER_ADDED:"organization_member_added",PASSKEY_CHALLENGE_FAILED:"passkey_challenge_failed",PASSKEY_CHALLENGE_STARTED:"passkey_challenge_started",PRE_LOGIN_ASSESSMENT:"pla",BREACHED_PASSWORD:"pwd_leak",BREACHED_PASSWORD_ON_RESET:"reset_pwd_leak",SUCCESS_RESOURCE_CLEANUP:"resource_cleanup",RICH_CONSENTS_ACCESS_ERROR:"rich_consents_access_error",SUCCESS_LOGIN:"s",SUCCESS_API_OPERATION:"sapi",FAILED_API_OPERATION:"fapi",SUCCESS_CHANGE_EMAIL:"sce",SUCCESS_CROSS_ORIGIN_AUTHENTICATION:"scoa",SUCCESS_CHANGE_PASSWORD:"scp",SUCCESS_CHANGE_PHONE_NUMBER:"scpn",SUCCESS_CHANGE_PASSWORD_REQUEST:"scpr",SUCCESS_CHANGE_USERNAME:"scu",SUCCESS_CREDENTIAL_VALIDATION:"scv",SUCCESS_DELEGATION:"sd",SUCCESS_USER_DELETION:"sdu",SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN:"seacft",SUCCESS_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS:"seccft",SUCCESS_EXCHANGE_CUSTOM_TOKEN:"secte",SUCCESS_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN:"sede",SUCCESS_EXCHANGE_NATIVE_SOCIAL_LOGIN:"sens",SUCCESS_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN:"seoobft",SUCCESS_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN:"seotpft",SUCCESS_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN:"sepft",SUCCESS_EXCHANGE_PASSKEY_OOB_FOR_ACCESS_TOKEN:"sepkoobft",SUCCESS_EXCHANGE_PASSKEY_OTP_FOR_ACCESS_TOKEN:"sepkotpft",SUCCESS_EXCHANGE_PASSKEY_MFA_RECOVERY_FOR_ACCESS_TOKEN:"sepkrcft",SUCCESS_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN:"sercft",SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN:"sertft",SUCCESS_IMPERSONATION:"simp",SUCCESSFULLY_ACCEPTED_USER_INVITE:"si",BREACHED_PASSWORD_ON_SIGNUP:"signup_pwd_leak",SUCCESS_LOGOUT:"slo",SUCCESS_HOOK:"sh",SUCCESS_REVOCATION:"srrt",SUCCESS_SIGNUP:"ss",FAILED_SS_SSO_OPERATION:"ss_sso_failure",INFORMATION_FROM_SS_SSO_OPERATION:"ss_sso_info",SUCCESS_SS_SSO_OPERATION:"ss_sso_success",SUCCESS_SILENT_AUTH:"ssa",SUCCESSFUL_SCIM_OPERATION:"sscim",SUCCESSFULLY_IMPORTED_USERS:"sui",SUCCESS_VERIFICATION_EMAIL:"sv",SUCCESS_VERIFICATION_EMAIL_REQUEST:"svr",MAX_AMOUNT_OF_AUTHENTICATORS:"too_many_records",USER_LOGIN_BLOCK_RELEASED:"ublkdu",FAILED_UNIVERSAL_LOGOUT:"universal_logout_failed",SUCCESSFUL_UNIVERSAL_LOGOUT:"universal_logout_succeeded",WARNING_DURING_LOGIN:"w",WARNING_SENDING_NOTIFICATION:"wn",WARNING_USER_MANAGEMENT:"wum"},H9=s.z.string().refine(e=>Object.values(O).includes(e),{message:"Invalid log type"}),Lx=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.object({node:s.z.string().optional()}).optional()}),Mx=s.z.object({country_code:s.z.string().length(2),city_name:s.z.string(),latitude:s.z.string(),longitude:s.z.string(),time_zone:s.z.string(),continent_code:s.z.string()}),Ux=s.z.object({type:H9,date:s.z.string(),description:s.z.string().optional(),ip:s.z.string().optional(),user_agent:s.z.string().optional(),details:s.z.any().optional(),isMobile:s.z.boolean(),user_id:s.z.string().optional(),user_name:s.z.string().optional(),connection:s.z.string().optional(),connection_id:s.z.string().optional(),client_id:s.z.string().optional(),client_name:s.z.string().optional(),audience:s.z.string().optional(),scope:s.z.string().optional(),strategy:s.z.string().optional(),strategy_type:s.z.string().optional(),hostname:s.z.string().optional(),auth0_client:Lx.optional(),log_id:s.z.string().optional(),location_info:Mx.optional()}),$a=s.z.object({...Ux.shape,log_id:s.z.string()}),qx=s.z.enum(["http","eventbridge","eventgrid","splunk","datadog","sumo"]),Mw=s.z.enum(["active","paused","suspended"]),Hx=s.z.object({type:s.z.string(),name:s.z.string()}),Uw=s.z.object({name:s.z.string(),type:qx,status:Mw.optional(),sink:s.z.record(s.z.string(),s.z.unknown()),filters:s.z.array(Hx).optional(),isPriority:s.z.boolean().optional()}),Gs=Uw.extend({id:s.z.string(),status:Mw,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),ca=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),admin_notification_frequency:s.z.array(s.z.string()).optional(),method:s.z.string().optional(),stage:s.z.object({"pre-user-registration":s.z.object({shields:s.z.array(s.z.string()).optional()}).optional(),"pre-change-password":s.z.object({shields:s.z.array(s.z.string()).optional()}).optional()}).optional()}),la=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional(),mode:s.z.string().optional(),max_attempts:s.z.number().optional()}),da=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional(),stage:s.z.object({"pre-login":s.z.object({max_attempts:s.z.number().optional(),rate:s.z.number().optional()}).optional(),"pre-user-registration":s.z.object({max_attempts:s.z.number().optional(),rate:s.z.number().optional()}).optional()}).optional()}),Vx=s.z.object({breached_password_detection:ca.optional(),brute_force_protection:la.optional(),suspicious_ip_throttling:da.optional()}),Kx=s.z.object({id:s.z.string().optional(),user_id:s.z.string(),password:s.z.string(),algorithm:s.z.enum(["bcrypt","argon2id"]).default("argon2id"),is_current:s.z.boolean().default(!0)}),V9=Kx.extend({id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}),Gx=s.z.object({initial_user_agent:s.z.string().describe("First user agent of the device from which this user logged in"),initial_ip:s.z.string().describe("First IP address associated with this session"),initial_asn:s.z.string().describe("First autonomous system number associated with this session"),last_user_agent:s.z.string().describe("Last user agent of the device from which this user logged in"),last_ip:s.z.string().describe("Last IP address from which this user logged in"),last_asn:s.z.string().describe("Last autonomous system number from which this user logged in")}),Wx=s.z.object({id:s.z.string(),revoked_at:s.z.string().optional(),used_at:s.z.string().optional(),user_id:s.z.string().describe("The user ID associated with the session"),expires_at:s.z.string().optional(),login_session_id:s.z.string(),idle_expires_at:s.z.string().optional(),device:Gx.describe("Metadata related to the device used in the session"),clients:s.z.array(s.z.string()).describe("List of client details for the session")}),uh=s.z.object({created_at:s.z.string(),updated_at:s.z.string(),authenticated_at:s.z.string(),last_interaction_at:s.z.string(),...Wx.shape}),ly=s.z.object({kid:s.z.string().openapi({description:"The key id of the signing key"}),tenant_id:s.z.string().optional().openapi({description:"The tenant the key belongs to. Omitted means the key is shared / control-plane scoped."}),cert:s.z.string().openapi({description:"The public certificate of the signing key"}),fingerprint:s.z.string().openapi({description:"The cert fingerprint"}),thumbprint:s.z.string().openapi({description:"The cert thumbprint"}),pkcs7:s.z.string().optional().openapi({description:"The private key in pkcs7 format"}),current:s.z.boolean().optional().openapi({description:"True if the key is the current key"}),next:s.z.boolean().optional().openapi({description:"True if the key is the next key"}),previous:s.z.boolean().optional().openapi({description:"True if the key is the previous key"}),current_since:s.z.string().optional().openapi({description:"The date and time when the key became the current key"}),current_until:s.z.string().optional().openapi({description:"The date and time when the current key was rotated"}),revoked:s.z.boolean().optional().openapi({description:"True if the key is revoked"}),revoked_at:s.z.string().optional().openapi({description:"The date and time when the key was revoked"}),connection:s.z.string().optional().openapi({description:"The connection identifier associated with the key"}),type:s.z.enum(["jwt_signing","saml_encryption"]).openapi({description:"The type of the signing key"})}),qw=s.z.object({id:s.z.string().optional(),audience:s.z.string(),friendly_name:s.z.string(),picture_url:s.z.string().optional(),support_email:s.z.string().optional(),support_url:s.z.string().optional(),sender_email:s.z.string().email(),sender_name:s.z.string(),session_lifetime:s.z.number().optional(),idle_session_lifetime:s.z.number().optional(),ephemeral_session_lifetime:s.z.number().optional(),idle_ephemeral_session_lifetime:s.z.number().optional(),session_cookie:s.z.object({mode:s.z.enum(["persistent","non-persistent"]).optional()}).optional(),allowed_logout_urls:s.z.array(s.z.string()).optional(),default_redirection_uri:s.z.string().optional(),default_client_id:s.z.string().optional(),enabled_locales:s.z.array(s.z.string()).optional(),default_directory:s.z.string().optional(),error_page:s.z.object({html:s.z.string().optional(),show_log_link:s.z.boolean().optional(),url:s.z.string().optional()}).nullish(),flags:s.z.object({allow_changing_enable_sso:s.z.boolean().optional(),allow_legacy_delegation_grant_types:s.z.boolean().optional(),allow_legacy_ro_grant_types:s.z.boolean().optional(),allow_legacy_tokeninfo_endpoint:s.z.boolean().optional(),change_pwd_flow_v1:s.z.boolean().optional(),custom_domains_provisioning:s.z.boolean().optional(),dashboard_insights_view:s.z.boolean().optional(),dashboard_log_streams_next:s.z.boolean().optional(),disable_clickjack_protection_headers:s.z.boolean().optional(),disable_fields_map_fix:s.z.boolean().optional(),disable_impersonation:s.z.boolean().optional(),disable_management_api_sms_obfuscation:s.z.boolean().optional(),enable_adfs_waad_email_verification:s.z.boolean().optional(),enable_apis_section:s.z.boolean().optional(),enable_client_connections:s.z.boolean().optional(),enable_custom_domain_in_emails:s.z.boolean().optional(),enable_dynamic_client_registration:s.z.boolean().optional(),dcr_require_initial_access_token:s.z.boolean().optional(),dcr_allowed_grant_types:s.z.array(s.z.string()).optional(),allow_http_return_to:s.z.array(s.z.string().refine(e=>{try{const t=new URL(e);return t.protocol==="http:"&&(t.pathname===""||t.pathname==="/")&&!t.search&&!t.hash&&e===t.origin}catch{return!1}},{message:"must be a fully-qualified http origin (scheme + host + port, no path)"})).optional(),enable_idtoken_api2:s.z.boolean().optional(),enable_legacy_logs_search_v2:s.z.boolean().optional(),enable_legacy_profile:s.z.boolean().optional(),enable_pipeline2:s.z.boolean().optional(),enable_public_signup_user_exists_error:s.z.boolean().optional(),enable_sso:s.z.boolean().optional(),enforce_client_authentication_on_passwordless_start:s.z.boolean().optional(),genai_trial:s.z.boolean().optional(),improved_signup_bot_detection_in_classic:s.z.boolean().optional(),mfa_show_factor_list_on_enrollment:s.z.boolean().optional(),no_disclose_enterprise_connections:s.z.boolean().optional(),remove_alg_from_jwks:s.z.boolean().optional(),revoke_refresh_token_grant:s.z.boolean().optional(),trust_azure_adfs_email_verified_connection_property:s.z.boolean().optional(),use_scope_descriptions_for_consent:s.z.boolean().optional(),inherit_global_permissions_in_organizations:s.z.boolean().optional()}).optional(),sandbox_version:s.z.string().optional(),legacy_sandbox_version:s.z.string().optional(),sandbox_versions_available:s.z.array(s.z.string()).optional(),change_password:s.z.object({enabled:s.z.boolean().optional(),html:s.z.string().optional()}).optional(),guardian_mfa_page:s.z.object({enabled:s.z.boolean().optional(),html:s.z.string().optional()}).optional(),device_flow:s.z.object({charset:s.z.enum(["base20","digits"]).optional(),mask:s.z.string().max(20).optional()}).optional(),default_token_quota:s.z.object({clients:s.z.object({client_credentials:s.z.record(s.z.any()).optional()}).optional(),organizations:s.z.object({client_credentials:s.z.record(s.z.any()).optional()}).optional()}).nullish(),default_audience:s.z.string().optional(),default_organization:s.z.string().optional(),sessions:s.z.object({oidc_logout_prompt_enabled:s.z.boolean().optional()}).optional(),oidc_logout:s.z.object({rp_logout_end_session_endpoint_discovery:s.z.boolean().optional()}).optional(),allow_organization_name_in_authentication_api:s.z.boolean().optional(),customize_mfa_in_postlogin_action:s.z.boolean().optional(),acr_values_supported:s.z.array(s.z.string()).optional(),mtls:s.z.object({enable_endpoint_aliases:s.z.boolean().optional()}).nullish(),pushed_authorization_requests_supported:s.z.boolean().optional(),authorization_response_iss_parameter_supported:s.z.boolean().optional(),attack_protection:Vx.optional(),mfa:s.z.object({policy:s.z.enum(["never","always"]).default("never").optional(),factors:s.z.object({sms:s.z.boolean().default(!1),otp:s.z.boolean().default(!1),email:s.z.boolean().default(!1),push_notification:s.z.boolean().default(!1),webauthn_roaming:s.z.boolean().default(!1),webauthn_platform:s.z.boolean().default(!1),recovery_code:s.z.boolean().default(!1),duo:s.z.boolean().default(!1)}).optional(),sms_provider:s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"]).optional()}).optional(),twilio:s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}).optional(),phone_message:s.z.object({message:s.z.string().optional()}).optional()}).optional()}),xp=s.z.object({created_at:s.z.string().nullable().transform(e=>e??""),updated_at:s.z.string().nullable().transform(e=>e??""),...qw.shape,id:s.z.string()});var Zt=(e=>(e.RefreshToken="refresh_token",e.AuthorizationCode="authorization_code",e.ClientCredential="client_credentials",e.Passwordless="passwordless",e.Password="password",e.OTP="http://auth0.com/oauth/grant-type/passwordless/otp",e))(Zt||{});const Hw=s.z.object({access_token:s.z.string(),id_token:s.z.string().optional(),scope:s.z.string().optional(),state:s.z.string().optional(),refresh_token:s.z.string().optional(),token_type:s.z.string(),expires_in:s.z.number()});s.z.object({code:s.z.string(),state:s.z.string().optional()});const Jx=s.z.object({button_border_radius:s.z.number(),button_border_weight:s.z.number(),buttons_style:s.z.enum(["pill","rounded","sharp"]),input_border_radius:s.z.number(),input_border_weight:s.z.number(),inputs_style:s.z.enum(["pill","rounded","sharp"]),show_widget_shadow:s.z.boolean(),widget_border_weight:s.z.number(),widget_corner_radius:s.z.number()}),Yx=s.z.object({base_focus_color:s.z.string(),base_hover_color:s.z.string(),body_text:s.z.string(),captcha_widget_theme:s.z.enum(["auto","dark","light"]),error:s.z.string(),header:s.z.string(),icons:s.z.string(),input_background:s.z.string(),input_border:s.z.string(),input_filled_text:s.z.string(),input_labels_placeholders:s.z.string(),links_focused_components:s.z.string(),primary_button:s.z.string(),primary_button_label:s.z.string(),secondary_button_border:s.z.string(),secondary_button_label:s.z.string(),success:s.z.string(),widget_background:s.z.string(),widget_border:s.z.string()}),Co=s.z.object({bold:s.z.boolean(),size:s.z.number()}),Qx=s.z.object({body_text:Co,buttons_text:Co,font_url:s.z.string(),input_labels:Co,links:Co,links_style:s.z.enum(["normal","underlined"]),reference_text_size:s.z.number(),subtitle:Co,title:Co}),Zx=s.z.object({background_color:s.z.string(),background_image_url:s.z.string(),page_layout:s.z.enum(["center","left","right"]),logo_placement:s.z.enum(["widget","chip","none"]).optional()}),Xx=s.z.object({header_text_alignment:s.z.enum(["center","left","right"]),logo_height:s.z.number(),logo_position:s.z.enum(["center","left","none","right"]),logo_url:s.z.string(),social_buttons_layout:s.z.enum(["bottom","top"])}),eC=s.z.object({borders:Jx,colors:Yx,displayName:s.z.string(),fonts:Qx,page_background:Zx,widget:Xx}),Yu=eC.extend({themeId:s.z.string()}),Ko=s.z.object({universal_login_experience:s.z.enum(["new","classic"]).default("new"),identifier_first:s.z.boolean().default(!0),password_first:s.z.boolean().default(!1),webauthn_platform_first_factor:s.z.boolean()}),Ws=s.z.object({name:s.z.string(),enabled:s.z.boolean().optional().default(!0),default_from_address:s.z.string().optional(),credentials:s.z.record(s.z.string(),s.z.unknown()),settings:s.z.object({}).optional()}),Vw=s.z.enum(["verify_email","verify_email_by_code","reset_email","reset_email_by_code","welcome_email","blocked_account","stolen_credentials","enrollment_email","mfa_oob_code","change_password","password_reset","user_invitation"]),Or=s.z.object({template:Vw,body:s.z.string(),from:s.z.string(),subject:s.z.string(),syntax:s.z.literal("liquid").default("liquid"),resultUrl:s.z.string().optional(),urlLifetimeInSeconds:s.z.number().int().nonnegative().optional(),includeEmailInRedirect:s.z.boolean().default(!1),enabled:s.z.boolean().default(!0)}),Kw=s.z.object({id:s.z.string(),login_id:s.z.string(),user_id:s.z.string(),client_id:s.z.string(),expires_at:s.z.string().optional(),idle_expires_at:s.z.string().optional(),last_exchanged_at:s.z.string().optional(),device:Gx,resource_servers:s.z.array(s.z.object({audience:s.z.string(),scopes:s.z.string()})),rotating:s.z.boolean(),token_lookup:s.z.string().optional(),token_hash:s.z.string().optional(),family_id:s.z.string().optional(),rotated_to:s.z.string().optional(),rotated_at:s.z.string().optional()}),K9=s.z.object({created_at:s.z.string(),revoked_at:s.z.string().optional(),...Kw.shape}),G9=s.z.object({to:s.z.string(),message:s.z.string()}),W9=s.z.object({name:s.z.string(),options:s.z.object({})}),tC=s.z.object({value:s.z.string(),description:s.z.string().optional()}),nC=s.z.object({token_dialect:s.z.enum(["access_token","access_token_authz"]).optional(),enforce_policies:s.z.boolean().optional(),allow_skipping_userinfo:s.z.boolean().optional(),skip_userinfo:s.z.boolean().optional(),persist_client_authorization:s.z.boolean().optional(),enable_introspection_endpoint:s.z.boolean().optional(),mtls:s.z.object({bound_access_tokens:s.z.boolean().optional()}).optional()}),Cp=s.z.object({id:s.z.string().optional(),name:s.z.string(),identifier:s.z.string(),scopes:s.z.array(tC).optional(),signing_alg:s.z.string().optional(),signing_secret:s.z.string().optional(),token_lifetime:s.z.number().default(86400),token_lifetime_for_web:s.z.number().default(7200),skip_consent_for_verifiable_first_party_clients:s.z.boolean().optional(),allow_offline_access:s.z.boolean().optional(),verificationKey:s.z.string().optional(),options:nC.optional(),is_system:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional()}),Lo=s.z.object({...Cp.shape,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),J9=s.z.array(Lo),iC=s.z.object({role_id:s.z.string(),resource_server_identifier:s.z.string(),permission_name:s.z.string()}),Gw=s.z.object({...iC.shape,created_at:s.z.string()}),rC=s.z.array(Gw),oC=s.z.object({user_id:s.z.string(),resource_server_identifier:s.z.string(),permission_name:s.z.string(),organization_id:s.z.string().optional()}),sC=s.z.object({...oC.shape,tenant_id:s.z.string(),created_at:s.z.string().optional()}),Y9=s.z.array(sC),aC=s.z.object({user_id:s.z.string(),resource_server_identifier:s.z.string(),resource_server_name:s.z.string(),permission_name:s.z.string(),description:s.z.string().nullable().optional(),created_at:s.z.string().optional(),organization_id:s.z.string().optional()}),cC=s.z.array(aC),lC=s.z.object({user_id:s.z.string(),role_id:s.z.string(),organization_id:s.z.string().optional()}),dC=s.z.object({...lC.shape,tenant_id:s.z.string(),created_at:s.z.string().optional()}),Q9=s.z.array(dC),Tp=s.z.object({id:s.z.string().optional().openapi({description:"The unique identifier of the role. If not provided, one will be generated."}),name:s.z.string().min(1).max(50).openapi({description:"The name of the role. Cannot include '<' or '>'"}),description:s.z.string().max(255).optional().openapi({description:"The description of the role"}),is_system:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional().openapi({description:"Metadata associated with the role. Can be used to control sync behavior in multi-tenancy scenarios."})}),Mo=Tp.extend({id:s.z.string().openapi({description:"The unique identifier of the role"}),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),$p=s.z.array(Mo),uC=s.z.object({logo_url:s.z.string().optional().openapi({description:"URL of the organization's logo"}),colors:s.z.object({primary:s.z.string().optional().openapi({description:"Primary color in hex format (e.g., #FF0000)"}),page_background:s.z.string().optional().openapi({description:"Page background color in hex format (e.g., #FFFFFF)"})}).optional()}).optional(),pC=s.z.object({connection_id:s.z.string().openapi({description:"ID of the connection"}),assign_membership_on_login:s.z.boolean().default(!1).openapi({description:"Whether to assign membership to the organization on login"}),show_as_button:s.z.boolean().default(!0).openapi({description:"Whether to show this connection as a button in the login screen"}),is_signup_enabled:s.z.boolean().default(!0).openapi({description:"Whether signup is enabled for this connection"})}),fC=s.z.object({client_credentials:s.z.object({enforce:s.z.boolean().default(!1).openapi({description:"Whether to enforce token quota limits"}),per_day:s.z.number().min(0).default(0).openapi({description:"Maximum tokens per day (0 = unlimited)"}),per_hour:s.z.number().min(0).default(0).openapi({description:"Maximum tokens per hour (0 = unlimited)"})}).optional()}).optional(),Ip=s.z.object({id:s.z.string().optional(),name:s.z.string().min(1).regex(/^[a-z0-9_-]+$/,{message:"Organization name must be lowercase and can only contain letters, numbers, hyphens, and underscores"}).openapi({description:"The name of the organization. Must be lowercase and can only contain letters, numbers, hyphens, and underscores."}),display_name:s.z.string().optional().openapi({description:"The display name of the organization"}),branding:uC,metadata:s.z.record(s.z.any()).default({}).optional().openapi({description:"Custom metadata for the organization"}),enabled_connections:s.z.array(pC).default([]).optional().openapi({description:"List of enabled connections for the organization"}),token_quota:fC}),Br=s.z.object({...Ip.shape,...Mn.shape,id:s.z.string(),name:s.z.string().min(1).openapi({description:"The name of the organization"})}),zp=s.z.object({connection_id:s.z.string().openapi({description:"ID of the tenant-level connection to enable for the org."}),assign_membership_on_login:s.z.boolean().optional().default(!1),show_as_button:s.z.boolean().optional().default(!0),is_signup_enabled:s.z.boolean().optional().default(!0)}),ua=s.z.object({...zp.shape,connection:s.z.object({name:s.z.string().optional(),strategy:s.z.string().optional()}).optional(),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),Z9=s.z.array(ua),hC=s.z.object({user_id:s.z.string().openapi({description:"ID of the user"}),organization_id:s.z.string().openapi({description:"ID of the organization"})}),X9=s.z.object({...hC.shape,...Mn.shape,id:s.z.string()}),eF=s.z.object({idle_session_lifetime:s.z.number().default(72),session_lifetime:s.z.number().default(168),session_cookie:s.z.object({mode:s.z.enum(["persistent","non-persistent"]).optional()}).optional(),enable_client_connections:s.z.boolean().optional(),default_redirection_uri:s.z.string().optional(),enabled_locales:s.z.array(s.z.string()).optional(),default_directory:s.z.string().optional(),error_page:s.z.object({html:s.z.string().optional(),show_log_link:s.z.boolean().optional(),url:s.z.string().optional()}).optional(),flags:s.z.object({allow_legacy_delegation_grant_types:s.z.boolean().optional(),allow_legacy_ro_grant_types:s.z.boolean().optional(),allow_legacy_tokeninfo_endpoint:s.z.boolean().optional(),disable_clickjack_protection_headers:s.z.boolean().optional(),enable_apis_section:s.z.boolean().optional(),enable_client_connections:s.z.boolean().optional(),enable_custom_domain_in_emails:s.z.boolean().optional(),enable_dynamic_client_registration:s.z.boolean().optional(),enable_idtoken_api2:s.z.boolean().optional(),enable_legacy_logs_search_v2:s.z.boolean().optional(),enable_legacy_profile:s.z.boolean().optional(),enable_pipeline2:s.z.boolean().optional(),enable_public_signup_user_exists_error:s.z.boolean().optional(),use_scope_descriptions_for_consent:s.z.boolean().optional(),disable_management_api_sms_obfuscation:s.z.boolean().optional(),enable_adfs_waad_email_verification:s.z.boolean().optional(),revoke_refresh_token_grant:s.z.boolean().optional(),dashboard_log_streams_next:s.z.boolean().optional(),dashboard_insights_view:s.z.boolean().optional(),disable_fields_map_fix:s.z.boolean().optional(),mfa_show_factor_list_on_enrollment:s.z.boolean().optional()}).optional(),friendly_name:s.z.string().optional(),picture_url:s.z.string().optional(),support_email:s.z.string().optional(),support_url:s.z.string().optional(),sandbox_version:s.z.string().optional(),sandbox_versions_available:s.z.array(s.z.string()).optional(),change_password:s.z.object({enabled:s.z.boolean(),html:s.z.string()}).optional(),guardian_mfa_page:s.z.object({enabled:s.z.boolean(),html:s.z.string()}).optional(),default_audience:s.z.string().optional(),default_organization:s.z.string().optional(),sessions:s.z.object({oidc_logout_prompt_enabled:s.z.boolean().optional()}).optional(),mfa:s.z.object({policy:s.z.enum(["never","always"]).default("never").optional(),factors:s.z.object({sms:s.z.boolean().default(!1),otp:s.z.boolean().default(!1),email:s.z.boolean().default(!1),push_notification:s.z.boolean().default(!1),webauthn_roaming:s.z.boolean().default(!1),webauthn_platform:s.z.boolean().default(!1),recovery_code:s.z.boolean().default(!1),duo:s.z.boolean().default(!1)}).optional(),sms_provider:s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"]).optional()}).optional(),twilio:s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}).optional(),phone_message:s.z.object({message:s.z.string().optional()}).optional()}).optional()}),gC=s.z.object({date:s.z.string().openapi({description:"Date these events occurred in ISO 8601 format",example:"2025-12-19"}),logins:s.z.number().openapi({description:"Number of logins on this date",example:150}),signups:s.z.number().openapi({description:"Number of signups on this date",example:25}),leaked_passwords:s.z.number().openapi({description:"Number of breached-password detections on this date (subscription required)",example:0}),updated_at:s.z.string().openapi({description:"Date and time this stats entry was last updated in ISO 8601 format",example:"2025-12-19T10:30:00.000Z"}),created_at:s.z.string().openapi({description:"Approximate date and time the first event occurred in ISO 8601 format",example:"2025-12-19T00:00:00.000Z"})}),tF=s.z.number().openapi({description:"Number of active users in the last 30 days",example:1234}),pa=s.z.enum(["login","login-id","login-password","signup","signup-id","signup-password","reset-password","consent","mfa","mfa-push","mfa-otp","mfa-voice","mfa-phone","mfa-webauthn","mfa-email","mfa-recovery-code","status","device-flow","email-verification","email-otp-challenge","organizations","invitation","common","passkeys","captcha","custom-form","login-passwordless","mfa-login-options"]),zo=s.z.record(s.z.string(),s.z.record(s.z.string(),s.z.string())).openapi({type:"object",additionalProperties:{type:"object",additionalProperties:{type:"string"}}}),nF=s.z.object({prompt:pa,language:s.z.string(),custom_text:zo}),W={EMAIL:"email",SMS:"sms",USERNAME_PASSWORD:"Username-Password-Authentication",GOOGLE_OAUTH2:"google-oauth2",APPLE:"apple",FACEBOOK:"facebook",GITHUB:"github",MICROSOFT:"microsoft",VIPPS:"vipps",OIDC:"oidc",OAUTH2:"oauth2",SAMLP:"samlp",WAAD:"waad",ADFS:"adfs",AUTH0:"auth0"},Ht={DATABASE:"database",SOCIAL:"social",PASSWORDLESS:"passwordless"},mC=s.z.enum(["phone","totp","email","push","webauthn-roaming","webauthn-platform","passkey"]),yC=s.z.object({user_id:s.z.string(),type:mC,phone_number:s.z.string().optional(),totp_secret:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().int().nonnegative().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),confirmed:s.z.boolean().default(!1)});function _C(e,t){e.type==="phone"&&!e.phone_number&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"phone_number is required when type is 'phone'",path:["phone_number"]}),e.type==="totp"&&!e.totp_secret&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"totp_secret is required when type is 'totp'",path:["totp_secret"]}),["webauthn-roaming","webauthn-platform","passkey"].includes(e.type)&&(e.credential_id||t.addIssue({code:s.z.ZodIssueCode.custom,message:`credential_id is required when type is '${e.type}'`,path:["credential_id"]}),e.public_key||t.addIssue({code:s.z.ZodIssueCode.custom,message:`public_key is required when type is '${e.type}'`,path:["public_key"]}))}const iF=yC.superRefine(_C),rF=s.z.object({...yC.shape,id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}).superRefine(_C);function oF(e){const[t,n]=e.split("|");if(!t||!n)throw new Error(`Invalid user_id: ${e}`);return{connection:t,id:n}}function sF(e){const{primary:t,secondaries:n,syncMethods:i=["create","rawCreate","update","remove","delete","set"]}=e,r={get(o,a){if(typeof a=="symbol")return o[a];const c=o[a];return typeof c!="function"?c:i.includes(a)?async(...l)=>{const d=await c.apply(o,l),u=[];for(const p of n){const f=p.adapter[a];if(typeof f!="function")continue;const h=(async()=>{try{await f.apply(p.adapter,l)}catch(g){try{p.onError?p.onError(g,a,l):console.error(`Passthrough adapter: secondary write failed for ${a}:`,g)}catch(m){console.error(`Passthrough adapter: onError handler threw for ${a}:`,m)}}})();p.blocking&&u.push(h)}return u.length>0&&await Promise.all(u),d}:c.bind(o)}};return new Proxy(t,r)}function aF(e){return e}function bs(e){var t,n,i,r,o,a,c,l,d,u,p,f;const h=e?.options;if(!h)return{usernameIdentifierActive:!1,emailIdentifierActive:!0,usernameMinLength:1,usernameMaxLength:15};const g=h.attributes;if(g){const m=((n=(t=g.username)==null?void 0:t.identifier)==null?void 0:n.active)===!0,_=((r=(i=g.email)==null?void 0:i.identifier)==null?void 0:r.active)!==!1,y=((a=(o=g.username)==null?void 0:o.validation)==null?void 0:a.min_length)??1,w=((l=(c=g.username)==null?void 0:c.validation)==null?void 0:l.max_length)??15;return{usernameIdentifierActive:m,emailIdentifierActive:_,usernameMinLength:y,usernameMaxLength:w}}return{usernameIdentifierActive:h.requires_username===!0,emailIdentifierActive:!0,usernameMinLength:((u=(d=h.validation)==null?void 0:d.username)==null?void 0:u.min)??1,usernameMaxLength:((f=(p=h.validation)==null?void 0:p.username)==null?void 0:f.max)??15}}function Pp(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}var cF={deno:"Deno",bun:"Bun",workerd:"Cloudflare-Workers",node:"Node.js"},Ww=()=>{const e=globalThis;if(typeof navigator<"u"&&typeof navigator.userAgent=="string"){for(const[n,i]of Object.entries(cF))if(lF(i))return n}return typeof e?.EdgeRuntime=="string"?"edge-light":e?.fastly!==void 0?"fastly":e?.process?.release?.name==="node"?"node":"other"},lF=e=>navigator.userAgent.startsWith(e);function ph(e,t){if(Ww()==="workerd")try{e.executionCtx.waitUntil(t);return}catch{}const n=t.then(()=>{},r=>{console.error("waitUntil promise error:",r)});let i;try{i=e.var?.backgroundPromises}catch{i=void 0}if(!Array.isArray(i)){if(typeof e.set!="function")return;i=[],e.set("backgroundPromises",i)}i.push(n)}async function dF(e){const t=e.var.backgroundPromises;if(!Array.isArray(t)||t.length===0)return;const n=t.splice(0,t.length);await Promise.all(n)}function uF(e){return[...e].reduce((t,[n,i])=>({...t,[n]:i}),{})}const pF=new Set(["password","password_hash","client_secret","signing_keys","credentials","encryption_key","otp_secret"]);function dy(e){if(!e)return;const t={};for(const[n,i]of Object.entries(e))pF.has(n)?t[n]="[REDACTED]":t[n]=i;return t}function wC(e){return e&&typeof e=="object"&&!Array.isArray(e)?dy(e):e}function fF(e,t){if(!e||!t)return;const n={},i=new Set([...Object.keys(e),...Object.keys(t)]);for(const r of i){const o=e[r],a=t[r];JSON.stringify(o)!==JSON.stringify(a)&&(n[r]={old:o,new:a})}return Object.keys(n).length>0?n:void 0}function hF(e,t){return e.var.user_id||t.actorUserId?"admin_action":t.userId?"user_action":e.var.client_id?"api":"system"}function bC(e,t,n){const i=e.env.outbox?.captureEntityState!==!1,r=i?dy(n.beforeState):void 0,o=i?dy(n.afterState):void 0;return{tenant_id:t,event_type:n.targetType?`${n.targetType}.${gF(e.req.method)}`:n.type,log_type:n.type,description:n.description,category:hF(e,n),actor:{type:e.var.user_id||n.actorUserId?"admin":n.userId?"user":e.var.client_id?"client_credentials":"system",id:e.var.user_id||n.actorUserId||n.userId||void 0,email:e.var.username||void 0,org_id:e.var.organization_id||e.var.user?.org_id||void 0,org_name:e.var.org_name||e.var.user?.org_name||void 0,scopes:e.var.user?.scope?e.var.user.scope.split(" "):void 0,client_id:e.var.client_id||void 0},target:{type:n.targetType||"unknown",id:n.targetId||n.userId||e.var.user_id||"",before:r,after:o,diff:fF(r,o)},request:{method:e.req.method,path:e.req.path,query:e.req.queries()?Object.fromEntries(Object.entries(e.req.queries()).map(([a,c])=>[a,Array.isArray(c)?c.join(","):c])):void 0,body:wC(n.body||e.var.body||void 0),ip:e.var.ip||"",user_agent:e.var.useragent||void 0},response:n.response?{status_code:n.response.statusCode,body:n.response.body}:void 0,connection:n.connection||e.var.connection||void 0,strategy:n.strategy||void 0,strategy_type:n.strategy_type||void 0,audience:n.audience||void 0,scope:n.scope||void 0,hostname:e.var.host||"",is_mobile:!1,auth0_client:e.var.auth0_client,timestamp:new Date().toISOString()}}function gF(e){switch(e){case"POST":return"created";case"PATCH":case"PUT":return"updated";case"DELETE":return"deleted";default:return"accessed"}}async function R(e,t,n){const i={};if(e.req.raw?.headers){const o=uF(e.req.raw.headers);for(const[a,c]of Object.entries(o))i[a.toLowerCase()]=c}if(e.env.outbox?.enabled&&e.env.data.outbox){const o=bC(e,t,n),a=e.env.data.outbox.create(t,o),c=e.var.outboxEventPromises||[];c.push(a),e.set("outboxEventPromises",c);return}const r=async()=>{let o;if(e.env.data.geo)try{o=await e.env.data.geo.getGeoInfo(i)||void 0}catch(c){console.warn("Failed to get geo information:",c)}const a={type:n.type,description:n.description||"",ip:e.var.ip,user_agent:e.var.useragent||"",auth0_client:e.var.auth0_client,date:new Date().toISOString(),details:n.details||{request:{method:e.req.method,path:e.req.path,qs:e.req.queries(),body:wC(n.body||e.var.body||"")},...n.response&&{response:n.response}},isMobile:!1,client_id:e.var.client_id,client_name:"",user_id:n.userId||e.var.user_id||"",hostname:e.var.host||"",user_name:e.var.username||"",connection_id:"",connection:n.connection||e.var.connection||"",strategy:n.strategy||"",strategy_type:n.strategy_type||"",audience:n.audience||"",scope:n.scope||"",location_info:o};await e.env.data.logs.create(t,a)};n.waitForCompletion?await r():ph(e,r())}async function vC(e,t,n,i){if(!e.env.outbox?.enabled||!t.outbox)return;const r=bC(e,n,i);return t.outbox.create(n,r)}const ct=s.z.object({page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),per_page:s.z.string().min(1).optional().default("10").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"Return results inside an object that contains the total result count (true) or as a direct array of results (false, default)."}),from:s.z.string().optional().openapi({description:"Optional Id from which to start selection."}),take:s.z.string().optional().transform(e=>e?parseInt(e,10):void 0).openapi({description:"Number of results per page. Defaults to 50."}),sort:s.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. e.g. created_at:1."}),q:s.z.string().optional().openapi({description:"A lucene query string used to filter the results"})});function kt(e){if(!e)return;const[t,n]=e.split(":"),i=n==="1"?"asc":"desc";if(!(!t||!i))return{sort_by:t,sort_order:i}}const mF=Et.extend({actions:s.z.array(Xi)}),yF=s.z.object({versions:s.z.array(sh)}),_F=Et.extend({versions:s.z.array(sh)});function vu(e,t,n,i){return e.actionVersions.create(t,{action_id:n.id,code:n.code,runtime:n.runtime,secrets:n.secrets,dependencies:n.dependencies,supported_triggers:n.supported_triggers,deployed:i})}const wF=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Xi),mF])}},description:"List of actions"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.actions.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o}),c=a.actions.map(l=>({...l,secrets:l.secrets?.map(d=>({name:d.name}))}));return i?e.json({...a,actions:c}):e.json(c)}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Bl}}}},security:[{Bearer:["create:actions","auth:write"]}],responses:{201:{content:{"application/json":{schema:Xi}},description:"The created action"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.actions.create(e.var.tenant_id,t);let i=!1;if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(n.id,t.code),i=!0}catch(r){await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy action ${n.id}: ${r instanceof Error?r.message:String(r)}`})}else i=!0;return await vu(e.env.data,e.var.tenant_id,n,i),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create action",targetType:"action",targetId:n.id}),e.json(n,{status:201})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"An action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actions.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Action not found"});return e.json({...n,secrets:n.secrets?.map(i=>({name:i.name}))})}).openapi(s.createRoute({tags:["actions"],method:"patch",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:Bl.partial()}}}},security:[{Bearer:["update:actions","auth:write"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"The updated action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.actions.update(e.var.tenant_id,t,n))throw new z(404,{message:"Action not found"});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new z(404,{message:"Action not found"});if(n.code!==void 0&&e.env.codeExecutor?.deploy){let o=!1;try{await e.env.codeExecutor.deploy(t,n.code),o=!0}catch(a){await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy action ${t}: ${a instanceof Error?a.message:String(a)}`})}await vu(e.env.data,e.var.tenant_id,r,o)}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update action",targetType:"action",targetId:t}),e.json({...r,secrets:r.secrets?.map(o=>({name:o.name}))})}).openapi(s.createRoute({tags:["actions"],method:"delete",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["delete:actions","auth:write"]}],responses:{200:{description:"Action deleted"},404:{description:"Action not found"},409:{description:"Action is bound to a trigger and cannot be deleted"}}}),async e=>{const{id:t}=e.req.valid("param");if((await e.env.data.hooks.list(e.var.tenant_id,{q:`code_id:"${t}"`})).hooks.length>0)throw new z(409,{message:"Action is bound to a trigger. Remove the binding before deleting."});if(!await e.env.data.actions.remove(e.var.tenant_id,t))throw new z(404,{message:"Action not found"});if(await e.env.data.actionVersions.removeForAction(e.var.tenant_id,t),e.env.codeExecutor?.remove)try{await e.env.codeExecutor.remove(t)}catch(r){await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to remove action worker ${t}: ${r instanceof Error?r.message:String(r)}`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete action",targetType:"action",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{id}/deploy",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["update:actions","auth:write"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"The deployed action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actions.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Action not found"});if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,n.code)}catch(i){throw await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy action ${t}: ${i instanceof Error?i.message:String(i)}`}),new z(500,{message:`Deployment failed: ${i instanceof Error?i.message:String(i)}`})}return await e.env.data.actions.update(e.var.tenant_id,t,{status:"built",deployed_at:new Date().toISOString()}),await vu(e.env.data,e.var.tenant_id,n,!0),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Deploy action",targetType:"action",targetId:t}),e.json({...n,status:"built",secrets:n.secrets?.map(i=>({name:i.name}))})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{actionId}/versions",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string()}),query:ct},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([yF,_F])}},description:"List of action versions"},404:{description:"Action not found"}}}),async e=>{const{actionId:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o}=e.req.valid("query");if(!await e.env.data.actions.get(e.var.tenant_id,t))throw new z(404,{message:"Action not found"});const c=await e.env.data.actionVersions.list(e.var.tenant_id,t,{page:n,per_page:i,include_totals:r,sort:kt(o)}),l=c.versions.map(d=>({...d,secrets:d.secrets?.map(u=>({name:u.name}))}));return r?e.json({...c,versions:l}):e.json({versions:l})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{actionId}/versions/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string(),id:s.z.string()})},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:sh}},description:"Action version"},404:{description:"Action version not found"}}}),async e=>{const{actionId:t,id:n}=e.req.valid("param"),i=await e.env.data.actionVersions.get(e.var.tenant_id,t,n);if(!i)throw new z(404,{message:"Action version not found"});return e.json({...i,secrets:i.secrets?.map(r=>({name:r.name}))})}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{actionId}/versions/{id}/deploy",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string(),id:s.z.string()})},security:[{Bearer:["update:actions","auth:write"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"The action after rollback"},404:{description:"Action version not found"}}}),async e=>{const{actionId:t,id:n}=e.req.valid("param"),i=await e.env.data.actionVersions.get(e.var.tenant_id,t,n);if(!i)throw new z(404,{message:"Action version not found"});if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,i.code)}catch(o){throw await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to roll back action ${t} to version ${n}: ${o instanceof Error?o.message:String(o)}`}),new z(500,{message:`Rollback failed: ${o instanceof Error?o.message:String(o)}`})}await e.env.data.actions.update(e.var.tenant_id,t,{code:i.code,runtime:i.runtime,secrets:i.secrets,dependencies:i.dependencies,supported_triggers:i.supported_triggers,status:"built",deployed_at:new Date().toISOString()});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new z(404,{message:"Action not found"});return await vu(e.env.data,e.var.tenant_id,r,!0),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:`Roll back action to version ${i.number}`,targetType:"action",targetId:t}),e.json({...r,secrets:r.secrets?.map(o=>({name:o.name}))})});let bF="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",vF=e=>crypto.getRandomValues(new Uint8Array(e)),AF=(e,t,n)=>{let i=256-256%e.length;if(i===256){let o=e.length-1;return(a=t)=>{if(!a)return"";let c="";for(;;){let l=n(a),d=a;for(;d--;)if(c+=e[l[d]&o],c.length>=a)return c}}}let r=Math.ceil(1.6*256*t/i);return(o=t)=>{if(!o)return"";let a="";for(;;){let c=n(r),l=r;for(;l--;)if(c[l]<i&&(a+=e[c[l]%e.length],a.length>=o))return a}}},AC=(e,t=21)=>AF(e,t|0,vF),Ue=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=bF[n[e]&63];return t};const kF=17,SF={organization:"org_",connection:"con_",action:"act_",hook:"h_",rule:"rul_",resource_server:"api_",guardian_factor:"gfa_",invite:"inv_",flow:"af_"};function fh(e){const i=AC("0123456789abcdefghijklmnopqrstuvwxyz",kF)();return`${SF[e]}${i}`}function EF(){return fh("organization")}function xF(){return fh("connection")}function kC(){return fh("hook")}function CF(){return fh("invite")}const SC={"post-login":"post-user-login","credentials-exchange":"credentials-exchange","pre-user-registration":"pre-user-registration","post-user-registration":"post-user-registration"},TF=Object.fromEntries(Object.entries(SC).map(([e,t])=>[t,e]));function B1(e){return SC[e]||e}function L1(e){return TF[e]||e}const $F=s.z.object({type:s.z.enum(["action_id","action_name"]).optional(),value:s.z.string().optional(),id:s.z.string().optional(),name:s.z.string().optional()}),IF=s.z.object({ref:$F,display_name:s.z.string().optional()}),zF=s.z.object({id:s.z.string(),trigger_id:s.z.string(),display_name:s.z.string(),action:Xi,created_at:s.z.string(),updated_at:s.z.string()}),M1=s.z.object({bindings:s.z.array(zF)}),PF=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/{triggerId}/bindings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({triggerId:s.z.string()})},security:[{Bearer:["read:actions","auth:read"]}],responses:{200:{content:{"application/json":{schema:M1}},description:"Trigger bindings"}}}),async e=>{const{triggerId:t}=e.req.valid("param"),n=B1(t),r=(await e.env.data.hooks.list(e.var.tenant_id,{q:`trigger_id:"${n}"`,per_page:100})).hooks.filter(a=>"code_id"in a&&a.code_id).sort((a,c)=>(c.priority||0)-(a.priority||0)),o=[];for(const a of r){const c=a.code_id,l=await e.env.data.actions.get(e.var.tenant_id,c);l&&o.push({id:a.hook_id,trigger_id:L1(a.trigger_id),display_name:l.name,action:{...l,secrets:l.secrets?.map(d=>({name:d.name}))},created_at:a.created_at,updated_at:a.updated_at})}return e.json({bindings:o})}).openapi(s.createRoute({tags:["actions"],method:"patch",path:"/{triggerId}/bindings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({triggerId:s.z.string()}),body:{content:{"application/json":{schema:s.z.object({bindings:s.z.array(IF)})}}}},security:[{Bearer:["update:actions","auth:write"]}],responses:{200:{content:{"application/json":{schema:M1}},description:"Updated trigger bindings"}}}),async e=>{const{triggerId:t}=e.req.valid("param"),{bindings:n}=e.req.valid("json"),i=B1(t),r=await e.env.data.hooks.list(e.var.tenant_id,{q:`trigger_id:"${i}"`,per_page:100});for(const a of r.hooks)"code_id"in a&&a.code_id&&await e.env.data.hooks.remove(e.var.tenant_id,a.hook_id);const o=[];for(let a=0;a<n.length;a++){const c=n[a];let l=c.ref.id;if(!l&&c.ref.type==="action_id"&&c.ref.value)l=c.ref.value;else if(!l&&c.ref.type==="action_name"&&c.ref.value){const p=c.ref.value,f=100;let h=0;for(;;){const g=await e.env.data.actions.list(e.var.tenant_id,{page:h,per_page:f,include_totals:!1}),m=g.actions.find(_=>_.name===p);if(m){l=m.id;break}if(g.actions.length<f)break;h++}}if(!l)throw new z(400,{message:`Binding at index ${a} must reference an action via ref.id or ref.value`});const d=await e.env.data.actions.get(e.var.tenant_id,l);if(!d)throw new z(404,{message:`Action ${l} not found`});const u=await e.env.data.hooks.create(e.var.tenant_id,{hook_id:kC(),trigger_id:i,code_id:l,enabled:!0,synchronous:!0,priority:n.length-a});o.push({id:u.hook_id,trigger_id:L1(u.trigger_id),display_name:c.display_name||d.name,action:{...d,secrets:d.secrets?.map(p=>({name:p.name}))},created_at:u.created_at,updated_at:u.updated_at})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:`Update trigger bindings for ${t}`,targetType:"action"}),e.json({bindings:o})}),Ul={themeId:"default",borders:{button_border_radius:8,button_border_weight:1,buttons_style:"pill",input_border_radius:8,input_border_weight:1,inputs_style:"pill",show_widget_shadow:!0,widget_border_weight:1,widget_corner_radius:16},colors:{base_focus_color:"#7D68F4",base_hover_color:"#A091F2",body_text:"#000000",captcha_widget_theme:"auto",error:"#FC5A5A",header:"#000000",icons:"#666666",input_background:"#FFFFFF",input_border:"#8E8CA0",input_filled_text:"#000000",input_labels_placeholders:"#88869F",links_focused_components:"#7D68F4",primary_button:"#7D68F4",primary_button_label:"#FFFFFF",secondary_button_border:"#8E8CA0",secondary_button_label:"#000000",success:"#36BF76",widget_background:"#FFFFFF",widget_border:"#8E8CA0"},displayName:"Default Theme",fonts:{body_text:{bold:!1,size:100},buttons_text:{bold:!0,size:100},font_url:"https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2",input_labels:{bold:!1,size:100},links:{bold:!0,size:100},links_style:"normal",reference_text_size:16,subtitle:{bold:!1,size:100},title:{bold:!0,size:150}},page_background:{background_color:"#F8F9FB",background_image_url:"",page_layout:"center"},widget:{logo_url:"",header_text_alignment:"center",logo_height:36,logo_position:"center",social_buttons_layout:"bottom"}};function Jw(e,t){const n=structuredClone(e);function i(r,o){for(const a in o)o[a]!==void 0&&typeof o[a]=="object"&&!Array.isArray(o[a])&&typeof r[a]=="object"&&r[a]!==null?i(r[a],o[a]):r[a]=o[a];return r}return i(n,t)}const NF=new s.OpenAPIHono().openapi(s.createRoute({tags:["branding"],method:"get",path:"/default",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:branding","auth:read"]}],responses:{200:{content:{"application/json":{schema:Yu}},description:"Default theme settings"}}}),async e=>{const t=await e.env.data.themes.get(e.var.tenant_id,"default");return t?e.json(t):e.json(Ul)}).openapi(s.createRoute({tags:["branding"],method:"patch",path:"/default",request:{body:{content:{"application/json":{schema:Yu.deepPartial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:branding","auth:write"]}],responses:{200:{content:{"application/json":{schema:Yu}},description:"Updated theme settings"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.themes.get(e.var.tenant_id,"default"),r=Jw(n||Ul,t);return n?await e.env.data.themes.update(e.var.tenant_id,"default",r):await e.env.data.themes.create(e.var.tenant_id,r,"default"),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Theme",targetType:"theme",targetId:"default",...n?{beforeState:n}:{},afterState:r}),e.json({...r,themeId:"default"})}),U1={colors:{primary:"#7D68F4",page_background:{type:"solid",start:"#F8F9FB",end:"#F8F9FB",angle_deg:0}},logo_url:"https://assets.sesamy.com/static/images/sesamy/logos/sesamy_logo_black.svg",favicon_url:"https://assets.sesamy.com/images/favicon.ico",font:{url:"https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2"}};var FF={Stringify:1},Wr=(e,t)=>{const n=new String(e);return n.isEscaped=!0,n.callbacks=t,n},OF=/[&<>'"]/,jF=async(e,t)=>{let n="";t||=[];const i=await Promise.all(e);for(let r=i.length-1;n+=i[r],r--,!(r<0);r--){let o=i[r];typeof o=="object"&&t.push(...o.callbacks||[]);const a=o.isEscaped;if(o=await(typeof o=="object"?o.toString():o),typeof o=="object"&&t.push(...o.callbacks||[]),o.isEscaped??a)n+=o;else{const c=[n];wa(o,c),n=c[0]}}return Wr(n,t)},wa=(e,t)=>{const n=e.search(OF);if(n===-1){t[0]+=e;return}let i,r,o=0;for(r=n;r<e.length;r++){switch(e.charCodeAt(r)){case 34:i="&quot;";break;case 39:i="&#39;";break;case 38:i="&amp;";break;case 60:i="&lt;";break;case 62:i="&gt;";break;default:continue}t[0]+=e.substring(o,r)+i,o=r+1}t[0]+=e.substring(o,r)},RF=e=>{const t=e.callbacks;if(!t?.length)return e;const n=[e],i={};return t.forEach(r=>r({phase:FF.Stringify,buffer:n,context:i})),n[0]},Yw=Symbol("RENDERER"),uy=Symbol("ERROR_HANDLER"),ut=Symbol("STASH"),EC=Symbol("INTERNAL"),DF=Symbol("MEMO"),Np=Symbol("PERMALINK"),q1=e=>(e[EC]=!0,e),xC=e=>({value:t,children:n})=>{if(!n)return;const i={children:[{tag:q1(()=>{e.push(t)}),props:{}}]};Array.isArray(n)?i.children.push(...n.flat()):i.children.push(n),i.children.push({tag:q1(()=>{e.pop()}),props:{}});const r={tag:"",props:i,type:""};return r[uy]=o=>{throw e.pop(),o},r},CC=e=>{const t=[e],n=xC(t);return n.values=t,n.Provider=n,Ia.push(n),n},Ia=[],TC=e=>{const t=[e],n=(i=>{t.push(i.value);let r;try{r=i.children?(Array.isArray(i.children)?new FC("",{},i.children):i.children).toString():""}catch(o){throw t.pop(),o}return r instanceof Promise?r.finally(()=>t.pop()).then(o=>Wr(o,o.callbacks)):(t.pop(),Wr(r))});return n.values=t,n.Provider=n,n[Yw]=xC(t),Ia.push(n),n},ac=e=>e.values.at(-1),Fp={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},py={},Po="data-precedence",$C=e=>e.rel==="stylesheet"&&"precedence"in e,IC=(e,t)=>e==="link"?t:Fp[e].length>0,Cd=e=>Array.isArray(e)?e:[e],H1=new WeakMap,V1=(e,t,n,i)=>({buffer:r,context:o})=>{if(!r)return;const a=H1.get(o)||{};H1.set(o,a);const c=a[e]||=[];let l=!1;const d=Fp[e],u=IC(e,i!==void 0);if(u){e:for(const[,p]of c)if(!(e==="link"&&!(p.rel==="stylesheet"&&p[Po]!==void 0))){for(const f of d)if((p?.[f]??null)===n?.[f]){l=!0;break e}}}if(l?r[0]=r[0].replaceAll(t,""):u||e==="link"?c.push([t,n,i]):c.unshift([t,n,i]),r[0].indexOf("</head>")!==-1){let p;if(e==="link"||i!==void 0){const f=[];p=c.map(([h,,g],m)=>{if(g===void 0)return[h,Number.MAX_SAFE_INTEGER,m];let _=f.indexOf(g);return _===-1&&(f.push(g),_=f.length-1),[h,_,m]}).sort((h,g)=>h[1]-g[1]||h[2]-g[2]).map(([h])=>h)}else p=c.map(([f])=>f);p.forEach(f=>{r[0]=r[0].replaceAll(f,"")}),r[0]=r[0].replace(/(?=<\/head>)/,p.join(""))}},Td=(e,t,n)=>Wr(new ai(e,n,Cd(t??[])).toString()),$d=(e,t,n,i)=>{if("itemProp"in n)return Td(e,t,n);let{precedence:r,blocking:o,...a}=n;r=i?r??"":void 0,i&&(a[Po]=r);const c=new ai(e,a,Cd(t||[])).toString();return c instanceof Promise?c.then(l=>Wr(c,[...l.callbacks||[],V1(e,l,a,r)])):Wr(c,[V1(e,c,a,r)])},BF=({children:e,...t})=>{const n=Qw();if(n){const i=ac(n);if(i==="svg"||i==="head")return new ai("title",t,Cd(e??[]))}return $d("title",e,t,!1)},LF=({children:e,...t})=>{const n=Qw();return["src","async"].some(i=>!t[i])||n&&ac(n)==="head"?Td("script",e,t):$d("script",e,t,!1)},MF=({children:e,...t})=>["href","precedence"].every(n=>n in t)?(t["data-href"]=t.href,delete t.href,$d("style",e,t,!0)):Td("style",e,t),UF=({children:e,...t})=>["onLoad","onError"].some(n=>n in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?Td("link",e,t):$d("link",e,t,$C(t)),qF=({children:e,...t})=>{const n=Qw();return n&&ac(n)==="head"?Td("meta",e,t):$d("meta",e,t,!1)},zC=(e,{children:t,...n})=>new ai(e,n,Cd(t??[])),HF=e=>(typeof e.action=="function"&&(e.action=Np in e.action?e.action[Np]:void 0),zC("form",e)),PC=(e,t)=>(typeof t.formAction=="function"&&(t.formAction=Np in t.formAction?t.formAction[Np]:void 0),zC(e,t)),VF=e=>PC("input",e),KF=e=>PC("button",e);const Gg=Object.freeze(Object.defineProperty({__proto__:null,button:KF,form:HF,input:VF,link:UF,meta:qF,script:LF,style:MF,title:BF},Symbol.toStringTag,{value:"Module"}));var GF=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),Op=e=>GF.get(e)||e,WF=/[\s"'<>/=`\\\x00-\x1f\x7f-\x9f]/,Wg=new Set,K1=1024,JF=/^[!?]|[\s"'<>/=`\\\x00-\x1f\x7f-\x9f]/,G1=new Set,YF=256,ql=(e,t,n)=>{e.size>=t&&e.clear(),e.add(n)},QF=e=>G1.has(e)?!0:typeof e!="string"?!1:e.length===0?!0:JF.test(e)?!1:(ql(G1,YF,e),!0),ZF=e=>{if(Wg.has(e))return!0;const t=e.length;if(t===0)return!1;for(let n=0;n<t;n++){const i=e.charCodeAt(n);if(!(i>=97&&i<=122||i>=65&&i<=90||i>=48&&i<=57||i===45||i===95||i===46||i===58))return WF.test(e)?!1:(ql(Wg,K1,e),!0)}return ql(Wg,K1,e),!0},XF=/[\s"'():;\\/\[\]{}\x00-\x1f\x7f-\x9f]/,Jg=new Set,W1=1024,eO=e=>{if(Jg.has(e))return!0;const t=e.length;if(t===0)return!1;for(let n=0;n<t;n++){const i=e.charCodeAt(n);if(!(i>=97&&i<=122||i>=65&&i<=90||i>=48&&i<=57||i===45||i===95))return XF.test(e)?!1:(ql(Jg,W1,e),!0)}return ql(Jg,W1,e),!0},tO=/[;"'\\/\[\](){}]/,nO=e=>{if(!tO.test(e))return!1;let t=0;const n=[];for(let i=0,r=e.length;i<r;i++){const o=e.charCodeAt(i);if(o===92){if(i===r-1)return!0;i++}else if(t!==0){if(o===10||o===12||o===13)return!0;o===t&&(t=0)}else if(o===47&&e.charCodeAt(i+1)===42){const a=e.indexOf("*/",i+2);if(a===-1)return!0;i=a+1}else if(o===34||o===39)t=o;else if(o===40)n.push(41);else if(o===91)n.push(93);else{if(o===123||o===125)return!0;if(o===41||o===93){if(n[n.length-1]!==o)return!0;n.pop()}else if(o===59&&n.length===0)return!0}}return t!==0||n.length!==0},NC=(e,t)=>{for(const[n,i]of Object.entries(e)){const r=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,a=>`-${a.toLowerCase()}`);if(!eO(r))continue;if(i==null){t(r,null);continue}let o;if(typeof i=="number")o=r.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${i}`:`${i}px`;else if(typeof i=="string"){if(nO(i))continue;o=i}else continue;t(r,o)}},Hl=void 0,Qw=()=>Hl,iO=e=>/[A-Z]/.test(e)&&e.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,rO=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],oO=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],Zw=(e,t)=>{for(let n=0,i=e.length;n<i;n++){const r=e[n];if(typeof r=="string")wa(r,t);else{if(typeof r=="boolean"||r===null||r===void 0)continue;r instanceof ai?r.toStringToBuffer(t):typeof r=="number"||r.isEscaped?t[0]+=r:r instanceof Promise?t.unshift("",r):Zw(r,t)}}},ai=class{tag;props;key;children;isEscaped=!0;localContexts;constructor(e,t,n){if(typeof e!="function"&&!QF(e))throw new Error(`Invalid JSX tag name: ${e}`);this.tag=e,this.props=t,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){const e=[""];this.localContexts?.forEach(([t,n])=>{t.values.push(n)});try{this.toStringToBuffer(e)}finally{this.localContexts?.forEach(([t])=>{t.values.pop()})}return e.length===1?"callbacks"in e?RF(Wr(e[0],e.callbacks)).toString():e[0]:jF(e,e.callbacks)}toStringToBuffer(e){const t=this.tag,n=this.props;let{children:i}=this;e[0]+=`<${t}`;const r=t==="svg"||Hl&&ac(Hl)==="svg"?o=>iO(Op(o)):o=>Op(o);for(let[o,a]of Object.entries(n))if(o=r(o),!!ZF(o)&&o!=="children"){if(o==="style"&&typeof a=="object"){let c="";NC(a,(l,d)=>{d!=null&&(c+=`${c?";":""}${l}:${d}`)}),e[0]+=' style="',wa(c,e),e[0]+='"'}else if(typeof a=="string")e[0]+=` ${o}="`,wa(a,e),e[0]+='"';else if(a!=null)if(typeof a=="number"||a.isEscaped)e[0]+=` ${o}="${a}"`;else if(typeof a=="boolean"&&oO.includes(o))a&&(e[0]+=` ${o}=""`);else if(o==="dangerouslySetInnerHTML"){if(i.length>0)throw new Error("Can only set one of `children` or `props.dangerouslySetInnerHTML`.");i=[Wr(a.__html)]}else if(a instanceof Promise)e[0]+=` ${o}="`,e.unshift('"',a);else if(typeof a=="function"){if(!o.startsWith("on")&&o!=="ref")throw new Error(`Invalid prop '${o}' of type 'function' supplied to '${t}'.`)}else e[0]+=` ${o}="`,wa(a.toString(),e),e[0]+='"'}if(rO.includes(t)&&i.length===0){e[0]+="/>";return}e[0]+=">",Zw(i,e),e[0]+=`</${t}>`}},Yg=class extends ai{toStringToBuffer(e){const{children:t}=this,n={...this.props};t.length&&(n.children=t.length===1?t[0]:t);const i=this.tag.call(null,n);if(!(typeof i=="boolean"||i==null))if(i instanceof Promise)if(Ia.length===0)e.unshift("",i);else{const r=Ia.map(o=>[o,o.values.at(-1)]);e.unshift("",i.then(o=>(o instanceof ai&&(o.localContexts=r),o)))}else i instanceof ai?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?(e[0]+=i,i.callbacks&&(e.callbacks||=[],e.callbacks.push(...i.callbacks))):wa(i,e)}},FC=class extends ai{toStringToBuffer(e){Zw(this.children,e)}},sO=(e,t,...n)=>{t??={},n.length&&(t.children=n.length===1?n[0]:n);const i=t.key;delete t.key;const r=Qu(e,t,n);return r.key=i,r},J1=!1,Qu=(e,t,n)=>{if(!J1){for(const i in py)Gg[i][Yw]=py[i];J1=!0}return typeof e=="function"?new Yg(e,t,n):Gg[e]?new Yg(Gg[e],t,n):e==="svg"||e==="head"?(Hl||=TC(""),new ai(e,t,[new Yg(Hl,{value:e},n)])):new ai(e,t,n)},za=({children:e})=>new FC("",{children:e},Array.isArray(e)?e:e?[e]:[]),aO=(e,t,...n)=>{let i;if(n.length>0)i=n;else{const r=e.props.children;i=Array.isArray(r)?r:[r]}return sO(e.tag,{...e.props,...t},...i)};function S(e,t,n){let i;if(!t||!("children"in t))i=Qu(e,t,[]);else{const r=t.children;i=Array.isArray(r)?Qu(e,t,r):Qu(e,t,[r])}return i.key=n,i}function Te(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#x27;")}function cO(e){return e.replace(/\\/g,"\\\\").replace(/"/g,'\\"').replace(/'/g,"\\'").replace(/\(/g,"\\(").replace(/\)/g,"\\)").replace(/\n/g,"").replace(/\r/g,"").replace(/\t/g,"")}function fn(e){if(!e)return"";try{const t=new URL(e);return["http:","https:","data:"].includes(t.protocol)?Te(e):""}catch{return e.startsWith("/")?Te(e):""}}function pn(e){return e&&/^(#[0-9a-fA-F]{3,8}|rgba?\([^)]+\)|hsla?\([^)]+\)|[a-zA-Z]+)$/.test(e.trim())?e.trim():""}function lO(e){if(!e)return"#f5f5f5";if(typeof e=="string")return pn(e)||"#f5f5f5";const{type:t,start:n,end:i,angle_deg:r}=e;if(t==="linear-gradient"&&n&&i){const o=pn(n),a=pn(i);if(o&&a)return`linear-gradient(${typeof r=="number"?r:180}deg, ${o}, ${a})`}if(n){const o=pn(n);if(o)return o}return"#f5f5f5"}function OC(e,t){if(e?.background_image_url){const n=fn(e.background_image_url);if(n)return`${pn(e.background_color)||"#f5f5f5"} url("${cO(n)}") center / cover no-repeat`}if(e?.background_color){const n=pn(e.background_color);if(n)return n}return lO(t)}var dO=(e,t)=>{try{return t(e)}catch{return e.replace(/(?:%[0-9A-Fa-f]{2})+/g,n=>{try{return t(n)}catch{return n}})}},uO=decodeURIComponent,jC=/^[\w!#$%&'*.^`|~+-]+$/,pO=/^[ !#-:<-[\]-~]*$/,Y1=e=>{let t=0,n=e.length;for(;t<n;){const i=e.charCodeAt(t);if(i!==32&&i!==9)break;t++}for(;n>t;){const i=e.charCodeAt(n-1);if(i!==32&&i!==9)break;n--}return t===0&&n===e.length?e:e.slice(t,n)},fO=(e,t)=>{if(e.indexOf(t)===-1)return{};const n=e.split(";"),i={};for(const r of n){const o=r.indexOf("=");if(o===-1)continue;const a=Y1(r.substring(0,o));if(t!==a||!jC.test(a))continue;let c=Y1(r.substring(o+1));if(c.startsWith('"')&&c.endsWith('"')&&(c=c.slice(1,-1)),pO.test(c)){i[a]=c.indexOf("%")!==-1?dO(c,uO):c;break}}return i},hO=(e,t,n={})=>{if(!jC.test(e))throw new Error("Invalid cookie name");let i=`${e}=${t}`;if(e.startsWith("__Secure-")&&!n.secure)throw new Error("__Secure- Cookie must have Secure attributes");if(e.startsWith("__Host-")){if(!n.secure)throw new Error("__Host- Cookie must have Secure attributes");if(n.path!=="/")throw new Error('__Host- Cookie must have Path attributes with "/"');if(n.domain)throw new Error("__Host- Cookie must not have Domain attributes")}for(const r of["domain","path"])if(n[r]&&/[;\r\n]/.test(n[r]))throw new Error(`${r} must not contain ";", "\\r", or "\\n"`);if(n&&typeof n.maxAge=="number"&&n.maxAge>=0){if(n.maxAge>3456e4)throw new Error("Cookies Max-Age SHOULD NOT be greater than 400 days (34560000 seconds) in duration.");i+=`; Max-Age=${n.maxAge|0}`}if(n.domain&&n.prefix!=="host"&&(i+=`; Domain=${n.domain}`),n.path&&(i+=`; Path=${n.path}`),n.expires){if(n.expires.getTime()-Date.now()>3456e7)throw new Error("Cookies Expires SHOULD NOT be greater than 400 days (34560000 seconds) in the future.");i+=`; Expires=${n.expires.toUTCString()}`}if(n.httpOnly&&(i+="; HttpOnly"),n.secure&&(i+="; Secure"),n.sameSite&&(i+=`; SameSite=${n.sameSite.charAt(0).toUpperCase()+n.sameSite.slice(1)}`),n.priority&&(i+=`; Priority=${n.priority.charAt(0).toUpperCase()+n.priority.slice(1)}`),n.partitioned){if(!n.secure)throw new Error("Partitioned Cookie must have Secure attributes");i+="; Partitioned"}return i},Qg=(e,t,n)=>(t=encodeURIComponent(t),hO(e,t,n)),gO=(e,t,n)=>{const i=e.req.raw.headers.get("Cookie");{if(!i)return;let r=t;return fO(i,r)[r]}},mO=(e,t,n)=>{let i;return n?.prefix==="secure"?i=Qg("__Secure-"+e,t,{path:"/",...n,secure:!0}):n?.prefix==="host"?i=Qg("__Host-"+e,t,{...n,path:"/",secure:!0,domain:void 0}):i=Qg(e,t,{path:"/",...n}),i},Q1=(e,t,n,i)=>{const r=mO(t,n,i);e.header("Set-Cookie",r,{append:!0})};const Vl="mp1hv7d5",RC={common:{alertListTitle:"Upozornění",backText:"Vrátit se zpět",cancelText:"Zrušit",closeText:"Zavřít",contactSupportText:"Potřebujete pomoc?",continueText:"Pokračovat",copyrightText:"© ${currentYear} ${companyName}",errorText:"Něco se pokazilo. Zkuste to prosím znovu.",hidePasswordText:"Skrýt heslo",loadingText:"Načítání...",orText:"nebo",privacyPolicyText:"Zásady ochrany osobních údajů",showPasswordText:"Zobrazit heslo",termsOfServiceText:"Podmínky služby",termsShortText:"Podmínky",tryAgainText:"Zkusit znovu"}},DC={consent:{buttonText:"Přijmout",cancelButtonText:"Zamítnout",description:"${clientName} žádá o přístup k vašemu účtu",pageTitle:"Autorizace | ${clientName}",scopesTitle:"Tímto povolíte ${clientName}:",title:"Autorizovat ${clientName}"}},BC={invitation:{acceptButtonText:"Přijmout pozvánku",description:"${inviterName} vás pozval(a), abyste se připojili k ${organizationName} na ${clientName}",pageTitle:"Pozvánka | ${clientName}",title:"Byli jste pozváni"}},LC={login:{alertListTitle:"Upozornění",buttonText:"Pokračovat",description:"Přihlaste se k ${clientName}.",editEmailText:"Upravit",emailPlaceholder:"E-mailová adresa",enterACodeBtn:"Přihlásit se kódem",federatedConnectionButtonText:"Pokračovat s ${connectionName}",footerLinkText:"Zaregistrujte se",footerText:"Nemáte účet?",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo",invalidEmail:"Neplatný e-mail",invalidIdentifier:"Neplatný e-mail nebo uživatelské jméno",invitationDescription:"Přihlaste se pro přijetí pozvánky od ${inviterName} k připojení k ${companyName} na ${clientName}.",invitationTitle:"Byli jste pozváni!",logoAltText:"${companyName}","no-email":"Zadejte prosím e-mailovou adresu","no-password":"Heslo je povinné",pageTitle:"Přihlášení | ${clientName}",passwordLoginNotAvailable:"Přihlášení heslem není k dispozici",passwordPlaceholder:"Heslo",phonePlaceholder:"Telefonní číslo",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",signupActionLinkText:"${footerLinkText}",signupActionText:"${footerText}",title:"Vítejte",tooManyFailedLogins:"Příliš mnoho neúspěšných pokusů o přihlášení. Zkuste to prosím později.",unverifiedEmail:"Před přihlášením prosím ověřte svou e-mailovou adresu",userAccountDoesNotExist:"Uživatelský účet neexistuje",usernamePlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernameTooLong:"Uživatelské jméno musí mít nejvýše ${max} znaků",usernameTooShort:"Uživatelské jméno musí mít alespoň ${min} znaků",wrongCredentials:"Nesprávné uživatelské jméno nebo heslo",passkeyButtonText:"Přihlásit se pomocí passkey"}},MC={mfa:{backupCodeText:"Použít záložní kód",description:"Zvolte metodu ověření",pageTitle:"Vícefaktorové ověření | ${clientName}",title:"Ověřte svou identitu"}},UC={"passkey-enrollment-nudge":{title:"Zabezpečte svůj účet pomocí passkey",description:"Passkey používají biometrii nebo PIN vašeho zařízení k rychlejšímu a bezpečnějšímu přihlášení.",enrollButtonText:"Nastavit passkey",snoozeButtonText:"Možná později",optOutLinkText:"Nezobrazovat znovu",pageTitle:"Nastavení Passkey | ${clientName}"},"passkey-enrollment":{title:"Vytvořte svůj passkey",description:"Postupujte podle pokynů prohlížeče a vytvořte passkey pro tento účet.",errorMessage:"Vytvoření passkey se nezdařilo. Zkuste to prosím znovu.",cancelLinkText:"Prozatím přeskočit",retryButtonText:"Zkusit znovu",enrollmentComplete:"Váš passkey byl úspěšně nastaven. Tuto stránku můžete zavřít.",pageTitle:"Vytvoření Passkey | ${clientName}"},"passkey-challenge":{title:"Přihlásit se pomocí passkey",description:"Postupujte podle pokynů prohlížeče k ověření vaší identity.",errorMessage:"Ověření pomocí passkey selhalo. Zkuste to prosím znovu.",cancelLinkText:"Zpět na přihlášení",retryButtonText:"Zkusit znovu",pageTitle:"Přihlášení pomocí passkey | ${clientName}"}},qC={organizations:{description:"Vyberte, ke které organizaci se chcete přihlásit",pageTitle:"Výběr organizace | ${clientName}",searchPlaceholder:"Hledat organizace",title:"Vyberte svou organizaci"}},HC={signup:{buttonText:"Pokračovat",confirmPasswordPlaceholder:"Potvrzení hesla",description:"Zaregistrujte se a pokračujte","email-already-exists":"Tento e-mail je již zaregistrován",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}",hidePasswordText:"Skrýt heslo","invalid-email-format":"Neplatný e-mail",loginActionLinkText:"Přihlásit se",loginActionText:"Už máte účet?","no-email":"Zadejte prosím e-mailovou adresu","no-password":"Heslo je povinné","no-username":"Uživatelské jméno je povinné",pageTitle:"Registrace | ${clientName}",passwordPlaceholder:"Heslo",passwordsDidntMatch:"Hesla se neshodují",phonePlaceholder:"Telefonní číslo",privacyPolicyLinkText:"Zásady ochrany osobních údajů",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",termsOfServiceLinkText:"Podmínky služby",termsText:"Registrací souhlasíte s našimi",title:"Vytvořte svůj účet","username-already-exists":"Toto uživatelské jméno je již obsazeno",usernamePlaceholder:"Uživatelské jméno",verifyEmailText:"Zkontrolujte prosím svůj e-mail pro ověření účtu"}},VC={status:{continueButtonText:"Pokračovat",errorTitle:"Chyba",pageTitle:"Stav | ${clientName}",successTitle:"Hotovo",title:"Stav"}},yO={common:RC,consent:DC,"device-flow":{"device-flow":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Zadejte kód zobrazený na vašem zařízení","expired-code":"Platnost kódu vypršela","invalid-code":"Zadaný kód je neplatný",pageTitle:"Aktivace zařízení | ${clientName}",title:"Aktivujte své zařízení"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Přihlásit se",codeLabel:"Ověřovací kód",codePlaceholder:"Zadejte kód",defaultDescription:"Zadejte ověřovací kód zaslaný na váš e-mail",description:"Odeslali jsme kód na ${email}","invalid-code":"Neplatný kód",noCode:"Zadejte prosím ověřovací kód",pageTitle:"Zadejte kód | ${clientName}",resendText:"Opětovné odeslání kódu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zkontrolujte svůj e-mail",unexpectedError:"Došlo k neočekávané chybě"}},"email-verification":{"email-verification":{description:"Odeslali jsme e-mail na ${email}",pageTitle:"Ověření e-mailu | ${clientName}",resendText:"Opětovné odeslání kódu",successDescription:"Váš e-mail byl úspěšně ověřen.",successTitle:"E-mail ověřen",title:"Ověření e-mailu"}},invitation:BC,login:LC,"login-id":{"login-id":{alertListTitle:"Upozornění","auth0-users-validation":"Něco se pokazilo, zkuste to prosím později","authentication-failure":"Omlouváme se, při pokusu o přihlášení se něco pokazilo",buttonText:"Pokračovat","captcha-client-failure":"Nepodařilo se načíst bezpečnostní výzvu. Zkuste to prosím znovu. (Kód chyby: #{errorCode})","captcha-validation-failure":"Omlouváme se, při ověřování captcha došlo k chybě. Zkuste to prosím znovu.",captchaCodePlaceholder:"Zadejte kód zobrazený výše","custom-script-error-code":"Něco se pokazilo, zkuste to prosím později.",description:"Přihlaste se k ${clientName}.",editEmailText:"Upravit",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}",footerLinkText:"Zaregistrujte se",footerText:"Nemáte účet?",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo","invalid-captcha":"Vyřešte úlohu, abyste ověřili, že nejste robot.","invalid-code":"Neplatný kód","invalid-connection":"Neplatné připojení","invalid-email-format":"Neplatný e-mail","invalid-email-phone":"Zadejte platnou e-mailovou adresu nebo telefonní číslo. Telefonní čísla musí obsahovat předvolbu země.","invalid-email-phone-username":"Zadejte platnou e-mailovou adresu, telefonní číslo nebo uživatelské jméno. Telefonní čísla musí obsahovat předvolbu země.","invalid-email-username":"Zadejte platnou e-mailovou adresu nebo uživatelské jméno","invalid-expired-code":"Neplatný nebo vypršelý uživatelský kód","invalid-login-id":"Zadáno neplatné přihlašovací ID","invalid-phone-username":"Zadejte platné telefonní číslo nebo uživatelské jméno. Telefonní čísla musí obsahovat předvolbu země.","invalid-recaptcha":"Zaškrtněte políčko, abyste ověřili, že nejste robot.","invalid-username":"Uživatelské jméno může obsahovat pouze alfanumerické znaky nebo: '${characters}'. Uživatelské jméno musí mít ${min} až ${max} znaků.",invitationDescription:"Přihlaste se pro přijetí pozvánky od ${inviterName} k připojení k ${companyName} na ${clientName}.",invitationTitle:"Byli jste pozváni!","ip-blocked":"Zjistili jsme podezřelé přihlašovací chování a další pokusy budou blokovány. Kontaktujte prosím administrátora.",logoAltText:"${companyName}","no-db-connection":"Neplatné připojení","no-email":"Zadejte prosím e-mailovou adresu","no-email-phone":"Je vyžadována e-mailová adresa nebo telefonní číslo","no-email-phone-username":"Je vyžadováno telefonní číslo, uživatelské jméno nebo e-mailová adresa","no-email-username":"Je vyžadována e-mailová adresa nebo uživatelské jméno","no-password":"Heslo je povinné","no-phone":"Zadejte prosím telefonní číslo","no-phone-username":"Je vyžadováno telefonní číslo nebo uživatelské jméno","no-username":"Uživatelské jméno je povinné",pageTitle:"Přihlášení | ${clientName}","password-breached":"Zjistili jsme potenciální bezpečnostní problém s tímto účtem. Pro ochranu vašeho účtu jsme toto přihlášení zablokovali. Pro pokračování prosím resetujte své heslo.",passwordPlaceholder:"Heslo",phoneOrEmailPlaceholder:"E-mail nebo telefonní číslo",phoneOrUsernameOrEmailPlaceholder:"Telefon, uživatelské jméno nebo e-mail",phoneOrUsernamePlaceholder:"Telefonní číslo nebo uživatelské jméno",phonePlaceholder:"Telefonní číslo","same-user-login":"Příliš mnoho pokusů o přihlášení pro tohoto uživatele. Počkejte prosím a zkuste to znovu později.",selectCountryCode:"Vyberte předvolbu země, aktuálně nastaveno na ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",signupActionLinkText:"${footerLinkText}",signupActionText:"${footerText}",termsAndConditionsTemplate:'Pokračováním souhlasíte s našimi <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Podmínkami a pravidly</a>.',title:"Vítejte","user-blocked":"Váš účet byl zablokován po několika po sobě jdoucích neúspěšných pokusech o přihlášení.",userAccountDoesNotExist:"Uživatelský účet neexistuje",usernameOnlyPlaceholder:"Uživatelské jméno",usernameOrEmailPlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernamePlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernameTooLong:"Uživatelské jméno musí mít nejvýše ${max} znaků",usernameTooShort:"Uživatelské jméno musí mít alespoň ${min} znaků","wrong-credentials":"Nesprávné uživatelské jméno nebo heslo","wrong-email-credentials":"Nesprávný e-mail nebo heslo","wrong-email-phone-credentials":"Nesprávná e-mailová adresa, telefonní číslo nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-email-phone-username-credentials":"Nesprávná e-mailová adresa, telefonní číslo, uživatelské jméno nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-email-username-credentials":"Nesprávná e-mailová adresa, uživatelské jméno nebo heslo","wrong-phone-credentials":"Nesprávné telefonní číslo nebo heslo","wrong-phone-username-credentials":"Nesprávné telefonní číslo, uživatelské jméno nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-username-credentials":"Nesprávné uživatelské jméno nebo heslo",passkeyButtonText:"Přihlásit se pomocí passkey"}},"login-password":{"login-password":{buttonText:"Přihlásit se",description:"Přihlaste se k ${clientName}",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo","no-password":"Heslo je povinné",pageTitle:"Přihlášení | ${clientName}","password-breached":"Zjistili jsme potenciální bezpečnostní problém s tímto účtem. Pro ochranu vašeho účtu jsme toto přihlášení zablokovali. Pro pokračování prosím resetujte své heslo.",passwordPlaceholder:"Heslo",showPasswordText:"Zobrazit heslo",signingInAs:"Přihlášení jako ${email}",title:"Zadejte heslo",unverifiedEmail:"Před přihlášením prosím ověřte svou e-mailovou adresu","user-blocked":"Váš účet byl zablokován po několika po sobě jdoucích neúspěšných pokusech o přihlášení.","wrong-credentials":"Nesprávné heslo"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mailová adresa",authMethodEmailOrPhone:"e-mail nebo telefonní číslo",authMethodPhone:"telefonní číslo",description:"Přihlaste se pomocí ${authMethod}",emailOrPhonePlaceholder:"E-mailová adresa nebo telefonní číslo",emailPlaceholder:"E-mailová adresa",invalidEmail:"Zadejte prosím platnou e-mailovou adresu",invalidIdentifier:"Zadejte prosím platnou e-mailovou adresu nebo telefonní číslo",invalidPhone:"Zadejte prosím platné telefonní číslo s předvolbou země",noEmail:"Zadejte prosím svou e-mailovou adresu",noPhone:"Zadejte prosím své telefonní číslo",phonePlaceholder:"Telefonní číslo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Přihlásit se kódem",userAccountDoesNotExist:"Uživatelský účet neexistuje"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klikněte na odkaz ve svém e-mailu pro přihlášení",description:"Odeslali jsme odkaz na ${username}. Kliknutím na něj se přihlásíte.",resendText:"Odeslat odkaz znovu",spamText:"Nedostali jste e-mail? Zkontrolujte složku nevyžádané pošty.",title:"Zkontrolujte svůj e-mail"}},mfa:MC,"mfa-email":{"mfa-email":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Odeslali jsme kód na ${email}","invalid-code":"Zadaný kód je neplatný",pageTitle:"Ověření e-mailem | ${clientName}",resendText:"Opětovné odeslání kódu",title:"Zkontrolujte svůj e-mail"}},"mfa-otp":{"mfa-otp":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Zadejte šestimístný kód z vaší ověřovací aplikace","invalid-code":"Zadaný kód je neplatný",pageTitle:"Zadejte kód | ${clientName}",title:"Zadejte svůj kód"},"mfa-totp-enrollment":{title:"Nastavit ověřovací aplikaci",description:"Naskenujte QR kód níže pomocí ověřovací aplikace a poté zadejte šestimístný kód pro ověření",secretLabel:"Nebo zadejte tento kód ručně:",codePlaceholder:"Zadejte kód",continueButtonText:"Ověřit a aktivovat","invalid-code":"Zadaný kód je neplatný. Zkuste to prosím znovu.","transaction-not-found":"Platnost vaší registrace vypršela, budete muset začít znovu.",pageTitle:"Nastavení ověřovací aplikace | ${clientName}",unexpectedError:"Něco se pokazilo. Zkuste to prosím znovu.",enrollmentComplete:"Registrace MFA je dokončena. Tuto stránku můžete zavřít."},"mfa-totp-challenge":{title:"Ověřte svou identitu",description:"Zadejte šestimístný kód z vaší ověřovací aplikace",codePlaceholder:"Zadejte kód",continueButtonText:"Pokračovat","invalid-code":"Zadaný kód je neplatný","transaction-not-found":"Platnost vaší registrace vypršela, budete muset začít znovu.",unexpectedError:"Něco se pokazilo. Zkuste to prosím znovu.",pageTitle:"Ověření identity | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Použijte své telefonní číslo pro přihlášení | ${clientName}",title:"Ověřte svou identitu",description:"Odeslali jsme kód na ${phoneNumber}",continueButtonText:"Pokračovat",changePhoneText:"Zvolte jiné telefonní číslo.",smsButtonText:"Textová zpráva",voiceButtonText:"Hlasový hovor",chooseMessageTypeText:"Jak chcete kód přijmout?",pickAuthenticatorText:"Zkusit jinou metodu",logoAltText:"${companyName}",codePlaceholder:"Zadejte kód","send-sms-failed":"Při odesílání SMS došlo k problému","send-voice-failed":"Při uskutečnění hlasového hovoru došlo k problému","invalid-phone-format":"Telefonní číslo může obsahovat pouze číslice.","invalid-phone":"Zdá se, že vaše telefonní číslo není platné. Zkontrolujte a zkuste to znovu.","too-many-sms":"Překročili jste maximální počet telefonních zpráv za hodinu. Počkejte pár minut a zkuste to znovu.","too-many-voice":"Překročili jste maximální počet hlasových hovorů za hodinu. Počkejte pár minut a zkuste to znovu.","transaction-not-found":"Vaše registrační transakce vypršela, budete muset začít znovu.","no-phone":"Zadejte telefonní číslo",noCode:"Zadejte ověřovací kód",invalidCode:"Zadaný kód je neplatný. Zkuste to znovu.",unexpectedError:"Něco se pokazilo. Zkuste to znovu.",resendSuccess:"Odeslali jsme nový kód na váš telefon",enrollmentComplete:"Registrace MFA je dokončena. Tuto stránku můžete zavřít."},"mfa-phone-enrollment":{pageTitle:"Zadejte své telefonní číslo pro přihlášení pomocí telefonního kódu | ${clientName}",title:"Zabezpečte svůj účet",description:"Zadejte kód země a telefonní číslo, na které můžeme odeslat 6místný kód:",continueButtonText:"Pokračovat",smsButtonText:"Textová zpráva",voiceButtonText:"Hlasový hovor",chooseMessageTypeText:"Jak chcete kód přijmout?",pickAuthenticatorText:"Zkusit jinou metodu",placeholder:"Zadejte své telefonní číslo",logoAltText:"${companyName}",selectCountryCode:"Vyberte kód země, aktuálně nastaveno na ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Při odesílání SMS došlo k problému","send-voice-failed":"Při uskutečnění hlasového hovoru došlo k problému","sms-authenticator-error":"Nepodařilo se odeslat SMS. Zkuste to prosím později.","invalid-phone-format":"Telefonní číslo může obsahovat pouze číslice.","invalid-phone":"Zdá se, že vaše telefonní číslo není platné. Zkontrolujte a zkuste to znovu.","too-many-sms":"Překročili jste maximální počet telefonních zpráv za hodinu. Počkejte pár minut a zkuste to znovu.","too-many-voice":"Překročili jste maximální počet hlasových hovorů za hodinu. Počkejte pár minut a zkuste to znovu.","transaction-not-found":"Vaše registrační transakce vypršela, budete muset začít znovu.","no-phone":"Zadejte telefonní číslo","phone-is-too-short":"Telefonní číslo je příliš krátké","phone-is-too-long":"Telefonní číslo je příliš dlouhé"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Vyberte metodu ověření | ${clientName}",title:"Vyberte způsob ověření",description:"Zvolte, jak chcete ověřit svou identitu",authenticatorAppLabel:"Autentizační aplikace",authenticatorAppDescription:"Použijte autentizační aplikaci k získání ověřovacího kódu",smsLabel:"Textová zpráva",smsDescription:"Nechte si zaslat ověřovací kód na telefon",passkeyLabel:"Passkey",passkeyDescription:"Použijte biometrii zařízení nebo bezpečnostní klíč"}},"mfa-push":{"mfa-push":{description:"Odeslali jsme oznámení na vaše zařízení",pageTitle:"Push oznámení | ${clientName}",resendText:"Odeslat oznámení znovu",title:"Schvalte požadavek",useCodeText:"Zadat kód ručně"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Pokračovat",codePlaceholder:"Záložní kód",description:"Zadejte jeden z vašich záložních kódů","invalid-code":"Zadaný záložní kód je neplatný",pageTitle:"Záložní kód | ${clientName}",title:"Zadejte záložní kód"}},"mfa-voice":{"mfa-voice":{buttonText:"Zavolat mi",codePlaceholder:"Zadejte kód",description:"Zavoláme na ${phoneNumber} s vaším kódem","invalid-code":"Zadaný kód je neplatný",pageTitle:"Hlasový hovor | ${clientName}",title:"Přijmout telefonní hovor"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Zkusit znovu",description:"Vložte svůj bezpečnostní klíč a postupujte podle pokynů",pageTitle:"Bezpečnostní klíč | ${clientName}",title:"Použijte svůj bezpečnostní klíč"}},passkeys:UC,organizations:qC,"reset-password":{"reset-password":{backToLoginText:"Zpět na přihlášení",buttonText:"Pokračovat",codeExpired:"Platnost kódu pro obnovení hesla vypršela. Požádejte prosím o nový.",confirmPasswordLabel:"Potvrzení hesla",confirmPasswordPlaceholder:"Potvrzení hesla",description:"Zadejte svůj e-mail pro obnovení hesla",emailPlaceholder:"E-mailová adresa",failed:"Obnovení hesla se nezdařilo. Zkuste to prosím znovu.","invalid-email-format":"Neplatný e-mail","no-email":"Zadejte prosím e-mailovou adresu",pageTitle:"Obnovení hesla | ${clientName}",passwordLabel:"Nové heslo",passwordPlaceholder:"Nové heslo",passwordTooWeak:"Heslo je příliš slabé",passwordsDidntMatch:"Hesla se neshodují",successDescription:"Odkaz na obnovení hesla jsme odeslali na vaši e-mailovou adresu.",successTitle:"Zkontrolujte svůj e-mail",title:"Zapomněli jste heslo?","user-not-found":"Uživatel nenalezen"},"reset-password-code":{backToLoginText:"Zpět na přihlášení",buttonText:"Obnovit heslo",codeLabel:"Kód pro obnovení",codePlaceholder:"Zadejte 6místný kód",confirmPasswordLabel:"Potvrzení hesla",confirmPasswordPlaceholder:"Potvrzení hesla",defaultDescription:"Zadejte kód zaslaný na váš e-mail a zvolte nové heslo",description:"Odeslali jsme kód na ${email}",failed:"Obnovení hesla se nezdařilo. Zkuste to prosím znovu.",invalidCode:"Zadaný kód je neplatný nebo vypršel",noCode:"Zadejte prosím kód pro obnovení",pageTitle:"Zadejte kód pro obnovení | ${clientName}",passwordLabel:"Nové heslo",passwordPlaceholder:"Nové heslo",passwordTooWeak:"Heslo je příliš slabé",passwordsDidntMatch:"Hesla se neshodují",resendFailed:"Nepodařilo se znovu odeslat kód. Zkuste to prosím znovu.",resendSuccess:"Nový kód byl odeslán na váš e-mail",resendText:"Odeslat kód znovu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zadejte kód pro obnovení"}},signup:HC,"signup-id":{"signup-id":{buttonText:"Pokračovat",description:"Zaregistrujte se a pokračujte","email-already-exists":"Tento e-mail je již zaregistrován",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}","invalid-email-format":"Neplatný e-mail",loginActionLinkText:"Přihlásit se",loginActionText:"Už máte účet?","no-email":"Zadejte prosím e-mailovou adresu",pageTitle:"Registrace | ${clientName}",phonePlaceholder:"Telefonní číslo",separatorText:"nebo",title:"Vytvořte svůj účet",usernamePlaceholder:"Uživatelské jméno"}},"signup-password":{"signup-password":{buttonText:"Pokračovat",description:"Zaregistrujte se a pokračujte",hidePasswordText:"Skrýt heslo","no-password":"Heslo je povinné",pageTitle:"Registrace | ${clientName}","password-policy-not-met":"Heslo nesplňuje požadavky","password-too-weak":"Heslo je příliš slabé",passwordPlaceholder:"Heslo",showPasswordText:"Zobrazit heslo",title:"Vytvořte své heslo"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Pokračovat",codeLabel:"Ověřovací kód",codePlaceholder:"Zadejte kód",defaultDescription:"Zadejte ověřovací kód zaslaný na váš telefon",description:"Odeslali jsme kód na ${username}","invalid-code":"Neplatný kód",noCode:"Zadejte prosím ověřovací kód",pageTitle:"Zadejte kód | ${clientName}",resendText:"Opětovné odeslání kódu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zkontrolujte svůj telefon",unexpectedError:"Došlo k neočekávané chybě"}},status:VC},_O=Object.freeze(Object.defineProperty({__proto__:null,common:RC,consent:DC,default:yO,invitation:BC,login:LC,mfa:MC,organizations:qC,passkeys:UC,signup:HC,status:VC},Symbol.toStringTag,{value:"Module"})),KC={common:{alertListTitle:"Advarsler",backText:"Gå tilbage",cancelText:"Gå tilbage",closeText:"Luk",contactSupportText:"Har du brug for hjælp?",continueText:"Fortsæt",copyrightText:"© ${currentYear} ${companyName}",errorText:"Noget gik galt. Prøv venligst igen.",hidePasswordText:"Skjul adgangskode",loadingText:"Indlæser...",orText:"eller",privacyPolicyText:"Privatlivspolitik",showPasswordText:"Vis adgangskode",termsOfServiceText:"Servicevilkår",termsShortText:"Vilkår",tryAgainText:"Prøv igen"}},GC={consent:{buttonText:"Acceptér",cancelButtonText:"Afvis",description:"${clientName} anmoder om adgang til din konto",pageTitle:"Godkend | ${clientName}",scopesTitle:"Dette vil give ${clientName} tilladelse til at:",title:"Godkend ${clientName}"}},WC={invitation:{acceptButtonText:"Acceptér invitation",description:"${inviterName} har inviteret dig til at deltage i ${organizationName} på ${clientName}",pageTitle:"Invitation | ${clientName}",title:"Du er blevet inviteret"}},JC={login:{alertListTitle:"Advarsler",buttonText:"Fortsæt",description:"Log ind på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-mail-adresse",enterACodeBtn:"Log ind med en kode",federatedConnectionButtonText:"Fortsæt med ${connectionName}",footerLinkText:"Tilmeld dig",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode",invalidEmail:"Ugyldig e-mail",invalidIdentifier:"Ugyldig e-mail eller brugernavn",invitationDescription:"Log ind for at acceptere ${inviterName}s invitation til at deltage i ${companyName} på ${clientName}.",invitationTitle:"Du er blevet inviteret!",logoAltText:"${companyName}","no-email":"Indtast venligst en e-mailadresse","no-password":"Adgangskode er påkrævet",pageTitle:"Log ind | ${clientName}",passwordLoginNotAvailable:"Adgangskodegodkendelse er ikke tilgængelig",passwordPlaceholder:"Adgangskode",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",signupActionLinkText:"Tilmeld dig",signupActionText:"Har du ikke en konto?",title:"Velkommen",tooManyFailedLogins:"For mange mislykkede loginforsøg. Prøv venligst igen senere.",unverifiedEmail:"Bekræft venligst din e-mailadresse, før du logger ind",userAccountDoesNotExist:"Brugerkontoen findes ikke",usernamePlaceholder:"Brugernavn eller e-mailadresse",usernameTooLong:"Brugernavnet må højst være ${max} tegn",usernameTooShort:"Brugernavnet skal være mindst ${min} tegn",wrongCredentials:"Forkert brugernavn eller adgangskode",passkeyButtonText:"Log ind med passkey"}},YC={mfa:{backupCodeText:"Brug backupkode",description:"Vælg en bekræftelsesmetode",pageTitle:"Multifaktorgodkendelse | ${clientName}",title:"Bekræft din identitet"}},QC={"passkey-enrollment-nudge":{title:"Sikr din konto med en adgangsnøgle",description:"Adgangsnøgler bruger din enheds biometri eller PIN til at logge dig ind hurtigere og mere sikkert.",enrollButtonText:"Konfigurer adgangsnøgle",snoozeButtonText:"Måske senere",optOutLinkText:"Vis ikke dette igen",pageTitle:"Konfigurer Adgangsnøgle | ${clientName}"},"passkey-enrollment":{title:"Opret din adgangsnøgle",description:"Følg anvisningerne fra din browser for at oprette en adgangsnøgle til denne konto.",errorMessage:"Oprettelse af adgangsnøgle mislykkedes. Prøv venligst igen.",cancelLinkText:"Spring over for nu",retryButtonText:"Prøv igen",enrollmentComplete:"Din adgangsnøgle er konfigureret. Du kan lukke denne side.",pageTitle:"Opret Adgangsnøgle | ${clientName}"},"passkey-challenge":{title:"Log ind med passkey",description:"Følg anvisningerne fra din browser for at bekræfte din identitet.",errorMessage:"Godkendelse med passkey mislykkedes. Prøv venligst igen.",cancelLinkText:"Tilbage til login",retryButtonText:"Prøv igen",pageTitle:"Log ind med passkey | ${clientName}"}},ZC={organizations:{description:"Vælg hvilken organisation du vil logge ind på",pageTitle:"Vælg organisation | ${clientName}",searchPlaceholder:"Søg organisationer",title:"Vælg din organisation"}},XC={signup:{buttonText:"Tilmelding",confirmPasswordPlaceholder:"Bekræft adgangskode",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.","email-already-exists":"E-mailen er allerede optaget",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}",hidePasswordText:"Skjul adgangskode","invalid-email-format":"Ugyldig e-mail",loginActionLinkText:"Log ind",loginActionText:"Har du allerede en konto?","no-email":"Indtast venligst en e-mailadresse","no-password":"Adgangskode er påkrævet","no-username":"Brugernavn er påkrævet",pageTitle:"Tilmeld dig | ${clientName}",passwordPlaceholder:"Adgangskode",passwordsDidntMatch:"Adgangskoderne matcher ikke",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Privatlivspolitik",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",termsOfServiceLinkText:"Servicevilkår",termsText:"Ved at tilmelde dig accepterer du vores",title:"Vælg adgangskode","username-already-exists":"Dette brugernavn er allerede taget",usernamePlaceholder:"Brugernavn",verifyEmailText:"Tjek venligst din e-mail for at bekræfte din konto"}},eT={status:{continueButtonText:"Fortsæt",errorTitle:"Fejl",pageTitle:"Status | ${clientName}",successTitle:"Succes",title:"Status"}},wO={common:KC,consent:GC,"device-flow":{"device-flow":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Indtast koden, der vises på din enhed","expired-code":"Koden er udløbet","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Enhedsaktivering | ${clientName}",title:"Aktivér din enhed"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Log ind",codeLabel:"Bekræftelseskode",codePlaceholder:"Indtast kode",defaultDescription:"Indtast bekræftelseskoden, der blev sendt til din e-mail",description:"Vi sendte en kode til ${email}","invalid-code":"Ugyldig kode",noCode:"Indtast venligst bekræftelseskoden",pageTitle:"Indtast kode | ${clientName}",resendText:"Send koden igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Tjek din e-mail",unexpectedError:"Der opstod en uventet fejl"}},"email-verification":{"email-verification":{description:"Vi sendte en e-mail til ${email}",pageTitle:"Bekræft e-mail | ${clientName}",resendText:"Send koden igen",successDescription:"Din e-mail er blevet bekræftet.",successTitle:"E-mail bekræftet",title:"Bekræft din e-mail"}},invitation:WC,login:JC,"login-id":{"login-id":{alertListTitle:"Advarsler","auth0-users-validation":"Noget gik galt, prøv venligst igen senere","authentication-failure":"Vi beklager, noget gik galt under loginforsøget",buttonText:"Fortsæt","captcha-client-failure":"Vi kunne ikke indlæse sikkerhedsudfordringen. Prøv venligst igen. (Fejlkode: #{errorCode})","captcha-validation-failure":"Vi beklager, noget gik galt under validering af captcha-svaret. Prøv venligst igen.",captchaCodePlaceholder:"Indtast koden vist ovenfor","custom-script-error-code":"Noget gik galt, prøv venligst igen senere.",description:"Log ind på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}",footerLinkText:"Tilmeld dig",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode","invalid-captcha":"Løs sikkerhedsspørgsmålet for at bekræfte, at du ikke er en robot.","invalid-code":"Ugyldig kode","invalid-connection":"Ugyldig forbindelse","invalid-email-format":"Ugyldig e-mail","invalid-email-phone":"Indtast en gyldig e-mailadresse eller telefonnummer. Telefonnumre skal inkludere landekoden.","invalid-email-phone-username":"Indtast en gyldig e-mailadresse, telefonnummer eller brugernavn. Telefonnumre skal inkludere landekoden.","invalid-email-username":"Indtast en gyldig e-mailadresse eller brugernavn","invalid-expired-code":"Ugyldig eller udløbet brugerkode","invalid-login-id":"Ugyldigt login-ID indtastet","invalid-phone-username":"Indtast et gyldigt telefonnummer eller brugernavn. Telefonnumre skal inkludere landekoden.","invalid-recaptcha":"Markér afkrydsningsfeltet for at bekræfte, at du ikke er en robot.","invalid-username":"Brugernavnet kan kun indeholde alfanumeriske tegn eller: '${characters}'. Brugernavnet skal være mellem ${min} og ${max} tegn.",invitationDescription:"Log ind for at acceptere ${inviterName}s invitation til at deltage i ${companyName} på ${clientName}.",invitationTitle:"Du er blevet inviteret!","ip-blocked":"Vi har registreret mistænkelig loginadfærd, og yderligere forsøg vil blive blokeret. Kontakt venligst administratoren.",logoAltText:"${companyName}","no-db-connection":"Ugyldig forbindelse","no-email":"Indtast venligst en e-mailadresse","no-email-phone":"E-mailadresse eller telefonnummer er påkrævet","no-email-phone-username":"Telefonnummer, brugernavn eller e-mailadresse er påkrævet","no-email-username":"E-mailadresse eller brugernavn er påkrævet","no-password":"Adgangskode er påkrævet","no-phone":"Indtast venligst et telefonnummer","no-phone-username":"Telefonnummer eller brugernavn er påkrævet","no-username":"Brugernavn er påkrævet",pageTitle:"Log ind | ${clientName}","password-breached":"Vi har registreret et potentielt sikkerhedsproblem med denne konto. For at beskytte din konto har vi forhindret dette login. Nulstil venligst din adgangskode for at fortsætte.",passwordPlaceholder:"Adgangskode",phoneOrEmailPlaceholder:"E-mail eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, brugernavn eller e-mail",phoneOrUsernamePlaceholder:"Telefonnummer eller brugernavn",phonePlaceholder:"Telefonnummer","same-user-login":"For mange loginforsøg for denne bruger. Vent venligst, og prøv igen senere.",selectCountryCode:"Vælg landekode, i øjeblikket sat til ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",signupActionLinkText:"Tilmeld dig",signupActionText:"Har du ikke en konto?",termsAndConditionsTemplate:'Ved at fortsætte accepterer du vores <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Vilkår og betingelser</a>.',title:"Velkommen","user-blocked":"Din konto er blevet blokeret efter flere på hinanden følgende loginforsøg.",userAccountDoesNotExist:"Brugerkontoen findes ikke",usernameOnlyPlaceholder:"Brugernavn",usernameOrEmailPlaceholder:"Brugernavn eller e-mailadresse",usernamePlaceholder:"Brugernavn",usernameTooLong:"Brugernavnet må højst være ${max} tegn",usernameTooShort:"Brugernavnet skal være mindst ${min} tegn","wrong-credentials":"Forkert brugernavn eller adgangskode","wrong-email-credentials":"Forkert e-mail eller adgangskode","wrong-email-phone-credentials":"Forkert e-mailadresse, telefonnummer eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-email-phone-username-credentials":"Forkert e-mailadresse, telefonnummer, brugernavn eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-email-username-credentials":"Forkert e-mailadresse, brugernavn eller adgangskode","wrong-phone-credentials":"Forkert telefonnummer eller adgangskode","wrong-phone-username-credentials":"Forkert telefonnummer, brugernavn eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-username-credentials":"Forkert brugernavn eller adgangskode",passkeyButtonText:"Log ind med passkey"}},"login-password":{"login-password":{buttonText:"Log ind",description:"Indtast din e-mailadresse og adgangskode for at logge ind.",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode","no-password":"Adgangskode er påkrævet",pageTitle:"Log ind | ${clientName}","password-breached":"Vi har registreret et potentielt sikkerhedsproblem med denne konto. For at beskytte din konto har vi forhindret dette login. Nulstil venligst din adgangskode for at fortsætte.",passwordPlaceholder:"Adgangskode",showPasswordText:"Vis adgangskode",signingInAs:"Logger ind som ${email}",title:"Indtast adgangskode",unverifiedEmail:"Bekræft venligst din e-mailadresse, før du logger ind","user-blocked":"Din konto er blevet blokeret efter flere på hinanden følgende loginforsøg.","wrong-credentials":"Forkert adgangskode"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mail",authMethodEmailOrPhone:"e-mail eller telefonnummer",authMethodPhone:"telefonnummer",description:"Log ind med din ${authMethod}",emailOrPhonePlaceholder:"E-mailadresse eller telefonnummer",emailPlaceholder:"E-mail-adresse",invalidEmail:"Indtast venligst en gyldig e-mailadresse",invalidIdentifier:"Indtast venligst en gyldig e-mailadresse eller telefonnummer",invalidPhone:"Indtast venligst et gyldigt telefonnummer med landekode",noEmail:"Indtast venligst din e-mailadresse",noPhone:"Indtast venligst dit telefonnummer",phonePlaceholder:"Telefonnummer",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Log ind med en kode",userAccountDoesNotExist:"Brugerkontoen findes ikke"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klik på linket i din e-mail for at logge ind",description:"Vi sendte et link til ${username}. Klik på det for at logge ind.",resendText:"Send link igen",spamText:"Har du ikke modtaget e-mailen? Tjek din spam-mappe.",title:"Tjek din e-mail"}},mfa:YC,"mfa-email":{"mfa-email":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Vi sendte en kode til ${email}","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"E-mailbekræftelse | ${clientName}",resendText:"Send kode igen",title:"Tjek din e-mail"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Indtast den 6-cifrede kode fra din autentificeringsapp","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Indtast kode | ${clientName}",title:"Indtast din kode"},"mfa-totp-enrollment":{title:"Opsæt autentificeringsapp",description:"Scan QR-koden nedenfor med din autentificeringsapp, og indtast derefter den 6-cifrede kode for at bekræfte",secretLabel:"Eller indtast denne kode manuelt:",codePlaceholder:"Indtast kode",continueButtonText:"Bekræft og aktiver","invalid-code":"Den indtastede kode er ugyldig. Prøv venligst igen.","transaction-not-found":"Din tilmeldingssession er udløbet. Du skal starte forfra.",pageTitle:"Opsæt autentificeringsapp | ${clientName}",unexpectedError:"Noget gik galt. Prøv venligst igen.",enrollmentComplete:"MFA-tilmeldingen er fuldført. Du kan lukke denne side."},"mfa-totp-challenge":{title:"Bekræft din identitet",description:"Indtast den 6-cifrede kode fra din autentificeringsapp",codePlaceholder:"Indtast kode",continueButtonText:"Fortsæt","invalid-code":"Den indtastede kode er ugyldig","transaction-not-found":"Din session er udløbet. Du skal starte forfra.",unexpectedError:"Noget gik galt. Prøv venligst igen.",pageTitle:"Bekræft identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Brug dit telefonnummer til at logge ind | ${clientName}",title:"Bekræft din identitet",description:"Vi sendte en kode til ${phoneNumber}",continueButtonText:"Fortsæt",changePhoneText:"Vælg et andet telefonnummer.",smsButtonText:"SMS",voiceButtonText:"Taleopkald",chooseMessageTypeText:"Hvordan vil du modtage koden?",pickAuthenticatorText:"Prøv en anden metode",logoAltText:"${companyName}",codePlaceholder:"Indtast kode","send-sms-failed":"Der opstod et problem med at sende SMS'en","send-voice-failed":"Der opstod et problem med at foretage taleopkaldet","invalid-phone-format":"Telefonnummeret kan kun indeholde cifre.","invalid-phone":"Det ser ud til, at dit telefonnummer ikke er gyldigt. Kontrollér og prøv igen.","too-many-sms":"Du har overskredet det maksimale antal telefonbeskeder pr. time. Vent et par minutter og prøv igen.","too-many-voice":"Du har overskredet det maksimale antal telefonopkald pr. time. Vent et par minutter og prøv igen.","transaction-not-found":"Din registreringstransaktion er udløbet, du skal starte forfra.","no-phone":"Indtast et telefonnummer",noCode:"Indtast bekræftelseskoden",invalidCode:"Den indtastede kode er ugyldig. Prøv igen.",unexpectedError:"Noget gik galt. Prøv igen.",resendSuccess:"Vi sendte en ny kode til din telefon",enrollmentComplete:"MFA-tilmeldingen er fuldført. Du kan lukke denne side."},"mfa-phone-enrollment":{pageTitle:"Indtast dit telefonnummer for at logge ind med en telefonkode | ${clientName}",title:"Sikre din konto",description:"Indtast din landekode og telefonnummer, som vi kan sende en 6-cifret kode til:",continueButtonText:"Fortsæt",smsButtonText:"SMS",voiceButtonText:"Taleopkald",chooseMessageTypeText:"Hvordan vil du modtage koden?",pickAuthenticatorText:"Prøv en anden metode",placeholder:"Indtast dit telefonnummer",logoAltText:"${companyName}",selectCountryCode:"Vælg landekode, i øjeblikket sat til ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Der opstod et problem med at sende SMS'en","send-voice-failed":"Der opstod et problem med at foretage taleopkaldet","sms-authenticator-error":"Vi kunne ikke sende SMS'en. Prøv igen senere.","invalid-phone-format":"Telefonnummeret kan kun indeholde cifre.","invalid-phone":"Det ser ud til, at dit telefonnummer ikke er gyldigt. Kontrollér og prøv igen.","too-many-sms":"Du har overskredet det maksimale antal telefonbeskeder pr. time. Vent et par minutter og prøv igen.","too-many-voice":"Du har overskredet det maksimale antal telefonopkald pr. time. Vent et par minutter og prøv igen.","transaction-not-found":"Din registreringstransaktion er udløbet, du skal starte forfra.","no-phone":"Indtast et telefonnummer","phone-is-too-short":"Telefonnummeret er for kort","phone-is-too-long":"Telefonnummeret er for langt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Vælg bekræftelsesmetode | ${clientName}",title:"Vælg din bekræftelsesmetode",description:"Vælg hvordan du vil bekræfte din identitet",authenticatorAppLabel:"Godkendelsesapp",authenticatorAppDescription:"Brug din godkendelsesapp til at få en bekræftelseskode",smsLabel:"Sms-besked",smsDescription:"Få en bekræftelseskode sendt til din telefon",passkeyLabel:"Adgangsnøgle",passkeyDescription:"Brug din enheds biometri eller sikkerhedsnøgle"}},"mfa-push":{"mfa-push":{description:"Vi sendte en notifikation til din enhed",pageTitle:"Push-notifikation | ${clientName}",resendText:"Send notifikation igen",title:"Godkend anmodningen",useCodeText:"Indtast kode manuelt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsæt",codePlaceholder:"Gendannelseskode",description:"Indtast en af dine gendannelseskoder","invalid-code":"Den indtastede gendannelseskode er ugyldig",pageTitle:"Gendannelseskode | ${clientName}",title:"Indtast gendannelseskode"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring til mig",codePlaceholder:"Indtast kode",description:"Vi ringer til ${phoneNumber} med din kode","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Taleopkald | ${clientName}",title:"Modtag et telefonopkald"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Prøv igen",description:"Indsæt din sikkerhedsnøgle og følg instruktionerne",pageTitle:"Sikkerhedsnøgle | ${clientName}",title:"Brug din sikkerhedsnøgle"}},passkeys:QC,organizations:ZC,"reset-password":{"reset-password":{backToLoginText:"Gå tilbage",buttonText:"Send e-mail til nulstilling af adgangskode",codeExpired:"Din kode til nulstilling af adgangskode er udløbet. Anmod venligst om en ny.",confirmPasswordLabel:"Bekræft adgangskode",confirmPasswordPlaceholder:"Bekræft adgangskode",description:"Klik på knappen nedenfor, så sender vi instruktioner om, hvordan du nulstiller din adgangskode.",emailPlaceholder:"E-mail-adresse",failed:"Nulstilling af adgangskode mislykkedes. Prøv venligst igen.","invalid-email-format":"Ugyldig e-mail","no-email":"Indtast venligst en e-mailadresse",pageTitle:"Nulstil adgangskode | ${clientName}",passwordLabel:"Ny adgangskode",passwordPlaceholder:"Ny adgangskode",passwordTooWeak:"Adgangskoden er for svag",passwordsDidntMatch:"Adgangskoderne matcher ikke",successDescription:"Vi har sendt et link til nulstilling af adgangskode til din e-mailadresse.",successTitle:"E-mail til nulstilling af adgangskode sendt",title:"Har du glemt din adgangskode?","user-not-found":"Bruger ikke fundet"},"reset-password-code":{backToLoginText:"Tilbage til login",buttonText:"Nulstil adgangskode",codeLabel:"Nulstillingskode",codePlaceholder:"Indtast 6-cifret kode",confirmPasswordLabel:"Bekræft adgangskode",confirmPasswordPlaceholder:"Bekræft adgangskode",defaultDescription:"Indtast koden sendt til din e-mail og vælg en ny adgangskode",description:"Vi sendte en kode til ${email}",failed:"Nulstilling af adgangskode mislykkedes. Prøv venligst igen.",invalidCode:"Den indtastede kode er ugyldig eller udløbet",noCode:"Indtast venligst nulstillingskoden",pageTitle:"Indtast nulstillingskode | ${clientName}",passwordLabel:"Ny adgangskode",passwordPlaceholder:"Ny adgangskode",passwordTooWeak:"Adgangskoden er for svag",passwordsDidntMatch:"Adgangskoderne matcher ikke",resendFailed:"Kunne ikke sende koden igen. Prøv igen.",resendSuccess:"En ny kode er blevet sendt til din e-mail",resendText:"Send kode igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Indtast nulstillingskode"}},signup:XC,"signup-id":{"signup-id":{buttonText:"Fortsæt",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.","email-already-exists":"E-mailen er allerede optaget",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}","invalid-email-format":"Ugyldig e-mail",loginActionLinkText:"Log ind",loginActionText:"Har du allerede en konto?","no-email":"Indtast venligst en e-mailadresse",pageTitle:"Tilmeld dig | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Vælg adgangskode",usernamePlaceholder:"Brugernavn"}},"signup-password":{"signup-password":{buttonText:"Fortsæt",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.",hidePasswordText:"Skjul adgangskode","no-password":"Adgangskode er påkrævet",pageTitle:"Tilmeld dig | ${clientName}","password-policy-not-met":"Adgangskoden opfylder ikke kravene","password-too-weak":"Adgangskoden er for svag",passwordPlaceholder:"Adgangskode",showPasswordText:"Vis adgangskode",title:"Vælg adgangskode"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Log ind",codeLabel:"Bekræftelseskode",codePlaceholder:"Indtast kode",defaultDescription:"Indtast bekræftelseskoden, der blev sendt til din telefon",description:"Vi sendte en kode til ${username}","invalid-code":"Ugyldig kode",noCode:"Indtast venligst bekræftelseskoden",pageTitle:"Indtast kode | ${clientName}",resendText:"Send koden igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Tjek din telefon",unexpectedError:"Der opstod en uventet fejl"}},status:eT},bO=Object.freeze(Object.defineProperty({__proto__:null,common:KC,consent:GC,default:wO,invitation:WC,login:JC,mfa:YC,organizations:ZC,passkeys:QC,signup:XC,status:eT},Symbol.toStringTag,{value:"Module"})),tT={common:{alertListTitle:"Alerts",backText:"Back",cancelText:"Cancel",closeText:"Close",contactSupportText:"Contact Support",continueText:"Continue",copyrightText:"© ${currentYear} ${companyName}",errorText:"An error occurred",hidePasswordText:"Hide password",loadingText:"Loading...",orText:"or",privacyPolicyText:"Privacy Policy",showPasswordText:"Show password",termsOfServiceText:"Terms of Service",termsShortText:"Terms",tryAgainText:"Try again"}},nT={consent:{buttonText:"Accept",cancelButtonText:"Deny",description:"${clientName} is requesting access to your account",pageTitle:"Authorize | ${clientName}",scopesTitle:"This will allow ${clientName} to:",title:"Authorize ${clientName}"}},iT={invitation:{acceptButtonText:"Accept invitation",description:"${inviterName} has invited you to join ${organizationName} on ${clientName}",pageTitle:"Invitation | ${clientName}",title:"You've been invited"}},rT={login:{alertListTitle:"Alerts",buttonText:"Continue",description:"Log in to ${clientName}.",editEmailText:"Edit",emailPlaceholder:"Email address",enterACodeBtn:"Sign in with a code",federatedConnectionButtonText:"Continue with ${connectionName}",footerLinkText:"Sign up",footerText:"Don't have an account?",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password",invalidEmail:"Invalid email",invalidIdentifier:"Invalid email or username",invitationDescription:"Log in to accept ${inviterName}'s invitation to join ${companyName} on ${clientName}.",invitationTitle:"You've Been Invited!",logoAltText:"${companyName}","no-email":"Please enter an email address","no-password":"Password is required",pageTitle:"Log in | ${clientName}",passwordLoginNotAvailable:"Password authentication is not available",passwordPlaceholder:"Password",phonePlaceholder:"Phone number",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",signupActionLinkText:"Sign up",signupActionText:"Don't have an account?",title:"Welcome",tooManyFailedLogins:"Too many failed login attempts. Please try again later.",unverifiedEmail:"Please verify your email address before logging in",userAccountDoesNotExist:"User account does not exist",usernamePlaceholder:"Username or email address",usernameTooLong:"Username must be ${max} characters or less",usernameTooShort:"Username must be at least ${min} characters",passkeyButtonText:"Sign in with a passkey",wrongCredentials:"Wrong username or password"}},oT={mfa:{backupCodeText:"Use backup code",description:"Choose a verification method",pageTitle:"Multi-Factor Authentication | ${clientName}",title:"Verify your identity"}},sT={"passkey-enrollment-nudge":{title:"Secure your account with a passkey",description:"Passkeys use your device's biometrics or PIN to sign you in faster and more securely.",enrollButtonText:"Set up passkey",snoozeButtonText:"Maybe later",optOutLinkText:"Don't show this again",pageTitle:"Set Up Passkey | ${clientName}"},"passkey-enrollment":{title:"Create your passkey",description:"Follow the prompts from your browser to create a passkey for this account.",errorMessage:"Failed to create passkey. Please try again.",cancelLinkText:"Skip for now",retryButtonText:"Try again",enrollmentComplete:"Your passkey has been set up successfully. You can close this page.",pageTitle:"Create Passkey | ${clientName}"},"passkey-challenge":{title:"Sign in with a passkey",description:"Follow the prompts from your browser to verify your identity.",errorMessage:"Passkey authentication failed. Please try again.",cancelLinkText:"Back to login",retryButtonText:"Try again",pageTitle:"Sign In with Passkey | ${clientName}"}},aT={organizations:{description:"Choose which organization to log in to",pageTitle:"Select Organization | ${clientName}",searchPlaceholder:"Search organizations",title:"Select your organization"}},cT={signup:{buttonText:"Continue",confirmPasswordPlaceholder:"Confirm password",description:"Sign up to continue","email-already-exists":"This email is already registered",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}",hidePasswordText:"Hide password","invalid-email-format":"Email is not valid.",loginActionLinkText:"Log in",loginActionText:"Already have an account?","no-email":"Please enter an email address","no-password":"Password is required","no-username":"Username is required",pageTitle:"Sign up | ${clientName}",passwordPlaceholder:"Password",passwordsDidntMatch:"Passwords don't match",phonePlaceholder:"Phone number",privacyPolicyLinkText:"Privacy Policy",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",termsOfServiceLinkText:"Terms of Service",termsText:"By signing up, you agree to our",title:"Create your account","username-already-exists":"This username is already taken",usernamePlaceholder:"Username",verifyEmailText:"Please check your email to verify your account"}},lT={status:{continueButtonText:"Continue",errorTitle:"Error",pageTitle:"Status | ${clientName}",successTitle:"Success",title:"Status"}},vO={common:tT,consent:nT,"device-flow":{"device-flow":{buttonText:"Continue",codePlaceholder:"Enter code",description:"Enter the code shown on your device","expired-code":"The code has expired","invalid-code":"The code you entered is invalid",pageTitle:"Device Activation | ${clientName}",title:"Activate your device"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Continue",codeLabel:"Verification Code",codePlaceholder:"Enter code",defaultDescription:"Enter the verification code sent to your email",description:"We sent a code to ${email}","invalid-code":"The code you entered is invalid",noCode:"Please enter the verification code",pageTitle:"Enter Code | ${clientName}",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Check your email",unexpectedError:"An unexpected error occurred"}},"email-verification":{"email-verification":{description:"We sent an email to ${email}",pageTitle:"Verify Email | ${clientName}",resendText:"Resend email",successDescription:"Your email has been verified successfully.",successTitle:"Email verified",title:"Verify your email"}},invitation:iT,login:rT,"login-id":{"login-id":{alertListTitle:"Alerts","auth0-users-validation":"Something went wrong, please try again later","authentication-failure":"We are sorry, something went wrong when attempting to log in",buttonText:"Continue","captcha-client-failure":"We couldn't load the security challenge. Please try again. (Error code: #{errorCode})","captcha-validation-failure":"We are sorry, something went wrong while validating the captcha response. Please try again.",captchaCodePlaceholder:"Enter the code shown above","custom-script-error-code":"Something went wrong, please try again later.",description:"Log in to ${clientName}.",editEmailText:"Edit",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}",footerLinkText:"Sign up",footerText:"Don't have an account?",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password","invalid-captcha":"Solve the challenge question to verify you are not a robot.","invalid-code":"The code you entered is invalid","invalid-connection":"Invalid connection","invalid-email-format":"Email is not valid.","invalid-email-phone":"Enter a valid email address or phone number. Phone numbers must include the country code.","invalid-email-phone-username":"Enter a valid email address, phone number or username. Phone numbers must include the country code.","invalid-email-username":"Enter a valid email address or username","invalid-expired-code":"Invalid or expired user code","invalid-login-id":"Invalid Login ID entered","invalid-phone-username":"Enter a valid phone number or username. Phone numbers must include the country code.","invalid-recaptcha":"Select the checkbox to verify you are not a robot.","invalid-username":"Username can only contain alphanumeric characters or: '${characters}'. Username should have between ${min} and ${max} characters.",invitationDescription:"Log in to accept ${inviterName}'s invitation to join ${companyName} on ${clientName}.",invitationTitle:"You've Been Invited!","ip-blocked":"We have detected suspicious login behavior and further attempts will be blocked. Please contact the administrator.",logoAltText:"${companyName}","no-db-connection":"Invalid connection","no-email":"Please enter an email address","no-email-phone":"Email address or phone number is required","no-email-phone-username":"Phone number, username, or email address is required","no-email-username":"Email address or username is required","no-password":"Password is required","no-phone":"Please enter a phone number","no-phone-username":"Phone number or username is required","no-username":"Username is required",pageTitle:"Log in | ${clientName}","password-breached":"We have detected a potential security issue with this account. To protect your account, we have prevented this login. Please reset your password to proceed.",passwordPlaceholder:"Password",phoneOrEmailPlaceholder:"Phone number or Email address",phoneOrUsernameOrEmailPlaceholder:"Phone or Username or Email",phoneOrUsernamePlaceholder:"Phone Number or Username",phonePlaceholder:"Phone number","same-user-login":"Too many login attempts for this user. Please wait, and try again later.",selectCountryCode:"Select country code, currently set to ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",signupActionLinkText:"Sign up",signupActionText:"Don't have an account?",termsAndConditionsTemplate:'By continuing, you agree to our <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Terms and Conditions</a>.',title:"Welcome","user-blocked":"Your account has been blocked after multiple consecutive login attempts.",userAccountDoesNotExist:"User account does not exist",usernameOnlyPlaceholder:"Username",usernameOrEmailPlaceholder:"Username or Email address",usernamePlaceholder:"Username or email address",usernameTooLong:"Username must be ${max} characters or less",usernameTooShort:"Username must be at least ${min} characters","wrong-credentials":"Wrong username or password","wrong-email-credentials":"Wrong email or password","wrong-email-phone-credentials":"Incorrect email address, phone number, or password. Phone numbers must include the country code.","wrong-email-phone-username-credentials":"Incorrect email address, phone number, username, or password. Phone numbers must include the country code.","wrong-email-username-credentials":"Incorrect email address, username, or password","wrong-phone-credentials":"Incorrect phone number or password","wrong-phone-username-credentials":"Incorrect phone number, username or password. Phone numbers must include the country code.",passkeyButtonText:"Sign in with a passkey","wrong-username-credentials":"Incorrect username or password"}},"login-password":{"login-password":{buttonText:"Continue",description:"Log in to ${clientName}",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password","no-password":"Password is required",pageTitle:"Log in | ${clientName}","password-breached":"We have detected a potential security issue with this account. To protect your account, we have prevented this login. Please reset your password to proceed.",passwordPlaceholder:"Password",showPasswordText:"Show password",signingInAs:"Signing in as ${email}",title:"Enter your password",unverifiedEmail:"Please verify your email address before logging in","user-blocked":"Your account has been blocked after multiple consecutive login attempts.","wrong-credentials":"Wrong password"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"email",authMethodEmailOrPhone:"email or phone number",authMethodPhone:"phone number",description:"Sign in using your ${authMethod}",emailOrPhonePlaceholder:"Email address or phone number",emailPlaceholder:"Email address",invalidEmail:"Please enter a valid email address",invalidIdentifier:"Please enter a valid email address or phone number",invalidPhone:"Please enter a valid phone number with country code",noEmail:"Please enter your email address",noPhone:"Please enter your phone number",phonePlaceholder:"Phone number",sessionExpired:"Your session has expired. Please try again.",title:"Sign in with a code",userAccountDoesNotExist:"User account does not exist"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Click the link in your email to sign in",description:"We sent a link to ${username}. Click it to sign in.",resendText:"Resend link",spamText:"Didn't receive the email? Check your spam folder.",title:"Check your email"}},mfa:oT,"mfa-email":{"mfa-email":{buttonText:"Continue",codePlaceholder:"Enter code",description:"We sent a code to ${email}","invalid-code":"The code you entered is invalid",pageTitle:"Email Verification | ${clientName}",resendText:"Resend code",title:"Check your email"}},"mfa-otp":{"mfa-otp":{buttonText:"Continue",codePlaceholder:"Enter code",description:"Enter the 6-digit code from your authenticator app","invalid-code":"The code you entered is invalid",pageTitle:"Enter Code | ${clientName}",title:"Enter your code"},"mfa-totp-enrollment":{title:"Set up authenticator",description:"Scan the QR code below with your authenticator app, then enter the 6-digit code to verify",secretLabel:"Or enter this code manually:",codePlaceholder:"Enter code",continueButtonText:"Verify & Activate","invalid-code":"The code you entered is invalid. Please try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.",unexpectedError:"Something went wrong. Please try again.",pageTitle:"Set up Authenticator | ${clientName}",enrollmentComplete:"MFA enrollment is complete. You can close this page."},"mfa-totp-challenge":{title:"Verify your identity",description:"Enter the 6-digit code from your authenticator app",codePlaceholder:"Enter code",continueButtonText:"Continue","invalid-code":"The code you entered is invalid","transaction-not-found":"Your enrollment transaction expired, you will need to start again.",unexpectedError:"Something went wrong. Please try again.",pageTitle:"Verify Identity | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Use your phone number to log in | ${clientName}",title:"Verify Your Identity",description:"We sent a code to ${phoneNumber}",continueButtonText:"Continue",changePhoneText:"Choose another phone number.",smsButtonText:"Text message",voiceButtonText:"Voice call",chooseMessageTypeText:"How do you want to receive the code?",pickAuthenticatorText:"Try another method",logoAltText:"${companyName}",codePlaceholder:"Enter code","send-sms-failed":"There was a problem sending the SMS","send-voice-failed":"There was a problem making the voice call","invalid-phone-format":"Phone number can only include digits.","invalid-phone":"It seems that your phone number is not valid. Please check and retry.","too-many-sms":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","too-many-voice":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.","no-phone":"Please enter a phone number",noCode:"Please enter the verification code",invalidCode:"The code you entered is invalid. Please try again.",unexpectedError:"Something went wrong. Please try again.",resendSuccess:"We sent a new code to your phone",enrollmentComplete:"MFA enrollment is complete. You can close this page."},"mfa-phone-enrollment":{pageTitle:"Enter your phone number to log in using a phone code | ${clientName}",title:"Secure Your Account",description:"Enter your country code and phone number to which we can send a 6-digit code:",continueButtonText:"Continue",smsButtonText:"Text message",voiceButtonText:"Voice call",chooseMessageTypeText:"How do you want to receive the code?",pickAuthenticatorText:"Try another method",placeholder:"Enter your phone number",logoAltText:"${companyName}",selectCountryCode:"Select country code, currently set to ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"There was a problem sending the SMS","send-voice-failed":"There was a problem making the voice call","sms-authenticator-error":"We couldn't send the SMS. Please try again later.","invalid-phone-format":"Phone number can only include digits.","invalid-phone":"It seems that your phone number is not valid. Please check and retry.","too-many-sms":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","too-many-voice":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.","no-phone":"Please enter a phone number","phone-is-too-short":"Phone number is too short","phone-is-too-long":"Phone number is too long"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Choose Verification Method | ${clientName}",title:"Choose your verification method",description:"Select how you'd like to verify your identity",authenticatorAppLabel:"Authenticator App",authenticatorAppDescription:"Use your authenticator app to get a verification code",smsLabel:"Text Message",smsDescription:"Get a verification code sent to your phone",passkeyLabel:"Passkey",passkeyDescription:"Use your device's biometrics or security key"}},"mfa-push":{"mfa-push":{description:"We sent a notification to your device",pageTitle:"Push Notification | ${clientName}",resendText:"Resend notification",title:"Approve the request",useCodeText:"Enter code manually"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Continue",codePlaceholder:"Recovery code",description:"Enter one of your recovery codes","invalid-code":"The recovery code you entered is invalid",pageTitle:"Recovery Code | ${clientName}",title:"Enter recovery code"}},"mfa-voice":{"mfa-voice":{buttonText:"Call me",codePlaceholder:"Enter code",description:"We will call ${phoneNumber} with your code","invalid-code":"The code you entered is invalid",pageTitle:"Voice Call | ${clientName}",title:"Receive a phone call"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Try again",description:"Insert your security key and follow the instructions",pageTitle:"Security Key | ${clientName}",title:"Use your security key"}},passkeys:sT,organizations:aT,"reset-password":{"reset-password":{backToLoginText:"Back to login",buttonText:"Continue",codeExpired:"Your password reset code has expired. Please request a new one.",confirmPasswordLabel:"Confirm Password",confirmPasswordPlaceholder:"Confirm password",description:"Enter your email to reset your password",emailPlaceholder:"Email address",failed:"Password reset failed. Please try again.","invalid-email-format":"Email is not valid.","no-email":"Please enter an email address",pageTitle:"Reset Password | ${clientName}",passwordLabel:"New Password",passwordPlaceholder:"New password",passwordTooWeak:"Password is too weak",passwordsDidntMatch:"Passwords don't match",successDescription:"We have sent a password reset link to your email address.",successTitle:"Check your email",title:"Forgot your password?","user-not-found":"User not found"},"reset-password-code":{backToLoginText:"Back to login",buttonText:"Reset Password",codeLabel:"Reset Code",codePlaceholder:"Enter 6-digit code",confirmPasswordLabel:"Confirm Password",confirmPasswordPlaceholder:"Confirm password",defaultDescription:"Enter the code sent to your email and choose a new password",description:"We sent a code to ${email}",failed:"Password reset failed. Please try again.",invalidCode:"The code you entered is invalid or has expired",noCode:"Please enter the reset code",pageTitle:"Enter Reset Code | ${clientName}",passwordLabel:"New Password",passwordPlaceholder:"New password",passwordTooWeak:"Password is too weak",passwordsDidntMatch:"Passwords don't match",resendFailed:"Failed to resend the code. Please try again.",resendSuccess:"A new code has been sent to your email",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Enter reset code"}},signup:cT,"signup-id":{"signup-id":{buttonText:"Continue",description:"Sign up to continue","email-already-exists":"This email is already registered",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}","invalid-email-format":"Email is not valid.",loginActionLinkText:"Log in",loginActionText:"Already have an account?","no-email":"Please enter an email address",pageTitle:"Sign up | ${clientName}",phonePlaceholder:"Phone number",separatorText:"Or",title:"Create your account",usernamePlaceholder:"Username"}},"signup-password":{"signup-password":{buttonText:"Continue",description:"Sign up to continue",hidePasswordText:"Hide password","no-password":"Password is required",pageTitle:"Sign up | ${clientName}","password-policy-not-met":"Password does not meet the requirements","password-too-weak":"Password is too weak",passwordPlaceholder:"Password",showPasswordText:"Show password",title:"Create your password"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Continue",codeLabel:"Verification Code",codePlaceholder:"Enter code",defaultDescription:"Enter the verification code sent to your phone",description:"We sent a code to ${username}","invalid-code":"The code you entered is invalid",noCode:"Please enter the verification code",pageTitle:"Enter Code | ${clientName}",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Check your phone",unexpectedError:"An unexpected error occurred"}},status:lT},AO=Object.freeze(Object.defineProperty({__proto__:null,common:tT,consent:nT,default:vO,invitation:iT,login:rT,mfa:oT,organizations:aT,passkeys:sT,signup:cT,status:lT},Symbol.toStringTag,{value:"Module"})),dT={common:{alertListTitle:"Ilmoitukset",backText:"Palaa takaisin",cancelText:"Palaa takaisin",closeText:"Sulje",contactSupportText:"Tarvitsetko apua?",continueText:"Jatka",copyrightText:"© ${currentYear} ${companyName}",errorText:"Jokin meni pieleen. Yritä uudelleen.",hidePasswordText:"Piilota salasana",loadingText:"Ladataan...",orText:"tai",privacyPolicyText:"Tietosuojakäytäntö",showPasswordText:"Näytä salasana",termsOfServiceText:"Käyttöehdot",termsShortText:"Ehdot",tryAgainText:"Yritä uudelleen"}},uT={consent:{buttonText:"Hyväksy",cancelButtonText:"Hylkää",description:"${clientName} pyytää pääsyä tilillesi",pageTitle:"Valtuuta | ${clientName}",scopesTitle:"Tämä sallii sovelluksen ${clientName}:",title:"Valtuuta ${clientName}"}},pT={invitation:{acceptButtonText:"Hyväksy kutsu",description:"${inviterName} on kutsunut sinut liittymään organisaatioon ${organizationName} palvelussa ${clientName}",pageTitle:"Kutsu | ${clientName}",title:"Sinut on kutsuttu"}},fT={login:{alertListTitle:"Ilmoitukset",buttonText:"Jatka",description:"Kirjaudu sisään ${clientName}.",editEmailText:"Muokkaa",emailPlaceholder:"Sähköpostiosoite",enterACodeBtn:"Kirjaudu koodilla",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",footerLinkText:"Rekisteröidy",footerText:"Eikö sinulla ole tiliä?",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana",invalidEmail:"Virheellinen sähköpostiosoite",invalidIdentifier:"Virheellinen sähköpostiosoite tai käyttäjänimi",invitationDescription:"Kirjaudu sisään hyväksyäksesi käyttäjän ${inviterName} kutsun liittyä palveluun ${companyName} sovelluksessa ${clientName}.",invitationTitle:"Sinut on kutsuttu!",logoAltText:"${companyName}","no-email":"Sähköpostiosoite vaaditaan","no-password":"Salasana vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}",passwordLoginNotAvailable:"Salasanakirjautuminen ei ole käytettävissä",passwordPlaceholder:"Salasana",phonePlaceholder:"Puhelinnumero",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",signupActionLinkText:"Rekisteröidy",signupActionText:"Eikö sinulla ole tiliä?",title:"Tervetuloa",tooManyFailedLogins:"Liian monta epäonnistunutta kirjautumisyritystä. Yritä myöhemmin uudelleen.",unverifiedEmail:"Vahvista sähköpostiosoitteesi ennen kirjautumista",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa",usernamePlaceholder:"Käyttäjänimi tai sähköpostiosoite",usernameTooLong:"Käyttäjänimen on oltava enintään ${max} merkkiä",usernameTooShort:"Käyttäjänimen on oltava vähintään ${min} merkkiä",wrongCredentials:"Väärä käyttäjänimi tai salasana",passkeyButtonText:"Kirjaudu sisään passkey:llä"}},hT={mfa:{backupCodeText:"Käytä varakoodia",description:"Valitse vahvistusmenetelmä",pageTitle:"Monivaiheinen tunnistautuminen | ${clientName}",title:"Vahvista henkilöllisyytesi"}},gT={"passkey-enrollment-nudge":{title:"Suojaa tilisi tunnistautumisavaimella",description:"Tunnistautumisavaimet käyttävät laitteesi biometriikkaa tai PIN-koodia kirjautuaksesi nopeammin ja turvallisemmin.",enrollButtonText:"Määritä tunnistautumisavain",snoozeButtonText:"Ehkä myöhemmin",optOutLinkText:"Älä näytä tätä uudelleen",pageTitle:"Määritä Tunnistautumisavain | ${clientName}"},"passkey-enrollment":{title:"Luo tunnistautumisavain",description:"Seuraa selaimesi ohjeita luodaksesi tunnistautumisavaimen tälle tilille.",errorMessage:"Tunnistautumisavaimen luominen epäonnistui. Yritä uudelleen.",cancelLinkText:"Ohita toistaiseksi",retryButtonText:"Yritä uudelleen",enrollmentComplete:"Tunnistautumisavaimesi on määritetty onnistuneesti. Voit sulkea tämän sivun.",pageTitle:"Luo Tunnistautumisavain | ${clientName}"},"passkey-challenge":{title:"Kirjaudu sisään passkey:llä",description:"Noudata selaimesi ohjeita henkilöllisyytesi vahvistamiseksi.",errorMessage:"Passkey-todennus epäonnistui. Yritä uudelleen.",cancelLinkText:"Takaisin kirjautumiseen",retryButtonText:"Yritä uudelleen",pageTitle:"Kirjaudu sisään passkey:llä | ${clientName}"}},mT={organizations:{description:"Valitse organisaatio, johon haluat kirjautua",pageTitle:"Valitse organisaatio | ${clientName}",searchPlaceholder:"Hae organisaatioita",title:"Valitse organisaatiosi"}},yT={signup:{buttonText:"Rekisteröityminen",confirmPasswordPlaceholder:"Vahvista salasana",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.","email-already-exists":"Sähköposti on jo varattu",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",hidePasswordText:"Piilota salasana","invalid-email-format":"Virheellinen sähköpostiosoite",loginActionLinkText:"Kirjaudu sisään",loginActionText:"Onko sinulla jo tili?","no-email":"Sähköpostiosoite vaaditaan","no-password":"Salasana vaaditaan","no-username":"Käyttäjänimi vaaditaan",pageTitle:"Rekisteröidy | ${clientName}",passwordPlaceholder:"Salasana",passwordsDidntMatch:"Salasanat eivät täsmää",phonePlaceholder:"Puhelinnumero",privacyPolicyLinkText:"Tietosuojakäytäntö",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",termsOfServiceLinkText:"Käyttöehdot",termsText:"Rekisteröitymällä hyväksyt",title:"Valitse salasana","username-already-exists":"Tämä käyttäjänimi on jo varattu",usernamePlaceholder:"Käyttäjänimi",verifyEmailText:"Tarkista sähköpostisi vahvistaaksesi tilisi"}},_T={status:{continueButtonText:"Jatka",errorTitle:"Virhe",pageTitle:"Tila | ${clientName}",successTitle:"Onnistui",title:"Tila"}},kO={common:dT,consent:uT,"device-flow":{"device-flow":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Syötä laitteessasi näkyvä koodi","expired-code":"Koodi on vanhentunut","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Laitteen aktivointi | ${clientName}",title:"Aktivoi laitteesi"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Kirjaudu sisään",codeLabel:"Vahvistuskoodi",codePlaceholder:"Syötä koodi",defaultDescription:"Syötä sähköpostiisi lähetetty vahvistuskoodi",description:"Lähetimme koodin osoitteeseen ${email}","invalid-code":"Virheellinen koodi",noCode:"Syötä vahvistuskoodi",pageTitle:"Syötä koodi | ${clientName}",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Tarkista sähköpostisi",unexpectedError:"Odottamaton virhe tapahtui"}},"email-verification":{"email-verification":{description:"Lähetimme sähköpostin osoitteeseen ${email}",pageTitle:"Vahvista sähköposti | ${clientName}",resendText:"Lähetä koodi uudelleen",successDescription:"Sähköpostiosoitteesi on vahvistettu onnistuneesti.",successTitle:"Sähköposti vahvistettu",title:"Vahvista sähköpostiosoitteesi"}},invitation:pT,login:fT,"login-id":{"login-id":{alertListTitle:"Ilmoitukset","auth0-users-validation":"Jokin meni pieleen, yritä myöhemmin uudelleen","authentication-failure":"Valitettavasti jokin meni pieleen kirjautumisyrityksen aikana",buttonText:"Jatka","captcha-client-failure":"Turvatarkistuksen lataaminen epäonnistui. Yritä uudelleen. (Virhekoodi: #{errorCode})","captcha-validation-failure":"Valitettavasti jokin meni pieleen captcha-vastauksen tarkistuksessa. Yritä uudelleen.",captchaCodePlaceholder:"Syötä yllä näkyvä koodi","custom-script-error-code":"Jokin meni pieleen, yritä myöhemmin uudelleen.",description:"Kirjaudu sisään ${clientName}.",editEmailText:"Muokkaa",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",footerLinkText:"Rekisteröidy",footerText:"Eikö sinulla ole tiliä?",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana","invalid-captcha":"Ratkaise haaste varmistaaksesi, ettet ole robotti.","invalid-code":"Virheellinen koodi","invalid-connection":"Virheellinen yhteys","invalid-email-format":"Virheellinen sähköpostiosoite","invalid-email-phone":"Syötä kelvollinen sähköpostiosoite tai puhelinnumero. Puhelinnumeron tulee sisältää maatunnus.","invalid-email-phone-username":"Syötä kelvollinen sähköpostiosoite, puhelinnumero tai käyttäjänimi. Puhelinnumeron tulee sisältää maatunnus.","invalid-email-username":"Syötä kelvollinen sähköpostiosoite tai käyttäjänimi","invalid-expired-code":"Virheellinen tai vanhentunut käyttäjäkoodi","invalid-login-id":"Virheellinen kirjautumistunnus","invalid-phone-username":"Syötä kelvollinen puhelinnumero tai käyttäjänimi. Puhelinnumeron tulee sisältää maatunnus.","invalid-recaptcha":"Valitse valintaruutu varmistaaksesi, ettet ole robotti.","invalid-username":"Käyttäjänimi voi sisältää vain aakkosnumeerisia merkkejä tai: '${characters}'. Käyttäjänimen tulee olla ${min}–${max} merkkiä.",invitationDescription:"Kirjaudu sisään hyväksyäksesi käyttäjän ${inviterName} kutsun liittyä palveluun ${companyName} sovelluksessa ${clientName}.",invitationTitle:"Sinut on kutsuttu!","ip-blocked":"Olemme havainneet epäilyttävää kirjautumiskäyttäytymistä ja lisäyritykset estetään. Ota yhteyttä ylläpitäjään.",logoAltText:"${companyName}","no-db-connection":"Virheellinen yhteys","no-email":"Sähköpostiosoite vaaditaan","no-email-phone":"Sähköpostiosoite tai puhelinnumero vaaditaan","no-email-phone-username":"Puhelinnumero, käyttäjänimi tai sähköpostiosoite vaaditaan","no-email-username":"Sähköpostiosoite tai käyttäjänimi vaaditaan","no-password":"Salasana vaaditaan","no-phone":"Syötä puhelinnumero","no-phone-username":"Puhelinnumero tai käyttäjänimi vaaditaan","no-username":"Käyttäjänimi vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}","password-breached":"Olemme havainneet mahdollisen tietoturvaongelman tässä tilissä. Tilisi suojaamiseksi olemme estäneet tämän kirjautumisen. Vaihda salasanasi jatkaaksesi.",passwordPlaceholder:"Salasana",phoneOrEmailPlaceholder:"Sähköposti tai puhelinnumero",phoneOrUsernameOrEmailPlaceholder:"Puhelin, käyttäjänimi tai sähköposti",phoneOrUsernamePlaceholder:"Puhelinnumero tai käyttäjänimi",phonePlaceholder:"Puhelinnumero","same-user-login":"Liian monta kirjautumisyritystä tälle käyttäjälle. Odota hetki ja yritä myöhemmin uudelleen.",selectCountryCode:"Valitse maakoodi, tällä hetkellä ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",signupActionLinkText:"Rekisteröidy",signupActionText:"Eikö sinulla ole tiliä?",termsAndConditionsTemplate:'Jatkamalla hyväksyt <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Käyttöehdot</a>.',title:"Tervetuloa","user-blocked":"Tilisi on estetty useiden peräkkäisten kirjautumisyritysten jälkeen.",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa",usernameOnlyPlaceholder:"Käyttäjänimi",usernameOrEmailPlaceholder:"Käyttäjänimi tai sähköpostiosoite",usernamePlaceholder:"Käyttäjänimi",usernameTooLong:"Käyttäjänimen on oltava enintään ${max} merkkiä",usernameTooShort:"Käyttäjänimen on oltava vähintään ${min} merkkiä","wrong-credentials":"Väärä käyttäjänimi tai salasana","wrong-email-credentials":"Väärä sähköpostiosoite tai salasana","wrong-email-phone-credentials":"Virheellinen sähköpostiosoite, puhelinnumero tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-email-phone-username-credentials":"Virheellinen sähköpostiosoite, puhelinnumero, käyttäjänimi tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-email-username-credentials":"Virheellinen sähköpostiosoite, käyttäjänimi tai salasana","wrong-phone-credentials":"Virheellinen puhelinnumero tai salasana","wrong-phone-username-credentials":"Virheellinen puhelinnumero, käyttäjänimi tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-username-credentials":"Virheellinen käyttäjänimi tai salasana",passkeyButtonText:"Kirjaudu sisään passkey:llä"}},"login-password":{"login-password":{buttonText:"Kirjaudu sisään",description:"Anna sähköpostiosoitteesi ja salasanasi kirjautuaksesi sisään.",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana","no-password":"Salasana vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}","password-breached":"Olemme havainneet mahdollisen tietoturvaongelman tässä tilissä. Tilisi suojaamiseksi olemme estäneet tämän kirjautumisen. Vaihda salasanasi jatkaaksesi.",passwordPlaceholder:"Salasana",showPasswordText:"Näytä salasana",signingInAs:"Kirjaudutaan käyttäjänä ${email}",title:"Anna salasana",unverifiedEmail:"Vahvista sähköpostiosoitteesi ennen kirjautumista","user-blocked":"Tilisi on estetty useiden peräkkäisten kirjautumisyritysten jälkeen.","wrong-credentials":"Väärä salasana"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"sähköposti",authMethodEmailOrPhone:"sähköposti tai puhelinnumero",authMethodPhone:"puhelinnumero",description:"Kirjaudu sisään käyttämällä ${authMethod}",emailOrPhonePlaceholder:"Sähköpostiosoite tai puhelinnumero",emailPlaceholder:"Sähköpostiosoite",invalidEmail:"Syötä kelvollinen sähköpostiosoite",invalidIdentifier:"Syötä kelvollinen sähköpostiosoite tai puhelinnumero",invalidPhone:"Syötä kelvollinen puhelinnumero maatunnuksella",noEmail:"Syötä sähköpostiosoitteesi",noPhone:"Syötä puhelinnumerosi",phonePlaceholder:"Puhelinnumero",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Kirjaudu koodilla",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Napsauta sähköpostissasi olevaa linkkiä kirjautuaksesi sisään",description:"Lähetimme linkin osoitteeseen ${username}. Napsauta sitä kirjautuaksesi.",resendText:"Lähetä linkki uudelleen",spamText:"Etkö saanut sähköpostia? Tarkista roskapostikansiosi.",title:"Tarkista sähköpostisi"}},mfa:hT,"mfa-email":{"mfa-email":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Lähetimme koodin osoitteeseen ${email}","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Sähköpostivahvistus | ${clientName}",resendText:"Lähetä koodi uudelleen",title:"Tarkista sähköpostisi"}},"mfa-otp":{"mfa-otp":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Syötä 6-numeroinen koodi todentajasovelluksestasi","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Syötä koodi | ${clientName}",title:"Syötä koodisi"},"mfa-totp-enrollment":{title:"Ota todentajasovellus käyttöön",description:"Skannaa alla oleva QR-koodi todentajasovelluksellasi ja syötä sitten 6-numeroinen koodi vahvistaaksesi",secretLabel:"Tai syötä tämä koodi manuaalisesti:",codePlaceholder:"Syötä koodi",continueButtonText:"Vahvista ja aktivoi","invalid-code":"Syöttämäsi koodi on virheellinen. Yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.",pageTitle:"Ota todentaja käyttöön | ${clientName}",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",enrollmentComplete:"MFA-rekisteröinti on valmis. Voit sulkea tämän sivun."},"mfa-totp-challenge":{title:"Vahvista henkilöllisyytesi",description:"Syötä 6-numeroinen koodi todentajasovelluksestasi",codePlaceholder:"Syötä koodi",continueButtonText:"Jatka","invalid-code":"Syöttämäsi koodi on virheellinen","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",pageTitle:"Vahvista henkilöllisyys | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Käytä puhelinnumeroasi kirjautumiseen | ${clientName}",title:"Vahvista henkilöllisyytesi",description:"Lähetimme koodin numeroon ${phoneNumber}",continueButtonText:"Jatka",changePhoneText:"Valitse toinen puhelinnumero.",smsButtonText:"Tekstiviesti",voiceButtonText:"Äänipuhelu",chooseMessageTypeText:"Miten haluat vastaanottaa koodin?",pickAuthenticatorText:"Kokeile toista menetelmää",logoAltText:"${companyName}",codePlaceholder:"Syötä koodi","send-sms-failed":"Tekstiviestin lähettämisessä oli ongelma","send-voice-failed":"Äänipuhelun soittamisessa oli ongelma","invalid-phone-format":"Puhelinnumero voi sisältää vain numeroita.","invalid-phone":"Puhelinnumerosi ei vaikuta olevan kelvollinen. Tarkista ja yritä uudelleen.","too-many-sms":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","too-many-voice":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.","no-phone":"Syötä puhelinnumero",noCode:"Syötä vahvistuskoodi",invalidCode:"Antamasi koodi on virheellinen. Yritä uudelleen.",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",resendSuccess:"Lähetimme uuden koodin puhelimeesi",enrollmentComplete:"MFA-rekisteröinti on valmis. Voit sulkea tämän sivun."},"mfa-phone-enrollment":{pageTitle:"Syötä puhelinnumerosi kirjautuaksesi puhelinkoodilla | ${clientName}",title:"Suojaa tilisi",description:"Syötä maakoodisi ja puhelinnumero, johon voimme lähettää 6-numeroisen koodin:",continueButtonText:"Jatka",smsButtonText:"Tekstiviesti",voiceButtonText:"Äänipuhelu",chooseMessageTypeText:"Miten haluat vastaanottaa koodin?",pickAuthenticatorText:"Kokeile toista menetelmää",placeholder:"Syötä puhelinnumerosi",logoAltText:"${companyName}",selectCountryCode:"Valitse maakoodi, tällä hetkellä asetettu ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Tekstiviestin lähettämisessä oli ongelma","send-voice-failed":"Äänipuhelun soittamisessa oli ongelma","sms-authenticator-error":"Emme pystyneet lähettämään tekstiviestiä. Yritä myöhemmin uudelleen.","invalid-phone-format":"Puhelinnumero voi sisältää vain numeroita.","invalid-phone":"Puhelinnumerosi ei vaikuta olevan kelvollinen. Tarkista ja yritä uudelleen.","too-many-sms":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","too-many-voice":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.","no-phone":"Syötä puhelinnumero","phone-is-too-short":"Puhelinnumero on liian lyhyt","phone-is-too-long":"Puhelinnumero on liian pitkä"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Valitse vahvistusmenetelmä | ${clientName}",title:"Valitse vahvistusmenetelmä",description:"Valitse, miten haluat vahvistaa henkilöllisyytesi",authenticatorAppLabel:"Todennussovellus",authenticatorAppDescription:"Käytä todennussovellusta vahvistuskoodin saamiseksi",smsLabel:"Tekstiviesti",smsDescription:"Saat vahvistuskoodin puhelimeesi tekstiviestillä",passkeyLabel:"Tunnistautumisavain",passkeyDescription:"Käytä laitteesi biometriikkaa tai suojausavainta"}},"mfa-push":{"mfa-push":{description:"Lähetimme ilmoituksen laitteellesi",pageTitle:"Push-ilmoitus | ${clientName}",resendText:"Lähetä ilmoitus uudelleen",title:"Hyväksy pyyntö",useCodeText:"Syötä koodi manuaalisesti"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Jatka",codePlaceholder:"Palautuskoodi",description:"Syötä yksi palautuskoodeistasi","invalid-code":"Syöttämäsi palautuskoodi on virheellinen",pageTitle:"Palautuskoodi | ${clientName}",title:"Syötä palautuskoodi"}},"mfa-voice":{"mfa-voice":{buttonText:"Soita minulle",codePlaceholder:"Syötä koodi",description:"Soitamme numeroon ${phoneNumber} ja kerromme koodisi","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Äänipuhelu | ${clientName}",title:"Vastaanota puhelu"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Yritä uudelleen",description:"Aseta turva-avaimesi ja seuraa ohjeita",pageTitle:"Turva-avain | ${clientName}",title:"Käytä turva-avaintasi"}},passkeys:gT,organizations:mT,"reset-password":{"reset-password":{backToLoginText:"Palaa takaisin",buttonText:"Lähetä salasanan palautussähköposti",codeExpired:"Salasanan palautuskoodisi on vanhentunut. Pyydä uusi koodi.",confirmPasswordLabel:"Vahvista salasana",confirmPasswordPlaceholder:"Vahvista salasana",description:"Napsauta alla olevaa painiketta, niin lähetämme ohjeet salasanasi palauttamiseen.",emailPlaceholder:"Sähköpostiosoite",failed:"Salasanan vaihto epäonnistui. Yritä uudelleen.","invalid-email-format":"Virheellinen sähköpostiosoite","no-email":"Sähköpostiosoite vaaditaan",pageTitle:"Vaihda salasana | ${clientName}",passwordLabel:"Uusi salasana",passwordPlaceholder:"Uusi salasana",passwordTooWeak:"Salasana on liian heikko",passwordsDidntMatch:"Salasanat eivät täsmää",successDescription:"Olemme lähettäneet salasanan palautuslinkin sähköpostiosoitteeseesi.",successTitle:"Salasanan palautussähköposti lähetetty",title:"Unohditko salasanan?","user-not-found":"Käyttäjää ei löytynyt"},"reset-password-code":{backToLoginText:"Takaisin kirjautumiseen",buttonText:"Vaihda salasana",codeLabel:"Palautuskoodi",codePlaceholder:"Syötä 6-numeroinen koodi",confirmPasswordLabel:"Vahvista salasana",confirmPasswordPlaceholder:"Vahvista salasana",defaultDescription:"Syötä sähköpostiisi lähetetty koodi ja valitse uusi salasana",description:"Lähetimme koodin osoitteeseen ${email}",failed:"Salasanan vaihto epäonnistui. Yritä uudelleen.",invalidCode:"Syöttämäsi koodi on virheellinen tai vanhentunut",noCode:"Syötä palautuskoodi",pageTitle:"Syötä palautuskoodi | ${clientName}",passwordLabel:"Uusi salasana",passwordPlaceholder:"Uusi salasana",passwordTooWeak:"Salasana on liian heikko",passwordsDidntMatch:"Salasanat eivät täsmää",resendFailed:"Koodin uudelleenlähetys epäonnistui. Yritä uudelleen.",resendSuccess:"Uusi koodi on lähetetty sähköpostiisi",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Syötä palautuskoodi"}},signup:yT,"signup-id":{"signup-id":{buttonText:"Jatka",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.","email-already-exists":"Sähköposti on jo varattu",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}","invalid-email-format":"Virheellinen sähköpostiosoite",loginActionLinkText:"Kirjaudu sisään",loginActionText:"Onko sinulla jo tili?","no-email":"Sähköpostiosoite vaaditaan",pageTitle:"Rekisteröidy | ${clientName}",phonePlaceholder:"Puhelinnumero",separatorText:"tai",title:"Valitse salasana",usernamePlaceholder:"Käyttäjänimi"}},"signup-password":{"signup-password":{buttonText:"Jatka",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.",hidePasswordText:"Piilota salasana","no-password":"Salasana vaaditaan",pageTitle:"Rekisteröidy | ${clientName}","password-policy-not-met":"Salasana ei täytä vaatimuksia","password-too-weak":"Salasana on liian heikko",passwordPlaceholder:"Salasana",showPasswordText:"Näytä salasana",title:"Valitse salasana"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Jatka",codeLabel:"Vahvistuskoodi",codePlaceholder:"Syötä koodi",defaultDescription:"Syötä puhelimeesi lähetetty vahvistuskoodi",description:"Lähetimme koodin käyttäjälle ${username}","invalid-code":"Virheellinen koodi",noCode:"Syötä vahvistuskoodi",pageTitle:"Syötä koodi | ${clientName}",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Tarkista puhelimesi",unexpectedError:"Odottamaton virhe tapahtui"}},status:_T},SO=Object.freeze(Object.defineProperty({__proto__:null,common:dT,consent:uT,default:kO,invitation:pT,login:fT,mfa:hT,organizations:mT,passkeys:gT,signup:yT,status:_T},Symbol.toStringTag,{value:"Module"})),wT={common:{alertListTitle:"Avvisi",backText:"Torna indietro",cancelText:"Annulla",closeText:"Chiudi",contactSupportText:"Contatta l'assistenza",continueText:"Continua",copyrightText:"© ${currentYear} ${companyName}",errorText:"Si è verificato un errore",hidePasswordText:"Nascondi password",loadingText:"Caricamento...",orText:"o",privacyPolicyText:"Informativa sulla privacy",showPasswordText:"Mostra password",termsOfServiceText:"Termini di servizio",termsShortText:"Termini",tryAgainText:"Riprova"}},bT={consent:{buttonText:"Accetta",cancelButtonText:"Rifiuta",description:"${clientName} richiede l'accesso al tuo account",pageTitle:"Autorizza | ${clientName}",scopesTitle:"Questo permetterà a ${clientName} di:",title:"Autorizza ${clientName}"}},vT={invitation:{acceptButtonText:"Accetta invito",description:"${inviterName} ti ha invitato a unirti a ${organizationName} su ${clientName}",pageTitle:"Invito | ${clientName}",title:"Sei stato invitato"}},AT={login:{alertListTitle:"Avvisi",buttonText:"Continua",description:"Accedi a ${clientName}.",editEmailText:"Modifica",emailPlaceholder:"Indirizzo e-mail",enterACodeBtn:"Accedi con un codice",federatedConnectionButtonText:"Continua con ${connectionName}",footerLinkText:"Iscriviti",footerText:"Non hai un account?",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password",invalidEmail:"Email non valida",invalidIdentifier:"Email o nome utente non valido",invitationDescription:"Accedi per accettare l'invito di ${inviterName} a unirti a ${companyName} su ${clientName}.",invitationTitle:"Sei stato invitato!",logoAltText:"${companyName}","no-email":"Inserisci un indirizzo email","no-password":"La password è obbligatoria",pageTitle:"Accedi | ${clientName}",passwordLoginNotAvailable:"L'autenticazione con password non è disponibile",passwordPlaceholder:"Password",phonePlaceholder:"Numero di telefono",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",signupActionLinkText:"Iscriviti",signupActionText:"Non hai un account?",title:"Benvenuto",tooManyFailedLogins:"Troppi tentativi di accesso falliti. Riprova più tardi.",unverifiedEmail:"Verifica il tuo indirizzo email prima di accedere",userAccountDoesNotExist:"L'account utente non esiste",usernamePlaceholder:"Nome utente o indirizzo email",usernameTooLong:"Il nome utente deve avere al massimo ${max} caratteri",usernameTooShort:"Il nome utente deve avere almeno ${min} caratteri",wrongCredentials:"Nome utente o password errati",passkeyButtonText:"Accedi con una passkey"}},kT={mfa:{backupCodeText:"Usa codice di backup",description:"Scegli un metodo di verifica",pageTitle:"Autenticazione a più fattori | ${clientName}",title:"Verifica la tua identità"}},ST={"passkey-enrollment-nudge":{title:"Proteggi il tuo account con una passkey",description:"Le passkey utilizzano la biometria o il PIN del tuo dispositivo per accedere più velocemente e in modo più sicuro.",enrollButtonText:"Configura passkey",snoozeButtonText:"Forse più tardi",optOutLinkText:"Non mostrare più",pageTitle:"Configura Passkey | ${clientName}"},"passkey-enrollment":{title:"Crea la tua passkey",description:"Segui le istruzioni del browser per creare una passkey per questo account.",errorMessage:"Creazione della passkey non riuscita. Riprova.",cancelLinkText:"Salta per ora",retryButtonText:"Riprova",enrollmentComplete:"La tua passkey è stata configurata con successo. Puoi chiudere questa pagina.",pageTitle:"Crea Passkey | ${clientName}"},"passkey-challenge":{title:"Accedi con passkey",description:"Segui le istruzioni del browser per verificare la tua identità.",errorMessage:"Autenticazione con passkey non riuscita. Riprova.",cancelLinkText:"Torna al login",retryButtonText:"Riprova",pageTitle:"Accedi con passkey | ${clientName}"}},ET={organizations:{description:"Scegli a quale organizzazione accedere",pageTitle:"Seleziona organizzazione | ${clientName}",searchPlaceholder:"Cerca organizzazioni",title:"Seleziona la tua organizzazione"}},xT={signup:{buttonText:"Iscriviti",confirmPasswordPlaceholder:"Conferma password",description:"Registrati per continuare","email-already-exists":"Questa email è già registrata",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}",hidePasswordText:"Nascondi password","invalid-email-format":"Email non valida",loginActionLinkText:"Accedi",loginActionText:"Hai già un account?","no-email":"Inserisci un indirizzo email","no-password":"La password è obbligatoria","no-username":"Il nome utente è obbligatorio",pageTitle:"Registrati | ${clientName}",passwordPlaceholder:"Password",passwordsDidntMatch:"Le password non corrispondono",phonePlaceholder:"Numero di telefono",privacyPolicyLinkText:"Informativa sulla privacy",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",termsOfServiceLinkText:"Termini di servizio",termsText:"Registrandoti, accetti i nostri",title:"Crea il tuo account","username-already-exists":"Questo nome utente è già in uso",usernamePlaceholder:"Nome utente",verifyEmailText:"Controlla la tua email per verificare il tuo account"}},CT={status:{continueButtonText:"Continua",errorTitle:"Errore",pageTitle:"Stato | ${clientName}",successTitle:"Operazione riuscita",title:"Stato"}},EO={common:wT,consent:bT,"device-flow":{"device-flow":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Inserisci il codice mostrato sul tuo dispositivo","expired-code":"Il codice è scaduto","invalid-code":"Il codice inserito non è valido",pageTitle:"Attivazione dispositivo | ${clientName}",title:"Attiva il tuo dispositivo"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Continua",codeLabel:"Codice di verifica",codePlaceholder:"Inserisci il codice",defaultDescription:"Inserisci il codice di verifica inviato alla tua email",description:"Abbiamo inviato un codice a ${email}","invalid-code":"Codice non valido",noCode:"Inserisci il codice di verifica",pageTitle:"Inserisci il codice | ${clientName}",resendText:"Reinvio del codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Controlla la tua email",unexpectedError:"Si è verificato un errore imprevisto"}},"email-verification":{"email-verification":{description:"Abbiamo inviato un'email a ${email}",pageTitle:"Verifica email | ${clientName}",resendText:"Reinvia email",successDescription:"La tua email è stata verificata con successo.",successTitle:"Email verificata",title:"Verificare l'e-mail"}},invitation:vT,login:AT,"login-id":{"login-id":{alertListTitle:"Avvisi","auth0-users-validation":"Qualcosa è andato storto, riprova più tardi","authentication-failure":"Siamo spiacenti, si è verificato un errore durante il tentativo di accesso",buttonText:"Continua","captcha-client-failure":"Non è stato possibile caricare la verifica di sicurezza. Riprova. (Codice errore: #{errorCode})","captcha-validation-failure":"Siamo spiacenti, si è verificato un errore durante la convalida della risposta captcha. Riprova.",captchaCodePlaceholder:"Inserisci il codice mostrato sopra","custom-script-error-code":"Qualcosa è andato storto, riprova più tardi.",description:"Accedi a ${clientName}.",editEmailText:"Modifica",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}",footerLinkText:"Iscriviti",footerText:"Non hai un account?",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password","invalid-captcha":"Risolvi la domanda di verifica per confermare che non sei un robot.","invalid-code":"Codice non valido","invalid-connection":"Connessione non valida","invalid-email-format":"Email non valida","invalid-email-phone":"Inserisci un indirizzo email o un numero di telefono valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-email-phone-username":"Inserisci un indirizzo email, un numero di telefono o un nome utente valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-email-username":"Inserisci un indirizzo email o un nome utente valido","invalid-expired-code":"Codice utente non valido o scaduto","invalid-login-id":"ID di accesso non valido","invalid-phone-username":"Inserisci un numero di telefono o un nome utente valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-recaptcha":"Seleziona la casella per confermare che non sei un robot.","invalid-username":"Il nome utente può contenere solo caratteri alfanumerici o: '${characters}'. Il nome utente deve avere tra ${min} e ${max} caratteri.",invitationDescription:"Accedi per accettare l'invito di ${inviterName} a unirti a ${companyName} su ${clientName}.",invitationTitle:"Sei stato invitato!","ip-blocked":"Abbiamo rilevato un comportamento di accesso sospetto e ulteriori tentativi saranno bloccati. Contatta l'amministratore.",logoAltText:"${companyName}","no-db-connection":"Connessione non valida","no-email":"Inserisci un indirizzo email","no-email-phone":"È richiesto un indirizzo email o un numero di telefono","no-email-phone-username":"È richiesto un numero di telefono, un nome utente o un indirizzo email","no-email-username":"È richiesto un indirizzo email o un nome utente","no-password":"La password è obbligatoria","no-phone":"Inserisci un numero di telefono","no-phone-username":"È richiesto un numero di telefono o un nome utente","no-username":"Il nome utente è obbligatorio",pageTitle:"Accedi | ${clientName}","password-breached":"Abbiamo rilevato un potenziale problema di sicurezza con questo account. Per proteggere il tuo account, abbiamo impedito questo accesso. Reimposta la password per procedere.",passwordPlaceholder:"Password",phoneOrEmailPlaceholder:"Indirizzo e-mail o numero di telefono",phoneOrUsernameOrEmailPlaceholder:"Telefono, nome utente o email",phoneOrUsernamePlaceholder:"Numero di telefono o nome utente",phonePlaceholder:"Numero di telefono","same-user-login":"Troppi tentativi di accesso per questo utente. Attendi e riprova più tardi.",selectCountryCode:"Seleziona prefisso paese, attualmente impostato su ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",signupActionLinkText:"Iscriviti",signupActionText:"Non hai un account?",termsAndConditionsTemplate:'Continuando, accetti i nostri <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Termini e condizioni</a>.',title:"Benvenuto","user-blocked":"Il tuo account è stato bloccato dopo diversi tentativi di accesso consecutivi.",userAccountDoesNotExist:"L'account utente non esiste",usernameOnlyPlaceholder:"Nome utente",usernameOrEmailPlaceholder:"Nome utente o indirizzo email",usernamePlaceholder:"Nome utente",usernameTooLong:"Il nome utente deve avere al massimo ${max} caratteri",usernameTooShort:"Il nome utente deve avere almeno ${min} caratteri","wrong-credentials":"Nome utente o password errati","wrong-email-credentials":"Email o password errati","wrong-email-phone-credentials":"Indirizzo email, numero di telefono o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-email-phone-username-credentials":"Indirizzo email, numero di telefono, nome utente o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-email-username-credentials":"Indirizzo email, nome utente o password errati","wrong-phone-credentials":"Numero di telefono o password errati","wrong-phone-username-credentials":"Numero di telefono, nome utente o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-username-credentials":"Nome utente o password errati",passkeyButtonText:"Accedi con una passkey"}},"login-password":{"login-password":{buttonText:"Accedi",description:"Accedi a ${clientName}",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password","no-password":"La password è obbligatoria",pageTitle:"Accedi | ${clientName}","password-breached":"Abbiamo rilevato un potenziale problema di sicurezza con questo account. Per proteggere il tuo account, abbiamo impedito questo accesso. Reimposta la password per procedere.",passwordPlaceholder:"Password",showPasswordText:"Mostra password",signingInAs:"Accesso come ${email}",title:"Inserire la password",unverifiedEmail:"Verifica il tuo indirizzo email prima di accedere","user-blocked":"Il tuo account è stato bloccato dopo diversi tentativi di accesso consecutivi.","wrong-credentials":"Password errata"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"email",authMethodEmailOrPhone:"email o numero di telefono",authMethodPhone:"numero di telefono",description:"Accedi usando il tuo ${authMethod}",emailOrPhonePlaceholder:"Indirizzo email o numero di telefono",emailPlaceholder:"Indirizzo e-mail",invalidEmail:"Inserisci un indirizzo email valido",invalidIdentifier:"Inserisci un indirizzo email o un numero di telefono valido",invalidPhone:"Inserisci un numero di telefono valido con il prefisso internazionale",noEmail:"Inserisci il tuo indirizzo email",noPhone:"Inserisci il tuo numero di telefono",phonePlaceholder:"Numero di telefono",sessionExpired:"La sessione è scaduta. Riprova.",title:"Accedi con un codice",userAccountDoesNotExist:"L'account utente non esiste"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Clicca il link nella tua email per accedere",description:"Abbiamo inviato un link a ${username}. Cliccalo per accedere.",resendText:"Reinvia link",spamText:"Non hai ricevuto l'email? Controlla la cartella spam.",title:"Controlla la tua email"}},mfa:kT,"mfa-email":{"mfa-email":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Abbiamo inviato un codice a ${email}","invalid-code":"Il codice inserito non è valido",pageTitle:"Verifica email | ${clientName}",resendText:"Reinvia codice",title:"Controlla la tua email"}},"mfa-otp":{"mfa-otp":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Inserisci il codice a 6 cifre dalla tua app di autenticazione","invalid-code":"Il codice inserito non è valido",pageTitle:"Inserisci il codice | ${clientName}",title:"Inserisci il tuo codice"},"mfa-totp-enrollment":{title:"Configura l'autenticatore",description:"Scansiona il codice QR qui sotto con la tua app di autenticazione, poi inserisci il codice a 6 cifre per verificare",secretLabel:"Oppure inserisci questo codice manualmente:",codePlaceholder:"Inserisci il codice",continueButtonText:"Verifica e attiva","invalid-code":"Il codice inserito non è valido. Riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.",pageTitle:"Configura autenticatore | ${clientName}",unexpectedError:"Qualcosa è andato storto. Riprova.",enrollmentComplete:"La registrazione MFA è completata. Puoi chiudere questa pagina."},"mfa-totp-challenge":{title:"Verifica la tua identità",description:"Inserisci il codice a 6 cifre dalla tua app di autenticazione",codePlaceholder:"Inserisci il codice",continueButtonText:"Continua","invalid-code":"Il codice inserito non è valido","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.",unexpectedError:"Qualcosa è andato storto. Riprova.",pageTitle:"Verifica identità | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Usa il tuo numero di telefono per accedere | ${clientName}",title:"Verifica la tua identità",description:"Abbiamo inviato un codice a ${phoneNumber}",continueButtonText:"Continua",changePhoneText:"Scegli un altro numero di telefono.",smsButtonText:"Messaggio di testo",voiceButtonText:"Chiamata vocale",chooseMessageTypeText:"Come vuoi ricevere il codice?",pickAuthenticatorText:"Prova un altro metodo",logoAltText:"${companyName}",codePlaceholder:"Inserisci il codice","send-sms-failed":"Si è verificato un problema nell'invio dell'SMS","send-voice-failed":"Si è verificato un problema nell'effettuare la chiamata vocale","invalid-phone-format":"Il numero di telefono può contenere solo cifre.","invalid-phone":"Sembra che il tuo numero di telefono non sia valido. Controlla e riprova.","too-many-sms":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","too-many-voice":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.","no-phone":"Inserisci un numero di telefono",noCode:"Inserisci il codice di verifica",invalidCode:"Il codice inserito non è valido. Riprova.",unexpectedError:"Qualcosa è andato storto. Riprova.",resendSuccess:"Abbiamo inviato un nuovo codice al tuo telefono",enrollmentComplete:"La registrazione MFA è completata. Puoi chiudere questa pagina."},"mfa-phone-enrollment":{pageTitle:"Inserisci il tuo numero di telefono per accedere con un codice telefonico | ${clientName}",title:"Proteggi il tuo account",description:"Inserisci il prefisso del paese e il numero di telefono a cui possiamo inviare un codice a 6 cifre:",continueButtonText:"Continua",smsButtonText:"Messaggio di testo",voiceButtonText:"Chiamata vocale",chooseMessageTypeText:"Come vuoi ricevere il codice?",pickAuthenticatorText:"Prova un altro metodo",placeholder:"Inserisci il tuo numero di telefono",logoAltText:"${companyName}",selectCountryCode:"Seleziona prefisso paese, attualmente impostato su ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Si è verificato un problema nell'invio dell'SMS","send-voice-failed":"Si è verificato un problema nell'effettuare la chiamata vocale","sms-authenticator-error":"Non siamo riusciti a inviare l'SMS. Riprova più tardi.","invalid-phone-format":"Il numero di telefono può contenere solo cifre.","invalid-phone":"Sembra che il tuo numero di telefono non sia valido. Controlla e riprova.","too-many-sms":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","too-many-voice":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.","no-phone":"Inserisci un numero di telefono","phone-is-too-short":"Il numero di telefono è troppo corto","phone-is-too-long":"Il numero di telefono è troppo lungo"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Scegli il metodo di verifica | ${clientName}",title:"Scegli il metodo di verifica",description:"Seleziona come vuoi verificare la tua identità",authenticatorAppLabel:"App di autenticazione",authenticatorAppDescription:"Usa la tua app di autenticazione per ottenere un codice di verifica",smsLabel:"Messaggio di testo",smsDescription:"Ricevi un codice di verifica inviato al tuo telefono",passkeyLabel:"Passkey",passkeyDescription:"Usa la biometria del tuo dispositivo o una chiave di sicurezza"}},"mfa-push":{"mfa-push":{description:"Abbiamo inviato una notifica al tuo dispositivo",pageTitle:"Notifica push | ${clientName}",resendText:"Reinvia notifica",title:"Approva la richiesta",useCodeText:"Inserisci il codice manualmente"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Continua",codePlaceholder:"Codice di recupero",description:"Inserisci uno dei tuoi codici di recupero","invalid-code":"Il codice di recupero inserito non è valido",pageTitle:"Codice di recupero | ${clientName}",title:"Inserisci il codice di recupero"}},"mfa-voice":{"mfa-voice":{buttonText:"Chiamami",codePlaceholder:"Inserisci il codice",description:"Chiameremo ${phoneNumber} con il tuo codice","invalid-code":"Il codice inserito non è valido",pageTitle:"Chiamata vocale | ${clientName}",title:"Ricevi una telefonata"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Riprova",description:"Inserisci la tua chiave di sicurezza e segui le istruzioni",pageTitle:"Chiave di sicurezza | ${clientName}",title:"Usa la tua chiave di sicurezza"}},passkeys:ST,organizations:ET,"reset-password":{"reset-password":{backToLoginText:"Torna al login",buttonText:"Continua",codeExpired:"Il codice di reimpostazione della password è scaduto. Richiedine uno nuovo.",confirmPasswordLabel:"Conferma password",confirmPasswordPlaceholder:"Conferma password",description:"Inserisci la tua email per reimpostare la password",emailPlaceholder:"Indirizzo e-mail",failed:"Reimpostazione della password non riuscita. Riprova.","invalid-email-format":"Email non valida","no-email":"Inserisci un indirizzo email",pageTitle:"Reimposta password | ${clientName}",passwordLabel:"Nuova password",passwordPlaceholder:"Nuova password",passwordTooWeak:"La password è troppo debole",passwordsDidntMatch:"Le password non corrispondono",successDescription:"Abbiamo inviato un link per reimpostare la password al tuo indirizzo email.",successTitle:"Controlla la tua email",title:"Hai dimenticato la password?","user-not-found":"Utente non trovato"},"reset-password-code":{backToLoginText:"Torna al login",buttonText:"Reimposta password",codeLabel:"Codice di reimpostazione",codePlaceholder:"Inserisci il codice a 6 cifre",confirmPasswordLabel:"Conferma password",confirmPasswordPlaceholder:"Conferma password",defaultDescription:"Inserisci il codice inviato alla tua email e scegli una nuova password",description:"Abbiamo inviato un codice a ${email}",failed:"Reimpostazione della password non riuscita. Riprova.",invalidCode:"Il codice inserito non è valido o è scaduto",noCode:"Inserisci il codice di reimpostazione",pageTitle:"Inserisci il codice di reimpostazione | ${clientName}",passwordLabel:"Nuova password",passwordPlaceholder:"Nuova password",passwordTooWeak:"La password è troppo debole",passwordsDidntMatch:"Le password non corrispondono",resendFailed:"Impossibile reinviare il codice. Riprova.",resendSuccess:"Un nuovo codice è stato inviato alla tua email",resendText:"Reinvia codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Inserisci il codice di reimpostazione"}},signup:xT,"signup-id":{"signup-id":{buttonText:"Continua",description:"Registrati per continuare","email-already-exists":"Questa email è già registrata",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}","invalid-email-format":"Email non valida",loginActionLinkText:"Accedi",loginActionText:"Hai già un account?","no-email":"Inserisci un indirizzo email",pageTitle:"Registrati | ${clientName}",phonePlaceholder:"Numero di telefono",separatorText:"o",title:"Crea il tuo account",usernamePlaceholder:"Nome utente"}},"signup-password":{"signup-password":{buttonText:"Continua",description:"Registrati per continuare",hidePasswordText:"Nascondi password","no-password":"La password è obbligatoria",pageTitle:"Registrati | ${clientName}","password-policy-not-met":"La password non soddisfa i requisiti","password-too-weak":"La password è troppo debole",passwordPlaceholder:"Password",showPasswordText:"Mostra password",title:"Crea la tua password"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Continua",codeLabel:"Codice di verifica",codePlaceholder:"Inserisci il codice",defaultDescription:"Inserisci il codice di verifica inviato al tuo telefono",description:"Abbiamo inviato un codice a ${username}","invalid-code":"Codice non valido",noCode:"Inserisci il codice di verifica",pageTitle:"Inserisci il codice | ${clientName}",resendText:"Reinvia codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Controlla il tuo telefono",unexpectedError:"Si è verificato un errore imprevisto"}},status:CT},xO=Object.freeze(Object.defineProperty({__proto__:null,common:wT,consent:bT,default:EO,invitation:vT,login:AT,mfa:kT,organizations:ET,passkeys:ST,signup:xT,status:CT},Symbol.toStringTag,{value:"Module"})),TT={common:{alertListTitle:"Varsler",backText:"Gå tilbake",cancelText:"Avbryt",closeText:"Lukk",contactSupportText:"Kontakt kundestøtte",continueText:"Fortsett",copyrightText:"© ${currentYear} ${companyName}",errorText:"Det oppstod en feil",hidePasswordText:"Skjul passord",loadingText:"Laster...",orText:"eller",privacyPolicyText:"Personvernerklæring",showPasswordText:"Vis passord",termsOfServiceText:"Vilkår for bruk",termsShortText:"Vilkår",tryAgainText:"Prøv igjen"}},$T={consent:{buttonText:"Godta",cancelButtonText:"Avslå",description:"${clientName} ber om tilgang til kontoen din",pageTitle:"Godkjenn | ${clientName}",scopesTitle:"Dette vil gi ${clientName} tillatelse til å:",title:"Godkjenn ${clientName}"}},IT={invitation:{acceptButtonText:"Godta invitasjon",description:"${inviterName} har invitert deg til å bli med i ${organizationName} på ${clientName}",pageTitle:"Invitasjon | ${clientName}",title:"Du har blitt invitert"}},zT={login:{alertListTitle:"Varsler",buttonText:"Fortsett",description:"Logg inn på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-postadresse",enterACodeBtn:"Logg inn med en kode",federatedConnectionButtonText:"Fortsett med ${connectionName}",footerLinkText:"Registrer deg",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord",invalidEmail:"Ugyldig e-postadresse",invalidIdentifier:"Ugyldig e-postadresse eller brukernavn",invitationDescription:"Logg inn for å godta ${inviterName} sin invitasjon til å bli med i ${companyName} på ${clientName}.",invitationTitle:"Du har blitt invitert!",logoAltText:"${companyName}","no-email":"Vennligst oppgi en e-postadresse","no-password":"Passord er påkrevd",pageTitle:"Logg inn | ${clientName}",passwordLoginNotAvailable:"Passordautentisering er ikke tilgjengelig",passwordPlaceholder:"Passord",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",signupActionLinkText:"Registrer deg",signupActionText:"Har du ikke en konto?",title:"Velkommen",tooManyFailedLogins:"For mange mislykkede innloggingsforsøk. Vennligst prøv igjen senere.",unverifiedEmail:"Vennligst bekreft e-postadressen din før du logger inn",userAccountDoesNotExist:"Brukerkontoen finnes ikke",usernamePlaceholder:"Brukernavn eller e-postadresse",usernameTooLong:"Brukernavnet må være ${max} tegn eller færre",usernameTooShort:"Brukernavnet må være minst ${min} tegn",wrongCredentials:"Feil brukernavn eller passord",passkeyButtonText:"Logg inn med passkey"}},PT={mfa:{backupCodeText:"Bruk reservekode",description:"Velg en bekreftelsesmetode",pageTitle:"Flerfaktorautentisering | ${clientName}",title:"Bekreft identiteten din"}},NT={"passkey-enrollment-nudge":{title:"Sikre kontoen din med en passnøkkel",description:"Passnøkler bruker enhetens biometri eller PIN-kode for å logge deg inn raskere og sikrere.",enrollButtonText:"Sett opp passnøkkel",snoozeButtonText:"Kanskje senere",optOutLinkText:"Ikke vis dette igjen",pageTitle:"Sett Opp Passnøkkel | ${clientName}"},"passkey-enrollment":{title:"Opprett passnøkkelen din",description:"Følg instruksjonene fra nettleseren for å opprette en passnøkkel for denne kontoen.",errorMessage:"Kunne ikke opprette passnøkkel. Vennligst prøv igjen.",cancelLinkText:"Hopp over for nå",retryButtonText:"Prøv igjen",enrollmentComplete:"Passnøkkelen din er konfigurert. Du kan lukke denne siden.",pageTitle:"Opprett Passnøkkel | ${clientName}"},"passkey-challenge":{title:"Logg inn med passkey",description:"Følg instruksjonene fra nettleseren for å bekrefte identiteten din.",errorMessage:"Autentisering med passkey mislyktes. Vennligst prøv igjen.",cancelLinkText:"Tilbake til innlogging",retryButtonText:"Prøv igjen",pageTitle:"Logg inn med passkey | ${clientName}"}},FT={organizations:{description:"Velg hvilken organisasjon du vil logge inn på",pageTitle:"Velg organisasjon | ${clientName}",searchPlaceholder:"Søk etter organisasjoner",title:"Velg din organisasjon"}},OT={signup:{buttonText:"Registrer deg",confirmPasswordPlaceholder:"Bekreft passord",description:"Registrer deg for å fortsette","email-already-exists":"E-postadressen er allerede registrert",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}",hidePasswordText:"Skjul passord","invalid-email-format":"Ugyldig e-postadresse",loginActionLinkText:"Logg inn",loginActionText:"Har du allerede en konto?","no-email":"Vennligst oppgi en e-postadresse","no-password":"Passord er påkrevd","no-username":"Brukernavn er påkrevd",pageTitle:"Registrer deg | ${clientName}",passwordPlaceholder:"Passord",passwordsDidntMatch:"Passordene samsvarer ikke",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Personvernerklæring",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",termsOfServiceLinkText:"Vilkår for bruk",termsText:"Ved å registrere deg godtar du våre",title:"Opprett kontoen din","username-already-exists":"Dette brukernavnet er allerede tatt",usernamePlaceholder:"Brukernavn",verifyEmailText:"Sjekk e-posten din for å bekrefte kontoen"}},jT={status:{continueButtonText:"Fortsett",errorTitle:"Feil",pageTitle:"Status | ${clientName}",successTitle:"Vellykket",title:"Status"}},CO={common:TT,consent:$T,"device-flow":{"device-flow":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Skriv inn koden som vises på enheten din","expired-code":"Koden har utløpt","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Enhetsaktivering | ${clientName}",title:"Aktiver enheten din"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Fortsett",codeLabel:"Bekreftelseskode",codePlaceholder:"Skriv inn kode",defaultDescription:"Skriv inn bekreftelseskoden som ble sendt til e-posten din",description:"Vi sendte en kode til ${email}","invalid-code":"Ugyldig kode",noCode:"Vennligst skriv inn bekreftelseskoden",pageTitle:"Skriv inn kode | ${clientName}",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Sjekk e-posten din",unexpectedError:"En uventet feil oppstod"}},"email-verification":{"email-verification":{description:"Vi sendte en e-post til ${email}",pageTitle:"Bekreft e-post | ${clientName}",resendText:"Send e-post på nytt",successDescription:"E-postadressen din er bekreftet.",successTitle:"E-post bekreftet",title:"Bekreft e-posten din"}},invitation:IT,login:zT,"login-id":{"login-id":{alertListTitle:"Varsler","auth0-users-validation":"Noe gikk galt, vennligst prøv igjen senere","authentication-failure":"Beklager, noe gikk galt under innloggingsforsøket",buttonText:"Fortsett","captcha-client-failure":"Vi kunne ikke laste sikkerhetsutfordringen. Vennligst prøv igjen. (Feilkode: #{errorCode})","captcha-validation-failure":"Beklager, noe gikk galt under validering av captcha-svaret. Vennligst prøv igjen.",captchaCodePlaceholder:"Skriv inn koden som vises ovenfor","custom-script-error-code":"Noe gikk galt, vennligst prøv igjen senere.",description:"Logg inn på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}",footerLinkText:"Registrer deg",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord","invalid-captcha":"Løs utfordringen for å bekrefte at du ikke er en robot.","invalid-code":"Ugyldig kode","invalid-connection":"Ugyldig tilkobling","invalid-email-format":"Ugyldig e-postadresse","invalid-email-phone":"Skriv inn en gyldig e-postadresse eller telefonnummer. Telefonnumre må inkludere landskode.","invalid-email-phone-username":"Skriv inn en gyldig e-postadresse, telefonnummer eller brukernavn. Telefonnumre må inkludere landskode.","invalid-email-username":"Skriv inn en gyldig e-postadresse eller brukernavn","invalid-expired-code":"Ugyldig eller utløpt brukerkode","invalid-login-id":"Ugyldig innloggings-ID","invalid-phone-username":"Skriv inn et gyldig telefonnummer eller brukernavn. Telefonnumre må inkludere landskode.","invalid-recaptcha":"Kryss av i boksen for å bekrefte at du ikke er en robot.","invalid-username":"Brukernavnet kan bare inneholde alfanumeriske tegn eller: '${characters}'. Brukernavnet må ha mellom ${min} og ${max} tegn.",invitationDescription:"Logg inn for å godta ${inviterName} sin invitasjon til å bli med i ${companyName} på ${clientName}.",invitationTitle:"Du har blitt invitert!","ip-blocked":"Vi har oppdaget mistenkelig innloggingsaktivitet, og videre forsøk vil bli blokkert. Vennligst kontakt administratoren.",logoAltText:"${companyName}","no-db-connection":"Ugyldig tilkobling","no-email":"Vennligst oppgi en e-postadresse","no-email-phone":"E-postadresse eller telefonnummer er påkrevd","no-email-phone-username":"Telefonnummer, brukernavn eller e-postadresse er påkrevd","no-email-username":"E-postadresse eller brukernavn er påkrevd","no-password":"Passord er påkrevd","no-phone":"Vennligst oppgi et telefonnummer","no-phone-username":"Telefonnummer eller brukernavn er påkrevd","no-username":"Brukernavn er påkrevd",pageTitle:"Logg inn | ${clientName}","password-breached":"Vi har oppdaget et potensielt sikkerhetsproblem med denne kontoen. For å beskytte kontoen din har vi forhindret denne innloggingen. Vennligst tilbakestill passordet ditt for å fortsette.",passwordPlaceholder:"Passord",phoneOrEmailPlaceholder:"E-post eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, brukernavn eller e-post",phoneOrUsernamePlaceholder:"Telefonnummer eller brukernavn",phonePlaceholder:"Telefonnummer","same-user-login":"For mange innloggingsforsøk for denne brukeren. Vennligst vent og prøv igjen senere.",selectCountryCode:"Velg landskode, for øyeblikket satt til ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",signupActionLinkText:"Registrer deg",signupActionText:"Har du ikke en konto?",termsAndConditionsTemplate:'Ved å fortsette godtar du våre <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">vilkår</a>.',title:"Velkommen","user-blocked":"Kontoen din har blitt blokkert etter flere påfølgende innloggingsforsøk.",userAccountDoesNotExist:"Brukerkontoen finnes ikke",usernameOnlyPlaceholder:"Brukernavn",usernameOrEmailPlaceholder:"Brukernavn eller e-postadresse",usernamePlaceholder:"Brukernavn eller e-postadresse",usernameTooLong:"Brukernavnet må være ${max} tegn eller færre",usernameTooShort:"Brukernavnet må være minst ${min} tegn","wrong-credentials":"Feil brukernavn eller passord","wrong-email-credentials":"Feil e-postadresse eller passord","wrong-email-phone-credentials":"Feil e-postadresse, telefonnummer eller passord. Telefonnumre må inkludere landskode.","wrong-email-phone-username-credentials":"Feil e-postadresse, telefonnummer, brukernavn eller passord. Telefonnumre må inkludere landskode.","wrong-email-username-credentials":"Feil e-postadresse, brukernavn eller passord","wrong-phone-credentials":"Feil telefonnummer eller passord","wrong-phone-username-credentials":"Feil telefonnummer, brukernavn eller passord. Telefonnumre må inkludere landskode.","wrong-username-credentials":"Feil brukernavn eller passord",passkeyButtonText:"Logg inn med passkey"}},"login-password":{"login-password":{buttonText:"Logg inn",description:"Logg inn på ${clientName}",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord","no-password":"Passord er påkrevd",pageTitle:"Logg inn | ${clientName}","password-breached":"Vi har oppdaget et potensielt sikkerhetsproblem med denne kontoen. For å beskytte kontoen din har vi forhindret denne innloggingen. Vennligst tilbakestill passordet ditt for å fortsette.",passwordPlaceholder:"Passord",showPasswordText:"Vis passord",signingInAs:"Logger inn som ${email}",title:"Oppgi passord",unverifiedEmail:"Vennligst bekreft e-postadressen din før du logger inn","user-blocked":"Kontoen din har blitt blokkert etter flere påfølgende innloggingsforsøk.","wrong-credentials":"Feil passord"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-post",authMethodEmailOrPhone:"e-post eller telefonnummer",authMethodPhone:"telefonnummer",description:"Logg inn med din ${authMethod}",emailOrPhonePlaceholder:"E-postadresse eller telefonnummer",emailPlaceholder:"E-postadresse",invalidEmail:"Vennligst oppgi en gyldig e-postadresse",invalidIdentifier:"Vennligst oppgi en gyldig e-postadresse eller telefonnummer",invalidPhone:"Vennligst oppgi et gyldig telefonnummer med landskode",noEmail:"Vennligst oppgi e-postadressen din",noPhone:"Vennligst oppgi telefonnummeret ditt",phonePlaceholder:"Telefonnummer",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Logg inn med en kode",userAccountDoesNotExist:"Brukerkontoen finnes ikke"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klikk på lenken i e-posten for å logge inn",description:"Vi sendte en lenke til ${username}. Klikk på den for å logge inn.",resendText:"Send lenke på nytt",spamText:"Fikk du ikke e-posten? Sjekk søppelpostmappen.",title:"Sjekk e-posten din"}},mfa:PT,"mfa-email":{"mfa-email":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Vi sendte en kode til ${email}","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"E-postbekreftelse | ${clientName}",resendText:"Send kode på nytt",title:"Sjekk e-posten din"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Skriv inn den 6-sifrede koden fra autentiseringsappen din","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Skriv inn kode | ${clientName}",title:"Skriv inn koden din"},"mfa-totp-enrollment":{title:"Sett opp autentisering",description:"Skann QR-koden nedenfor med autentiseringsappen din, og skriv deretter inn den 6-sifrede koden for å verifisere",secretLabel:"Eller skriv inn denne koden manuelt:",codePlaceholder:"Skriv inn kode",continueButtonText:"Bekreft og aktiver","invalid-code":"Koden du skrev inn er ugyldig. Vennligst prøv igjen.","transaction-not-found":"Registreringsøkten din har utløpt, du må starte på nytt.",pageTitle:"Sett opp autentisering | ${clientName}",unexpectedError:"Noe gikk galt. Vennligst prøv igjen.",enrollmentComplete:"MFA-registreringen er fullført. Du kan lukke denne siden."},"mfa-totp-challenge":{title:"Bekreft identiteten din",description:"Skriv inn den 6-sifrede koden fra autentiseringsappen din",codePlaceholder:"Skriv inn kode",continueButtonText:"Fortsett","invalid-code":"Koden du skrev inn er ugyldig","transaction-not-found":"Registreringsøkten din har utløpt, du må starte på nytt.",unexpectedError:"Noe gikk galt. Vennligst prøv igjen.",pageTitle:"Bekreft identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Bruk telefonnummeret ditt for å logge inn | ${clientName}",title:"Bekreft identiteten din",description:"Vi sendte en kode til ${phoneNumber}",continueButtonText:"Fortsett",changePhoneText:"Velg et annet telefonnummer.",smsButtonText:"Tekstmelding",voiceButtonText:"Taleanrop",chooseMessageTypeText:"Hvordan vil du motta koden?",pickAuthenticatorText:"Prøv en annen metode",logoAltText:"${companyName}",codePlaceholder:"Skriv inn kode","send-sms-failed":"Det oppstod et problem med å sende SMS-en","send-voice-failed":"Det oppstod et problem med å ringe taleanropet","invalid-phone-format":"Telefonnummeret kan bare inneholde sifre.","invalid-phone":"Det ser ut som telefonnummeret ditt ikke er gyldig. Sjekk og prøv igjen.","too-many-sms":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","too-many-voice":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","transaction-not-found":"Registreringstransaksjonen din har utløpt, du må starte på nytt.","no-phone":"Skriv inn et telefonnummer",noCode:"Vennligst skriv inn bekreftelseskoden",invalidCode:"Koden du skrev inn er ugyldig. Prøv igjen.",unexpectedError:"Noe gikk galt. Prøv igjen.",resendSuccess:"Vi sendte en ny kode til telefonen din",enrollmentComplete:"MFA-registreringen er fullført. Du kan lukke denne siden."},"mfa-phone-enrollment":{pageTitle:"Skriv inn telefonnummeret ditt for å logge inn med en telefonkode | ${clientName}",title:"Sikre kontoen din",description:"Skriv inn landskoden og telefonnummeret vi kan sende en 6-sifret kode til:",continueButtonText:"Fortsett",smsButtonText:"Tekstmelding",voiceButtonText:"Taleanrop",chooseMessageTypeText:"Hvordan vil du motta koden?",pickAuthenticatorText:"Prøv en annen metode",placeholder:"Skriv inn telefonnummeret ditt",logoAltText:"${companyName}",selectCountryCode:"Velg landskode, for øyeblikket satt til ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Det oppstod et problem med å sende SMS-en","send-voice-failed":"Det oppstod et problem med å ringe taleanropet","sms-authenticator-error":"Vi kunne ikke sende SMS-en. Prøv igjen senere.","invalid-phone-format":"Telefonnummeret kan bare inneholde sifre.","invalid-phone":"Det ser ut som telefonnummeret ditt ikke er gyldig. Sjekk og prøv igjen.","too-many-sms":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","too-many-voice":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","transaction-not-found":"Registreringstransaksjonen din har utløpt, du må starte på nytt.","no-phone":"Skriv inn et telefonnummer","phone-is-too-short":"Telefonnummeret er for kort","phone-is-too-long":"Telefonnummeret er for langt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Velg bekreftelsesmetode | ${clientName}",title:"Velg bekreftelsesmetode",description:"Velg hvordan du vil bekrefte identiteten din",authenticatorAppLabel:"Autentiseringsapp",authenticatorAppDescription:"Bruk autentiseringsappen din for å få en bekreftelseskode",smsLabel:"Tekstmelding",smsDescription:"Få en bekreftelseskode sendt til telefonen din",passkeyLabel:"Passnøkkel",passkeyDescription:"Bruk enhetens biometri eller sikkerhetsnøkkel"}},"mfa-push":{"mfa-push":{description:"Vi sendte en varsling til enheten din",pageTitle:"Push-varsling | ${clientName}",resendText:"Send varsling på nytt",title:"Godkjenn forespørselen",useCodeText:"Skriv inn kode manuelt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsett",codePlaceholder:"Gjenopprettingskode",description:"Skriv inn en av gjenopprettingskodene dine","invalid-code":"Gjenopprettingskoden du skrev inn er ugyldig",pageTitle:"Gjenopprettingskode | ${clientName}",title:"Skriv inn gjenopprettingskode"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring meg",codePlaceholder:"Skriv inn kode",description:"Vi ringer ${phoneNumber} med koden din","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Taleanrop | ${clientName}",title:"Motta en telefonsamtale"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Prøv igjen",description:"Sett inn sikkerhetsnøkkelen din og følg instruksjonene",pageTitle:"Sikkerhetsnøkkel | ${clientName}",title:"Bruk sikkerhetsnøkkelen din"}},passkeys:NT,organizations:FT,"reset-password":{"reset-password":{backToLoginText:"Tilbake til innlogging",buttonText:"Fortsett",codeExpired:"Koden for tilbakestilling av passord har utløpt. Vennligst be om en ny.",confirmPasswordLabel:"Bekreft passord",confirmPasswordPlaceholder:"Bekreft passord",description:"Oppgi e-postadressen din for å tilbakestille passordet",emailPlaceholder:"E-postadresse",failed:"Tilbakestilling av passord mislyktes. Vennligst prøv igjen.","invalid-email-format":"Ugyldig e-postadresse","no-email":"Vennligst oppgi en e-postadresse",pageTitle:"Tilbakestill passord | ${clientName}",passwordLabel:"Nytt passord",passwordPlaceholder:"Nytt passord",passwordTooWeak:"Passordet er for svakt",passwordsDidntMatch:"Passordene samsvarer ikke",successDescription:"Vi har sendt en lenke for tilbakestilling av passord til e-postadressen din.",successTitle:"Sjekk e-posten din",title:"Har du glemt passordet?","user-not-found":"Brukeren ble ikke funnet"},"reset-password-code":{backToLoginText:"Tilbake til innlogging",buttonText:"Tilbakestill passord",codeLabel:"Tilbakestillingskode",codePlaceholder:"Skriv inn 6-sifret kode",confirmPasswordLabel:"Bekreft passord",confirmPasswordPlaceholder:"Bekreft passord",defaultDescription:"Skriv inn koden som ble sendt til e-posten din og velg et nytt passord",description:"Vi sendte en kode til ${email}",failed:"Tilbakestilling av passord mislyktes. Vennligst prøv igjen.",invalidCode:"Koden du skrev inn er ugyldig eller har utløpt",noCode:"Vennligst skriv inn tilbakestillingskoden",pageTitle:"Skriv inn tilbakestillingskode | ${clientName}",passwordLabel:"Nytt passord",passwordPlaceholder:"Nytt passord",passwordTooWeak:"Passordet er for svakt",passwordsDidntMatch:"Passordene samsvarer ikke",resendFailed:"Kunne ikke sende koden på nytt. Vennligst prøv igjen.",resendSuccess:"En ny kode har blitt sendt til e-posten din",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Skriv inn tilbakestillingskode"}},signup:OT,"signup-id":{"signup-id":{buttonText:"Fortsett",description:"Registrer deg for å fortsette","email-already-exists":"E-postadressen er allerede registrert",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}","invalid-email-format":"Ugyldig e-postadresse",loginActionLinkText:"Logg inn",loginActionText:"Har du allerede en konto?","no-email":"Vennligst oppgi en e-postadresse",pageTitle:"Registrer deg | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Opprett kontoen din",usernamePlaceholder:"Brukernavn"}},"signup-password":{"signup-password":{buttonText:"Fortsett",description:"Opprett et passord for å fortsette",hidePasswordText:"Skjul passord","no-password":"Passord er påkrevd",pageTitle:"Registrer deg | ${clientName}","password-policy-not-met":"Passordet oppfyller ikke kravene","password-too-weak":"Passordet er for svakt",passwordPlaceholder:"Passord",showPasswordText:"Vis passord",title:"Opprett passordet ditt"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Fortsett",codeLabel:"Bekreftelseskode",codePlaceholder:"Skriv inn kode",defaultDescription:"Skriv inn bekreftelseskoden som ble sendt til telefonen din",description:"Vi sendte en kode til ${username}","invalid-code":"Ugyldig kode",noCode:"Vennligst skriv inn bekreftelseskoden",pageTitle:"Skriv inn kode | ${clientName}",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Sjekk telefonen din",unexpectedError:"En uventet feil oppstod"}},status:jT},TO=Object.freeze(Object.defineProperty({__proto__:null,common:TT,consent:$T,default:CO,invitation:IT,login:zT,mfa:PT,organizations:FT,passkeys:NT,signup:OT,status:jT},Symbol.toStringTag,{value:"Module"})),RT={common:{alertListTitle:"Powiadomienia",backText:"Wróć",cancelText:"Anuluj",closeText:"Zamknij",contactSupportText:"Potrzebujesz pomocy?",continueText:"Kontynuuj",copyrightText:"© ${currentYear} ${companyName}",errorText:"Coś poszło nie tak. Spróbuj ponownie.",hidePasswordText:"Ukryj hasło",loadingText:"Ładowanie...",orText:"lub",privacyPolicyText:"Polityka prywatności",showPasswordText:"Pokaż hasło",termsOfServiceText:"Regulamin",termsShortText:"Zasady",tryAgainText:"Spróbuj ponownie"}},DT={consent:{buttonText:"Zaakceptuj",cancelButtonText:"Odmów",description:"${clientName} prosi o dostęp do Twojego konta",pageTitle:"Autoryzacja | ${clientName}",scopesTitle:"Umożliwi to ${clientName}:",title:"Autoryzuj ${clientName}"}},BT={invitation:{acceptButtonText:"Przyjmij zaproszenie",description:"${inviterName} zaprosił Cię do dołączenia do ${organizationName} w ${clientName}",pageTitle:"Zaproszenie | ${clientName}",title:"Otrzymałeś zaproszenie"}},LT={login:{alertListTitle:"Powiadomienia",buttonText:"Kontynuuj",description:"Zaloguj się do ${clientName}.",editEmailText:"Edytuj",emailPlaceholder:"Adres e-mail",enterACodeBtn:"Zaloguj się kodem",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",footerLinkText:"Zarejestruj się",footerText:"Nie masz konta?",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło",invalidEmail:"Nieprawidłowy adres e-mail",invalidIdentifier:"Nieprawidłowy adres e-mail lub nazwa użytkownika",invitationDescription:"Zaloguj się, aby przyjąć zaproszenie od ${inviterName} do dołączenia do ${companyName} w ${clientName}.",invitationTitle:"Otrzymałeś zaproszenie!",logoAltText:"${companyName}","no-email":"Wprowadź adres e-mail","no-password":"Hasło jest wymagane",pageTitle:"Logowanie | ${clientName}",passwordLoginNotAvailable:"Logowanie hasłem jest niedostępne",passwordPlaceholder:"Hasło",phonePlaceholder:"Numer telefonu",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",signupActionLinkText:"Zarejestruj się",signupActionText:"Nie masz konta?",title:"Witamy",tooManyFailedLogins:"Zbyt wiele nieudanych prób logowania. Spróbuj ponownie później.",unverifiedEmail:"Zweryfikuj swój adres e-mail przed zalogowaniem",userAccountDoesNotExist:"Konto użytkownika nie istnieje",usernamePlaceholder:"Nazwa użytkownika lub adres e-mail",usernameTooLong:"Nazwa użytkownika musi mieć maksymalnie ${max} znaków",usernameTooShort:"Nazwa użytkownika musi mieć co najmniej ${min} znaków",wrongCredentials:"Nieprawidłowa nazwa użytkownika lub hasło",passkeyButtonText:"Zaloguj się za pomocą passkey"}},MT={mfa:{backupCodeText:"Użyj kodu zapasowego",description:"Wybierz metodę weryfikacji",pageTitle:"Uwierzytelnianie wieloskładnikowe | ${clientName}",title:"Zweryfikuj swoją tożsamość"}},UT={"passkey-enrollment-nudge":{title:"Zabezpiecz swoje konto kluczem dostępu",description:"Klucze dostępu wykorzystują biometrię lub PIN urządzenia, aby logować się szybciej i bezpieczniej.",enrollButtonText:"Skonfiguruj klucz dostępu",snoozeButtonText:"Może później",optOutLinkText:"Nie pokazuj ponownie",pageTitle:"Konfiguracja Klucza Dostępu | ${clientName}"},"passkey-enrollment":{title:"Utwórz klucz dostępu",description:"Postępuj zgodnie z instrukcjami przeglądarki, aby utworzyć klucz dostępu dla tego konta.",errorMessage:"Nie udało się utworzyć klucza dostępu. Spróbuj ponownie.",cancelLinkText:"Pomiń na razie",retryButtonText:"Spróbuj ponownie",enrollmentComplete:"Twój klucz dostępu został pomyślnie skonfigurowany. Możesz zamknąć tę stronę.",pageTitle:"Tworzenie Klucza Dostępu | ${clientName}"},"passkey-challenge":{title:"Zaloguj się za pomocą passkey",description:"Postępuj zgodnie z instrukcjami przeglądarki, aby zweryfikować swoją tożsamość.",errorMessage:"Uwierzytelnianie za pomocą passkey nie powiodło się. Spróbuj ponownie.",cancelLinkText:"Powrót do logowania",retryButtonText:"Spróbuj ponownie",pageTitle:"Logowanie za pomocą passkey | ${clientName}"}},qT={organizations:{description:"Wybierz organizację, do której chcesz się zalogować",pageTitle:"Wybierz organizację | ${clientName}",searchPlaceholder:"Szukaj organizacji",title:"Wybierz swoją organizację"}},HT={signup:{buttonText:"Zarejestruj się",confirmPasswordPlaceholder:"Potwierdź hasło",description:"Zarejestruj się, aby kontynuować","email-already-exists":"Ten adres e-mail jest już zarejestrowany",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",hidePasswordText:"Ukryj hasło","invalid-email-format":"Nieprawidłowy adres e-mail",loginActionLinkText:"Zaloguj się",loginActionText:"Masz już konto?","no-email":"Wprowadź adres e-mail","no-password":"Hasło jest wymagane","no-username":"Nazwa użytkownika jest wymagana",pageTitle:"Rejestracja | ${clientName}",passwordPlaceholder:"Hasło",passwordsDidntMatch:"Hasła nie są zgodne",phonePlaceholder:"Numer telefonu",privacyPolicyLinkText:"Polityka prywatności",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",termsOfServiceLinkText:"Regulamin",termsText:"Rejestrując się, akceptujesz nasz",title:"Utwórz konto","username-already-exists":"Ta nazwa użytkownika jest już zajęta",usernamePlaceholder:"Nazwa użytkownika",verifyEmailText:"Sprawdź swoją pocztę, aby zweryfikować konto"}},VT={status:{continueButtonText:"Kontynuuj",errorTitle:"Błąd",pageTitle:"Status | ${clientName}",successTitle:"Sukces",title:"Status"}},$O={common:RT,consent:DT,"device-flow":{"device-flow":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wprowadź kod wyświetlony na Twoim urządzeniu","expired-code":"Kod wygasł","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Aktywacja urządzenia | ${clientName}",title:"Aktywuj swoje urządzenie"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Kontynuuj",codeLabel:"Kod weryfikacyjny",codePlaceholder:"Wprowadź kod",defaultDescription:"Wprowadź kod weryfikacyjny wysłany na Twój adres e-mail",description:"Wysłaliśmy kod na ${email}","invalid-code":"Nieprawidłowy kod",noCode:"Wprowadź kod weryfikacyjny",pageTitle:"Wprowadź kod | ${clientName}",resendText:"Wyślij ponownie kod",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Sprawdź swoją pocztę",unexpectedError:"Wystąpił nieoczekiwany błąd"}},"email-verification":{"email-verification":{description:"Wysłaliśmy wiadomość na ${email}",pageTitle:"Weryfikacja e-mail | ${clientName}",resendText:"Wyślij ponownie e-mail",successDescription:"Twój adres e-mail został pomyślnie zweryfikowany.",successTitle:"E-mail zweryfikowany",title:"Zweryfikuj swój adres e-mail"}},invitation:BT,login:LT,"login-id":{"login-id":{alertListTitle:"Powiadomienia","auth0-users-validation":"Coś poszło nie tak, spróbuj ponownie później","authentication-failure":"Przepraszamy, wystąpił błąd podczas logowania",buttonText:"Kontynuuj","captcha-client-failure":"Nie udało się załadować weryfikacji bezpieczeństwa. Spróbuj ponownie. (Kod błędu: #{errorCode})","captcha-validation-failure":"Przepraszamy, wystąpił błąd podczas weryfikacji captcha. Spróbuj ponownie.",captchaCodePlaceholder:"Wprowadź kod widoczny powyżej","custom-script-error-code":"Coś poszło nie tak, spróbuj ponownie później.",description:"Zaloguj się do ${clientName}.",editEmailText:"Edytuj",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",footerLinkText:"Zarejestruj się",footerText:"Nie masz konta?",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło","invalid-captcha":"Rozwiąż zadanie, aby potwierdzić, że nie jesteś robotem.","invalid-code":"Nieprawidłowy kod","invalid-connection":"Nieprawidłowe połączenie","invalid-email-format":"Nieprawidłowy adres e-mail","invalid-email-phone":"Wprowadź prawidłowy adres e-mail lub numer telefonu. Numery telefonów muszą zawierać kod kraju.","invalid-email-phone-username":"Wprowadź prawidłowy adres e-mail, numer telefonu lub nazwę użytkownika. Numery telefonów muszą zawierać kod kraju.","invalid-email-username":"Wprowadź prawidłowy adres e-mail lub nazwę użytkownika","invalid-expired-code":"Nieprawidłowy lub wygasły kod użytkownika","invalid-login-id":"Wprowadzono nieprawidłowy identyfikator logowania","invalid-phone-username":"Wprowadź prawidłowy numer telefonu lub nazwę użytkownika. Numery telefonów muszą zawierać kod kraju.","invalid-recaptcha":"Zaznacz pole wyboru, aby potwierdzić, że nie jesteś robotem.","invalid-username":"Nazwa użytkownika może zawierać tylko znaki alfanumeryczne lub: '${characters}'. Nazwa użytkownika powinna mieć od ${min} do ${max} znaków.",invitationDescription:"Zaloguj się, aby przyjąć zaproszenie od ${inviterName} do dołączenia do ${companyName} w ${clientName}.",invitationTitle:"Otrzymałeś zaproszenie!","ip-blocked":"Wykryliśmy podejrzaną aktywność logowania i dalsze próby zostaną zablokowane. Skontaktuj się z administratorem.",logoAltText:"${companyName}","no-db-connection":"Nieprawidłowe połączenie","no-email":"Wprowadź adres e-mail","no-email-phone":"Adres e-mail lub numer telefonu jest wymagany","no-email-phone-username":"Numer telefonu, nazwa użytkownika lub adres e-mail jest wymagany","no-email-username":"Adres e-mail lub nazwa użytkownika jest wymagany","no-password":"Hasło jest wymagane","no-phone":"Wprowadź numer telefonu","no-phone-username":"Numer telefonu lub nazwa użytkownika jest wymagany","no-username":"Nazwa użytkownika jest wymagana",pageTitle:"Logowanie | ${clientName}","password-breached":"Wykryliśmy potencjalny problem z bezpieczeństwem tego konta. Aby chronić Twoje konto, zablokowano to logowanie. Zresetuj hasło, aby kontynuować.",passwordPlaceholder:"Hasło",phoneOrEmailPlaceholder:"E-mail lub numer telefonu",phoneOrUsernameOrEmailPlaceholder:"Telefon, nazwa użytkownika lub e-mail",phoneOrUsernamePlaceholder:"Numer telefonu lub nazwa użytkownika",phonePlaceholder:"Numer telefonu","same-user-login":"Zbyt wiele prób logowania dla tego użytkownika. Poczekaj chwilę i spróbuj ponownie.",selectCountryCode:"Wybierz kod kraju, aktualnie ustawiony na ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",signupActionLinkText:"Zarejestruj się",signupActionText:"Nie masz konta?",termsAndConditionsTemplate:'Kontynuując, akceptujesz nasze <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Zasady i warunki</a>.',title:"Witamy","user-blocked":"Twoje konto zostało zablokowane po wielu kolejnych nieudanych próbach logowania.",userAccountDoesNotExist:"Konto użytkownika nie istnieje",usernameOnlyPlaceholder:"Nazwa użytkownika",usernameOrEmailPlaceholder:"Nazwa użytkownika lub adres e-mail",usernamePlaceholder:"Nazwa użytkownika",usernameTooLong:"Nazwa użytkownika musi mieć maksymalnie ${max} znaków",usernameTooShort:"Nazwa użytkownika musi mieć co najmniej ${min} znaków","wrong-credentials":"Nieprawidłowa nazwa użytkownika lub hasło","wrong-email-credentials":"Nieprawidłowy adres e-mail lub hasło","wrong-email-phone-credentials":"Nieprawidłowy adres e-mail, numer telefonu lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-email-phone-username-credentials":"Nieprawidłowy adres e-mail, numer telefonu, nazwa użytkownika lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-email-username-credentials":"Nieprawidłowy adres e-mail, nazwa użytkownika lub hasło","wrong-phone-credentials":"Nieprawidłowy numer telefonu lub hasło","wrong-phone-username-credentials":"Nieprawidłowy numer telefonu, nazwa użytkownika lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-username-credentials":"Nieprawidłowa nazwa użytkownika lub hasło",passkeyButtonText:"Zaloguj się za pomocą passkey"}},"login-password":{"login-password":{buttonText:"Zaloguj się",description:"Zaloguj się do ${clientName}",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło","no-password":"Hasło jest wymagane",pageTitle:"Logowanie | ${clientName}","password-breached":"Wykryliśmy potencjalny problem z bezpieczeństwem tego konta. Aby chronić Twoje konto, zablokowano to logowanie. Zresetuj hasło, aby kontynuować.",passwordPlaceholder:"Hasło",showPasswordText:"Pokaż hasło",signingInAs:"Logujesz się jako ${email}",title:"Wprowadź hasło",unverifiedEmail:"Zweryfikuj swój adres e-mail przed zalogowaniem","user-blocked":"Twoje konto zostało zablokowane po wielu kolejnych nieudanych próbach logowania.","wrong-credentials":"Nieprawidłowe hasło"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mail",authMethodEmailOrPhone:"e-mail lub numer telefonu",authMethodPhone:"numer telefonu",description:"Zaloguj się za pomocą swojego ${authMethod}",emailOrPhonePlaceholder:"Adres e-mail lub numer telefonu",emailPlaceholder:"Adres e-mail",invalidEmail:"Wprowadź prawidłowy adres e-mail",invalidIdentifier:"Wprowadź prawidłowy adres e-mail lub numer telefonu",invalidPhone:"Wprowadź prawidłowy numer telefonu z kodem kraju",noEmail:"Wprowadź swój adres e-mail",noPhone:"Wprowadź swój numer telefonu",phonePlaceholder:"Numer telefonu",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Zaloguj się kodem",userAccountDoesNotExist:"Konto użytkownika nie istnieje"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Kliknij link w wiadomości e-mail, aby się zalogować",description:"Wysłaliśmy link na ${username}. Kliknij go, aby się zalogować.",resendText:"Wyślij ponownie link",spamText:"Nie otrzymałeś wiadomości? Sprawdź folder spam.",title:"Sprawdź swoją pocztę"}},mfa:MT,"mfa-email":{"mfa-email":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wysłaliśmy kod na ${email}","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Weryfikacja e-mail | ${clientName}",resendText:"Wyślij ponownie kod",title:"Sprawdź swoją pocztę"}},"mfa-otp":{"mfa-otp":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wprowadź 6-cyfrowy kod z aplikacji uwierzytelniającej","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Wprowadź kod | ${clientName}",title:"Wprowadź swój kod"},"mfa-totp-enrollment":{title:"Skonfiguruj aplikację uwierzytelniającą",description:"Zeskanuj poniższy kod QR za pomocą aplikacji uwierzytelniającej, a następnie wprowadź 6-cyfrowy kod w celu weryfikacji",secretLabel:"Lub wprowadź ten kod ręcznie:",codePlaceholder:"Wprowadź kod",continueButtonText:"Zweryfikuj i aktywuj","invalid-code":"Wprowadzony kod jest nieprawidłowy. Spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.",pageTitle:"Konfiguracja uwierzytelniania | ${clientName}",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",enrollmentComplete:"Rejestracja MFA została zakończona. Możesz zamknąć tę stronę."},"mfa-totp-challenge":{title:"Zweryfikuj swoją tożsamość",description:"Wprowadź 6-cyfrowy kod z aplikacji uwierzytelniającej",codePlaceholder:"Wprowadź kod",continueButtonText:"Kontynuuj","invalid-code":"Wprowadzony kod jest nieprawidłowy","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",pageTitle:"Weryfikacja tożsamości | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Użyj swojego numeru telefonu, aby się zalogować | ${clientName}",title:"Zweryfikuj swoją tożsamość",description:"Wysłaliśmy kod na ${phoneNumber}",continueButtonText:"Kontynuuj",changePhoneText:"Wybierz inny numer telefonu.",smsButtonText:"Wiadomość tekstowa",voiceButtonText:"Połączenie głosowe",chooseMessageTypeText:"Jak chcesz otrzymać kod?",pickAuthenticatorText:"Wypróbuj inną metodę",logoAltText:"${companyName}",codePlaceholder:"Wpisz kod","send-sms-failed":"Wystąpił problem z wysłaniem SMS-a","send-voice-failed":"Wystąpił problem z wykonaniem połączenia głosowego","invalid-phone-format":"Numer telefonu może zawierać tylko cyfry.","invalid-phone":"Wygląda na to, że Twój numer telefonu jest nieprawidłowy. Sprawdź i spróbuj ponownie.","too-many-sms":"Przekroczono maksymalną liczbę wiadomości telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","too-many-voice":"Przekroczono maksymalną liczbę połączeń telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.","no-phone":"Wpisz numer telefonu",noCode:"Wprowadź kod weryfikacyjny",invalidCode:"Wprowadzony kod jest nieprawidłowy. Spróbuj ponownie.",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",resendSuccess:"Wysłaliśmy nowy kod na Twój telefon",enrollmentComplete:"Rejestracja MFA została zakończona. Możesz zamknąć tę stronę."},"mfa-phone-enrollment":{pageTitle:"Wpisz swój numer telefonu, aby zalogować się kodem telefonicznym | ${clientName}",title:"Zabezpiecz swoje konto",description:"Wpisz kod kraju i numer telefonu, na który możemy wysłać 6-cyfrowy kod:",continueButtonText:"Kontynuuj",smsButtonText:"Wiadomość tekstowa",voiceButtonText:"Połączenie głosowe",chooseMessageTypeText:"Jak chcesz otrzymać kod?",pickAuthenticatorText:"Wypróbuj inną metodę",placeholder:"Wpisz swój numer telefonu",logoAltText:"${companyName}",selectCountryCode:"Wybierz kod kraju, aktualnie ustawiony na ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Wystąpił problem z wysłaniem SMS-a","send-voice-failed":"Wystąpił problem z wykonaniem połączenia głosowego","sms-authenticator-error":"Nie udało się wysłać SMS-a. Spróbuj ponownie później.","invalid-phone-format":"Numer telefonu może zawierać tylko cyfry.","invalid-phone":"Wygląda na to, że Twój numer telefonu jest nieprawidłowy. Sprawdź i spróbuj ponownie.","too-many-sms":"Przekroczono maksymalną liczbę wiadomości telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","too-many-voice":"Przekroczono maksymalną liczbę połączeń telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.","no-phone":"Wpisz numer telefonu","phone-is-too-short":"Numer telefonu jest za krótki","phone-is-too-long":"Numer telefonu jest za długi"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Wybierz metodę weryfikacji | ${clientName}",title:"Wybierz metodę weryfikacji",description:"Wybierz, w jaki sposób chcesz zweryfikować swoją tożsamość",authenticatorAppLabel:"Aplikacja uwierzytelniająca",authenticatorAppDescription:"Użyj aplikacji uwierzytelniającej, aby uzyskać kod weryfikacyjny",smsLabel:"Wiadomość tekstowa",smsDescription:"Otrzymaj kod weryfikacyjny wysłany na swój telefon",passkeyLabel:"Klucz dostępu",passkeyDescription:"Użyj biometrii urządzenia lub klucza bezpieczeństwa"}},"mfa-push":{"mfa-push":{description:"Wysłaliśmy powiadomienie na Twoje urządzenie",pageTitle:"Powiadomienie push | ${clientName}",resendText:"Wyślij ponownie powiadomienie",title:"Zatwierdź żądanie",useCodeText:"Wprowadź kod ręcznie"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Kontynuuj",codePlaceholder:"Kod odzyskiwania",description:"Wprowadź jeden z kodów odzyskiwania","invalid-code":"Wprowadzony kod odzyskiwania jest nieprawidłowy",pageTitle:"Kod odzyskiwania | ${clientName}",title:"Wprowadź kod odzyskiwania"}},"mfa-voice":{"mfa-voice":{buttonText:"Zadzwoń do mnie",codePlaceholder:"Wprowadź kod",description:"Zadzwonimy na ${phoneNumber} z Twoim kodem","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Połączenie głosowe | ${clientName}",title:"Odbierz połączenie telefoniczne"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Spróbuj ponownie",description:"Włóż klucz bezpieczeństwa i postępuj zgodnie z instrukcjami",pageTitle:"Klucz bezpieczeństwa | ${clientName}",title:"Użyj klucza bezpieczeństwa"}},passkeys:UT,organizations:qT,"reset-password":{"reset-password":{backToLoginText:"Wróć do logowania",buttonText:"Kontynuuj",codeExpired:"Kod resetu hasła wygasł. Poproś o nowy.",confirmPasswordLabel:"Potwierdź hasło",confirmPasswordPlaceholder:"Potwierdź hasło",description:"Wprowadź swój adres e-mail, aby zresetować hasło",emailPlaceholder:"Adres e-mail",failed:"Reset hasła nie powiódł się. Spróbuj ponownie.","invalid-email-format":"Nieprawidłowy adres e-mail","no-email":"Wprowadź adres e-mail",pageTitle:"Resetowanie hasła | ${clientName}",passwordLabel:"Nowe hasło",passwordPlaceholder:"Nowe hasło",passwordTooWeak:"Hasło jest zbyt słabe",passwordsDidntMatch:"Hasła nie są zgodne",successDescription:"Wysłaliśmy link do resetowania hasła na Twój adres e-mail.",successTitle:"Sprawdź swoją pocztę",title:"Zapomniałeś hasła?","user-not-found":"Nie znaleziono użytkownika"},"reset-password-code":{backToLoginText:"Wróć do logowania",buttonText:"Zresetuj hasło",codeLabel:"Kod resetowania",codePlaceholder:"Wprowadź 6-cyfrowy kod",confirmPasswordLabel:"Potwierdź hasło",confirmPasswordPlaceholder:"Potwierdź hasło",defaultDescription:"Wprowadź kod wysłany na Twój e-mail i wybierz nowe hasło",description:"Wysłaliśmy kod na ${email}",failed:"Reset hasła nie powiódł się. Spróbuj ponownie.",invalidCode:"Wprowadzony kod jest nieprawidłowy lub wygasł",noCode:"Wprowadź kod resetowania",pageTitle:"Wprowadź kod resetowania | ${clientName}",passwordLabel:"Nowe hasło",passwordPlaceholder:"Nowe hasło",passwordTooWeak:"Hasło jest zbyt słabe",passwordsDidntMatch:"Hasła nie są zgodne",resendFailed:"Nie udało się ponownie wysłać kodu. Spróbuj ponownie.",resendSuccess:"Nowy kod został wysłany na Twój e-mail",resendText:"Wyślij kod ponownie",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Wprowadź kod resetowania"}},signup:HT,"signup-id":{"signup-id":{buttonText:"Kontynuuj",description:"Zarejestruj się, aby kontynuować","email-already-exists":"Ten adres e-mail jest już zarejestrowany",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}","invalid-email-format":"Nieprawidłowy adres e-mail",loginActionLinkText:"Zaloguj się",loginActionText:"Masz już konto?","no-email":"Wprowadź adres e-mail",pageTitle:"Rejestracja | ${clientName}",phonePlaceholder:"Numer telefonu",separatorText:"lub",title:"Utwórz konto",usernamePlaceholder:"Nazwa użytkownika"}},"signup-password":{"signup-password":{buttonText:"Kontynuuj",description:"Utwórz swoje hasło",hidePasswordText:"Ukryj hasło","no-password":"Hasło jest wymagane",pageTitle:"Rejestracja | ${clientName}","password-policy-not-met":"Hasło nie spełnia wymagań","password-too-weak":"Hasło jest zbyt słabe",passwordPlaceholder:"Hasło",showPasswordText:"Pokaż hasło",title:"Utwórz hasło"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Kontynuuj",codeLabel:"Kod weryfikacyjny",codePlaceholder:"Wprowadź kod",defaultDescription:"Wprowadź kod weryfikacyjny wysłany na Twój telefon",description:"Wysłaliśmy kod na ${username}","invalid-code":"Nieprawidłowy kod",noCode:"Wprowadź kod weryfikacyjny",pageTitle:"Wprowadź kod | ${clientName}",resendText:"Wyślij ponownie kod",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Sprawdź swój telefon",unexpectedError:"Wystąpił nieoczekiwany błąd"}},status:VT},IO=Object.freeze(Object.defineProperty({__proto__:null,common:RT,consent:DT,default:$O,invitation:BT,login:LT,mfa:MT,organizations:qT,passkeys:UT,signup:HT,status:VT},Symbol.toStringTag,{value:"Module"})),KT={common:{alertListTitle:"Meddelanden",backText:"Gå tillbaka",cancelText:"Gå tillbaka",closeText:"Stäng",contactSupportText:"Behöver du hjälp?",continueText:"Fortsätt",copyrightText:"© ${currentYear} ${companyName}",errorText:"Något gick fel. Vänligen försök igen.",hidePasswordText:"Dölj lösenord",loadingText:"Laddar...",orText:"eller",privacyPolicyText:"Integritetspolicy",showPasswordText:"Visa lösenord",termsOfServiceText:"Användarvillkor",termsShortText:"Villkor",tryAgainText:"Försök igen"}},GT={consent:{buttonText:"Godkänn",cancelButtonText:"Neka",description:"${clientName} begär åtkomst till ditt konto",pageTitle:"Auktorisera | ${clientName}",scopesTitle:"Detta ger ${clientName} tillåtelse att:",title:"Auktorisera ${clientName}"}},WT={invitation:{acceptButtonText:"Acceptera inbjudan",description:"${inviterName} har bjudit in dig att gå med i ${organizationName} på ${clientName}",pageTitle:"Inbjudan | ${clientName}",title:"Du har blivit inbjuden"}},JT={login:{alertListTitle:"Meddelanden",buttonText:"Fortsätt",description:"Logga in på ${clientName}.",editEmailText:"Redigera",emailPlaceholder:"E-postadress",enterACodeBtn:"Logga in med en kod",federatedConnectionButtonText:"Fortsätt med ${connectionName}",footerLinkText:"Registrera dig",footerText:"Har du inget konto?",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord",invalidEmail:"Ogiltig e-postadress",invalidIdentifier:"Ogiltig e-postadress eller användarnamn",invitationDescription:"Logga in för att acceptera ${inviterName}s inbjudan att gå med i ${companyName} på ${clientName}.",invitationTitle:"Du har blivit inbjuden!",logoAltText:"${companyName}","no-email":"Vänligen ange en e-postadress","no-password":"Lösenord krävs",pageTitle:"Logga in | ${clientName}",passwordLoginNotAvailable:"Lösenordsinloggning är inte tillgänglig",passwordPlaceholder:"Lösenord",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",signupActionLinkText:"Registrera dig",signupActionText:"Har du inget konto?",title:"Välkommen",tooManyFailedLogins:"För många misslyckade inloggningsförsök. Försök igen senare.",unverifiedEmail:"Verifiera din e-postadress innan du loggar in",userAccountDoesNotExist:"Användarkontot finns inte",usernamePlaceholder:"Användarnamn eller e-postadress",usernameTooLong:"Användarnamnet får vara högst ${max} tecken",usernameTooShort:"Användarnamnet måste vara minst ${min} tecken",wrongCredentials:"Fel användarnamn eller lösenord",passkeyButtonText:"Logga in med passkey"}},YT={mfa:{backupCodeText:"Använd reservkod",description:"Välj en verifieringsmetod",pageTitle:"Multifaktorautentisering | ${clientName}",title:"Verifiera din identitet"}},QT={"passkey-enrollment-nudge":{title:"Skydda ditt konto med en nyckel",description:"Nycklar använder enhetens biometri eller PIN-kod för att logga in snabbare och säkrare.",enrollButtonText:"Konfigurera nyckel",snoozeButtonText:"Kanske senare",optOutLinkText:"Visa inte detta igen",pageTitle:"Konfigurera Nyckel | ${clientName}"},"passkey-enrollment":{title:"Skapa din nyckel",description:"Följ anvisningarna från din webbläsare för att skapa en nyckel för detta konto.",errorMessage:"Det gick inte att skapa nyckeln. Försök igen.",cancelLinkText:"Hoppa över för nu",retryButtonText:"Försök igen",enrollmentComplete:"Din nyckel har konfigurerats. Du kan stänga denna sida.",pageTitle:"Skapa Nyckel | ${clientName}"},"passkey-challenge":{title:"Logga in med passkey",description:"Följ instruktionerna från din webbläsare för att verifiera din identitet.",errorMessage:"Autentisering med passkey misslyckades. Försök igen.",cancelLinkText:"Tillbaka till inloggning",retryButtonText:"Försök igen",pageTitle:"Logga in med passkey | ${clientName}"}},ZT={organizations:{description:"Välj vilken organisation du vill logga in på",pageTitle:"Välj organisation | ${clientName}",searchPlaceholder:"Sök organisationer",title:"Välj din organisation"}},XT={signup:{buttonText:"Registrera dig",confirmPasswordPlaceholder:"Bekräfta lösenord",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.","email-already-exists":"E-postadressen är redan upptagen",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}",hidePasswordText:"Dölj lösenord","invalid-email-format":"Ogiltig e-postadress",loginActionLinkText:"Logga in",loginActionText:"Har du redan ett konto?","no-email":"Vänligen ange en e-postadress","no-password":"Lösenord krävs","no-username":"Användarnamn krävs",pageTitle:"Registrera dig | ${clientName}",passwordPlaceholder:"Lösenord",passwordsDidntMatch:"Lösenorden matchar inte",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Integritetspolicy",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",termsOfServiceLinkText:"Användarvillkor",termsText:"Genom att registrera dig godkänner du våra",title:"Välj lösenord","username-already-exists":"Användarnamnet är redan taget",usernamePlaceholder:"Användarnamn",verifyEmailText:"Kontrollera din e-post för att verifiera ditt konto"}},e$={status:{continueButtonText:"Fortsätt",errorTitle:"Fel",pageTitle:"Status | ${clientName}",successTitle:"Klart",title:"Status"}},zO={common:KT,consent:GT,"device-flow":{"device-flow":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Ange koden som visas på din enhet","expired-code":"Koden har gått ut","invalid-code":"Koden du angav är ogiltig",pageTitle:"Enhetsaktivering | ${clientName}",title:"Aktivera din enhet"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Logga in",codeLabel:"Verifieringskod",codePlaceholder:"Ange kod",defaultDescription:"Ange verifieringskoden som skickades till din e-post",description:"Vi skickade en kod till ${email}","invalid-code":"Ogiltig kod",noCode:"Ange verifieringskoden",pageTitle:"Ange kod | ${clientName}",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Kolla din e-post",unexpectedError:"Ett oväntat fel uppstod"}},"email-verification":{"email-verification":{description:"Vi skickade ett e-postmeddelande till ${email}",pageTitle:"Verifiera e-post | ${clientName}",resendText:"Skicka koden igen",successDescription:"Din e-postadress har verifierats.",successTitle:"E-post verifierad",title:"Ange engångskod"}},invitation:WT,login:JT,"login-id":{"login-id":{alertListTitle:"Meddelanden","auth0-users-validation":"Något gick fel, försök igen senare","authentication-failure":"Vi beklagar, något gick fel vid inloggningsförsöket",buttonText:"Fortsätt","captcha-client-failure":"Vi kunde inte ladda säkerhetsutmaningen. Försök igen. (Felkod: #{errorCode})","captcha-validation-failure":"Vi beklagar, något gick fel vid validering av captcha-svaret. Försök igen.",captchaCodePlaceholder:"Ange koden som visas ovan","custom-script-error-code":"Något gick fel, försök igen senare.",description:"Logga in på ${clientName}.",editEmailText:"Redigera",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}",footerLinkText:"Registrera dig",footerText:"Har du inget konto?",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord","invalid-captcha":"Lös utmaningen för att verifiera att du inte är en robot.","invalid-code":"Ogiltig kod","invalid-connection":"Ogiltig anslutning","invalid-email-format":"Ogiltig e-postadress","invalid-email-phone":"Ange en giltig e-postadress eller telefonnummer. Telefonnummer måste innehålla landskod.","invalid-email-phone-username":"Ange en giltig e-postadress, telefonnummer eller användarnamn. Telefonnummer måste innehålla landskod.","invalid-email-username":"Ange en giltig e-postadress eller användarnamn","invalid-expired-code":"Ogiltig eller utgången användarkod","invalid-login-id":"Ogiltigt inloggnings-ID angivet","invalid-phone-username":"Ange ett giltigt telefonnummer eller användarnamn. Telefonnummer måste innehålla landskod.","invalid-recaptcha":"Markera kryssrutan för att verifiera att du inte är en robot.","invalid-username":"Användarnamn kan bara innehålla alfanumeriska tecken eller: '${characters}'. Användarnamn ska vara mellan ${min} och ${max} tecken.",invitationDescription:"Logga in för att acceptera ${inviterName}s inbjudan att gå med i ${companyName} på ${clientName}.",invitationTitle:"Du har blivit inbjuden!","ip-blocked":"Vi har upptäckt misstänkt inloggningsaktivitet och ytterligare försök kommer att blockeras. Kontakta administratören.",logoAltText:"${companyName}","no-db-connection":"Ogiltig anslutning","no-email":"Vänligen ange en e-postadress","no-email-phone":"E-postadress eller telefonnummer krävs","no-email-phone-username":"Telefonnummer, användarnamn eller e-postadress krävs","no-email-username":"E-postadress eller användarnamn krävs","no-password":"Lösenord krävs","no-phone":"Ange ett telefonnummer","no-phone-username":"Telefonnummer eller användarnamn krävs","no-username":"Användarnamn krävs",pageTitle:"Logga in | ${clientName}","password-breached":"Vi har upptäckt ett potentiellt säkerhetsproblem med detta konto. För att skydda ditt konto har vi förhindrat denna inloggning. Återställ ditt lösenord för att fortsätta.",passwordPlaceholder:"Lösenord",phoneOrEmailPlaceholder:"E-post eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, användarnamn eller e-post",phoneOrUsernamePlaceholder:"Telefonnummer eller användarnamn",phonePlaceholder:"Telefonnummer","same-user-login":"För många inloggningsförsök för denna användare. Vänta en stund och försök igen.",selectCountryCode:"Välj landskod, för närvarande inställd på ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",signupActionLinkText:"Registrera dig",signupActionText:"Har du inget konto?",termsAndConditionsTemplate:'Genom att fortsätta godkänner du våra <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Villkor</a>.',title:"Välkommen","user-blocked":"Ditt konto har blockerats efter flera misslyckade inloggningsförsök i rad.",userAccountDoesNotExist:"Användarkontot finns inte",usernameOnlyPlaceholder:"Användarnamn",usernameOrEmailPlaceholder:"Användarnamn eller e-postadress",usernamePlaceholder:"Användarnamn",usernameTooLong:"Användarnamnet får vara högst ${max} tecken",usernameTooShort:"Användarnamnet måste vara minst ${min} tecken","wrong-credentials":"Fel användarnamn eller lösenord","wrong-email-credentials":"Fel e-postadress eller lösenord","wrong-email-phone-credentials":"Fel e-postadress, telefonnummer eller lösenord. Telefonnummer måste innehålla landskod.","wrong-email-phone-username-credentials":"Fel e-postadress, telefonnummer, användarnamn eller lösenord. Telefonnummer måste innehålla landskod.","wrong-email-username-credentials":"Fel e-postadress, användarnamn eller lösenord","wrong-phone-credentials":"Fel telefonnummer eller lösenord","wrong-phone-username-credentials":"Fel telefonnummer, användarnamn eller lösenord. Telefonnummer måste innehålla landskod.","wrong-username-credentials":"Fel användarnamn eller lösenord",passkeyButtonText:"Logga in med passkey"}},"login-password":{"login-password":{buttonText:"Logga in",description:"Ange din e-postadress och ditt lösenord för att logga in.",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord","no-password":"Lösenord krävs",pageTitle:"Logga in | ${clientName}","password-breached":"Vi har upptäckt ett potentiellt säkerhetsproblem med detta konto. För att skydda ditt konto har vi förhindrat denna inloggning. Återställ ditt lösenord för att fortsätta.",passwordPlaceholder:"Lösenord",showPasswordText:"Visa lösenord",signingInAs:"Loggar in som ${email}",title:"Ange lösenord",unverifiedEmail:"Verifiera din e-postadress innan du loggar in","user-blocked":"Ditt konto har blockerats efter flera misslyckade inloggningsförsök i rad.","wrong-credentials":"Fel lösenord"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-post",authMethodEmailOrPhone:"e-post eller telefonnummer",authMethodPhone:"telefonnummer",description:"Logga in med din ${authMethod}",emailOrPhonePlaceholder:"E-postadress eller telefonnummer",emailPlaceholder:"E-postadress",invalidEmail:"Ange en giltig e-postadress",invalidIdentifier:"Ange en giltig e-postadress eller telefonnummer",invalidPhone:"Ange ett giltigt telefonnummer med landskod",noEmail:"Ange din e-postadress",noPhone:"Ange ditt telefonnummer",phonePlaceholder:"Telefonnummer",sessionExpired:"Din session har gått ut. Försök igen.",title:"Logga in med en kod",userAccountDoesNotExist:"Användarkontot finns inte"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klicka på länken i ditt e-postmeddelande för att logga in",description:"Vi skickade en länk till ${username}. Klicka på den för att logga in.",resendText:"Skicka länken igen",spamText:"Fick du inte e-postmeddelandet? Kolla din skräppost.",title:"Kolla din e-post"}},mfa:YT,"mfa-email":{"mfa-email":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Vi skickade en kod till ${email}","invalid-code":"Koden du angav är ogiltig",pageTitle:"E-postverifiering | ${clientName}",resendText:"Skicka koden igen",title:"Kolla din e-post"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Ange den 6-siffriga koden från din autentiseringsapp","invalid-code":"Koden du angav är ogiltig",pageTitle:"Ange kod | ${clientName}",title:"Ange din kod"},"mfa-totp-enrollment":{title:"Konfigurera autentiseringsapp",description:"Skanna QR-koden nedan med din autentiseringsapp och ange sedan den 6-siffriga koden för att verifiera",secretLabel:"Eller ange denna kod manuellt:",codePlaceholder:"Ange kod",continueButtonText:"Verifiera och aktivera","invalid-code":"Koden du angav är ogiltig. Försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.",pageTitle:"Konfigurera autentiseringsapp | ${clientName}",unexpectedError:"Något gick fel. Försök igen.",enrollmentComplete:"MFA-registreringen är klar. Du kan stänga denna sida."},"mfa-totp-challenge":{title:"Verifiera din identitet",description:"Ange den 6-siffriga koden från din autentiseringsapp",codePlaceholder:"Ange kod",continueButtonText:"Fortsätt","invalid-code":"Koden du angav är ogiltig","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.",unexpectedError:"Något gick fel. Försök igen.",pageTitle:"Verifiera identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Använd ditt telefonnummer för att logga in | ${clientName}",title:"Verifiera din identitet",description:"Vi skickade en kod till ${phoneNumber}",continueButtonText:"Fortsätt",changePhoneText:"Välj ett annat telefonnummer.",smsButtonText:"SMS",voiceButtonText:"Röstsamtal",chooseMessageTypeText:"Hur vill du ta emot koden?",pickAuthenticatorText:"Prova en annan metod",logoAltText:"${companyName}",codePlaceholder:"Ange kod","send-sms-failed":"Det gick inte att skicka SMS:et","send-voice-failed":"Det gick inte att ringa röstsamtalet","invalid-phone-format":"Telefonnumret kan bara innehålla siffror.","invalid-phone":"Det verkar som att ditt telefonnummer inte är giltigt. Kontrollera och försök igen.","too-many-sms":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","too-many-voice":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.","no-phone":"Ange ett telefonnummer",noCode:"Ange verifieringskoden",invalidCode:"Koden du angav är ogiltig. Försök igen.",unexpectedError:"Något gick fel. Försök igen.",resendSuccess:"Vi skickade en ny kod till din telefon",enrollmentComplete:"MFA-registreringen är klar. Du kan stänga denna sida."},"mfa-phone-enrollment":{pageTitle:"Ange ditt telefonnummer för att logga in med en telefonkod | ${clientName}",title:"Säkra ditt konto",description:"Ange din landskod och telefonnummer som vi kan skicka en 6-siffrig kod till:",continueButtonText:"Fortsätt",smsButtonText:"SMS",voiceButtonText:"Röstsamtal",chooseMessageTypeText:"Hur vill du ta emot koden?",pickAuthenticatorText:"Prova en annan metod",placeholder:"Ange ditt telefonnummer",logoAltText:"${companyName}",selectCountryCode:"Välj landskod, för närvarande inställd på ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Det gick inte att skicka SMS:et","send-voice-failed":"Det gick inte att ringa röstsamtalet","sms-authenticator-error":"Vi kunde inte skicka SMS:et. Försök igen senare.","invalid-phone-format":"Telefonnumret kan bara innehålla siffror.","invalid-phone":"Det verkar som att ditt telefonnummer inte är giltigt. Kontrollera och försök igen.","too-many-sms":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","too-many-voice":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.","no-phone":"Ange ett telefonnummer","phone-is-too-short":"Telefonnumret är för kort","phone-is-too-long":"Telefonnumret är för långt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Välj verifieringsmetod | ${clientName}",title:"Välj din verifieringsmetod",description:"Välj hur du vill verifiera din identitet",authenticatorAppLabel:"Autentiseringsapp",authenticatorAppDescription:"Använd din autentiseringsapp för att få en verifieringskod",smsLabel:"Sms",smsDescription:"Få en verifieringskod skickad till din telefon",passkeyLabel:"Lösenordsnyckel",passkeyDescription:"Använd din enhets biometri eller säkerhetsnyckel"}},"mfa-push":{"mfa-push":{description:"Vi skickade en notis till din enhet",pageTitle:"Push-notis | ${clientName}",resendText:"Skicka notisen igen",title:"Godkänn förfrågan",useCodeText:"Ange kod manuellt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsätt",codePlaceholder:"Återställningskod",description:"Ange en av dina återställningskoder","invalid-code":"Återställningskoden du angav är ogiltig",pageTitle:"Återställningskod | ${clientName}",title:"Ange återställningskod"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring mig",codePlaceholder:"Ange kod",description:"Vi ringer ${phoneNumber} med din kod","invalid-code":"Koden du angav är ogiltig",pageTitle:"Röstsamtal | ${clientName}",title:"Ta emot ett telefonsamtal"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Försök igen",description:"Sätt in din säkerhetsnyckel och följ instruktionerna",pageTitle:"Säkerhetsnyckel | ${clientName}",title:"Använd din säkerhetsnyckel"}},passkeys:QT,organizations:ZT,"reset-password":{"reset-password":{backToLoginText:"Gå tillbaka",buttonText:"Skicka",codeExpired:"Din kod för lösenordsåterställning har gått ut. Begär en ny.",confirmPasswordLabel:"Bekräfta lösenord",confirmPasswordPlaceholder:"Bekräfta lösenord",description:"Klicka på knappen nedan så skickar vi instruktioner om hur du återställer ditt lösenord.",emailPlaceholder:"E-postadress",failed:"Lösenordsåterställningen misslyckades. Försök igen.","invalid-email-format":"Ogiltig e-postadress","no-email":"Vänligen ange en e-postadress",pageTitle:"Återställ lösenord | ${clientName}",passwordLabel:"Nytt lösenord",passwordPlaceholder:"Nytt lösenord",passwordTooWeak:"Lösenordet är för svagt",passwordsDidntMatch:"Lösenorden matchar inte",successDescription:"Vi har skickat en länk för lösenordsåterställning till din e-postadress.",successTitle:"Vi har skickat ett e-postmeddelande med instruktioner om hur du återställer ditt lösenord till den e-postadress du angav.",title:"Har du glömt lösenordet?","user-not-found":"Användaren hittades inte"},"reset-password-code":{backToLoginText:"Tillbaka till inloggning",buttonText:"Återställ lösenord",codeLabel:"Återställningskod",codePlaceholder:"Ange 6-siffrig kod",confirmPasswordLabel:"Bekräfta lösenord",confirmPasswordPlaceholder:"Bekräfta lösenord",defaultDescription:"Ange koden som skickades till din e-post och välj ett nytt lösenord",description:"Vi skickade en kod till ${email}",failed:"Lösenordsåterställningen misslyckades. Försök igen.",invalidCode:"Koden du angav är ogiltig eller har gått ut",noCode:"Vänligen ange återställningskoden",pageTitle:"Ange återställningskod | ${clientName}",passwordLabel:"Nytt lösenord",passwordPlaceholder:"Nytt lösenord",passwordTooWeak:"Lösenordet är för svagt",passwordsDidntMatch:"Lösenorden matchar inte",resendFailed:"Kunde inte skicka koden igen. Försök igen.",resendSuccess:"En ny kod har skickats till din e-post",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Ange återställningskod"}},signup:XT,"signup-id":{"signup-id":{buttonText:"Fortsätt",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.","email-already-exists":"E-postadressen är redan upptagen",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}","invalid-email-format":"Ogiltig e-postadress",loginActionLinkText:"Logga in",loginActionText:"Har du redan ett konto?","no-email":"Vänligen ange en e-postadress",pageTitle:"Registrera dig | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Välj lösenord",usernamePlaceholder:"Användarnamn"}},"signup-password":{"signup-password":{buttonText:"Fortsätt",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.",hidePasswordText:"Dölj lösenord","no-password":"Lösenord krävs",pageTitle:"Registrera dig | ${clientName}","password-policy-not-met":"Lösenordet uppfyller inte kraven","password-too-weak":"Lösenordet är för svagt",passwordPlaceholder:"Lösenord",showPasswordText:"Visa lösenord",title:"Välj lösenord"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Fortsätt",codeLabel:"Verifieringskod",codePlaceholder:"Ange kod",defaultDescription:"Ange verifieringskoden som skickades till din telefon",description:"Vi skickade en kod till ${username}","invalid-code":"Ogiltig kod",noCode:"Ange verifieringskoden",pageTitle:"Ange kod | ${clientName}",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Kolla din telefon",unexpectedError:"Ett oväntat fel uppstod"}},status:e$},PO=Object.freeze(Object.defineProperty({__proto__:null,common:KT,consent:GT,default:zO,invitation:WT,login:JT,mfa:YT,organizations:ZT,passkeys:QT,signup:XT,status:e$},Symbol.toStringTag,{value:"Module"})),t$=["cs","da","en","fi","it","nb","pl","sv"],jp="en",NO={cs:"Čeština",da:"Dansk",en:"English",fi:"Suomi",it:"Italiano",nb:"Norsk",pl:"Polski",sv:"Svenska"},FO=NO;function OO(e){return FO[e]??e}const jO=Object.assign({"../../locales/cs.json":_O,"../../locales/da.json":bO,"../../locales/en.json":AO,"../../locales/fi.json":SO,"../../locales/it.json":xO,"../../locales/nb.json":TO,"../../locales/pl.json":IO,"../../locales/sv.json":PO}),Kl={};for(const[e,t]of Object.entries(jO)){const n=e.match(/\/(\w+)\.json$/)?.[1];n&&(Kl[n]=t.default||t)}const n$={},Z1=Kl[jp];if(Z1)for(const[e,t]of Object.entries(Z1))for(const[n,i]of Object.entries(t)){const r={};for(const o of Object.keys(i))r[o]=s.z.string();n$[`${e}.${n}`]=s.z.object(r)}function RO(e,t){if(!t)return e;let n=e;for(const[i,r]of Object.entries(t))if(r!==void 0){const o=i.replace(/[.*+?^${}()|[\]\\]/g,"\\$&");n=n.replace(new RegExp(`\\$\\{${o}\\}`,"g"),String(r)).replace(new RegExp(`#\\{${o}\\}`,"g"),String(r)).replace(new RegExp(`\\{${o}\\}`,"g"),String(r))}return n}function DO(e){const t=e.split("-")[0]?.toLowerCase()||jp;return t$.includes(t)?t:jp}function Se(e,t,n,i){const r=DO(n),o=Kl[jp]?.[e]?.[t]??{},a=Kl[r]?.[e]?.[t]??{},c={...o,...a},l=i?.[t]??{},d={...c,...l},u=n$[`${e}.${t}`];if(u){const h=u.safeParse(d);h.success||console.warn(`[i18n] Missing translations for ${e}.${t} (${r}):`,h.error.issues.map(g=>g.path.join(".")).join(", "))}const p={};for(const[h,g]of Object.entries(d))p[h]=m=>RO(g,m);return{m:new Proxy(p,{get:(h,g)=>h[g]??(()=>g)}),locale:r}}function BO(e){const t=e?.language?.split("-")[0]?.toLowerCase(),n=[];for(const[i,r]of Object.entries(Kl))if(!(t&&i!==t))for(const[o,a]of Object.entries(r))e?.prompt&&o!==e.prompt||n.push({prompt:o,language:i,custom_text:a});return n}function cc(e,t){const n=gO(e,"ah-dark-mode");if(n==="dark"||n==="light"||n==="auto")return n;const i=t?.dark_mode;return i==="dark"||i==="light"||i==="auto"?i:"auto"}const Rp={"--ah-color-text":"#f9fafb","--ah-color-text-muted":"#9ca3af","--ah-color-text-label":"#d1d5db","--ah-color-header":"#f9fafb","--ah-color-bg":"#1f2937","--ah-color-bg-hover":"#374151","--ah-color-bg-muted":"#374151","--ah-color-bg-disabled":"#4b5563","--ah-color-input-bg":"#374151","--ah-color-border":"#4b5563","--ah-color-border-hover":"#6b7280","--ah-color-border-muted":"#374151","--ah-color-error-bg":"rgba(220,38,38,0.2)","--ah-color-success-bg":"rgba(22,163,74,0.2)","--ah-color-link":"#60a5fa"};function i$(e){const t=e.replace("#",""),n=parseInt(t,16);return[n>>16&255,n>>8&255,n&255]}function X1(e){const[t,n,i]=i$(e).map(r=>{const o=r/255;return o<=.04045?o/12.92:Math.pow((o+.055)/1.055,2.4)});return .2126*t+.7152*n+.0722*i}function zi(e,t){const n=X1(e),i=X1(t);return(Math.max(n,i)+.05)/(Math.min(n,i)+.05)}function r$(e,t){const[n,i,r]=i$(e),o=a=>Math.min(255,Math.round(a+(255-a)*t)).toString(16).padStart(2,"0");return`#${o(n)}${o(i)}${o(r)}`}function e2(e,t){const n={...Rp};if(t){const r=Rp["--ah-color-bg"];if(zi(t,r)<3){let d=t;for(let u=1;u<=10&&(d=r$(t,u*.1),!(zi(d,r)>=3));u++);n["--ah-color-primary"]=d,n["--ah-color-primary-hover"]=d}const o=1.35,a=n["--ah-color-primary"]||t,c=zi(a,"#ffffff"),l=zi(a,"#000000");n["--ah-color-text-on-primary"]=l>c*o?"#000000":"#ffffff"}const i=Object.entries(n).map(([r,o])=>`${r}: ${o} !important`).join("; ");return`${e} { ${i}; }`}const LO="(function(btn){var h=document.documentElement;var cur=h.classList.contains('ah-dark-mode')?'dark':h.classList.contains('ah-light-mode')?'light':'auto';var next=cur==='auto'?'dark':cur==='dark'?'light':'auto';h.classList.remove('ah-dark-mode','ah-light-mode');if(next==='dark'){h.classList.add('ah-dark-mode');h.setAttribute('data-mode','dark')}else if(next==='light'){h.classList.add('ah-light-mode');h.setAttribute('data-mode','light')}else{h.removeAttribute('data-mode')}btn.querySelector('.icon-sun').style.display=next==='light'?'block':'none';btn.querySelector('.icon-moon').style.display=next==='dark'?'block':'none';btn.querySelector('.icon-auto').style.display=next==='auto'?'block':'none';document.cookie='ah-dark-mode='+next+';path=/;max-age=31536000;SameSite=Lax';if(window.__ahDarkMode){window.__ahDarkMode(next)}})(this)",MO="var p=new URLSearchParams(window.location.search);p.set('ui_locales',this.value);window.location.search=p.toString()";function o$({logoUrl:e,clientName:t}){const n=e?fn(e):null;return S("div",{class:"ah-chip ah-chip-logo","data-ah-slot":"top-left",children:n?S("img",{src:n,alt:t}):S("span",{class:"ah-logo-text",children:t})})}function s$({darkMode:e}){return S("button",{type:"button","aria-label":"Toggle dark mode",onclick:LO,children:[S("svg",{class:"icon-auto",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="auto"?void 0:"display:none",children:[S("circle",{cx:"12",cy:"12",r:"9"}),S("path",{d:"M12 3a9 9 0 0 1 0 18",fill:"currentColor"})]}),S("svg",{class:"icon-sun",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="light"?void 0:"display:none",children:[S("circle",{cx:"12",cy:"12",r:"5"}),S("line",{x1:"12",y1:"1",x2:"12",y2:"3"}),S("line",{x1:"12",y1:"21",x2:"12",y2:"23"}),S("line",{x1:"4.22",y1:"4.22",x2:"5.64",y2:"5.64"}),S("line",{x1:"18.36",y1:"18.36",x2:"19.78",y2:"19.78"}),S("line",{x1:"1",y1:"12",x2:"3",y2:"12"}),S("line",{x1:"21",y1:"12",x2:"23",y2:"12"})]}),S("svg",{class:"icon-moon",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="dark"?void 0:"display:none",children:S("path",{d:"M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"})})]})}function a$({language:e,availableLanguages:t}){return!t||t.length<2?null:S("div",{class:"ah-lang",children:[S("svg",{width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",children:[S("circle",{cx:"12",cy:"12",r:"10"}),S("path",{d:"M2 12h20"}),S("path",{d:"M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"})]}),S("select",{"aria-label":"Language",onchange:MO,children:t.map(n=>S("option",{value:n,selected:n===e,children:OO(n)}))})]})}function c$({darkMode:e,language:t,availableLanguages:n}){return S("div",{class:"ah-chip ah-chip-settings","data-ah-slot":"top-right",children:[S(s$,{darkMode:e}),n&&S(a$,{language:t,availableLanguages:n})]})}function l$({url:e,href:t,alt:n,height:i}){const r=fn(e),o=t?fn(t):null;if(!r)return null;const a=S("img",{src:r,alt:n||"",height:i||18});return S("div",{class:"ah-chip ah-chip-trust","data-ah-slot":"bottom-left",children:o?S("a",{href:o,target:"_blank",rel:"noopener noreferrer",children:a}):a})}function d$({termsAndConditionsUrl:e,language:t}){if(!e)return null;const{m:n}=Se("common","common",t||"en");return S("div",{class:"ah-chip-legal","data-ah-slot":"bottom-right",children:S("a",{href:e,target:"_blank",rel:"noopener noreferrer",children:n.termsShortText()})})}function u$(e,t){const n=[],i=pn(e?.colors?.primary);i&&n.push(`--ah-color-primary: ${i}`);const r=pn(t?.colors?.primary_button)||i;if(r){const a=zi(r,"#ffffff"),l=zi(r,"#000000")>a*1.35?"#000000":"#ffffff";n.push(`--ah-color-text-on-primary: ${l}`)}return n.length>0?n.join("; ")+"; width: clamp(320px, 100%, 400px);":"width: clamp(320px, 100%, 400px);"}function UO(e){const{primaryColor:t,themePrimary:n,widgetBackground:i}=e;return`
2
2
  * { box-sizing: border-box; margin: 0; padding: 0; }
3
3
 
4
4
  /* ============= CHROME TOKENS =============
@@ -236,7 +236,7 @@ var h2=document.documentElement;if(!h2.classList.contains('ah-dark-mode')&&!h2.c
236
236
  {%- authhero:settings -%}
237
237
  {%- authhero:powered-by -%}
238
238
  {%- authhero:legal -%}
239
- `;function HO(e,t,n){const i=n?` style="${n}"`:"";return`<div class="widget-container" data-authhero-widget-container data-screen="${VO(t)}"${i}>${e}</div>`}function VO(e){return e.replace(/&/g,"&amp;").replace(/"/g,"&quot;")}function KO(e,t){const n=S(c$,{darkMode:t.darkMode,language:t.language,availableLanguages:t.availableLanguages}).toString(),i={"{%- auth0:widget -%}":HO(t.widgetHtml,t.screenId,t.widgetContainerStyle),"{%- authhero:logo -%}":S(o$,{logoUrl:t.logoUrl,clientName:t.clientName}).toString(),"{%- authhero:settings -%}":n,"{%- authhero:dark-mode-toggle -%}":S(s$,{darkMode:t.darkMode}).toString(),"{%- authhero:language-picker -%}":t.availableLanguages?S(a$,{language:t.language,availableLanguages:t.availableLanguages}).toString():"","{%- authhero:powered-by -%}":t.poweredBy?S(l$,{url:t.poweredBy.url,href:t.poweredBy.href,alt:t.poweredBy.alt,height:t.poweredBy.height}).toString():"","{%- authhero:legal -%}":t.termsAndConditionsUrl?S(d$,{termsAndConditionsUrl:t.termsAndConditionsUrl,language:t.language}).toString():""};let r=e;for(const[o,a]of Object.entries(i))r=r.split(o).join(a);return r}const n2=s.z.object({body:s.z.string()}),GO=new s.OpenAPIHono().openapi(s.createRoute({tags:["branding"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:branding","auth:read"]}],responses:{200:{content:{"application/json":{schema:Ju}},description:"Branding settings"}}}),async e=>{const t=await e.env.data.branding.get(e.var.tenant_id);return t?e.json(t):e.json(U1)}).openapi(s.createRoute({tags:["branding"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Ju.shape).partial()}}}},security:[{Bearer:["update:branding","auth:write"]}],responses:{200:{content:{"application/json":{schema:Ju}},description:"Branding settings"}}}),async e=>{const t=e.req.valid("json");await e.env.data.branding.set(e.var.tenant_id,t);const n=await e.env.data.branding.get(e.var.tenant_id);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Branding",targetType:"branding",targetId:e.var.tenant_id}),e.json(n||U1)}).openapi(s.createRoute({tags:["branding"],method:"get",path:"/templates/universal-login",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:branding","auth:read"]}],responses:{200:{content:{"application/json":{schema:n2}},description:"Universal login template — tenant-customized when one is stored, otherwise the AuthHero default body that tenants can copy and modify."}}}),async e=>{const t=await e.env.data.universalLoginTemplates.get(e.var.tenant_id);return t?e.json(t):e.json({body:qO})}).openapi(s.createRoute({tags:["branding"],method:"put",path:"/templates/universal-login",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:n2}}}},security:[{Bearer:["update:branding","auth:write"]}],responses:{204:{description:"Template updated successfully"},400:{description:"Invalid template"}}}),async e=>{const t=e.req.valid("json");if(!t.body.includes(t2))throw new z(400,{message:`Template must contain ${t2} tag`});return await e.env.data.universalLoginTemplates.set(e.var.tenant_id,t),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Set Universal Login Template",targetType:"universal_login_template",targetId:e.var.tenant_id}),e.body(null,204)}).openapi(s.createRoute({tags:["branding"],method:"delete",path:"/templates/universal-login",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:branding","auth:write"]}],responses:{204:{description:"Template deleted successfully"}}}),async e=>(await e.env.data.universalLoginTemplates.delete(e.var.tenant_id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete Universal Login Template",targetType:"universal_login_template",targetId:e.var.tenant_id}),e.body(null,204))).route("/themes",NF),WO=24;function ao(){return AC("0123456789abcdef",WO)()}function fy(e){if(!e.includes("|"))return console.error("Invalid user_id format"),e;const[,t]=e.split("|");return t}async function eb(e,t,n){return(await e.list(t,{page:0,per_page:10,include_totals:!1,q:`email:${n}`})).users}async function hy({userAdapter:e,tenant_id:t,username:n,provider:i}){let r;i==="sms"?r=`phone_number:${n}`:n.includes("@")?r=`email:${n}`:r=`username:${n}`;const{users:o}=await e.list(t,{page:0,per_page:10,include_totals:!1,q:`${r} provider:${i}`});return o.length>1&&console.error("More than one user found for same username and provider"),o[0]||null}async function co({userAdapter:e,tenant_id:t,email:n}){const{users:i}=await e.list(t,{page:0,per_page:10,include_totals:!1,q:`email:${n}`});if(i.length===0)return;const r=i.filter(a=>!a.linked_to);if(r.length>0)return r.length>1&&console.error("More than one primary user found for same email"),r[0];const o=await e.get(t,i[0]?.linked_to);if(!o)throw new Error("Primary account not found");return o}async function dr({userAdapter:e,tenant_id:t,username:n,provider:i}){const r=await hy({userAdapter:e,tenant_id:t,username:n,provider:i});return r?r.linked_to?e.get(t,r.linked_to):r:null}function JO(e){const t={};return typeof e.name=="string"&&(t.name=e.name),typeof e.given_name=="string"&&(t.given_name=e.given_name),typeof e.family_name=="string"&&(t.family_name=e.family_name),typeof e.nickname=="string"&&(t.nickname=e.nickname),typeof e.picture=="string"&&(t.picture=e.picture),typeof e.email_verified=="boolean"&&(t.email_verified=e.email_verified),typeof e.phone_number=="string"&&(t.phone_number=e.phone_number),typeof e.phone_number_verified=="boolean"?t.phone_verified=e.phone_number_verified:typeof e.phone_verified=="boolean"&&(t.phone_verified=e.phone_verified),t}async function gh(e,t){const{username:n,provider:i,connection:r,client:o,userId:a,isSocial:c,profileData:l={},ip:d="",set_user_root_attributes:u}=t,p=u||"on_each_login",f=p!=="never_on_login"?JO(l):{};let h=await dr({userAdapter:e.env.data.users,tenant_id:t.client.tenant.id,username:n,provider:i}),g=!1;if(!h){const m={user_id:`${i}|${a||ao()}`,email:r!=="sms"&&n.includes("@")?n:void 0,phone_number:r==="sms"?n:f.phone_number,username:!n.includes("@")&&r!=="sms"?n:void 0,name:f.name||n,given_name:f.given_name,family_name:f.family_name,nickname:f.nickname,picture:f.picture,phone_verified:f.phone_verified,provider:i,connection:r,email_verified:f.email_verified??(c||r==="email"),last_ip:d,is_social:c,last_login:new Date().toISOString(),profileData:JSON.stringify(l)};try{h=await e.env.data.users.create(o.tenant.id,m),g=!0}catch(_){if(_?.status!==409)throw _;const y=await dr({userAdapter:e.env.data.users,tenant_id:o.tenant.id,username:n,provider:i});if(!y)throw _;h=y}e.set("user_id",h.user_id)}if(!g&&p==="on_each_login"){const m={...f,profileData:JSON.stringify(l)},_=Object.fromEntries(Object.entries(m).filter(([y,w])=>w!==void 0));Object.keys(_).length>0&&(await e.env.data.users.update(o.tenant.id,h.user_id,_),h={...h,..._})}return h}const h$={},YO=Object.freeze(Object.defineProperty({__proto__:null,default:h$},Symbol.toStringTag,{value:"Module"}));var gy=null;function QO(e){try{return crypto.getRandomValues(new Uint8Array(e))}catch{}try{return h$.randomBytes(e)}catch{}if(!gy)throw Error("Neither WebCryptoAPI nor a crypto module is available. Use bcrypt.setRandomFallback to set an alternative");return gy(e)}function ZO(e){gy=e}function tb(e,t){if(e=e||nb,typeof e!="number")throw Error("Illegal arguments: "+typeof e+", "+typeof t);e<4?e=4:e>31&&(e=31);var n=[];return n.push("$2b$"),e<10&&n.push("0"),n.push(e.toString()),n.push("$"),n.push(Bp(QO(Gl),Gl)),n.join("")}function g$(e,t,n){if(typeof t=="function"&&(n=t,t=void 0),typeof e=="function"&&(n=e,e=void 0),typeof e>"u")e=nb;else if(typeof e!="number")throw Error("illegal arguments: "+typeof e);function i(r){ii(function(){try{r(null,tb(e))}catch(o){r(o)}})}if(n){if(typeof n!="function")throw Error("Illegal callback: "+typeof n);i(n)}else return new Promise(function(r,o){i(function(a,c){if(a){o(a);return}r(c)})})}function m$(e,t){if(typeof t>"u"&&(t=nb),typeof t=="number"&&(t=tb(t)),typeof e!="string"||typeof t!="string")throw Error("Illegal arguments: "+typeof e+", "+typeof t);return my(e,t)}function y$(e,t,n,i){function r(o){typeof e=="string"&&typeof t=="number"?g$(t,function(a,c){my(e,c,o,i)}):typeof e=="string"&&typeof t=="string"?my(e,t,o,i):ii(o.bind(this,Error("Illegal arguments: "+typeof e+", "+typeof t)))}if(n){if(typeof n!="function")throw Error("Illegal callback: "+typeof n);r(n)}else return new Promise(function(o,a){r(function(c,l){if(c){a(c);return}o(l)})})}function _$(e,t){for(var n=e.length^t.length,i=0;i<e.length;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}function XO(e,t){if(typeof e!="string"||typeof t!="string")throw Error("Illegal arguments: "+typeof e+", "+typeof t);return t.length!==60?!1:_$(m$(e,t.substring(0,t.length-31)),t)}function ej(e,t,n,i){function r(o){if(typeof e!="string"||typeof t!="string"){ii(o.bind(this,Error("Illegal arguments: "+typeof e+", "+typeof t)));return}if(t.length!==60){ii(o.bind(this,null,!1));return}y$(e,t.substring(0,29),function(a,c){a?o(a):o(null,_$(c,t))},i)}if(n){if(typeof n!="function")throw Error("Illegal callback: "+typeof n);r(n)}else return new Promise(function(o,a){r(function(c,l){if(c){a(c);return}o(l)})})}function tj(e){if(typeof e!="string")throw Error("Illegal arguments: "+typeof e);return parseInt(e.split("$")[2],10)}function nj(e){if(typeof e!="string")throw Error("Illegal arguments: "+typeof e);if(e.length!==60)throw Error("Illegal hash length: "+e.length+" != 60");return e.substring(0,29)}function ij(e){if(typeof e!="string")throw Error("Illegal arguments: "+typeof e);return w$(e)>72}var ii=typeof setImmediate=="function"?setImmediate:typeof scheduler=="object"&&typeof scheduler.postTask=="function"?scheduler.postTask.bind(scheduler):setTimeout;function w$(e){for(var t=0,n=0,i=0;i<e.length;++i)n=e.charCodeAt(i),n<128?t+=1:n<2048?t+=2:(n&64512)===55296&&(e.charCodeAt(i+1)&64512)===56320?(++i,t+=4):t+=3;return t}function rj(e){for(var t=0,n,i,r=new Array(w$(e)),o=0,a=e.length;o<a;++o)n=e.charCodeAt(o),n<128?r[t++]=n:n<2048?(r[t++]=n>>6|192,r[t++]=n&63|128):(n&64512)===55296&&((i=e.charCodeAt(o+1))&64512)===56320?(n=65536+((n&1023)<<10)+(i&1023),++o,r[t++]=n>>18|240,r[t++]=n>>12&63|128,r[t++]=n>>6&63|128,r[t++]=n&63|128):(r[t++]=n>>12|224,r[t++]=n>>6&63|128,r[t++]=n&63|128);return r}var Rs="./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".split(""),xr=[-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,0,1,54,55,56,57,58,59,60,61,62,63,-1,-1,-1,-1,-1,-1,-1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,-1,-1,-1,-1,-1,-1,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,-1,-1,-1,-1,-1];function Bp(e,t){var n=0,i=[],r,o;if(t<=0||t>e.length)throw Error("Illegal len: "+t);for(;n<t;){if(r=e[n++]&255,i.push(Rs[r>>2&63]),r=(r&3)<<4,n>=t){i.push(Rs[r&63]);break}if(o=e[n++]&255,r|=o>>4&15,i.push(Rs[r&63]),r=(o&15)<<2,n>=t){i.push(Rs[r&63]);break}o=e[n++]&255,r|=o>>6&3,i.push(Rs[r&63]),i.push(Rs[o&63])}return i.join("")}function b$(e,t){var n=0,i=e.length,r=0,o=[],a,c,l,d,u,p;if(t<=0)throw Error("Illegal len: "+t);for(;n<i-1&&r<t&&(p=e.charCodeAt(n++),a=p<xr.length?xr[p]:-1,p=e.charCodeAt(n++),c=p<xr.length?xr[p]:-1,!(a==-1||c==-1||(u=a<<2>>>0,u|=(c&48)>>4,o.push(String.fromCharCode(u)),++r>=t||n>=i)||(p=e.charCodeAt(n++),l=p<xr.length?xr[p]:-1,l==-1)||(u=(c&15)<<4>>>0,u|=(l&60)>>2,o.push(String.fromCharCode(u)),++r>=t||n>=i)));)p=e.charCodeAt(n++),d=p<xr.length?xr[p]:-1,u=(l&3)<<6>>>0,u|=d,o.push(String.fromCharCode(u)),++r;var f=[];for(n=0;n<r;n++)f.push(o[n].charCodeAt(0));return f}var Gl=16,nb=10,oj=16,sj=100,i2=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],r2=[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946,1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055,3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504,976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462],v$=[1332899944,1700884034,1701343084,1684370003,1668446532,1869963892];function Wl(e,t,n,i){var r,o=e[t],a=e[t+1];return o^=n[0],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[1],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[2],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[3],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[4],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[5],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[6],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[7],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[8],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[9],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[10],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[11],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[12],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[13],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[14],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[15],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[16],e[t]=a^n[oj+1],e[t+1]=o,e}function Js(e,t){for(var n=0,i=0;n<4;++n)i=i<<8|e[t]&255,t=(t+1)%e.length;return{key:i,offp:t}}function o2(e,t,n){for(var i=0,r=[0,0],o=t.length,a=n.length,c,l=0;l<o;l++)c=Js(e,i),i=c.offp,t[l]=t[l]^c.key;for(l=0;l<o;l+=2)r=Wl(r,0,t,n),t[l]=r[0],t[l+1]=r[1];for(l=0;l<a;l+=2)r=Wl(r,0,t,n),n[l]=r[0],n[l+1]=r[1]}function aj(e,t,n,i){for(var r=0,o=[0,0],a=n.length,c=i.length,l,d=0;d<a;d++)l=Js(t,r),r=l.offp,n[d]=n[d]^l.key;for(r=0,d=0;d<a;d+=2)l=Js(e,r),r=l.offp,o[0]^=l.key,l=Js(e,r),r=l.offp,o[1]^=l.key,o=Wl(o,0,n,i),n[d]=o[0],n[d+1]=o[1];for(d=0;d<c;d+=2)l=Js(e,r),r=l.offp,o[0]^=l.key,l=Js(e,r),r=l.offp,o[1]^=l.key,o=Wl(o,0,n,i),i[d]=o[0],i[d+1]=o[1]}function s2(e,t,n,i,r){var o=v$.slice(),a=o.length,c;if(n<4||n>31)if(c=Error("Illegal number of rounds (4-31): "+n),i){ii(i.bind(this,c));return}else throw c;if(t.length!==Gl)if(c=Error("Illegal salt length: "+t.length+" != "+Gl),i){ii(i.bind(this,c));return}else throw c;n=1<<n>>>0;var l,d,u=0,p;typeof Int32Array=="function"?(l=new Int32Array(i2),d=new Int32Array(r2)):(l=i2.slice(),d=r2.slice()),aj(t,e,l,d);function f(){if(r&&r(u/n),u<n)for(var g=Date.now();u<n&&(u=u+1,o2(e,l,d),o2(t,l,d),!(Date.now()-g>sj)););else{for(u=0;u<64;u++)for(p=0;p<a>>1;p++)Wl(o,p<<1,l,d);var m=[];for(u=0;u<a;u++)m.push((o[u]>>24&255)>>>0),m.push((o[u]>>16&255)>>>0),m.push((o[u]>>8&255)>>>0),m.push((o[u]&255)>>>0);if(i){i(null,m);return}else return m}i&&ii(f)}if(typeof i<"u")f();else for(var h;;)if(typeof(h=f())<"u")return h||[]}function my(e,t,n,i){var r;if(typeof e!="string"||typeof t!="string")if(r=Error("Invalid string / salt: Not a string"),n){ii(n.bind(this,r));return}else throw r;var o,a;if(t.charAt(0)!=="$"||t.charAt(1)!=="2")if(r=Error("Invalid salt version: "+t.substring(0,2)),n){ii(n.bind(this,r));return}else throw r;if(t.charAt(2)==="$")o="\0",a=3;else{if(o=t.charAt(2),o!=="a"&&o!=="b"&&o!=="y"||t.charAt(3)!=="$")if(r=Error("Invalid salt revision: "+t.substring(2,4)),n){ii(n.bind(this,r));return}else throw r;a=4}if(t.charAt(a+2)>"$")if(r=Error("Missing salt rounds"),n){ii(n.bind(this,r));return}else throw r;var c=parseInt(t.substring(a,a+1),10)*10,l=parseInt(t.substring(a+1,a+2),10),d=c+l,u=t.substring(a+3,a+25);e+=o>="a"?"\0":"";var p=rj(e),f=b$(u,Gl);function h(g){var m=[];return m.push("$2"),o>="a"&&m.push(o),m.push("$"),d<10&&m.push("0"),m.push(d.toString()),m.push("$"),m.push(Bp(f,f.length)),m.push(Bp(g,v$.length*4-1)),m.join("")}if(typeof n>"u")return h(s2(p,f,d));s2(p,f,d,function(g,m){g?n(g,null):n(null,h(m))},i)}function cj(e,t){return Bp(e,t)}function lj(e,t){return b$(e,t)}const lc={setRandomFallback:ZO,genSaltSync:tb,genSalt:g$,hashSync:m$,hash:y$,compareSync:XO,compare:ej,getRounds:tj,getSalt:nj,truncates:ij,encodeBase64:cj,decodeBase64:lj},Cr={TOO_SHORT:"password_too_short",MISSING_LOWERCASE:"password_missing_lowercase",MISSING_UPPERCASE:"password_missing_uppercase",MISSING_NUMBER:"password_missing_number",MISSING_SPECIAL:"password_missing_special",REUSED:"password_reused",CONTAINS_PERSONAL_INFO:"password_contains_personal_info",CONTAINS_FORBIDDEN_WORD:"password_contains_forbidden_word"};class Ti extends Error{code;params;constructor(t,n,i){super(n),this.code=t,this.params=i,this.name="PasswordPolicyError"}}async function Id(e,t){const{newPassword:n,userData:i,data:r,tenantId:o,userId:a}=t,c=e.passwordPolicy!==void 0||e.password_complexity_options!==void 0||e.password_history!==void 0||e.password_no_personal_info!==void 0||e.password_dictionary!==void 0,l=c?e.passwordPolicy:"good",d=c?e.password_complexity_options?.min_length:8;if(d&&n.length<d)throw new Ti(Cr.TOO_SHORT,`Password must be at least ${d} characters`,{minLength:d});if(l&&l!=="none"&&l==="good"){if(!/[a-z]/.test(n))throw new Ti(Cr.MISSING_LOWERCASE,"Password must contain at least one lowercase letter");if(!/[A-Z]/.test(n))throw new Ti(Cr.MISSING_UPPERCASE,"Password must contain at least one uppercase letter");if(!/\d/.test(n))throw new Ti(Cr.MISSING_NUMBER,"Password must contain at least one number");if(!/[^A-Za-z0-9]/.test(n))throw new Ti(Cr.MISSING_SPECIAL,"Password must contain at least one special character")}if(e.password_history?.enable){const u=e.password_history.size||5,p=await r.passwords.list(o,a,u);for(const f of p)if(await lc.compare(n,f.password))throw new Ti(Cr.REUSED,"Password was used recently and cannot be reused",{historySize:u})}if(e.password_no_personal_info?.enable&&i&&[i.email,i.name].filter(Boolean).join(" ").toLowerCase().includes(n.toLowerCase()))throw new Ti(Cr.CONTAINS_PERSONAL_INFO,"Password cannot contain personal information like your name or email");if(e.password_dictionary?.enable&&e.password_dictionary.dictionary&&e.password_dictionary.dictionary.some(u=>n.toLowerCase().includes(u.toLowerCase())))throw new Ti(Cr.CONTAINS_FORBIDDEN_WORD,"Password contains a forbidden word")}async function zd(e,t,n){const{connections:i}=await e.connections.list(t,{page:0,per_page:100});return i.find(o=>o.name===n)?.options||{}}async function Pa(e){return{hash:await lc.hash(e,10),algorithm:"bcrypt"}}var a2;(function(e){e[e.Include=0]="Include",e[e.None=1]="None"})(a2||(a2={}));var c2;(function(e){e[e.Required=0]="Required",e[e.Ignore=1]="Ignore"})(c2||(c2={}));function dj(e){return A$(e,uj,Jl.Include)}function ib(e){return A$(e,pj,Jl.None)}function A$(e,t,n){let i="";for(let r=0;r<e.byteLength;r+=3){let o=0,a=0;for(let c=0;c<3&&r+c<e.byteLength;c++)o=o<<8|e[r+c],a+=8;for(let c=0;c<4;c++)a>=6?(i+=t[o>>a-6&63],a-=6):a>0?(i+=t[o<<6-a&63],a=0):n===Jl.Include&&(i+="=")}return i}const uj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",pj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Jl;(function(e){e[e.Include=0]="Include",e[e.None=1]="None"})(Jl||(Jl={}));var l2;(function(e){e[e.Required=0]="Required",e[e.Ignore=1]="Ignore"})(l2||(l2={}));class fj{uint8(t,n){if(t.byteLength<n+1)throw new TypeError("Insufficient bytes");return t[n]}uint16(t,n){if(t.byteLength<n+2)throw new TypeError("Insufficient bytes");return t[n]<<8|t[n+1]}uint32(t,n){if(t.byteLength<n+4)throw new TypeError("Insufficient bytes");let i=0;for(let r=0;r<4;r++)i|=t[n+r]<<24-r*8;return i}uint64(t,n){if(t.byteLength<n+8)throw new TypeError("Insufficient bytes");let i=0n;for(let r=0;r<8;r++)i|=BigInt(t[n+r])<<BigInt(56-r*8);return i}putUint8(t,n,i){if(t.length<i+1)throw new TypeError("Not enough space");if(n<0||n>255)throw new TypeError("Invalid uint8 value");t[i]=n}putUint16(t,n,i){if(t.length<i+2)throw new TypeError("Not enough space");if(n<0||n>65535)throw new TypeError("Invalid uint16 value");t[i]=n>>8,t[i+1]=n&255}putUint32(t,n,i){if(t.length<i+4)throw new TypeError("Not enough space");if(n<0||n>4294967295)throw new TypeError("Invalid uint32 value");for(let r=0;r<4;r++)t[i+r]=n>>(3-r)*8&255}putUint64(t,n,i){if(t.length<i+8)throw new TypeError("Not enough space");if(n<0||n>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let r=0;r<8;r++)t[i+r]=Number(n>>BigInt((7-r)*8)&0xffn)}}const d2=new fj;function bi(e,t){return(e<<32-t|e>>>t)>>>0}function hj(e){const t=new gj;return t.update(e),t.digest()}class gj{blockSize=64;size=32;blocks=new Uint8Array(64);currentBlockSize=0;H=new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);l=0n;w=new Uint32Array(64);update(t){if(this.l+=BigInt(t.byteLength)*8n,this.currentBlockSize+t.byteLength<64){this.blocks.set(t,this.currentBlockSize),this.currentBlockSize+=t.byteLength;return}let n=0;if(this.currentBlockSize>0){const i=t.slice(0,64-this.currentBlockSize);this.blocks.set(i,this.currentBlockSize),this.process(),n+=i.byteLength,this.currentBlockSize=0}for(;n+64<=t.byteLength;){const i=t.slice(n,n+64);this.blocks.set(i),this.process(),n+=64}if(t.byteLength-n>0){const i=t.slice(n);this.blocks.set(i),this.currentBlockSize=i.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),d2.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const t=new Uint8Array(32);for(let n=0;n<8;n++)d2.putUint32(t,this.H[n],n*4);return t}process(){for(let d=0;d<16;d++)this.w[d]=(this.blocks[d*4]<<24|this.blocks[d*4+1]<<16|this.blocks[d*4+2]<<8|this.blocks[d*4+3])>>>0;for(let d=16;d<64;d++){const u=(bi(this.w[d-2],17)^bi(this.w[d-2],19)^this.w[d-2]>>>10)>>>0,p=(bi(this.w[d-15],7)^bi(this.w[d-15],18)^this.w[d-15]>>>3)>>>0;this.w[d]=u+this.w[d-7]+p+this.w[d-16]|0}let t=this.H[0],n=this.H[1],i=this.H[2],r=this.H[3],o=this.H[4],a=this.H[5],c=this.H[6],l=this.H[7];for(let d=0;d<64;d++){const u=(bi(o,6)^bi(o,11)^bi(o,25))>>>0,p=(o&a^~o&c)>>>0,f=l+u+p+mj[d]+this.w[d]|0,h=(bi(t,2)^bi(t,13)^bi(t,22))>>>0,g=(t&n^t&i^n&i)>>>0,m=h+g|0;l=c,c=a,a=o,o=r+f|0,r=i,i=n,n=t,t=f+m|0}this.H[0]=t+this.H[0]|0,this.H[1]=n+this.H[1]|0,this.H[2]=i+this.H[2]|0,this.H[3]=r+this.H[3]|0,this.H[4]=o+this.H[4]|0,this.H[5]=a+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const mj=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class k${data;constructor(t){this.data=t}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function S$(e){const t=hj(new TextEncoder().encode(e));return ib(t)}function mh(){const e=new Uint8Array(32);return crypto.getRandomValues(e),ib(e)}function E$(){const e=new Uint8Array(32);return crypto.getRandomValues(e),ib(e)}function yj(e,t){if(t.length!==1)throw new TypeError("Invalid character string");let n=0;for(;n<e.length&&e[n]===t;)n++;return e.slice(n)}function u2(e,t){if(t.length!==1)throw new TypeError("Invalid character string");let n=e.length;for(;n>0&&e[n-1]===t;)n--;return e.slice(0,n)}function p2(e,...t){let n=u2(e,"/");for(const i of t)n=u2(n,"/")+"/"+yj(i,"/");return n}function ar(e,t){const n=new TextEncoder().encode(t.toString()),i=new Request(e,{method:"POST",body:n});return i.headers.set("Content-Type","application/x-www-form-urlencoded"),i.headers.set("Accept","application/json"),i.headers.set("User-Agent","arctic"),i.headers.set("Content-Length",n.byteLength.toString()),i}function Go(e,t){const n=new TextEncoder().encode(`${e}:${t}`);return dj(n)}async function Na(e){let t;try{t=await fetch(e)}catch(n){throw new ob(n)}if(t.status===400||t.status===401){let n;try{n=await t.json()}catch{throw new ba(t.status)}if(typeof n!="object"||n===null)throw new Hr(t.status,n);let i;try{i=rb(n)}catch{throw new Hr(t.status,n)}throw i}if(t.status===200){let n;try{n=await t.json()}catch{throw new ba(t.status)}if(typeof n!="object"||n===null)throw new Hr(t.status,n);return new k$(n)}throw t.body!==null&&await t.body.cancel(),new ba(t.status)}async function _j(e){let t;try{t=await fetch(e)}catch(n){throw new ob(n)}if(t.status===400||t.status===401){let n;try{n=await t.json()}catch{throw new Hr(t.status,null)}if(typeof n!="object"||n===null)throw new Hr(t.status,n);let i;try{i=rb(n)}catch{throw new Hr(t.status,n)}throw i}if(t.status===200){t.body!==null&&await t.body.cancel();return}throw t.body!==null&&await t.body.cancel(),new ba(t.status)}function rb(e){let t;if("error"in e&&typeof e.error=="string")t=e.error;else throw new Error("Invalid error response");let n=null,i=null,r=null;if("error_description"in e){if(typeof e.error_description!="string")throw new Error("Invalid data");n=e.error_description}if("error_uri"in e){if(typeof e.error_uri!="string")throw new Error("Invalid data");i=e.error_uri}if("state"in e){if(typeof e.state!="string")throw new Error("Invalid data");r=e.state}return new wj(t,n,i,r)}class ob extends Error{constructor(t){super("Failed to send request",{cause:t})}}class wj extends Error{code;description;uri;state;constructor(t,n,i,r){super(`OAuth request error: ${t}`),this.code=t,this.description=n,this.uri=i,this.state=r}}class ba extends Error{status;constructor(t){super("Unexpected error response"),this.status=t}}class Hr extends Error{status;data;constructor(t,n){super("Unexpected error response body"),this.status=t,this.data=n}}class vs{clientId;clientPassword;redirectURI;constructor(t,n,i){this.clientId=t,this.clientPassword=n,this.redirectURI=i}createAuthorizationURL(t,n,i){const r=new URL(t);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&r.searchParams.set("redirect_uri",this.redirectURI),r.searchParams.set("state",n),i.length>0&&r.searchParams.set("scope",i.join(" ")),r}createAuthorizationURLWithPKCE(t,n,i,r,o){const a=new URL(t);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&a.searchParams.set("redirect_uri",this.redirectURI),a.searchParams.set("state",n),i===ts.S256){const c=S$(r);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",c)}else i===ts.Plain&&(a.searchParams.set("code_challenge_method","plain"),a.searchParams.set("code_challenge",r));return o.length>0&&a.searchParams.set("scope",o.join(" ")),a}async validateAuthorizationCode(t,n,i){const r=new URLSearchParams;r.set("grant_type","authorization_code"),r.set("code",n),this.redirectURI!==null&&r.set("redirect_uri",this.redirectURI),i!==null&&r.set("code_verifier",i),this.clientPassword===null&&r.set("client_id",this.clientId);const o=ar(t,r);if(this.clientPassword!==null){const c=Go(this.clientId,this.clientPassword);o.headers.set("Authorization",`Basic ${c}`)}return await Na(o)}async refreshAccessToken(t,n,i){const r=new URLSearchParams;r.set("grant_type","refresh_token"),r.set("refresh_token",n),this.clientPassword===null&&r.set("client_id",this.clientId),i.length>0&&r.set("scope",i.join(" "));const o=ar(t,r);if(this.clientPassword!==null){const c=Go(this.clientId,this.clientPassword);o.headers.set("Authorization",`Basic ${c}`)}return await Na(o)}async revokeToken(t,n){const i=new URLSearchParams;i.set("token",n),this.clientPassword===null&&i.set("client_id",this.clientId);const r=ar(t,i);if(this.clientPassword!==null){const o=Go(this.clientId,this.clientPassword);r.headers.set("Authorization",`Basic ${o}`)}await _j(r)}}var ts;(function(e){e[e.S256=0]="S256",e[e.Plain=1]="Plain"})(ts||(ts={}));var f2;(function(e){e[e.Include=0]="Include",e[e.None=1]="None"})(f2||(f2={}));var h2;(function(e){e[e.Required=0]="Required",e[e.Ignore=1]="Ignore"})(h2||(h2={}));function Il(e){return bj(e,vj,Lp.None)}function bj(e,t,n){let i="";for(let r=0;r<e.byteLength;r+=3){let o=0,a=0;for(let c=0;c<3&&r+c<e.byteLength;c++)o=o<<8|e[r+c],a+=8;for(let c=0;c<4;c++)a>=6?(i+=t[o>>a-6&63],a-=6):a>0?(i+=t[o<<6-a&63],a=0):n===Lp.Include&&(i+="=")}return i}const vj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Lp;(function(e){e[e.Include=0]="Include",e[e.None=1]="None"})(Lp||(Lp={}));var g2;(function(e){e[e.Required=0]="Required",e[e.Ignore=1]="Ignore"})(g2||(g2={}));function Aj(e,t,n){const i=Il(new TextEncoder().encode(e)),r=Il(new TextEncoder().encode(t)),o=Il(n);return i+"."+r+"."+o}function kj(e,t){const n=Il(new TextEncoder().encode(e)),i=Il(new TextEncoder().encode(t)),r=n+"."+i;return new TextEncoder().encode(r)}const Sj="https://appleid.apple.com/auth/authorize",Ej="https://appleid.apple.com/auth/token";class x${clientId;teamId;keyId;pkcs8PrivateKey;redirectURI;constructor(t,n,i,r,o){this.clientId=t,this.teamId=n,this.keyId=i,this.pkcs8PrivateKey=r,this.redirectURI=o}createAuthorizationURL(t,n){const i=new URL(Sj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",t),n.length>0&&i.searchParams.set("scope",n.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(t){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",t),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId);const i=await this.createClientSecret();n.set("client_secret",i);const r=ar(Ej,n);return await Na(r)}async createClientSecret(){const t=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),n=Math.floor(Date.now()/1e3),i=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),r=JSON.stringify({iss:this.teamId,exp:n+300,aud:["https://appleid.apple.com"],sub:this.clientId,iat:n}),o=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},t,kj(i,r)));return Aj(i,r,o)}}const xj="https://www.facebook.com/v16.0/dialog/oauth",Cj="https://graph.facebook.com/v16.0/oauth/access_token";class C${clientId;clientSecret;redirectURI;constructor(t,n,i){this.clientId=t,this.clientSecret=n,this.redirectURI=i}createAuthorizationURL(t,n){const i=new URL(xj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",t),n.length>0&&i.searchParams.set("scope",n.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(t){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",t),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId),n.set("client_secret",this.clientSecret);const i=ar(Cj,n);return await Na(i)}}const Tj="https://github.com/login/oauth/authorize",m2="https://github.com/login/oauth/access_token";class T${clientId;clientSecret;redirectURI;constructor(t,n,i){this.clientId=t,this.clientSecret=n,this.redirectURI=i}createAuthorizationURL(t,n){const i=new URL(Tj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",t),n.length>0&&i.searchParams.set("scope",n.join(" ")),this.redirectURI!==null&&i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(t){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",t),this.redirectURI!==null&&n.set("redirect_uri",this.redirectURI);const i=ar(m2,n),r=Go(this.clientId,this.clientSecret);return i.headers.set("Authorization",`Basic ${r}`),await y2(i)}async refreshAccessToken(t){const n=new URLSearchParams;n.set("grant_type","refresh_token"),n.set("refresh_token",t);const i=ar(m2,n),r=Go(this.clientId,this.clientSecret);return i.headers.set("Authorization",`Basic ${r}`),await y2(i)}}async function y2(e){let t;try{t=await fetch(e)}catch(r){throw new ob(r)}if(t.status!==200)throw t.body!==null&&await t.body.cancel(),new ba(t.status);let n;try{n=await t.json()}catch{throw new ba(t.status)}if(typeof n!="object"||n===null)throw new Hr(t.status,n);if("error"in n&&typeof n.error=="string"){let r;try{r=rb(n)}catch{throw new Hr(t.status,n)}throw r}return new k$(n)}const $j="https://accounts.google.com/o/oauth2/v2/auth",_2="https://oauth2.googleapis.com/token",Ij="https://oauth2.googleapis.com/revoke";let $$=class{client;constructor(t,n,i){this.client=new vs(t,n,i)}createAuthorizationURL(t,n,i){return this.client.createAuthorizationURLWithPKCE($j,t,ts.S256,n,i)}async validateAuthorizationCode(t,n){return await this.client.validateAuthorizationCode(_2,t,n)}async refreshAccessToken(t){return await this.client.refreshAccessToken(_2,t,[])}async revokeToken(t){await this.client.revokeToken(Ij,t)}};class I${authorizationEndpoint;tokenEndpoint;clientId;clientSecret;redirectURI;constructor(t,n,i,r){this.authorizationEndpoint=p2("https://login.microsoftonline.com",t,"/oauth2/v2.0/authorize"),this.tokenEndpoint=p2("https://login.microsoftonline.com",t,"/oauth2/v2.0/token"),this.clientId=n,this.clientSecret=i,this.redirectURI=r}createAuthorizationURL(t,n,i){const r=new URL(this.authorizationEndpoint);r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("redirect_uri",this.redirectURI),r.searchParams.set("state",t);const o=S$(n);return r.searchParams.set("code_challenge_method","S256"),r.searchParams.set("code_challenge",o),i.length>0&&r.searchParams.set("scope",i.join(" ")),r}async validateAuthorizationCode(t,n){const i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",t),i.set("redirect_uri",this.redirectURI),i.set("code_verifier",n),this.clientSecret===null&&i.set("client_id",this.clientId);const r=ar(this.tokenEndpoint,i);if(this.clientSecret!==null){const a=Go(this.clientId,this.clientSecret);r.headers.set("Authorization",`Basic ${a}`)}else r.headers.set("Origin","arctic");return await Na(r)}async refreshAccessToken(t,n){const i=new URLSearchParams;i.set("grant_type","refresh_token"),i.set("refresh_token",t),this.clientSecret===null&&i.set("client_id",this.clientId),n.length>0&&i.set("scope",n.join(" "));const r=ar(this.tokenEndpoint,i);if(this.clientSecret!==null){const a=Go(this.clientId,this.clientSecret);r.headers.set("Authorization",`Basic ${a}`)}else r.headers.set("Origin","arctic");return await Na(r)}}let zj=class{hash;curve;constructor(t,n){this.hash=t,this.curve=n}async sign(t,n){const i=await crypto.subtle.importKey("pkcs8",t,{name:"ECDSA",namedCurve:this.curve},!1,["sign"]);return await crypto.subtle.sign({name:"ECDSA",hash:this.hash},i,n)}async verify(t,n,i){const r=await crypto.subtle.importKey("spki",t,{name:"ECDSA",namedCurve:this.curve},!1,["verify"]);return await crypto.subtle.verify({name:"ECDSA",hash:this.hash},r,n,i)}async generateKeyPair(){const t=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:this.curve},!0,["sign"]),n=await crypto.subtle.exportKey("pkcs8",t.privateKey),i=await crypto.subtle.exportKey("spki",t.publicKey);return{privateKey:n,publicKey:i}}};class z${hash;constructor(t){this.hash=t}async verify(t,n,i){const r=await crypto.subtle.importKey("raw",t,{name:"HMAC",hash:this.hash},!1,["verify"]);return await crypto.subtle.verify("HMAC",r,n,i)}async sign(t,n){const i=await crypto.subtle.importKey("raw",t,{name:"HMAC",hash:this.hash},!1,["sign"]);return await crypto.subtle.sign("HMAC",i,n)}async generateKey(){const t=await crypto.subtle.generateKey({name:"HMAC",hash:this.hash},!0,["sign"]);return await crypto.subtle.exportKey("raw",t)}}class Pj{hash;constructor(t){this.hash=t}async verify(t,n,i){const r=await crypto.subtle.importKey("spki",t,{name:"RSASSA-PKCS1-v1_5",hash:this.hash},!1,["verify"]);return await crypto.subtle.verify("RSASSA-PKCS1-v1_5",r,n,i)}async sign(t,n){const i=await crypto.subtle.importKey("pkcs8",t,{name:"RSASSA-PKCS1-v1_5",hash:this.hash},!1,["sign"]);return await crypto.subtle.sign("RSASSA-PKCS1-v1_5",i,n)}async generateKeyPair(t){const n=await crypto.subtle.generateKey({name:"RSASSA-PKCS1-v1_5",hash:this.hash,modulusLength:t??2048,publicExponent:new Uint8Array([1,0,1])},!0,["sign"]),i=await crypto.subtle.exportKey("pkcs8",n.privateKey),r=await crypto.subtle.exportKey("spki",n.publicKey);return{privateKey:i,publicKey:r}}}class Nj{hash;saltLength;constructor(t){this.hash=t,t==="SHA-1"?this.saltLength=20:t==="SHA-256"?this.saltLength=32:t==="SHA-384"?this.saltLength=48:this.saltLength=64}async verify(t,n,i){const r=await crypto.subtle.importKey("spki",t,{name:"RSA-PSS",hash:this.hash},!1,["verify"]);return await crypto.subtle.verify({name:"RSA-PSS",saltLength:this.saltLength},r,n,i)}async sign(t,n){const i=await crypto.subtle.importKey("pkcs8",t,{name:"RSA-PSS",hash:this.hash},!1,["sign"]);return await crypto.subtle.sign({name:"RSA-PSS",saltLength:this.saltLength},i,n)}async generateKeyPair(t){const n=await crypto.subtle.generateKey({name:"RSA-PSS",hash:this.hash,modulusLength:t??2048,publicExponent:new Uint8Array([1,0,1])},!0,["sign"]),i=await crypto.subtle.exportKey("pkcs8",n.privateKey),r=await crypto.subtle.exportKey("spki",n.publicKey);return{privateKey:i,publicKey:r}}}async function yh(e){return await crypto.subtle.digest("SHA-256",e)}function P$(e){return e.toString(2).padStart(8,"0")}function Fj(e){return[...e].map(t=>P$(t)).join("")}function sb(e){return parseInt(e,2)}const w2="0123456789abcdef";function Mp(e){const t=new Uint8Array(e);let n="";for(let i=0;i<t.length;i++){const r=t[i]>>4;n+=w2[r];const o=t[i]&15;n+=w2[o]}return n}class N${alphabet;padding;decodeMap=new Map;constructor(t,n){if(t.length!==32)throw new Error("Invalid alphabet");if(this.alphabet=t,this.padding=n?.padding??"=",this.alphabet.includes(this.padding)||this.padding.length!==1)throw new Error("Invalid padding");for(let i=0;i<t.length;i++)this.decodeMap.set(t[i],i)}encode(t,n){let i="",r=0,o=0;for(let c=0;c<t.length;c++)for(r=r<<8|t[c],o+=8;o>=5;)o-=5,i+=this.alphabet[r>>o&31];if(o>0&&(i+=this.alphabet[r<<5-o&31]),n?.includePadding??!0){const c=(8-i.length%8)%8;for(let l=0;l<c;l++)i+="="}return i}decode(t,n){const i=n?.strict??!0,r=Math.ceil(t.length/8),o=[];for(let a=0;a<r;a++){let c=0;const l=[];for(let u=0;u<8;u++){const p=t[a*8+u];if(p==="="){if(a+1!==r)throw new Error(`Invalid character: ${p}`);c+=1;continue}if(p===void 0){if(i)throw new Error("Invalid data");c+=1;continue}const f=this.decodeMap.get(p)??null;if(f===null)throw new Error(`Invalid character: ${p}`);l.push(f)}if(c===8||c===7||c===5||c===2)throw new Error("Invalid padding");const d=(l[0]<<3)+(l[1]>>2);if(o.push(d),c<6){const u=((l[1]&3)<<6)+(l[2]<<1)+(l[3]>>4);o.push(u)}if(c<4){const u=((l[3]&255)<<4)+(l[4]>>1);o.push(u)}if(c<3){const u=((l[4]&1)<<7)+(l[5]<<2)+(l[6]>>3);o.push(u)}if(c<1){const u=((l[6]&7)<<5)+l[7];o.push(u)}}return Uint8Array.from(o)}}const _h=new N$("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567");new N$("0123456789ABCDEFGHIJKLMNOPQRSTUV");class F${alphabet;padding;decodeMap=new Map;constructor(t,n){if(t.length!==64)throw new Error("Invalid alphabet");if(this.alphabet=t,this.padding=n?.padding??"=",this.alphabet.includes(this.padding)||this.padding.length!==1)throw new Error("Invalid padding");for(let i=0;i<t.length;i++)this.decodeMap.set(t[i],i)}encode(t,n){let i="",r=0,o=0;for(let c=0;c<t.length;c++)for(r=r<<8|t[c],o+=8;o>=6;)o+=-6,i+=this.alphabet[r>>o&63];if(o>0&&(i+=this.alphabet[r<<6-o&63]),n?.includePadding??!0){const c=(4-i.length%4)%4;for(let l=0;l<c;l++)i+="="}return i}decode(t,n){const i=n?.strict??!0,r=Math.ceil(t.length/4),o=[];for(let a=0;a<r;a++){let c=0,l=0;for(let d=0;d<4;d++){const u=t[a*4+d];if(u==="="){if(a+1!==r)throw new Error(`Invalid character: ${u}`);c+=1;continue}if(u===void 0){if(i)throw new Error("Invalid data");c+=1;continue}const p=this.decodeMap.get(u)??null;if(p===null)throw new Error(`Invalid character: ${u}`);l+=p<<6*(3-d)}o.push(l>>16&255),c<2&&o.push(l>>8&255),c<1&&o.push(l&255)}return Uint8Array.from(o)}}const Oj=new F$("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"),Rt=new F$("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_");class Pd{constructor(t,n){this.value=t,this.unit=n}value;unit;milliseconds(){return this.unit==="ms"?this.value:this.unit==="s"?this.value*1e3:this.unit==="m"?this.value*1e3*60:this.unit==="h"?this.value*1e3*60*60:this.unit==="d"?this.value*1e3*60*60*24:this.value*1e3*60*60*24*7}seconds(){return this.milliseconds()/1e3}transform(t){return new Pd(Math.round(this.milliseconds()*t),"ms")}}async function yy(e,t,n,i){const r={alg:e,typ:"JWT",...i?.headers},o={...n};i?.audiences!==void 0&&(o.aud=i.audiences),i?.subject!==void 0&&(o.sub=i.subject),i?.issuer!==void 0&&(o.iss=i.issuer),i?.jwtId!==void 0&&(o.jti=i.jwtId),i?.expiresIn!==void 0&&(o.exp=Math.floor(Date.now()/1e3)+i.expiresIn.seconds()),i?.notBefore!==void 0&&(o.nbf=Math.floor(i.notBefore.getTime()/1e3)),i?.includeIssuedTimestamp===!0&&(o.iat=Math.floor(Date.now()/1e3));const a=new TextEncoder,c=Rt.encode(a.encode(JSON.stringify(r)),{includePadding:!1}),l=Rt.encode(a.encode(JSON.stringify(o)),{includePadding:!1}),d=a.encode([c,l].join(".")),u=await Rj(e).sign(t,d),p=Rt.encode(new Uint8Array(u),{includePadding:!1});return[c,l,p].join(".")}function jj(e){const t=e.split(".");return t.length!==3?null:t}function Nd(e){const t=jj(e);if(!t)return null;const n=new TextDecoder,i=Rt.decode(t[0],{strict:!1}),r=Rt.decode(t[1],{strict:!1}),o=JSON.parse(n.decode(i));if(typeof o!="object"||o===null||!("alg"in o)||!Dj(o.alg)||"typ"in o&&o.typ!=="JWT")return null;const a=JSON.parse(n.decode(r));if(typeof a!="object"||a===null)return null;const c={algorithm:o.alg,expiresAt:null,subject:null,issuedAt:null,issuer:null,jwtId:null,audiences:null,notBefore:null};if("exp"in a){if(typeof a.exp!="number")return null;c.expiresAt=new Date(a.exp*1e3)}if("iss"in a){if(typeof a.iss!="string")return null;c.issuer=a.iss}if("sub"in a){if(typeof a.sub!="string")return null;c.subject=a.sub}if("aud"in a)if(Array.isArray(a.aud)){for(const l of a.aud)if(typeof l!="string")return null;c.audiences=a.aud}else{if(typeof a.aud!="string")return null;c.audiences=[a.aud]}if("nbf"in a){if(typeof a.nbf!="number")return null;c.notBefore=new Date(a.nbf*1e3)}if("iat"in a){if(typeof a.iat!="number")return null;c.issuedAt=new Date(a.iat*1e3)}if("jti"in a){if(typeof a.jti!="string")return null;c.jwtId=a.jti}return{value:e,header:{...o,typ:"JWT",alg:o.alg},payload:{...a},parts:t,...c}}function Rj(e){if(e==="ES256"||e==="ES384"||e==="ES512")return new zj(b2[e].hash,b2[e].curve);if(e==="HS256"||e==="HS384"||e==="HS512")return new z$(Bj[e]);if(e==="RS256"||e==="RS384"||e==="RS512")return new Pj(Lj[e]);if(e==="PS256"||e==="PS384"||e==="PS512")return new Nj(Mj[e]);throw new TypeError("Invalid algorithm")}function Dj(e){return typeof e!="string"?!1:["HS256","HS384","HS512","RS256","RS384","RS512","ES256","ES384","ES512","PS256","PS384","PS512"].includes(e)}const b2={ES256:{hash:"SHA-256",curve:"P-256"},ES384:{hash:"SHA-384",curve:"P-384"},ES512:{hash:"SHA-512",curve:"P-521"}},Bj={HS256:"SHA-256",HS384:"SHA-384",HS512:"SHA-512"},Lj={RS256:"SHA-256",RS384:"SHA-384",RS512:"SHA-512"},Mj={PS256:"SHA-256",PS384:"SHA-384",PS512:"SHA-512"},dc=s.z.object({iss:s.z.string().url(),sub:s.z.string(),aud:s.z.string(),exp:s.z.number(),email:s.z.string().optional(),given_name:s.z.string().optional(),family_name:s.z.string().optional(),name:s.z.string().optional(),iat:s.z.number(),auth_time:s.z.number().optional(),nonce:s.z.string().optional(),acr:s.z.string().optional(),amr:s.z.array(s.z.string()).optional(),azp:s.z.string().optional(),at_hash:s.z.string().optional(),c_hash:s.z.string().optional()}).passthrough();dc.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});const Uj="Apple",qj="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20fill%3D%22none%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M45%200H0V45H45V0Z%22%20fill%3D%22white%22%2F%3E%3Cpath%20d%3D%22M23.5344%2010.3846C25.5313%2010.3846%2028.0344%209.01144%2029.525%207.18055C30.875%205.5213%2031.8594%203.20407%2031.8594%200.886839C31.8594%200.572154%2031.8313%200.25747%2031.775%200C29.5531%200.0858233%2026.8813%201.51621%2025.2781%203.43293C24.0125%204.89193%2022.8594%207.18055%2022.8594%209.52638C22.8594%209.86968%2022.9156%2010.213%2022.9438%2010.3274C23.0844%2010.356%2023.3094%2010.3846%2023.5344%2010.3846ZM16.5031%2045C19.2313%2045%2020.4406%2043.1405%2023.8438%2043.1405C27.3031%2043.1405%2028.0625%2044.9428%2031.1%2044.9428C34.0813%2044.9428%2036.0781%2042.1392%2037.9625%2039.3929C40.0719%2036.246%2040.9438%2033.1564%2041%2033.0134C40.8031%2032.9561%2035.0938%2030.5817%2035.0938%2023.9161C35.0938%2018.1373%2039.5938%2015.534%2039.8469%2015.3338C36.8656%2010.9854%2032.3375%2010.8709%2031.1%2010.8709C27.7531%2010.8709%2025.025%2012.9307%2023.3094%2012.9307C21.4531%2012.9307%2019.0063%2010.9854%2016.1094%2010.9854C10.5969%2010.9854%205%2015.6198%205%2024.3738C5%2029.8093%207.08125%2035.5594%209.64063%2039.2784C11.8344%2042.4253%2013.7469%2045%2016.5031%2045Z%22%20fill%3D%22black%22%2F%3E%3C%2Fsvg%3E";function O$(e){const{options:t}=e;if(!t||!t.client_id||!t.team_id||!t.kid||!t.app_secret)throw new Error("Missing required Apple authentication parameters");const n=Buffer.from(t.app_secret,"utf-8"),i=n.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),r=Uint8Array.from(Buffer.from(i,"base64"));return n.fill(0),{options:t,keyArray:r}}async function Hj(e,t){const{options:n,keyArray:i}=O$(t),r=Wt(e,t),o=new x$(n.client_id,n.team_id,n.kid,i,r),a=Ue(),c=await o.createAuthorizationURL(a,n.scope?.split(" ")||["name","email"]);return(n.scope?.split(" ")||["name","email"]).some(d=>["email","name"].includes(d))&&c.searchParams.set("response_mode","form_post"),{redirectUrl:c.href,code:a}}async function Vj(e,t,n){const{options:i,keyArray:r}=O$(t),a=await new x$(i.client_id,i.team_id,i.kid,r,Wt(e,t)).validateAuthorizationCode(n),c=Nd(a.idToken());if(!c)throw new Error("Invalid ID token");const l=dc.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const Kj=Object.freeze(Object.defineProperty({__proto__:null,displayName:Uj,getRedirect:Hj,logoDataUri:qj,validateAuthorizationCodeAndGetUser:Vj},Symbol.toStringTag,{value:"Module"})),Gj="Facebook",Wj="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M45%2022.5C45%2010.0736%2034.9264%200%2022.5%200C10.0736%200%200%2010.0736%200%2022.5C0%2033.7031%208.23242%2042.9785%2019.0039%2044.6953V28.9746H13.2861V22.5H19.0039V17.5391C19.0039%2011.8945%2022.3828%208.75977%2027.5391%208.75977C29.9658%208.75977%2032.5049%209.19922%2032.5049%209.19922V14.7656H29.7012C26.9414%2014.7656%2026.0156%2016.4824%2026.0156%2018.2432V22.5H32.2412L31.2012%2028.9746H26.0156V44.6953C36.7871%2042.9785%2045%2033.7031%2045%2022.5Z%22%20fill%3D%22%231877F2%22%2F%3E%3Cpath%20d%3D%22M31.2012%2028.9746L32.2412%2022.5H26.0156V18.2432C26.0156%2016.4824%2026.9414%2014.7656%2029.7012%2014.7656H32.5049V9.19922C32.5049%209.19922%2029.9658%208.75977%2027.5391%208.75977C22.3828%208.75977%2019.0039%2011.8945%2019.0039%2017.5391V22.5H13.2861V28.9746H19.0039V44.6953C20.1562%2044.8984%2021.3203%2045%2022.5%2045C23.6797%2045%2024.8438%2044.8984%2026.0156%2044.6953V28.9746H31.2012Z%22%20fill%3D%22white%22%2F%3E%3C%2Fsvg%3E";async function Jj(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required authentication parameters");const i=Wt(e,t),r=new C$(n.client_id,n.client_secret,i),o=Ue();return{redirectUrl:r.createAuthorizationURL(o,n.scope?.split(" ")||["email"]).href,code:o}}async function Yj(e,t,n){const{options:i}=t;if(!i?.client_id||!i.client_secret)throw new Error("Missing required authentication parameters");const o=await new C$(i.client_id,i.client_secret,Wt(e,t)).validateAuthorizationCode(n),a=await fetch("https://graph.facebook.com/v22.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${o.accessToken()}`}});if(!a.ok)throw new Error("Failed to fetch user info");const c=await a.json();return e.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const Qj=Object.freeze(Object.defineProperty({__proto__:null,displayName:Gj,getRedirect:Jj,logoDataUri:Wj,validateAuthorizationCodeAndGetUser:Yj},Symbol.toStringTag,{value:"Module"})),Zj="Google",Xj=!0,eR="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M44.1035%2023.0123C44.1054%2021.4791%2043.9758%2019.9486%2043.716%2018.4375H22.498V27.1028H34.6507C34.4021%2028.4868%2033.8757%2029.8061%2033.1034%2030.9812C32.3311%2032.1562%2031.3289%2033.1628%2030.1571%2033.9401V39.5649H37.41C41.6567%2035.6494%2044.1035%2029.859%2044.1035%2023.0123Z%22%20fill%3D%22%234285F4%22%2F%3E%3Cpath%20d%3D%22M22.4982%2044.9997C28.5698%2044.9997%2033.6821%2043.0061%2037.4101%2039.5687L30.1573%2033.9439C28.1386%2035.3126%2025.5387%2036.0938%2022.4982%2036.0938C16.6296%2036.0938%2011.6485%2032.1377%209.86736%2026.8066H2.39575V32.6033C4.26839%2036.3297%207.13989%2039.4622%2010.6896%2041.6512C14.2394%2043.8402%2018.3277%2044.9995%2022.4982%2044.9997Z%22%20fill%3D%22%2334A853%22%2F%3E%3Cpath%20d%3D%22M9.86737%2026.8073C8.92572%2024.0138%208.92572%2020.9886%209.86737%2018.1951V12.3984H2.39576C0.820432%2015.5332%200%2018.9929%200%2022.5012C0%2026.0095%200.820432%2029.4692%202.39576%2032.604L9.86737%2026.8073Z%22%20fill%3D%22%23FBBC04%22%2F%3E%3Cpath%20d%3D%22M22.4982%208.90741C25.7068%208.85499%2028.8071%2010.0673%2031.1291%2012.2823L37.5507%205.86064C33.4788%202.03602%2028.0843%20-0.0637686%2022.4982%200.00147616C18.3277%200.00166623%2014.2394%201.16098%2010.6896%203.34999C7.13989%205.539%204.26839%208.67155%202.39575%2012.3979L9.86736%2018.1946C11.6485%2012.8635%2016.6296%208.90741%2022.4982%208.90741Z%22%20fill%3D%22%23EA4335%22%2F%3E%3C%2Fsvg%3E";async function tR(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required Google authentication parameters");const i=Wt(e,t),r=new $$(n.client_id,n.client_secret,i),o=Ue(),a=mh();return{redirectUrl:r.createAuthorizationURL(o,a,n.scope?.split(" ")??["email","profile"]).href,code:o,codeVerifier:a}}async function nR(e,t,n,i){const{options:r}=t;if(!r?.client_id||!r.client_secret||!i)throw new Error("Missing required authentication parameters");const a=await new $$(r.client_id,r.client_secret,Wt(e,t)).validateAuthorizationCode(n,i),c=Nd(a.idToken());if(!c)throw new Error("Invalid ID token");const l=dc.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const iR=Object.freeze(Object.defineProperty({__proto__:null,disableEmbeddedBrowsers:Xj,displayName:Zj,getRedirect:tR,logoDataUri:eR,validateAuthorizationCodeAndGetUser:nR},Symbol.toStringTag,{value:"Module"}));class U extends z{constructor(t,n){super(t,{message:JSON.stringify(n),res:new Response(JSON.stringify(n),{status:t,headers:{"Content-Type":"application/json"}})})}}const rR="Vipps",oR="data:image/svg+xml,%3Csvg%20version%3D%221.1%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%2048%2048%22%20width%3D%2245%22%20height%3D%2245%22%3E%3Cpath%20fill%3D%22%23FF5B24%22%20d%3D%22M3.5%2C8h41c1.9%2C0%2C3.5%2C1.6%2C3.5%2C3.5v25c0%2C1.9-1.6%2C3.5-3.5%2C3.5h-41C1.6%2C40%2C0%2C38.4%2C0%2C36.5v-25C0%2C9.6%2C1.6%2C8%2C3.5%2C8z%22%2F%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20fill%3D%22%23FFFFFF%22%20d%3D%22M27.9%2C20.3c1.4%2C0%2C2.6-1%2C2.6-2.5h0c0-1.5-1.2-2.5-2.6-2.5c-1.4%2C0-2.6%2C1-2.6%2C2.5C25.3%2C19.2%2C26.5%2C20.3%2C27.9%2C20.3z%20M31.2%2C24.4c-1.7%2C2.2-3.5%2C3.8-6.7%2C3.8h0c-3.2%2C0-5.8-2-7.7-4.8c-0.8-1.2-2-1.4-2.9-0.8c-0.8%2C0.6-1%2C1.8-0.3%2C2.9%20c2.7%2C4.1%2C6.5%2C6.6%2C10.9%2C6.6c4%2C0%2C7.2-2%2C9.6-5.2c0.9-1.2%2C0.9-2.5%2C0-3.1C33.3%2C22.9%2C32.1%2C23.2%2C31.2%2C24.4z%22%2F%3E%3C%2Fsvg%3E";async function sR(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required authentication parameters");const i=new vs(n.client_id,n.client_secret,Wt(e,t)),r=Ue(),o=i.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",r,n.scope?.split(" ")||["openid","email","phoneNumber","name","address","birthDate"]);return o.searchParams.set("response_type","code"),o.searchParams.set("response_mode","query"),{redirectUrl:o.href,code:r}}async function aR(e,t,n){const{options:i}=t;if(!i?.client_id||!i.client_secret)throw new Error("Missing required authentication parameters");const o=await new vs(i.client_id,i.client_secret,Wt(e,t)).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",n,null),a=Nd(o.idToken());if(!a)throw new Error("Invalid ID token");const c=dc.parse(a.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${o.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new U(400,{message:"Failed to get user from vipps"});return await l.json()}const cR=Object.freeze(Object.defineProperty({__proto__:null,displayName:rR,getRedirect:sR,logoDataUri:oR,validateAuthorizationCodeAndGetUser:aR},Symbol.toStringTag,{value:"Module"})),lR="GitHub",dR="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M22.5%200C10.074%200%200%2010.335%200%2023.077C0%2033.266%206.444%2041.895%2015.39%2044.955C16.515%2045.165%2016.935%2044.46%2016.935%2043.857C16.935%2043.32%2016.92%2041.865%2016.905%2039.99C10.65%2041.355%209.33%2036.99%209.33%2036.99C8.31%2034.32%206.825%2033.615%206.825%2033.615C4.77%2032.205%206.975%2032.235%206.975%2032.235C9.24%2032.385%2010.425%2034.59%2010.425%2034.59C12.45%2038.13%2015.75%2037.125%2017.01%2036.555C17.22%2035.07%2017.82%2034.065%2018.48%2033.51C13.455%2032.94%208.19%2030.93%208.19%2022.035C8.19%2019.5%209.075%2017.43%2010.47%2015.81C10.23%2015.24%209.435%2012.87%2010.695%209.66C10.695%209.66%2012.585%209.045%2016.875%2012.06C18.675%2011.565%2020.595%2011.31%2022.5%2011.31C24.405%2011.31%2026.325%2011.565%2028.125%2012.06C32.415%209.045%2034.305%209.66%2034.305%209.66C35.565%2012.87%2034.77%2015.24%2034.53%2015.81C35.925%2017.43%2036.81%2019.5%2036.81%2022.035C36.81%2030.96%2031.53%2032.925%2026.49%2033.48C27.33%2034.2%2028.095%2035.625%2028.095%2037.815C28.095%2040.95%2028.065%2043.47%2028.065%2043.857C28.065%2044.46%2028.485%2045.18%2029.625%2044.955C38.571%2041.88%2045%2033.252%2045%2023.077C45%2010.335%2034.926%200%2022.5%200Z%22%20fill%3D%22%23181717%22%2F%3E%3C%2Fsvg%3E";async function uR(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required GitHub authentication parameters");const i=Wt(e,t),r=new T$(n.client_id,n.client_secret,i),o=Ue();return{redirectUrl:r.createAuthorizationURL(o,n.scope?.split(" ")||["user:email"]).href,code:o}}async function pR(e,t,n){const{options:i}=t;if(!i?.client_id||!i.client_secret)throw new Error("Missing required authentication parameters");const o=await new T$(i.client_id,i.client_secret,Wt(e,t)).validateAuthorizationCode(n),a=await fetch("https://api.github.com/user",{headers:{Authorization:`Bearer ${o.accessToken()}`,"User-Agent":"AuthHero"}});if(!a.ok)throw new Error("Failed to fetch user info");const c=await a.json(),l=await fetch("https://api.github.com/user/emails",{headers:{Authorization:`Bearer ${o.accessToken()}`,"User-Agent":"AuthHero"}});let d=c.email;if(l.ok){const u=await l.json(),p=u.find(f=>f.primary&&f.verified)||u.find(f=>f.verified);p&&(d=p.email)}return e.set("log",`GitHub user: ${JSON.stringify(c)}`),{sub:c.id.toString(),email:d,name:c.name,given_name:c.name?.split(" ")[0],family_name:c.name?.split(" ").slice(1).join(" "),picture:c.avatar_url}}const fR=Object.freeze(Object.defineProperty({__proto__:null,displayName:lR,getRedirect:uR,logoDataUri:dR,validateAuthorizationCodeAndGetUser:pR},Symbol.toStringTag,{value:"Module"})),hR="Microsoft",gR="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20fill%3D%22%23F25022%22%20d%3D%22M0%200H21.43V21.43H0V0Z%22%2F%3E%3Cpath%20fill%3D%22%237FBA00%22%20d%3D%22M23.57%200H45V21.43H23.57V0Z%22%2F%3E%3Cpath%20fill%3D%22%2300A4EF%22%20d%3D%22M0%2023.57H21.43V45H0V23.57Z%22%2F%3E%3Cpath%20fill%3D%22%23FFB900%22%20d%3D%22M23.57%2023.57H45V45H23.57V23.57Z%22%2F%3E%3C%2Fsvg%3E";async function mR(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required Microsoft authentication parameters");const i=Wt(e,t),r=n.realms||"common",o=new I$(r,n.client_id,n.client_secret,i),a=Ue(),c=mh();return{redirectUrl:o.createAuthorizationURL(a,c,n.scope?.split(" ")||["openid","profile","email"]).href,code:a,codeVerifier:c}}async function yR(e,t,n,i){const{options:r}=t;if(!r?.client_id||!r.client_secret||!i)throw new Error("Missing required authentication parameters");const o=r.realms||"common",c=await new I$(o,r.client_id,r.client_secret,Wt(e,t)).validateAuthorizationCode(n,i),l=Nd(c.idToken());if(!l)throw new Error("Invalid ID token");const d=dc.parse(l.payload);return e.set("log",`Microsoft user: ${JSON.stringify(d)}`),{sub:d.sub,email:d.email,given_name:d.given_name,family_name:d.family_name,name:d.name,picture:d.picture}}const _R=Object.freeze(Object.defineProperty({__proto__:null,displayName:hR,getRedirect:mR,logoDataUri:gR,validateAuthorizationCodeAndGetUser:yR},Symbol.toStringTag,{value:"Module"})),wR="OpenID Connect",bR="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M22.5%200C10.074%200%200%2010.074%200%2022.5S10.074%2045%2022.5%2045%2045%2034.926%2045%2022.5%2034.926%200%2022.5%200zm0%2040.5c-9.941%200-18-8.059-18-18s8.059-18%2018-18%2018%208.059%2018%2018-8.059%2018-18%2018z%22%20fill%3D%22%23F7931E%22%2F%3E%3Cpath%20d%3D%22M22.5%209c-7.456%200-13.5%206.044-13.5%2013.5S15.044%2036%2022.5%2036%2036%2029.956%2036%2022.5%2029.956%209%2022.5%209zm0%2022.5c-4.971%200-9-4.029-9-9s4.029-9%209-9%209%204.029%209%209-4.029%209-9%209z%22%20fill%3D%22%23F7931E%22%2F%3E%3C%2Fsvg%3E";async function vR(e,t){const{options:n}=t;if(!n?.client_id||!n.authorization_endpoint)throw new Error("Missing required OIDC authentication parameters");const i=Wt(e,t),r=new vs(n.client_id,n.client_secret||null,i),o=E$(),a=mh(),c=n.scope?.split(" ")??["openid","profile","email"];return{redirectUrl:r.createAuthorizationURLWithPKCE(n.authorization_endpoint,o,ts.S256,a,c).href,code:o,codeVerifier:a}}async function AR(e,t,n,i){const{options:r}=t;if(!r?.client_id||!r.token_endpoint)throw new Error("Missing required OIDC authentication parameters");const o=Wt(e,t),c=await new vs(r.client_id,r.client_secret||null,o).validateAuthorizationCode(r.token_endpoint,n,i||null);if(c.data.id_token){const d=Nd(c.idToken());if(d?.payload){const u=dc.passthrough().parse(d.payload);return{sub:u.sub,email:u.email,given_name:u.given_name,family_name:u.family_name,name:u.name}}}if(r.userinfo_endpoint){const d=await fetch(r.userinfo_endpoint,{headers:{Authorization:`Bearer ${c.accessToken()}`}});if(!d.ok)throw new Error("Failed to fetch user info");const u=await d.json();if(!u.sub)throw new Error("Unable to get user identifier: userinfo response missing sub");return{sub:u.sub,email:u.email,given_name:u.given_name,family_name:u.family_name,name:u.name}}throw new Error("Unable to get user information: no ID token or userinfo endpoint")}const kR=Object.freeze(Object.defineProperty({__proto__:null,displayName:wR,getRedirect:vR,logoDataUri:bR,validateAuthorizationCodeAndGetUser:AR},Symbol.toStringTag,{value:"Module"})),SR="OAuth 2.0",ER="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M22.5%200C14.492%200%208%206.492%208%2014.5V18H5v22h35V18h-3v-3.5C37%206.492%2030.508%200%2022.5%200zm0%204c5.799%200%2010.5%204.701%2010.5%2010.5V18h-21v-3.5C12%208.701%2016.701%204%2022.5%204z%22%20fill%3D%22%236B7280%22%2F%3E%3Ccircle%20cx%3D%2222.5%22%20cy%3D%2229%22%20r%3D%223%22%20fill%3D%22%236B7280%22%2F%3E%3C%2Fsvg%3E";async function xR(e,t){const{options:n}=t;if(!n?.client_id||!n.authorization_endpoint)throw new Error("Missing required OAuth2 authentication parameters");const i=Wt(e,t),r=new vs(n.client_id,n.client_secret||null,i),o=E$(),a=mh(),c=n.scope?.split(" ")??[];return{redirectUrl:r.createAuthorizationURLWithPKCE(n.authorization_endpoint,o,ts.S256,a,c).href,code:o,codeVerifier:a}}async function CR(e,t,n,i){const{options:r}=t;if(!r?.client_id||!r.token_endpoint)throw new Error("Missing required authentication parameters");const o=Wt(e,t),c=await new vs(r.client_id,r.client_secret||null,o).validateAuthorizationCode(r.token_endpoint,n,i||null);if(!r.userinfo_endpoint)throw new Error("Missing userinfo_endpoint for OAuth2 provider");const l=await fetch(r.userinfo_endpoint,{headers:{Authorization:`Bearer ${c.accessToken()}`}});if(!l.ok)throw new Error("Failed to fetch user info");const d=await l.json(),u=d.sub||d.id||d.user_id;if(!u)throw new Error("Unable to get user identifier: response missing sub, id, or user_id");return{sub:u,email:d.email,given_name:d.given_name||d.first_name,family_name:d.family_name||d.last_name,name:d.name||`${d.given_name||d.first_name||""} ${d.family_name||d.last_name||""}`.trim()}}const TR=Object.freeze(Object.defineProperty({__proto__:null,displayName:SR,getRedirect:xR,logoDataUri:ER,validateAuthorizationCodeAndGetUser:CR},Symbol.toStringTag,{value:"Module"}));function Dn(e,t){return t?`https://${t}/`:e.ISSUER}function Fn(e,t){return t?`https://${t}/u/`:e.UNIVERSAL_LOGIN_URL||`${e.ISSUER}u/`}function ti(e,t){return t?`https://${t}/`:e.OAUTH_API_URL||e.ISSUER}function Wt(e,t){return t.options?.callback_url??`${ti(e.env)}callback`}const Fd={[W.APPLE]:Kj,[W.FACEBOOK]:Qj,[W.GOOGLE_OAUTH2]:iR,[W.VIPPS]:cR,[W.GITHUB]:fR,[W.MICROSOFT]:_R,[W.OIDC]:kR,[W.OAUTH2]:TR};function j$(e,t){const n=e.env.STRATEGIES||{},r={...Fd,...n}[t];if(!r)throw new Error(`Strategy ${t} not found`);return r}const R$=new Set([W.OIDC,W.SAMLP,W.WAAD,W.ADFS,W.OAUTH2]);function D$(e){return R$.has(e.strategy)?e.name:e.strategy}const $R="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20x%3D%225%22%20y%3D%2210%22%20width%3D%2235%22%20height%3D%2225%22%20rx%3D%223%22%20fill%3D%22none%22%20stroke%3D%22%23666%22%20stroke-width%3D%222%22%2F%3E%3Cpath%20d%3D%22M5%2013l17.5%2012L40%2013%22%20fill%3D%22none%22%20stroke%3D%22%23666%22%20stroke-width%3D%222%22%20stroke-linejoin%3D%22round%22%2F%3E%3C%2Fsvg%3E";function _y(e){return e.options?.icon_url?e.options.icon_url:e.strategy===W.EMAIL||e.strategy===W.SMS?$R:Fd[e.strategy]?.logoDataUri}const wh="auth2",ab="auth0";async function uc(e,t){return e.usernamePasswordProvider?e.usernamePasswordProvider({tenant_id:t}):wh}function Up(e){return e===wh||e===ab}async function lo({env:e,tenant_id:t,username:n}){const i=await hy({userAdapter:e.data.users,tenant_id:t,username:n,provider:wh});return i||hy({userAdapter:e.data.users,tenant_id:t,username:n,provider:ab})}async function ur({env:e,tenant_id:t,username:n}){const i=await dr({userAdapter:e.data.users,tenant_id:t,username:n,provider:wh});return i||dr({userAdapter:e.data.users,tenant_id:t,username:n,provider:ab})}async function B$(e,t){const{client:n,username:i,connection:r,ip:o}=t,a=await lo({env:e.env,tenant_id:n.tenant.id,username:i});if(a)return a;const c=await uc(e.env,n.tenant.id);return gh(e,{client:n,username:i,provider:c,connection:r,isSocial:!1,ip:o})}const IR=["email","email_verified","phone_number","phone_verified","username"];function v2(e){const t={connection:e.connection,provider:e.provider,user_id:fy(e.user_id),isSocial:e.is_social};for(const n of IR)e[n]!==void 0&&e[n]!==null&&(t[n]=e[n]);return t}const A2=Et.extend({users:s.z.array(zn)}),zR=Et.extend({sessions:s.z.array(uh)}),PR=Et.extend({logs:s.z.array($a)}),NR=Et.extend({organizations:s.z.array(Br)}),wy=s.z.object({client_id:s.z.string(),name:s.z.string(),logo_uri:s.z.string().optional(),registration_type:s.z.enum(["manual","open_dcr","iat_dcr"]).optional(),registration_metadata:s.z.record(s.z.any()).optional(),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),FR=Et.extend({connected_clients:s.z.array(wy)}),OR=new s.OpenAPIHono().openapi(s.createRoute({tags:["users"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(zn),A2])}},description:"List of users"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query");if(o?.includes("identities.profileData.email")){const d=o.split("=")[1],p=(await e.env.data.users.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,q:`email:${d}`})).users.filter(g=>g.linked_to),[f]=p;if(!f)return e.json([]);const h=await e.env.data.users.get(e.var.tenant_id,f.linked_to);if(!h)throw new z(500,{message:"Primary account not found"});return e.json([zn.parse(h)])}const a=["-_exists_:linked_to"];o&&a.push(o);const c=await e.env.data.users.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:a.join(" ")}),l=c.users.filter(d=>!d.linked_to);return i?e.json(A2.parse({users:l,length:c.length,start:c.start,limit:c.limit})):e.json(s.z.array(zn).parse(l))}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:zn}},description:"List of users"}}}),async e=>{const{user_id:t}=e.req.valid("param"),n=await e.env.data.users.get(e.var.tenant_id,t);if(!n)throw new z(404);if(n.linked_to)throw new z(404,{message:"User is linked to another user"});return e.json(zn.parse(n))}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["delete:users","auth:write"]}],responses:{204:{description:"Status"}}}),async e=>{const{user_id:t}=e.req.valid("param"),n=await e.env.data.users.get(e.var.tenant_id,t);if(!await e.env.data.users.remove(e.var.tenant_id,t))throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a User",beforeState:n??void 0,targetType:"user",targetId:t,response:{statusCode:204,body:{}}}),e.body(null,204)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({...wp.shape,password:s.z.string().optional()})}}}},security:[{Bearer:["create:users","auth:write"]}],responses:{201:{content:{"application/json":{schema:zn}},description:"Status"}}}),async e=>{const t=e.req.valid("json");e.set("body",t);const{email:n,phone_number:i,name:r,linked_to:o,email_verified:a,provider:c,connection:l,password:d}=t,u=await e.env.data.connections.get(e.var.tenant_id,l),p=u?D$(u):c||l,f=t.user_id,h=f?fy(f):ao(),g=`${p}|${h}`;try{let m;d&&(m=await Pa(d));const _={email:n,user_id:g,name:r||n||i,phone_number:i,provider:p,connection:l,linked_to:o??void 0,email_verified:a||!1,last_ip:"",is_social:!1,last_login:new Date().toISOString(),...m&&{password:m}},y=await e.env.data.users.create(e.var.tenant_id,_);e.set("user_id",y.user_id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"User created",afterState:y,targetType:"user",targetId:y.user_id});const w=y.identities?y:{...y,identities:[v2(y)]};return e.json(zn.parse(w),{status:201})}catch(m){throw m.message==="User already exists"?new z(409,{message:"User already exists"}):m}}).openapi(s.createRoute({tags:["users"],method:"patch",path:"/{user_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({...wp.shape,verify_email:s.z.boolean(),password:s.z.string()}).partial()}}},params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["update:users","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{data:t}=e.env,n=e.req.valid("json"),{user_id:i}=e.req.valid("param"),{verify_email:r,password:o,connection:a,...c}=n,l=await t.users.get(e.var.tenant_id,i);if(!l)throw new z(404);if(l.linked_to)throw new z(404,{message:"User is linked to another user"});let d=i,u=l;if(a){const f=a===W.USERNAME_PASSWORD,h=y=>f?Up(y.provider):y.connection===a,m=f&&l.provider==="auth0"?await t.users.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1,q:`linked_to:${i}`}):null,_=m?.users.find(y=>y.provider==="auth2"&&h(y));if(_)d=_.user_id,u=_;else if(h(l))d=i,u=l;else{const w=(m??await t.users.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1,q:`linked_to:${i}`})).users.find(h);if(!w)throw new z(404,{message:`No identity found with connection: ${a}`});d=w.user_id,u=w}}if(c.email&&c.email!==u.email){const f=await eb(e.env.data.users,e.var.tenant_id,c.email);if(f.length&&f.some(h=>h.user_id!==d))throw new z(409,{message:"Another user with the same email address already exists."})}if(c.phone_number&&c.phone_number!==u.phone_number){const{users:f}=await t.users.list(e.var.tenant_id,{page:0,per_page:10,include_totals:!1,q:`phone_number:${c.phone_number}`});if(f.some(h=>h.user_id!==d))throw new z(409,{message:"Another user with the same phone number already exists."})}if(await e.env.data.users.update(e.var.tenant_id,d,c),o){let f;if(a)if(a===W.USERNAME_PASSWORD)f={provider:u.provider,user_id:fy(d)};else throw new z(400,{message:`Cannot set password for connection: ${a}`});else if(f=l.identities?.find(y=>y.connection===W.USERNAME_PASSWORD&&y.provider==="auth2")??l.identities?.find(y=>Up(y.provider))??l.identities?.find(y=>y.connection===W.USERNAME_PASSWORD),!f)throw new z(400,{message:"User does not have a password identity"});const h=`${f.provider}|${f.user_id}`,g=await t.passwords.get(e.var.tenant_id,h);g&&await t.passwords.update(e.var.tenant_id,{id:g.id,user_id:h,password:g.password,algorithm:g.algorithm,is_current:!1});const{hash:m,algorithm:_}=await Pa(o);await t.passwords.create(e.var.tenant_id,{user_id:h,password:m,algorithm:_,is_current:!0})}const p=await e.env.data.users.get(e.var.tenant_id,i);if(!p)throw new z(500);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a User",beforeState:l,afterState:p,targetType:"user",targetId:i,body:n,response:{statusCode:200,body:p}}),e.json(zn.parse(p))}).openapi(s.createRoute({tags:["users"],method:"post",path:"/{user_id}/identities",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.union([s.z.object({link_with:s.z.string()}),s.z.object({user_id:s.z.string(),provider:s.z.string(),connection:s.z.string().optional()})])}}},params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:s.z.array(_p)}},description:"Status"}}}),async e=>{const t=e.req.valid("json"),{user_id:n}=e.req.valid("param"),i="link_with"in t?t.link_with:t.user_id,r=await e.env.data.users.get(e.var.tenant_id,n);if(!r)throw new z(400,{message:"Linking an inexistent identity is not allowed."});await e.env.data.users.update(e.var.tenant_id,i,{linked_to:n});const o=await e.env.data.users.list(e.var.tenant_id,{page:0,per_page:10,include_totals:!1,q:`linked_to:${n}`}),a=[r,...o.users].map(v2);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Link a user identity",targetType:"identity",targetId:n}),e.json(s.z.array(_p).parse(a),{status:201})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}/identities/{provider}/{linked_user_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string(),provider:s.z.string(),linked_user_id:s.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:s.z.array(zn)}},description:"Status"}}}),async e=>{const{user_id:t,provider:n,linked_user_id:i}=e.req.valid("param");await e.env.data.users.unlink(e.var.tenant_id,t,n,i);const r=await e.env.data.users.get(e.var.tenant_id,t);if(!r)throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Unlink a user identity",targetType:"identity",targetId:t}),e.json([zn.parse(r)])}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/connected-clients",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["read:clients","read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(wy),FR])}},description:"List of clients connected to this user (created via IAT-gated DCR)."}}}),async e=>{const{user_id:t}=e.req.valid("param"),{include_totals:n,page:i,per_page:r}=e.req.valid("query"),o=await e.env.data.clients.list(e.var.tenant_id,{page:i,per_page:r,include_totals:n,q:`owner_user_id:"${t}"`}),a=o.clients.filter(c=>c.client_metadata?.status!=="deleted").map(c=>wy.parse(c));return n?e.json({connected_clients:a,start:o.totals?.start??0,limit:o.totals?.limit??0,length:a.length}):e.json(a)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/sessions",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(uh),zR])}},description:"List of sessions"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{include_totals:n,page:i,per_page:r}=e.req.valid("query"),o=await e.env.data.sessions.list(e.var.tenant_id,{page:i,per_page:r,include_totals:n,q:`user_id:${t}`});return n?e.json(o):e.json(o.sessions)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/logs",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["read:logs","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array($a),PR])}},description:"List of logs across the user and any linked accounts"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{include_totals:n,page:i,per_page:r,sort:o}=e.req.valid("query"),a=await e.env.data.users.get(e.var.tenant_id,t);if(!a||a.linked_to)throw new z(404);const c=await e.env.data.users.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1,q:`linked_to:${t}`}),d=[t,...c.users.map(p=>p.user_id)].map(p=>`user_id:"${p}"`).join(" OR "),u=await e.env.data.logs.list(e.var.tenant_id,{page:i,per_page:r,include_totals:n,sort:kt(o),q:d});return n?e.json(u):e.json(u.logs)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/permissions",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:ct},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:cC}},description:"User permissions"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{page:n,per_page:i,sort:r,q:o}=e.req.valid("query");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});const c=await e.env.data.userPermissions.list(e.var.tenant_id,t,{page:n,per_page:i,include_totals:!1,sort:kt(r),q:o});return e.json(c)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/{user_id}/permissions",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{201:{description:"Permissions assigned to user"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});for(const r of n)if(!await e.env.data.userPermissions.create(e.var.tenant_id,t,{user_id:t,resource_server_identifier:r.resource_server_identifier,permission_name:r.permission_name}))throw new z(500,{message:"Failed to assign permissions to user"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Assign permissions to a user",targetType:"user_permission",targetId:t}),e.json({message:"Permissions assigned successfully"},{status:201})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}/permissions",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{200:{description:"Permissions removed from user"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});for(const r of n)if(!await e.env.data.userPermissions.remove(e.var.tenant_id,t,r))throw new z(500,{message:"Failed to remove permissions from user"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove permissions from a user",targetType:"user_permission",targetId:t}),e.json({message:"Permissions removed successfully"})}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/roles",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:$p}},description:"User roles"}}}),async e=>{const{user_id:t}=e.req.valid("param");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});const i=await e.env.data.userRoles.list(e.var.tenant_id,t,void 0,"");return e.json(i)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/{user_id}/roles",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string())})}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{201:{description:"Roles assigned to user"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{roles:n}=e.req.valid("json");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});for(const r of n)if(!await e.env.data.userRoles.create(e.var.tenant_id,t,r,""))throw new z(500,{message:"Failed to assign roles to user"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Assign roles to a user",targetType:"user_role",targetId:t}),e.json({message:"Roles assigned successfully"},{status:201})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}/roles",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string())})}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{200:{description:"Roles removed from user"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{roles:n}=e.req.valid("json");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});for(const r of n)if(!await e.env.data.userRoles.remove(e.var.tenant_id,t,r,""))throw new z(500,{message:"Failed to remove roles from user"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove roles from a user",targetType:"user_role",targetId:t}),e.json({message:"Roles removed successfully"})}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/organizations",request:{params:s.z.object({user_id:s.z.string()}),query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([NR,s.z.array(Br)])}},description:"List of user organizations"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o}=e.req.valid("query");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});const c=await e.env.data.userOrganizations.listUserOrganizations(e.var.tenant_id,t,{page:n,per_page:i,sort:kt(o)});return r?e.json({organizations:c.organizations,start:c.start,limit:c.limit,length:c.length}):e.json(c.organizations)}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}/organizations/{organization_id}",request:{params:s.z.object({user_id:s.z.string(),organization_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:users","auth:write"]}],responses:{200:{description:"User removed from organization successfully"}}}),async e=>{const{user_id:t,organization_id:n}=e.req.valid("param");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});const o=(await e.env.data.userOrganizations.list(e.var.tenant_id,{q:`user_id:${t}`,per_page:100})).userOrganizations.find(a=>a.organization_id===n);if(!o)throw new z(404,{message:"User is not a member of this organization"});return await e.env.data.userOrganizations.remove(e.var.tenant_id,o.id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove a user from an organization",targetType:"user_organization",targetId:t}),e.json({message:"User removed from organization successfully"})});var k2=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function cb(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function jR(e){if(Object.prototype.hasOwnProperty.call(e,"__esModule"))return e;var t=e.default;if(typeof t=="function"){var n=function i(){var r=!1;try{r=this instanceof i}catch{}return r?Reflect.construct(t,arguments,this.constructor):t.apply(this,arguments)};n.prototype=t.prototype}else n={};return Object.defineProperty(n,"__esModule",{value:!0}),Object.keys(e).forEach(function(i){var r=Object.getOwnPropertyDescriptor(e,i);Object.defineProperty(n,i,r.get?r:{enumerable:!0,get:function(){return e[i]}})}),n}var S2={};var E2;function RR(){if(E2)return S2;E2=1;var e;return(function(t){(function(n){var i=typeof globalThis=="object"?globalThis:typeof k2=="object"?k2:typeof self=="object"?self:typeof this=="object"?this:l(),r=o(t);typeof i.Reflect<"u"&&(r=o(i.Reflect,r)),n(r,i),typeof i.Reflect>"u"&&(i.Reflect=t);function o(d,u){return function(p,f){Object.defineProperty(d,p,{configurable:!0,writable:!0,value:f}),u&&u(p,f)}}function a(){try{return Function("return this;")()}catch{}}function c(){try{return(0,eval)("(function() { return this; })()")}catch{}}function l(){return a()||c()}})(function(n,i){var r=Object.prototype.hasOwnProperty,o=typeof Symbol=="function",a=o&&typeof Symbol.toPrimitive<"u"?Symbol.toPrimitive:"@@toPrimitive",c=o&&typeof Symbol.iterator<"u"?Symbol.iterator:"@@iterator",l=typeof Object.create=="function",d={__proto__:[]}instanceof Array,u=!l&&!d,p={create:l?function(){return qg(Object.create(null))}:d?function(){return qg({__proto__:null})}:function(){return qg({})},has:u?function(M,q){return r.call(M,q)}:function(M,q){return q in M},get:u?function(M,q){return r.call(M,q)?M[q]:void 0}:function(M,q){return M[q]}},f=Object.getPrototypeOf(Function),h=typeof Map=="function"&&typeof Map.prototype.entries=="function"?Map:wu(),g=typeof Set=="function"&&typeof Set.prototype.entries=="function"?Set:Ug(),m=typeof WeakMap=="function"?WeakMap:aN(),_=o?Symbol.for("@reflect-metadata:registry"):void 0,y=Ki(),w=Kn(y);function b(M,q,J,se){if(G(J)){if(!oe(M))throw new TypeError;if(!we(q))throw new TypeError;return N(M,q)}else{if(!oe(M))throw new TypeError;if(!re(q))throw new TypeError;if(!re(se)&&!G(se)&&!Ne(se))throw new TypeError;return Ne(se)&&(se=void 0),J=H(J),D(M,q,J,se)}}n("decorate",b);function A(M,q){function J(se,ke){if(!re(se))throw new TypeError;if(!G(ke)&&!Xe(ke))throw new TypeError;Q(M,q,se,ke)}return J}n("metadata",A);function v(M,q,J,se){if(!re(J))throw new TypeError;return G(se)||(se=H(se)),Q(M,q,J,se)}n("defineMetadata",v);function k(M,q,J){if(!re(q))throw new TypeError;return G(J)||(J=H(J)),B(M,q,J)}n("hasMetadata",k);function x(M,q,J){if(!re(q))throw new TypeError;return G(J)||(J=H(J)),V(M,q,J)}n("hasOwnMetadata",x);function T(M,q,J){if(!re(q))throw new TypeError;return G(J)||(J=H(J)),Z(M,q,J)}n("getMetadata",T);function I(M,q,J){if(!re(q))throw new TypeError;return G(J)||(J=H(J)),te(M,q,J)}n("getOwnMetadata",I);function F(M,q){if(!re(M))throw new TypeError;return G(q)||(q=H(q)),ie(M,q)}n("getMetadataKeys",F);function $(M,q){if(!re(M))throw new TypeError;return G(q)||(q=H(q)),me(M,q)}n("getOwnMetadataKeys",$);function P(M,q,J){if(!re(q))throw new TypeError;if(G(J)||(J=H(J)),!re(q))throw new TypeError;G(J)||(J=H(J));var se=mo(q,J,!1);return G(se)?!1:se.OrdinaryDeleteMetadata(M,q,J)}n("deleteMetadata",P);function N(M,q){for(var J=M.length-1;J>=0;--J){var se=M[J],ke=se(q);if(!G(ke)&&!Ne(ke)){if(!we(ke))throw new TypeError;q=ke}}return q}function D(M,q,J,se){for(var ke=M.length-1;ke>=0;--ke){var It=M[ke],xt=It(q,J,se);if(!G(xt)&&!Ne(xt)){if(!re(xt))throw new TypeError;se=xt}}return se}function B(M,q,J){var se=V(M,q,J);if(se)return!0;var ke=Me(q);return Ne(ke)?!1:B(M,ke,J)}function V(M,q,J){var se=mo(q,J,!1);return G(se)?!1:lt(se.OrdinaryHasOwnMetadata(M,q,J))}function Z(M,q,J){var se=V(M,q,J);if(se)return te(M,q,J);var ke=Me(q);if(!Ne(ke))return Z(M,ke,J)}function te(M,q,J){var se=mo(q,J,!1);if(!G(se))return se.OrdinaryGetOwnMetadata(M,q,J)}function Q(M,q,J,se){var ke=mo(J,se,!0);ke.OrdinaryDefineOwnMetadata(M,q,J,se)}function ie(M,q){var J=me(M,q),se=Me(M);if(se===null)return J;var ke=ie(se,q);if(ke.length<=0)return J;if(J.length<=0)return ke;for(var It=new g,xt=[],Re=0,ce=J;Re<ce.length;Re++){var fe=ce[Re],he=It.has(fe);he||(It.add(fe),xt.push(fe))}for(var _e=0,De=ke;_e<De.length;_e++){var fe=De[_e],he=It.has(fe);he||(It.add(fe),xt.push(fe))}return xt}function me(M,q){var J=mo(M,q,!1);return J?J.OrdinaryOwnMetadataKeys(M,q):[]}function Ae(M){if(M===null)return 1;switch(typeof M){case"undefined":return 0;case"boolean":return 2;case"string":return 3;case"symbol":return 4;case"number":return 5;case"object":return M===null?1:6;default:return 6}}function G(M){return M===void 0}function Ne(M){return M===null}function xe(M){return typeof M=="symbol"}function re(M){return typeof M=="object"?M!==null:typeof M=="function"}function $e(M,q){switch(Ae(M)){case 0:return M;case 1:return M;case 2:return M;case 3:return M;case 4:return M;case 5:return M}var J="string",se=Fs(M,a);if(se!==void 0){var ke=se.call(M,J);if(re(ke))throw new TypeError;return ke}return rt(M)}function rt(M,q){var J,se;{var ke=M.toString;if(K(ke)){var se=ke.call(M);if(!re(se))return se}var J=M.valueOf;if(K(J)){var se=J.call(M);if(!re(se))return se}}throw new TypeError}function lt(M){return!!M}function on(M){return""+M}function H(M){var q=$e(M);return xe(q)?q:on(q)}function oe(M){return Array.isArray?Array.isArray(M):M instanceof Object?M instanceof Array:Object.prototype.toString.call(M)==="[object Array]"}function K(M){return typeof M=="function"}function we(M){return typeof M=="function"}function Xe(M){switch(Ae(M)){case 3:return!0;case 4:return!0;default:return!1}}function st(M,q){return M===q||M!==M&&q!==q}function Fs(M,q){var J=M[q];if(J!=null){if(!K(J))throw new TypeError;return J}}function Os(M){var q=Fs(M,c);if(!K(q))throw new TypeError;var J=q.call(M);if(!re(J))throw new TypeError;return J}function Le(M){return M.value}function je(M){var q=M.next();return q.done?!1:q}function js(M){var q=M.return;q&&q.call(M)}function Me(M){var q=Object.getPrototypeOf(M);if(typeof M!="function"||M===f||q!==f)return q;var J=M.prototype,se=J&&Object.getPrototypeOf(J);if(se==null||se===Object.prototype)return q;var ke=se.constructor;return typeof ke!="function"||ke===M?q:ke}function Ve(){var M;!G(_)&&typeof i.Reflect<"u"&&!(_ in i.Reflect)&&typeof i.Reflect.defineMetadata=="function"&&(M=_n(i.Reflect));var q,J,se,ke=new m,It={registerProvider:xt,getProvider:ce,setProvider:he};return It;function xt(_e){if(!Object.isExtensible(It))throw new Error("Cannot add provider to a frozen registry.");switch(!0){case M===_e:break;case G(q):q=_e;break;case q===_e:break;case G(J):J=_e;break;case J===_e:break;default:se===void 0&&(se=new g),se.add(_e);break}}function Re(_e,De){if(!G(q)){if(q.isProviderFor(_e,De))return q;if(!G(J)){if(J.isProviderFor(_e,De))return q;if(!G(se))for(var tt=Os(se);;){var ft=je(tt);if(!ft)return;var Gn=Le(ft);if(Gn.isProviderFor(_e,De))return js(tt),Gn}}}if(!G(M)&&M.isProviderFor(_e,De))return M}function ce(_e,De){var tt=ke.get(_e),ft;return G(tt)||(ft=tt.get(De)),G(ft)&&(ft=Re(_e,De),G(ft)||(G(tt)&&(tt=new h,ke.set(_e,tt)),tt.set(De,ft))),ft}function fe(_e){if(G(_e))throw new TypeError;return q===_e||J===_e||!G(se)&&se.has(_e)}function he(_e,De,tt){if(!fe(tt))throw new Error("Metadata provider not registered.");var ft=ce(_e,De);if(ft!==tt){if(!G(ft))return!1;var Gn=ke.get(_e);G(Gn)&&(Gn=new h,ke.set(_e,Gn)),Gn.set(De,tt)}return!0}}function Ki(){var M;return!G(_)&&re(i.Reflect)&&Object.isExtensible(i.Reflect)&&(M=i.Reflect[_]),G(M)&&(M=Ve()),!G(_)&&re(i.Reflect)&&Object.isExtensible(i.Reflect)&&Object.defineProperty(i.Reflect,_,{enumerable:!1,configurable:!1,writable:!1,value:M}),M}function Kn(M){var q=new m,J={isProviderFor:function(fe,he){var _e=q.get(fe);return G(_e)?!1:_e.has(he)},OrdinaryDefineOwnMetadata:xt,OrdinaryHasOwnMetadata:ke,OrdinaryGetOwnMetadata:It,OrdinaryOwnMetadataKeys:Re,OrdinaryDeleteMetadata:ce};return y.registerProvider(J),J;function se(fe,he,_e){var De=q.get(fe),tt=!1;if(G(De)){if(!_e)return;De=new h,q.set(fe,De),tt=!0}var ft=De.get(he);if(G(ft)){if(!_e)return;if(ft=new h,De.set(he,ft),!M.setProvider(fe,he,J))throw De.delete(he),tt&&q.delete(fe),new Error("Wrong provider for target.")}return ft}function ke(fe,he,_e){var De=se(he,_e,!1);return G(De)?!1:lt(De.has(fe))}function It(fe,he,_e){var De=se(he,_e,!1);if(!G(De))return De.get(fe)}function xt(fe,he,_e,De){var tt=se(_e,De,!0);tt.set(fe,he)}function Re(fe,he){var _e=[],De=se(fe,he,!1);if(G(De))return _e;for(var tt=De.keys(),ft=Os(tt),Gn=0;;){var S1=je(ft);if(!S1)return _e.length=Gn,_e;var cN=Le(S1);try{_e[Gn]=cN}catch(lN){try{js(ft)}finally{throw lN}}Gn++}}function ce(fe,he,_e){var De=se(he,_e,!1);if(G(De)||!De.delete(fe))return!1;if(De.size===0){var tt=q.get(he);G(tt)||(tt.delete(_e),tt.size===0&&q.delete(tt))}return!0}}function _n(M){var q=M.defineMetadata,J=M.hasOwnMetadata,se=M.getOwnMetadata,ke=M.getOwnMetadataKeys,It=M.deleteMetadata,xt=new m,Re={isProviderFor:function(ce,fe){var he=xt.get(ce);return!G(he)&&he.has(fe)?!0:ke(ce,fe).length?(G(he)&&(he=new g,xt.set(ce,he)),he.add(fe),!0):!1},OrdinaryDefineOwnMetadata:q,OrdinaryHasOwnMetadata:J,OrdinaryGetOwnMetadata:se,OrdinaryOwnMetadataKeys:ke,OrdinaryDeleteMetadata:It};return Re}function mo(M,q,J){var se=y.getProvider(M,q);if(!G(se))return se;if(J){if(y.setProvider(M,q,w))return w;throw new Error("Illegal state.")}}function wu(){var M={},q=[],J=(function(){function Re(ce,fe,he){this._index=0,this._keys=ce,this._values=fe,this._selector=he}return Re.prototype["@@iterator"]=function(){return this},Re.prototype[c]=function(){return this},Re.prototype.next=function(){var ce=this._index;if(ce>=0&&ce<this._keys.length){var fe=this._selector(this._keys[ce],this._values[ce]);return ce+1>=this._keys.length?(this._index=-1,this._keys=q,this._values=q):this._index++,{value:fe,done:!1}}return{value:void 0,done:!0}},Re.prototype.throw=function(ce){throw this._index>=0&&(this._index=-1,this._keys=q,this._values=q),ce},Re.prototype.return=function(ce){return this._index>=0&&(this._index=-1,this._keys=q,this._values=q),{value:ce,done:!0}},Re})(),se=(function(){function Re(){this._keys=[],this._values=[],this._cacheKey=M,this._cacheIndex=-2}return Object.defineProperty(Re.prototype,"size",{get:function(){return this._keys.length},enumerable:!0,configurable:!0}),Re.prototype.has=function(ce){return this._find(ce,!1)>=0},Re.prototype.get=function(ce){var fe=this._find(ce,!1);return fe>=0?this._values[fe]:void 0},Re.prototype.set=function(ce,fe){var he=this._find(ce,!0);return this._values[he]=fe,this},Re.prototype.delete=function(ce){var fe=this._find(ce,!1);if(fe>=0){for(var he=this._keys.length,_e=fe+1;_e<he;_e++)this._keys[_e-1]=this._keys[_e],this._values[_e-1]=this._values[_e];return this._keys.length--,this._values.length--,st(ce,this._cacheKey)&&(this._cacheKey=M,this._cacheIndex=-2),!0}return!1},Re.prototype.clear=function(){this._keys.length=0,this._values.length=0,this._cacheKey=M,this._cacheIndex=-2},Re.prototype.keys=function(){return new J(this._keys,this._values,ke)},Re.prototype.values=function(){return new J(this._keys,this._values,It)},Re.prototype.entries=function(){return new J(this._keys,this._values,xt)},Re.prototype["@@iterator"]=function(){return this.entries()},Re.prototype[c]=function(){return this.entries()},Re.prototype._find=function(ce,fe){if(!st(this._cacheKey,ce)){this._cacheIndex=-1;for(var he=0;he<this._keys.length;he++)if(st(this._keys[he],ce)){this._cacheIndex=he;break}}return this._cacheIndex<0&&fe&&(this._cacheIndex=this._keys.length,this._keys.push(ce),this._values.push(void 0)),this._cacheIndex},Re})();return se;function ke(Re,ce){return Re}function It(Re,ce){return ce}function xt(Re,ce){return[Re,ce]}}function Ug(){var M=(function(){function q(){this._map=new h}return Object.defineProperty(q.prototype,"size",{get:function(){return this._map.size},enumerable:!0,configurable:!0}),q.prototype.has=function(J){return this._map.has(J)},q.prototype.add=function(J){return this._map.set(J,J),this},q.prototype.delete=function(J){return this._map.delete(J)},q.prototype.clear=function(){this._map.clear()},q.prototype.keys=function(){return this._map.keys()},q.prototype.values=function(){return this._map.keys()},q.prototype.entries=function(){return this._map.entries()},q.prototype["@@iterator"]=function(){return this.keys()},q.prototype[c]=function(){return this.keys()},q})();return M}function aN(){var M=16,q=p.create(),J=se();return(function(){function ce(){this._key=se()}return ce.prototype.has=function(fe){var he=ke(fe,!1);return he!==void 0?p.has(he,this._key):!1},ce.prototype.get=function(fe){var he=ke(fe,!1);return he!==void 0?p.get(he,this._key):void 0},ce.prototype.set=function(fe,he){var _e=ke(fe,!0);return _e[this._key]=he,this},ce.prototype.delete=function(fe){var he=ke(fe,!1);return he!==void 0?delete he[this._key]:!1},ce.prototype.clear=function(){this._key=se()},ce})();function se(){var ce;do ce="@@WeakMap@@"+Re();while(p.has(q,ce));return q[ce]=!0,ce}function ke(ce,fe){if(!r.call(ce,J)){if(!fe)return;Object.defineProperty(ce,J,{value:p.create()})}return ce[J]}function It(ce,fe){for(var he=0;he<fe;++he)ce[he]=Math.random()*255|0;return ce}function xt(ce){if(typeof Uint8Array=="function"){var fe=new Uint8Array(ce);return typeof crypto<"u"?crypto.getRandomValues(fe):typeof msCrypto<"u"?msCrypto.getRandomValues(fe):It(fe,ce),fe}return It(new Array(ce),ce)}function Re(){var ce=xt(M);ce[6]=ce[6]&79|64,ce[8]=ce[8]&191|128;for(var fe="",he=0;he<M;++he){var _e=ce[he];(he===4||he===6||he===8)&&(fe+="-"),_e<16&&(fe+="0"),fe+=_e.toString(16).toLowerCase()}return fe}}function qg(M){return M.__=void 0,delete M.__,M}})})(e||(e={})),S2}RR();const DR="[object ArrayBuffer]";class ae{static isArrayBuffer(t){return Object.prototype.toString.call(t)===DR}static toArrayBuffer(t){return this.isArrayBuffer(t)?t:t.byteLength===t.buffer.byteLength||t.byteOffset===0&&t.byteLength===t.buffer.byteLength?t.buffer:this.toUint8Array(t.buffer).slice(t.byteOffset,t.byteOffset+t.byteLength).buffer}static toUint8Array(t){return this.toView(t,Uint8Array)}static toView(t,n){if(t.constructor===n)return t;if(this.isArrayBuffer(t))return new n(t);if(this.isArrayBufferView(t))return new n(t.buffer,t.byteOffset,t.byteLength);throw new TypeError("The provided value is not of type '(ArrayBuffer or ArrayBufferView)'")}static isBufferSource(t){return this.isArrayBufferView(t)||this.isArrayBuffer(t)}static isArrayBufferView(t){return ArrayBuffer.isView(t)||t&&this.isArrayBuffer(t.buffer)}static isEqual(t,n){const i=ae.toUint8Array(t),r=ae.toUint8Array(n);if(i.length!==r.byteLength)return!1;for(let o=0;o<i.length;o++)if(i[o]!==r[o])return!1;return!0}static concat(...t){let n;Array.isArray(t[0])&&!(t[1]instanceof Function)||Array.isArray(t[0])&&t[1]instanceof Function?n=t[0]:t[t.length-1]instanceof Function?n=t.slice(0,t.length-1):n=t;let i=0;for(const a of n)i+=a.byteLength;const r=new Uint8Array(i);let o=0;for(const a of n){const c=this.toUint8Array(a);r.set(c,o),o+=c.length}return t[t.length-1]instanceof Function?this.toView(r,t[t.length-1]):r.buffer}}const Zg="string",BR=/^[0-9a-f\s]+$/i,LR=/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/,MR=/^[a-zA-Z0-9-_]+$/;class x2{static fromString(t){const n=unescape(encodeURIComponent(t)),i=new Uint8Array(n.length);for(let r=0;r<n.length;r++)i[r]=n.charCodeAt(r);return i.buffer}static toString(t){const n=ae.toUint8Array(t);let i="";for(let o=0;o<n.length;o++)i+=String.fromCharCode(n[o]);return decodeURIComponent(escape(i))}}class vi{static toString(t,n=!1){const i=ae.toArrayBuffer(t),r=new DataView(i);let o="";for(let a=0;a<i.byteLength;a+=2){const c=r.getUint16(a,n);o+=String.fromCharCode(c)}return o}static fromString(t,n=!1){const i=new ArrayBuffer(t.length*2),r=new DataView(i);for(let o=0;o<t.length;o++)r.setUint16(o*2,t.charCodeAt(o),n);return i}}class ge{static isHex(t){return typeof t===Zg&&BR.test(t)}static isBase64(t){return typeof t===Zg&&LR.test(t)}static isBase64Url(t){return typeof t===Zg&&MR.test(t)}static ToString(t,n="utf8"){const i=ae.toUint8Array(t);switch(n.toLowerCase()){case"utf8":return this.ToUtf8String(i);case"binary":return this.ToBinary(i);case"hex":return this.ToHex(i);case"base64":return this.ToBase64(i);case"base64url":return this.ToBase64Url(i);case"utf16le":return vi.toString(i,!0);case"utf16":case"utf16be":return vi.toString(i);default:throw new Error(`Unknown type of encoding '${n}'`)}}static FromString(t,n="utf8"){if(!t)return new ArrayBuffer(0);switch(n.toLowerCase()){case"utf8":return this.FromUtf8String(t);case"binary":return this.FromBinary(t);case"hex":return this.FromHex(t);case"base64":return this.FromBase64(t);case"base64url":return this.FromBase64Url(t);case"utf16le":return vi.fromString(t,!0);case"utf16":case"utf16be":return vi.fromString(t);default:throw new Error(`Unknown type of encoding '${n}'`)}}static ToBase64(t){const n=ae.toUint8Array(t);if(typeof btoa<"u"){const i=this.ToString(n,"binary");return btoa(i)}else return Buffer.from(n).toString("base64")}static FromBase64(t){const n=this.formatString(t);if(!n)return new ArrayBuffer(0);if(!ge.isBase64(n))throw new TypeError("Argument 'base64Text' is not Base64 encoded");return typeof atob<"u"?this.FromBinary(atob(n)):new Uint8Array(Buffer.from(n,"base64")).buffer}static FromBase64Url(t){const n=this.formatString(t);if(!n)return new ArrayBuffer(0);if(!ge.isBase64Url(n))throw new TypeError("Argument 'base64url' is not Base64Url encoded");return this.FromBase64(this.Base64Padding(n.replace(/\-/g,"+").replace(/\_/g,"/")))}static ToBase64Url(t){return this.ToBase64(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/\=/g,"")}static FromUtf8String(t,n=ge.DEFAULT_UTF8_ENCODING){switch(n){case"ascii":return this.FromBinary(t);case"utf8":return x2.fromString(t);case"utf16":case"utf16be":return vi.fromString(t);case"utf16le":case"usc2":return vi.fromString(t,!0);default:throw new Error(`Unknown type of encoding '${n}'`)}}static ToUtf8String(t,n=ge.DEFAULT_UTF8_ENCODING){switch(n){case"ascii":return this.ToBinary(t);case"utf8":return x2.toString(t);case"utf16":case"utf16be":return vi.toString(t);case"utf16le":case"usc2":return vi.toString(t,!0);default:throw new Error(`Unknown type of encoding '${n}'`)}}static FromBinary(t){const n=t.length,i=new Uint8Array(n);for(let r=0;r<n;r++)i[r]=t.charCodeAt(r);return i.buffer}static ToBinary(t){const n=ae.toUint8Array(t);let i="";for(let r=0;r<n.length;r++)i+=String.fromCharCode(n[r]);return i}static ToHex(t){const n=ae.toUint8Array(t);let i="";const r=n.length;for(let o=0;o<r;o++){const a=n[o];a<16&&(i+="0"),i+=a.toString(16)}return i}static FromHex(t){let n=this.formatString(t);if(!n)return new ArrayBuffer(0);if(!ge.isHex(n))throw new TypeError("Argument 'hexString' is not HEX encoded");n.length%2&&(n=`0${n}`);const i=new Uint8Array(n.length/2);for(let r=0;r<n.length;r=r+2){const o=n.slice(r,r+2);i[r/2]=parseInt(o,16)}return i.buffer}static ToUtf16String(t,n=!1){return vi.toString(t,n)}static FromUtf16String(t,n=!1){return vi.fromString(t,n)}static Base64Padding(t){const n=4-t.length%4;if(n<4)for(let i=0;i<n;i++)t+="=";return t}static formatString(t){return t?.replace(/[\n\r\t ]/g,"")||""}}ge.DEFAULT_UTF8_ENCODING="utf8";function UR(...e){const t=e.map(r=>r.byteLength).reduce((r,o)=>r+o),n=new Uint8Array(t);let i=0;return e.map(r=>new Uint8Array(r)).forEach(r=>{for(const o of r)n[i++]=o}),n.buffer}function qR(e,t){if(!(e&&t)||e.byteLength!==t.byteLength)return!1;const n=new Uint8Array(e),i=new Uint8Array(t);for(let r=0;r<e.byteLength;r++)if(n[r]!==i[r])return!1;return!0}function Fa(e,t){let n=0;if(e.length===1)return e[0];for(let i=e.length-1;i>=0;i--)n+=e[e.length-1-i]*Math.pow(2,t*i);return n}function ns(e,t,n=-1){const i=n;let r=e,o=0,a=Math.pow(2,t);for(let c=1;c<8;c++){if(e<a){let l;if(i<0)l=new ArrayBuffer(c),o=c;else{if(i<c)return new ArrayBuffer(0);l=new ArrayBuffer(i),o=i}const d=new Uint8Array(l);for(let u=c-1;u>=0;u--){const p=Math.pow(2,u*t);d[o-u-1]=Math.floor(r/p),r-=d[o-u-1]*p}return l}a*=Math.pow(2,t)}return new ArrayBuffer(0)}function by(...e){let t=0,n=0;for(const o of e)t+=o.length;const i=new ArrayBuffer(t),r=new Uint8Array(i);for(const o of e)r.set(o,n),n+=o.length;return r}function L$(){const e=new Uint8Array(this.valueHex);if(this.valueHex.byteLength>=2){const c=e[0]===255&&e[1]&128,l=e[0]===0&&(e[1]&128)===0;(c||l)&&this.warnings.push("Needlessly long format")}const t=new ArrayBuffer(this.valueHex.byteLength),n=new Uint8Array(t);for(let c=0;c<this.valueHex.byteLength;c++)n[c]=0;n[0]=e[0]&128;const i=Fa(n,8),r=new ArrayBuffer(this.valueHex.byteLength),o=new Uint8Array(r);for(let c=0;c<this.valueHex.byteLength;c++)o[c]=e[c];return o[0]&=127,Fa(o,8)-i}function HR(e){const t=e<0?e*-1:e;let n=128;for(let i=1;i<8;i++){if(t<=n){if(e<0){const a=n-t,c=ns(a,8,i),l=new Uint8Array(c);return l[0]|=128,c}let r=ns(t,8,i),o=new Uint8Array(r);if(o[0]&128){const a=r.slice(0),c=new Uint8Array(a);r=new ArrayBuffer(r.byteLength+1),o=new Uint8Array(r);for(let l=0;l<a.byteLength;l++)o[l+1]=c[l];o[0]=0}return r}n*=Math.pow(2,8)}return new ArrayBuffer(0)}function VR(e,t){if(e.byteLength!==t.byteLength)return!1;const n=new Uint8Array(e),i=new Uint8Array(t);for(let r=0;r<n.length;r++)if(n[r]!==i[r])return!1;return!0}function vn(e,t){const n=e.toString(10);if(t<n.length)return"";const i=t-n.length,r=new Array(i);for(let a=0;a<i;a++)r[a]="0";return r.join("").concat(n)}function qp(){if(typeof BigInt>"u")throw new Error("BigInt is not defined. Your environment doesn't implement BigInt.")}function lb(e){let t=0,n=0;for(let r=0;r<e.length;r++){const o=e[r];t+=o.byteLength}const i=new Uint8Array(t);for(let r=0;r<e.length;r++){const o=e[r];i.set(new Uint8Array(o),n),n+=o.byteLength}return i.buffer}function br(e,t,n,i){return t instanceof Uint8Array?t.byteLength?n<0?(e.error="Wrong parameter: inputOffset less than zero",!1):i<0?(e.error="Wrong parameter: inputLength less than zero",!1):t.byteLength-n-i<0?(e.error="End of input reached before message was fully decoded (inconsistent offset and length values)",!1):!0:(e.error="Wrong parameter: inputBuffer has zero length",!1):(e.error="Wrong parameter: inputBuffer must be 'Uint8Array'",!1)}class bh{constructor(){this.items=[]}write(t){this.items.push(t)}final(){return lb(this.items)}}const Fc=[new Uint8Array([1])],C2="0123456789",Xg="name",T2="valueHexView",KR="isHexOnly",GR="idBlock",WR="tagClass",JR="tagNumber",YR="isConstructed",QR="fromBER",ZR="toBER",XR="local",dn="",Ri=new ArrayBuffer(0),vh=new Uint8Array(0),Yl="EndOfContent",M$="OCTET STRING",U$="BIT STRING";function Di(e){var t;return t=class extends e{get valueHex(){return this.valueHexView.slice().buffer}set valueHex(i){this.valueHexView=new Uint8Array(i)}constructor(...i){var r;super(...i);const o=i[0]||{};this.isHexOnly=(r=o.isHexOnly)!==null&&r!==void 0?r:!1,this.valueHexView=o.valueHex?ae.toUint8Array(o.valueHex):vh}fromBER(i,r,o,a){const c=i instanceof ArrayBuffer?new Uint8Array(i):i;if(!br(this,c,r,o))return-1;const l=r+o;return this.valueHexView=c.subarray(r,l),this.valueHexView.length?(this.blockLength=o,l):(this.warnings.push("Zero buffer length"),r)}toBER(i=!1){return this.isHexOnly?i?new ArrayBuffer(this.valueHexView.byteLength):this.valueHexView.byteLength===this.valueHexView.buffer.byteLength?this.valueHexView.buffer:this.valueHexView.slice().buffer:(this.error="Flag 'isHexOnly' is not set, abort",Ri)}toJSON(){return{...super.toJSON(),isHexOnly:this.isHexOnly,valueHex:ge.ToHex(this.valueHexView)}}},t.NAME="hexBlock",t}class As{static blockName(){return this.NAME}get valueBeforeDecode(){return this.valueBeforeDecodeView.slice().buffer}set valueBeforeDecode(t){this.valueBeforeDecodeView=new Uint8Array(t)}constructor({blockLength:t=0,error:n=dn,warnings:i=[],valueBeforeDecode:r=vh}={}){this.blockLength=t,this.error=n,this.warnings=i,this.valueBeforeDecodeView=ae.toUint8Array(r)}toJSON(){return{blockName:this.constructor.NAME,blockLength:this.blockLength,error:this.error,warnings:this.warnings,valueBeforeDecode:ge.ToHex(this.valueBeforeDecodeView)}}}As.NAME="baseBlock";class Jt extends As{fromBER(t,n,i,r){throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'")}toBER(t,n){throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'")}}Jt.NAME="valueBlock";class q$ extends Di(As){constructor({idBlock:t={}}={}){var n,i,r,o;super(),t?(this.isHexOnly=(n=t.isHexOnly)!==null&&n!==void 0?n:!1,this.valueHexView=t.valueHex?ae.toUint8Array(t.valueHex):vh,this.tagClass=(i=t.tagClass)!==null&&i!==void 0?i:-1,this.tagNumber=(r=t.tagNumber)!==null&&r!==void 0?r:-1,this.isConstructed=(o=t.isConstructed)!==null&&o!==void 0?o:!1):(this.tagClass=-1,this.tagNumber=-1,this.isConstructed=!1)}toBER(t=!1){let n=0;switch(this.tagClass){case 1:n|=0;break;case 2:n|=64;break;case 3:n|=128;break;case 4:n|=192;break;default:return this.error="Unknown tag class",Ri}if(this.isConstructed&&(n|=32),this.tagNumber<31&&!this.isHexOnly){const r=new Uint8Array(1);if(!t){let o=this.tagNumber;o&=31,n|=o,r[0]=n}return r.buffer}if(!this.isHexOnly){const r=ns(this.tagNumber,7),o=new Uint8Array(r),a=r.byteLength,c=new Uint8Array(a+1);if(c[0]=n|31,!t){for(let l=0;l<a-1;l++)c[l+1]=o[l]|128;c[a]=o[a-1]}return c.buffer}const i=new Uint8Array(this.valueHexView.byteLength+1);if(i[0]=n|31,!t){const r=this.valueHexView;for(let o=0;o<r.length-1;o++)i[o+1]=r[o]|128;i[this.valueHexView.byteLength]=r[r.length-1]}return i.buffer}fromBER(t,n,i){const r=ae.toUint8Array(t);if(!br(this,r,n,i))return-1;const o=r.subarray(n,n+i);if(o.length===0)return this.error="Zero buffer length",-1;switch(o[0]&192){case 0:this.tagClass=1;break;case 64:this.tagClass=2;break;case 128:this.tagClass=3;break;case 192:this.tagClass=4;break;default:return this.error="Unknown tag class",-1}this.isConstructed=(o[0]&32)===32,this.isHexOnly=!1;const c=o[0]&31;if(c!==31)this.tagNumber=c,this.blockLength=1;else{let l=0;for(;;){const u=l+1;if(u>=o.length)return this.error="End of input reached before message was fully decoded",-1;if(l++,(o[u]&128)===0)break}this.blockLength=l+1;const d=this.valueHexView=new Uint8Array(l);for(let u=0;u<l;u++)d[u]=o[u+1]&127;this.blockLength<=9?this.tagNumber=Fa(d,7):(this.isHexOnly=!0,this.warnings.push("Tag too long, represented as hex-coded"))}if(this.tagClass===1&&this.isConstructed)switch(this.tagNumber){case 1:case 2:case 5:case 6:case 9:case 13:case 14:case 23:case 24:case 31:case 32:case 33:case 34:return this.error="Constructed encoding used for primitive type",-1}return n+this.blockLength}toJSON(){return{...super.toJSON(),tagClass:this.tagClass,tagNumber:this.tagNumber,isConstructed:this.isConstructed}}}q$.NAME="identificationBlock";class H$ extends As{constructor({lenBlock:t={}}={}){var n,i,r;super(),this.isIndefiniteForm=(n=t.isIndefiniteForm)!==null&&n!==void 0?n:!1,this.longFormUsed=(i=t.longFormUsed)!==null&&i!==void 0?i:!1,this.length=(r=t.length)!==null&&r!==void 0?r:0}fromBER(t,n,i){const r=ae.toUint8Array(t);if(!br(this,r,n,i))return-1;const o=r.subarray(n,n+i);if(o.length===0)return this.error="Zero buffer length",-1;if(o[0]===255)return this.error="Length block 0xFF is reserved by standard",-1;if(this.isIndefiniteForm=o[0]===128,this.isIndefiniteForm)return this.blockLength=1,n+this.blockLength;if(this.longFormUsed=!!(o[0]&128),this.longFormUsed===!1)return this.length=o[0],this.blockLength=1,n+this.blockLength;const a=o[0]&127;if(a>8)return this.error="Too big integer",-1;if(a+1>o.length)return this.error="End of input reached before message was fully decoded",-1;const c=n+1,l=r.subarray(c,c+a);return l[a-1]===0&&this.warnings.push("Needlessly long encoded length"),this.length=Fa(l,8),this.longFormUsed&&this.length<=127&&this.warnings.push("Unnecessary usage of long length form"),this.blockLength=a+1,n+this.blockLength}toBER(t=!1){let n,i;if(this.length>127&&(this.longFormUsed=!0),this.isIndefiniteForm)return n=new ArrayBuffer(1),t===!1&&(i=new Uint8Array(n),i[0]=128),n;if(this.longFormUsed){const r=ns(this.length,8);if(r.byteLength>127)return this.error="Too big length",Ri;if(n=new ArrayBuffer(r.byteLength+1),t)return n;const o=new Uint8Array(r);i=new Uint8Array(n),i[0]=r.byteLength|128;for(let a=0;a<r.byteLength;a++)i[a+1]=o[a];return n}return n=new ArrayBuffer(1),t===!1&&(i=new Uint8Array(n),i[0]=this.length),n}toJSON(){return{...super.toJSON(),isIndefiniteForm:this.isIndefiniteForm,longFormUsed:this.longFormUsed,length:this.length}}}H$.NAME="lengthBlock";const ue={};class Ft extends As{constructor({name:t=dn,optional:n=!1,primitiveSchema:i,...r}={},o){super(r),this.name=t,this.optional=n,i&&(this.primitiveSchema=i),this.idBlock=new q$(r),this.lenBlock=new H$(r),this.valueBlock=o?new o(r):new Jt(r)}fromBER(t,n,i,r){const o=this.valueBlock.fromBER(t,n,this.lenBlock.isIndefiniteForm?i:this.lenBlock.length,r);return o===-1?(this.error=this.valueBlock.error,o):(this.idBlock.error.length||(this.blockLength+=this.idBlock.blockLength),this.lenBlock.error.length||(this.blockLength+=this.lenBlock.blockLength),this.valueBlock.error.length||(this.blockLength+=this.valueBlock.blockLength),o)}toBER(t,n){const i=n||new bh;n||V$(this);const r=this.idBlock.toBER(t);if(i.write(r),this.lenBlock.isIndefiniteForm)i.write(new Uint8Array([128]).buffer),this.valueBlock.toBER(t,i),i.write(new ArrayBuffer(2));else{const o=this.valueBlock.toBER(t);this.lenBlock.length=o.byteLength;const a=this.lenBlock.toBER(t);i.write(a),i.write(o)}return n?Ri:i.final()}toJSON(){const t={...super.toJSON(),idBlock:this.idBlock.toJSON(),lenBlock:this.lenBlock.toJSON(),valueBlock:this.valueBlock.toJSON(),name:this.name,optional:this.optional};return this.primitiveSchema&&(t.primitiveSchema=this.primitiveSchema.toJSON()),t}toString(t="ascii"){return t==="ascii"?this.onAsciiEncoding():ge.ToHex(this.toBER())}onAsciiEncoding(){const t=this.constructor.NAME,n=ge.ToHex(this.valueBlock.valueBeforeDecodeView);return`${t} : ${n}`}isEqual(t){if(this===t)return!0;if(!(t instanceof this.constructor))return!1;const n=this.toBER(),i=t.toBER();return VR(n,i)}}Ft.NAME="BaseBlock";function V$(e){var t;if(e instanceof ue.Constructed)for(const n of e.valueBlock.value)V$(n)&&(e.lenBlock.isIndefiniteForm=!0);return!!(!((t=e.lenBlock)===null||t===void 0)&&t.isIndefiniteForm)}class db extends Ft{getValue(){return this.valueBlock.value}setValue(t){this.valueBlock.value=t}constructor({value:t=dn,...n}={},i){super(n,i),t&&this.fromString(t)}fromBER(t,n,i){const r=this.valueBlock.fromBER(t,n,this.lenBlock.isIndefiniteForm?i:this.lenBlock.length);return r===-1?(this.error=this.valueBlock.error,r):(this.fromBuffer(this.valueBlock.valueHexView),this.idBlock.error.length||(this.blockLength+=this.idBlock.blockLength),this.lenBlock.error.length||(this.blockLength+=this.lenBlock.blockLength),this.valueBlock.error.length||(this.blockLength+=this.valueBlock.blockLength),r)}onAsciiEncoding(){return`${this.constructor.NAME} : '${this.valueBlock.value}'`}}db.NAME="BaseStringBlock";class K$ extends Di(Jt){constructor({isHexOnly:t=!0,...n}={}){super(n),this.isHexOnly=t}}K$.NAME="PrimitiveValueBlock";var G$;class Od extends Ft{constructor(t={}){super(t,K$),this.idBlock.isConstructed=!1}}G$=Od;ue.Primitive=G$;Od.NAME="PRIMITIVE";const W$=100,J$=1e4,Y$=16*1024*1024,e7="Maximum ASN.1 nesting depth exceeded",t7="Maximum ASN.1 node count exceeded",n7="Maximum ASN.1 content length exceeded";function jd(e={}){var t,n,i;return{depth:0,maxDepth:(t=e.maxDepth)!==null&&t!==void 0?t:W$,nodesCount:0,maxNodes:(n=e.maxNodes)!==null&&n!==void 0?n:J$,maxContentLength:(i=e.maxContentLength)!==null&&i!==void 0?i:Y$}}function i7(e){const t=new Ft({},Jt);return t.error=e,{offset:-1,result:t}}function r7(e){if(e.nodesCount+=1,e.nodesCount>e.maxNodes)return t7}function o7(e,t){if(e>t.maxContentLength)return n7}function ub(e,t,n,i){const r=i.depth+1;if(r>i.maxDepth)return i7(e7);i.depth=r;try{return Ah(e,t,n,i)}finally{i.depth-=1}}function s7(e,t){if(e instanceof t)return e;const n=new t;return n.idBlock=e.idBlock,n.lenBlock=e.lenBlock,n.warnings=e.warnings,n.valueBeforeDecodeView=e.valueBeforeDecodeView,n}function Ah(e,t=0,n=e.length,i=jd()){const r=t;let o=new Ft({},Jt);const a=new As;if(!br(a,e,t,n))return o.error=a.error,{offset:-1,result:o};if(!e.subarray(t,t+n).length)return o.error="Zero buffer length",{offset:-1,result:o};const l=r7(i);if(l)return o.error=l,{offset:-1,result:o};let d=o.idBlock.fromBER(e,t,n);if(o.idBlock.warnings.length&&o.warnings.concat(o.idBlock.warnings),d===-1)return o.error=o.idBlock.error,{offset:-1,result:o};if(t=d,n-=o.idBlock.blockLength,d=o.lenBlock.fromBER(e,t,n),o.lenBlock.warnings.length&&o.warnings.concat(o.lenBlock.warnings),d===-1)return o.error=o.lenBlock.error,{offset:-1,result:o};t=d,n-=o.lenBlock.blockLength;const u=o.lenBlock.isIndefiniteForm?n:o.lenBlock.length,p=o7(u,i);if(p)return o.error=p,{offset:-1,result:o};if(!o.idBlock.isConstructed&&o.lenBlock.isIndefiniteForm)return o.error="Indefinite length form used for primitive encoding form",{offset:-1,result:o};let f=Ft;switch(o.idBlock.tagClass){case 1:if(o.idBlock.tagNumber>=37&&o.idBlock.isHexOnly===!1)return o.error="UNIVERSAL 37 and upper tags are reserved by ASN.1 standard",{offset:-1,result:o};switch(o.idBlock.tagNumber){case 0:if(o.idBlock.isConstructed&&o.lenBlock.length>0)return o.error="Type [UNIVERSAL 0] is reserved",{offset:-1,result:o};f=ue.EndOfContent;break;case 1:f=ue.Boolean;break;case 2:f=ue.Integer;break;case 3:f=ue.BitString;break;case 4:f=ue.OctetString;break;case 5:f=ue.Null;break;case 6:f=ue.ObjectIdentifier;break;case 10:f=ue.Enumerated;break;case 12:f=ue.Utf8String;break;case 13:f=ue.RelativeObjectIdentifier;break;case 14:f=ue.TIME;break;case 15:return o.error="[UNIVERSAL 15] is reserved by ASN.1 standard",{offset:-1,result:o};case 16:f=ue.Sequence;break;case 17:f=ue.Set;break;case 18:f=ue.NumericString;break;case 19:f=ue.PrintableString;break;case 20:f=ue.TeletexString;break;case 21:f=ue.VideotexString;break;case 22:f=ue.IA5String;break;case 23:f=ue.UTCTime;break;case 24:f=ue.GeneralizedTime;break;case 25:f=ue.GraphicString;break;case 26:f=ue.VisibleString;break;case 27:f=ue.GeneralString;break;case 28:f=ue.UniversalString;break;case 29:f=ue.CharacterString;break;case 30:f=ue.BmpString;break;case 31:f=ue.DATE;break;case 32:f=ue.TimeOfDay;break;case 33:f=ue.DateTime;break;case 34:f=ue.Duration;break;default:{const h=o.idBlock.isConstructed?new ue.Constructed:new ue.Primitive;h.idBlock=o.idBlock,h.lenBlock=o.lenBlock,h.warnings=o.warnings,o=h}}break;default:f=o.idBlock.isConstructed?ue.Constructed:ue.Primitive}return o=s7(o,f),d=o.fromBER(e,t,u,i),o.valueBeforeDecodeView=e.subarray(r,r+o.blockLength),{offset:d,result:o}}function va(e,t={}){if(!e.byteLength){const n=new Ft({},Jt);return n.error="Input buffer has zero length",{offset:-1,result:n}}return Ah(ae.toUint8Array(e).slice(),0,e.byteLength,jd(t))}function a7(e,t){return e?1:t}class Vr extends Jt{constructor({value:t=[],isIndefiniteForm:n=!1,...i}={}){super(i),this.value=t,this.isIndefiniteForm=n}fromBER(t,n,i,r){const o=ae.toUint8Array(t),a=r??jd();if(!br(this,o,n,i))return-1;if(this.valueBeforeDecodeView=o.subarray(n,n+i),this.valueBeforeDecodeView.length===0)return this.warnings.push("Zero buffer length"),n;let c=n;for(;a7(this.isIndefiniteForm,i)>0;){const l=ub(o,c,i,a);if(l.offset===-1)return this.error=l.result.error,this.warnings.concat(l.result.warnings),-1;if(c=l.offset,this.blockLength+=l.result.blockLength,i-=l.result.blockLength,this.value.push(l.result),this.isIndefiniteForm&&l.result.constructor.NAME===Yl)break}return this.isIndefiniteForm&&(this.value[this.value.length-1].constructor.NAME===Yl?this.value.pop():this.warnings.push("No EndOfContent block encoded")),c}toBER(t,n){const i=n||new bh;for(let r=0;r<this.value.length;r++)this.value[r].toBER(t,i);return n?Ri:i.final()}toJSON(){const t={...super.toJSON(),isIndefiniteForm:this.isIndefiniteForm,value:[]};for(const n of this.value)t.value.push(n.toJSON());return t}}Vr.NAME="ConstructedValueBlock";var Q$;class en extends Ft{constructor(t={}){super(t,Vr),this.idBlock.isConstructed=!0}fromBER(t,n,i,r){this.valueBlock.isIndefiniteForm=this.lenBlock.isIndefiniteForm;const o=this.valueBlock.fromBER(t,n,this.lenBlock.isIndefiniteForm?i:this.lenBlock.length,r);return o===-1?(this.error=this.valueBlock.error,o):(this.idBlock.error.length||(this.blockLength+=this.idBlock.blockLength),this.lenBlock.error.length||(this.blockLength+=this.lenBlock.blockLength),this.valueBlock.error.length||(this.blockLength+=this.valueBlock.blockLength),o)}onAsciiEncoding(){const t=[];for(const i of this.valueBlock.value)t.push(i.toString("ascii").split(`
239
+ `;function HO(e,t,n){const i=n?` style="${n}"`:"";return`<div class="widget-container" data-authhero-widget-container data-screen="${VO(t)}"${i}>${e}</div>`}function VO(e){return e.replace(/&/g,"&amp;").replace(/"/g,"&quot;")}function KO(e,t){const n=S(c$,{darkMode:t.darkMode,language:t.language,availableLanguages:t.availableLanguages}).toString(),i={"{%- auth0:widget -%}":HO(t.widgetHtml,t.screenId,t.widgetContainerStyle),"{%- authhero:logo -%}":S(o$,{logoUrl:t.logoUrl,clientName:t.clientName}).toString(),"{%- authhero:settings -%}":n,"{%- authhero:dark-mode-toggle -%}":S(s$,{darkMode:t.darkMode}).toString(),"{%- authhero:language-picker -%}":t.availableLanguages?S(a$,{language:t.language,availableLanguages:t.availableLanguages}).toString():"","{%- authhero:powered-by -%}":t.poweredBy?S(l$,{url:t.poweredBy.url,href:t.poweredBy.href,alt:t.poweredBy.alt,height:t.poweredBy.height}).toString():"","{%- authhero:legal -%}":t.termsAndConditionsUrl?S(d$,{termsAndConditionsUrl:t.termsAndConditionsUrl,language:t.language}).toString():""};let r=e;for(const[o,a]of Object.entries(i))r=r.split(o).join(a);return r}const n2=s.z.object({body:s.z.string()}),GO=new s.OpenAPIHono().openapi(s.createRoute({tags:["branding"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:branding","auth:read"]}],responses:{200:{content:{"application/json":{schema:Ju}},description:"Branding settings"}}}),async e=>{const t=await e.env.data.branding.get(e.var.tenant_id);return t?e.json(t):e.json(U1)}).openapi(s.createRoute({tags:["branding"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Ju.shape).partial()}}}},security:[{Bearer:["update:branding","auth:write"]}],responses:{200:{content:{"application/json":{schema:Ju}},description:"Branding settings"}}}),async e=>{const t=e.req.valid("json");await e.env.data.branding.set(e.var.tenant_id,t);const n=await e.env.data.branding.get(e.var.tenant_id);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Branding",targetType:"branding",targetId:e.var.tenant_id}),e.json(n||U1)}).openapi(s.createRoute({tags:["branding"],method:"get",path:"/templates/universal-login",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:branding","auth:read"]}],responses:{200:{content:{"application/json":{schema:n2}},description:"Universal login template — tenant-customized when one is stored, otherwise the AuthHero default body that tenants can copy and modify."}}}),async e=>{const t=await e.env.data.universalLoginTemplates.get(e.var.tenant_id);return t?e.json(t):e.json({body:qO})}).openapi(s.createRoute({tags:["branding"],method:"put",path:"/templates/universal-login",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:n2}}}},security:[{Bearer:["update:branding","auth:write"]}],responses:{204:{description:"Template updated successfully"},400:{description:"Invalid template"}}}),async e=>{const t=e.req.valid("json");if(!t.body.includes(t2))throw new z(400,{message:`Template must contain ${t2} tag`});return await e.env.data.universalLoginTemplates.set(e.var.tenant_id,t),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Set Universal Login Template",targetType:"universal_login_template",targetId:e.var.tenant_id}),e.body(null,204)}).openapi(s.createRoute({tags:["branding"],method:"delete",path:"/templates/universal-login",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:branding","auth:write"]}],responses:{204:{description:"Template deleted successfully"}}}),async e=>(await e.env.data.universalLoginTemplates.delete(e.var.tenant_id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete Universal Login Template",targetType:"universal_login_template",targetId:e.var.tenant_id}),e.body(null,204))).route("/themes",NF),WO=24;function ao(){return AC("0123456789abcdef",WO)()}function fy(e){if(!e.includes("|"))return console.error("Invalid user_id format"),e;const[,t]=e.split("|");return t}async function eb(e,t,n){return(await e.list(t,{page:0,per_page:10,include_totals:!1,q:`email:${n}`})).users}async function hy({userAdapter:e,tenant_id:t,username:n,provider:i}){let r;i==="sms"?r=`phone_number:${n}`:n.includes("@")?r=`email:${n}`:r=`username:${n}`;const{users:o}=await e.list(t,{page:0,per_page:10,include_totals:!1,q:`${r} provider:${i}`});return o.length>1&&console.error("More than one user found for same username and provider"),o[0]||null}async function co({userAdapter:e,tenant_id:t,email:n}){const{users:i}=await e.list(t,{page:0,per_page:10,include_totals:!1,q:`email:${n}`});if(i.length===0)return;const r=i.filter(a=>!a.linked_to);if(r.length>0)return r.length>1&&console.error("More than one primary user found for same email"),r[0];const o=await e.get(t,i[0]?.linked_to);if(!o)throw new Error("Primary account not found");return o}async function dr({userAdapter:e,tenant_id:t,username:n,provider:i}){const r=await hy({userAdapter:e,tenant_id:t,username:n,provider:i});return r?r.linked_to?e.get(t,r.linked_to):r:null}function JO(e){const t={};return typeof e.name=="string"&&(t.name=e.name),typeof e.given_name=="string"&&(t.given_name=e.given_name),typeof e.family_name=="string"&&(t.family_name=e.family_name),typeof e.nickname=="string"&&(t.nickname=e.nickname),typeof e.picture=="string"&&(t.picture=e.picture),typeof e.email_verified=="boolean"&&(t.email_verified=e.email_verified),typeof e.phone_number=="string"&&(t.phone_number=e.phone_number),typeof e.phone_number_verified=="boolean"?t.phone_verified=e.phone_number_verified:typeof e.phone_verified=="boolean"&&(t.phone_verified=e.phone_verified),t}async function gh(e,t){const{username:n,provider:i,connection:r,client:o,userId:a,isSocial:c,profileData:l={},ip:d="",set_user_root_attributes:u}=t,p=u||"on_each_login",f=p!=="never_on_login"?JO(l):{};let h=await dr({userAdapter:e.env.data.users,tenant_id:t.client.tenant.id,username:n,provider:i}),g=!1;if(!h){const m={user_id:`${i}|${a||ao()}`,email:r!=="sms"&&n.includes("@")?n:void 0,phone_number:r==="sms"?n:f.phone_number,username:!n.includes("@")&&r!=="sms"?n:void 0,name:f.name||n,given_name:f.given_name,family_name:f.family_name,nickname:f.nickname,picture:f.picture,phone_verified:f.phone_verified,provider:i,connection:r,email_verified:f.email_verified??(c||r==="email"),last_ip:d,is_social:c,last_login:new Date().toISOString(),profileData:JSON.stringify(l)};try{h=await e.env.data.users.create(o.tenant.id,m),g=!0}catch(_){if(_?.status!==409)throw _;const y=await dr({userAdapter:e.env.data.users,tenant_id:o.tenant.id,username:n,provider:i});if(!y)throw _;h=y}e.set("user_id",h.user_id)}if(!g&&p==="on_each_login"){const m={...f,profileData:JSON.stringify(l)},_=Object.fromEntries(Object.entries(m).filter(([y,w])=>w!==void 0));Object.keys(_).length>0&&(await e.env.data.users.update(o.tenant.id,h.user_id,_),h={...h,..._})}return h}const h$={},YO=Object.freeze(Object.defineProperty({__proto__:null,default:h$},Symbol.toStringTag,{value:"Module"}));var gy=null;function QO(e){try{return crypto.getRandomValues(new Uint8Array(e))}catch{}try{return h$.randomBytes(e)}catch{}if(!gy)throw Error("Neither WebCryptoAPI nor a crypto module is available. Use bcrypt.setRandomFallback to set an alternative");return gy(e)}function ZO(e){gy=e}function tb(e,t){if(e=e||nb,typeof e!="number")throw Error("Illegal arguments: "+typeof e+", "+typeof t);e<4?e=4:e>31&&(e=31);var n=[];return n.push("$2b$"),e<10&&n.push("0"),n.push(e.toString()),n.push("$"),n.push(Bp(QO(Gl),Gl)),n.join("")}function g$(e,t,n){if(typeof t=="function"&&(n=t,t=void 0),typeof e=="function"&&(n=e,e=void 0),typeof e>"u")e=nb;else if(typeof e!="number")throw Error("illegal arguments: "+typeof e);function i(r){ii(function(){try{r(null,tb(e))}catch(o){r(o)}})}if(n){if(typeof n!="function")throw Error("Illegal callback: "+typeof n);i(n)}else return new Promise(function(r,o){i(function(a,c){if(a){o(a);return}r(c)})})}function m$(e,t){if(typeof t>"u"&&(t=nb),typeof t=="number"&&(t=tb(t)),typeof e!="string"||typeof t!="string")throw Error("Illegal arguments: "+typeof e+", "+typeof t);return my(e,t)}function y$(e,t,n,i){function r(o){typeof e=="string"&&typeof t=="number"?g$(t,function(a,c){my(e,c,o,i)}):typeof e=="string"&&typeof t=="string"?my(e,t,o,i):ii(o.bind(this,Error("Illegal arguments: "+typeof e+", "+typeof t)))}if(n){if(typeof n!="function")throw Error("Illegal callback: "+typeof n);r(n)}else return new Promise(function(o,a){r(function(c,l){if(c){a(c);return}o(l)})})}function _$(e,t){for(var n=e.length^t.length,i=0;i<e.length;++i)n|=e.charCodeAt(i)^t.charCodeAt(i);return n===0}function XO(e,t){if(typeof e!="string"||typeof t!="string")throw Error("Illegal arguments: "+typeof e+", "+typeof t);return t.length!==60?!1:_$(m$(e,t.substring(0,t.length-31)),t)}function ej(e,t,n,i){function r(o){if(typeof e!="string"||typeof t!="string"){ii(o.bind(this,Error("Illegal arguments: "+typeof e+", "+typeof t)));return}if(t.length!==60){ii(o.bind(this,null,!1));return}y$(e,t.substring(0,29),function(a,c){a?o(a):o(null,_$(c,t))},i)}if(n){if(typeof n!="function")throw Error("Illegal callback: "+typeof n);r(n)}else return new Promise(function(o,a){r(function(c,l){if(c){a(c);return}o(l)})})}function tj(e){if(typeof e!="string")throw Error("Illegal arguments: "+typeof e);return parseInt(e.split("$")[2],10)}function nj(e){if(typeof e!="string")throw Error("Illegal arguments: "+typeof e);if(e.length!==60)throw Error("Illegal hash length: "+e.length+" != 60");return e.substring(0,29)}function ij(e){if(typeof e!="string")throw Error("Illegal arguments: "+typeof e);return w$(e)>72}var ii=typeof setImmediate=="function"?setImmediate:typeof scheduler=="object"&&typeof scheduler.postTask=="function"?scheduler.postTask.bind(scheduler):setTimeout;function w$(e){for(var t=0,n=0,i=0;i<e.length;++i)n=e.charCodeAt(i),n<128?t+=1:n<2048?t+=2:(n&64512)===55296&&(e.charCodeAt(i+1)&64512)===56320?(++i,t+=4):t+=3;return t}function rj(e){for(var t=0,n,i,r=new Array(w$(e)),o=0,a=e.length;o<a;++o)n=e.charCodeAt(o),n<128?r[t++]=n:n<2048?(r[t++]=n>>6|192,r[t++]=n&63|128):(n&64512)===55296&&((i=e.charCodeAt(o+1))&64512)===56320?(n=65536+((n&1023)<<10)+(i&1023),++o,r[t++]=n>>18|240,r[t++]=n>>12&63|128,r[t++]=n>>6&63|128,r[t++]=n&63|128):(r[t++]=n>>12|224,r[t++]=n>>6&63|128,r[t++]=n&63|128);return r}var Rs="./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".split(""),xr=[-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,0,1,54,55,56,57,58,59,60,61,62,63,-1,-1,-1,-1,-1,-1,-1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,-1,-1,-1,-1,-1,-1,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,-1,-1,-1,-1,-1];function Bp(e,t){var n=0,i=[],r,o;if(t<=0||t>e.length)throw Error("Illegal len: "+t);for(;n<t;){if(r=e[n++]&255,i.push(Rs[r>>2&63]),r=(r&3)<<4,n>=t){i.push(Rs[r&63]);break}if(o=e[n++]&255,r|=o>>4&15,i.push(Rs[r&63]),r=(o&15)<<2,n>=t){i.push(Rs[r&63]);break}o=e[n++]&255,r|=o>>6&3,i.push(Rs[r&63]),i.push(Rs[o&63])}return i.join("")}function b$(e,t){var n=0,i=e.length,r=0,o=[],a,c,l,d,u,p;if(t<=0)throw Error("Illegal len: "+t);for(;n<i-1&&r<t&&(p=e.charCodeAt(n++),a=p<xr.length?xr[p]:-1,p=e.charCodeAt(n++),c=p<xr.length?xr[p]:-1,!(a==-1||c==-1||(u=a<<2>>>0,u|=(c&48)>>4,o.push(String.fromCharCode(u)),++r>=t||n>=i)||(p=e.charCodeAt(n++),l=p<xr.length?xr[p]:-1,l==-1)||(u=(c&15)<<4>>>0,u|=(l&60)>>2,o.push(String.fromCharCode(u)),++r>=t||n>=i)));)p=e.charCodeAt(n++),d=p<xr.length?xr[p]:-1,u=(l&3)<<6>>>0,u|=d,o.push(String.fromCharCode(u)),++r;var f=[];for(n=0;n<r;n++)f.push(o[n].charCodeAt(0));return f}var Gl=16,nb=10,oj=16,sj=100,i2=[608135816,2242054355,320440878,57701188,2752067618,698298832,137296536,3964562569,1160258022,953160567,3193202383,887688300,3232508343,3380367581,1065670069,3041331479,2450970073,2306472731],r2=[3509652390,2564797868,805139163,3491422135,3101798381,1780907670,3128725573,4046225305,614570311,3012652279,134345442,2240740374,1667834072,1901547113,2757295779,4103290238,227898511,1921955416,1904987480,2182433518,2069144605,3260701109,2620446009,720527379,3318853667,677414384,3393288472,3101374703,2390351024,1614419982,1822297739,2954791486,3608508353,3174124327,2024746970,1432378464,3864339955,2857741204,1464375394,1676153920,1439316330,715854006,3033291828,289532110,2706671279,2087905683,3018724369,1668267050,732546397,1947742710,3462151702,2609353502,2950085171,1814351708,2050118529,680887927,999245976,1800124847,3300911131,1713906067,1641548236,4213287313,1216130144,1575780402,4018429277,3917837745,3693486850,3949271944,596196993,3549867205,258830323,2213823033,772490370,2760122372,1774776394,2652871518,566650946,4142492826,1728879713,2882767088,1783734482,3629395816,2517608232,2874225571,1861159788,326777828,3124490320,2130389656,2716951837,967770486,1724537150,2185432712,2364442137,1164943284,2105845187,998989502,3765401048,2244026483,1075463327,1455516326,1322494562,910128902,469688178,1117454909,936433444,3490320968,3675253459,1240580251,122909385,2157517691,634681816,4142456567,3825094682,3061402683,2540495037,79693498,3249098678,1084186820,1583128258,426386531,1761308591,1047286709,322548459,995290223,1845252383,2603652396,3431023940,2942221577,3202600964,3727903485,1712269319,422464435,3234572375,1170764815,3523960633,3117677531,1434042557,442511882,3600875718,1076654713,1738483198,4213154764,2393238008,3677496056,1014306527,4251020053,793779912,2902807211,842905082,4246964064,1395751752,1040244610,2656851899,3396308128,445077038,3742853595,3577915638,679411651,2892444358,2354009459,1767581616,3150600392,3791627101,3102740896,284835224,4246832056,1258075500,768725851,2589189241,3069724005,3532540348,1274779536,3789419226,2764799539,1660621633,3471099624,4011903706,913787905,3497959166,737222580,2514213453,2928710040,3937242737,1804850592,3499020752,2949064160,2386320175,2390070455,2415321851,4061277028,2290661394,2416832540,1336762016,1754252060,3520065937,3014181293,791618072,3188594551,3933548030,2332172193,3852520463,3043980520,413987798,3465142937,3030929376,4245938359,2093235073,3534596313,375366246,2157278981,2479649556,555357303,3870105701,2008414854,3344188149,4221384143,3956125452,2067696032,3594591187,2921233993,2428461,544322398,577241275,1471733935,610547355,4027169054,1432588573,1507829418,2025931657,3646575487,545086370,48609733,2200306550,1653985193,298326376,1316178497,3007786442,2064951626,458293330,2589141269,3591329599,3164325604,727753846,2179363840,146436021,1461446943,4069977195,705550613,3059967265,3887724982,4281599278,3313849956,1404054877,2845806497,146425753,1854211946,1266315497,3048417604,3681880366,3289982499,290971e4,1235738493,2632868024,2414719590,3970600049,1771706367,1449415276,3266420449,422970021,1963543593,2690192192,3826793022,1062508698,1531092325,1804592342,2583117782,2714934279,4024971509,1294809318,4028980673,1289560198,2221992742,1669523910,35572830,157838143,1052438473,1016535060,1802137761,1753167236,1386275462,3080475397,2857371447,1040679964,2145300060,2390574316,1461121720,2956646967,4031777805,4028374788,33600511,2920084762,1018524850,629373528,3691585981,3515945977,2091462646,2486323059,586499841,988145025,935516892,3367335476,2599673255,2839830854,265290510,3972581182,2759138881,3795373465,1005194799,847297441,406762289,1314163512,1332590856,1866599683,4127851711,750260880,613907577,1450815602,3165620655,3734664991,3650291728,3012275730,3704569646,1427272223,778793252,1343938022,2676280711,2052605720,1946737175,3164576444,3914038668,3967478842,3682934266,1661551462,3294938066,4011595847,840292616,3712170807,616741398,312560963,711312465,1351876610,322626781,1910503582,271666773,2175563734,1594956187,70604529,3617834859,1007753275,1495573769,4069517037,2549218298,2663038764,504708206,2263041392,3941167025,2249088522,1514023603,1998579484,1312622330,694541497,2582060303,2151582166,1382467621,776784248,2618340202,3323268794,2497899128,2784771155,503983604,4076293799,907881277,423175695,432175456,1378068232,4145222326,3954048622,3938656102,3820766613,2793130115,2977904593,26017576,3274890735,3194772133,1700274565,1756076034,4006520079,3677328699,720338349,1533947780,354530856,688349552,3973924725,1637815568,332179504,3949051286,53804574,2852348879,3044236432,1282449977,3583942155,3416972820,4006381244,1617046695,2628476075,3002303598,1686838959,431878346,2686675385,1700445008,1080580658,1009431731,832498133,3223435511,2605976345,2271191193,2516031870,1648197032,4164389018,2548247927,300782431,375919233,238389289,3353747414,2531188641,2019080857,1475708069,455242339,2609103871,448939670,3451063019,1395535956,2413381860,1841049896,1491858159,885456874,4264095073,4001119347,1565136089,3898914787,1108368660,540939232,1173283510,2745871338,3681308437,4207628240,3343053890,4016749493,1699691293,1103962373,3625875870,2256883143,3830138730,1031889488,3479347698,1535977030,4236805024,3251091107,2132092099,1774941330,1199868427,1452454533,157007616,2904115357,342012276,595725824,1480756522,206960106,497939518,591360097,863170706,2375253569,3596610801,1814182875,2094937945,3421402208,1082520231,3463918190,2785509508,435703966,3908032597,1641649973,2842273706,3305899714,1510255612,2148256476,2655287854,3276092548,4258621189,236887753,3681803219,274041037,1734335097,3815195456,3317970021,1899903192,1026095262,4050517792,356393447,2410691914,3873677099,3682840055,3913112168,2491498743,4132185628,2489919796,1091903735,1979897079,3170134830,3567386728,3557303409,857797738,1136121015,1342202287,507115054,2535736646,337727348,3213592640,1301675037,2528481711,1895095763,1721773893,3216771564,62756741,2142006736,835421444,2531993523,1442658625,3659876326,2882144922,676362277,1392781812,170690266,3921047035,1759253602,3611846912,1745797284,664899054,1329594018,3901205900,3045908486,2062866102,2865634940,3543621612,3464012697,1080764994,553557557,3656615353,3996768171,991055499,499776247,1265440854,648242737,3940784050,980351604,3713745714,1749149687,3396870395,4211799374,3640570775,1161844396,3125318951,1431517754,545492359,4268468663,3499529547,1437099964,2702547544,3433638243,2581715763,2787789398,1060185593,1593081372,2418618748,4260947970,69676912,2159744348,86519011,2512459080,3838209314,1220612927,3339683548,133810670,1090789135,1078426020,1569222167,845107691,3583754449,4072456591,1091646820,628848692,1613405280,3757631651,526609435,236106946,48312990,2942717905,3402727701,1797494240,859738849,992217954,4005476642,2243076622,3870952857,3732016268,765654824,3490871365,2511836413,1685915746,3888969200,1414112111,2273134842,3281911079,4080962846,172450625,2569994100,980381355,4109958455,2819808352,2716589560,2568741196,3681446669,3329971472,1835478071,660984891,3704678404,4045999559,3422617507,3040415634,1762651403,1719377915,3470491036,2693910283,3642056355,3138596744,1364962596,2073328063,1983633131,926494387,3423689081,2150032023,4096667949,1749200295,3328846651,309677260,2016342300,1779581495,3079819751,111262694,1274766160,443224088,298511866,1025883608,3806446537,1145181785,168956806,3641502830,3584813610,1689216846,3666258015,3200248200,1692713982,2646376535,4042768518,1618508792,1610833997,3523052358,4130873264,2001055236,3610705100,2202168115,4028541809,2961195399,1006657119,2006996926,3186142756,1430667929,3210227297,1314452623,4074634658,4101304120,2273951170,1399257539,3367210612,3027628629,1190975929,2062231137,2333990788,2221543033,2438960610,1181637006,548689776,2362791313,3372408396,3104550113,3145860560,296247880,1970579870,3078560182,3769228297,1714227617,3291629107,3898220290,166772364,1251581989,493813264,448347421,195405023,2709975567,677966185,3703036547,1463355134,2715995803,1338867538,1343315457,2802222074,2684532164,233230375,2599980071,2000651841,3277868038,1638401717,4028070440,3237316320,6314154,819756386,300326615,590932579,1405279636,3267499572,3150704214,2428286686,3959192993,3461946742,1862657033,1266418056,963775037,2089974820,2263052895,1917689273,448879540,3550394620,3981727096,150775221,3627908307,1303187396,508620638,2975983352,2726630617,1817252668,1876281319,1457606340,908771278,3720792119,3617206836,2455994898,1729034894,1080033504,976866871,3556439503,2881648439,1522871579,1555064734,1336096578,3548522304,2579274686,3574697629,3205460757,3593280638,3338716283,3079412587,564236357,2993598910,1781952180,1464380207,3163844217,3332601554,1699332808,1393555694,1183702653,3581086237,1288719814,691649499,2847557200,2895455976,3193889540,2717570544,1781354906,1676643554,2592534050,3230253752,1126444790,2770207658,2633158820,2210423226,2615765581,2414155088,3127139286,673620729,2805611233,1269405062,4015350505,3341807571,4149409754,1057255273,2012875353,2162469141,2276492801,2601117357,993977747,3918593370,2654263191,753973209,36408145,2530585658,25011837,3520020182,2088578344,530523599,2918365339,1524020338,1518925132,3760827505,3759777254,1202760957,3985898139,3906192525,674977740,4174734889,2031300136,2019492241,3983892565,4153806404,3822280332,352677332,2297720250,60907813,90501309,3286998549,1016092578,2535922412,2839152426,457141659,509813237,4120667899,652014361,1966332200,2975202805,55981186,2327461051,676427537,3255491064,2882294119,3433927263,1307055953,942726286,933058658,2468411793,3933900994,4215176142,1361170020,2001714738,2830558078,3274259782,1222529897,1679025792,2729314320,3714953764,1770335741,151462246,3013232138,1682292957,1483529935,471910574,1539241949,458788160,3436315007,1807016891,3718408830,978976581,1043663428,3165965781,1927990952,4200891579,2372276910,3208408903,3533431907,1412390302,2931980059,4132332400,1947078029,3881505623,4168226417,2941484381,1077988104,1320477388,886195818,18198404,3786409e3,2509781533,112762804,3463356488,1866414978,891333506,18488651,661792760,1628790961,3885187036,3141171499,876946877,2693282273,1372485963,791857591,2686433993,3759982718,3167212022,3472953795,2716379847,445679433,3561995674,3504004811,3574258232,54117162,3331405415,2381918588,3769707343,4154350007,1140177722,4074052095,668550556,3214352940,367459370,261225585,2610173221,4209349473,3468074219,3265815641,314222801,3066103646,3808782860,282218597,3406013506,3773591054,379116347,1285071038,846784868,2669647154,3771962079,3550491691,2305946142,453669953,1268987020,3317592352,3279303384,3744833421,2610507566,3859509063,266596637,3847019092,517658769,3462560207,3443424879,370717030,4247526661,2224018117,4143653529,4112773975,2788324899,2477274417,1456262402,2901442914,1517677493,1846949527,2295493580,3734397586,2176403920,1280348187,1908823572,3871786941,846861322,1172426758,3287448474,3383383037,1655181056,3139813346,901632758,1897031941,2986607138,3066810236,3447102507,1393639104,373351379,950779232,625454576,3124240540,4148612726,2007998917,544563296,2244738638,2330496472,2058025392,1291430526,424198748,50039436,29584100,3605783033,2429876329,2791104160,1057563949,3255363231,3075367218,3463963227,1469046755,985887462],v$=[1332899944,1700884034,1701343084,1684370003,1668446532,1869963892];function Wl(e,t,n,i){var r,o=e[t],a=e[t+1];return o^=n[0],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[1],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[2],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[3],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[4],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[5],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[6],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[7],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[8],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[9],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[10],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[11],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[12],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[13],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[14],r=i[o>>>24],r+=i[256|o>>16&255],r^=i[512|o>>8&255],r+=i[768|o&255],a^=r^n[15],r=i[a>>>24],r+=i[256|a>>16&255],r^=i[512|a>>8&255],r+=i[768|a&255],o^=r^n[16],e[t]=a^n[oj+1],e[t+1]=o,e}function Js(e,t){for(var n=0,i=0;n<4;++n)i=i<<8|e[t]&255,t=(t+1)%e.length;return{key:i,offp:t}}function o2(e,t,n){for(var i=0,r=[0,0],o=t.length,a=n.length,c,l=0;l<o;l++)c=Js(e,i),i=c.offp,t[l]=t[l]^c.key;for(l=0;l<o;l+=2)r=Wl(r,0,t,n),t[l]=r[0],t[l+1]=r[1];for(l=0;l<a;l+=2)r=Wl(r,0,t,n),n[l]=r[0],n[l+1]=r[1]}function aj(e,t,n,i){for(var r=0,o=[0,0],a=n.length,c=i.length,l,d=0;d<a;d++)l=Js(t,r),r=l.offp,n[d]=n[d]^l.key;for(r=0,d=0;d<a;d+=2)l=Js(e,r),r=l.offp,o[0]^=l.key,l=Js(e,r),r=l.offp,o[1]^=l.key,o=Wl(o,0,n,i),n[d]=o[0],n[d+1]=o[1];for(d=0;d<c;d+=2)l=Js(e,r),r=l.offp,o[0]^=l.key,l=Js(e,r),r=l.offp,o[1]^=l.key,o=Wl(o,0,n,i),i[d]=o[0],i[d+1]=o[1]}function s2(e,t,n,i,r){var o=v$.slice(),a=o.length,c;if(n<4||n>31)if(c=Error("Illegal number of rounds (4-31): "+n),i){ii(i.bind(this,c));return}else throw c;if(t.length!==Gl)if(c=Error("Illegal salt length: "+t.length+" != "+Gl),i){ii(i.bind(this,c));return}else throw c;n=1<<n>>>0;var l,d,u=0,p;typeof Int32Array=="function"?(l=new Int32Array(i2),d=new Int32Array(r2)):(l=i2.slice(),d=r2.slice()),aj(t,e,l,d);function f(){if(r&&r(u/n),u<n)for(var g=Date.now();u<n&&(u=u+1,o2(e,l,d),o2(t,l,d),!(Date.now()-g>sj)););else{for(u=0;u<64;u++)for(p=0;p<a>>1;p++)Wl(o,p<<1,l,d);var m=[];for(u=0;u<a;u++)m.push((o[u]>>24&255)>>>0),m.push((o[u]>>16&255)>>>0),m.push((o[u]>>8&255)>>>0),m.push((o[u]&255)>>>0);if(i){i(null,m);return}else return m}i&&ii(f)}if(typeof i<"u")f();else for(var h;;)if(typeof(h=f())<"u")return h||[]}function my(e,t,n,i){var r;if(typeof e!="string"||typeof t!="string")if(r=Error("Invalid string / salt: Not a string"),n){ii(n.bind(this,r));return}else throw r;var o,a;if(t.charAt(0)!=="$"||t.charAt(1)!=="2")if(r=Error("Invalid salt version: "+t.substring(0,2)),n){ii(n.bind(this,r));return}else throw r;if(t.charAt(2)==="$")o="\0",a=3;else{if(o=t.charAt(2),o!=="a"&&o!=="b"&&o!=="y"||t.charAt(3)!=="$")if(r=Error("Invalid salt revision: "+t.substring(2,4)),n){ii(n.bind(this,r));return}else throw r;a=4}if(t.charAt(a+2)>"$")if(r=Error("Missing salt rounds"),n){ii(n.bind(this,r));return}else throw r;var c=parseInt(t.substring(a,a+1),10)*10,l=parseInt(t.substring(a+1,a+2),10),d=c+l,u=t.substring(a+3,a+25);e+=o>="a"?"\0":"";var p=rj(e),f=b$(u,Gl);function h(g){var m=[];return m.push("$2"),o>="a"&&m.push(o),m.push("$"),d<10&&m.push("0"),m.push(d.toString()),m.push("$"),m.push(Bp(f,f.length)),m.push(Bp(g,v$.length*4-1)),m.join("")}if(typeof n>"u")return h(s2(p,f,d));s2(p,f,d,function(g,m){g?n(g,null):n(null,h(m))},i)}function cj(e,t){return Bp(e,t)}function lj(e,t){return b$(e,t)}const lc={setRandomFallback:ZO,genSaltSync:tb,genSalt:g$,hashSync:m$,hash:y$,compareSync:XO,compare:ej,getRounds:tj,getSalt:nj,truncates:ij,encodeBase64:cj,decodeBase64:lj},Cr={TOO_SHORT:"password_too_short",MISSING_LOWERCASE:"password_missing_lowercase",MISSING_UPPERCASE:"password_missing_uppercase",MISSING_NUMBER:"password_missing_number",MISSING_SPECIAL:"password_missing_special",REUSED:"password_reused",CONTAINS_PERSONAL_INFO:"password_contains_personal_info",CONTAINS_FORBIDDEN_WORD:"password_contains_forbidden_word"};class Ti extends Error{code;params;constructor(t,n,i){super(n),this.code=t,this.params=i,this.name="PasswordPolicyError"}}async function Id(e,t){const{newPassword:n,userData:i,data:r,tenantId:o,userId:a}=t,c=e.passwordPolicy!==void 0||e.password_complexity_options!==void 0||e.password_history!==void 0||e.password_no_personal_info!==void 0||e.password_dictionary!==void 0,l=c?e.passwordPolicy:"good",d=c?e.password_complexity_options?.min_length:8;if(d&&n.length<d)throw new Ti(Cr.TOO_SHORT,`Password must be at least ${d} characters`,{minLength:d});if(l&&l!=="none"&&l==="good"){if(!/[a-z]/.test(n))throw new Ti(Cr.MISSING_LOWERCASE,"Password must contain at least one lowercase letter");if(!/[A-Z]/.test(n))throw new Ti(Cr.MISSING_UPPERCASE,"Password must contain at least one uppercase letter");if(!/\d/.test(n))throw new Ti(Cr.MISSING_NUMBER,"Password must contain at least one number");if(!/[^A-Za-z0-9]/.test(n))throw new Ti(Cr.MISSING_SPECIAL,"Password must contain at least one special character")}if(e.password_history?.enable){const u=e.password_history.size||5,p=await r.passwords.list(o,a,u);for(const f of p)if(await lc.compare(n,f.password))throw new Ti(Cr.REUSED,"Password was used recently and cannot be reused",{historySize:u})}if(e.password_no_personal_info?.enable&&i&&[i.email,i.name].filter(Boolean).join(" ").toLowerCase().includes(n.toLowerCase()))throw new Ti(Cr.CONTAINS_PERSONAL_INFO,"Password cannot contain personal information like your name or email");if(e.password_dictionary?.enable&&e.password_dictionary.dictionary&&e.password_dictionary.dictionary.some(u=>n.toLowerCase().includes(u.toLowerCase())))throw new Ti(Cr.CONTAINS_FORBIDDEN_WORD,"Password contains a forbidden word")}async function zd(e,t,n){const{connections:i}=await e.connections.list(t,{page:0,per_page:100});return i.find(o=>o.name===n)?.options||{}}async function Pa(e){return{hash:await lc.hash(e,10),algorithm:"bcrypt"}}var a2;(function(e){e[e.Include=0]="Include",e[e.None=1]="None"})(a2||(a2={}));var c2;(function(e){e[e.Required=0]="Required",e[e.Ignore=1]="Ignore"})(c2||(c2={}));function dj(e){return A$(e,uj,Jl.Include)}function ib(e){return A$(e,pj,Jl.None)}function A$(e,t,n){let i="";for(let r=0;r<e.byteLength;r+=3){let o=0,a=0;for(let c=0;c<3&&r+c<e.byteLength;c++)o=o<<8|e[r+c],a+=8;for(let c=0;c<4;c++)a>=6?(i+=t[o>>a-6&63],a-=6):a>0?(i+=t[o<<6-a&63],a=0):n===Jl.Include&&(i+="=")}return i}const uj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",pj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Jl;(function(e){e[e.Include=0]="Include",e[e.None=1]="None"})(Jl||(Jl={}));var l2;(function(e){e[e.Required=0]="Required",e[e.Ignore=1]="Ignore"})(l2||(l2={}));class fj{uint8(t,n){if(t.byteLength<n+1)throw new TypeError("Insufficient bytes");return t[n]}uint16(t,n){if(t.byteLength<n+2)throw new TypeError("Insufficient bytes");return t[n]<<8|t[n+1]}uint32(t,n){if(t.byteLength<n+4)throw new TypeError("Insufficient bytes");let i=0;for(let r=0;r<4;r++)i|=t[n+r]<<24-r*8;return i}uint64(t,n){if(t.byteLength<n+8)throw new TypeError("Insufficient bytes");let i=0n;for(let r=0;r<8;r++)i|=BigInt(t[n+r])<<BigInt(56-r*8);return i}putUint8(t,n,i){if(t.length<i+1)throw new TypeError("Not enough space");if(n<0||n>255)throw new TypeError("Invalid uint8 value");t[i]=n}putUint16(t,n,i){if(t.length<i+2)throw new TypeError("Not enough space");if(n<0||n>65535)throw new TypeError("Invalid uint16 value");t[i]=n>>8,t[i+1]=n&255}putUint32(t,n,i){if(t.length<i+4)throw new TypeError("Not enough space");if(n<0||n>4294967295)throw new TypeError("Invalid uint32 value");for(let r=0;r<4;r++)t[i+r]=n>>(3-r)*8&255}putUint64(t,n,i){if(t.length<i+8)throw new TypeError("Not enough space");if(n<0||n>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let r=0;r<8;r++)t[i+r]=Number(n>>BigInt((7-r)*8)&0xffn)}}const d2=new fj;function bi(e,t){return(e<<32-t|e>>>t)>>>0}function hj(e){const t=new gj;return t.update(e),t.digest()}class gj{blockSize=64;size=32;blocks=new Uint8Array(64);currentBlockSize=0;H=new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);l=0n;w=new Uint32Array(64);update(t){if(this.l+=BigInt(t.byteLength)*8n,this.currentBlockSize+t.byteLength<64){this.blocks.set(t,this.currentBlockSize),this.currentBlockSize+=t.byteLength;return}let n=0;if(this.currentBlockSize>0){const i=t.slice(0,64-this.currentBlockSize);this.blocks.set(i,this.currentBlockSize),this.process(),n+=i.byteLength,this.currentBlockSize=0}for(;n+64<=t.byteLength;){const i=t.slice(n,n+64);this.blocks.set(i),this.process(),n+=64}if(t.byteLength-n>0){const i=t.slice(n);this.blocks.set(i),this.currentBlockSize=i.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),d2.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const t=new Uint8Array(32);for(let n=0;n<8;n++)d2.putUint32(t,this.H[n],n*4);return t}process(){for(let d=0;d<16;d++)this.w[d]=(this.blocks[d*4]<<24|this.blocks[d*4+1]<<16|this.blocks[d*4+2]<<8|this.blocks[d*4+3])>>>0;for(let d=16;d<64;d++){const u=(bi(this.w[d-2],17)^bi(this.w[d-2],19)^this.w[d-2]>>>10)>>>0,p=(bi(this.w[d-15],7)^bi(this.w[d-15],18)^this.w[d-15]>>>3)>>>0;this.w[d]=u+this.w[d-7]+p+this.w[d-16]|0}let t=this.H[0],n=this.H[1],i=this.H[2],r=this.H[3],o=this.H[4],a=this.H[5],c=this.H[6],l=this.H[7];for(let d=0;d<64;d++){const u=(bi(o,6)^bi(o,11)^bi(o,25))>>>0,p=(o&a^~o&c)>>>0,f=l+u+p+mj[d]+this.w[d]|0,h=(bi(t,2)^bi(t,13)^bi(t,22))>>>0,g=(t&n^t&i^n&i)>>>0,m=h+g|0;l=c,c=a,a=o,o=r+f|0,r=i,i=n,n=t,t=f+m|0}this.H[0]=t+this.H[0]|0,this.H[1]=n+this.H[1]|0,this.H[2]=i+this.H[2]|0,this.H[3]=r+this.H[3]|0,this.H[4]=o+this.H[4]|0,this.H[5]=a+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const mj=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class k${data;constructor(t){this.data=t}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function S$(e){const t=hj(new TextEncoder().encode(e));return ib(t)}function mh(){const e=new Uint8Array(32);return crypto.getRandomValues(e),ib(e)}function E$(){const e=new Uint8Array(32);return crypto.getRandomValues(e),ib(e)}function yj(e,t){if(t.length!==1)throw new TypeError("Invalid character string");let n=0;for(;n<e.length&&e[n]===t;)n++;return e.slice(n)}function u2(e,t){if(t.length!==1)throw new TypeError("Invalid character string");let n=e.length;for(;n>0&&e[n-1]===t;)n--;return e.slice(0,n)}function p2(e,...t){let n=u2(e,"/");for(const i of t)n=u2(n,"/")+"/"+yj(i,"/");return n}function ar(e,t){const n=new TextEncoder().encode(t.toString()),i=new Request(e,{method:"POST",body:n});return i.headers.set("Content-Type","application/x-www-form-urlencoded"),i.headers.set("Accept","application/json"),i.headers.set("User-Agent","arctic"),i.headers.set("Content-Length",n.byteLength.toString()),i}function Go(e,t){const n=new TextEncoder().encode(`${e}:${t}`);return dj(n)}async function Na(e){let t;try{t=await fetch(e)}catch(n){throw new ob(n)}if(t.status===400||t.status===401){let n;try{n=await t.json()}catch{throw new ba(t.status)}if(typeof n!="object"||n===null)throw new Hr(t.status,n);let i;try{i=rb(n)}catch{throw new Hr(t.status,n)}throw i}if(t.status===200){let n;try{n=await t.json()}catch{throw new ba(t.status)}if(typeof n!="object"||n===null)throw new Hr(t.status,n);return new k$(n)}throw t.body!==null&&await t.body.cancel(),new ba(t.status)}async function _j(e){let t;try{t=await fetch(e)}catch(n){throw new ob(n)}if(t.status===400||t.status===401){let n;try{n=await t.json()}catch{throw new Hr(t.status,null)}if(typeof n!="object"||n===null)throw new Hr(t.status,n);let i;try{i=rb(n)}catch{throw new Hr(t.status,n)}throw i}if(t.status===200){t.body!==null&&await t.body.cancel();return}throw t.body!==null&&await t.body.cancel(),new ba(t.status)}function rb(e){let t;if("error"in e&&typeof e.error=="string")t=e.error;else throw new Error("Invalid error response");let n=null,i=null,r=null;if("error_description"in e){if(typeof e.error_description!="string")throw new Error("Invalid data");n=e.error_description}if("error_uri"in e){if(typeof e.error_uri!="string")throw new Error("Invalid data");i=e.error_uri}if("state"in e){if(typeof e.state!="string")throw new Error("Invalid data");r=e.state}return new wj(t,n,i,r)}class ob extends Error{constructor(t){super("Failed to send request",{cause:t})}}class wj extends Error{code;description;uri;state;constructor(t,n,i,r){super(`OAuth request error: ${t}`),this.code=t,this.description=n,this.uri=i,this.state=r}}class ba extends Error{status;constructor(t){super("Unexpected error response"),this.status=t}}class Hr extends Error{status;data;constructor(t,n){super("Unexpected error response body"),this.status=t,this.data=n}}class vs{clientId;clientPassword;redirectURI;constructor(t,n,i){this.clientId=t,this.clientPassword=n,this.redirectURI=i}createAuthorizationURL(t,n,i){const r=new URL(t);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&r.searchParams.set("redirect_uri",this.redirectURI),r.searchParams.set("state",n),i.length>0&&r.searchParams.set("scope",i.join(" ")),r}createAuthorizationURLWithPKCE(t,n,i,r,o){const a=new URL(t);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&a.searchParams.set("redirect_uri",this.redirectURI),a.searchParams.set("state",n),i===ts.S256){const c=S$(r);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",c)}else i===ts.Plain&&(a.searchParams.set("code_challenge_method","plain"),a.searchParams.set("code_challenge",r));return o.length>0&&a.searchParams.set("scope",o.join(" ")),a}async validateAuthorizationCode(t,n,i){const r=new URLSearchParams;r.set("grant_type","authorization_code"),r.set("code",n),this.redirectURI!==null&&r.set("redirect_uri",this.redirectURI),i!==null&&r.set("code_verifier",i),this.clientPassword===null&&r.set("client_id",this.clientId);const o=ar(t,r);if(this.clientPassword!==null){const c=Go(this.clientId,this.clientPassword);o.headers.set("Authorization",`Basic ${c}`)}return await Na(o)}async refreshAccessToken(t,n,i){const r=new URLSearchParams;r.set("grant_type","refresh_token"),r.set("refresh_token",n),this.clientPassword===null&&r.set("client_id",this.clientId),i.length>0&&r.set("scope",i.join(" "));const o=ar(t,r);if(this.clientPassword!==null){const c=Go(this.clientId,this.clientPassword);o.headers.set("Authorization",`Basic ${c}`)}return await Na(o)}async revokeToken(t,n){const i=new URLSearchParams;i.set("token",n),this.clientPassword===null&&i.set("client_id",this.clientId);const r=ar(t,i);if(this.clientPassword!==null){const o=Go(this.clientId,this.clientPassword);r.headers.set("Authorization",`Basic ${o}`)}await _j(r)}}var ts;(function(e){e[e.S256=0]="S256",e[e.Plain=1]="Plain"})(ts||(ts={}));var f2;(function(e){e[e.Include=0]="Include",e[e.None=1]="None"})(f2||(f2={}));var h2;(function(e){e[e.Required=0]="Required",e[e.Ignore=1]="Ignore"})(h2||(h2={}));function Il(e){return bj(e,vj,Lp.None)}function bj(e,t,n){let i="";for(let r=0;r<e.byteLength;r+=3){let o=0,a=0;for(let c=0;c<3&&r+c<e.byteLength;c++)o=o<<8|e[r+c],a+=8;for(let c=0;c<4;c++)a>=6?(i+=t[o>>a-6&63],a-=6):a>0?(i+=t[o<<6-a&63],a=0):n===Lp.Include&&(i+="=")}return i}const vj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Lp;(function(e){e[e.Include=0]="Include",e[e.None=1]="None"})(Lp||(Lp={}));var g2;(function(e){e[e.Required=0]="Required",e[e.Ignore=1]="Ignore"})(g2||(g2={}));function Aj(e,t,n){const i=Il(new TextEncoder().encode(e)),r=Il(new TextEncoder().encode(t)),o=Il(n);return i+"."+r+"."+o}function kj(e,t){const n=Il(new TextEncoder().encode(e)),i=Il(new TextEncoder().encode(t)),r=n+"."+i;return new TextEncoder().encode(r)}const Sj="https://appleid.apple.com/auth/authorize",Ej="https://appleid.apple.com/auth/token";class x${clientId;teamId;keyId;pkcs8PrivateKey;redirectURI;constructor(t,n,i,r,o){this.clientId=t,this.teamId=n,this.keyId=i,this.pkcs8PrivateKey=r,this.redirectURI=o}createAuthorizationURL(t,n){const i=new URL(Sj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",t),n.length>0&&i.searchParams.set("scope",n.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(t){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",t),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId);const i=await this.createClientSecret();n.set("client_secret",i);const r=ar(Ej,n);return await Na(r)}async createClientSecret(){const t=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),n=Math.floor(Date.now()/1e3),i=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),r=JSON.stringify({iss:this.teamId,exp:n+300,aud:["https://appleid.apple.com"],sub:this.clientId,iat:n}),o=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},t,kj(i,r)));return Aj(i,r,o)}}const xj="https://www.facebook.com/v16.0/dialog/oauth",Cj="https://graph.facebook.com/v16.0/oauth/access_token";class C${clientId;clientSecret;redirectURI;constructor(t,n,i){this.clientId=t,this.clientSecret=n,this.redirectURI=i}createAuthorizationURL(t,n){const i=new URL(xj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",t),n.length>0&&i.searchParams.set("scope",n.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(t){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",t),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId),n.set("client_secret",this.clientSecret);const i=ar(Cj,n);return await Na(i)}}const Tj="https://github.com/login/oauth/authorize",m2="https://github.com/login/oauth/access_token";class T${clientId;clientSecret;redirectURI;constructor(t,n,i){this.clientId=t,this.clientSecret=n,this.redirectURI=i}createAuthorizationURL(t,n){const i=new URL(Tj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",t),n.length>0&&i.searchParams.set("scope",n.join(" ")),this.redirectURI!==null&&i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(t){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",t),this.redirectURI!==null&&n.set("redirect_uri",this.redirectURI);const i=ar(m2,n),r=Go(this.clientId,this.clientSecret);return i.headers.set("Authorization",`Basic ${r}`),await y2(i)}async refreshAccessToken(t){const n=new URLSearchParams;n.set("grant_type","refresh_token"),n.set("refresh_token",t);const i=ar(m2,n),r=Go(this.clientId,this.clientSecret);return i.headers.set("Authorization",`Basic ${r}`),await y2(i)}}async function y2(e){let t;try{t=await fetch(e)}catch(r){throw new ob(r)}if(t.status!==200)throw t.body!==null&&await t.body.cancel(),new ba(t.status);let n;try{n=await t.json()}catch{throw new ba(t.status)}if(typeof n!="object"||n===null)throw new Hr(t.status,n);if("error"in n&&typeof n.error=="string"){let r;try{r=rb(n)}catch{throw new Hr(t.status,n)}throw r}return new k$(n)}const $j="https://accounts.google.com/o/oauth2/v2/auth",_2="https://oauth2.googleapis.com/token",Ij="https://oauth2.googleapis.com/revoke";let $$=class{client;constructor(t,n,i){this.client=new vs(t,n,i)}createAuthorizationURL(t,n,i){return this.client.createAuthorizationURLWithPKCE($j,t,ts.S256,n,i)}async validateAuthorizationCode(t,n){return await this.client.validateAuthorizationCode(_2,t,n)}async refreshAccessToken(t){return await this.client.refreshAccessToken(_2,t,[])}async revokeToken(t){await this.client.revokeToken(Ij,t)}};class I${authorizationEndpoint;tokenEndpoint;clientId;clientSecret;redirectURI;constructor(t,n,i,r){this.authorizationEndpoint=p2("https://login.microsoftonline.com",t,"/oauth2/v2.0/authorize"),this.tokenEndpoint=p2("https://login.microsoftonline.com",t,"/oauth2/v2.0/token"),this.clientId=n,this.clientSecret=i,this.redirectURI=r}createAuthorizationURL(t,n,i){const r=new URL(this.authorizationEndpoint);r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("redirect_uri",this.redirectURI),r.searchParams.set("state",t);const o=S$(n);return r.searchParams.set("code_challenge_method","S256"),r.searchParams.set("code_challenge",o),i.length>0&&r.searchParams.set("scope",i.join(" ")),r}async validateAuthorizationCode(t,n){const i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",t),i.set("redirect_uri",this.redirectURI),i.set("code_verifier",n),this.clientSecret===null&&i.set("client_id",this.clientId);const r=ar(this.tokenEndpoint,i);if(this.clientSecret!==null){const a=Go(this.clientId,this.clientSecret);r.headers.set("Authorization",`Basic ${a}`)}else r.headers.set("Origin","arctic");return await Na(r)}async refreshAccessToken(t,n){const i=new URLSearchParams;i.set("grant_type","refresh_token"),i.set("refresh_token",t),this.clientSecret===null&&i.set("client_id",this.clientId),n.length>0&&i.set("scope",n.join(" "));const r=ar(this.tokenEndpoint,i);if(this.clientSecret!==null){const a=Go(this.clientId,this.clientSecret);r.headers.set("Authorization",`Basic ${a}`)}else r.headers.set("Origin","arctic");return await Na(r)}}let zj=class{hash;curve;constructor(t,n){this.hash=t,this.curve=n}async sign(t,n){const i=await crypto.subtle.importKey("pkcs8",t,{name:"ECDSA",namedCurve:this.curve},!1,["sign"]);return await crypto.subtle.sign({name:"ECDSA",hash:this.hash},i,n)}async verify(t,n,i){const r=await crypto.subtle.importKey("spki",t,{name:"ECDSA",namedCurve:this.curve},!1,["verify"]);return await crypto.subtle.verify({name:"ECDSA",hash:this.hash},r,n,i)}async generateKeyPair(){const t=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:this.curve},!0,["sign"]),n=await crypto.subtle.exportKey("pkcs8",t.privateKey),i=await crypto.subtle.exportKey("spki",t.publicKey);return{privateKey:n,publicKey:i}}};class z${hash;constructor(t){this.hash=t}async verify(t,n,i){const r=await crypto.subtle.importKey("raw",t,{name:"HMAC",hash:this.hash},!1,["verify"]);return await crypto.subtle.verify("HMAC",r,n,i)}async sign(t,n){const i=await crypto.subtle.importKey("raw",t,{name:"HMAC",hash:this.hash},!1,["sign"]);return await crypto.subtle.sign("HMAC",i,n)}async generateKey(){const t=await crypto.subtle.generateKey({name:"HMAC",hash:this.hash},!0,["sign"]);return await crypto.subtle.exportKey("raw",t)}}class Pj{hash;constructor(t){this.hash=t}async verify(t,n,i){const r=await crypto.subtle.importKey("spki",t,{name:"RSASSA-PKCS1-v1_5",hash:this.hash},!1,["verify"]);return await crypto.subtle.verify("RSASSA-PKCS1-v1_5",r,n,i)}async sign(t,n){const i=await crypto.subtle.importKey("pkcs8",t,{name:"RSASSA-PKCS1-v1_5",hash:this.hash},!1,["sign"]);return await crypto.subtle.sign("RSASSA-PKCS1-v1_5",i,n)}async generateKeyPair(t){const n=await crypto.subtle.generateKey({name:"RSASSA-PKCS1-v1_5",hash:this.hash,modulusLength:t??2048,publicExponent:new Uint8Array([1,0,1])},!0,["sign"]),i=await crypto.subtle.exportKey("pkcs8",n.privateKey),r=await crypto.subtle.exportKey("spki",n.publicKey);return{privateKey:i,publicKey:r}}}class Nj{hash;saltLength;constructor(t){this.hash=t,t==="SHA-1"?this.saltLength=20:t==="SHA-256"?this.saltLength=32:t==="SHA-384"?this.saltLength=48:this.saltLength=64}async verify(t,n,i){const r=await crypto.subtle.importKey("spki",t,{name:"RSA-PSS",hash:this.hash},!1,["verify"]);return await crypto.subtle.verify({name:"RSA-PSS",saltLength:this.saltLength},r,n,i)}async sign(t,n){const i=await crypto.subtle.importKey("pkcs8",t,{name:"RSA-PSS",hash:this.hash},!1,["sign"]);return await crypto.subtle.sign({name:"RSA-PSS",saltLength:this.saltLength},i,n)}async generateKeyPair(t){const n=await crypto.subtle.generateKey({name:"RSA-PSS",hash:this.hash,modulusLength:t??2048,publicExponent:new Uint8Array([1,0,1])},!0,["sign"]),i=await crypto.subtle.exportKey("pkcs8",n.privateKey),r=await crypto.subtle.exportKey("spki",n.publicKey);return{privateKey:i,publicKey:r}}}async function yh(e){return await crypto.subtle.digest("SHA-256",e)}function P$(e){return e.toString(2).padStart(8,"0")}function Fj(e){return[...e].map(t=>P$(t)).join("")}function sb(e){return parseInt(e,2)}const w2="0123456789abcdef";function Mp(e){const t=new Uint8Array(e);let n="";for(let i=0;i<t.length;i++){const r=t[i]>>4;n+=w2[r];const o=t[i]&15;n+=w2[o]}return n}class N${alphabet;padding;decodeMap=new Map;constructor(t,n){if(t.length!==32)throw new Error("Invalid alphabet");if(this.alphabet=t,this.padding=n?.padding??"=",this.alphabet.includes(this.padding)||this.padding.length!==1)throw new Error("Invalid padding");for(let i=0;i<t.length;i++)this.decodeMap.set(t[i],i)}encode(t,n){let i="",r=0,o=0;for(let c=0;c<t.length;c++)for(r=r<<8|t[c],o+=8;o>=5;)o-=5,i+=this.alphabet[r>>o&31];if(o>0&&(i+=this.alphabet[r<<5-o&31]),n?.includePadding??!0){const c=(8-i.length%8)%8;for(let l=0;l<c;l++)i+="="}return i}decode(t,n){const i=n?.strict??!0,r=Math.ceil(t.length/8),o=[];for(let a=0;a<r;a++){let c=0;const l=[];for(let u=0;u<8;u++){const p=t[a*8+u];if(p==="="){if(a+1!==r)throw new Error(`Invalid character: ${p}`);c+=1;continue}if(p===void 0){if(i)throw new Error("Invalid data");c+=1;continue}const f=this.decodeMap.get(p)??null;if(f===null)throw new Error(`Invalid character: ${p}`);l.push(f)}if(c===8||c===7||c===5||c===2)throw new Error("Invalid padding");const d=(l[0]<<3)+(l[1]>>2);if(o.push(d),c<6){const u=((l[1]&3)<<6)+(l[2]<<1)+(l[3]>>4);o.push(u)}if(c<4){const u=((l[3]&255)<<4)+(l[4]>>1);o.push(u)}if(c<3){const u=((l[4]&1)<<7)+(l[5]<<2)+(l[6]>>3);o.push(u)}if(c<1){const u=((l[6]&7)<<5)+l[7];o.push(u)}}return Uint8Array.from(o)}}const _h=new N$("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567");new N$("0123456789ABCDEFGHIJKLMNOPQRSTUV");class F${alphabet;padding;decodeMap=new Map;constructor(t,n){if(t.length!==64)throw new Error("Invalid alphabet");if(this.alphabet=t,this.padding=n?.padding??"=",this.alphabet.includes(this.padding)||this.padding.length!==1)throw new Error("Invalid padding");for(let i=0;i<t.length;i++)this.decodeMap.set(t[i],i)}encode(t,n){let i="",r=0,o=0;for(let c=0;c<t.length;c++)for(r=r<<8|t[c],o+=8;o>=6;)o+=-6,i+=this.alphabet[r>>o&63];if(o>0&&(i+=this.alphabet[r<<6-o&63]),n?.includePadding??!0){const c=(4-i.length%4)%4;for(let l=0;l<c;l++)i+="="}return i}decode(t,n){const i=n?.strict??!0,r=Math.ceil(t.length/4),o=[];for(let a=0;a<r;a++){let c=0,l=0;for(let d=0;d<4;d++){const u=t[a*4+d];if(u==="="){if(a+1!==r)throw new Error(`Invalid character: ${u}`);c+=1;continue}if(u===void 0){if(i)throw new Error("Invalid data");c+=1;continue}const p=this.decodeMap.get(u)??null;if(p===null)throw new Error(`Invalid character: ${u}`);l+=p<<6*(3-d)}o.push(l>>16&255),c<2&&o.push(l>>8&255),c<1&&o.push(l&255)}return Uint8Array.from(o)}}const Oj=new F$("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"),Rt=new F$("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_");class Pd{constructor(t,n){this.value=t,this.unit=n}value;unit;milliseconds(){return this.unit==="ms"?this.value:this.unit==="s"?this.value*1e3:this.unit==="m"?this.value*1e3*60:this.unit==="h"?this.value*1e3*60*60:this.unit==="d"?this.value*1e3*60*60*24:this.value*1e3*60*60*24*7}seconds(){return this.milliseconds()/1e3}transform(t){return new Pd(Math.round(this.milliseconds()*t),"ms")}}async function yy(e,t,n,i){const r={alg:e,typ:"JWT",...i?.headers},o={...n};i?.audiences!==void 0&&(o.aud=i.audiences),i?.subject!==void 0&&(o.sub=i.subject),i?.issuer!==void 0&&(o.iss=i.issuer),i?.jwtId!==void 0&&(o.jti=i.jwtId),i?.expiresIn!==void 0&&(o.exp=Math.floor(Date.now()/1e3)+i.expiresIn.seconds()),i?.notBefore!==void 0&&(o.nbf=Math.floor(i.notBefore.getTime()/1e3)),i?.includeIssuedTimestamp===!0&&(o.iat=Math.floor(Date.now()/1e3));const a=new TextEncoder,c=Rt.encode(a.encode(JSON.stringify(r)),{includePadding:!1}),l=Rt.encode(a.encode(JSON.stringify(o)),{includePadding:!1}),d=a.encode([c,l].join(".")),u=await Rj(e).sign(t,d),p=Rt.encode(new Uint8Array(u),{includePadding:!1});return[c,l,p].join(".")}function jj(e){const t=e.split(".");return t.length!==3?null:t}function Nd(e){const t=jj(e);if(!t)return null;const n=new TextDecoder,i=Rt.decode(t[0],{strict:!1}),r=Rt.decode(t[1],{strict:!1}),o=JSON.parse(n.decode(i));if(typeof o!="object"||o===null||!("alg"in o)||!Dj(o.alg)||"typ"in o&&o.typ!=="JWT")return null;const a=JSON.parse(n.decode(r));if(typeof a!="object"||a===null)return null;const c={algorithm:o.alg,expiresAt:null,subject:null,issuedAt:null,issuer:null,jwtId:null,audiences:null,notBefore:null};if("exp"in a){if(typeof a.exp!="number")return null;c.expiresAt=new Date(a.exp*1e3)}if("iss"in a){if(typeof a.iss!="string")return null;c.issuer=a.iss}if("sub"in a){if(typeof a.sub!="string")return null;c.subject=a.sub}if("aud"in a)if(Array.isArray(a.aud)){for(const l of a.aud)if(typeof l!="string")return null;c.audiences=a.aud}else{if(typeof a.aud!="string")return null;c.audiences=[a.aud]}if("nbf"in a){if(typeof a.nbf!="number")return null;c.notBefore=new Date(a.nbf*1e3)}if("iat"in a){if(typeof a.iat!="number")return null;c.issuedAt=new Date(a.iat*1e3)}if("jti"in a){if(typeof a.jti!="string")return null;c.jwtId=a.jti}return{value:e,header:{...o,typ:"JWT",alg:o.alg},payload:{...a},parts:t,...c}}function Rj(e){if(e==="ES256"||e==="ES384"||e==="ES512")return new zj(b2[e].hash,b2[e].curve);if(e==="HS256"||e==="HS384"||e==="HS512")return new z$(Bj[e]);if(e==="RS256"||e==="RS384"||e==="RS512")return new Pj(Lj[e]);if(e==="PS256"||e==="PS384"||e==="PS512")return new Nj(Mj[e]);throw new TypeError("Invalid algorithm")}function Dj(e){return typeof e!="string"?!1:["HS256","HS384","HS512","RS256","RS384","RS512","ES256","ES384","ES512","PS256","PS384","PS512"].includes(e)}const b2={ES256:{hash:"SHA-256",curve:"P-256"},ES384:{hash:"SHA-384",curve:"P-384"},ES512:{hash:"SHA-512",curve:"P-521"}},Bj={HS256:"SHA-256",HS384:"SHA-384",HS512:"SHA-512"},Lj={RS256:"SHA-256",RS384:"SHA-384",RS512:"SHA-512"},Mj={PS256:"SHA-256",PS384:"SHA-384",PS512:"SHA-512"},dc=s.z.object({iss:s.z.string().url(),sub:s.z.string(),aud:s.z.string(),exp:s.z.number(),email:s.z.string().optional(),given_name:s.z.string().optional(),family_name:s.z.string().optional(),name:s.z.string().optional(),iat:s.z.number(),auth_time:s.z.number().optional(),nonce:s.z.string().optional(),acr:s.z.string().optional(),amr:s.z.array(s.z.string()).optional(),azp:s.z.string().optional(),at_hash:s.z.string().optional(),c_hash:s.z.string().optional()}).passthrough();dc.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});const Uj="Apple",qj="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20fill%3D%22none%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M45%200H0V45H45V0Z%22%20fill%3D%22white%22%2F%3E%3Cpath%20d%3D%22M23.5344%2010.3846C25.5313%2010.3846%2028.0344%209.01144%2029.525%207.18055C30.875%205.5213%2031.8594%203.20407%2031.8594%200.886839C31.8594%200.572154%2031.8313%200.25747%2031.775%200C29.5531%200.0858233%2026.8813%201.51621%2025.2781%203.43293C24.0125%204.89193%2022.8594%207.18055%2022.8594%209.52638C22.8594%209.86968%2022.9156%2010.213%2022.9438%2010.3274C23.0844%2010.356%2023.3094%2010.3846%2023.5344%2010.3846ZM16.5031%2045C19.2313%2045%2020.4406%2043.1405%2023.8438%2043.1405C27.3031%2043.1405%2028.0625%2044.9428%2031.1%2044.9428C34.0813%2044.9428%2036.0781%2042.1392%2037.9625%2039.3929C40.0719%2036.246%2040.9438%2033.1564%2041%2033.0134C40.8031%2032.9561%2035.0938%2030.5817%2035.0938%2023.9161C35.0938%2018.1373%2039.5938%2015.534%2039.8469%2015.3338C36.8656%2010.9854%2032.3375%2010.8709%2031.1%2010.8709C27.7531%2010.8709%2025.025%2012.9307%2023.3094%2012.9307C21.4531%2012.9307%2019.0063%2010.9854%2016.1094%2010.9854C10.5969%2010.9854%205%2015.6198%205%2024.3738C5%2029.8093%207.08125%2035.5594%209.64063%2039.2784C11.8344%2042.4253%2013.7469%2045%2016.5031%2045Z%22%20fill%3D%22black%22%2F%3E%3C%2Fsvg%3E";function O$(e){const{options:t}=e;if(!t||!t.client_id||!t.team_id||!t.kid||!t.app_secret)throw new Error("Missing required Apple authentication parameters");const n=Buffer.from(t.app_secret,"utf-8"),i=n.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),r=Uint8Array.from(Buffer.from(i,"base64"));return n.fill(0),{options:t,keyArray:r}}async function Hj(e,t){const{options:n,keyArray:i}=O$(t),r=Wt(e,t),o=new x$(n.client_id,n.team_id,n.kid,i,r),a=Ue(),c=await o.createAuthorizationURL(a,n.scope?.split(" ")||["name","email"]);return(n.scope?.split(" ")||["name","email"]).some(d=>["email","name"].includes(d))&&c.searchParams.set("response_mode","form_post"),{redirectUrl:c.href,code:a}}async function Vj(e,t,n){const{options:i,keyArray:r}=O$(t),a=await new x$(i.client_id,i.team_id,i.kid,r,Wt(e,t)).validateAuthorizationCode(n),c=Nd(a.idToken());if(!c)throw new Error("Invalid ID token");const l=dc.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const Kj=Object.freeze(Object.defineProperty({__proto__:null,displayName:Uj,getRedirect:Hj,logoDataUri:qj,validateAuthorizationCodeAndGetUser:Vj},Symbol.toStringTag,{value:"Module"})),Gj="Facebook",Wj="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M45%2022.5C45%2010.0736%2034.9264%200%2022.5%200C10.0736%200%200%2010.0736%200%2022.5C0%2033.7031%208.23242%2042.9785%2019.0039%2044.6953V28.9746H13.2861V22.5H19.0039V17.5391C19.0039%2011.8945%2022.3828%208.75977%2027.5391%208.75977C29.9658%208.75977%2032.5049%209.19922%2032.5049%209.19922V14.7656H29.7012C26.9414%2014.7656%2026.0156%2016.4824%2026.0156%2018.2432V22.5H32.2412L31.2012%2028.9746H26.0156V44.6953C36.7871%2042.9785%2045%2033.7031%2045%2022.5Z%22%20fill%3D%22%231877F2%22%2F%3E%3Cpath%20d%3D%22M31.2012%2028.9746L32.2412%2022.5H26.0156V18.2432C26.0156%2016.4824%2026.9414%2014.7656%2029.7012%2014.7656H32.5049V9.19922C32.5049%209.19922%2029.9658%208.75977%2027.5391%208.75977C22.3828%208.75977%2019.0039%2011.8945%2019.0039%2017.5391V22.5H13.2861V28.9746H19.0039V44.6953C20.1562%2044.8984%2021.3203%2045%2022.5%2045C23.6797%2045%2024.8438%2044.8984%2026.0156%2044.6953V28.9746H31.2012Z%22%20fill%3D%22white%22%2F%3E%3C%2Fsvg%3E";async function Jj(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required authentication parameters");const i=Wt(e,t),r=new C$(n.client_id,n.client_secret,i),o=Ue();return{redirectUrl:r.createAuthorizationURL(o,n.scope?.split(" ")||["email"]).href,code:o}}async function Yj(e,t,n){const{options:i}=t;if(!i?.client_id||!i.client_secret)throw new Error("Missing required authentication parameters");const o=await new C$(i.client_id,i.client_secret,Wt(e,t)).validateAuthorizationCode(n),a=await fetch("https://graph.facebook.com/v22.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${o.accessToken()}`}});if(!a.ok)throw new Error("Failed to fetch user info");const c=await a.json();return e.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const Qj=Object.freeze(Object.defineProperty({__proto__:null,displayName:Gj,getRedirect:Jj,logoDataUri:Wj,validateAuthorizationCodeAndGetUser:Yj},Symbol.toStringTag,{value:"Module"})),Zj="Google",Xj=!0,eR="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M44.1035%2023.0123C44.1054%2021.4791%2043.9758%2019.9486%2043.716%2018.4375H22.498V27.1028H34.6507C34.4021%2028.4868%2033.8757%2029.8061%2033.1034%2030.9812C32.3311%2032.1562%2031.3289%2033.1628%2030.1571%2033.9401V39.5649H37.41C41.6567%2035.6494%2044.1035%2029.859%2044.1035%2023.0123Z%22%20fill%3D%22%234285F4%22%2F%3E%3Cpath%20d%3D%22M22.4982%2044.9997C28.5698%2044.9997%2033.6821%2043.0061%2037.4101%2039.5687L30.1573%2033.9439C28.1386%2035.3126%2025.5387%2036.0938%2022.4982%2036.0938C16.6296%2036.0938%2011.6485%2032.1377%209.86736%2026.8066H2.39575V32.6033C4.26839%2036.3297%207.13989%2039.4622%2010.6896%2041.6512C14.2394%2043.8402%2018.3277%2044.9995%2022.4982%2044.9997Z%22%20fill%3D%22%2334A853%22%2F%3E%3Cpath%20d%3D%22M9.86737%2026.8073C8.92572%2024.0138%208.92572%2020.9886%209.86737%2018.1951V12.3984H2.39576C0.820432%2015.5332%200%2018.9929%200%2022.5012C0%2026.0095%200.820432%2029.4692%202.39576%2032.604L9.86737%2026.8073Z%22%20fill%3D%22%23FBBC04%22%2F%3E%3Cpath%20d%3D%22M22.4982%208.90741C25.7068%208.85499%2028.8071%2010.0673%2031.1291%2012.2823L37.5507%205.86064C33.4788%202.03602%2028.0843%20-0.0637686%2022.4982%200.00147616C18.3277%200.00166623%2014.2394%201.16098%2010.6896%203.34999C7.13989%205.539%204.26839%208.67155%202.39575%2012.3979L9.86736%2018.1946C11.6485%2012.8635%2016.6296%208.90741%2022.4982%208.90741Z%22%20fill%3D%22%23EA4335%22%2F%3E%3C%2Fsvg%3E";async function tR(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required Google authentication parameters");const i=Wt(e,t),r=new $$(n.client_id,n.client_secret,i),o=Ue(),a=mh();return{redirectUrl:r.createAuthorizationURL(o,a,n.scope?.split(" ")??["email","profile"]).href,code:o,codeVerifier:a}}async function nR(e,t,n,i){const{options:r}=t;if(!r?.client_id||!r.client_secret||!i)throw new Error("Missing required authentication parameters");const a=await new $$(r.client_id,r.client_secret,Wt(e,t)).validateAuthorizationCode(n,i),c=Nd(a.idToken());if(!c)throw new Error("Invalid ID token");const l=dc.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const iR=Object.freeze(Object.defineProperty({__proto__:null,disableEmbeddedBrowsers:Xj,displayName:Zj,getRedirect:tR,logoDataUri:eR,validateAuthorizationCodeAndGetUser:nR},Symbol.toStringTag,{value:"Module"}));class U extends z{constructor(t,n){super(t,{message:JSON.stringify(n),res:new Response(JSON.stringify(n),{status:t,headers:{"Content-Type":"application/json"}})})}}const rR="Vipps",oR="data:image/svg+xml,%3Csvg%20version%3D%221.1%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%2048%2048%22%20width%3D%2245%22%20height%3D%2245%22%3E%3Cpath%20fill%3D%22%23FF5B24%22%20d%3D%22M3.5%2C8h41c1.9%2C0%2C3.5%2C1.6%2C3.5%2C3.5v25c0%2C1.9-1.6%2C3.5-3.5%2C3.5h-41C1.6%2C40%2C0%2C38.4%2C0%2C36.5v-25C0%2C9.6%2C1.6%2C8%2C3.5%2C8z%22%2F%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20fill%3D%22%23FFFFFF%22%20d%3D%22M27.9%2C20.3c1.4%2C0%2C2.6-1%2C2.6-2.5h0c0-1.5-1.2-2.5-2.6-2.5c-1.4%2C0-2.6%2C1-2.6%2C2.5C25.3%2C19.2%2C26.5%2C20.3%2C27.9%2C20.3z%20M31.2%2C24.4c-1.7%2C2.2-3.5%2C3.8-6.7%2C3.8h0c-3.2%2C0-5.8-2-7.7-4.8c-0.8-1.2-2-1.4-2.9-0.8c-0.8%2C0.6-1%2C1.8-0.3%2C2.9%20c2.7%2C4.1%2C6.5%2C6.6%2C10.9%2C6.6c4%2C0%2C7.2-2%2C9.6-5.2c0.9-1.2%2C0.9-2.5%2C0-3.1C33.3%2C22.9%2C32.1%2C23.2%2C31.2%2C24.4z%22%2F%3E%3C%2Fsvg%3E";async function sR(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required authentication parameters");const i=new vs(n.client_id,n.client_secret,Wt(e,t)),r=Ue(),o=i.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",r,n.scope?.split(" ")||["openid","email","phoneNumber","name","address","birthDate"]);return o.searchParams.set("response_type","code"),o.searchParams.set("response_mode","query"),{redirectUrl:o.href,code:r}}async function aR(e,t,n){const{options:i}=t;if(!i?.client_id||!i.client_secret)throw new Error("Missing required authentication parameters");const o=await new vs(i.client_id,i.client_secret,Wt(e,t)).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",n,null),a=Nd(o.idToken());if(!a)throw new Error("Invalid ID token");const c=dc.parse(a.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${o.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new U(400,{message:"Failed to get user from vipps"});return await l.json()}const cR=Object.freeze(Object.defineProperty({__proto__:null,displayName:rR,getRedirect:sR,logoDataUri:oR,validateAuthorizationCodeAndGetUser:aR},Symbol.toStringTag,{value:"Module"})),lR="GitHub",dR="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M22.5%200C10.074%200%200%2010.335%200%2023.077C0%2033.266%206.444%2041.895%2015.39%2044.955C16.515%2045.165%2016.935%2044.46%2016.935%2043.857C16.935%2043.32%2016.92%2041.865%2016.905%2039.99C10.65%2041.355%209.33%2036.99%209.33%2036.99C8.31%2034.32%206.825%2033.615%206.825%2033.615C4.77%2032.205%206.975%2032.235%206.975%2032.235C9.24%2032.385%2010.425%2034.59%2010.425%2034.59C12.45%2038.13%2015.75%2037.125%2017.01%2036.555C17.22%2035.07%2017.82%2034.065%2018.48%2033.51C13.455%2032.94%208.19%2030.93%208.19%2022.035C8.19%2019.5%209.075%2017.43%2010.47%2015.81C10.23%2015.24%209.435%2012.87%2010.695%209.66C10.695%209.66%2012.585%209.045%2016.875%2012.06C18.675%2011.565%2020.595%2011.31%2022.5%2011.31C24.405%2011.31%2026.325%2011.565%2028.125%2012.06C32.415%209.045%2034.305%209.66%2034.305%209.66C35.565%2012.87%2034.77%2015.24%2034.53%2015.81C35.925%2017.43%2036.81%2019.5%2036.81%2022.035C36.81%2030.96%2031.53%2032.925%2026.49%2033.48C27.33%2034.2%2028.095%2035.625%2028.095%2037.815C28.095%2040.95%2028.065%2043.47%2028.065%2043.857C28.065%2044.46%2028.485%2045.18%2029.625%2044.955C38.571%2041.88%2045%2033.252%2045%2023.077C45%2010.335%2034.926%200%2022.5%200Z%22%20fill%3D%22%23181717%22%2F%3E%3C%2Fsvg%3E";async function uR(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required GitHub authentication parameters");const i=Wt(e,t),r=new T$(n.client_id,n.client_secret,i),o=Ue();return{redirectUrl:r.createAuthorizationURL(o,n.scope?.split(" ")||["user:email"]).href,code:o}}async function pR(e,t,n){const{options:i}=t;if(!i?.client_id||!i.client_secret)throw new Error("Missing required authentication parameters");const o=await new T$(i.client_id,i.client_secret,Wt(e,t)).validateAuthorizationCode(n),a=await fetch("https://api.github.com/user",{headers:{Authorization:`Bearer ${o.accessToken()}`,"User-Agent":"AuthHero"}});if(!a.ok)throw new Error("Failed to fetch user info");const c=await a.json(),l=await fetch("https://api.github.com/user/emails",{headers:{Authorization:`Bearer ${o.accessToken()}`,"User-Agent":"AuthHero"}});let d=c.email;if(l.ok){const u=await l.json(),p=u.find(f=>f.primary&&f.verified)||u.find(f=>f.verified);p&&(d=p.email)}return e.set("log",`GitHub user: ${JSON.stringify(c)}`),{sub:c.id.toString(),email:d,name:c.name,given_name:c.name?.split(" ")[0],family_name:c.name?.split(" ").slice(1).join(" "),picture:c.avatar_url}}const fR=Object.freeze(Object.defineProperty({__proto__:null,displayName:lR,getRedirect:uR,logoDataUri:dR,validateAuthorizationCodeAndGetUser:pR},Symbol.toStringTag,{value:"Module"})),hR="Microsoft",gR="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20fill%3D%22%23F25022%22%20d%3D%22M0%200H21.43V21.43H0V0Z%22%2F%3E%3Cpath%20fill%3D%22%237FBA00%22%20d%3D%22M23.57%200H45V21.43H23.57V0Z%22%2F%3E%3Cpath%20fill%3D%22%2300A4EF%22%20d%3D%22M0%2023.57H21.43V45H0V23.57Z%22%2F%3E%3Cpath%20fill%3D%22%23FFB900%22%20d%3D%22M23.57%2023.57H45V45H23.57V23.57Z%22%2F%3E%3C%2Fsvg%3E";async function mR(e,t){const{options:n}=t;if(!n?.client_id||!n.client_secret)throw new Error("Missing required Microsoft authentication parameters");const i=Wt(e,t),r=n.realms||"common",o=new I$(r,n.client_id,n.client_secret,i),a=Ue(),c=mh();return{redirectUrl:o.createAuthorizationURL(a,c,n.scope?.split(" ")||["openid","profile","email"]).href,code:a,codeVerifier:c}}async function yR(e,t,n,i){const{options:r}=t;if(!r?.client_id||!r.client_secret||!i)throw new Error("Missing required authentication parameters");const o=r.realms||"common",c=await new I$(o,r.client_id,r.client_secret,Wt(e,t)).validateAuthorizationCode(n,i),l=Nd(c.idToken());if(!l)throw new Error("Invalid ID token");const d=dc.parse(l.payload);return e.set("log",`Microsoft user: ${JSON.stringify(d)}`),{sub:d.sub,email:d.email,given_name:d.given_name,family_name:d.family_name,name:d.name,picture:d.picture}}const _R=Object.freeze(Object.defineProperty({__proto__:null,displayName:hR,getRedirect:mR,logoDataUri:gR,validateAuthorizationCodeAndGetUser:yR},Symbol.toStringTag,{value:"Module"})),wR="OpenID Connect",bR="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M22.5%200C10.074%200%200%2010.074%200%2022.5S10.074%2045%2022.5%2045%2045%2034.926%2045%2022.5%2034.926%200%2022.5%200zm0%2040.5c-9.941%200-18-8.059-18-18s8.059-18%2018-18%2018%208.059%2018%2018-8.059%2018-18%2018z%22%20fill%3D%22%23F7931E%22%2F%3E%3Cpath%20d%3D%22M22.5%209c-7.456%200-13.5%206.044-13.5%2013.5S15.044%2036%2022.5%2036%2036%2029.956%2036%2022.5%2029.956%209%2022.5%209zm0%2022.5c-4.971%200-9-4.029-9-9s4.029-9%209-9%209%204.029%209%209-4.029%209-9%209z%22%20fill%3D%22%23F7931E%22%2F%3E%3C%2Fsvg%3E";async function vR(e,t){const{options:n}=t;if(!n?.client_id||!n.authorization_endpoint)throw new Error("Missing required OIDC authentication parameters");const i=Wt(e,t),r=new vs(n.client_id,n.client_secret||null,i),o=E$(),a=mh(),c=n.scope?.split(" ")??["openid","profile","email"];return{redirectUrl:r.createAuthorizationURLWithPKCE(n.authorization_endpoint,o,ts.S256,a,c).href,code:o,codeVerifier:a}}async function AR(e,t,n,i){const{options:r}=t;if(!r?.client_id||!r.token_endpoint)throw new Error("Missing required OIDC authentication parameters");const o=Wt(e,t),c=await new vs(r.client_id,r.client_secret||null,o).validateAuthorizationCode(r.token_endpoint,n,i||null);if(c.data.id_token){const d=Nd(c.idToken());if(d?.payload){const u=dc.passthrough().parse(d.payload);return{sub:u.sub,email:u.email,given_name:u.given_name,family_name:u.family_name,name:u.name}}}if(r.userinfo_endpoint){const d=await fetch(r.userinfo_endpoint,{headers:{Authorization:`Bearer ${c.accessToken()}`}});if(!d.ok)throw new Error("Failed to fetch user info");const u=await d.json();if(!u.sub)throw new Error("Unable to get user identifier: userinfo response missing sub");return{sub:u.sub,email:u.email,given_name:u.given_name,family_name:u.family_name,name:u.name}}throw new Error("Unable to get user information: no ID token or userinfo endpoint")}const kR=Object.freeze(Object.defineProperty({__proto__:null,displayName:wR,getRedirect:vR,logoDataUri:bR,validateAuthorizationCodeAndGetUser:AR},Symbol.toStringTag,{value:"Module"})),SR="OAuth 2.0",ER="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20d%3D%22M22.5%200C14.492%200%208%206.492%208%2014.5V18H5v22h35V18h-3v-3.5C37%206.492%2030.508%200%2022.5%200zm0%204c5.799%200%2010.5%204.701%2010.5%2010.5V18h-21v-3.5C12%208.701%2016.701%204%2022.5%204z%22%20fill%3D%22%236B7280%22%2F%3E%3Ccircle%20cx%3D%2222.5%22%20cy%3D%2229%22%20r%3D%223%22%20fill%3D%22%236B7280%22%2F%3E%3C%2Fsvg%3E";async function xR(e,t){const{options:n}=t;if(!n?.client_id||!n.authorization_endpoint)throw new Error("Missing required OAuth2 authentication parameters");const i=Wt(e,t),r=new vs(n.client_id,n.client_secret||null,i),o=E$(),a=mh(),c=n.scope?.split(" ")??[];return{redirectUrl:r.createAuthorizationURLWithPKCE(n.authorization_endpoint,o,ts.S256,a,c).href,code:o,codeVerifier:a}}async function CR(e,t,n,i){const{options:r}=t;if(!r?.client_id||!r.token_endpoint)throw new Error("Missing required authentication parameters");const o=Wt(e,t),c=await new vs(r.client_id,r.client_secret||null,o).validateAuthorizationCode(r.token_endpoint,n,i||null);if(!r.userinfo_endpoint)throw new Error("Missing userinfo_endpoint for OAuth2 provider");const l=await fetch(r.userinfo_endpoint,{headers:{Authorization:`Bearer ${c.accessToken()}`}});if(!l.ok)throw new Error("Failed to fetch user info");const d=await l.json(),u=d.sub||d.id||d.user_id;if(!u)throw new Error("Unable to get user identifier: response missing sub, id, or user_id");return{sub:u,email:d.email,given_name:d.given_name||d.first_name,family_name:d.family_name||d.last_name,name:d.name||`${d.given_name||d.first_name||""} ${d.family_name||d.last_name||""}`.trim()}}const TR=Object.freeze(Object.defineProperty({__proto__:null,displayName:SR,getRedirect:xR,logoDataUri:ER,validateAuthorizationCodeAndGetUser:CR},Symbol.toStringTag,{value:"Module"}));function Dn(e,t){return t?`https://${t}/`:e.ISSUER}function Fn(e,t){return t?`https://${t}/u/`:e.UNIVERSAL_LOGIN_URL||`${e.ISSUER}u/`}function ti(e,t){return t?`https://${t}/`:e.OAUTH_API_URL||e.ISSUER}function Wt(e,t){return t.options?.callback_url??`${ti(e.env,e.var.custom_domain)}login/callback`}const Fd={[W.APPLE]:Kj,[W.FACEBOOK]:Qj,[W.GOOGLE_OAUTH2]:iR,[W.VIPPS]:cR,[W.GITHUB]:fR,[W.MICROSOFT]:_R,[W.OIDC]:kR,[W.OAUTH2]:TR};function j$(e,t){const n=e.env.STRATEGIES||{},r={...Fd,...n}[t];if(!r)throw new Error(`Strategy ${t} not found`);return r}const R$=new Set([W.OIDC,W.SAMLP,W.WAAD,W.ADFS,W.OAUTH2]);function D$(e){return R$.has(e.strategy)?e.name:e.strategy}const $R="data:image/svg+xml,%3Csvg%20width%3D%2245%22%20height%3D%2245%22%20viewBox%3D%220%200%2045%2045%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20x%3D%225%22%20y%3D%2210%22%20width%3D%2235%22%20height%3D%2225%22%20rx%3D%223%22%20fill%3D%22none%22%20stroke%3D%22%23666%22%20stroke-width%3D%222%22%2F%3E%3Cpath%20d%3D%22M5%2013l17.5%2012L40%2013%22%20fill%3D%22none%22%20stroke%3D%22%23666%22%20stroke-width%3D%222%22%20stroke-linejoin%3D%22round%22%2F%3E%3C%2Fsvg%3E";function _y(e){return e.options?.icon_url?e.options.icon_url:e.strategy===W.EMAIL||e.strategy===W.SMS?$R:Fd[e.strategy]?.logoDataUri}const wh="auth2",ab="auth0";async function uc(e,t){return e.usernamePasswordProvider?e.usernamePasswordProvider({tenant_id:t}):wh}function Up(e){return e===wh||e===ab}async function lo({env:e,tenant_id:t,username:n}){const i=await hy({userAdapter:e.data.users,tenant_id:t,username:n,provider:wh});return i||hy({userAdapter:e.data.users,tenant_id:t,username:n,provider:ab})}async function ur({env:e,tenant_id:t,username:n}){const i=await dr({userAdapter:e.data.users,tenant_id:t,username:n,provider:wh});return i||dr({userAdapter:e.data.users,tenant_id:t,username:n,provider:ab})}async function B$(e,t){const{client:n,username:i,connection:r,ip:o}=t,a=await lo({env:e.env,tenant_id:n.tenant.id,username:i});if(a)return a;const c=await uc(e.env,n.tenant.id);return gh(e,{client:n,username:i,provider:c,connection:r,isSocial:!1,ip:o})}const IR=["email","email_verified","phone_number","phone_verified","username"];function v2(e){const t={connection:e.connection,provider:e.provider,user_id:fy(e.user_id),isSocial:e.is_social};for(const n of IR)e[n]!==void 0&&e[n]!==null&&(t[n]=e[n]);return t}const A2=Et.extend({users:s.z.array(zn)}),zR=Et.extend({sessions:s.z.array(uh)}),PR=Et.extend({logs:s.z.array($a)}),NR=Et.extend({organizations:s.z.array(Br)}),wy=s.z.object({client_id:s.z.string(),name:s.z.string(),logo_uri:s.z.string().optional(),registration_type:s.z.enum(["manual","open_dcr","iat_dcr"]).optional(),registration_metadata:s.z.record(s.z.any()).optional(),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),FR=Et.extend({connected_clients:s.z.array(wy)}),OR=new s.OpenAPIHono().openapi(s.createRoute({tags:["users"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(zn),A2])}},description:"List of users"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query");if(o?.includes("identities.profileData.email")){const d=o.split("=")[1],p=(await e.env.data.users.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,q:`email:${d}`})).users.filter(g=>g.linked_to),[f]=p;if(!f)return e.json([]);const h=await e.env.data.users.get(e.var.tenant_id,f.linked_to);if(!h)throw new z(500,{message:"Primary account not found"});return e.json([zn.parse(h)])}const a=["-_exists_:linked_to"];o&&a.push(o);const c=await e.env.data.users.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:a.join(" ")}),l=c.users.filter(d=>!d.linked_to);return i?e.json(A2.parse({users:l,length:c.length,start:c.start,limit:c.limit})):e.json(s.z.array(zn).parse(l))}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:zn}},description:"List of users"}}}),async e=>{const{user_id:t}=e.req.valid("param"),n=await e.env.data.users.get(e.var.tenant_id,t);if(!n)throw new z(404);if(n.linked_to)throw new z(404,{message:"User is linked to another user"});return e.json(zn.parse(n))}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["delete:users","auth:write"]}],responses:{204:{description:"Status"}}}),async e=>{const{user_id:t}=e.req.valid("param"),n=await e.env.data.users.get(e.var.tenant_id,t);if(!await e.env.data.users.remove(e.var.tenant_id,t))throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a User",beforeState:n??void 0,targetType:"user",targetId:t,response:{statusCode:204,body:{}}}),e.body(null,204)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({...wp.shape,password:s.z.string().optional()})}}}},security:[{Bearer:["create:users","auth:write"]}],responses:{201:{content:{"application/json":{schema:zn}},description:"Status"}}}),async e=>{const t=e.req.valid("json");e.set("body",t);const{email:n,phone_number:i,name:r,linked_to:o,email_verified:a,provider:c,connection:l,password:d}=t,u=await e.env.data.connections.get(e.var.tenant_id,l),p=u?D$(u):c||l,f=t.user_id,h=f?fy(f):ao(),g=`${p}|${h}`;try{let m;d&&(m=await Pa(d));const _={email:n,user_id:g,name:r||n||i,phone_number:i,provider:p,connection:l,linked_to:o??void 0,email_verified:a||!1,last_ip:"",is_social:!1,last_login:new Date().toISOString(),...m&&{password:m}},y=await e.env.data.users.create(e.var.tenant_id,_);e.set("user_id",y.user_id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"User created",afterState:y,targetType:"user",targetId:y.user_id});const w=y.identities?y:{...y,identities:[v2(y)]};return e.json(zn.parse(w),{status:201})}catch(m){throw m.message==="User already exists"?new z(409,{message:"User already exists"}):m}}).openapi(s.createRoute({tags:["users"],method:"patch",path:"/{user_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({...wp.shape,verify_email:s.z.boolean(),password:s.z.string()}).partial()}}},params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["update:users","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{data:t}=e.env,n=e.req.valid("json"),{user_id:i}=e.req.valid("param"),{verify_email:r,password:o,connection:a,...c}=n,l=await t.users.get(e.var.tenant_id,i);if(!l)throw new z(404);if(l.linked_to)throw new z(404,{message:"User is linked to another user"});let d=i,u=l;if(a){const f=a===W.USERNAME_PASSWORD,h=y=>f?Up(y.provider):y.connection===a,m=f&&l.provider==="auth0"?await t.users.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1,q:`linked_to:${i}`}):null,_=m?.users.find(y=>y.provider==="auth2"&&h(y));if(_)d=_.user_id,u=_;else if(h(l))d=i,u=l;else{const w=(m??await t.users.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1,q:`linked_to:${i}`})).users.find(h);if(!w)throw new z(404,{message:`No identity found with connection: ${a}`});d=w.user_id,u=w}}if(c.email&&c.email!==u.email){const f=await eb(e.env.data.users,e.var.tenant_id,c.email);if(f.length&&f.some(h=>h.user_id!==d))throw new z(409,{message:"Another user with the same email address already exists."})}if(c.phone_number&&c.phone_number!==u.phone_number){const{users:f}=await t.users.list(e.var.tenant_id,{page:0,per_page:10,include_totals:!1,q:`phone_number:${c.phone_number}`});if(f.some(h=>h.user_id!==d))throw new z(409,{message:"Another user with the same phone number already exists."})}if(await e.env.data.users.update(e.var.tenant_id,d,c),o){let f;if(a)if(a===W.USERNAME_PASSWORD)f={provider:u.provider,user_id:fy(d)};else throw new z(400,{message:`Cannot set password for connection: ${a}`});else if(f=l.identities?.find(y=>y.connection===W.USERNAME_PASSWORD&&y.provider==="auth2")??l.identities?.find(y=>Up(y.provider))??l.identities?.find(y=>y.connection===W.USERNAME_PASSWORD),!f)throw new z(400,{message:"User does not have a password identity"});const h=`${f.provider}|${f.user_id}`,g=await t.passwords.get(e.var.tenant_id,h);g&&await t.passwords.update(e.var.tenant_id,{id:g.id,user_id:h,password:g.password,algorithm:g.algorithm,is_current:!1});const{hash:m,algorithm:_}=await Pa(o);await t.passwords.create(e.var.tenant_id,{user_id:h,password:m,algorithm:_,is_current:!0})}const p=await e.env.data.users.get(e.var.tenant_id,i);if(!p)throw new z(500);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a User",beforeState:l,afterState:p,targetType:"user",targetId:i,body:n,response:{statusCode:200,body:p}}),e.json(zn.parse(p))}).openapi(s.createRoute({tags:["users"],method:"post",path:"/{user_id}/identities",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.union([s.z.object({link_with:s.z.string()}),s.z.object({user_id:s.z.string(),provider:s.z.string(),connection:s.z.string().optional()})])}}},params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:s.z.array(_p)}},description:"Status"}}}),async e=>{const t=e.req.valid("json"),{user_id:n}=e.req.valid("param"),i="link_with"in t?t.link_with:t.user_id,r=await e.env.data.users.get(e.var.tenant_id,n);if(!r)throw new z(400,{message:"Linking an inexistent identity is not allowed."});await e.env.data.users.update(e.var.tenant_id,i,{linked_to:n});const o=await e.env.data.users.list(e.var.tenant_id,{page:0,per_page:10,include_totals:!1,q:`linked_to:${n}`}),a=[r,...o.users].map(v2);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Link a user identity",targetType:"identity",targetId:n}),e.json(s.z.array(_p).parse(a),{status:201})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}/identities/{provider}/{linked_user_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string(),provider:s.z.string(),linked_user_id:s.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:s.z.array(zn)}},description:"Status"}}}),async e=>{const{user_id:t,provider:n,linked_user_id:i}=e.req.valid("param");await e.env.data.users.unlink(e.var.tenant_id,t,n,i);const r=await e.env.data.users.get(e.var.tenant_id,t);if(!r)throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Unlink a user identity",targetType:"identity",targetId:t}),e.json([zn.parse(r)])}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/connected-clients",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["read:clients","read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(wy),FR])}},description:"List of clients connected to this user (created via IAT-gated DCR)."}}}),async e=>{const{user_id:t}=e.req.valid("param"),{include_totals:n,page:i,per_page:r}=e.req.valid("query"),o=await e.env.data.clients.list(e.var.tenant_id,{page:i,per_page:r,include_totals:n,q:`owner_user_id:"${t}"`}),a=o.clients.filter(c=>c.client_metadata?.status!=="deleted").map(c=>wy.parse(c));return n?e.json({connected_clients:a,start:o.totals?.start??0,limit:o.totals?.limit??0,length:a.length}):e.json(a)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/sessions",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(uh),zR])}},description:"List of sessions"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{include_totals:n,page:i,per_page:r}=e.req.valid("query"),o=await e.env.data.sessions.list(e.var.tenant_id,{page:i,per_page:r,include_totals:n,q:`user_id:${t}`});return n?e.json(o):e.json(o.sessions)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/logs",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({user_id:s.z.string()})},security:[{Bearer:["read:logs","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array($a),PR])}},description:"List of logs across the user and any linked accounts"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{include_totals:n,page:i,per_page:r,sort:o}=e.req.valid("query"),a=await e.env.data.users.get(e.var.tenant_id,t);if(!a||a.linked_to)throw new z(404);const c=await e.env.data.users.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1,q:`linked_to:${t}`}),d=[t,...c.users.map(p=>p.user_id)].map(p=>`user_id:"${p}"`).join(" OR "),u=await e.env.data.logs.list(e.var.tenant_id,{page:i,per_page:r,include_totals:n,sort:kt(o),q:d});return n?e.json(u):e.json(u.logs)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/permissions",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:ct},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:cC}},description:"User permissions"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{page:n,per_page:i,sort:r,q:o}=e.req.valid("query");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});const c=await e.env.data.userPermissions.list(e.var.tenant_id,t,{page:n,per_page:i,include_totals:!1,sort:kt(r),q:o});return e.json(c)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/{user_id}/permissions",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{201:{description:"Permissions assigned to user"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});for(const r of n)if(!await e.env.data.userPermissions.create(e.var.tenant_id,t,{user_id:t,resource_server_identifier:r.resource_server_identifier,permission_name:r.permission_name}))throw new z(500,{message:"Failed to assign permissions to user"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Assign permissions to a user",targetType:"user_permission",targetId:t}),e.json({message:"Permissions assigned successfully"},{status:201})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}/permissions",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{200:{description:"Permissions removed from user"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});for(const r of n)if(!await e.env.data.userPermissions.remove(e.var.tenant_id,t,r))throw new z(500,{message:"Failed to remove permissions from user"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove permissions from a user",targetType:"user_permission",targetId:t}),e.json({message:"Permissions removed successfully"})}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/roles",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:$p}},description:"User roles"}}}),async e=>{const{user_id:t}=e.req.valid("param");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});const i=await e.env.data.userRoles.list(e.var.tenant_id,t,void 0,"");return e.json(i)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/{user_id}/roles",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string())})}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{201:{description:"Roles assigned to user"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{roles:n}=e.req.valid("json");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});for(const r of n)if(!await e.env.data.userRoles.create(e.var.tenant_id,t,r,""))throw new z(500,{message:"Failed to assign roles to user"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Assign roles to a user",targetType:"user_role",targetId:t}),e.json({message:"Roles assigned successfully"},{status:201})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}/roles",request:{params:s.z.object({user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string())})}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{200:{description:"Roles removed from user"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{roles:n}=e.req.valid("json");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});for(const r of n)if(!await e.env.data.userRoles.remove(e.var.tenant_id,t,r,""))throw new z(500,{message:"Failed to remove roles from user"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove roles from a user",targetType:"user_role",targetId:t}),e.json({message:"Roles removed successfully"})}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{user_id}/organizations",request:{params:s.z.object({user_id:s.z.string()}),query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([NR,s.z.array(Br)])}},description:"List of user organizations"}}}),async e=>{const{user_id:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o}=e.req.valid("query");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});const c=await e.env.data.userOrganizations.listUserOrganizations(e.var.tenant_id,t,{page:n,per_page:i,sort:kt(o)});return r?e.json({organizations:c.organizations,start:c.start,limit:c.limit,length:c.length}):e.json(c.organizations)}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{user_id}/organizations/{organization_id}",request:{params:s.z.object({user_id:s.z.string(),organization_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:users","auth:write"]}],responses:{200:{description:"User removed from organization successfully"}}}),async e=>{const{user_id:t,organization_id:n}=e.req.valid("param");if(!await e.env.data.users.get(e.var.tenant_id,t))throw new z(404,{message:"User not found"});const o=(await e.env.data.userOrganizations.list(e.var.tenant_id,{q:`user_id:${t}`,per_page:100})).userOrganizations.find(a=>a.organization_id===n);if(!o)throw new z(404,{message:"User is not a member of this organization"});return await e.env.data.userOrganizations.remove(e.var.tenant_id,o.id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove a user from an organization",targetType:"user_organization",targetId:t}),e.json({message:"User removed from organization successfully"})});var k2=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function cb(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function jR(e){if(Object.prototype.hasOwnProperty.call(e,"__esModule"))return e;var t=e.default;if(typeof t=="function"){var n=function i(){var r=!1;try{r=this instanceof i}catch{}return r?Reflect.construct(t,arguments,this.constructor):t.apply(this,arguments)};n.prototype=t.prototype}else n={};return Object.defineProperty(n,"__esModule",{value:!0}),Object.keys(e).forEach(function(i){var r=Object.getOwnPropertyDescriptor(e,i);Object.defineProperty(n,i,r.get?r:{enumerable:!0,get:function(){return e[i]}})}),n}var S2={};var E2;function RR(){if(E2)return S2;E2=1;var e;return(function(t){(function(n){var i=typeof globalThis=="object"?globalThis:typeof k2=="object"?k2:typeof self=="object"?self:typeof this=="object"?this:l(),r=o(t);typeof i.Reflect<"u"&&(r=o(i.Reflect,r)),n(r,i),typeof i.Reflect>"u"&&(i.Reflect=t);function o(d,u){return function(p,f){Object.defineProperty(d,p,{configurable:!0,writable:!0,value:f}),u&&u(p,f)}}function a(){try{return Function("return this;")()}catch{}}function c(){try{return(0,eval)("(function() { return this; })()")}catch{}}function l(){return a()||c()}})(function(n,i){var r=Object.prototype.hasOwnProperty,o=typeof Symbol=="function",a=o&&typeof Symbol.toPrimitive<"u"?Symbol.toPrimitive:"@@toPrimitive",c=o&&typeof Symbol.iterator<"u"?Symbol.iterator:"@@iterator",l=typeof Object.create=="function",d={__proto__:[]}instanceof Array,u=!l&&!d,p={create:l?function(){return qg(Object.create(null))}:d?function(){return qg({__proto__:null})}:function(){return qg({})},has:u?function(M,q){return r.call(M,q)}:function(M,q){return q in M},get:u?function(M,q){return r.call(M,q)?M[q]:void 0}:function(M,q){return M[q]}},f=Object.getPrototypeOf(Function),h=typeof Map=="function"&&typeof Map.prototype.entries=="function"?Map:wu(),g=typeof Set=="function"&&typeof Set.prototype.entries=="function"?Set:Ug(),m=typeof WeakMap=="function"?WeakMap:aN(),_=o?Symbol.for("@reflect-metadata:registry"):void 0,y=Ki(),w=Kn(y);function b(M,q,J,se){if(G(J)){if(!oe(M))throw new TypeError;if(!we(q))throw new TypeError;return N(M,q)}else{if(!oe(M))throw new TypeError;if(!re(q))throw new TypeError;if(!re(se)&&!G(se)&&!Ne(se))throw new TypeError;return Ne(se)&&(se=void 0),J=H(J),D(M,q,J,se)}}n("decorate",b);function A(M,q){function J(se,ke){if(!re(se))throw new TypeError;if(!G(ke)&&!Xe(ke))throw new TypeError;Q(M,q,se,ke)}return J}n("metadata",A);function v(M,q,J,se){if(!re(J))throw new TypeError;return G(se)||(se=H(se)),Q(M,q,J,se)}n("defineMetadata",v);function k(M,q,J){if(!re(q))throw new TypeError;return G(J)||(J=H(J)),B(M,q,J)}n("hasMetadata",k);function x(M,q,J){if(!re(q))throw new TypeError;return G(J)||(J=H(J)),V(M,q,J)}n("hasOwnMetadata",x);function T(M,q,J){if(!re(q))throw new TypeError;return G(J)||(J=H(J)),Z(M,q,J)}n("getMetadata",T);function I(M,q,J){if(!re(q))throw new TypeError;return G(J)||(J=H(J)),te(M,q,J)}n("getOwnMetadata",I);function F(M,q){if(!re(M))throw new TypeError;return G(q)||(q=H(q)),ie(M,q)}n("getMetadataKeys",F);function $(M,q){if(!re(M))throw new TypeError;return G(q)||(q=H(q)),me(M,q)}n("getOwnMetadataKeys",$);function P(M,q,J){if(!re(q))throw new TypeError;if(G(J)||(J=H(J)),!re(q))throw new TypeError;G(J)||(J=H(J));var se=mo(q,J,!1);return G(se)?!1:se.OrdinaryDeleteMetadata(M,q,J)}n("deleteMetadata",P);function N(M,q){for(var J=M.length-1;J>=0;--J){var se=M[J],ke=se(q);if(!G(ke)&&!Ne(ke)){if(!we(ke))throw new TypeError;q=ke}}return q}function D(M,q,J,se){for(var ke=M.length-1;ke>=0;--ke){var It=M[ke],xt=It(q,J,se);if(!G(xt)&&!Ne(xt)){if(!re(xt))throw new TypeError;se=xt}}return se}function B(M,q,J){var se=V(M,q,J);if(se)return!0;var ke=Me(q);return Ne(ke)?!1:B(M,ke,J)}function V(M,q,J){var se=mo(q,J,!1);return G(se)?!1:lt(se.OrdinaryHasOwnMetadata(M,q,J))}function Z(M,q,J){var se=V(M,q,J);if(se)return te(M,q,J);var ke=Me(q);if(!Ne(ke))return Z(M,ke,J)}function te(M,q,J){var se=mo(q,J,!1);if(!G(se))return se.OrdinaryGetOwnMetadata(M,q,J)}function Q(M,q,J,se){var ke=mo(J,se,!0);ke.OrdinaryDefineOwnMetadata(M,q,J,se)}function ie(M,q){var J=me(M,q),se=Me(M);if(se===null)return J;var ke=ie(se,q);if(ke.length<=0)return J;if(J.length<=0)return ke;for(var It=new g,xt=[],Re=0,ce=J;Re<ce.length;Re++){var fe=ce[Re],he=It.has(fe);he||(It.add(fe),xt.push(fe))}for(var _e=0,De=ke;_e<De.length;_e++){var fe=De[_e],he=It.has(fe);he||(It.add(fe),xt.push(fe))}return xt}function me(M,q){var J=mo(M,q,!1);return J?J.OrdinaryOwnMetadataKeys(M,q):[]}function Ae(M){if(M===null)return 1;switch(typeof M){case"undefined":return 0;case"boolean":return 2;case"string":return 3;case"symbol":return 4;case"number":return 5;case"object":return M===null?1:6;default:return 6}}function G(M){return M===void 0}function Ne(M){return M===null}function xe(M){return typeof M=="symbol"}function re(M){return typeof M=="object"?M!==null:typeof M=="function"}function $e(M,q){switch(Ae(M)){case 0:return M;case 1:return M;case 2:return M;case 3:return M;case 4:return M;case 5:return M}var J="string",se=Fs(M,a);if(se!==void 0){var ke=se.call(M,J);if(re(ke))throw new TypeError;return ke}return rt(M)}function rt(M,q){var J,se;{var ke=M.toString;if(K(ke)){var se=ke.call(M);if(!re(se))return se}var J=M.valueOf;if(K(J)){var se=J.call(M);if(!re(se))return se}}throw new TypeError}function lt(M){return!!M}function on(M){return""+M}function H(M){var q=$e(M);return xe(q)?q:on(q)}function oe(M){return Array.isArray?Array.isArray(M):M instanceof Object?M instanceof Array:Object.prototype.toString.call(M)==="[object Array]"}function K(M){return typeof M=="function"}function we(M){return typeof M=="function"}function Xe(M){switch(Ae(M)){case 3:return!0;case 4:return!0;default:return!1}}function st(M,q){return M===q||M!==M&&q!==q}function Fs(M,q){var J=M[q];if(J!=null){if(!K(J))throw new TypeError;return J}}function Os(M){var q=Fs(M,c);if(!K(q))throw new TypeError;var J=q.call(M);if(!re(J))throw new TypeError;return J}function Le(M){return M.value}function je(M){var q=M.next();return q.done?!1:q}function js(M){var q=M.return;q&&q.call(M)}function Me(M){var q=Object.getPrototypeOf(M);if(typeof M!="function"||M===f||q!==f)return q;var J=M.prototype,se=J&&Object.getPrototypeOf(J);if(se==null||se===Object.prototype)return q;var ke=se.constructor;return typeof ke!="function"||ke===M?q:ke}function Ve(){var M;!G(_)&&typeof i.Reflect<"u"&&!(_ in i.Reflect)&&typeof i.Reflect.defineMetadata=="function"&&(M=_n(i.Reflect));var q,J,se,ke=new m,It={registerProvider:xt,getProvider:ce,setProvider:he};return It;function xt(_e){if(!Object.isExtensible(It))throw new Error("Cannot add provider to a frozen registry.");switch(!0){case M===_e:break;case G(q):q=_e;break;case q===_e:break;case G(J):J=_e;break;case J===_e:break;default:se===void 0&&(se=new g),se.add(_e);break}}function Re(_e,De){if(!G(q)){if(q.isProviderFor(_e,De))return q;if(!G(J)){if(J.isProviderFor(_e,De))return q;if(!G(se))for(var tt=Os(se);;){var ft=je(tt);if(!ft)return;var Gn=Le(ft);if(Gn.isProviderFor(_e,De))return js(tt),Gn}}}if(!G(M)&&M.isProviderFor(_e,De))return M}function ce(_e,De){var tt=ke.get(_e),ft;return G(tt)||(ft=tt.get(De)),G(ft)&&(ft=Re(_e,De),G(ft)||(G(tt)&&(tt=new h,ke.set(_e,tt)),tt.set(De,ft))),ft}function fe(_e){if(G(_e))throw new TypeError;return q===_e||J===_e||!G(se)&&se.has(_e)}function he(_e,De,tt){if(!fe(tt))throw new Error("Metadata provider not registered.");var ft=ce(_e,De);if(ft!==tt){if(!G(ft))return!1;var Gn=ke.get(_e);G(Gn)&&(Gn=new h,ke.set(_e,Gn)),Gn.set(De,tt)}return!0}}function Ki(){var M;return!G(_)&&re(i.Reflect)&&Object.isExtensible(i.Reflect)&&(M=i.Reflect[_]),G(M)&&(M=Ve()),!G(_)&&re(i.Reflect)&&Object.isExtensible(i.Reflect)&&Object.defineProperty(i.Reflect,_,{enumerable:!1,configurable:!1,writable:!1,value:M}),M}function Kn(M){var q=new m,J={isProviderFor:function(fe,he){var _e=q.get(fe);return G(_e)?!1:_e.has(he)},OrdinaryDefineOwnMetadata:xt,OrdinaryHasOwnMetadata:ke,OrdinaryGetOwnMetadata:It,OrdinaryOwnMetadataKeys:Re,OrdinaryDeleteMetadata:ce};return y.registerProvider(J),J;function se(fe,he,_e){var De=q.get(fe),tt=!1;if(G(De)){if(!_e)return;De=new h,q.set(fe,De),tt=!0}var ft=De.get(he);if(G(ft)){if(!_e)return;if(ft=new h,De.set(he,ft),!M.setProvider(fe,he,J))throw De.delete(he),tt&&q.delete(fe),new Error("Wrong provider for target.")}return ft}function ke(fe,he,_e){var De=se(he,_e,!1);return G(De)?!1:lt(De.has(fe))}function It(fe,he,_e){var De=se(he,_e,!1);if(!G(De))return De.get(fe)}function xt(fe,he,_e,De){var tt=se(_e,De,!0);tt.set(fe,he)}function Re(fe,he){var _e=[],De=se(fe,he,!1);if(G(De))return _e;for(var tt=De.keys(),ft=Os(tt),Gn=0;;){var S1=je(ft);if(!S1)return _e.length=Gn,_e;var cN=Le(S1);try{_e[Gn]=cN}catch(lN){try{js(ft)}finally{throw lN}}Gn++}}function ce(fe,he,_e){var De=se(he,_e,!1);if(G(De)||!De.delete(fe))return!1;if(De.size===0){var tt=q.get(he);G(tt)||(tt.delete(_e),tt.size===0&&q.delete(tt))}return!0}}function _n(M){var q=M.defineMetadata,J=M.hasOwnMetadata,se=M.getOwnMetadata,ke=M.getOwnMetadataKeys,It=M.deleteMetadata,xt=new m,Re={isProviderFor:function(ce,fe){var he=xt.get(ce);return!G(he)&&he.has(fe)?!0:ke(ce,fe).length?(G(he)&&(he=new g,xt.set(ce,he)),he.add(fe),!0):!1},OrdinaryDefineOwnMetadata:q,OrdinaryHasOwnMetadata:J,OrdinaryGetOwnMetadata:se,OrdinaryOwnMetadataKeys:ke,OrdinaryDeleteMetadata:It};return Re}function mo(M,q,J){var se=y.getProvider(M,q);if(!G(se))return se;if(J){if(y.setProvider(M,q,w))return w;throw new Error("Illegal state.")}}function wu(){var M={},q=[],J=(function(){function Re(ce,fe,he){this._index=0,this._keys=ce,this._values=fe,this._selector=he}return Re.prototype["@@iterator"]=function(){return this},Re.prototype[c]=function(){return this},Re.prototype.next=function(){var ce=this._index;if(ce>=0&&ce<this._keys.length){var fe=this._selector(this._keys[ce],this._values[ce]);return ce+1>=this._keys.length?(this._index=-1,this._keys=q,this._values=q):this._index++,{value:fe,done:!1}}return{value:void 0,done:!0}},Re.prototype.throw=function(ce){throw this._index>=0&&(this._index=-1,this._keys=q,this._values=q),ce},Re.prototype.return=function(ce){return this._index>=0&&(this._index=-1,this._keys=q,this._values=q),{value:ce,done:!0}},Re})(),se=(function(){function Re(){this._keys=[],this._values=[],this._cacheKey=M,this._cacheIndex=-2}return Object.defineProperty(Re.prototype,"size",{get:function(){return this._keys.length},enumerable:!0,configurable:!0}),Re.prototype.has=function(ce){return this._find(ce,!1)>=0},Re.prototype.get=function(ce){var fe=this._find(ce,!1);return fe>=0?this._values[fe]:void 0},Re.prototype.set=function(ce,fe){var he=this._find(ce,!0);return this._values[he]=fe,this},Re.prototype.delete=function(ce){var fe=this._find(ce,!1);if(fe>=0){for(var he=this._keys.length,_e=fe+1;_e<he;_e++)this._keys[_e-1]=this._keys[_e],this._values[_e-1]=this._values[_e];return this._keys.length--,this._values.length--,st(ce,this._cacheKey)&&(this._cacheKey=M,this._cacheIndex=-2),!0}return!1},Re.prototype.clear=function(){this._keys.length=0,this._values.length=0,this._cacheKey=M,this._cacheIndex=-2},Re.prototype.keys=function(){return new J(this._keys,this._values,ke)},Re.prototype.values=function(){return new J(this._keys,this._values,It)},Re.prototype.entries=function(){return new J(this._keys,this._values,xt)},Re.prototype["@@iterator"]=function(){return this.entries()},Re.prototype[c]=function(){return this.entries()},Re.prototype._find=function(ce,fe){if(!st(this._cacheKey,ce)){this._cacheIndex=-1;for(var he=0;he<this._keys.length;he++)if(st(this._keys[he],ce)){this._cacheIndex=he;break}}return this._cacheIndex<0&&fe&&(this._cacheIndex=this._keys.length,this._keys.push(ce),this._values.push(void 0)),this._cacheIndex},Re})();return se;function ke(Re,ce){return Re}function It(Re,ce){return ce}function xt(Re,ce){return[Re,ce]}}function Ug(){var M=(function(){function q(){this._map=new h}return Object.defineProperty(q.prototype,"size",{get:function(){return this._map.size},enumerable:!0,configurable:!0}),q.prototype.has=function(J){return this._map.has(J)},q.prototype.add=function(J){return this._map.set(J,J),this},q.prototype.delete=function(J){return this._map.delete(J)},q.prototype.clear=function(){this._map.clear()},q.prototype.keys=function(){return this._map.keys()},q.prototype.values=function(){return this._map.keys()},q.prototype.entries=function(){return this._map.entries()},q.prototype["@@iterator"]=function(){return this.keys()},q.prototype[c]=function(){return this.keys()},q})();return M}function aN(){var M=16,q=p.create(),J=se();return(function(){function ce(){this._key=se()}return ce.prototype.has=function(fe){var he=ke(fe,!1);return he!==void 0?p.has(he,this._key):!1},ce.prototype.get=function(fe){var he=ke(fe,!1);return he!==void 0?p.get(he,this._key):void 0},ce.prototype.set=function(fe,he){var _e=ke(fe,!0);return _e[this._key]=he,this},ce.prototype.delete=function(fe){var he=ke(fe,!1);return he!==void 0?delete he[this._key]:!1},ce.prototype.clear=function(){this._key=se()},ce})();function se(){var ce;do ce="@@WeakMap@@"+Re();while(p.has(q,ce));return q[ce]=!0,ce}function ke(ce,fe){if(!r.call(ce,J)){if(!fe)return;Object.defineProperty(ce,J,{value:p.create()})}return ce[J]}function It(ce,fe){for(var he=0;he<fe;++he)ce[he]=Math.random()*255|0;return ce}function xt(ce){if(typeof Uint8Array=="function"){var fe=new Uint8Array(ce);return typeof crypto<"u"?crypto.getRandomValues(fe):typeof msCrypto<"u"?msCrypto.getRandomValues(fe):It(fe,ce),fe}return It(new Array(ce),ce)}function Re(){var ce=xt(M);ce[6]=ce[6]&79|64,ce[8]=ce[8]&191|128;for(var fe="",he=0;he<M;++he){var _e=ce[he];(he===4||he===6||he===8)&&(fe+="-"),_e<16&&(fe+="0"),fe+=_e.toString(16).toLowerCase()}return fe}}function qg(M){return M.__=void 0,delete M.__,M}})})(e||(e={})),S2}RR();const DR="[object ArrayBuffer]";class ae{static isArrayBuffer(t){return Object.prototype.toString.call(t)===DR}static toArrayBuffer(t){return this.isArrayBuffer(t)?t:t.byteLength===t.buffer.byteLength||t.byteOffset===0&&t.byteLength===t.buffer.byteLength?t.buffer:this.toUint8Array(t.buffer).slice(t.byteOffset,t.byteOffset+t.byteLength).buffer}static toUint8Array(t){return this.toView(t,Uint8Array)}static toView(t,n){if(t.constructor===n)return t;if(this.isArrayBuffer(t))return new n(t);if(this.isArrayBufferView(t))return new n(t.buffer,t.byteOffset,t.byteLength);throw new TypeError("The provided value is not of type '(ArrayBuffer or ArrayBufferView)'")}static isBufferSource(t){return this.isArrayBufferView(t)||this.isArrayBuffer(t)}static isArrayBufferView(t){return ArrayBuffer.isView(t)||t&&this.isArrayBuffer(t.buffer)}static isEqual(t,n){const i=ae.toUint8Array(t),r=ae.toUint8Array(n);if(i.length!==r.byteLength)return!1;for(let o=0;o<i.length;o++)if(i[o]!==r[o])return!1;return!0}static concat(...t){let n;Array.isArray(t[0])&&!(t[1]instanceof Function)||Array.isArray(t[0])&&t[1]instanceof Function?n=t[0]:t[t.length-1]instanceof Function?n=t.slice(0,t.length-1):n=t;let i=0;for(const a of n)i+=a.byteLength;const r=new Uint8Array(i);let o=0;for(const a of n){const c=this.toUint8Array(a);r.set(c,o),o+=c.length}return t[t.length-1]instanceof Function?this.toView(r,t[t.length-1]):r.buffer}}const Zg="string",BR=/^[0-9a-f\s]+$/i,LR=/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/,MR=/^[a-zA-Z0-9-_]+$/;class x2{static fromString(t){const n=unescape(encodeURIComponent(t)),i=new Uint8Array(n.length);for(let r=0;r<n.length;r++)i[r]=n.charCodeAt(r);return i.buffer}static toString(t){const n=ae.toUint8Array(t);let i="";for(let o=0;o<n.length;o++)i+=String.fromCharCode(n[o]);return decodeURIComponent(escape(i))}}class vi{static toString(t,n=!1){const i=ae.toArrayBuffer(t),r=new DataView(i);let o="";for(let a=0;a<i.byteLength;a+=2){const c=r.getUint16(a,n);o+=String.fromCharCode(c)}return o}static fromString(t,n=!1){const i=new ArrayBuffer(t.length*2),r=new DataView(i);for(let o=0;o<t.length;o++)r.setUint16(o*2,t.charCodeAt(o),n);return i}}class ge{static isHex(t){return typeof t===Zg&&BR.test(t)}static isBase64(t){return typeof t===Zg&&LR.test(t)}static isBase64Url(t){return typeof t===Zg&&MR.test(t)}static ToString(t,n="utf8"){const i=ae.toUint8Array(t);switch(n.toLowerCase()){case"utf8":return this.ToUtf8String(i);case"binary":return this.ToBinary(i);case"hex":return this.ToHex(i);case"base64":return this.ToBase64(i);case"base64url":return this.ToBase64Url(i);case"utf16le":return vi.toString(i,!0);case"utf16":case"utf16be":return vi.toString(i);default:throw new Error(`Unknown type of encoding '${n}'`)}}static FromString(t,n="utf8"){if(!t)return new ArrayBuffer(0);switch(n.toLowerCase()){case"utf8":return this.FromUtf8String(t);case"binary":return this.FromBinary(t);case"hex":return this.FromHex(t);case"base64":return this.FromBase64(t);case"base64url":return this.FromBase64Url(t);case"utf16le":return vi.fromString(t,!0);case"utf16":case"utf16be":return vi.fromString(t);default:throw new Error(`Unknown type of encoding '${n}'`)}}static ToBase64(t){const n=ae.toUint8Array(t);if(typeof btoa<"u"){const i=this.ToString(n,"binary");return btoa(i)}else return Buffer.from(n).toString("base64")}static FromBase64(t){const n=this.formatString(t);if(!n)return new ArrayBuffer(0);if(!ge.isBase64(n))throw new TypeError("Argument 'base64Text' is not Base64 encoded");return typeof atob<"u"?this.FromBinary(atob(n)):new Uint8Array(Buffer.from(n,"base64")).buffer}static FromBase64Url(t){const n=this.formatString(t);if(!n)return new ArrayBuffer(0);if(!ge.isBase64Url(n))throw new TypeError("Argument 'base64url' is not Base64Url encoded");return this.FromBase64(this.Base64Padding(n.replace(/\-/g,"+").replace(/\_/g,"/")))}static ToBase64Url(t){return this.ToBase64(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/\=/g,"")}static FromUtf8String(t,n=ge.DEFAULT_UTF8_ENCODING){switch(n){case"ascii":return this.FromBinary(t);case"utf8":return x2.fromString(t);case"utf16":case"utf16be":return vi.fromString(t);case"utf16le":case"usc2":return vi.fromString(t,!0);default:throw new Error(`Unknown type of encoding '${n}'`)}}static ToUtf8String(t,n=ge.DEFAULT_UTF8_ENCODING){switch(n){case"ascii":return this.ToBinary(t);case"utf8":return x2.toString(t);case"utf16":case"utf16be":return vi.toString(t);case"utf16le":case"usc2":return vi.toString(t,!0);default:throw new Error(`Unknown type of encoding '${n}'`)}}static FromBinary(t){const n=t.length,i=new Uint8Array(n);for(let r=0;r<n;r++)i[r]=t.charCodeAt(r);return i.buffer}static ToBinary(t){const n=ae.toUint8Array(t);let i="";for(let r=0;r<n.length;r++)i+=String.fromCharCode(n[r]);return i}static ToHex(t){const n=ae.toUint8Array(t);let i="";const r=n.length;for(let o=0;o<r;o++){const a=n[o];a<16&&(i+="0"),i+=a.toString(16)}return i}static FromHex(t){let n=this.formatString(t);if(!n)return new ArrayBuffer(0);if(!ge.isHex(n))throw new TypeError("Argument 'hexString' is not HEX encoded");n.length%2&&(n=`0${n}`);const i=new Uint8Array(n.length/2);for(let r=0;r<n.length;r=r+2){const o=n.slice(r,r+2);i[r/2]=parseInt(o,16)}return i.buffer}static ToUtf16String(t,n=!1){return vi.toString(t,n)}static FromUtf16String(t,n=!1){return vi.fromString(t,n)}static Base64Padding(t){const n=4-t.length%4;if(n<4)for(let i=0;i<n;i++)t+="=";return t}static formatString(t){return t?.replace(/[\n\r\t ]/g,"")||""}}ge.DEFAULT_UTF8_ENCODING="utf8";function UR(...e){const t=e.map(r=>r.byteLength).reduce((r,o)=>r+o),n=new Uint8Array(t);let i=0;return e.map(r=>new Uint8Array(r)).forEach(r=>{for(const o of r)n[i++]=o}),n.buffer}function qR(e,t){if(!(e&&t)||e.byteLength!==t.byteLength)return!1;const n=new Uint8Array(e),i=new Uint8Array(t);for(let r=0;r<e.byteLength;r++)if(n[r]!==i[r])return!1;return!0}function Fa(e,t){let n=0;if(e.length===1)return e[0];for(let i=e.length-1;i>=0;i--)n+=e[e.length-1-i]*Math.pow(2,t*i);return n}function ns(e,t,n=-1){const i=n;let r=e,o=0,a=Math.pow(2,t);for(let c=1;c<8;c++){if(e<a){let l;if(i<0)l=new ArrayBuffer(c),o=c;else{if(i<c)return new ArrayBuffer(0);l=new ArrayBuffer(i),o=i}const d=new Uint8Array(l);for(let u=c-1;u>=0;u--){const p=Math.pow(2,u*t);d[o-u-1]=Math.floor(r/p),r-=d[o-u-1]*p}return l}a*=Math.pow(2,t)}return new ArrayBuffer(0)}function by(...e){let t=0,n=0;for(const o of e)t+=o.length;const i=new ArrayBuffer(t),r=new Uint8Array(i);for(const o of e)r.set(o,n),n+=o.length;return r}function L$(){const e=new Uint8Array(this.valueHex);if(this.valueHex.byteLength>=2){const c=e[0]===255&&e[1]&128,l=e[0]===0&&(e[1]&128)===0;(c||l)&&this.warnings.push("Needlessly long format")}const t=new ArrayBuffer(this.valueHex.byteLength),n=new Uint8Array(t);for(let c=0;c<this.valueHex.byteLength;c++)n[c]=0;n[0]=e[0]&128;const i=Fa(n,8),r=new ArrayBuffer(this.valueHex.byteLength),o=new Uint8Array(r);for(let c=0;c<this.valueHex.byteLength;c++)o[c]=e[c];return o[0]&=127,Fa(o,8)-i}function HR(e){const t=e<0?e*-1:e;let n=128;for(let i=1;i<8;i++){if(t<=n){if(e<0){const a=n-t,c=ns(a,8,i),l=new Uint8Array(c);return l[0]|=128,c}let r=ns(t,8,i),o=new Uint8Array(r);if(o[0]&128){const a=r.slice(0),c=new Uint8Array(a);r=new ArrayBuffer(r.byteLength+1),o=new Uint8Array(r);for(let l=0;l<a.byteLength;l++)o[l+1]=c[l];o[0]=0}return r}n*=Math.pow(2,8)}return new ArrayBuffer(0)}function VR(e,t){if(e.byteLength!==t.byteLength)return!1;const n=new Uint8Array(e),i=new Uint8Array(t);for(let r=0;r<n.length;r++)if(n[r]!==i[r])return!1;return!0}function vn(e,t){const n=e.toString(10);if(t<n.length)return"";const i=t-n.length,r=new Array(i);for(let a=0;a<i;a++)r[a]="0";return r.join("").concat(n)}function qp(){if(typeof BigInt>"u")throw new Error("BigInt is not defined. Your environment doesn't implement BigInt.")}function lb(e){let t=0,n=0;for(let r=0;r<e.length;r++){const o=e[r];t+=o.byteLength}const i=new Uint8Array(t);for(let r=0;r<e.length;r++){const o=e[r];i.set(new Uint8Array(o),n),n+=o.byteLength}return i.buffer}function br(e,t,n,i){return t instanceof Uint8Array?t.byteLength?n<0?(e.error="Wrong parameter: inputOffset less than zero",!1):i<0?(e.error="Wrong parameter: inputLength less than zero",!1):t.byteLength-n-i<0?(e.error="End of input reached before message was fully decoded (inconsistent offset and length values)",!1):!0:(e.error="Wrong parameter: inputBuffer has zero length",!1):(e.error="Wrong parameter: inputBuffer must be 'Uint8Array'",!1)}class bh{constructor(){this.items=[]}write(t){this.items.push(t)}final(){return lb(this.items)}}const Fc=[new Uint8Array([1])],C2="0123456789",Xg="name",T2="valueHexView",KR="isHexOnly",GR="idBlock",WR="tagClass",JR="tagNumber",YR="isConstructed",QR="fromBER",ZR="toBER",XR="local",dn="",Ri=new ArrayBuffer(0),vh=new Uint8Array(0),Yl="EndOfContent",M$="OCTET STRING",U$="BIT STRING";function Di(e){var t;return t=class extends e{get valueHex(){return this.valueHexView.slice().buffer}set valueHex(i){this.valueHexView=new Uint8Array(i)}constructor(...i){var r;super(...i);const o=i[0]||{};this.isHexOnly=(r=o.isHexOnly)!==null&&r!==void 0?r:!1,this.valueHexView=o.valueHex?ae.toUint8Array(o.valueHex):vh}fromBER(i,r,o,a){const c=i instanceof ArrayBuffer?new Uint8Array(i):i;if(!br(this,c,r,o))return-1;const l=r+o;return this.valueHexView=c.subarray(r,l),this.valueHexView.length?(this.blockLength=o,l):(this.warnings.push("Zero buffer length"),r)}toBER(i=!1){return this.isHexOnly?i?new ArrayBuffer(this.valueHexView.byteLength):this.valueHexView.byteLength===this.valueHexView.buffer.byteLength?this.valueHexView.buffer:this.valueHexView.slice().buffer:(this.error="Flag 'isHexOnly' is not set, abort",Ri)}toJSON(){return{...super.toJSON(),isHexOnly:this.isHexOnly,valueHex:ge.ToHex(this.valueHexView)}}},t.NAME="hexBlock",t}class As{static blockName(){return this.NAME}get valueBeforeDecode(){return this.valueBeforeDecodeView.slice().buffer}set valueBeforeDecode(t){this.valueBeforeDecodeView=new Uint8Array(t)}constructor({blockLength:t=0,error:n=dn,warnings:i=[],valueBeforeDecode:r=vh}={}){this.blockLength=t,this.error=n,this.warnings=i,this.valueBeforeDecodeView=ae.toUint8Array(r)}toJSON(){return{blockName:this.constructor.NAME,blockLength:this.blockLength,error:this.error,warnings:this.warnings,valueBeforeDecode:ge.ToHex(this.valueBeforeDecodeView)}}}As.NAME="baseBlock";class Jt extends As{fromBER(t,n,i,r){throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'")}toBER(t,n){throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'")}}Jt.NAME="valueBlock";class q$ extends Di(As){constructor({idBlock:t={}}={}){var n,i,r,o;super(),t?(this.isHexOnly=(n=t.isHexOnly)!==null&&n!==void 0?n:!1,this.valueHexView=t.valueHex?ae.toUint8Array(t.valueHex):vh,this.tagClass=(i=t.tagClass)!==null&&i!==void 0?i:-1,this.tagNumber=(r=t.tagNumber)!==null&&r!==void 0?r:-1,this.isConstructed=(o=t.isConstructed)!==null&&o!==void 0?o:!1):(this.tagClass=-1,this.tagNumber=-1,this.isConstructed=!1)}toBER(t=!1){let n=0;switch(this.tagClass){case 1:n|=0;break;case 2:n|=64;break;case 3:n|=128;break;case 4:n|=192;break;default:return this.error="Unknown tag class",Ri}if(this.isConstructed&&(n|=32),this.tagNumber<31&&!this.isHexOnly){const r=new Uint8Array(1);if(!t){let o=this.tagNumber;o&=31,n|=o,r[0]=n}return r.buffer}if(!this.isHexOnly){const r=ns(this.tagNumber,7),o=new Uint8Array(r),a=r.byteLength,c=new Uint8Array(a+1);if(c[0]=n|31,!t){for(let l=0;l<a-1;l++)c[l+1]=o[l]|128;c[a]=o[a-1]}return c.buffer}const i=new Uint8Array(this.valueHexView.byteLength+1);if(i[0]=n|31,!t){const r=this.valueHexView;for(let o=0;o<r.length-1;o++)i[o+1]=r[o]|128;i[this.valueHexView.byteLength]=r[r.length-1]}return i.buffer}fromBER(t,n,i){const r=ae.toUint8Array(t);if(!br(this,r,n,i))return-1;const o=r.subarray(n,n+i);if(o.length===0)return this.error="Zero buffer length",-1;switch(o[0]&192){case 0:this.tagClass=1;break;case 64:this.tagClass=2;break;case 128:this.tagClass=3;break;case 192:this.tagClass=4;break;default:return this.error="Unknown tag class",-1}this.isConstructed=(o[0]&32)===32,this.isHexOnly=!1;const c=o[0]&31;if(c!==31)this.tagNumber=c,this.blockLength=1;else{let l=0;for(;;){const u=l+1;if(u>=o.length)return this.error="End of input reached before message was fully decoded",-1;if(l++,(o[u]&128)===0)break}this.blockLength=l+1;const d=this.valueHexView=new Uint8Array(l);for(let u=0;u<l;u++)d[u]=o[u+1]&127;this.blockLength<=9?this.tagNumber=Fa(d,7):(this.isHexOnly=!0,this.warnings.push("Tag too long, represented as hex-coded"))}if(this.tagClass===1&&this.isConstructed)switch(this.tagNumber){case 1:case 2:case 5:case 6:case 9:case 13:case 14:case 23:case 24:case 31:case 32:case 33:case 34:return this.error="Constructed encoding used for primitive type",-1}return n+this.blockLength}toJSON(){return{...super.toJSON(),tagClass:this.tagClass,tagNumber:this.tagNumber,isConstructed:this.isConstructed}}}q$.NAME="identificationBlock";class H$ extends As{constructor({lenBlock:t={}}={}){var n,i,r;super(),this.isIndefiniteForm=(n=t.isIndefiniteForm)!==null&&n!==void 0?n:!1,this.longFormUsed=(i=t.longFormUsed)!==null&&i!==void 0?i:!1,this.length=(r=t.length)!==null&&r!==void 0?r:0}fromBER(t,n,i){const r=ae.toUint8Array(t);if(!br(this,r,n,i))return-1;const o=r.subarray(n,n+i);if(o.length===0)return this.error="Zero buffer length",-1;if(o[0]===255)return this.error="Length block 0xFF is reserved by standard",-1;if(this.isIndefiniteForm=o[0]===128,this.isIndefiniteForm)return this.blockLength=1,n+this.blockLength;if(this.longFormUsed=!!(o[0]&128),this.longFormUsed===!1)return this.length=o[0],this.blockLength=1,n+this.blockLength;const a=o[0]&127;if(a>8)return this.error="Too big integer",-1;if(a+1>o.length)return this.error="End of input reached before message was fully decoded",-1;const c=n+1,l=r.subarray(c,c+a);return l[a-1]===0&&this.warnings.push("Needlessly long encoded length"),this.length=Fa(l,8),this.longFormUsed&&this.length<=127&&this.warnings.push("Unnecessary usage of long length form"),this.blockLength=a+1,n+this.blockLength}toBER(t=!1){let n,i;if(this.length>127&&(this.longFormUsed=!0),this.isIndefiniteForm)return n=new ArrayBuffer(1),t===!1&&(i=new Uint8Array(n),i[0]=128),n;if(this.longFormUsed){const r=ns(this.length,8);if(r.byteLength>127)return this.error="Too big length",Ri;if(n=new ArrayBuffer(r.byteLength+1),t)return n;const o=new Uint8Array(r);i=new Uint8Array(n),i[0]=r.byteLength|128;for(let a=0;a<r.byteLength;a++)i[a+1]=o[a];return n}return n=new ArrayBuffer(1),t===!1&&(i=new Uint8Array(n),i[0]=this.length),n}toJSON(){return{...super.toJSON(),isIndefiniteForm:this.isIndefiniteForm,longFormUsed:this.longFormUsed,length:this.length}}}H$.NAME="lengthBlock";const ue={};class Ft extends As{constructor({name:t=dn,optional:n=!1,primitiveSchema:i,...r}={},o){super(r),this.name=t,this.optional=n,i&&(this.primitiveSchema=i),this.idBlock=new q$(r),this.lenBlock=new H$(r),this.valueBlock=o?new o(r):new Jt(r)}fromBER(t,n,i,r){const o=this.valueBlock.fromBER(t,n,this.lenBlock.isIndefiniteForm?i:this.lenBlock.length,r);return o===-1?(this.error=this.valueBlock.error,o):(this.idBlock.error.length||(this.blockLength+=this.idBlock.blockLength),this.lenBlock.error.length||(this.blockLength+=this.lenBlock.blockLength),this.valueBlock.error.length||(this.blockLength+=this.valueBlock.blockLength),o)}toBER(t,n){const i=n||new bh;n||V$(this);const r=this.idBlock.toBER(t);if(i.write(r),this.lenBlock.isIndefiniteForm)i.write(new Uint8Array([128]).buffer),this.valueBlock.toBER(t,i),i.write(new ArrayBuffer(2));else{const o=this.valueBlock.toBER(t);this.lenBlock.length=o.byteLength;const a=this.lenBlock.toBER(t);i.write(a),i.write(o)}return n?Ri:i.final()}toJSON(){const t={...super.toJSON(),idBlock:this.idBlock.toJSON(),lenBlock:this.lenBlock.toJSON(),valueBlock:this.valueBlock.toJSON(),name:this.name,optional:this.optional};return this.primitiveSchema&&(t.primitiveSchema=this.primitiveSchema.toJSON()),t}toString(t="ascii"){return t==="ascii"?this.onAsciiEncoding():ge.ToHex(this.toBER())}onAsciiEncoding(){const t=this.constructor.NAME,n=ge.ToHex(this.valueBlock.valueBeforeDecodeView);return`${t} : ${n}`}isEqual(t){if(this===t)return!0;if(!(t instanceof this.constructor))return!1;const n=this.toBER(),i=t.toBER();return VR(n,i)}}Ft.NAME="BaseBlock";function V$(e){var t;if(e instanceof ue.Constructed)for(const n of e.valueBlock.value)V$(n)&&(e.lenBlock.isIndefiniteForm=!0);return!!(!((t=e.lenBlock)===null||t===void 0)&&t.isIndefiniteForm)}class db extends Ft{getValue(){return this.valueBlock.value}setValue(t){this.valueBlock.value=t}constructor({value:t=dn,...n}={},i){super(n,i),t&&this.fromString(t)}fromBER(t,n,i){const r=this.valueBlock.fromBER(t,n,this.lenBlock.isIndefiniteForm?i:this.lenBlock.length);return r===-1?(this.error=this.valueBlock.error,r):(this.fromBuffer(this.valueBlock.valueHexView),this.idBlock.error.length||(this.blockLength+=this.idBlock.blockLength),this.lenBlock.error.length||(this.blockLength+=this.lenBlock.blockLength),this.valueBlock.error.length||(this.blockLength+=this.valueBlock.blockLength),r)}onAsciiEncoding(){return`${this.constructor.NAME} : '${this.valueBlock.value}'`}}db.NAME="BaseStringBlock";class K$ extends Di(Jt){constructor({isHexOnly:t=!0,...n}={}){super(n),this.isHexOnly=t}}K$.NAME="PrimitiveValueBlock";var G$;class Od extends Ft{constructor(t={}){super(t,K$),this.idBlock.isConstructed=!1}}G$=Od;ue.Primitive=G$;Od.NAME="PRIMITIVE";const W$=100,J$=1e4,Y$=16*1024*1024,e7="Maximum ASN.1 nesting depth exceeded",t7="Maximum ASN.1 node count exceeded",n7="Maximum ASN.1 content length exceeded";function jd(e={}){var t,n,i;return{depth:0,maxDepth:(t=e.maxDepth)!==null&&t!==void 0?t:W$,nodesCount:0,maxNodes:(n=e.maxNodes)!==null&&n!==void 0?n:J$,maxContentLength:(i=e.maxContentLength)!==null&&i!==void 0?i:Y$}}function i7(e){const t=new Ft({},Jt);return t.error=e,{offset:-1,result:t}}function r7(e){if(e.nodesCount+=1,e.nodesCount>e.maxNodes)return t7}function o7(e,t){if(e>t.maxContentLength)return n7}function ub(e,t,n,i){const r=i.depth+1;if(r>i.maxDepth)return i7(e7);i.depth=r;try{return Ah(e,t,n,i)}finally{i.depth-=1}}function s7(e,t){if(e instanceof t)return e;const n=new t;return n.idBlock=e.idBlock,n.lenBlock=e.lenBlock,n.warnings=e.warnings,n.valueBeforeDecodeView=e.valueBeforeDecodeView,n}function Ah(e,t=0,n=e.length,i=jd()){const r=t;let o=new Ft({},Jt);const a=new As;if(!br(a,e,t,n))return o.error=a.error,{offset:-1,result:o};if(!e.subarray(t,t+n).length)return o.error="Zero buffer length",{offset:-1,result:o};const l=r7(i);if(l)return o.error=l,{offset:-1,result:o};let d=o.idBlock.fromBER(e,t,n);if(o.idBlock.warnings.length&&o.warnings.concat(o.idBlock.warnings),d===-1)return o.error=o.idBlock.error,{offset:-1,result:o};if(t=d,n-=o.idBlock.blockLength,d=o.lenBlock.fromBER(e,t,n),o.lenBlock.warnings.length&&o.warnings.concat(o.lenBlock.warnings),d===-1)return o.error=o.lenBlock.error,{offset:-1,result:o};t=d,n-=o.lenBlock.blockLength;const u=o.lenBlock.isIndefiniteForm?n:o.lenBlock.length,p=o7(u,i);if(p)return o.error=p,{offset:-1,result:o};if(!o.idBlock.isConstructed&&o.lenBlock.isIndefiniteForm)return o.error="Indefinite length form used for primitive encoding form",{offset:-1,result:o};let f=Ft;switch(o.idBlock.tagClass){case 1:if(o.idBlock.tagNumber>=37&&o.idBlock.isHexOnly===!1)return o.error="UNIVERSAL 37 and upper tags are reserved by ASN.1 standard",{offset:-1,result:o};switch(o.idBlock.tagNumber){case 0:if(o.idBlock.isConstructed&&o.lenBlock.length>0)return o.error="Type [UNIVERSAL 0] is reserved",{offset:-1,result:o};f=ue.EndOfContent;break;case 1:f=ue.Boolean;break;case 2:f=ue.Integer;break;case 3:f=ue.BitString;break;case 4:f=ue.OctetString;break;case 5:f=ue.Null;break;case 6:f=ue.ObjectIdentifier;break;case 10:f=ue.Enumerated;break;case 12:f=ue.Utf8String;break;case 13:f=ue.RelativeObjectIdentifier;break;case 14:f=ue.TIME;break;case 15:return o.error="[UNIVERSAL 15] is reserved by ASN.1 standard",{offset:-1,result:o};case 16:f=ue.Sequence;break;case 17:f=ue.Set;break;case 18:f=ue.NumericString;break;case 19:f=ue.PrintableString;break;case 20:f=ue.TeletexString;break;case 21:f=ue.VideotexString;break;case 22:f=ue.IA5String;break;case 23:f=ue.UTCTime;break;case 24:f=ue.GeneralizedTime;break;case 25:f=ue.GraphicString;break;case 26:f=ue.VisibleString;break;case 27:f=ue.GeneralString;break;case 28:f=ue.UniversalString;break;case 29:f=ue.CharacterString;break;case 30:f=ue.BmpString;break;case 31:f=ue.DATE;break;case 32:f=ue.TimeOfDay;break;case 33:f=ue.DateTime;break;case 34:f=ue.Duration;break;default:{const h=o.idBlock.isConstructed?new ue.Constructed:new ue.Primitive;h.idBlock=o.idBlock,h.lenBlock=o.lenBlock,h.warnings=o.warnings,o=h}}break;default:f=o.idBlock.isConstructed?ue.Constructed:ue.Primitive}return o=s7(o,f),d=o.fromBER(e,t,u,i),o.valueBeforeDecodeView=e.subarray(r,r+o.blockLength),{offset:d,result:o}}function va(e,t={}){if(!e.byteLength){const n=new Ft({},Jt);return n.error="Input buffer has zero length",{offset:-1,result:n}}return Ah(ae.toUint8Array(e).slice(),0,e.byteLength,jd(t))}function a7(e,t){return e?1:t}class Vr extends Jt{constructor({value:t=[],isIndefiniteForm:n=!1,...i}={}){super(i),this.value=t,this.isIndefiniteForm=n}fromBER(t,n,i,r){const o=ae.toUint8Array(t),a=r??jd();if(!br(this,o,n,i))return-1;if(this.valueBeforeDecodeView=o.subarray(n,n+i),this.valueBeforeDecodeView.length===0)return this.warnings.push("Zero buffer length"),n;let c=n;for(;a7(this.isIndefiniteForm,i)>0;){const l=ub(o,c,i,a);if(l.offset===-1)return this.error=l.result.error,this.warnings.concat(l.result.warnings),-1;if(c=l.offset,this.blockLength+=l.result.blockLength,i-=l.result.blockLength,this.value.push(l.result),this.isIndefiniteForm&&l.result.constructor.NAME===Yl)break}return this.isIndefiniteForm&&(this.value[this.value.length-1].constructor.NAME===Yl?this.value.pop():this.warnings.push("No EndOfContent block encoded")),c}toBER(t,n){const i=n||new bh;for(let r=0;r<this.value.length;r++)this.value[r].toBER(t,i);return n?Ri:i.final()}toJSON(){const t={...super.toJSON(),isIndefiniteForm:this.isIndefiniteForm,value:[]};for(const n of this.value)t.value.push(n.toJSON());return t}}Vr.NAME="ConstructedValueBlock";var Q$;class en extends Ft{constructor(t={}){super(t,Vr),this.idBlock.isConstructed=!0}fromBER(t,n,i,r){this.valueBlock.isIndefiniteForm=this.lenBlock.isIndefiniteForm;const o=this.valueBlock.fromBER(t,n,this.lenBlock.isIndefiniteForm?i:this.lenBlock.length,r);return o===-1?(this.error=this.valueBlock.error,o):(this.idBlock.error.length||(this.blockLength+=this.idBlock.blockLength),this.lenBlock.error.length||(this.blockLength+=this.lenBlock.blockLength),this.valueBlock.error.length||(this.blockLength+=this.valueBlock.blockLength),o)}onAsciiEncoding(){const t=[];for(const i of this.valueBlock.value)t.push(i.toString("ascii").split(`
240
240
  `).map(r=>` ${r}`).join(`
241
241
  `));const n=this.idBlock.tagClass===3?`[${this.idBlock.tagNumber}]`:this.constructor.NAME;return t.length?`${n} :
242
242
  ${t.join(`
@@ -251,7 +251,7 @@ ${t.join(`
251
251
  `,r=0;for(;r<n.length;)r+64<=n.length?i+=n.substr(r,64)+`\r
252
252
  `:i+=n.substr(r)+`\r
253
253
  `,r+=64;return i+=`-----END ${e} KEY-----\r
254
- `,i}async function QD(e){const t=await e.publicKey.export(),n=await crypto.subtle.exportKey("jwk",t);return ZD(n)}async function ZD(e){if(!e.kty)throw new Error("JWK is missing required 'kty' member");const t=GD[e.kty];if(!t)throw new Error(`Unsupported JWK kty for thumbprint: ${e.kty}`);const n={};for(const o of t){const a=e[o];if(typeof a!="string"||a.length===0)throw new Error(`JWK is missing required member '${o}' for kty=${e.kty}`);n[o]=a}const i=JSON.stringify(n),r=await yh(new TextEncoder().encode(i));return Rt.encode(new Uint8Array(r),{includePadding:!1})}function I5(e){const t=new Date;return e.filter(n=>!n.revoked_at||new Date(n.revoked_at)>t).sort((n,i)=>{const r=n.current_since?new Date(n.current_since).getTime():0,o=i.current_since?new Date(i.current_since).getTime():0;return o!==r?o-r:i.kid.localeCompare(n.kid)})}const QA=/^[A-Za-z0-9._-]+$/;function j_(e,t){if(!QA.test(e))throw new Error(`Invalid ${t}: must match ${QA}`)}async function XD(e,t,n){j_(t,"tenant_id"),j_(n,"type");const{signingKeys:i}=await e.list({q:`type:${n} AND tenant_id:${t}`,sort:{sort_by:"created_at",sort_order:"desc"}});return I5(i)}async function ZA(e,t){j_(t,"type");const{signingKeys:n}=await e.list({q:`type:${t} AND -_exists_:tenant_id`,sort:{sort_by:"created_at",sort_order:"desc"}});return I5(n)}async function z5(e,t){return e?typeof e=="string"?e:e({tenant_id:t}):"control-plane"}async function nv(e,t,n,i){const r=i.type??"jwt_signing";if(await z5(n,t)==="control-plane"){const u=await ZA(e,r);if(i.purpose==="sign"){const p=u[0];return p?[p]:[]}return u}const[a,c]=await Promise.all([XD(e,t,r),ZA(e,r)]);if(i.purpose==="sign"){const u=a[0]??c[0];return u?[u]:[]}const l=new Set,d=[];for(const u of[...a,...c])l.has(u.kid)||(l.add(u.kid),d.push(u));return d}const eB=1e3*60*60*24;async function XA(e){const t=e.var.tenant_id;return t&&await z5(e.env.signingKeyMode,t)==="tenant"?{tenantId:t}:"control-plane"}function ek(e){return e==="control-plane"?"type:jwt_signing AND -_exists_:tenant_id":`type:jwt_signing AND tenant_id:${e.tenantId}`}const tB=new s.OpenAPIHono().openapi(s.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:keys","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(ly)}},description:"List of keys"}}}),async e=>{const t=await XA(e),{signingKeys:n}=await e.env.data.keys.list({q:ek(t)}),i=n.filter(r=>"cert"in r).map(r=>r);return e.json(i)}).openapi(s.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({kid:s.z.string().regex(/^[A-Za-z0-9._-]+$/)})},security:[{Bearer:["read:keys","auth:read"]}],responses:{200:{content:{"application/json":{schema:ly}},description:"The requested key"}}}),async e=>{const{kid:t}=e.req.valid("param"),{signingKeys:n}=await e.env.data.keys.list({q:`type:jwt_signing AND kid:${t}`}),i=n.find(r=>r.kid===t);if(!i)throw new z(404,{message:"Key not found"});if(e.var.tenant_id&&i.tenant_id&&i.tenant_id!==e.var.tenant_id)throw new z(404,{message:"Key not found"});return e.json(i)}).openapi(s.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:keys","auth:write"]}],responses:{201:{description:"Status"}}}),async e=>{const t=await XA(e);let n=0;const i=100;for(;;){const{signingKeys:o}=await e.env.data.keys.list({q:ek(t),page:n,per_page:i});for(const a of o)await e.env.data.keys.update(a.kid,{revoked_at:new Date(Date.now()+eB).toISOString()});if(o.length<i)break;n++}const r=await Ef({name:`CN=${e.env.ORGANIZATION_NAME}`});return await e.env.data.keys.create({...r,type:"jwt_signing",current_since:new Date().toISOString(),...t==="control-plane"?{}:{tenant_id:t.tenantId}}),e.text("OK",{status:201})}).openapi(s.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({kid:s.z.string().regex(/^[A-Za-z0-9._-]+$/)})},security:[{Bearer:["update:keys","auth:write"]}],responses:{201:{description:"Status"}}}),async e=>{const{kid:t}=e.req.valid("param"),n=e.var.tenant_id,{signingKeys:i}=await e.env.data.keys.list({q:`type:jwt_signing AND kid:${t}`}),r=i.find(c=>c.kid===t);if(!r)throw new z(404,{message:"Key not found"});if(n&&r.tenant_id&&r.tenant_id!==n)throw new z(404,{message:"Key not found"});if(!await e.env.data.keys.update(t,{revoked_at:new Date().toISOString()}))throw new z(404,{message:"Key not found"});const a=await Ef({name:`CN=${e.env.ORGANIZATION_NAME}`});return await e.env.data.keys.create({...a,type:"jwt_signing",current_since:new Date().toISOString(),...r.tenant_id?{tenant_id:r.tenant_id}:{}}),e.text("OK")}),nB=new s.OpenAPIHono().openapi(s.createRoute({tags:["users"],method:"get",path:"/",request:{query:s.z.object({email:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"tenant/json":{schema:s.z.array(Iw)}},description:"List of users"}}}),async e=>{const{email:t}=e.req.valid("query"),i=(await eb(e.env.data.users,e.var.tenant_id,t)).filter(r=>!r.linked_to);return e.json(i)}),iB=Et.extend({clients:s.z.array(Do)}),tk=s.z.object({enabled_connections:s.z.array(s.z.object({connection_id:s.z.string(),connection:Dr.optional()}))}),rB=s.z.array(s.z.string()),oB=new s.OpenAPIHono().openapi(s.createRoute({tags:["clients"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:clients","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([iB,s.z.array(Do)])}},description:"List of clients"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.clients.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a}),l=c.clients;return r?e.json({clients:l,start:c.totals?.start??0,limit:c.totals?.limit??i,length:c.totals?.length??l.length,total:c.totals?.total}):e.json(l)}).openapi(s.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:clients","auth:read"]}],responses:{200:{content:{"application/json":{schema:Do}},description:"A client"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.clients.get(t,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:clients","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.clients.remove(t,n))throw new z(404,{message:"Client not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Client",targetType:"client",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(bp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:clients","auth:write"]}],responses:{200:{content:{"application/json":{schema:Do}},description:"The updated client"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=i,o=await e.env.data.clients.get(t,n);await e.env.data.clients.update(t,n,r);const a=await e.env.data.clients.get(t,n);if(!a)throw new z(404,{message:"Client not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Client",beforeState:o,afterState:a,targetType:"client",targetId:n,body:i}),e.json(a)}).openapi(s.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(bp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:clients","auth:write"]}],responses:{201:{content:{"application/json":{schema:s.z.object(Do.shape)}},description:"A client"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i={...n,client_id:n.client_id||Ue(),client_secret:n.client_secret||Ue()},r=await e.env.data.clients.create(t,i);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Client",afterState:r,targetType:"client",targetId:r.client_id}),e.json(r,{status:201})}).openapi(s.createRoute({tags:["clients"],method:"get",path:"/{id}/connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:clients","auth:read"]}],responses:{200:{content:{"application/json":{schema:tk}},description:"List of connections enabled for this client"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.clients.get(t,n);if(!i)throw new z(404,{message:"Client not found"});const r=i.connections&&i.connections.length>0;let o;if(r)o=await Promise.all(i.connections.map(async a=>{const c=await e.env.data.connections.get(t,a);return{connection_id:a,connection:c||void 0}}));else{const{connections:a}=await e.env.data.connections.list(t,{});o=a.filter(c=>c.id).map(c=>({connection_id:c.id,connection:c}))}return e.json({enabled_connections:o})}).openapi(s.createRoute({tags:["clients"],method:"patch",path:"/{id}/connections",request:{body:{content:{"application/json":{schema:rB}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:clients","auth:write"]}],responses:{200:{content:{"application/json":{schema:tk}},description:"Updated list of connections for this client"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.clients.get(t,n))throw new z(404,{message:"Client not found"});const o=[];for(const c of i)await e.env.data.connections.get(t,c)&&o.push(c);await e.env.data.clientConnections.updateByClient(t,n,o);const a=await Promise.all(o.map(async c=>{const l=await e.env.data.connections.get(t,c);return{connection_id:c,connection:l||void 0}}));return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Client Connections",targetType:"client_connection",targetId:n}),e.json({enabled_connections:a})}),sB=new s.OpenAPIHono().openapi(s.createRoute({tags:["tenants","settings"],method:"get",path:"/settings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:tenants","auth:read"]}],responses:{200:{content:{"application/json":{schema:xp}},description:"Current tenant settings"}}}),async e=>{const t=await e.env.data.tenants.get(e.var.tenant_id);if(!t)throw new z(404,{message:"Tenant not found"});return e.json(t)}).openapi(s.createRoute({tags:["tenants","settings"],method:"patch",path:"/settings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(qw.shape).partial()}}}},security:[{Bearer:["update:tenants","auth:write"]}],responses:{200:{content:{"application/json":{schema:xp}},description:"Updated tenant settings"}}}),async e=>{const t=e.req.valid("json"),{id:n,...i}=t,r=await e.env.data.tenants.get(e.var.tenant_id);if(!r)throw new z(404,{message:"Tenant not found"});const o=Jw(r,i);await e.env.data.tenants.update(e.var.tenant_id,o);const a=await e.env.data.tenants.get(e.var.tenant_id);if(!a)throw new z(500,{message:"Failed to retrieve updated tenant"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update tenant settings",targetType:"tenant",targetId:e.var.tenant_id,beforeState:r,afterState:a}),e.json(a)}),aB=Et.extend({logs:s.z.array($a)}),cB=new s.OpenAPIHono().openapi(s.createRoute({tags:["logs"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:logs","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array($a),aB])}},description:"List of log rows"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.logs.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o});return i?e.json(a):e.json(a.logs)}).openapi(s.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:logs","auth:read"]}],responses:{200:{content:{"application/json":{schema:$a}},description:"A log entry"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.logs.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}),lB=J4.extend({created_at:s.z.string(),processed_at:s.z.string().nullable(),retry_count:s.z.number(),next_retry_at:s.z.string().nullable(),error:s.z.string().nullable(),dead_lettered_at:s.z.string().nullable().optional(),final_error:s.z.string().nullable().optional()}),dB=s.z.object({events:s.z.array(lB),start:s.z.number(),limit:s.z.number(),length:s.z.number()}),uB=new s.OpenAPIHono().openapi(s.createRoute({tags:["failed-events"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:logs","auth:read"]}],responses:{200:{content:{"application/json":{schema:dB}},description:"Dead-lettered outbox events"}}}),async e=>{const t=e.env.data.outbox;if(!t)throw new z(501,{message:"Outbox is not configured for this adapter"});const{page:n,per_page:i,include_totals:r}=e.req.valid("query"),o=await t.listFailed(e.var.tenant_id,{page:n,per_page:i,include_totals:r});return e.json({events:o.events,start:o.start,limit:o.limit,length:o.length})}).openapi(s.createRoute({tags:["failed-events"],method:"post",path:"/{id}/retry",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["update:logs","auth:write"]}],responses:{200:{content:{"application/json":{schema:s.z.object({id:s.z.string(),replayed:s.z.boolean()})}},description:"Event queued for retry"},404:{description:"Not found"}}}),async e=>{const t=e.env.data.outbox;if(!t)throw new z(501,{message:"Outbox is not configured for this adapter"});const{id:n}=e.req.valid("param");if(!await t.replay(n,e.var.tenant_id))throw new z(404,{message:"Dead-lettered event not found"});return e.json({id:n,replayed:!0})}),pB=Et.extend({hooks:s.z.array(aa)}),fB=new s.OpenAPIHono().openapi(s.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:hooks","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(aa),pB])}},description:"List of hooks"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.hooks.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o});return i?e.json(a):e.json(a.hooks)}).openapi(s.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:ay}}}},security:[{Bearer:["create:hooks","auth:write"]}],responses:{201:{content:{"application/json":{schema:aa}},description:"The created hook"}}}),async e=>{const t=e.req.valid("json"),n={...t,hook_id:t.hook_id||kC()},i=await e.env.data.hooks.create(e.var.tenant_id,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Hook",targetType:"hook",targetId:i.hook_id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({hook_id:s.z.string()}),body:{content:{"application/json":{schema:s.z.union(ay.options.map(e=>e.omit({hook_id:!0}).partial()))}}}},security:[{Bearer:["update:hooks","auth:write"]}],responses:{200:{content:{"application/json":{schema:aa}},description:"The updated hook"},404:{description:"Hook not found"}}}),async e=>{const{hook_id:t}=e.req.valid("param"),n=e.req.valid("json");await e.env.data.hooks.update(e.var.tenant_id,t,n);const i=await e.env.data.hooks.get(e.var.tenant_id,t);if(!i)throw new z(404,{message:"Hook not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Hook",targetType:"hook",targetId:t,afterState:i}),e.json(i)}).openapi(s.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({hook_id:s.z.string()})},security:[{Bearer:["read:hooks","auth:read"]}],responses:{200:{content:{"application/json":{schema:aa}},description:"A hook"},404:{description:"Hook not found"}}}),async e=>{const{hook_id:t}=e.req.valid("param"),n=await e.env.data.hooks.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Hook not found"});return e.json(n)}).openapi(s.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({hook_id:s.z.string()})},security:[{Bearer:["delete:hooks","auth:write"]}],responses:{200:{description:"A hook"}}}),async e=>{const{hook_id:t}=e.req.valid("param");if(!await e.env.data.hooks.remove(e.var.tenant_id,t))throw new z(404,{message:"Hook not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Hook",targetType:"hook",targetId:t}),e.text("OK")}),nk=Bw.extend({deploymentStatus:s.z.enum(["deployed","failed","not_required"]),deploymentError:s.z.string().optional()}),hB=new s.OpenAPIHono().openapi(s.createRoute({tags:["hook-code"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Sp}}}},security:[{Bearer:["create:hooks","auth:write"]}],responses:{201:{content:{"application/json":{schema:nk}},description:"The created hook code"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.hookCode.create(e.var.tenant_id,t);let i="not_required",r;if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(n.id,t.code),i="deployed"}catch(o){i="failed",r=o instanceof Error?o.message:String(o),await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy hook code ${n.id}: ${r}`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create hook code",targetType:"hook_code",targetId:n.id}),e.json({...n,deploymentStatus:i,deploymentError:r},{status:201})}).openapi(s.createRoute({tags:["hook-code"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:hooks","auth:read"]}],responses:{200:{content:{"application/json":{schema:Bw}},description:"The hook code"},404:{description:"Hook code not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.hookCode.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Hook code not found"});return e.json(n)}).openapi(s.createRoute({tags:["hook-code"],method:"put",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:Sp}}}},security:[{Bearer:["update:hooks","auth:write"]}],responses:{200:{content:{"application/json":{schema:nk}},description:"The updated hook code"},404:{description:"Hook code not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.hookCode.update(e.var.tenant_id,t,n))throw new z(404,{message:"Hook code not found"});const r=await e.env.data.hookCode.get(e.var.tenant_id,t);if(!r)throw new z(404,{message:"Hook code not found"});let o="not_required",a;if(n.code!==void 0&&e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,n.code),o="deployed"}catch(c){o="failed",a=c instanceof Error?c.message:String(c),await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy hook code ${t}: ${a}`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update hook code",targetType:"hook_code",targetId:t}),e.json({...r,deploymentStatus:o,deploymentError:a})}).openapi(s.createRoute({tags:["hook-code"],method:"delete",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["delete:hooks","auth:write"]}],responses:{200:{description:"Hook code deleted"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.hookCode.remove(e.var.tenant_id,t))throw new z(404,{message:"Hook code not found"});if(e.env.codeExecutor?.remove)try{await e.env.codeExecutor.remove(t)}catch(i){await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to remove hook worker ${t}: ${i instanceof Error?i.message:String(i)}`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete hook code",targetType:"hook_code",targetId:t}),e.text("OK")});s.z.object({start:s.z.number(),limit:s.z.number(),length:s.z.number()});ah.extend({email:s.z.string(),login_count:s.z.number(),multifactor:s.z.array(s.z.string()).optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string()}).catchall(s.z.any());const gB=Et.extend({connections:s.z.array(Dr)}),mB=s.z.object({enabled_clients:s.z.array(s.z.object({client_id:s.z.string(),name:s.z.string()}))}),yB=s.z.array(s.z.object({client_id:s.z.string(),status:s.z.boolean()})),_B=new s.OpenAPIHono().openapi(s.createRoute({tags:["connections"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Dr),gB])}},description:"List of connectionss"}}}),async e=>{const{page:t,per_page:n,include_totals:i=!1,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.connections.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o});return i?e.json(a):e.json(a.connections)}).openapi(s.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:Dr}},description:"A connection"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.connections.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}).openapi(s.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:connections","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!await e.env.data.connections.remove(n,t))throw new z(404,{message:"Connection not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Connection",targetType:"connection",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Ap.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:connections","auth:write"]}],responses:{200:{content:{"application/json":{schema:Dr}},description:"The updated connection"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.var.tenant_id,r=await e.env.data.connections.get(i,t);if(!await e.env.data.connections.update(i,t,n))throw new z(404,{message:"Connection not found"});const a=await e.env.data.connections.get(i,t);if(!a)throw new z(404,{message:"Connection not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Connection",beforeState:r,afterState:a,targetType:"connection",targetId:t,body:n}),e.json(a)}).openapi(s.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Ap.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:connections","auth:write"]}],responses:{201:{content:{"application/json":{schema:Dr}},description:"A connection"}}}),async e=>{const t=e.req.valid("json"),n=e.var.tenant_id,i=t.id||xF(),r=await e.env.data.connections.create(n,{...t,id:i});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Connection",afterState:r,targetType:"connection",targetId:r.id}),e.json(r,{status:201})}).openapi(s.createRoute({tags:["connections"],method:"get",path:"/{id}/clients",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:mB}},description:"List of clients enabled for this connection"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.connections.get(e.var.tenant_id,t))throw new z(404,{message:"Connection not found"});const{clients:i}=await e.env.data.clients.list(e.var.tenant_id,{per_page:1e3}),r=i.filter(o=>o.connections?.includes(t)).map(o=>({client_id:o.client_id,name:o.name}));return e.json({enabled_clients:r})}).openapi(s.createRoute({tags:["connections"],method:"patch",path:"/{id}/clients",request:{body:{content:{"application/json":{schema:yB}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:connections","auth:write"]}],responses:{204:{description:"Clients updated successfully (No Content)"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.connections.get(e.var.tenant_id,t))throw new z(404,{message:"Connection not found"});for(const r of n){const o=await e.env.data.clients.get(e.var.tenant_id,r.client_id);if(!o)continue;const a=o.connections||[];r.status?a.includes(t)||await e.env.data.clients.update(e.var.tenant_id,r.client_id,{connections:[...a,t]}):a.includes(t)&&await e.env.data.clients.update(e.var.tenant_id,r.client_id,{connections:a.filter(c=>c!==t)})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Connection Clients",targetType:"connection_client",targetId:t}),e.body(null,204)}),wB=new s.OpenAPIHono().openapi(s.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:prompts","auth:read"]}],responses:{200:{content:{"application/json":{schema:Ko}},description:"Branding settings"}}}),async e=>{const t=await e.env.data.promptSettings.get(e.var.tenant_id);return t?e.json(t):e.json(Ko.parse({}))}).openapi(s.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Ko.shape).partial()}}}},security:[{Bearer:["update:prompts","auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.promptSettings.get(e.var.tenant_id);return Object.assign(n,t),await e.env.data.promptSettings.set(e.var.tenant_id,n),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Prompt Settings",targetType:"prompt_settings",targetId:e.var.tenant_id}),e.json(n)}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/custom-text",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:prompts","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.object({prompt:pa,language:s.z.string()}))}},description:"List of custom text entries"}}}),async e=>{const t=await e.env.data.customText.list(e.var.tenant_id);return e.json(t)}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/custom-text/defaults",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),query:s.z.object({language:s.z.string().optional(),prompt:s.z.string().optional()})},security:[{Bearer:["read:prompts","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.object({prompt:s.z.string(),language:s.z.string(),custom_text:zo}))}},description:"Bundled default text for every prompt/language shipped with authhero. authhero extension; not available in Auth0."}}}),async e=>{const{language:t,prompt:n}=e.req.valid("query");return e.json(BO({language:t,prompt:n}))}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:pa,language:s.z.string()})},security:[{Bearer:["read:prompts","auth:read"]}],responses:{200:{content:{"application/json":{schema:zo}},description:"Custom text for the prompt and language"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param"),i=await e.env.data.customText.get(e.var.tenant_id,t,n);return e.json(i??{})}).openapi(s.createRoute({tags:["prompts"],method:"put",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:pa,language:s.z.string()}),body:{content:{"application/json":{schema:zo}}}},security:[{Bearer:["update:prompts","auth:write"]}],responses:{200:{content:{"application/json":{schema:zo}},description:"Updated custom text"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param"),i=await e.req.json(),r=zo.parse(i);return await e.env.data.customText.set(e.var.tenant_id,t,n,r),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Set Custom Text",targetType:"custom_text",targetId:e.var.tenant_id}),e.json(r)}).openapi(s.createRoute({tags:["prompts"],method:"delete",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:pa,language:s.z.string()})},security:[{Bearer:["delete:prompts","auth:write"]}],responses:{204:{description:"Custom text deleted"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param");return await e.env.data.customText.delete(e.var.tenant_id,t,n),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete Custom Text",targetType:"custom_text",targetId:e.var.tenant_id}),e.body(null,204)});let ik=!1;function iv(e){e.use(async(t,n)=>(ik||(e.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${t.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),ik=!0),await n()))}var P5=e=>N5(e.replace(/_|-/g,t=>({_:"/","-":"+"})[t]??t)),N5=e=>{const t=atob(e),n=new Uint8Array(new ArrayBuffer(t.length)),i=t.length/2;for(let r=0,o=t.length-1;r<=i;r++,o--)n[r]=t.charCodeAt(r),n[o]=t.charCodeAt(o);return n},Rl=(e=>(e.HS256="HS256",e.HS384="HS384",e.HS512="HS512",e.RS256="RS256",e.RS384="RS384",e.RS512="RS512",e.PS256="PS256",e.PS384="PS384",e.PS512="PS512",e.ES256="ES256",e.ES384="ES384",e.ES512="ES512",e.EdDSA="EdDSA",e))(Rl||{}),bB=class extends Error{constructor(e){super(`${e} is not an implemented algorithm`),this.name="JwtAlgorithmNotImplemented"}},rk=class extends Error{constructor(){super('JWT verification requires "alg" option to be specified'),this.name="JwtAlgorithmRequired"}},vB=class extends Error{constructor(e,t){super(`JWT algorithm mismatch: expected "${e}", got "${t}"`),this.name="JwtAlgorithmMismatch"}},R_=class extends Error{constructor(e){super(`invalid JWT token: ${e}`),this.name="JwtTokenInvalid"}},AB=class extends Error{constructor(e){super(`token (${e}) is being used before it's valid`),this.name="JwtTokenNotBefore"}},kB=class extends Error{constructor(e){super(`token (${e}) expired`),this.name="JwtTokenExpired"}},SB=class extends Error{constructor(e,t){super(`Invalid "iat" claim, must be a valid number lower than "${e}" (iat: "${t}")`),this.name="JwtTokenIssuedAt"}},dm=class extends Error{constructor(e,t){super(`expected issuer "${e}", got ${t?`"${t}"`:"none"} `),this.name="JwtTokenIssuer"}},EB=class extends Error{constructor(e){super(`jwt header is invalid: ${JSON.stringify(e)}`),this.name="JwtHeaderInvalid"}},xB=class extends Error{constructor(e){super(`token(${e}) signature mismatched`),this.name="JwtTokenSignatureMismatched"}},CB=class extends Error{constructor(e){super(`required "aud" in jwt payload: ${JSON.stringify(e)}`),this.name="JwtPayloadRequiresAud"}},TB=class extends Error{constructor(e,t){super(`expected audience "${Array.isArray(e)?e.join(", "):e}", got "${t}"`),this.name="JwtTokenAudience"}},xf=(e=>(e.Encrypt="encrypt",e.Decrypt="decrypt",e.Sign="sign",e.Verify="verify",e.DeriveKey="deriveKey",e.DeriveBits="deriveBits",e.WrapKey="wrapKey",e.UnwrapKey="unwrapKey",e))(xf||{}),F5=new TextEncoder,$B=new TextDecoder;async function IB(e,t,n,i){const r=PB(t),o=await zB(e,r);return await crypto.subtle.verify(r,o,n,i)}function ok(e){return N5(e.replace(/-+(BEGIN|END).*?-+/g,"").replace(/\s/g,""))}async function zB(e,t){if(!crypto.subtle||!crypto.subtle.importKey)throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");if(NB(e)){if(e.type==="public"||e.type==="secret")return e;e=await sk(e)}if(typeof e=="string"&&e.includes("PRIVATE")){const i=await crypto.subtle.importKey("pkcs8",ok(e),t,!0,[xf.Sign]);e=await sk(i)}const n=[xf.Verify];return typeof e=="object"?await crypto.subtle.importKey("jwk",e,t,!1,n):e.includes("PUBLIC")?await crypto.subtle.importKey("spki",ok(e),t,!1,n):await crypto.subtle.importKey("raw",F5.encode(e),t,!1,n)}async function sk(e){if(e.type!=="private")throw new Error(`unexpected key type: ${e.type}`);if(!e.extractable)throw new Error("unexpected private key is unextractable");const t=await crypto.subtle.exportKey("jwk",e),{kty:n}=t,{alg:i,e:r,n:o}=t,{crv:a,x:c,y:l}=t;return{kty:n,alg:i,e:r,n:o,crv:a,x:c,y:l,key_ops:[xf.Verify]}}function PB(e){switch(e){case"HS256":return{name:"HMAC",hash:{name:"SHA-256"}};case"HS384":return{name:"HMAC",hash:{name:"SHA-384"}};case"HS512":return{name:"HMAC",hash:{name:"SHA-512"}};case"RS256":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}};case"RS384":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-384"}};case"RS512":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-512"}};case"PS256":return{name:"RSA-PSS",hash:{name:"SHA-256"},saltLength:32};case"PS384":return{name:"RSA-PSS",hash:{name:"SHA-384"},saltLength:48};case"PS512":return{name:"RSA-PSS",hash:{name:"SHA-512"},saltLength:64};case"ES256":return{name:"ECDSA",hash:{name:"SHA-256"},namedCurve:"P-256"};case"ES384":return{name:"ECDSA",hash:{name:"SHA-384"},namedCurve:"P-384"};case"ES512":return{name:"ECDSA",hash:{name:"SHA-512"},namedCurve:"P-521"};case"EdDSA":return{name:"Ed25519",namedCurve:"Ed25519"};default:throw new bB(e)}}function NB(e){return Ww()==="node"&&crypto.webcrypto?e instanceof crypto.webcrypto.CryptoKey:e instanceof CryptoKey}var ak=e=>JSON.parse($B.decode(P5(e)));function FB(e){if(typeof e=="object"&&e!==null){const t=e;return"alg"in t&&Object.values(Rl).includes(t.alg)&&(!("typ"in t)||t.typ==="JWT")}return!1}var OB=async(e,t,n)=>{if(!n)throw new rk;const{alg:i,iss:r,nbf:o=!0,exp:a=!0,iat:c=!0,aud:l}=typeof n=="string"?{alg:n}:n;if(!i)throw new rk;const d=e.split(".");if(d.length!==3)throw new R_(e);const{header:u,payload:p}=O5(e);if(!FB(u))throw new EB(u);if(u.alg!==i)throw new vB(i,u.alg);const f=Math.floor(Date.now()/1e3);if(o&&p.nbf!==void 0&&(typeof p.nbf!="number"||!Number.isFinite(p.nbf)||p.nbf>f))throw new AB(e);if(a&&p.exp!==void 0&&(typeof p.exp!="number"||!Number.isFinite(p.exp)||p.exp<=f))throw new kB(e);if(c&&p.iat!==void 0&&(typeof p.iat!="number"||!Number.isFinite(p.iat)||f<p.iat))throw new SB(f,p.iat);if(r){if(!p.iss)throw new dm(r,null);if(typeof r=="string"&&p.iss!==r)throw new dm(r,p.iss);if(r instanceof RegExp&&!r.test(p.iss))throw new dm(r,p.iss)}if(l){if(!p.aud)throw new CB(p);if(!(Array.isArray(p.aud)?p.aud:[p.aud]).some(y=>l instanceof RegExp?l.test(y):typeof l=="string"?y===l:Array.isArray(l)&&l.includes(y)))throw new TB(l,p.aud)}const h=e.substring(0,e.lastIndexOf("."));if(!await IB(t,i,P5(d[2]),F5.encode(h)))throw new xB(e);return p};Rl.HS256,Rl.HS384,Rl.HS512;var O5=e=>{const t=e.split(".");if(t.length!==3)throw new R_(e);try{const n=ak(t[0]),i=ak(t[1]);return{header:n,payload:i}}catch{throw new R_(e)}},j5={verify:OB,decode:O5},jB=j5.verify,RB=j5.decode;const ha={"P-256":"ES256","P-384":"ES384","P-521":"ES512"},DB={RS256:"SHA-256",RS384:"SHA-384",RS512:"SHA-512"},BB=new Set(["RS256","RS384","RS512","ES256","ES384","ES512"]);function LB(e){return typeof e=="string"&&BB.has(e)}function R5(e){if(LB(e.alg)){if(e.kty==="RSA"&&e.alg.startsWith("RS"))return e.alg;if(e.kty==="EC"&&e.alg.startsWith("ES")){const t=e.crv&&e.crv in ha?ha[e.crv]:void 0;if(t&&t!==e.alg)throw new Error(`EC alg/curve mismatch: curve ${e.crv} requires ${t}, got ${e.alg}`);return e.alg}}if(e.kty==="RSA")return"RS256";if(e.kty==="EC"){if(!e.crv||!(e.crv in ha))throw new Error(`Unsupported EC curve: ${e.crv??"(missing)"}`);return ha[e.crv]}throw new Error(`Unsupported JWK kty: ${e.kty}`)}function rv(e,t){if(e.kty==="RSA"){const n=DB[t];if(!n)throw new Error(`Unsupported RSA alg: ${t}`);return{name:"RSASSA-PKCS1-v1_5",hash:n}}if(e.kty==="EC"){if(!e.crv||!(e.crv in ha))throw new Error(`Unsupported EC curve: ${e.crv??"(missing)"}`);const n=ha[e.crv];if(t!==n)throw new Error(`EC alg/curve mismatch: curve ${e.crv} requires ${n}, got ${t}`);return{name:"ECDSA",namedCurve:e.crv}}throw new Error(`Unsupported JWK kty: ${e.kty}`)}const MB=["RS256","ES256","ES384","ES512"];async function D5(e){const n=await new Xr(e).publicKey.export(),i=await crypto.subtle.exportKey("jwk",n);return R5(i)}async function B5(e){return Promise.all(e.map(async t=>{const i=await new Xr(t.cert).publicKey.export(),r=await crypto.subtle.exportKey("jwk",i),o=r.alg??R5(r);return dh.parse({...r,alg:o,use:"sig",kid:t.kid})}))}async function um(e){const{signingKeys:t}=await e.keys.list({q:"type:jwt_signing"});return B5(t)}async function UB(e,t,n){const i=await nv(e.keys,t,n,{purpose:"publish"});return B5(i)}async function qB(e){if(e.JWKS_URL&&e.JWKS_SERVICE)try{const t=await e.JWKS_SERVICE.fetch(e.JWKS_URL);if(!t.ok)return console.warn(`JWKS fetch failed with status ${t.status}, falling back to database`),await um(e.data);const n=await t.json();return s.z.object({keys:s.z.array(dh)}).parse(n).keys}catch(t){return console.warn(`JWKS fetch error: ${t instanceof Error?t.message:"Unknown error"}, falling back to database`),await um(e.data)}return await um(e.data)}function HB(e){switch(e){case"RS256":case"RS384":case"RS512":case"ES256":case"ES384":case"ES512":return e;default:throw new U(401,{message:`Unsupported JWS alg: ${e??"(missing)"}`})}}async function Cf(e,t){try{const{header:n}=RB(t),i=HB(n?.alg),o=(await qB(e.env)).find(d=>d.kid===n.kid);if(!o)throw new U(401,{message:"No matching kid found"});if(o.alg!==i)throw new U(401,{message:"alg mismatch between token header and JWK"});const a=rv(o,i),c=await crypto.subtle.importKey("jwk",o,a,!1,["verify"]);return await jB(t,c,i)}catch(n){throw n instanceof z?n:new U(403,{message:"Invalid JWT signature"})}}function ov(e){if(!e)return;const[t,n]=e.split(" ");if(!(!t||t.toLowerCase()!=="bearer"))return n?.trim()||void 0}function L5(e){if(!e)return{};const[t,n]=e.split(" ");if(t?.toLowerCase()!=="basic"||!n)return{};try{const[i,r]=atob(n).split(":");return!i||!r?{}:{client_id:i,client_secret:r}}catch{return{}}}const VB="urn:authhero:management";function KB(e){return e.replace(/:([a-zA-Z_][a-zA-Z0-9_]*)/g,"{$1}")}function pg(e){return async(t,n)=>{const i=t.req.matchedRoutes.find(l=>l.method.toUpperCase()===t.req.method&&l.path!=="/*");if(!i)return await n();const r=KB(i.path),o="/api/v2",a=r.startsWith(o)?r.slice(o.length)||"/":r,c=e.openAPIRegistry.definitions.find(l=>"route"in l&&l.route.path===a&&l.route.method.toUpperCase()===t.req.method.toUpperCase());if(c&&"route"in c){const l=c.route.security?.[0]?.Bearer;if(l===void 0)return await n();const d=ov(t.req.header("authorization"));if(!d)throw new U(401,{message:"Missing bearer token"});try{const u=await Cf(t,d);t.set("user_id",u.sub),t.set("user",u),u.org_name&&t.set("org_name",u.org_name),u.org_id&&t.set("organization_id",u.org_id),!t.var.tenant_id&&u.tenant_id&&t.set("tenant_id",u.tenant_id);const p=Array.isArray(u.permissions)?u.permissions:[],f=typeof u.scope=="string"?u.scope.split(" "):Array.isArray(u.scope)?u.scope:[];if(l.length&&!(l.some(h=>p.includes(h))||l.some(h=>f.includes(h))))throw new U(403,{message:"Unauthorized"})}catch(u){throw u instanceof z?u:new U(403,{message:"Invalid token"})}}return await n()}}const ck=new s.OpenAPIHono().openapi(s.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:emails","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.object(Ws.shape).partial()}},description:"Email provider"}}}),async e=>{const t=await e.env.data.emailProviders.get(e.var.tenant_id);return e.json(t??{})}).openapi(s.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Ws.shape)}}}},security:[{Bearer:["create:emails","auth:write"]}],responses:{201:{content:{"application/json":{schema:Ws}},description:"Email provider"},409:{description:"Email provider already configured"}}}),async e=>{const t=e.req.valid("json");if(await e.env.data.emailProviders.get(e.var.tenant_id))throw new z(409,{message:"Email provider already configured"});await e.env.data.emailProviders.create(e.var.tenant_id,t),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create Email Provider",targetType:"email_provider",targetId:e.var.tenant_id});const i=await e.env.data.emailProviders.get(e.var.tenant_id);return e.json(i??t,{status:201})}).openapi(s.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Ws.shape).partial()}}}},security:[{Bearer:["update:emails","auth:write"]}],responses:{200:{content:{"application/json":{schema:Ws}},description:"Email provider"}}}),async e=>{const t=e.req.valid("json");await e.env.data.emailProviders.update(e.var.tenant_id,t);const n=await e.env.data.emailProviders.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Email provider not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Email Provider",targetType:"email_provider",targetId:e.var.tenant_id}),e.json(n)}).openapi(s.createRoute({tags:["emails"],method:"delete",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:emails","auth:write"]}],responses:{204:{description:"Email provider deleted"},404:{description:"Email provider not found"}}}),async e=>{if(!await e.env.data.emailProviders.get(e.var.tenant_id))throw new z(404,{message:"Email provider not found"});return await e.env.data.emailProviders.remove(e.var.tenant_id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete Email Provider",targetType:"email_provider",targetId:e.var.tenant_id}),e.body(null,204)}),Cu=s.z.object({"tenant-id":s.z.string().optional()}),pm=s.z.object({templateName:Vw}),GB=Or.partial(),WB=new s.OpenAPIHono().openapi(s.createRoute({tags:["email-templates"],method:"post",path:"/",request:{headers:Cu,body:{content:{"application/json":{schema:Or}}}},security:[{Bearer:["create:email_templates","auth:write"]}],responses:{201:{content:{"application/json":{schema:Or}},description:"Email template"},409:{description:"Template already exists"}}}),async e=>{const t=e.req.valid("json");if(await e.env.data.emailTemplates.get(e.var.tenant_id,t.template))throw new z(409,{message:"Email template already configured"});const i=await e.env.data.emailTemplates.create(e.var.tenant_id,t);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create Email Template",targetType:"email_template",targetId:t.template}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["email-templates"],method:"get",path:"/{templateName}",request:{headers:Cu,params:pm},security:[{Bearer:["read:email_templates","auth:read"]}],responses:{200:{content:{"application/json":{schema:Or}},description:"Email template"},404:{description:"Template not found"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Email template not found"});return e.json(n)}).openapi(s.createRoute({tags:["email-templates"],method:"put",path:"/{templateName}",request:{headers:Cu,params:pm,body:{content:{"application/json":{schema:Or}}}},security:[{Bearer:["update:email_templates","auth:write"]}],responses:{200:{content:{"application/json":{schema:Or}},description:"Email template upserted"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=e.req.valid("json");if(n.template!==t)throw new z(400,{message:"Body template must match URL templateName"});await e.env.data.emailTemplates.get(e.var.tenant_id,t)?await e.env.data.emailTemplates.update(e.var.tenant_id,t,n):await e.env.data.emailTemplates.create(e.var.tenant_id,n);const r=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!r)throw new z(500,{message:`Email template not found after upsert (tenant_id=${e.var.tenant_id}, template=${t})`});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Email Template",targetType:"email_template",targetId:t}),e.json(r)}).openapi(s.createRoute({tags:["email-templates"],method:"patch",path:"/{templateName}",request:{headers:Cu,params:pm,body:{content:{"application/json":{schema:GB}}}},security:[{Bearer:["update:email_templates","auth:write"]}],responses:{200:{content:{"application/json":{schema:Or}},description:"Email template"},404:{description:"Template not found"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.emailTemplates.update(e.var.tenant_id,t,n))throw new z(404,{message:"Email template not found"});const r=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!r)throw new z(404,{message:"Email template not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Patch Email Template",targetType:"email_template",targetId:t}),e.json(r)}),JB=new s.OpenAPIHono().openapi(s.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:sessions","auth:read"]}],responses:{200:{content:{"application/json":{schema:uh}},description:"A session"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.sessions.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}).openapi(s.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:sessions","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.sessions.remove(e.var.tenant_id,t))throw new z(404,{message:"Session not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Session",targetType:"session",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:sessions","auth:write"]}],responses:{202:{description:"Sesssion deletion status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.sessions.update(e.var.tenant_id,t,{revoked_at:new Date().toISOString()}))throw new z(404,{message:"Session not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Revoke a Session",targetType:"session",targetId:t}),e.text("Session deletion request accepted.",{status:202})}),YB=new s.OpenAPIHono().openapi(s.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:refresh_tokens","auth:read"]}],responses:{200:{content:{"application/json":{schema:Kw}},description:"A session"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.refreshTokens.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}).openapi(s.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:refresh_tokens","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.refreshTokens.get(e.var.tenant_id,t),i=n?.family_id??n?.id;if(i&&await e.env.data.refreshTokens.revokeFamily(e.var.tenant_id,i,new Date().toISOString()),!await e.env.data.refreshTokens.remove(e.var.tenant_id,t))throw new z(404,{message:"Session not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Refresh Token",targetType:"refresh_token",targetId:t}),e.text("OK")}),QB=new s.OpenAPIHono().openapi(s.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:custom_domains","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Fr)}},description:"List of custom domains"}}}),async e=>{const t=await e.env.data.customDomains.list(e.var.tenant_id);return e.json(t)}).openapi(s.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:custom_domains","auth:read"]}],responses:{200:{content:{"application/json":{schema:Fr}},description:"A customDomain"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.customDomains.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}).openapi(s.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:custom_domains","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.customDomains.remove(e.var.tenant_id,t))throw new z(404,{message:"Custom domain not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Custom Domain",targetType:"custom_domain",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Fr.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:custom_domains","auth:write"]}],responses:{200:{content:{"application/json":{schema:Fr}},description:"The updated custom domain"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.customDomains.update(e.var.tenant_id,t,n))throw new z(404);const r=await e.env.data.customDomains.get(e.var.tenant_id,t);if(!r)throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Custom Domain",targetType:"custom_domain",targetId:t,afterState:r}),e.json(r)}).openapi(s.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Nw.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:custom_domains","auth:write"]}],responses:{201:{content:{"application/json":{schema:Fr}},description:"The created custom domain"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.customDomains.create(e.var.tenant_id,t);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Custom Domain",targetType:"custom_domain",targetId:n.custom_domain_id,afterState:n}),e.json(n,{status:201})}).openapi(s.createRoute({tags:["custom-domains"],method:"post",path:"/{id}/verify",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:custom_domains","auth:write"]}],responses:{200:{content:{"application/json":{schema:Fr}},description:"The custom domain"}}}),async()=>{throw new z(501,{message:"Not implemented"})});function jc(e){const t=e.env.data.logStreams;if(!t)throw new z(501,{message:"Log streams are not supported by this adapter"});return t}const ZB=new s.OpenAPIHono().openapi(s.createRoute({tags:["log-streams"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:log_streams","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Gs)}},description:"List of log streams"}}}),async e=>{const n=await jc(e).list(e.var.tenant_id);return e.json(n)}).openapi(s.createRoute({tags:["log-streams"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:log_streams","auth:read"]}],responses:{200:{content:{"application/json":{schema:Gs}},description:"A log stream"}}}),async e=>{const t=jc(e),{id:n}=e.req.valid("param"),i=await t.get(e.var.tenant_id,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["log-streams"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Uw.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:log_streams","auth:write"]}],responses:{201:{content:{"application/json":{schema:Gs}},description:"The created log stream"}}}),async e=>{const t=jc(e),n=e.req.valid("json"),i=await t.create(e.var.tenant_id,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Log Stream",targetType:"log_stream",targetId:i.id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["log-streams"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(Gs.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:log_streams","auth:write"]}],responses:{200:{content:{"application/json":{schema:Gs}},description:"The updated log stream"}}}),async e=>{const t=jc(e),{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await t.update(e.var.tenant_id,n,i))throw new z(404);const o=await t.get(e.var.tenant_id,n);if(!o)throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Log Stream",targetType:"log_stream",targetId:n,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["log-streams"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:log_streams","auth:write"]}],responses:{204:{description:"Log stream deleted"}}}),async e=>{const t=jc(e),{id:n}=e.req.valid("param");if(!await t.remove(e.var.tenant_id,n))throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Log Stream",targetType:"log_stream",targetId:n}),e.body(null,204)});function fm(e){return!!e&&typeof e=="object"&&!Array.isArray(e)}function M5(e,t){if(!fm(t))return e;const n=fm(e)?{...e}:{};for(const[i,r]of Object.entries(t))n[i]=fm(r)?M5(n[i],r):r;return n}async function hm(e,t){const n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Tenant not found"});return n.attack_protection?.[t]??{}}async function gm(e,t,n){const i=await e.env.data.tenants.get(e.var.tenant_id);if(!i)throw new z(404,{message:"Tenant not found"});const r=i.attack_protection??{},o=M5(r[t]??{},n??{}),a={...r,[t]:o};return await e.env.data.tenants.update(e.var.tenant_id,{attack_protection:a}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:`Update Attack Protection (${t})`,targetType:"attack_protection",targetId:e.var.tenant_id}),a[t]}const XB=new s.OpenAPIHono().openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/breached-password-detection",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection","auth:read"]}],responses:{200:{content:{"application/json":{schema:ca}},description:"Breached password detection settings"}}}),async e=>e.json(await hm(e,"breached_password_detection"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/breached-password-detection",request:{body:{content:{"application/json":{schema:ca}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection","auth:write"]}],responses:{200:{content:{"application/json":{schema:ca}},description:"Updated settings"}}}),async e=>{const t=ca.parse(await e.req.json());return e.json(await gm(e,"breached_password_detection",t))}).openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/brute-force-protection",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection","auth:read"]}],responses:{200:{content:{"application/json":{schema:la}},description:"Brute force protection settings"}}}),async e=>e.json(await hm(e,"brute_force_protection"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/brute-force-protection",request:{body:{content:{"application/json":{schema:la}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection","auth:write"]}],responses:{200:{content:{"application/json":{schema:la}},description:"Updated settings"}}}),async e=>{const t=la.parse(await e.req.json());return e.json(await gm(e,"brute_force_protection",t))}).openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/suspicious-ip-throttling",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection","auth:read"]}],responses:{200:{content:{"application/json":{schema:da}},description:"Suspicious IP throttling settings"}}}),async e=>e.json(await hm(e,"suspicious_ip_throttling"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/suspicious-ip-throttling",request:{body:{content:{"application/json":{schema:da}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection","auth:write"]}],responses:{200:{content:{"application/json":{schema:da}},description:"Updated settings"}}}),async e=>{const t=da.parse(await e.req.json());return e.json(await gm(e,"suspicious_ip_throttling",t))});s.z.object({...Do.shape,tenant:xp,connections:s.z.array(Dr)});async function Ze(e,t,n){let i,r=n;if(!r){const f=await e.data.clients.getByClientId(t);if(!f)throw new U(403,{message:"Client not found"});const{tenant_id:h,...g}=f;i=g,r=h}const[o,a,c,l]=await Promise.all([i?Promise.resolve(i):e.data.clients.get(r,t),e.data.tenants.get(r),e.data.clientConnections.listByClient(r,t),e.data.connections.list(r)]),d=i||o;if(!d)throw new U(403,{message:"Client not found"});if(d.client_metadata?.status==="deleted")throw new U(403,{message:"Client not found"});if(!a)throw new U(404,{message:"Tenant not found"});const u=c.length>0?c:l.connections||[],p=Fn(e);return{...d,web_origins:[...d.web_origins||[],`${p}login`],allowed_logout_urls:[...d.allowed_logout_urls||[],e.ISSUER],callbacks:[...d.callbacks||[],`${p}info`],tenant:a,connections:u}}const D_="rt_",eL=7,tL=32,nL=new Date("2026-06-05T00:00:00.000Z");function lk(e){const t=new Uint8Array(e);return crypto.getRandomValues(t),t}function U5(){return{lookup:Rt.encode(lk(eL),{includePadding:!1}),secret:Rt.encode(lk(tL),{includePadding:!1})}}async function Tf(e){return Mp(await yh(new TextEncoder().encode(e)))}function q5(e,t){return`${D_}${e}.${t}`}function H5(e){if(e.startsWith(D_)){const t=e.slice(D_.length),n=t.indexOf(".");if(n>0&&n<t.length-1)return{kind:"new",lookup:t.slice(0,n),secret:t.slice(n+1)}}return{kind:"legacy",id:e}}function V5(e=new Date){return e<nL}const sv="0123456789ABCDEFGHJKMNPQRSTVWXYZ",B_=sv.length,iL=10,dk=16;function rL(e){let t="";for(let n=iL;n>0;n--)t=sv.charAt(e%B_)+t,e=Math.floor(e/B_);return t}function oL(){const e=new Uint8Array(dk);crypto.getRandomValues(e);let t="";for(let n=0;n<dk;n++)t+=sv.charAt(e[n]%B_);return t}function av(){return rL(Date.now())+oL()}function sL(){const e=new Uint8Array(32);return crypto.getRandomValues(e),Rt.encode(e,{includePadding:!1})}function K5(e){try{const n=/-----BEGIN (?:RSA )?(?:PRIVATE|PUBLIC) KEY-----([^-]*)-----END (?:RSA )?(?:PRIVATE|PUBLIC) KEY-----/.exec(e);if(!n||!n[1])throw new Error("Invalid PEM format");return Uint8Array.from(atob(n[1].replace(/\s/g,"")),i=>i.charCodeAt(0)).buffer}finally{e=e.replace(/./g,"\0")}}async function aL(e,t){if(t==="plain")return e;const n=new TextEncoder().encode(e),i=await yh(n);return Rt.encode(new Uint8Array(i),{includePadding:!1})}const cL={RS256:"SHA-256",RS384:"SHA-384",RS512:"SHA-512",ES256:"SHA-256",ES384:"SHA-384",ES512:"SHA-512",HS256:"SHA-256",HS384:"SHA-384",HS512:"SHA-512"};async function uk(e,t){const n=cL[t];if(!n)throw new Error(`Cannot compute id_token hash: unsupported signing alg ${t}`);const i=new TextEncoder().encode(e),r=await crypto.subtle.digest(n,i),o=new Uint8Array(r),a=o.slice(0,o.length/2);return Rt.encode(a,{includePadding:!1})}const cd="auth2",Tu=300,pk=720*60*60,eo=1440*60,lL="auth-token",ka=1800*1e3,L_=10080*60*1e3,dL=300,uL=300,pL=1800*1e3,fL=1800*1e3,hL=1440*60*1e3;var Wn={},fk;function gL(){if(fk)return Wn;fk=1,Object.defineProperty(Wn,"__esModule",{value:!0}),Wn.parseCookie=c,Wn.parse=c,Wn.stringifyCookie=l,Wn.stringifySetCookie=d,Wn.serialize=d,Wn.parseSetCookie=u,Wn.stringifySetCookie=d,Wn.serialize=d;const e=/^[\u0021-\u003A\u003C\u003E-\u007E]+$/,t=/^[\u0021-\u003A\u003C-\u007E]*$/,n=/^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i,i=/^[\u0020-\u003A\u003D-\u007E]*$/,r=/^-?\d+$/,o=Object.prototype.toString,a=(()=>{const _=function(){};return _.prototype=Object.create(null),_})();function c(_,y){const w=new a,b=_.length;if(b<2)return w;const A=y?.decode||g;let v=0;do{const k=f(_,v,b);if(k===-1)break;const x=p(_,v,b);if(k>x){v=_.lastIndexOf(";",k-1)+1;continue}const T=h(_,v,k);w[T]===void 0&&(w[T]=A(h(_,k+1,x))),v=x+1}while(v<b);return w}function l(_,y){const w=y?.encode||encodeURIComponent,b=[];for(const A of Object.keys(_)){const v=_[A];if(v===void 0)continue;if(!e.test(A))throw new TypeError(`cookie name is invalid: ${A}`);const k=w(v);if(!t.test(k))throw new TypeError(`cookie val is invalid: ${v}`);b.push(`${A}=${k}`)}return b.join("; ")}function d(_,y,w){const b=typeof _=="object"?_:{...w,name:_,value:String(y)},v=(typeof y=="object"?y:w)?.encode||encodeURIComponent;if(!e.test(b.name))throw new TypeError(`argument name is invalid: ${b.name}`);const k=b.value?v(b.value):"";if(!t.test(k))throw new TypeError(`argument val is invalid: ${b.value}`);let x=b.name+"="+k;if(b.maxAge!==void 0){if(!Number.isInteger(b.maxAge))throw new TypeError(`option maxAge is invalid: ${b.maxAge}`);x+="; Max-Age="+b.maxAge}if(b.domain){if(!n.test(b.domain))throw new TypeError(`option domain is invalid: ${b.domain}`);x+="; Domain="+b.domain}if(b.path){if(!i.test(b.path))throw new TypeError(`option path is invalid: ${b.path}`);x+="; Path="+b.path}if(b.expires){if(!m(b.expires)||!Number.isFinite(b.expires.valueOf()))throw new TypeError(`option expires is invalid: ${b.expires}`);x+="; Expires="+b.expires.toUTCString()}if(b.httpOnly&&(x+="; HttpOnly"),b.secure&&(x+="; Secure"),b.partitioned&&(x+="; Partitioned"),b.priority)switch(typeof b.priority=="string"?b.priority.toLowerCase():void 0){case"low":x+="; Priority=Low";break;case"medium":x+="; Priority=Medium";break;case"high":x+="; Priority=High";break;default:throw new TypeError(`option priority is invalid: ${b.priority}`)}if(b.sameSite)switch(typeof b.sameSite=="string"?b.sameSite.toLowerCase():b.sameSite){case!0:case"strict":x+="; SameSite=Strict";break;case"lax":x+="; SameSite=Lax";break;case"none":x+="; SameSite=None";break;default:throw new TypeError(`option sameSite is invalid: ${b.sameSite}`)}return x}function u(_,y){const w=y?.decode||g,b=_.length,A=p(_,0,b),v=f(_,0,A),k=v===-1?{name:"",value:w(h(_,0,A))}:{name:h(_,0,v),value:w(h(_,v+1,A))};let x=A+1;for(;x<b;){const T=p(_,x,b),I=f(_,x,T),F=I===-1?h(_,x,T):h(_,x,I),$=I===-1?void 0:h(_,I+1,T);switch(F.toLowerCase()){case"httponly":k.httpOnly=!0;break;case"secure":k.secure=!0;break;case"partitioned":k.partitioned=!0;break;case"domain":k.domain=$;break;case"path":k.path=$;break;case"max-age":$&&r.test($)&&(k.maxAge=Number($));break;case"expires":if(!$)break;const P=new Date($);Number.isFinite(P.valueOf())&&(k.expires=P);break;case"priority":if(!$)break;const N=$.toLowerCase();(N==="low"||N==="medium"||N==="high")&&(k.priority=N);break;case"samesite":if(!$)break;const D=$.toLowerCase();(D==="lax"||D==="strict"||D==="none")&&(k.sameSite=D);break}x=T+1}return k}function p(_,y,w){const b=_.indexOf(";",y);return b===-1?w:b}function f(_,y,w){const b=_.indexOf("=",y);return b<w?b:-1}function h(_,y,w){let b=y,A=w;do{const v=_.charCodeAt(b);if(v!==32&&v!==9)break}while(++b<A);for(;A>b;){const v=_.charCodeAt(A-1);if(v!==32&&v!==9)break;A--}return _.slice(b,A)}function g(_){if(_.indexOf("%")===-1)return _;try{return decodeURIComponent(_)}catch{return _}}function m(_){return o.call(_)==="[object Date]"}return Wn}var Qo=gL();function fg(e){return`${e}-${lL}`}function G5(e){if(!e)return!1;let t;if(e.startsWith("[")){const n=e.indexOf("]");if(n===-1)return!1;t=e.slice(1,n)}else t=e.split(":")[0]??"";return t?t==="localhost"||t==="host.docker.internal"||t==="::1"||/^127(?:\.\d{1,3}){3}$/.test(t):!1}function W5(e){if(!e)return;const[t]=e.split(":");if(!t||t==="localhost"||/^(\d{1,3}\.){3}\d{1,3}$/.test(t))return;const n=t.split(".");return n.length>2?`.${n.slice(-2).join(".")}`:`.${t}`}function mL(e,t){if(!t)return[];const n=fg(e),i=[],r=t.split(";");for(const o of r){const[a,...c]=o.trim().split("=");a===n&&c.length>0&&i.push(c.join("="))}return i}function Sr(e,t){return t?Qo.parse(t)[fg(e)]:void 0}function cv(e,t){const n=fg(e),i=G5(t),r={path:"/",httpOnly:!0,secure:!i,maxAge:0,sameSite:i?"lax":"none",domain:t?W5(t):void 0};return i?[Qo.serialize(n,"",r)]:[Qo.serialize(n,"",r),Qo.serialize(n,"",{...r,partitioned:!0})]}function lv(e,t,n){const i=fg(e),r=G5(n),o={path:"/",httpOnly:!0,secure:!r,sameSite:r?"lax":"none",domain:n?W5(n):void 0};return r?[Qo.serialize(i,t,{...o,maxAge:pk})]:[Qo.serialize(i,"",{...o,maxAge:0}),Qo.serialize(i,t,{...o,maxAge:pk,partitioned:!0})]}var yL=Object.defineProperty,_L=(e,t,n)=>t in e?yL(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n,Sa=(e,t,n)=>_L(e,typeof t!="symbol"?t+"":t,n);const Mt=s.z.object({"#text":s.z.string()}),wL=s.z.object({"#text":s.z.string(),"@_xmlns:saml":s.z.string().optional()});s.z.object({"samlp:AuthnRequest":s.z.object({"saml:Issuer":wL,"@_xmlns:samlp":s.z.string(),"@_xmlns:saml":s.z.string().optional(),"@_ForceAuthn":s.z.string().transform(e=>e.toLowerCase()==="true").optional(),"@_ID":s.z.string(),"@_IssueInstant":s.z.string().datetime(),"@_Destination":s.z.string().url(),"@_AssertionConsumerServiceURL":s.z.string().url().optional(),"@_ProtocolBinding":s.z.string().optional(),"@_Version":s.z.string()})});s.z.array(s.z.object({":@":s.z.object({"@_xmlns":s.z.string(),"@_entityID":s.z.string()}),EntityDescriptor:s.z.array(s.z.object({":@":s.z.object({"@_protocolSupportEnumeration":s.z.string()}),IDPSSODescriptor:s.z.array(s.z.union([s.z.object({KeyDescriptor:s.z.array(s.z.object({KeyInfo:s.z.array(s.z.object({X509Data:s.z.array(s.z.object({X509Certificate:s.z.array(Mt)}))})),":@":s.z.object({"@_xmlns":s.z.string()})})),":@":s.z.object({"@_use":s.z.string()})}),s.z.object({SingleLogoutService:s.z.array(s.z.object({})),":@":s.z.object({"@_Binding":s.z.string(),"@_Location":s.z.string()})}),s.z.object({NameIDFormat:s.z.array(Mt)}),s.z.object({SingleSignOnService:s.z.array(s.z.object({})),":@":s.z.object({"@_Binding":s.z.string(),"@_Location":s.z.string()})}),s.z.object({Attribute:s.z.array(s.z.object({})),":@":s.z.object({"@_Name":s.z.string(),"@_NameFormat":s.z.string(),"@_FriendlyName":s.z.string(),"@_xmlns":s.z.string()})})]))}))}));const bL=s.z.object({"saml:Attribute":s.z.array(s.z.object({"saml:AttributeValue":s.z.array(s.z.object({"#text":s.z.string()})),":@":s.z.object({"@_xmlns:xs":s.z.string().optional(),"@_xmlns:xsi":s.z.string(),"@_xsi:type":s.z.string()}).optional()})),":@":s.z.object({"@_Name":s.z.string(),"@_NameFormat":s.z.string(),"@_FriendlyName":s.z.string().optional()})}),vL=s.z.object({"ds:Transform":s.z.array(s.z.any()),":@":s.z.object({"@_Algorithm":s.z.string()})}),hk=s.z.object({"ds:Signature":s.z.array(s.z.union([s.z.object({"ds:SignedInfo":s.z.array(s.z.union([s.z.object({"ds:CanonicalizationMethod":s.z.array(s.z.object({":@":s.z.object({"@_Algorithm":s.z.string()})}))}),s.z.object({"ds:SignatureMethod":s.z.array(s.z.object({":@":s.z.object({"@_Algorithm":s.z.string()})}))}),s.z.object({"ds:Reference":s.z.array(s.z.union([s.z.object({"ds:Transforms":s.z.array(vL)}),s.z.object({"ds:DigestMethod":s.z.array(s.z.object({":@":s.z.object({"@_Algorithm":s.z.string()})}))}),s.z.object({"ds:DigestValue":s.z.array(Mt)})])),":@":s.z.object({"@_URI":s.z.string().optional()}).optional()})]))}),s.z.object({"ds:SignatureValue":s.z.array(Mt)}),s.z.object({"ds:KeyInfo":s.z.array(s.z.union([s.z.object({"ds:KeyValue":s.z.array(s.z.object({"ds:RSAKeyValue":s.z.array(s.z.union([s.z.object({"ds:Modulus":s.z.array(Mt)}),s.z.object({"ds:Exponent":s.z.array(Mt)})]))}))}),s.z.object({"ds:X509Data":s.z.array(s.z.object({"ds:X509Certificate":s.z.array(Mt)}))}),s.z.object({"ds:KeyValue":s.z.array(s.z.object({"ds:RSAKeyValue":s.z.array(s.z.union([s.z.object({"ds:Modulus":s.z.array(Mt)}),s.z.object({"ds:Exponent":s.z.array(Mt)})]))})),"ds:X509Data":s.z.array(s.z.object({"ds:X509Certificate":s.z.array(Mt)}))})]))})])),":@":s.z.object({"@_xmlns:ds":s.z.string().optional()}).optional()});s.z.array(s.z.object({"samlp:Response":s.z.array(s.z.union([s.z.object({"saml:Issuer":s.z.array(Mt)}),hk,s.z.object({"samlp:Status":s.z.array(s.z.object({"samlp:StatusCode":s.z.array(Mt),":@":s.z.object({"@_Value":s.z.string()})}))}),s.z.object({"saml:Assertion":s.z.array(s.z.union([s.z.object({"saml:Issuer":s.z.array(Mt)}),hk,s.z.object({"saml:Subject":s.z.array(s.z.union([s.z.object({"saml:NameID":s.z.array(Mt),":@":s.z.object({"@_Format":s.z.string()})}),s.z.object({"saml:SubjectConfirmation":s.z.array(s.z.object({"saml:SubjectConfirmationData":s.z.array(s.z.any()),":@":s.z.object({"@_InResponseTo":s.z.string(),"@_NotOnOrAfter":s.z.string(),"@_Recipient":s.z.string()})})),":@":s.z.object({"@_Method":s.z.string()})})]))}),s.z.object({"saml:Conditions":s.z.array(s.z.object({"saml:AudienceRestriction":s.z.array(s.z.object({"saml:Audience":s.z.array(Mt)}))})),":@":s.z.object({"@_NotBefore":s.z.string(),"@_NotOnOrAfter":s.z.string()})}),s.z.object({"saml:AuthnStatement":s.z.array(s.z.object({"saml:AuthnContext":s.z.array(s.z.object({"saml:AuthnContextClassRef":s.z.array(Mt)}))})),":@":s.z.object({"@_AuthnInstant":s.z.string(),"@_SessionIndex":s.z.string(),"@_SessionNotOnOrAfter":s.z.string()})}),s.z.object({"saml:AttributeStatement":s.z.array(bL)})])),":@":s.z.object({"@_xmlns":s.z.string(),"@_ID":s.z.string(),"@_IssueInstant":s.z.string(),"@_Version":s.z.string()})})])),":@":s.z.object({"@_xmlns:samlp":s.z.string(),"@_xmlns:saml":s.z.string(),"@_Destination":s.z.string(),"@_ID":s.z.string(),"@_InResponseTo":s.z.string(),"@_IssueInstant":s.z.string(),"@_Version":s.z.string()})}));var J5={};(function(e){const t=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",n=t+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",i="["+t+"]["+n+"]*",r=new RegExp("^"+i+"$"),o=function(d,u){const p=[];let f=u.exec(d);for(;f;){const h=[];h.startIndex=u.lastIndex-f[0].length;const g=f.length;for(let m=0;m<g;m++)h.push(f[m]);p.push(h),f=u.exec(d)}return p},a=function(d){const u=r.exec(d);return!(u===null||typeof u>"u")};e.isExist=function(d){return typeof d<"u"},e.isEmptyObject=function(d){return Object.keys(d).length===0},e.merge=function(d,u,p){if(u){const f=Object.keys(u),h=f.length;for(let g=0;g<h;g++)p==="strict"?d[f[g]]=[u[f[g]]]:d[f[g]]=u[f[g]]}},e.getValue=function(d){return e.isExist(d)?d:""};const c=["hasOwnProperty","toString","valueOf","__defineGetter__","__defineSetter__","__lookupGetter__","__lookupSetter__"],l=["__proto__","constructor","prototype"];e.isName=a,e.getAllMatches=o,e.nameRegexp=i,e.DANGEROUS_PROPERTY_NAMES=c,e.criticalProperties=l})(J5);const{DANGEROUS_PROPERTY_NAMES:uCe,criticalProperties:pCe}=J5;function AL(e){return typeof e=="function"?e:Array.isArray(e)?t=>{for(const n of e)if(typeof n=="string"&&t===n||n instanceof RegExp&&n.test(t))return!0}:()=>!1}var kL=AL;const SL=`
254
+ `,i}async function QD(e){const t=await e.publicKey.export(),n=await crypto.subtle.exportKey("jwk",t);return ZD(n)}async function ZD(e){if(!e.kty)throw new Error("JWK is missing required 'kty' member");const t=GD[e.kty];if(!t)throw new Error(`Unsupported JWK kty for thumbprint: ${e.kty}`);const n={};for(const o of t){const a=e[o];if(typeof a!="string"||a.length===0)throw new Error(`JWK is missing required member '${o}' for kty=${e.kty}`);n[o]=a}const i=JSON.stringify(n),r=await yh(new TextEncoder().encode(i));return Rt.encode(new Uint8Array(r),{includePadding:!1})}function I5(e){const t=new Date;return e.filter(n=>!n.revoked_at||new Date(n.revoked_at)>t).sort((n,i)=>{const r=n.current_since?new Date(n.current_since).getTime():0,o=i.current_since?new Date(i.current_since).getTime():0;return o!==r?o-r:i.kid.localeCompare(n.kid)})}const QA=/^[A-Za-z0-9._-]+$/;function j_(e,t){if(!QA.test(e))throw new Error(`Invalid ${t}: must match ${QA}`)}async function XD(e,t,n){j_(t,"tenant_id"),j_(n,"type");const{signingKeys:i}=await e.list({q:`type:${n} AND tenant_id:${t}`,sort:{sort_by:"created_at",sort_order:"desc"}});return I5(i)}async function ZA(e,t){j_(t,"type");const{signingKeys:n}=await e.list({q:`type:${t} AND -_exists_:tenant_id`,sort:{sort_by:"created_at",sort_order:"desc"}});return I5(n)}async function z5(e,t){return e?typeof e=="string"?e:e({tenant_id:t}):"control-plane"}async function nv(e,t,n,i){const r=i.type??"jwt_signing";if(await z5(n,t)==="control-plane"){const u=await ZA(e,r);if(i.purpose==="sign"){const p=u[0];return p?[p]:[]}return u}const[a,c]=await Promise.all([XD(e,t,r),ZA(e,r)]);if(i.purpose==="sign"){const u=a[0]??c[0];return u?[u]:[]}const l=new Set,d=[];for(const u of[...a,...c])l.has(u.kid)||(l.add(u.kid),d.push(u));return d}const eB=1e3*60*60*24;async function XA(e){const t=e.var.tenant_id;return t&&await z5(e.env.signingKeyMode,t)==="tenant"?{tenantId:t}:"control-plane"}function ek(e){return e==="control-plane"?"type:jwt_signing AND -_exists_:tenant_id":`type:jwt_signing AND tenant_id:${e.tenantId}`}const tB=new s.OpenAPIHono().openapi(s.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:signing_keys","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(ly)}},description:"List of keys"}}}),async e=>{const t=await XA(e),{signingKeys:n}=await e.env.data.keys.list({q:ek(t)}),i=n.filter(r=>"cert"in r).map(r=>r);return e.json(i)}).openapi(s.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({kid:s.z.string().regex(/^[A-Za-z0-9._-]+$/)})},security:[{Bearer:["read:signing_keys","auth:read"]}],responses:{200:{content:{"application/json":{schema:ly}},description:"The requested key"}}}),async e=>{const{kid:t}=e.req.valid("param"),{signingKeys:n}=await e.env.data.keys.list({q:`type:jwt_signing AND kid:${t}`}),i=n.find(r=>r.kid===t);if(!i)throw new z(404,{message:"Key not found"});if(e.var.tenant_id&&i.tenant_id&&i.tenant_id!==e.var.tenant_id)throw new z(404,{message:"Key not found"});return e.json(i)}).openapi(s.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:signing_keys","auth:write"]}],responses:{201:{description:"Status"}}}),async e=>{const t=await XA(e);let n=0;const i=100;for(;;){const{signingKeys:o}=await e.env.data.keys.list({q:ek(t),page:n,per_page:i});for(const a of o)await e.env.data.keys.update(a.kid,{revoked_at:new Date(Date.now()+eB).toISOString()});if(o.length<i)break;n++}const r=await Ef({name:`CN=${e.env.ORGANIZATION_NAME}`});return await e.env.data.keys.create({...r,type:"jwt_signing",current_since:new Date().toISOString(),...t==="control-plane"?{}:{tenant_id:t.tenantId}}),e.text("OK",{status:201})}).openapi(s.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({kid:s.z.string().regex(/^[A-Za-z0-9._-]+$/)})},security:[{Bearer:["update:signing_keys","auth:write"]}],responses:{201:{description:"Status"}}}),async e=>{const{kid:t}=e.req.valid("param"),n=e.var.tenant_id,{signingKeys:i}=await e.env.data.keys.list({q:`type:jwt_signing AND kid:${t}`}),r=i.find(c=>c.kid===t);if(!r)throw new z(404,{message:"Key not found"});if(n&&r.tenant_id&&r.tenant_id!==n)throw new z(404,{message:"Key not found"});if(!await e.env.data.keys.update(t,{revoked_at:new Date().toISOString()}))throw new z(404,{message:"Key not found"});const a=await Ef({name:`CN=${e.env.ORGANIZATION_NAME}`});return await e.env.data.keys.create({...a,type:"jwt_signing",current_since:new Date().toISOString(),...r.tenant_id?{tenant_id:r.tenant_id}:{}}),e.text("OK")}),nB=new s.OpenAPIHono().openapi(s.createRoute({tags:["users"],method:"get",path:"/",request:{query:s.z.object({email:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"tenant/json":{schema:s.z.array(Iw)}},description:"List of users"}}}),async e=>{const{email:t}=e.req.valid("query"),i=(await eb(e.env.data.users,e.var.tenant_id,t)).filter(r=>!r.linked_to);return e.json(i)}),iB=Et.extend({clients:s.z.array(Do)}),tk=s.z.object({enabled_connections:s.z.array(s.z.object({connection_id:s.z.string(),connection:Dr.optional()}))}),rB=s.z.array(s.z.string()),oB=new s.OpenAPIHono().openapi(s.createRoute({tags:["clients"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:clients","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([iB,s.z.array(Do)])}},description:"List of clients"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.clients.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a}),l=c.clients;return r?e.json({clients:l,start:c.totals?.start??0,limit:c.totals?.limit??i,length:c.totals?.length??l.length,total:c.totals?.total}):e.json(l)}).openapi(s.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:clients","auth:read"]}],responses:{200:{content:{"application/json":{schema:Do}},description:"A client"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.clients.get(t,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:clients","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.clients.remove(t,n))throw new z(404,{message:"Client not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Client",targetType:"client",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(bp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:clients","auth:write"]}],responses:{200:{content:{"application/json":{schema:Do}},description:"The updated client"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=i,o=await e.env.data.clients.get(t,n);await e.env.data.clients.update(t,n,r);const a=await e.env.data.clients.get(t,n);if(!a)throw new z(404,{message:"Client not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Client",beforeState:o,afterState:a,targetType:"client",targetId:n,body:i}),e.json(a)}).openapi(s.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(bp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:clients","auth:write"]}],responses:{201:{content:{"application/json":{schema:s.z.object(Do.shape)}},description:"A client"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i={...n,client_id:n.client_id||Ue(),client_secret:n.client_secret||Ue()},r=await e.env.data.clients.create(t,i);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Client",afterState:r,targetType:"client",targetId:r.client_id}),e.json(r,{status:201})}).openapi(s.createRoute({tags:["clients"],method:"get",path:"/{id}/connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:clients","auth:read"]}],responses:{200:{content:{"application/json":{schema:tk}},description:"List of connections enabled for this client"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.clients.get(t,n);if(!i)throw new z(404,{message:"Client not found"});const r=i.connections&&i.connections.length>0;let o;if(r)o=await Promise.all(i.connections.map(async a=>{const c=await e.env.data.connections.get(t,a);return{connection_id:a,connection:c||void 0}}));else{const{connections:a}=await e.env.data.connections.list(t,{});o=a.filter(c=>c.id).map(c=>({connection_id:c.id,connection:c}))}return e.json({enabled_connections:o})}).openapi(s.createRoute({tags:["clients"],method:"patch",path:"/{id}/connections",request:{body:{content:{"application/json":{schema:rB}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:clients","auth:write"]}],responses:{200:{content:{"application/json":{schema:tk}},description:"Updated list of connections for this client"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.clients.get(t,n))throw new z(404,{message:"Client not found"});const o=[];for(const c of i)await e.env.data.connections.get(t,c)&&o.push(c);await e.env.data.clientConnections.updateByClient(t,n,o);const a=await Promise.all(o.map(async c=>{const l=await e.env.data.connections.get(t,c);return{connection_id:c,connection:l||void 0}}));return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Client Connections",targetType:"client_connection",targetId:n}),e.json({enabled_connections:a})}),sB=new s.OpenAPIHono().openapi(s.createRoute({tags:["tenants","settings"],method:"get",path:"/settings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:tenants","auth:read"]}],responses:{200:{content:{"application/json":{schema:xp}},description:"Current tenant settings"}}}),async e=>{const t=await e.env.data.tenants.get(e.var.tenant_id);if(!t)throw new z(404,{message:"Tenant not found"});return e.json(t)}).openapi(s.createRoute({tags:["tenants","settings"],method:"patch",path:"/settings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(qw.shape).partial()}}}},security:[{Bearer:["update:tenants","auth:write"]}],responses:{200:{content:{"application/json":{schema:xp}},description:"Updated tenant settings"}}}),async e=>{const t=e.req.valid("json"),{id:n,...i}=t,r=await e.env.data.tenants.get(e.var.tenant_id);if(!r)throw new z(404,{message:"Tenant not found"});const o=Jw(r,i);await e.env.data.tenants.update(e.var.tenant_id,o);const a=await e.env.data.tenants.get(e.var.tenant_id);if(!a)throw new z(500,{message:"Failed to retrieve updated tenant"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update tenant settings",targetType:"tenant",targetId:e.var.tenant_id,beforeState:r,afterState:a}),e.json(a)}),aB=Et.extend({logs:s.z.array($a)}),cB=new s.OpenAPIHono().openapi(s.createRoute({tags:["logs"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:logs","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array($a),aB])}},description:"List of log rows"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.logs.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o});return i?e.json(a):e.json(a.logs)}).openapi(s.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:logs","auth:read"]}],responses:{200:{content:{"application/json":{schema:$a}},description:"A log entry"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.logs.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}),lB=J4.extend({created_at:s.z.string(),processed_at:s.z.string().nullable(),retry_count:s.z.number(),next_retry_at:s.z.string().nullable(),error:s.z.string().nullable(),dead_lettered_at:s.z.string().nullable().optional(),final_error:s.z.string().nullable().optional()}),dB=s.z.object({events:s.z.array(lB),start:s.z.number(),limit:s.z.number(),length:s.z.number()}),uB=new s.OpenAPIHono().openapi(s.createRoute({tags:["failed-events"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:logs","auth:read"]}],responses:{200:{content:{"application/json":{schema:dB}},description:"Dead-lettered outbox events"}}}),async e=>{const t=e.env.data.outbox;if(!t)throw new z(501,{message:"Outbox is not configured for this adapter"});const{page:n,per_page:i,include_totals:r}=e.req.valid("query"),o=await t.listFailed(e.var.tenant_id,{page:n,per_page:i,include_totals:r});return e.json({events:o.events,start:o.start,limit:o.limit,length:o.length})}).openapi(s.createRoute({tags:["failed-events"],method:"post",path:"/{id}/retry",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["update:logs","auth:write"]}],responses:{200:{content:{"application/json":{schema:s.z.object({id:s.z.string(),replayed:s.z.boolean()})}},description:"Event queued for retry"},404:{description:"Not found"}}}),async e=>{const t=e.env.data.outbox;if(!t)throw new z(501,{message:"Outbox is not configured for this adapter"});const{id:n}=e.req.valid("param");if(!await t.replay(n,e.var.tenant_id))throw new z(404,{message:"Dead-lettered event not found"});return e.json({id:n,replayed:!0})}),pB=Et.extend({hooks:s.z.array(aa)}),fB=new s.OpenAPIHono().openapi(s.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:hooks","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(aa),pB])}},description:"List of hooks"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.hooks.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o});return i?e.json(a):e.json(a.hooks)}).openapi(s.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:ay}}}},security:[{Bearer:["create:hooks","auth:write"]}],responses:{201:{content:{"application/json":{schema:aa}},description:"The created hook"}}}),async e=>{const t=e.req.valid("json"),n={...t,hook_id:t.hook_id||kC()},i=await e.env.data.hooks.create(e.var.tenant_id,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Hook",targetType:"hook",targetId:i.hook_id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({hook_id:s.z.string()}),body:{content:{"application/json":{schema:s.z.union(ay.options.map(e=>e.omit({hook_id:!0}).partial()))}}}},security:[{Bearer:["update:hooks","auth:write"]}],responses:{200:{content:{"application/json":{schema:aa}},description:"The updated hook"},404:{description:"Hook not found"}}}),async e=>{const{hook_id:t}=e.req.valid("param"),n=e.req.valid("json");await e.env.data.hooks.update(e.var.tenant_id,t,n);const i=await e.env.data.hooks.get(e.var.tenant_id,t);if(!i)throw new z(404,{message:"Hook not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Hook",targetType:"hook",targetId:t,afterState:i}),e.json(i)}).openapi(s.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({hook_id:s.z.string()})},security:[{Bearer:["read:hooks","auth:read"]}],responses:{200:{content:{"application/json":{schema:aa}},description:"A hook"},404:{description:"Hook not found"}}}),async e=>{const{hook_id:t}=e.req.valid("param"),n=await e.env.data.hooks.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Hook not found"});return e.json(n)}).openapi(s.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({hook_id:s.z.string()})},security:[{Bearer:["delete:hooks","auth:write"]}],responses:{200:{description:"A hook"}}}),async e=>{const{hook_id:t}=e.req.valid("param");if(!await e.env.data.hooks.remove(e.var.tenant_id,t))throw new z(404,{message:"Hook not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Hook",targetType:"hook",targetId:t}),e.text("OK")}),nk=Bw.extend({deploymentStatus:s.z.enum(["deployed","failed","not_required"]),deploymentError:s.z.string().optional()}),hB=new s.OpenAPIHono().openapi(s.createRoute({tags:["hook-code"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Sp}}}},security:[{Bearer:["create:hooks","auth:write"]}],responses:{201:{content:{"application/json":{schema:nk}},description:"The created hook code"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.hookCode.create(e.var.tenant_id,t);let i="not_required",r;if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(n.id,t.code),i="deployed"}catch(o){i="failed",r=o instanceof Error?o.message:String(o),await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy hook code ${n.id}: ${r}`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create hook code",targetType:"hook_code",targetId:n.id}),e.json({...n,deploymentStatus:i,deploymentError:r},{status:201})}).openapi(s.createRoute({tags:["hook-code"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:hooks","auth:read"]}],responses:{200:{content:{"application/json":{schema:Bw}},description:"The hook code"},404:{description:"Hook code not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.hookCode.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Hook code not found"});return e.json(n)}).openapi(s.createRoute({tags:["hook-code"],method:"put",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:Sp}}}},security:[{Bearer:["update:hooks","auth:write"]}],responses:{200:{content:{"application/json":{schema:nk}},description:"The updated hook code"},404:{description:"Hook code not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.hookCode.update(e.var.tenant_id,t,n))throw new z(404,{message:"Hook code not found"});const r=await e.env.data.hookCode.get(e.var.tenant_id,t);if(!r)throw new z(404,{message:"Hook code not found"});let o="not_required",a;if(n.code!==void 0&&e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,n.code),o="deployed"}catch(c){o="failed",a=c instanceof Error?c.message:String(c),await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to deploy hook code ${t}: ${a}`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update hook code",targetType:"hook_code",targetId:t}),e.json({...r,deploymentStatus:o,deploymentError:a})}).openapi(s.createRoute({tags:["hook-code"],method:"delete",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["delete:hooks","auth:write"]}],responses:{200:{description:"Hook code deleted"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.hookCode.remove(e.var.tenant_id,t))throw new z(404,{message:"Hook code not found"});if(e.env.codeExecutor?.remove)try{await e.env.codeExecutor.remove(t)}catch(i){await R(e,e.var.tenant_id,{type:O.FAILED_HOOK,description:`Failed to remove hook worker ${t}: ${i instanceof Error?i.message:String(i)}`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete hook code",targetType:"hook_code",targetId:t}),e.text("OK")});s.z.object({start:s.z.number(),limit:s.z.number(),length:s.z.number()});ah.extend({email:s.z.string(),login_count:s.z.number(),multifactor:s.z.array(s.z.string()).optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string()}).catchall(s.z.any());const gB=Et.extend({connections:s.z.array(Dr)}),mB=s.z.object({enabled_clients:s.z.array(s.z.object({client_id:s.z.string(),name:s.z.string()}))}),yB=s.z.array(s.z.object({client_id:s.z.string(),status:s.z.boolean()})),_B=new s.OpenAPIHono().openapi(s.createRoute({tags:["connections"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Dr),gB])}},description:"List of connectionss"}}}),async e=>{const{page:t,per_page:n,include_totals:i=!1,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.connections.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o});return i?e.json(a):e.json(a.connections)}).openapi(s.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:Dr}},description:"A connection"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.connections.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}).openapi(s.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:connections","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!await e.env.data.connections.remove(n,t))throw new z(404,{message:"Connection not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Connection",targetType:"connection",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Ap.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:connections","auth:write"]}],responses:{200:{content:{"application/json":{schema:Dr}},description:"The updated connection"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.var.tenant_id,r=await e.env.data.connections.get(i,t);if(!await e.env.data.connections.update(i,t,n))throw new z(404,{message:"Connection not found"});const a=await e.env.data.connections.get(i,t);if(!a)throw new z(404,{message:"Connection not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Connection",beforeState:r,afterState:a,targetType:"connection",targetId:t,body:n}),e.json(a)}).openapi(s.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Ap.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:connections","auth:write"]}],responses:{201:{content:{"application/json":{schema:Dr}},description:"A connection"}}}),async e=>{const t=e.req.valid("json"),n=e.var.tenant_id,i=t.id||xF(),r=await e.env.data.connections.create(n,{...t,id:i});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Connection",afterState:r,targetType:"connection",targetId:r.id}),e.json(r,{status:201})}).openapi(s.createRoute({tags:["connections"],method:"get",path:"/{id}/clients",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:mB}},description:"List of clients enabled for this connection"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.connections.get(e.var.tenant_id,t))throw new z(404,{message:"Connection not found"});const{clients:i}=await e.env.data.clients.list(e.var.tenant_id,{per_page:1e3}),r=i.filter(o=>o.connections?.includes(t)).map(o=>({client_id:o.client_id,name:o.name}));return e.json({enabled_clients:r})}).openapi(s.createRoute({tags:["connections"],method:"patch",path:"/{id}/clients",request:{body:{content:{"application/json":{schema:yB}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:connections","auth:write"]}],responses:{204:{description:"Clients updated successfully (No Content)"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.connections.get(e.var.tenant_id,t))throw new z(404,{message:"Connection not found"});for(const r of n){const o=await e.env.data.clients.get(e.var.tenant_id,r.client_id);if(!o)continue;const a=o.connections||[];r.status?a.includes(t)||await e.env.data.clients.update(e.var.tenant_id,r.client_id,{connections:[...a,t]}):a.includes(t)&&await e.env.data.clients.update(e.var.tenant_id,r.client_id,{connections:a.filter(c=>c!==t)})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Connection Clients",targetType:"connection_client",targetId:t}),e.body(null,204)}),wB=new s.OpenAPIHono().openapi(s.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:prompts","auth:read"]}],responses:{200:{content:{"application/json":{schema:Ko}},description:"Branding settings"}}}),async e=>{const t=await e.env.data.promptSettings.get(e.var.tenant_id);return t?e.json(t):e.json(Ko.parse({}))}).openapi(s.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Ko.shape).partial()}}}},security:[{Bearer:["update:prompts","auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.promptSettings.get(e.var.tenant_id);return Object.assign(n,t),await e.env.data.promptSettings.set(e.var.tenant_id,n),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Prompt Settings",targetType:"prompt_settings",targetId:e.var.tenant_id}),e.json(n)}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/custom-text",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:prompts","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.object({prompt:pa,language:s.z.string()}))}},description:"List of custom text entries"}}}),async e=>{const t=await e.env.data.customText.list(e.var.tenant_id);return e.json(t)}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/custom-text/defaults",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),query:s.z.object({language:s.z.string().optional(),prompt:s.z.string().optional()})},security:[{Bearer:["read:prompts","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.object({prompt:s.z.string(),language:s.z.string(),custom_text:zo}))}},description:"Bundled default text for every prompt/language shipped with authhero. authhero extension; not available in Auth0."}}}),async e=>{const{language:t,prompt:n}=e.req.valid("query");return e.json(BO({language:t,prompt:n}))}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:pa,language:s.z.string()})},security:[{Bearer:["read:prompts","auth:read"]}],responses:{200:{content:{"application/json":{schema:zo}},description:"Custom text for the prompt and language"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param"),i=await e.env.data.customText.get(e.var.tenant_id,t,n);return e.json(i??{})}).openapi(s.createRoute({tags:["prompts"],method:"put",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:pa,language:s.z.string()}),body:{content:{"application/json":{schema:zo}}}},security:[{Bearer:["update:prompts","auth:write"]}],responses:{200:{content:{"application/json":{schema:zo}},description:"Updated custom text"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param"),i=await e.req.json(),r=zo.parse(i);return await e.env.data.customText.set(e.var.tenant_id,t,n,r),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Set Custom Text",targetType:"custom_text",targetId:e.var.tenant_id}),e.json(r)}).openapi(s.createRoute({tags:["prompts"],method:"delete",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:pa,language:s.z.string()})},security:[{Bearer:["delete:prompts","auth:write"]}],responses:{204:{description:"Custom text deleted"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param");return await e.env.data.customText.delete(e.var.tenant_id,t,n),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete Custom Text",targetType:"custom_text",targetId:e.var.tenant_id}),e.body(null,204)});let ik=!1;function iv(e){e.use(async(t,n)=>(ik||(e.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${t.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),ik=!0),await n()))}var P5=e=>N5(e.replace(/_|-/g,t=>({_:"/","-":"+"})[t]??t)),N5=e=>{const t=atob(e),n=new Uint8Array(new ArrayBuffer(t.length)),i=t.length/2;for(let r=0,o=t.length-1;r<=i;r++,o--)n[r]=t.charCodeAt(r),n[o]=t.charCodeAt(o);return n},Rl=(e=>(e.HS256="HS256",e.HS384="HS384",e.HS512="HS512",e.RS256="RS256",e.RS384="RS384",e.RS512="RS512",e.PS256="PS256",e.PS384="PS384",e.PS512="PS512",e.ES256="ES256",e.ES384="ES384",e.ES512="ES512",e.EdDSA="EdDSA",e))(Rl||{}),bB=class extends Error{constructor(e){super(`${e} is not an implemented algorithm`),this.name="JwtAlgorithmNotImplemented"}},rk=class extends Error{constructor(){super('JWT verification requires "alg" option to be specified'),this.name="JwtAlgorithmRequired"}},vB=class extends Error{constructor(e,t){super(`JWT algorithm mismatch: expected "${e}", got "${t}"`),this.name="JwtAlgorithmMismatch"}},R_=class extends Error{constructor(e){super(`invalid JWT token: ${e}`),this.name="JwtTokenInvalid"}},AB=class extends Error{constructor(e){super(`token (${e}) is being used before it's valid`),this.name="JwtTokenNotBefore"}},kB=class extends Error{constructor(e){super(`token (${e}) expired`),this.name="JwtTokenExpired"}},SB=class extends Error{constructor(e,t){super(`Invalid "iat" claim, must be a valid number lower than "${e}" (iat: "${t}")`),this.name="JwtTokenIssuedAt"}},dm=class extends Error{constructor(e,t){super(`expected issuer "${e}", got ${t?`"${t}"`:"none"} `),this.name="JwtTokenIssuer"}},EB=class extends Error{constructor(e){super(`jwt header is invalid: ${JSON.stringify(e)}`),this.name="JwtHeaderInvalid"}},xB=class extends Error{constructor(e){super(`token(${e}) signature mismatched`),this.name="JwtTokenSignatureMismatched"}},CB=class extends Error{constructor(e){super(`required "aud" in jwt payload: ${JSON.stringify(e)}`),this.name="JwtPayloadRequiresAud"}},TB=class extends Error{constructor(e,t){super(`expected audience "${Array.isArray(e)?e.join(", "):e}", got "${t}"`),this.name="JwtTokenAudience"}},xf=(e=>(e.Encrypt="encrypt",e.Decrypt="decrypt",e.Sign="sign",e.Verify="verify",e.DeriveKey="deriveKey",e.DeriveBits="deriveBits",e.WrapKey="wrapKey",e.UnwrapKey="unwrapKey",e))(xf||{}),F5=new TextEncoder,$B=new TextDecoder;async function IB(e,t,n,i){const r=PB(t),o=await zB(e,r);return await crypto.subtle.verify(r,o,n,i)}function ok(e){return N5(e.replace(/-+(BEGIN|END).*?-+/g,"").replace(/\s/g,""))}async function zB(e,t){if(!crypto.subtle||!crypto.subtle.importKey)throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");if(NB(e)){if(e.type==="public"||e.type==="secret")return e;e=await sk(e)}if(typeof e=="string"&&e.includes("PRIVATE")){const i=await crypto.subtle.importKey("pkcs8",ok(e),t,!0,[xf.Sign]);e=await sk(i)}const n=[xf.Verify];return typeof e=="object"?await crypto.subtle.importKey("jwk",e,t,!1,n):e.includes("PUBLIC")?await crypto.subtle.importKey("spki",ok(e),t,!1,n):await crypto.subtle.importKey("raw",F5.encode(e),t,!1,n)}async function sk(e){if(e.type!=="private")throw new Error(`unexpected key type: ${e.type}`);if(!e.extractable)throw new Error("unexpected private key is unextractable");const t=await crypto.subtle.exportKey("jwk",e),{kty:n}=t,{alg:i,e:r,n:o}=t,{crv:a,x:c,y:l}=t;return{kty:n,alg:i,e:r,n:o,crv:a,x:c,y:l,key_ops:[xf.Verify]}}function PB(e){switch(e){case"HS256":return{name:"HMAC",hash:{name:"SHA-256"}};case"HS384":return{name:"HMAC",hash:{name:"SHA-384"}};case"HS512":return{name:"HMAC",hash:{name:"SHA-512"}};case"RS256":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}};case"RS384":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-384"}};case"RS512":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-512"}};case"PS256":return{name:"RSA-PSS",hash:{name:"SHA-256"},saltLength:32};case"PS384":return{name:"RSA-PSS",hash:{name:"SHA-384"},saltLength:48};case"PS512":return{name:"RSA-PSS",hash:{name:"SHA-512"},saltLength:64};case"ES256":return{name:"ECDSA",hash:{name:"SHA-256"},namedCurve:"P-256"};case"ES384":return{name:"ECDSA",hash:{name:"SHA-384"},namedCurve:"P-384"};case"ES512":return{name:"ECDSA",hash:{name:"SHA-512"},namedCurve:"P-521"};case"EdDSA":return{name:"Ed25519",namedCurve:"Ed25519"};default:throw new bB(e)}}function NB(e){return Ww()==="node"&&crypto.webcrypto?e instanceof crypto.webcrypto.CryptoKey:e instanceof CryptoKey}var ak=e=>JSON.parse($B.decode(P5(e)));function FB(e){if(typeof e=="object"&&e!==null){const t=e;return"alg"in t&&Object.values(Rl).includes(t.alg)&&(!("typ"in t)||t.typ==="JWT")}return!1}var OB=async(e,t,n)=>{if(!n)throw new rk;const{alg:i,iss:r,nbf:o=!0,exp:a=!0,iat:c=!0,aud:l}=typeof n=="string"?{alg:n}:n;if(!i)throw new rk;const d=e.split(".");if(d.length!==3)throw new R_(e);const{header:u,payload:p}=O5(e);if(!FB(u))throw new EB(u);if(u.alg!==i)throw new vB(i,u.alg);const f=Math.floor(Date.now()/1e3);if(o&&p.nbf!==void 0&&(typeof p.nbf!="number"||!Number.isFinite(p.nbf)||p.nbf>f))throw new AB(e);if(a&&p.exp!==void 0&&(typeof p.exp!="number"||!Number.isFinite(p.exp)||p.exp<=f))throw new kB(e);if(c&&p.iat!==void 0&&(typeof p.iat!="number"||!Number.isFinite(p.iat)||f<p.iat))throw new SB(f,p.iat);if(r){if(!p.iss)throw new dm(r,null);if(typeof r=="string"&&p.iss!==r)throw new dm(r,p.iss);if(r instanceof RegExp&&!r.test(p.iss))throw new dm(r,p.iss)}if(l){if(!p.aud)throw new CB(p);if(!(Array.isArray(p.aud)?p.aud:[p.aud]).some(y=>l instanceof RegExp?l.test(y):typeof l=="string"?y===l:Array.isArray(l)&&l.includes(y)))throw new TB(l,p.aud)}const h=e.substring(0,e.lastIndexOf("."));if(!await IB(t,i,P5(d[2]),F5.encode(h)))throw new xB(e);return p};Rl.HS256,Rl.HS384,Rl.HS512;var O5=e=>{const t=e.split(".");if(t.length!==3)throw new R_(e);try{const n=ak(t[0]),i=ak(t[1]);return{header:n,payload:i}}catch{throw new R_(e)}},j5={verify:OB,decode:O5},jB=j5.verify,RB=j5.decode;const ha={"P-256":"ES256","P-384":"ES384","P-521":"ES512"},DB={RS256:"SHA-256",RS384:"SHA-384",RS512:"SHA-512"},BB=new Set(["RS256","RS384","RS512","ES256","ES384","ES512"]);function LB(e){return typeof e=="string"&&BB.has(e)}function R5(e){if(LB(e.alg)){if(e.kty==="RSA"&&e.alg.startsWith("RS"))return e.alg;if(e.kty==="EC"&&e.alg.startsWith("ES")){const t=e.crv&&e.crv in ha?ha[e.crv]:void 0;if(t&&t!==e.alg)throw new Error(`EC alg/curve mismatch: curve ${e.crv} requires ${t}, got ${e.alg}`);return e.alg}}if(e.kty==="RSA")return"RS256";if(e.kty==="EC"){if(!e.crv||!(e.crv in ha))throw new Error(`Unsupported EC curve: ${e.crv??"(missing)"}`);return ha[e.crv]}throw new Error(`Unsupported JWK kty: ${e.kty}`)}function rv(e,t){if(e.kty==="RSA"){const n=DB[t];if(!n)throw new Error(`Unsupported RSA alg: ${t}`);return{name:"RSASSA-PKCS1-v1_5",hash:n}}if(e.kty==="EC"){if(!e.crv||!(e.crv in ha))throw new Error(`Unsupported EC curve: ${e.crv??"(missing)"}`);const n=ha[e.crv];if(t!==n)throw new Error(`EC alg/curve mismatch: curve ${e.crv} requires ${n}, got ${t}`);return{name:"ECDSA",namedCurve:e.crv}}throw new Error(`Unsupported JWK kty: ${e.kty}`)}const MB=["RS256","ES256","ES384","ES512"];async function D5(e){const n=await new Xr(e).publicKey.export(),i=await crypto.subtle.exportKey("jwk",n);return R5(i)}async function B5(e){return Promise.all(e.map(async t=>{const i=await new Xr(t.cert).publicKey.export(),r=await crypto.subtle.exportKey("jwk",i),o=r.alg??R5(r);return dh.parse({...r,alg:o,use:"sig",kid:t.kid})}))}async function um(e){const{signingKeys:t}=await e.keys.list({q:"type:jwt_signing"});return B5(t)}async function UB(e,t,n){const i=await nv(e.keys,t,n,{purpose:"publish"});return B5(i)}async function qB(e){if(e.JWKS_URL&&e.JWKS_SERVICE)try{const t=await e.JWKS_SERVICE.fetch(e.JWKS_URL);if(!t.ok)return console.warn(`JWKS fetch failed with status ${t.status}, falling back to database`),await um(e.data);const n=await t.json();return s.z.object({keys:s.z.array(dh)}).parse(n).keys}catch(t){return console.warn(`JWKS fetch error: ${t instanceof Error?t.message:"Unknown error"}, falling back to database`),await um(e.data)}return await um(e.data)}function HB(e){switch(e){case"RS256":case"RS384":case"RS512":case"ES256":case"ES384":case"ES512":return e;default:throw new U(401,{message:`Unsupported JWS alg: ${e??"(missing)"}`})}}async function Cf(e,t){try{const{header:n}=RB(t),i=HB(n?.alg),o=(await qB(e.env)).find(d=>d.kid===n.kid);if(!o)throw new U(401,{message:"No matching kid found"});if(o.alg!==i)throw new U(401,{message:"alg mismatch between token header and JWK"});const a=rv(o,i),c=await crypto.subtle.importKey("jwk",o,a,!1,["verify"]);return await jB(t,c,i)}catch(n){throw n instanceof z?n:new U(403,{message:"Invalid JWT signature"})}}function ov(e){if(!e)return;const[t,n]=e.split(" ");if(!(!t||t.toLowerCase()!=="bearer"))return n?.trim()||void 0}function L5(e){if(!e)return{};const[t,n]=e.split(" ");if(t?.toLowerCase()!=="basic"||!n)return{};try{const[i,r]=atob(n).split(":");return!i||!r?{}:{client_id:i,client_secret:r}}catch{return{}}}const VB="urn:authhero:management";function KB(e){return e.replace(/:([a-zA-Z_][a-zA-Z0-9_]*)/g,"{$1}")}function pg(e){return async(t,n)=>{const i=t.req.matchedRoutes.find(l=>l.method.toUpperCase()===t.req.method&&l.path!=="/*");if(!i)return await n();const r=KB(i.path),o="/api/v2",a=r.startsWith(o)?r.slice(o.length)||"/":r,c=e.openAPIRegistry.definitions.find(l=>"route"in l&&l.route.path===a&&l.route.method.toUpperCase()===t.req.method.toUpperCase());if(c&&"route"in c){const l=c.route.security?.[0]?.Bearer;if(l===void 0)return await n();const d=ov(t.req.header("authorization"));if(!d)throw new U(401,{message:"Missing bearer token"});try{const u=await Cf(t,d);t.set("user_id",u.sub),t.set("user",u),u.org_name&&t.set("org_name",u.org_name),u.org_id&&t.set("organization_id",u.org_id),!t.var.tenant_id&&u.tenant_id&&t.set("tenant_id",u.tenant_id);const p=Array.isArray(u.permissions)?u.permissions:[],f=typeof u.scope=="string"?u.scope.split(" "):Array.isArray(u.scope)?u.scope:[];if(l.length&&!(l.some(h=>p.includes(h))||l.some(h=>f.includes(h))))throw new U(403,{message:"Unauthorized"})}catch(u){throw u instanceof z?u:new U(403,{message:"Invalid token"})}}return await n()}}const ck=new s.OpenAPIHono().openapi(s.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:emails","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.object(Ws.shape).partial()}},description:"Email provider"}}}),async e=>{const t=await e.env.data.emailProviders.get(e.var.tenant_id);return e.json(t??{})}).openapi(s.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Ws.shape)}}}},security:[{Bearer:["create:emails","auth:write"]}],responses:{201:{content:{"application/json":{schema:Ws}},description:"Email provider"},409:{description:"Email provider already configured"}}}),async e=>{const t=e.req.valid("json");if(await e.env.data.emailProviders.get(e.var.tenant_id))throw new z(409,{message:"Email provider already configured"});await e.env.data.emailProviders.create(e.var.tenant_id,t),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create Email Provider",targetType:"email_provider",targetId:e.var.tenant_id});const i=await e.env.data.emailProviders.get(e.var.tenant_id);return e.json(i??t,{status:201})}).openapi(s.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Ws.shape).partial()}}}},security:[{Bearer:["update:emails","auth:write"]}],responses:{200:{content:{"application/json":{schema:Ws}},description:"Email provider"}}}),async e=>{const t=e.req.valid("json");await e.env.data.emailProviders.update(e.var.tenant_id,t);const n=await e.env.data.emailProviders.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Email provider not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Email Provider",targetType:"email_provider",targetId:e.var.tenant_id}),e.json(n)}).openapi(s.createRoute({tags:["emails"],method:"delete",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:emails","auth:write"]}],responses:{204:{description:"Email provider deleted"},404:{description:"Email provider not found"}}}),async e=>{if(!await e.env.data.emailProviders.get(e.var.tenant_id))throw new z(404,{message:"Email provider not found"});return await e.env.data.emailProviders.remove(e.var.tenant_id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete Email Provider",targetType:"email_provider",targetId:e.var.tenant_id}),e.body(null,204)}),Cu=s.z.object({"tenant-id":s.z.string().optional()}),pm=s.z.object({templateName:Vw}),GB=Or.partial(),WB=new s.OpenAPIHono().openapi(s.createRoute({tags:["email-templates"],method:"post",path:"/",request:{headers:Cu,body:{content:{"application/json":{schema:Or}}}},security:[{Bearer:["create:email_templates","auth:write"]}],responses:{201:{content:{"application/json":{schema:Or}},description:"Email template"},409:{description:"Template already exists"}}}),async e=>{const t=e.req.valid("json");if(await e.env.data.emailTemplates.get(e.var.tenant_id,t.template))throw new z(409,{message:"Email template already configured"});const i=await e.env.data.emailTemplates.create(e.var.tenant_id,t);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create Email Template",targetType:"email_template",targetId:t.template}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["email-templates"],method:"get",path:"/{templateName}",request:{headers:Cu,params:pm},security:[{Bearer:["read:email_templates","auth:read"]}],responses:{200:{content:{"application/json":{schema:Or}},description:"Email template"},404:{description:"Template not found"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!n)throw new z(404,{message:"Email template not found"});return e.json(n)}).openapi(s.createRoute({tags:["email-templates"],method:"put",path:"/{templateName}",request:{headers:Cu,params:pm,body:{content:{"application/json":{schema:Or}}}},security:[{Bearer:["update:email_templates","auth:write"]}],responses:{200:{content:{"application/json":{schema:Or}},description:"Email template upserted"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=e.req.valid("json");if(n.template!==t)throw new z(400,{message:"Body template must match URL templateName"});await e.env.data.emailTemplates.get(e.var.tenant_id,t)?await e.env.data.emailTemplates.update(e.var.tenant_id,t,n):await e.env.data.emailTemplates.create(e.var.tenant_id,n);const r=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!r)throw new z(500,{message:`Email template not found after upsert (tenant_id=${e.var.tenant_id}, template=${t})`});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Email Template",targetType:"email_template",targetId:t}),e.json(r)}).openapi(s.createRoute({tags:["email-templates"],method:"patch",path:"/{templateName}",request:{headers:Cu,params:pm,body:{content:{"application/json":{schema:GB}}}},security:[{Bearer:["update:email_templates","auth:write"]}],responses:{200:{content:{"application/json":{schema:Or}},description:"Email template"},404:{description:"Template not found"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.emailTemplates.update(e.var.tenant_id,t,n))throw new z(404,{message:"Email template not found"});const r=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!r)throw new z(404,{message:"Email template not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Patch Email Template",targetType:"email_template",targetId:t}),e.json(r)}),JB=new s.OpenAPIHono().openapi(s.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:sessions","auth:read"]}],responses:{200:{content:{"application/json":{schema:uh}},description:"A session"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.sessions.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}).openapi(s.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:sessions","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.sessions.remove(e.var.tenant_id,t))throw new z(404,{message:"Session not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Session",targetType:"session",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:sessions","auth:write"]}],responses:{202:{description:"Sesssion deletion status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.sessions.update(e.var.tenant_id,t,{revoked_at:new Date().toISOString()}))throw new z(404,{message:"Session not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Revoke a Session",targetType:"session",targetId:t}),e.text("Session deletion request accepted.",{status:202})}),YB=new s.OpenAPIHono().openapi(s.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:refresh_tokens","auth:read"]}],responses:{200:{content:{"application/json":{schema:Kw}},description:"A session"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.refreshTokens.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}).openapi(s.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:refresh_tokens","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.refreshTokens.get(e.var.tenant_id,t),i=n?.family_id??n?.id;if(i&&await e.env.data.refreshTokens.revokeFamily(e.var.tenant_id,i,new Date().toISOString()),!await e.env.data.refreshTokens.remove(e.var.tenant_id,t))throw new z(404,{message:"Session not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Refresh Token",targetType:"refresh_token",targetId:t}),e.text("OK")}),QB=new s.OpenAPIHono().openapi(s.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:custom_domains","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Fr)}},description:"List of custom domains"}}}),async e=>{const t=await e.env.data.customDomains.list(e.var.tenant_id);return e.json(t)}).openapi(s.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:custom_domains","auth:read"]}],responses:{200:{content:{"application/json":{schema:Fr}},description:"A customDomain"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.customDomains.get(e.var.tenant_id,t);if(!n)throw new z(404);return e.json(n)}).openapi(s.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:custom_domains","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.customDomains.remove(e.var.tenant_id,t))throw new z(404,{message:"Custom domain not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Custom Domain",targetType:"custom_domain",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Fr.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:custom_domains","auth:write"]}],responses:{200:{content:{"application/json":{schema:Fr}},description:"The updated custom domain"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.customDomains.update(e.var.tenant_id,t,n))throw new z(404);const r=await e.env.data.customDomains.get(e.var.tenant_id,t);if(!r)throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Custom Domain",targetType:"custom_domain",targetId:t,afterState:r}),e.json(r)}).openapi(s.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Nw.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:custom_domains","auth:write"]}],responses:{201:{content:{"application/json":{schema:Fr}},description:"The created custom domain"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.customDomains.create(e.var.tenant_id,t);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Custom Domain",targetType:"custom_domain",targetId:n.custom_domain_id,afterState:n}),e.json(n,{status:201})}).openapi(s.createRoute({tags:["custom-domains"],method:"post",path:"/{id}/verify",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:custom_domains","auth:write"]}],responses:{200:{content:{"application/json":{schema:Fr}},description:"The custom domain"}}}),async()=>{throw new z(501,{message:"Not implemented"})});function jc(e){const t=e.env.data.logStreams;if(!t)throw new z(501,{message:"Log streams are not supported by this adapter"});return t}const ZB=new s.OpenAPIHono().openapi(s.createRoute({tags:["log-streams"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:log_streams","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Gs)}},description:"List of log streams"}}}),async e=>{const n=await jc(e).list(e.var.tenant_id);return e.json(n)}).openapi(s.createRoute({tags:["log-streams"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:log_streams","auth:read"]}],responses:{200:{content:{"application/json":{schema:Gs}},description:"A log stream"}}}),async e=>{const t=jc(e),{id:n}=e.req.valid("param"),i=await t.get(e.var.tenant_id,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["log-streams"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Uw.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:log_streams","auth:write"]}],responses:{201:{content:{"application/json":{schema:Gs}},description:"The created log stream"}}}),async e=>{const t=jc(e),n=e.req.valid("json"),i=await t.create(e.var.tenant_id,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Log Stream",targetType:"log_stream",targetId:i.id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["log-streams"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(Gs.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:log_streams","auth:write"]}],responses:{200:{content:{"application/json":{schema:Gs}},description:"The updated log stream"}}}),async e=>{const t=jc(e),{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await t.update(e.var.tenant_id,n,i))throw new z(404);const o=await t.get(e.var.tenant_id,n);if(!o)throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Log Stream",targetType:"log_stream",targetId:n,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["log-streams"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:log_streams","auth:write"]}],responses:{204:{description:"Log stream deleted"}}}),async e=>{const t=jc(e),{id:n}=e.req.valid("param");if(!await t.remove(e.var.tenant_id,n))throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Log Stream",targetType:"log_stream",targetId:n}),e.body(null,204)});function fm(e){return!!e&&typeof e=="object"&&!Array.isArray(e)}function M5(e,t){if(!fm(t))return e;const n=fm(e)?{...e}:{};for(const[i,r]of Object.entries(t))n[i]=fm(r)?M5(n[i],r):r;return n}async function hm(e,t){const n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Tenant not found"});return n.attack_protection?.[t]??{}}async function gm(e,t,n){const i=await e.env.data.tenants.get(e.var.tenant_id);if(!i)throw new z(404,{message:"Tenant not found"});const r=i.attack_protection??{},o=M5(r[t]??{},n??{}),a={...r,[t]:o};return await e.env.data.tenants.update(e.var.tenant_id,{attack_protection:a}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:`Update Attack Protection (${t})`,targetType:"attack_protection",targetId:e.var.tenant_id}),a[t]}const XB=new s.OpenAPIHono().openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/breached-password-detection",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection","auth:read"]}],responses:{200:{content:{"application/json":{schema:ca}},description:"Breached password detection settings"}}}),async e=>e.json(await hm(e,"breached_password_detection"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/breached-password-detection",request:{body:{content:{"application/json":{schema:ca}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection","auth:write"]}],responses:{200:{content:{"application/json":{schema:ca}},description:"Updated settings"}}}),async e=>{const t=ca.parse(await e.req.json());return e.json(await gm(e,"breached_password_detection",t))}).openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/brute-force-protection",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection","auth:read"]}],responses:{200:{content:{"application/json":{schema:la}},description:"Brute force protection settings"}}}),async e=>e.json(await hm(e,"brute_force_protection"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/brute-force-protection",request:{body:{content:{"application/json":{schema:la}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection","auth:write"]}],responses:{200:{content:{"application/json":{schema:la}},description:"Updated settings"}}}),async e=>{const t=la.parse(await e.req.json());return e.json(await gm(e,"brute_force_protection",t))}).openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/suspicious-ip-throttling",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection","auth:read"]}],responses:{200:{content:{"application/json":{schema:da}},description:"Suspicious IP throttling settings"}}}),async e=>e.json(await hm(e,"suspicious_ip_throttling"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/suspicious-ip-throttling",request:{body:{content:{"application/json":{schema:da}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection","auth:write"]}],responses:{200:{content:{"application/json":{schema:da}},description:"Updated settings"}}}),async e=>{const t=da.parse(await e.req.json());return e.json(await gm(e,"suspicious_ip_throttling",t))});s.z.object({...Do.shape,tenant:xp,connections:s.z.array(Dr)});async function Ze(e,t,n){let i,r=n;if(!r){const f=await e.data.clients.getByClientId(t);if(!f)throw new U(403,{message:"Client not found"});const{tenant_id:h,...g}=f;i=g,r=h}const[o,a,c,l]=await Promise.all([i?Promise.resolve(i):e.data.clients.get(r,t),e.data.tenants.get(r),e.data.clientConnections.listByClient(r,t),e.data.connections.list(r)]),d=i||o;if(!d)throw new U(403,{message:"Client not found"});if(d.client_metadata?.status==="deleted")throw new U(403,{message:"Client not found"});if(!a)throw new U(404,{message:"Tenant not found"});const u=c.length>0?c:l.connections||[],p=Fn(e);return{...d,web_origins:[...d.web_origins||[],`${p}login`],allowed_logout_urls:[...d.allowed_logout_urls||[],e.ISSUER],callbacks:[...d.callbacks||[],`${p}info`],tenant:a,connections:u}}const D_="rt_",eL=7,tL=32,nL=new Date("2026-06-05T00:00:00.000Z");function lk(e){const t=new Uint8Array(e);return crypto.getRandomValues(t),t}function U5(){return{lookup:Rt.encode(lk(eL),{includePadding:!1}),secret:Rt.encode(lk(tL),{includePadding:!1})}}async function Tf(e){return Mp(await yh(new TextEncoder().encode(e)))}function q5(e,t){return`${D_}${e}.${t}`}function H5(e){if(e.startsWith(D_)){const t=e.slice(D_.length),n=t.indexOf(".");if(n>0&&n<t.length-1)return{kind:"new",lookup:t.slice(0,n),secret:t.slice(n+1)}}return{kind:"legacy",id:e}}function V5(e=new Date){return e<nL}const sv="0123456789ABCDEFGHJKMNPQRSTVWXYZ",B_=sv.length,iL=10,dk=16;function rL(e){let t="";for(let n=iL;n>0;n--)t=sv.charAt(e%B_)+t,e=Math.floor(e/B_);return t}function oL(){const e=new Uint8Array(dk);crypto.getRandomValues(e);let t="";for(let n=0;n<dk;n++)t+=sv.charAt(e[n]%B_);return t}function av(){return rL(Date.now())+oL()}function sL(){const e=new Uint8Array(32);return crypto.getRandomValues(e),Rt.encode(e,{includePadding:!1})}function K5(e){try{const n=/-----BEGIN (?:RSA )?(?:PRIVATE|PUBLIC) KEY-----([^-]*)-----END (?:RSA )?(?:PRIVATE|PUBLIC) KEY-----/.exec(e);if(!n||!n[1])throw new Error("Invalid PEM format");return Uint8Array.from(atob(n[1].replace(/\s/g,"")),i=>i.charCodeAt(0)).buffer}finally{e=e.replace(/./g,"\0")}}async function aL(e,t){if(t==="plain")return e;const n=new TextEncoder().encode(e),i=await yh(n);return Rt.encode(new Uint8Array(i),{includePadding:!1})}const cL={RS256:"SHA-256",RS384:"SHA-384",RS512:"SHA-512",ES256:"SHA-256",ES384:"SHA-384",ES512:"SHA-512",HS256:"SHA-256",HS384:"SHA-384",HS512:"SHA-512"};async function uk(e,t){const n=cL[t];if(!n)throw new Error(`Cannot compute id_token hash: unsupported signing alg ${t}`);const i=new TextEncoder().encode(e),r=await crypto.subtle.digest(n,i),o=new Uint8Array(r),a=o.slice(0,o.length/2);return Rt.encode(a,{includePadding:!1})}const cd="auth2",Tu=300,pk=720*60*60,eo=1440*60,lL="auth-token",ka=1800*1e3,L_=10080*60*1e3,dL=300,uL=300,pL=1800*1e3,fL=1800*1e3,hL=1440*60*1e3;var Wn={},fk;function gL(){if(fk)return Wn;fk=1,Object.defineProperty(Wn,"__esModule",{value:!0}),Wn.parseCookie=c,Wn.parse=c,Wn.stringifyCookie=l,Wn.stringifySetCookie=d,Wn.serialize=d,Wn.parseSetCookie=u,Wn.stringifySetCookie=d,Wn.serialize=d;const e=/^[\u0021-\u003A\u003C\u003E-\u007E]+$/,t=/^[\u0021-\u003A\u003C-\u007E]*$/,n=/^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i,i=/^[\u0020-\u003A\u003D-\u007E]*$/,r=/^-?\d+$/,o=Object.prototype.toString,a=(()=>{const _=function(){};return _.prototype=Object.create(null),_})();function c(_,y){const w=new a,b=_.length;if(b<2)return w;const A=y?.decode||g;let v=0;do{const k=f(_,v,b);if(k===-1)break;const x=p(_,v,b);if(k>x){v=_.lastIndexOf(";",k-1)+1;continue}const T=h(_,v,k);w[T]===void 0&&(w[T]=A(h(_,k+1,x))),v=x+1}while(v<b);return w}function l(_,y){const w=y?.encode||encodeURIComponent,b=[];for(const A of Object.keys(_)){const v=_[A];if(v===void 0)continue;if(!e.test(A))throw new TypeError(`cookie name is invalid: ${A}`);const k=w(v);if(!t.test(k))throw new TypeError(`cookie val is invalid: ${v}`);b.push(`${A}=${k}`)}return b.join("; ")}function d(_,y,w){const b=typeof _=="object"?_:{...w,name:_,value:String(y)},v=(typeof y=="object"?y:w)?.encode||encodeURIComponent;if(!e.test(b.name))throw new TypeError(`argument name is invalid: ${b.name}`);const k=b.value?v(b.value):"";if(!t.test(k))throw new TypeError(`argument val is invalid: ${b.value}`);let x=b.name+"="+k;if(b.maxAge!==void 0){if(!Number.isInteger(b.maxAge))throw new TypeError(`option maxAge is invalid: ${b.maxAge}`);x+="; Max-Age="+b.maxAge}if(b.domain){if(!n.test(b.domain))throw new TypeError(`option domain is invalid: ${b.domain}`);x+="; Domain="+b.domain}if(b.path){if(!i.test(b.path))throw new TypeError(`option path is invalid: ${b.path}`);x+="; Path="+b.path}if(b.expires){if(!m(b.expires)||!Number.isFinite(b.expires.valueOf()))throw new TypeError(`option expires is invalid: ${b.expires}`);x+="; Expires="+b.expires.toUTCString()}if(b.httpOnly&&(x+="; HttpOnly"),b.secure&&(x+="; Secure"),b.partitioned&&(x+="; Partitioned"),b.priority)switch(typeof b.priority=="string"?b.priority.toLowerCase():void 0){case"low":x+="; Priority=Low";break;case"medium":x+="; Priority=Medium";break;case"high":x+="; Priority=High";break;default:throw new TypeError(`option priority is invalid: ${b.priority}`)}if(b.sameSite)switch(typeof b.sameSite=="string"?b.sameSite.toLowerCase():b.sameSite){case!0:case"strict":x+="; SameSite=Strict";break;case"lax":x+="; SameSite=Lax";break;case"none":x+="; SameSite=None";break;default:throw new TypeError(`option sameSite is invalid: ${b.sameSite}`)}return x}function u(_,y){const w=y?.decode||g,b=_.length,A=p(_,0,b),v=f(_,0,A),k=v===-1?{name:"",value:w(h(_,0,A))}:{name:h(_,0,v),value:w(h(_,v+1,A))};let x=A+1;for(;x<b;){const T=p(_,x,b),I=f(_,x,T),F=I===-1?h(_,x,T):h(_,x,I),$=I===-1?void 0:h(_,I+1,T);switch(F.toLowerCase()){case"httponly":k.httpOnly=!0;break;case"secure":k.secure=!0;break;case"partitioned":k.partitioned=!0;break;case"domain":k.domain=$;break;case"path":k.path=$;break;case"max-age":$&&r.test($)&&(k.maxAge=Number($));break;case"expires":if(!$)break;const P=new Date($);Number.isFinite(P.valueOf())&&(k.expires=P);break;case"priority":if(!$)break;const N=$.toLowerCase();(N==="low"||N==="medium"||N==="high")&&(k.priority=N);break;case"samesite":if(!$)break;const D=$.toLowerCase();(D==="lax"||D==="strict"||D==="none")&&(k.sameSite=D);break}x=T+1}return k}function p(_,y,w){const b=_.indexOf(";",y);return b===-1?w:b}function f(_,y,w){const b=_.indexOf("=",y);return b<w?b:-1}function h(_,y,w){let b=y,A=w;do{const v=_.charCodeAt(b);if(v!==32&&v!==9)break}while(++b<A);for(;A>b;){const v=_.charCodeAt(A-1);if(v!==32&&v!==9)break;A--}return _.slice(b,A)}function g(_){if(_.indexOf("%")===-1)return _;try{return decodeURIComponent(_)}catch{return _}}function m(_){return o.call(_)==="[object Date]"}return Wn}var Qo=gL();function fg(e){return`${e}-${lL}`}function G5(e){if(!e)return!1;let t;if(e.startsWith("[")){const n=e.indexOf("]");if(n===-1)return!1;t=e.slice(1,n)}else t=e.split(":")[0]??"";return t?t==="localhost"||t==="host.docker.internal"||t==="::1"||/^127(?:\.\d{1,3}){3}$/.test(t):!1}function W5(e){if(!e)return;const[t]=e.split(":");if(!t||t==="localhost"||/^(\d{1,3}\.){3}\d{1,3}$/.test(t))return;const n=t.split(".");return n.length>2?`.${n.slice(-2).join(".")}`:`.${t}`}function mL(e,t){if(!t)return[];const n=fg(e),i=[],r=t.split(";");for(const o of r){const[a,...c]=o.trim().split("=");a===n&&c.length>0&&i.push(c.join("="))}return i}function Sr(e,t){return t?Qo.parse(t)[fg(e)]:void 0}function cv(e,t){const n=fg(e),i=G5(t),r={path:"/",httpOnly:!0,secure:!i,maxAge:0,sameSite:i?"lax":"none",domain:t?W5(t):void 0};return i?[Qo.serialize(n,"",r)]:[Qo.serialize(n,"",r),Qo.serialize(n,"",{...r,partitioned:!0})]}function lv(e,t,n){const i=fg(e),r=G5(n),o={path:"/",httpOnly:!0,secure:!r,sameSite:r?"lax":"none",domain:n?W5(n):void 0};return r?[Qo.serialize(i,t,{...o,maxAge:pk})]:[Qo.serialize(i,"",{...o,maxAge:0}),Qo.serialize(i,t,{...o,maxAge:pk,partitioned:!0})]}var yL=Object.defineProperty,_L=(e,t,n)=>t in e?yL(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n,Sa=(e,t,n)=>_L(e,typeof t!="symbol"?t+"":t,n);const Mt=s.z.object({"#text":s.z.string()}),wL=s.z.object({"#text":s.z.string(),"@_xmlns:saml":s.z.string().optional()});s.z.object({"samlp:AuthnRequest":s.z.object({"saml:Issuer":wL,"@_xmlns:samlp":s.z.string(),"@_xmlns:saml":s.z.string().optional(),"@_ForceAuthn":s.z.string().transform(e=>e.toLowerCase()==="true").optional(),"@_ID":s.z.string(),"@_IssueInstant":s.z.string().datetime(),"@_Destination":s.z.string().url(),"@_AssertionConsumerServiceURL":s.z.string().url().optional(),"@_ProtocolBinding":s.z.string().optional(),"@_Version":s.z.string()})});s.z.array(s.z.object({":@":s.z.object({"@_xmlns":s.z.string(),"@_entityID":s.z.string()}),EntityDescriptor:s.z.array(s.z.object({":@":s.z.object({"@_protocolSupportEnumeration":s.z.string()}),IDPSSODescriptor:s.z.array(s.z.union([s.z.object({KeyDescriptor:s.z.array(s.z.object({KeyInfo:s.z.array(s.z.object({X509Data:s.z.array(s.z.object({X509Certificate:s.z.array(Mt)}))})),":@":s.z.object({"@_xmlns":s.z.string()})})),":@":s.z.object({"@_use":s.z.string()})}),s.z.object({SingleLogoutService:s.z.array(s.z.object({})),":@":s.z.object({"@_Binding":s.z.string(),"@_Location":s.z.string()})}),s.z.object({NameIDFormat:s.z.array(Mt)}),s.z.object({SingleSignOnService:s.z.array(s.z.object({})),":@":s.z.object({"@_Binding":s.z.string(),"@_Location":s.z.string()})}),s.z.object({Attribute:s.z.array(s.z.object({})),":@":s.z.object({"@_Name":s.z.string(),"@_NameFormat":s.z.string(),"@_FriendlyName":s.z.string(),"@_xmlns":s.z.string()})})]))}))}));const bL=s.z.object({"saml:Attribute":s.z.array(s.z.object({"saml:AttributeValue":s.z.array(s.z.object({"#text":s.z.string()})),":@":s.z.object({"@_xmlns:xs":s.z.string().optional(),"@_xmlns:xsi":s.z.string(),"@_xsi:type":s.z.string()}).optional()})),":@":s.z.object({"@_Name":s.z.string(),"@_NameFormat":s.z.string(),"@_FriendlyName":s.z.string().optional()})}),vL=s.z.object({"ds:Transform":s.z.array(s.z.any()),":@":s.z.object({"@_Algorithm":s.z.string()})}),hk=s.z.object({"ds:Signature":s.z.array(s.z.union([s.z.object({"ds:SignedInfo":s.z.array(s.z.union([s.z.object({"ds:CanonicalizationMethod":s.z.array(s.z.object({":@":s.z.object({"@_Algorithm":s.z.string()})}))}),s.z.object({"ds:SignatureMethod":s.z.array(s.z.object({":@":s.z.object({"@_Algorithm":s.z.string()})}))}),s.z.object({"ds:Reference":s.z.array(s.z.union([s.z.object({"ds:Transforms":s.z.array(vL)}),s.z.object({"ds:DigestMethod":s.z.array(s.z.object({":@":s.z.object({"@_Algorithm":s.z.string()})}))}),s.z.object({"ds:DigestValue":s.z.array(Mt)})])),":@":s.z.object({"@_URI":s.z.string().optional()}).optional()})]))}),s.z.object({"ds:SignatureValue":s.z.array(Mt)}),s.z.object({"ds:KeyInfo":s.z.array(s.z.union([s.z.object({"ds:KeyValue":s.z.array(s.z.object({"ds:RSAKeyValue":s.z.array(s.z.union([s.z.object({"ds:Modulus":s.z.array(Mt)}),s.z.object({"ds:Exponent":s.z.array(Mt)})]))}))}),s.z.object({"ds:X509Data":s.z.array(s.z.object({"ds:X509Certificate":s.z.array(Mt)}))}),s.z.object({"ds:KeyValue":s.z.array(s.z.object({"ds:RSAKeyValue":s.z.array(s.z.union([s.z.object({"ds:Modulus":s.z.array(Mt)}),s.z.object({"ds:Exponent":s.z.array(Mt)})]))})),"ds:X509Data":s.z.array(s.z.object({"ds:X509Certificate":s.z.array(Mt)}))})]))})])),":@":s.z.object({"@_xmlns:ds":s.z.string().optional()}).optional()});s.z.array(s.z.object({"samlp:Response":s.z.array(s.z.union([s.z.object({"saml:Issuer":s.z.array(Mt)}),hk,s.z.object({"samlp:Status":s.z.array(s.z.object({"samlp:StatusCode":s.z.array(Mt),":@":s.z.object({"@_Value":s.z.string()})}))}),s.z.object({"saml:Assertion":s.z.array(s.z.union([s.z.object({"saml:Issuer":s.z.array(Mt)}),hk,s.z.object({"saml:Subject":s.z.array(s.z.union([s.z.object({"saml:NameID":s.z.array(Mt),":@":s.z.object({"@_Format":s.z.string()})}),s.z.object({"saml:SubjectConfirmation":s.z.array(s.z.object({"saml:SubjectConfirmationData":s.z.array(s.z.any()),":@":s.z.object({"@_InResponseTo":s.z.string(),"@_NotOnOrAfter":s.z.string(),"@_Recipient":s.z.string()})})),":@":s.z.object({"@_Method":s.z.string()})})]))}),s.z.object({"saml:Conditions":s.z.array(s.z.object({"saml:AudienceRestriction":s.z.array(s.z.object({"saml:Audience":s.z.array(Mt)}))})),":@":s.z.object({"@_NotBefore":s.z.string(),"@_NotOnOrAfter":s.z.string()})}),s.z.object({"saml:AuthnStatement":s.z.array(s.z.object({"saml:AuthnContext":s.z.array(s.z.object({"saml:AuthnContextClassRef":s.z.array(Mt)}))})),":@":s.z.object({"@_AuthnInstant":s.z.string(),"@_SessionIndex":s.z.string(),"@_SessionNotOnOrAfter":s.z.string()})}),s.z.object({"saml:AttributeStatement":s.z.array(bL)})])),":@":s.z.object({"@_xmlns":s.z.string(),"@_ID":s.z.string(),"@_IssueInstant":s.z.string(),"@_Version":s.z.string()})})])),":@":s.z.object({"@_xmlns:samlp":s.z.string(),"@_xmlns:saml":s.z.string(),"@_Destination":s.z.string(),"@_ID":s.z.string(),"@_InResponseTo":s.z.string(),"@_IssueInstant":s.z.string(),"@_Version":s.z.string()})}));var J5={};(function(e){const t=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",n=t+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",i="["+t+"]["+n+"]*",r=new RegExp("^"+i+"$"),o=function(d,u){const p=[];let f=u.exec(d);for(;f;){const h=[];h.startIndex=u.lastIndex-f[0].length;const g=f.length;for(let m=0;m<g;m++)h.push(f[m]);p.push(h),f=u.exec(d)}return p},a=function(d){const u=r.exec(d);return!(u===null||typeof u>"u")};e.isExist=function(d){return typeof d<"u"},e.isEmptyObject=function(d){return Object.keys(d).length===0},e.merge=function(d,u,p){if(u){const f=Object.keys(u),h=f.length;for(let g=0;g<h;g++)p==="strict"?d[f[g]]=[u[f[g]]]:d[f[g]]=u[f[g]]}},e.getValue=function(d){return e.isExist(d)?d:""};const c=["hasOwnProperty","toString","valueOf","__defineGetter__","__defineSetter__","__lookupGetter__","__lookupSetter__"],l=["__proto__","constructor","prototype"];e.isName=a,e.getAllMatches=o,e.nameRegexp=i,e.DANGEROUS_PROPERTY_NAMES=c,e.criticalProperties=l})(J5);const{DANGEROUS_PROPERTY_NAMES:uCe,criticalProperties:pCe}=J5;function AL(e){return typeof e=="function"?e:Array.isArray(e)?t=>{for(const n of e)if(typeof n=="string"&&t===n||n instanceof RegExp&&n.test(t))return!0}:()=>!1}var kL=AL;const SL=`
255
255
  `;function EL(e,t){let n="";return t.format&&t.indentBy.length>0&&(n=SL),Y5(e,t,"",n)}function Y5(e,t,n,i){let r="",o=!1;if(!Array.isArray(e)){if(e!=null){let a=e.toString();return a=M_(a,t),a}return""}for(let a=0;a<e.length;a++){const c=e[a],l=xL(c);if(l===void 0)continue;let d="";if(n.length===0?d=l:d=`${n}.${l}`,l===t.textNodeName){let g=c[l];CL(d,t)||(g=t.tagValueProcessor(l,g),g=M_(g,t)),o&&(r+=i),r+=g,o=!1;continue}else if(l===t.cdataPropName){o&&(r+=i),r+=`<![CDATA[${c[l][0][t.textNodeName]}]]>`,o=!1;continue}else if(l===t.commentPropName){r+=i+`<!--${c[l][0][t.textNodeName]}-->`,o=!0;continue}else if(l[0]==="?"){const g=gk(c[":@"],t),m=l==="?xml"?"":i;let _=c[l][0][t.textNodeName];_=_.length!==0?" "+_:"",r+=m+`<${l}${_}${g}?>`,o=!0;continue}let u=i;u!==""&&(u+=t.indentBy);const p=gk(c[":@"],t),f=i+`<${l}${p}`,h=Y5(c[l],t,d,u);t.unpairedTags.indexOf(l)!==-1?t.suppressUnpairedNode?r+=f+">":r+=f+"/>":(!h||h.length===0)&&t.suppressEmptyNode?r+=f+"/>":h&&h.endsWith(">")?r+=f+`>${h}${i}</${l}>`:(r+=f+">",h&&i!==""&&(h.includes("/>")||h.includes("</"))?r+=i+t.indentBy+h+i:r+=h,r+=`</${l}>`),o=!0}return r}function xL(e){const t=Object.keys(e);for(let n=0;n<t.length;n++){const i=t[n];if(Object.prototype.hasOwnProperty.call(e,i)&&i!==":@")return i}}function gk(e,t){let n="";if(e&&!t.ignoreAttributes)for(let i in e){if(!Object.prototype.hasOwnProperty.call(e,i))continue;let r=t.attributeValueProcessor(i,e[i]);r=M_(r,t),r===!0&&t.suppressBooleanAttributes?n+=` ${i.substr(t.attributeNamePrefix.length)}`:n+=` ${i.substr(t.attributeNamePrefix.length)}="${r}"`}return n}function CL(e,t){e=e.substr(0,e.length-t.textNodeName.length-1);let n=e.substr(e.lastIndexOf(".")+1);for(let i in t.stopNodes)if(t.stopNodes[i]===e||t.stopNodes[i]==="*."+n)return!0;return!1}function M_(e,t){if(e&&e.length>0&&t.processEntities)for(let n=0;n<t.entities.length;n++){const i=t.entities[n];e=e.replace(i.regex,i.val)}return e}var TL=EL;const $L=TL,IL=kL,zL={attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,cdataPropName:!1,format:!1,indentBy:" ",suppressEmptyNode:!1,suppressUnpairedNode:!0,suppressBooleanAttributes:!0,tagValueProcessor:function(e,t){return t},attributeValueProcessor:function(e,t){return t},preserveOrder:!1,commentPropName:!1,unpairedTags:[],entities:[{regex:new RegExp("&","g"),val:"&amp;"},{regex:new RegExp(">","g"),val:"&gt;"},{regex:new RegExp("<","g"),val:"&lt;"},{regex:new RegExp("'","g"),val:"&apos;"},{regex:new RegExp('"',"g"),val:"&quot;"}],processEntities:!0,stopNodes:[],oneListGroup:!1};function po(e){this.options=Object.assign({},zL,e),this.options.ignoreAttributes===!0||this.options.attributesGroupName?this.isAttribute=function(){return!1}:(this.ignoreAttributesFn=IL(this.options.ignoreAttributes),this.attrPrefixLen=this.options.attributeNamePrefix.length,this.isAttribute=FL),this.processTextOrObjNode=PL,this.options.format?(this.indentate=NL,this.tagEndChar=`>
256
256
  `,this.newLine=`
257
257
  `):(this.indentate=function(){return""},this.tagEndChar=">",this.newLine="")}po.prototype.build=function(e){return this.options.preserveOrder?$L(e,this.options):(Array.isArray(e)&&this.options.arrayNodeName&&this.options.arrayNodeName.length>1&&(e={[this.options.arrayNodeName]:e}),this.j2x(e,0,[]).val)};po.prototype.j2x=function(e,t,n){let i="",r="";const o=n.join(".");for(let a in e)if(Object.prototype.hasOwnProperty.call(e,a))if(typeof e[a]>"u")this.isAttribute(a)&&(r+="");else if(e[a]===null)this.isAttribute(a)||a===this.options.cdataPropName?r+="":a[0]==="?"?r+=this.indentate(t)+"<"+a+"?"+this.tagEndChar:r+=this.indentate(t)+"<"+a+"/"+this.tagEndChar;else if(e[a]instanceof Date)r+=this.buildTextValNode(e[a],a,"",t);else if(typeof e[a]!="object"){const c=this.isAttribute(a);if(c&&!this.ignoreAttributesFn(c,o))i+=this.buildAttrPairStr(c,""+e[a]);else if(!c)if(a===this.options.textNodeName){let l=this.options.tagValueProcessor(a,""+e[a]);r+=this.replaceEntitiesValue(l)}else r+=this.buildTextValNode(e[a],a,"",t)}else if(Array.isArray(e[a])){const c=e[a].length;let l="",d="";for(let u=0;u<c;u++){const p=e[a][u];if(!(typeof p>"u"))if(p===null)a[0]==="?"?r+=this.indentate(t)+"<"+a+"?"+this.tagEndChar:r+=this.indentate(t)+"<"+a+"/"+this.tagEndChar;else if(typeof p=="object")if(this.options.oneListGroup){const f=this.j2x(p,t+1,n.concat(a));l+=f.val,this.options.attributesGroupName&&p.hasOwnProperty(this.options.attributesGroupName)&&(d+=f.attrStr)}else l+=this.processTextOrObjNode(p,a,t,n);else if(this.options.oneListGroup){let f=this.options.tagValueProcessor(a,p);f=this.replaceEntitiesValue(f),l+=f}else l+=this.buildTextValNode(p,a,"",t)}this.options.oneListGroup&&(l=this.buildObjectNode(l,a,d,t)),r+=l}else if(this.options.attributesGroupName&&a===this.options.attributesGroupName){const c=Object.keys(e[a]),l=c.length;for(let d=0;d<l;d++)i+=this.buildAttrPairStr(c[d],""+e[a][c[d]])}else r+=this.processTextOrObjNode(e[a],a,t,n);return{attrStr:i,val:r}};po.prototype.buildAttrPairStr=function(e,t){return t=this.options.attributeValueProcessor(e,""+t),t=this.replaceEntitiesValue(t),this.options.suppressBooleanAttributes&&t==="true"?" "+e:" "+e+'="'+t+'"'};function PL(e,t,n,i){const r=this.j2x(e,n+1,i.concat(t));return e[this.options.textNodeName]!==void 0&&Object.keys(e).length===1?this.buildTextValNode(e[this.options.textNodeName],t,r.attrStr,n):this.buildObjectNode(r.val,t,r.attrStr,n)}po.prototype.buildObjectNode=function(e,t,n,i){if(e==="")return t[0]==="?"?this.indentate(i)+"<"+t+n+"?"+this.tagEndChar:this.indentate(i)+"<"+t+n+this.closeTag(t)+this.tagEndChar;{let r="</"+t+this.tagEndChar,o="";return t[0]==="?"&&(o="?",r=""),(n||n==="")&&e.indexOf("<")===-1?this.indentate(i)+"<"+t+n+o+">"+e+r:this.options.commentPropName!==!1&&t===this.options.commentPropName&&o.length===0?this.indentate(i)+`<!--${e}-->`+this.newLine:this.indentate(i)+"<"+t+n+o+this.tagEndChar+e+this.indentate(i)+r}};po.prototype.closeTag=function(e){let t="";return this.options.unpairedTags.indexOf(e)!==-1?this.options.suppressUnpairedNode||(t="/"):this.options.suppressEmptyNode?t="/":t=`></${e}`,t};po.prototype.buildTextValNode=function(e,t,n,i){if(this.options.cdataPropName!==!1&&t===this.options.cdataPropName)return this.indentate(i)+`<![CDATA[${e}]]>`+this.newLine;if(this.options.commentPropName!==!1&&t===this.options.commentPropName)return this.indentate(i)+`<!--${e}-->`+this.newLine;if(t[0]==="?")return this.indentate(i)+"<"+t+n+"?"+this.tagEndChar;{let r=this.options.tagValueProcessor(t,e);return r=this.replaceEntitiesValue(r),r===""?this.indentate(i)+"<"+t+n+this.closeTag(t)+this.tagEndChar:this.indentate(i)+"<"+t+n+">"+r+"</"+t+this.tagEndChar}};po.prototype.replaceEntitiesValue=function(e){if(e&&e.length>0&&this.options.processEntities)for(let t=0;t<this.options.entities.length;t++){const n=this.options.entities[t];e=e.replace(n.regex,n.val)}return e};function NL(e){return this.options.indentBy.repeat(e)}function FL(e){return e.startsWith(this.options.attributeNamePrefix)&&e!==this.options.textNodeName?e.substr(this.attrPrefixLen):!1}var OL=po;const jL=OL;var RL={XMLBuilder:jL};let Q5=class{constructor(t,n){if(Sa(this,"alphabet"),Sa(this,"padding"),Sa(this,"decodeMap",new Map),t.length!==32)throw new Error("Invalid alphabet");if(this.alphabet=t,this.padding=n?.padding??"=",this.alphabet.includes(this.padding)||this.padding.length!==1)throw new Error("Invalid padding");for(let i=0;i<t.length;i++)this.decodeMap.set(t[i],i)}encode(t,n){let i="",r=0,o=0;for(let a=0;a<t.length;a++)for(r=r<<8|t[a],o+=8;o>=5;)o-=5,i+=this.alphabet[r>>o&31];if(o>0&&(i+=this.alphabet[r<<5-o&31]),n?.includePadding??!0){const a=(8-i.length%8)%8;for(let c=0;c<a;c++)i+="="}return i}decode(t,n){const i=n?.strict??!0,r=Math.ceil(t.length/8),o=[];for(let a=0;a<r;a++){let c=0;const l=[];for(let u=0;u<8;u++){const p=t[a*8+u];if(p==="="){if(a+1!==r)throw new Error(`Invalid character: ${p}`);c+=1;continue}if(p===void 0){if(i)throw new Error("Invalid data");c+=1;continue}const f=this.decodeMap.get(p)??null;if(f===null)throw new Error(`Invalid character: ${p}`);l.push(f)}if(c===8||c===7||c===5||c===2)throw new Error("Invalid padding");const d=(l[0]<<3)+(l[1]>>2);if(o.push(d),c<6){const u=((l[1]&3)<<6)+(l[2]<<1)+(l[3]>>4);o.push(u)}if(c<4){const u=((l[3]&255)<<4)+(l[4]>>1);o.push(u)}if(c<3){const u=((l[4]&1)<<7)+(l[5]<<2)+(l[6]>>3);o.push(u)}if(c<1){const u=((l[6]&7)<<5)+l[7];o.push(u)}}return Uint8Array.from(o)}};new Q5("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567");new Q5("0123456789ABCDEFGHIJKLMNOPQRSTUV");let Z5=class{constructor(t,n){if(Sa(this,"alphabet"),Sa(this,"padding"),Sa(this,"decodeMap",new Map),t.length!==64)throw new Error("Invalid alphabet");if(this.alphabet=t,this.padding=n?.padding??"=",this.alphabet.includes(this.padding)||this.padding.length!==1)throw new Error("Invalid padding");for(let i=0;i<t.length;i++)this.decodeMap.set(t[i],i)}encode(t,n){let i="",r=0,o=0;for(let a=0;a<t.length;a++)for(r=r<<8|t[a],o+=8;o>=6;)o+=-6,i+=this.alphabet[r>>o&63];if(o>0&&(i+=this.alphabet[r<<6-o&63]),n?.includePadding??!0){const a=(4-i.length%4)%4;for(let c=0;c<a;c++)i+="="}return i}decode(t,n){const i=n?.strict??!0,r=Math.ceil(t.length/4),o=[];for(let a=0;a<r;a++){let c=0,l=0;for(let d=0;d<4;d++){const u=t[a*4+d];if(u==="="){if(a+1!==r)throw new Error(`Invalid character: ${u}`);c+=1;continue}if(u===void 0){if(i)throw new Error("Invalid data");c+=1;continue}const p=this.decodeMap.get(u)??null;if(p===null)throw new Error(`Invalid character: ${u}`);l+=p<<6*(3-d)}o.push(l>>16&255),c<2&&o.push(l>>8&255),c<1&&o.push(l&255)}return Uint8Array.from(o)}};new Z5("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/");new Z5("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_");let DL="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",mk=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=DL[n[e]&63];return t};async function BL(e,t){const n=e.notBefore||new Date().toISOString(),i=e.notAfter||new Date(new Date(n).getTime()+600*1e3).toISOString(),r=e.issueInstant||n,o=e.sessionNotOnOrAfter||i,a=e.responseId||`_${mk()}`,c=e.assertionId||`_${mk()}`,l=[{"samlp:Response":[{"saml:Issuer":[{"#text":e.issuer}]},{"samlp:Status":[{"samlp:StatusCode":[],":@":{"@_Value":"urn:oasis:names:tc:SAML:2.0:status:Success"}}]},{"saml:Assertion":[{"saml:Issuer":[{"#text":e.issuer}]},{"saml:Subject":[{"saml:NameID":[{"#text":e.email}],":@":{"@_Format":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}},{"saml:SubjectConfirmation":[{"saml:SubjectConfirmationData":[],":@":{"@_InResponseTo":e.inResponseTo,"@_NotOnOrAfter":i,"@_Recipient":e.destination}}],":@":{"@_Method":"urn:oasis:names:tc:SAML:2.0:cm:bearer"}}]},{"saml:Conditions":[{"saml:AudienceRestriction":[{"saml:Audience":[{"#text":e.audience}]}]}],":@":{"@_NotBefore":n,"@_NotOnOrAfter":i}},{"saml:AuthnStatement":[{"saml:AuthnContext":[{"saml:AuthnContextClassRef":[{"#text":"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"}]}]}],":@":{"@_AuthnInstant":r,"@_SessionIndex":e.sessionIndex,"@_SessionNotOnOrAfter":o}},{"saml:AttributeStatement":[{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.userId}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_FriendlyName":"persistent","@_Name":"id","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.email}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"email","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"default-roles-master"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"offline_access"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"view-profile"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"uma_authorization"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account-links"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}}]}],":@":{"@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion","@_ID":c,"@_IssueInstant":r,"@_Version":"2.0"}}],":@":{"@_xmlns:samlp":"urn:oasis:names:tc:SAML:2.0:protocol","@_xmlns:saml":"urn:oasis:names:tc:SAML:2.0:assertion","@_Destination":e.destination,"@_ID":a,"@_InResponseTo":e.inResponseTo,"@_IssueInstant":r,"@_Version":"2.0"}}];let d=new RL.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0}).build(l);return e.signature&&t&&(d=await t.signSAML(d,e.signature.privateKeyPem,e.signature.cert)),e.encode===!1?d:btoa(d)}let X5=class{constructor(t){this.signUrl=t}async signSAML(t,n,i){const r=await fetch(this.signUrl,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({xmlContent:t,privateKey:n,publicCert:i})});if(!r.ok)throw new Error(`Failed to sign SAML via HTTP: ${r.status} ${r.statusText}`);return await r.text()}};function LL(e,t,n){const i=n?`<input type="hidden" name="RelayState" value="${n}" />`:"",r=`
@@ -272,7 +272,7 @@ ${t.join(`
272
272
  }};
273
273
  <\/script>
274
274
  </body>
275
- </html>`;return new Response(r,{headers:{"Content-Type":"text/html"}})}async function ML(e,t,n,i,r){if(!n.redirect_uri)throw new U(400,{message:"Missing redirect_uri in authParams"});if(!i.email)throw new U(400,{message:"Missing email in user"});const{signingKeys:o}=await e.env.data.keys.list({q:"type:saml_encryption"}),[a]=o;if(!a)throw new U(500,{message:"No signing key found"});if(!t.addons?.samlp)throw new U(400,{message:`SAML Addon is not enabled for client ${t.client_id}`});const{recipient:c,audience:l}=t.addons.samlp,d=n.state||"";if(!c||!d||!i||!n.state)throw new U(400,{message:"Missing recipient or inResponseTo"});const u=JSON.parse(n.state),p=new URL(n.redirect_uri),f=e.env.samlSigner||(e.env.SAML_SIGN_URL?new X5(e.env.SAML_SIGN_URL):void 0),h=await BL({issuer:e.env.ISSUER,audience:l||n.client_id,destination:p.toString(),inResponseTo:u.requestId,userId:i.app_metadata?.vimeo?.user_id||i.user_id,email:i.email,sessionIndex:r,signature:{privateKeyPem:a.pkcs7,cert:a.cert,kid:a.kid}},f);return LL(p.toString(),h,u.relayState)}function e6(e){return typeof e=="object"&&e!==null&&e.status===409}function $u(e){const t=e.toLowerCase().normalize("NFD").replace(/[\u0300-\u036f]/g,"").replace(/[^a-z0-9]+/g,"-").replace(/-+/g,"-").replace(/^-|-$/g,"");return t.length>0?t:void 0}function UL(e){const t=[];if(e.nickname&&t.push($u(e.nickname)),e.name&&t.push($u(e.name)),e.email){const r=e.email.split("@")[0];r&&t.push($u(r))}e.phone_number&&t.push($u(e.phone_number));const n=new Set,i=[];for(const r of t)r&&!n.has(r)&&(n.add(r),i.push(r));return i}async function yk(e,t,n,i){const{users:r}=await e.list(t,{page:0,per_page:1,include_totals:!1,q:`username:${n} provider:${i}`});return r.length>0}async function qL(e,t,n,i,r){for(const o of n){if(!await yk(e,t,o,i))return o;for(let a=2;a<=r+1;a++){const c=`${o}${a}`;if(!await yk(e,t,c,i))return c}}}function HL(e,t){return e.provider===t&&e.username?!0:e.identities?e.identities.some(n=>n.provider===t&&n.profileData?.username):!1}function t6(e){const t=e?.connection??W.USERNAME_PASSWORD,n=e?.provider??cd,i=Math.max(0,Math.floor(e?.maxRetries??10));return async(r,o)=>{const{ctx:a,user:c}=r;if(!c||!a)return;const l=r.tenant?.id;if(!l)return;const d=a.env.data;if(HL(c,n))return;if(c.provider!==n){const{users:p}=await d.users.list(l,{page:0,per_page:1,include_totals:!1,q:`linked_to:${c.user_id} provider:${n}`});if(p.length>0)return}const u=UL(c);if(u.length===0){console.warn(`[ensureUsername] No username candidates found for user ${c.user_id}`);return}for(let p=0;p<=i;p++){const f=await qL(d.users,l,u,n,i);if(!f){console.warn(`[ensureUsername] Could not find a unique username for user ${c.user_id} after ${i} retries`);return}try{if(c.provider===n)await d.users.update(l,c.user_id,{username:f});else{const h=`${n}|${ao()}`;await d.users.create(l,{user_id:h,username:f,name:f,provider:n,connection:t,email_verified:!1,is_social:!1,linked_to:c.user_id})}return}catch(h){if(!e6(h))throw h;console.info(`[ensureUsername] Username "${f}" was claimed concurrently, retrying (attempt ${p+1}/${i})`)}}console.warn(`[ensureUsername] Could not allocate a username for user ${c.user_id} after ${i} conflict retries`)}}function VL(e){if(e.username)return e.username;if(e.preferred_username)return e.preferred_username;if(e.identities)for(const t of e.identities){if(t.username)return t.username;if(t.profileData?.username)return t.profileData.username}}function n6(){return async(e,t)=>{const{user:n}=e;if(!n)return;const i=VL(n);i&&(t.idToken.setCustomClaim("preferred_username",i),t.accessToken.setCustomClaim("preferred_username",i))}}function _k(e){if(!e)return{};if(typeof e=="string")try{const t=JSON.parse(e);return t&&typeof t=="object"&&!Array.isArray(t)?t:{}}catch{return{}}return typeof e=="object"&&!Array.isArray(e)?e:{}}function i6(e){const t=e?.requireVerifiedEmail??!0,n=e?.copyUserMetadata??!1;return async r=>{const{ctx:o,user:a}=r;if(!a||!o)return;const c=r.tenant?.id;if(!c||a.linked_to||!a.email||t&&!a.email_verified)return;const l=o.env.data,d=await co({userAdapter:l.users,tenant_id:c,email:a.email});if(d&&d.user_id!==a.user_id&&(await l.users.update(c,a.user_id,{linked_to:d.user_id}),n)){const u=_k(a.user_metadata),p=_k(d.user_metadata);if(u&&Object.keys(u).length>0){const f={...u,...p};Object.keys(f).some(g=>!(g in p)||p[g]!==f[g])&&await l.users.update(c,d.user_id,{user_metadata:f})}}}}const KL=Object.freeze(Object.defineProperty({__proto__:null,accountLinking:i6,ensureUsername:t6,setPreferredUsername:n6},Symbol.toStringTag,{value:"Module"}));function to(e){return typeof e=="object"&&e!==null&&typeof e.template_id=="string"&&typeof e.enabled=="boolean"}async function dv(e,t,n,i){const r=e.var.tenant_id||e.req.header("tenant-id");if(!r)return n;switch(t){case"ensure-username":return await t6()({ctx:e,user:n,tenant:{id:r},request:{ip:e.get("ip")||"",url:e.req.url}},{prompt:{render:()=>{}},redirect:{sendUserTo:()=>{},encodeToken:()=>"",validateToken:()=>null},token:{createServiceToken:async()=>""}}),await e.env.data.users.get(r,n.user_id)||n;case"account-linking":return await i6({copyUserMetadata:i?.copy_user_metadata===!0})({ctx:e,user:n,tenant:{id:r},request:{ip:e.get("ip")||"",url:e.req.url}},{prompt:{render:()=>{}},redirect:{sendUserTo:()=>{},encodeToken:()=>"",validateToken:()=>null},token:{createServiceToken:async()=>""}}),await e.env.data.users.get(r,n.user_id)||n;default:return console.warn(`[templatehooks] Unknown template_id: ${t}`),n}}async function GL(e,t,n,i){const r=e.var.tenant_id||e.req.header("tenant-id");if(!r)return;const o={ctx:e,user:n,tenant:{id:r},request:{ip:e.get("ip")||"",url:e.req.url,method:e.req.method,user_agent:e.get("useragent")||""}};t==="set-preferred-username"?await n6()(o,i):console.warn(`[templatehooks] Unknown credentials-exchange template_id: ${t}`)}function Zo(e){return"code_id"in e}function WL(e,t){const{ctx:n,client:i,...r}=e;return{...r,client:i?{client_id:i.client_id,name:i.name,metadata:i.client_metadata}:void 0,secrets:t||{}}}function JL(e,t){for(const n of e){const i=n.method.split(".");if(i.length!==2)continue;const r=i[0],o=i[1];t[r]&&typeof t[r][o]=="function"&&t[r][o](...n.args)}}async function YL(e,t,n){const i=await e.actions.get(t,n);if(i){const o=i.secrets?.reduce((a,c)=>(c.value!==void 0&&(a[c.name]=c.value),a),{});return{code:i.code,secrets:o}}const r=await e.hookCode.get(t,n);return r?{code:r.code,secrets:r.secrets}:null}async function $f(e,t,n,i,r,o){const a=e.env.codeExecutor;if(!a)return;const c=e.var.tenant_id||e.req.header("tenant-id");if(!c)return;const l=await YL(t,c,n.code_id);if(!l){R(e,c,{type:O.FAILED_HOOK,description:`Code hook ${n.hook_id}: code_id ${n.code_id} not found`});return}const d=WL(i,l.secrets),u=await a.execute({code:l.code,hookCodeId:n.code_id,triggerId:r,event:d,timeoutMs:5e3}),p={hook_id:n.hook_id,code_id:n.code_id,trigger_id:r,duration_ms:u.durationMs,api_calls:u.apiCalls.map(f=>f.method),logs:u.logs??[],...u.error?{error:u.error}:{}};if(!u.success){R(e,c,{type:O.FAILED_HOOK,description:`Code hook ${n.hook_id} failed: ${u.error}`,details:p});return}R(e,c,{type:O.SUCCESS_HOOK,description:`Code hook ${n.hook_id} executed (${u.durationMs}ms, ${u.apiCalls.length} api calls, ${u.logs?.length??0} logs)`,details:p}),JL(u.apiCalls,o)}async function QL(e,t,n,i){const r=t.filter(o=>o.enabled&&Zo(o));for(const o of r)if(Zo(o))try{await $f(e,e.env.data,o,n,"credentials-exchange",i)}catch(a){const c=e.var.tenant_id||e.req.header("tenant-id");c&&R(e,c,{type:O.FAILED_HOOK,description:`Code hook ${o.hook_id} threw: ${a instanceof Error?a.message:String(a)}`})}}function U_(e,t,n,i){const r=new Headers(i);r.set("Server-Timing","cf-nel=0; no-cloudflare-insights=1");const o=`<!DOCTYPE html>
275
+ </html>`;return new Response(r,{headers:{"Content-Type":"text/html"}})}async function ML(e,t,n,i,r){if(!n.redirect_uri)throw new U(400,{message:"Missing redirect_uri in authParams"});if(!i.email)throw new U(400,{message:"Missing email in user"});const{signingKeys:o}=await e.env.data.keys.list({q:"type:saml_encryption"}),[a]=o;if(!a)throw new U(500,{message:"No signing key found"});if(!t.addons?.samlp)throw new U(400,{message:`SAML Addon is not enabled for client ${t.client_id}`});const{recipient:c,audience:l}=t.addons.samlp,d=n.state||"";if(!c||!d||!i||!n.state)throw new U(400,{message:"Missing recipient or inResponseTo"});const u=JSON.parse(n.state),p=new URL(n.redirect_uri),f=e.env.samlSigner||(e.env.SAML_SIGN_URL?new X5(e.env.SAML_SIGN_URL):void 0),h=await BL({issuer:e.env.ISSUER,audience:l||n.client_id,destination:p.toString(),inResponseTo:u.requestId,userId:i.app_metadata?.vimeo?.user_id||i.user_id,email:i.email,sessionIndex:r,signature:{privateKeyPem:a.pkcs7,cert:a.cert,kid:a.kid}},f);return LL(p.toString(),h,u.relayState)}function e6(e){return typeof e=="object"&&e!==null&&e.status===409}function $u(e){const t=e.toLowerCase().normalize("NFD").replace(/[\u0300-\u036f]/g,"").replace(/[^a-z0-9]+/g,"-").replace(/-+/g,"-").replace(/^-|-$/g,"");return t.length>0?t:void 0}function UL(e){const t=[];if(e.nickname&&t.push($u(e.nickname)),e.name&&t.push($u(e.name)),e.email){const r=e.email.split("@")[0];r&&t.push($u(r))}e.phone_number&&t.push($u(e.phone_number));const n=new Set,i=[];for(const r of t)r&&!n.has(r)&&(n.add(r),i.push(r));return i}async function yk(e,t,n,i){const{users:r}=await e.list(t,{page:0,per_page:1,include_totals:!1,q:`username:${n} provider:${i}`});return r.length>0}async function qL(e,t,n,i,r){for(const o of n){if(!await yk(e,t,o,i))return o;for(let a=2;a<=r+1;a++){const c=`${o}${a}`;if(!await yk(e,t,c,i))return c}}}function HL(e,t){return e.provider===t&&e.username?!0:e.identities?e.identities.some(n=>n.provider===t&&n.profileData?.username):!1}function t6(e){const t=e?.connection??W.USERNAME_PASSWORD,n=e?.provider??cd,i=Math.max(0,Math.floor(e?.maxRetries??10));return async(r,o)=>{const{ctx:a,user:c}=r;if(!c||!a)return;const l=r.tenant?.id;if(!l)return;const d=a.env.data;if(HL(c,n))return;if(c.provider!==n){const{users:p}=await d.users.list(l,{page:0,per_page:1,include_totals:!1,q:`linked_to:${c.user_id} provider:${n}`});if(p.length>0)return}const u=UL(c);if(u.length===0){console.warn(`[ensureUsername] No username candidates found for user ${c.user_id}`);return}for(let p=0;p<=i;p++){const f=await qL(d.users,l,u,n,i);if(!f){console.warn(`[ensureUsername] Could not find a unique username for user ${c.user_id} after ${i} retries`);return}try{if(c.provider===n)await d.users.update(l,c.user_id,{username:f});else{const h=`${n}|${ao()}`;await d.users.create(l,{user_id:h,username:f,name:f,provider:n,connection:t,email_verified:!1,is_social:!1,linked_to:c.user_id})}return}catch(h){if(!e6(h))throw h;console.info(`[ensureUsername] Username "${f}" was claimed concurrently, retrying (attempt ${p+1}/${i})`)}}console.warn(`[ensureUsername] Could not allocate a username for user ${c.user_id} after ${i} conflict retries`)}}function VL(e){if(e.username)return e.username;if(e.preferred_username)return e.preferred_username;if(e.identities)for(const t of e.identities){if(t.username)return t.username;if(t.profileData?.username)return t.profileData.username}}function n6(){return async(e,t)=>{const{user:n}=e;if(!n)return;const i=VL(n);i&&(t.idToken.setCustomClaim("preferred_username",i),t.accessToken.setCustomClaim("preferred_username",i))}}function _k(e){if(!e)return{};if(typeof e=="string")try{const t=JSON.parse(e);return t&&typeof t=="object"&&!Array.isArray(t)?t:{}}catch{return{}}return typeof e=="object"&&!Array.isArray(e)?e:{}}function i6(e){const t=e?.requireVerifiedEmail??!0,n=e?.copyUserMetadata??!1;return async r=>{const{ctx:o,user:a}=r;if(!a||!o)return;const c=r.tenant?.id;if(!c||a.linked_to||!a.email||t&&!a.email_verified)return;const l=o.env.data,d=await co({userAdapter:l.users,tenant_id:c,email:a.email});if(d&&d.user_id!==a.user_id&&(await l.users.update(c,a.user_id,{linked_to:d.user_id}),n)){const u=_k(a.user_metadata),p=_k(d.user_metadata);if(u&&Object.keys(u).length>0){const f={...u,...p};Object.keys(f).some(g=>!(g in p)||p[g]!==f[g])&&await l.users.update(c,d.user_id,{user_metadata:f})}}}}const KL=Object.freeze(Object.defineProperty({__proto__:null,accountLinking:i6,ensureUsername:t6,setPreferredUsername:n6},Symbol.toStringTag,{value:"Module"}));function to(e){return typeof e=="object"&&e!==null&&typeof e.template_id=="string"&&typeof e.enabled=="boolean"}async function dv(e,t,n,i){const r=e.var.tenant_id||e.req.header("tenant-id");if(!r)return n;switch(t){case"ensure-username":return await t6()({ctx:e,user:n,tenant:{id:r},request:{ip:e.get("ip")||"",url:e.req.url}},{prompt:{render:()=>{}},redirect:{sendUserTo:()=>{},encodeToken:()=>"",validateToken:()=>null},token:{createServiceToken:async()=>""}}),await e.env.data.users.get(r,n.user_id)||n;case"account-linking":return await i6({copyUserMetadata:i?.copy_user_metadata===!0})({ctx:e,user:n,tenant:{id:r},request:{ip:e.get("ip")||"",url:e.req.url}},{prompt:{render:()=>{}},redirect:{sendUserTo:()=>{},encodeToken:()=>"",validateToken:()=>null},token:{createServiceToken:async()=>""}}),await e.env.data.users.get(r,n.user_id)||n;default:return console.warn(`[templatehooks] Unknown template_id: ${t}`),n}}async function GL(e,t,n,i){const r=e.var.tenant_id||e.req.header("tenant-id");if(!r)return;const o={ctx:e,user:n,tenant:{id:r},request:{ip:e.get("ip")||"",url:e.req.url,method:e.req.method,user_agent:e.get("useragent")||""}};t==="set-preferred-username"?await n6()(o,i):console.warn(`[templatehooks] Unknown credentials-exchange template_id: ${t}`)}function Zo(e){return"code_id"in e}function WL(e,t){const{ctx:n,client:i,...r}=e;return{...r,client:i?{client_id:i.client_id,name:i.name,metadata:i.client_metadata}:void 0,secrets:t||{}}}function JL(e,t){for(const n of e){const i=n.method.split(".");if(i.length!==2)continue;const r=i[0],o=i[1];t[r]&&typeof t[r][o]=="function"&&t[r][o](...n.args)}}async function YL(e,t,n){const i=await e.actions.get(t,n);if(i){const o=i.secrets?.reduce((a,c)=>(c.value!==void 0&&(a[c.name]=c.value),a),{});return{code:i.code,secrets:o}}const r=await e.hookCode.get(t,n);return r?{code:r.code,secrets:r.secrets}:null}async function $f(e,t,n,i,r,o){const a=e.env.codeExecutor;if(!a)return;const c=e.var.tenant_id||e.req.header("tenant-id");if(!c)return;const l=await YL(t,c,n.code_id);if(!l){R(e,c,{type:O.FAILED_HOOK,description:`Code hook ${n.hook_id}: code_id ${n.code_id} not found`});return}const d=WL(i,l.secrets),u=await a.execute({code:l.code,hookCodeId:n.code_id,triggerId:r,event:d,timeoutMs:5e3}),p={hook_id:n.hook_id,code_id:n.code_id,trigger_id:r,duration_ms:u.durationMs,api_calls:u.apiCalls.map(f=>f.method),logs:u.logs??[],...u.error?{error:u.error}:{}};if(!u.success){R(e,c,{type:O.FAILED_HOOK,description:`Code hook ${n.hook_id} failed: ${u.error}`,details:p});return}R(e,c,{type:O.SUCCESS_HOOK,description:`Code hook ${n.hook_id} executed (${u.durationMs}ms, ${u.apiCalls.length} api calls, ${u.logs?.length??0} logs)`,details:p}),JL(u.apiCalls,o)}async function QL(e,t,n,i){const r=t.filter(o=>o.enabled&&Zo(o));for(const o of r)if(Zo(o))try{await $f(e,e.env.data,o,n,"credentials-exchange",i)}catch(a){const c=e.var.tenant_id||e.req.header("tenant-id");if(c){const l=a instanceof Error?a.message:String(a);R(e,c,{type:O.FAILED_HOOK,description:`Code hook ${o.hook_id} threw: ${l}`,details:{hook_id:o.hook_id,code_id:o.code_id,trigger_id:"credentials-exchange",error:l}})}}}function U_(e,t,n,i){const r=new Headers(i);r.set("Server-Timing","cf-nel=0; no-cloudflare-insights=1");const o=`<!DOCTYPE html>
276
276
  <html>
277
277
 
278
278
  <head>
@@ -330,7 +330,7 @@ ${t.join(`
330
330
  </body>
331
331
  </html>`;return n.set("content-type","text/html; charset=utf-8"),n.set("cache-control","no-store"),n.set("pragma","no-cache"),new Response(r,{status:200,headers:n})}const zf=["openid","profile","email","address","phone"];async function XL(e,t,n,i){const r=[];if(!(await e.env.data.tenants.get(t))?.flags?.inherit_global_permissions_in_organizations)return[];const a=await e.env.data.userRoles.list(t,n,void 0,"");for(const c of a)(await e.env.data.rolePermissions.list(t,c.id,{per_page:1e3})).forEach(d=>{d.resource_server_identifier===i&&r.push(d.permission_name)});return[...new Set(r)]}async function eM(e,t){const{tenantId:n,clientId:i,audience:r,requestedScopes:o}=t,a=o.filter(k=>zf.includes(k)),c=o.filter(k=>!zf.includes(k)),d=(await e.env.data.resourceServers.list(n)).resource_servers.filter(k=>k.identifier===r);if(d.length===0)return{scopes:a,permissions:[],token_lifetime:86400,token_lifetime_for_web:7200};const u=d[0];if(!u)return{scopes:a,permissions:[],token_lifetime:86400,token_lifetime_for_web:7200};const p=u.options?.enforce_policies===!0,f=u.options?.token_dialect||"access_token",g=(await e.env.data.clientGrants.list(n,{q:`client_id:"${i}"`})).client_grants.find(k=>k.audience===r);if(!g)return{scopes:a,permissions:[],token_lifetime:u.token_lifetime,token_lifetime_for_web:u.token_lifetime_for_web};const m=g.scope||[],_=(u.scopes||[]).map(k=>k.value);if(c.length>0){const k=c.filter(x=>!m.includes(x));if(k.length>0)throw new U(403,{error:"access_denied",error_description:`Client is not authorized for scope(s): ${k.join(", ")}`})}const y=m.filter(k=>_.includes(k)),w=c.length===0?y:c.filter(k=>y.includes(k)),b={token_lifetime:u.token_lifetime,token_lifetime_for_web:u.token_lifetime_for_web};if(!p)return{scopes:[...new Set([...a,...w])],permissions:[],...b};const A=w;return f==="access_token_authz"?{scopes:[...new Set([...a,...w])],permissions:A,...b}:{scopes:[...new Set([...a,...w])],permissions:[],...b}}async function ld(e,t){if(t.grantType===Zt.ClientCredential)return await eM(e,{tenantId:t.tenantId,clientId:t.clientId,audience:t.audience,requestedScopes:t.requestedScopes});const{tenantId:n,userId:i,audience:r,requestedScopes:o,organizationId:a}=t;let c=!1;if(a){if((await e.env.data.tenants.get(n))?.flags?.inherit_global_permissions_in_organizations){const N=await e.env.data.userRoles.list(n,i,void 0,"");for(const D of N)if((await e.env.data.rolePermissions.list(n,D.id,{per_page:1e3})).some(Z=>Z.permission_name==="admin:organizations"&&Z.resource_server_identifier===r)){c=!0;break}}if(!c&&!(await e.env.data.userOrganizations.list(n,{q:`user_id:${i}`,per_page:1e3})).userOrganizations.some(B=>B.organization_id===a))throw new U(403,{error:"access_denied",error_description:"User is not a member of the specified organization"})}const l=o.filter(P=>zf.includes(P)),u=(await e.env.data.resourceServers.list(n)).resource_servers.filter(P=>P.identifier===r);if(u.length===0)return{scopes:o,permissions:[],token_lifetime:86400,token_lifetime_for_web:7200};const p=u[0];if(!p)return{scopes:o,permissions:[],token_lifetime:86400,token_lifetime_for_web:7200};const f=(p.scopes||[]).map(P=>P.value),h=p.options?.enforce_policies===!0,g=p.options?.token_dialect||"access_token",m={token_lifetime:p.token_lifetime,token_lifetime_for_web:p.token_lifetime_for_web};if(!h)return{scopes:o,permissions:[],...m};const _=await e.env.data.userPermissions.list(n,i,void 0,a),y=await e.env.data.userRoles.list(n,i,void 0,""),w=a?await e.env.data.userRoles.list(n,i,void 0,a):[],b=[...y,...w],A=a?await XL(e,n,i,r):[],v=[];for(const P of b)(await e.env.data.rolePermissions.list(n,P.id,{per_page:1e3})).forEach(D=>{D.resource_server_identifier===r&&v.push(D.permission_name)});const k=new Set;_.forEach(P=>{P.resource_server_identifier===r&&k.add(P.permission_name)}),v.forEach(P=>{k.add(P)}),A.forEach(P=>{k.add(P)});const x=Array.from(k),T=x.filter(P=>f.includes(P)),I=o.filter(P=>!f.includes(P)&&!zf.includes(P));if(g==="access_token_authz")return{scopes:[...new Set([...l,...I])],permissions:T,...m};const F=o.filter(P=>f.includes(P)&&x.includes(P));return{scopes:[...new Set([...l,...F,...I])],permissions:[],...m}}function r6(e,t){const n={};if(t.includes("email")&&(e.email&&(n.email=e.email),e.email_verified!==void 0&&(n.email_verified=e.email_verified)),t.includes("profile")){e.name&&(n.name=e.name),e.family_name&&(n.family_name=e.family_name),e.given_name&&(n.given_name=e.given_name),e.middle_name&&(n.middle_name=e.middle_name),e.nickname&&(n.nickname=e.nickname);const i=e.preferred_username||e.username;i&&(n.preferred_username=i),e.profile&&(n.profile=e.profile),e.picture&&(n.picture=e.picture),e.website&&(n.website=e.website),e.gender&&(n.gender=e.gender),e.birthdate&&(n.birthdate=e.birthdate),e.zoneinfo&&(n.zoneinfo=e.zoneinfo),e.locale&&(n.locale=e.locale),e.updated_at&&(n.updated_at=Math.floor(new Date(e.updated_at).getTime()/1e3))}return t.includes("address")&&e.address&&(n.address=e.address),t.includes("phone")&&(e.phone_number&&(n.phone_number=e.phone_number),e.phone_verified!==void 0&&(n.phone_number_verified=e.phone_verified)),n}function tM(){if(typeof globalThis<"u")return globalThis;if(typeof self<"u")return self;if(typeof window<"u")return window;if(typeof global<"u")return global}function nM(){const e=tM();if(e.__xstate__)return e.__xstate__}const iM=e=>{if(typeof window>"u")return;const t=nM();t&&t.register(e)};class wk{constructor(t){this._process=t,this._active=!1,this._current=null,this._last=null}start(){this._active=!0,this.flush()}clear(){this._current&&(this._current.next=null,this._last=this._current)}enqueue(t){const n={value:t,next:null};if(this._current){this._last.next=n,this._last=n;return}this._current=n,this._last=n,this._active&&this.flush()}flush(){for(;this._current;){const t=this._current;this._process(t.value),this._current=t.next}this._last=null}}const o6=".",rM="",s6="",oM="#",sM="*",a6="xstate.init",aM="xstate.error",q_="xstate.stop";function cM(e,t){return{type:`xstate.after.${e}.${t}`}}function H_(e,t){return{type:`xstate.done.state.${e}`,output:t}}function lM(e,t){return{type:`xstate.done.actor.${e}`,output:t,actorId:e}}function c6(e,t){return{type:`xstate.error.actor.${e}`,error:t,actorId:e}}function l6(e){return{type:a6,input:e}}function Ai(e){setTimeout(()=>{throw e})}const dM=typeof Symbol=="function"&&Symbol.observable||"@@observable";function d6(e,t){const n=bk(e),i=bk(t);return typeof i=="string"?typeof n=="string"?i===n:!1:typeof n=="string"?n in i:Object.keys(n).every(r=>r in i?d6(n[r],i[r]):!1)}function uv(e){if(p6(e))return e;const t=[];let n="";for(let i=0;i<e.length;i++){switch(e.charCodeAt(i)){case 92:n+=e[i+1],i++;continue;case 46:t.push(n),n="";continue}n+=e[i]}return t.push(n),t}function bk(e){if(GM(e))return e.value;if(typeof e!="string")return e;const t=uv(e);return uM(t)}function uM(e){if(e.length===1)return e[0];const t={};let n=t;for(let i=0;i<e.length-1;i++)if(i===e.length-2)n[e[i]]=e[i+1];else{const r=n;n={},r[e[i]]=n}return t}function vk(e,t){const n={},i=Object.keys(e);for(let r=0;r<i.length;r++){const o=i[r];n[o]=t(e[o],o,e,r)}return n}function u6(e){return p6(e)?e:[e]}function qr(e){return e===void 0?[]:u6(e)}function V_(e,t,n,i){return typeof e=="function"?e({context:t,event:n,self:i}):e}function p6(e){return Array.isArray(e)}function pM(e){return e.type.startsWith("xstate.error.actor")}function ia(e){return u6(e).map(t=>typeof t>"u"||typeof t=="string"?{target:t}:t)}function f6(e){if(!(e===void 0||e===rM))return qr(e)}function np(e,t,n){const i=typeof e=="object",r=i?e:void 0;return{next:(i?e.next:e)?.bind(r),error:(i?e.error:t)?.bind(r),complete:(i?e.complete:n)?.bind(r)}}function Ak(e,t){return`${t}.${e}`}function pv(e,t){const n=t.match(/^xstate\.invoke\.(\d+)\.(.*)/);if(!n)return e.implementations.actors[t];const[,i,r]=n,a=e.getStateNodeById(r).config.invoke;return(Array.isArray(a)?a[i]:a).src}function fM(e,t){if(t===e||t===sM)return!0;if(!t.endsWith(".*"))return!1;const n=t.split("."),i=e.split(".");for(let r=0;r<n.length;r++){const o=n[r],a=i[r];if(o==="*")return r===n.length-1;if(o!==a)return!1}return!0}function kk(e,t){return`${e.sessionId}.${t}`}let hM=0;function gM(e,t){const n=new Map,i=new Map,r=new WeakMap,o=new Set,a={},{clock:c,logger:l}=t,d={schedule:(f,h,g,m,_=Math.random().toString(36).slice(2))=>{const y={source:f,target:h,event:g,delay:m,id:_,startedAt:Date.now()},w=kk(f,_);p._snapshot._scheduledEvents[w]=y;const b=c.setTimeout(()=>{delete a[w],delete p._snapshot._scheduledEvents[w],p._relay(f,h,g)},m);a[w]=b},cancel:(f,h)=>{const g=kk(f,h),m=a[g];delete a[g],delete p._snapshot._scheduledEvents[g],m!==void 0&&c.clearTimeout(m)},cancelAll:f=>{for(const h in p._snapshot._scheduledEvents){const g=p._snapshot._scheduledEvents[h];g.source===f&&d.cancel(f,g.id)}}},u=f=>{if(!o.size)return;const h={...f,rootId:e.sessionId};o.forEach(g=>g.next?.(h))},p={_snapshot:{_scheduledEvents:(t?.snapshot&&t.snapshot.scheduler)??{}},_bookId:()=>`x:${hM++}`,_register:(f,h)=>(n.set(f,h),f),_unregister:f=>{n.delete(f.sessionId);const h=r.get(f);h!==void 0&&(i.delete(h),r.delete(f))},get:f=>i.get(f),getAll:()=>Object.fromEntries(i.entries()),_set:(f,h)=>{const g=i.get(f);if(g&&g!==h)throw new Error(`Actor with system ID '${f}' already exists.`);i.set(f,h),r.set(h,f)},inspect:f=>{const h=np(f);return o.add(h),{unsubscribe(){o.delete(h)}}},_sendInspectionEvent:u,_relay:(f,h,g)=>{p._sendInspectionEvent({type:"@xstate.event",sourceRef:f,actorRef:h,event:g}),h._send(g)},scheduler:d,getSnapshot:()=>({_scheduledEvents:{...p._snapshot._scheduledEvents}}),start:()=>{const f=p._snapshot._scheduledEvents;p._snapshot._scheduledEvents={};for(const h in f){const{source:g,target:m,event:_,delay:y,id:w}=f[h];d.schedule(g,m,_,y,w)}},_clock:c,_logger:l};return p}let ym=!1;const fv=1;let ln=(function(e){return e[e.NotStarted=0]="NotStarted",e[e.Running=1]="Running",e[e.Stopped=2]="Stopped",e})({});const mM={clock:{setTimeout:(e,t)=>setTimeout(e,t),clearTimeout:e=>clearTimeout(e)},logger:console.log.bind(console),devTools:!1};class yM{constructor(t,n){this.logic=t,this._snapshot=void 0,this.clock=void 0,this.options=void 0,this.id=void 0,this.mailbox=new wk(this._process.bind(this)),this.observers=new Set,this.eventListeners=new Map,this.logger=void 0,this._processingStatus=ln.NotStarted,this._parent=void 0,this._syncSnapshot=void 0,this.ref=void 0,this._actorScope=void 0,this.systemId=void 0,this.sessionId=void 0,this.system=void 0,this._doneEvent=void 0,this.src=void 0,this._deferred=[];const i={...mM,...n},{clock:r,logger:o,parent:a,syncSnapshot:c,id:l,systemId:d,inspect:u}=i;this.system=a?a.system:gM(this,{clock:r,logger:o}),u&&!a&&this.system.inspect(np(u)),this.sessionId=this.system._bookId(),this.id=l??this.sessionId,this.logger=n?.logger??this.system._logger,this.clock=n?.clock??this.system._clock,this._parent=a,this._syncSnapshot=c,this.options=i,this.src=i.src??t,this.ref=this,this._actorScope={self:this,id:this.id,sessionId:this.sessionId,logger:this.logger,defer:p=>{this._deferred.push(p)},system:this.system,stopChild:p=>{if(p._parent!==this)throw new Error(`Cannot stop child actor ${p.id} of ${this.id} because it is not a child`);p._stop()},emit:p=>{const f=this.eventListeners.get(p.type),h=this.eventListeners.get("*");if(!f&&!h)return;const g=[...f?f.values():[],...h?h.values():[]];for(const m of g)try{m(p)}catch(_){Ai(_)}},actionExecutor:p=>{const f=()=>{if(this._actorScope.system._sendInspectionEvent({type:"@xstate.action",actorRef:this,action:{type:p.type,params:p.params}}),!p.exec)return;const h=ym;try{ym=!0,p.exec(p.info,p.params)}finally{ym=h}};this._processingStatus===ln.Running?f():this._deferred.push(f)}},this.send=this.send.bind(this),this.system._sendInspectionEvent({type:"@xstate.actor",actorRef:this}),d&&(this.systemId=d,this.system._set(d,this)),this._initState(n?.snapshot??n?.state),d&&this._snapshot.status!=="active"&&this.system._unregister(this)}_initState(t){try{this._snapshot=t?this.logic.restoreSnapshot?this.logic.restoreSnapshot(t,this._actorScope):t:this.logic.getInitialSnapshot(this._actorScope,this.options?.input)}catch(n){this._snapshot={status:"error",output:void 0,error:n}}}update(t,n){this._snapshot=t;let i;for(;i=this._deferred.shift();)try{i()}catch(r){this._deferred.length=0,this._snapshot={...t,status:"error",error:r}}switch(this._snapshot.status){case"active":for(const r of this.observers)try{r.next?.(t)}catch(o){Ai(o)}break;case"done":for(const r of this.observers)try{r.next?.(t)}catch(o){Ai(o)}this._stopProcedure(),this._complete(),this._doneEvent=lM(this.id,this._snapshot.output),this._parent&&this.system._relay(this,this._parent,this._doneEvent);break;case"error":this._error(this._snapshot.error);break}this.system._sendInspectionEvent({type:"@xstate.snapshot",actorRef:this,event:n,snapshot:t})}subscribe(t,n,i){const r=np(t,n,i);if(this._processingStatus!==ln.Stopped)this.observers.add(r);else switch(this._snapshot.status){case"done":try{r.complete?.()}catch(o){Ai(o)}break;case"error":{const o=this._snapshot.error;if(!r.error)Ai(o);else try{r.error(o)}catch(a){Ai(a)}break}}return{unsubscribe:()=>{this.observers.delete(r)}}}on(t,n){let i=this.eventListeners.get(t);i||(i=new Set,this.eventListeners.set(t,i));const r=n.bind(void 0);return i.add(r),{unsubscribe:()=>{i.delete(r)}}}select(t,n=Object.is){return{subscribe:i=>{const r=np(i),o=this.getSnapshot();let a=t(o);return this.subscribe(c=>{const l=t(c);n(a,l)||(a=l,r.next?.(l))})},get:()=>t(this.getSnapshot())}}start(){if(this._processingStatus===ln.Running)return this;this._syncSnapshot&&this.subscribe({next:i=>{i.status==="active"&&this.system._relay(this,this._parent,{type:`xstate.snapshot.${this.id}`,snapshot:i})},error:()=>{}}),this.system._register(this.sessionId,this),this.systemId&&this.system._set(this.systemId,this),this._processingStatus=ln.Running;const t=l6(this.options.input);switch(this.system._sendInspectionEvent({type:"@xstate.event",sourceRef:this._parent,actorRef:this,event:t}),this._snapshot.status){case"done":return this.update(this._snapshot,t),this;case"error":return this._error(this._snapshot.error),this}if(this._parent||this.system.start(),this.logic.start)try{this.logic.start(this._snapshot,this._actorScope)}catch(i){return this._snapshot={...this._snapshot,status:"error",error:i},this._error(i),this}return this.update(this._snapshot,t),this.options.devTools&&this.attachDevTools(),this.mailbox.start(),this}_process(t){let n,i;try{n=this.logic.transition(this._snapshot,t,this._actorScope)}catch(r){i={err:r}}if(i){const{err:r}=i;this._snapshot={...this._snapshot,status:"error",error:r},this._error(r);return}this.update(n,t),t.type===q_&&(this._stopProcedure(),this._complete())}_stop(){return this._processingStatus===ln.Stopped?this:(this.mailbox.clear(),this._processingStatus===ln.NotStarted?(this._processingStatus=ln.Stopped,this):(this.mailbox.enqueue({type:q_}),this))}stop(){if(this._parent)throw new Error("A non-root actor cannot be stopped directly.");return this._stop()}_complete(){for(const t of this.observers)try{t.complete?.()}catch(n){Ai(n)}this.observers.clear(),this.eventListeners.clear()}_reportError(t){if(!this.observers.size){this._parent||Ai(t),this.eventListeners.clear();return}let n=!1;for(const i of this.observers){const r=i.error;n||=!r;try{r?.(t)}catch(o){Ai(o)}}this.observers.clear(),this.eventListeners.clear(),n&&Ai(t)}_error(t){this._stopProcedure(),this._reportError(t),this._parent&&this.system._relay(this,this._parent,c6(this.id,t))}_stopProcedure(){return this._processingStatus!==ln.Running?this:(this.system.scheduler.cancelAll(this),this.mailbox.clear(),this.mailbox=new wk(this._process.bind(this)),this._processingStatus=ln.Stopped,this.system._unregister(this),this)}_send(t){this._processingStatus!==ln.Stopped&&this.mailbox.enqueue(t)}send(t){this.system._relay(void 0,this,t)}attachDevTools(){const{devTools:t}=this.options;t&&(typeof t=="function"?t:iM)(this)}toJSON(){return{xstate$$type:fv,id:this.id}}getPersistedSnapshot(t){return this.logic.getPersistedSnapshot(this._snapshot,t)}[dM](){return this}getSnapshot(){return this._snapshot}}function dd(e,...[t]){return new yM(e,t)}function _M(e,t,n,i,{sendId:r}){const o=typeof r=="function"?r(n,i):r;return[t,{sendId:o},void 0]}function wM(e,t){e.defer(()=>{e.system.scheduler.cancel(e.self,t.sendId)})}function hv(e){function t(n,i){}return t.type="xstate.cancel",t.sendId=e,t.resolve=_M,t.execute=wM,t}function bM(e,t,n,i,{id:r,systemId:o,src:a,input:c,syncSnapshot:l}){const d=typeof a=="string"?pv(t.machine,a):a,u=typeof r=="function"?r(n):r;let p,f;return d&&(f=typeof c=="function"?c({context:t.context,event:n.event,self:e.self}):c,p=dd(d,{id:u,src:a,parent:e.self,syncSnapshot:l,systemId:o,input:f})),[ps(t,{children:{...t.children,[u]:p}}),{id:r,systemId:o,actorRef:p,src:a,input:f},void 0]}function vM(e,{actorRef:t}){t&&e.defer(()=>{t._processingStatus!==ln.Stopped&&t.start()})}function gv(...[e,{id:t,systemId:n,input:i,syncSnapshot:r=!1}={}]){function o(a,c){}return o.type="xstate.spawnChild",o.id=t,o.systemId=n,o.src=e,o.input=i,o.syncSnapshot=r,o.resolve=bM,o.execute=vM,o}function AM(e,t,n,i,{actorRef:r}){const o=typeof r=="function"?r(n,i):r,a=typeof o=="string"?t.children[o]:o;let c=t.children;return a&&(c={...c},delete c[a.id]),[ps(t,{children:c}),a,void 0]}function h6(e,t){const n=t.getSnapshot();if(n&&"children"in n)for(const i of Object.values(n.children))h6(e,i);e.system._unregister(t)}function kM(e,t){if(t){if(h6(e,t),t._processingStatus!==ln.Running){e.stopChild(t);return}e.defer(()=>{e.stopChild(t)})}}function hg(e){function t(n,i){}return t.type="xstate.stopChild",t.actorRef=e,t.resolve=AM,t.execute=kM,t}function SM(e,{context:t,event:n},{guards:i}){return i.every(r=>Zd(r,t,n,e))}function EM(e){function t(n,i){return!1}return t.check=SM,t.guards=e,t}function Zd(e,t,n,i){const{machine:r}=i,o=typeof e=="function",a=o?e:r.implementations.guards[typeof e=="string"?e:e.type];if(!o&&!a)throw new Error(`Guard '${typeof e=="string"?e:e.type}' is not implemented.'.`);if(typeof a!="function")return Zd(a,t,n,i);const c={context:t,event:n},l=o||typeof e=="string"?void 0:"params"in e?typeof e.params=="function"?e.params({context:t,event:n}):e.params:void 0;return"check"in a?a.check(i,c,a):a(c,l)}function mv(e){return e.type==="atomic"||e.type==="final"}function Ga(e){return Object.values(e.states).filter(t=>t.type!=="history")}function Xd(e,t){const n=[];if(t===e)return n;let i=e.parent;for(;i&&i!==t;)n.push(i),i=i.parent;return n}function Pf(e){const t=new Set(e),n=m6(t);for(const i of t)if(i.type==="compound"&&(!n.get(i)||!n.get(i).length))Sk(i).forEach(r=>t.add(r));else if(i.type==="parallel"){for(const r of Ga(i))if(r.type!=="history"&&!t.has(r)){const o=Sk(r);for(const a of o)t.add(a)}}for(const i of t){let r=i.parent;for(;r;)t.add(r),r=r.parent}return t}function g6(e,t){const n=t.get(e);if(!n)return{};if(e.type==="compound"){const r=n[0];if(r){if(mv(r))return r.key}else return{}}const i={};for(const r of n)i[r.key]=g6(r,t);return i}function m6(e){const t=new Map;for(const n of e)t.has(n)||t.set(n,[]),n.parent&&(t.has(n.parent)||t.set(n.parent,[]),t.get(n.parent).push(n));return t}function y6(e,t){const n=Pf(t);return g6(e,m6(n))}function yv(e,t){return t.type==="compound"?Ga(t).some(n=>n.type==="final"&&e.has(n)):t.type==="parallel"?Ga(t).every(n=>yv(e,n)):t.type==="final"}const gg=e=>e[0]===oM;function xM(e,t){return e.transitions.get(t)||[...e.transitions.keys()].filter(i=>fM(t,i)).sort((i,r)=>r.length-i.length).flatMap(i=>e.transitions.get(i))}function CM(e){const t=e.config.after;if(!t)return[];const n=r=>{const o=cM(r,e.id),a=o.type;return e.entry.push(bv(o,{id:a,delay:r})),e.exit.push(hv(a)),a};return Object.keys(t).flatMap(r=>{const o=t[r],a=typeof o=="string"?{target:o}:o,c=Number.isNaN(+r)?r:+r,l=n(c);return qr(a).map(d=>({...d,event:l,delay:c}))}).map(r=>{const{delay:o}=r;return{...jr(e,r.event,r),delay:o}})}function jr(e,t,n){const i=f6(n.target),r=n.reenter??!1,o=zM(e,i),a={...n,actions:qr(n.actions),guard:n.guard,target:o,source:e,reenter:r,eventType:t,toJSON:()=>({...a,source:`#${e.id}`,target:o?o.map(c=>`#${c.id}`):void 0})};return a}function TM(e){const t=new Map;if(e.config.on)for(const n of Object.keys(e.config.on)){if(n===s6)throw new Error('Null events ("") cannot be specified as a transition key. Use `always: { ... }` instead.');const i=e.config.on[n];t.set(n,ia(i).map(r=>jr(e,n,r)))}if(e.config.onDone){const n=`xstate.done.state.${e.id}`;t.set(n,ia(e.config.onDone).map(i=>jr(e,n,i)))}for(const n of e.invoke){if(n.onDone){const i=`xstate.done.actor.${n.id}`;t.set(i,ia(n.onDone).map(r=>jr(e,i,r)))}if(n.onError){const i=`xstate.error.actor.${n.id}`;t.set(i,ia(n.onError).map(r=>jr(e,i,r)))}if(n.onSnapshot){const i=`xstate.snapshot.${n.id}`;t.set(i,ia(n.onSnapshot).map(r=>jr(e,i,r)))}}for(const n of e.after){let i=t.get(n.eventType);i||(i=[],t.set(n.eventType,i)),i.push(n)}return t}function $M(e){const t=[],n=i=>{Object.values(i).forEach(r=>{if(r.config.route&&r.config.id){const o=r.config.id,a=r.config.route.guard,c=({event:d})=>d.to===`#${o}`,l={...r.config.route,guard:a?EM([c,a]):c,target:`#${o}`};t.push(jr(e,"xstate.route",l))}r.states&&n(r.states)})};n(e.states),t.length>0&&e.transitions.set("xstate.route",t)}function IM(e,t){const n=typeof t=="string"?e.states[t]:t?e.states[t.target]:void 0;if(!n&&t)throw new Error(`Initial state node "${t}" not found on parent state node #${e.id}`);const i={source:e,actions:!t||typeof t=="string"?[]:qr(t.actions),eventType:null,reenter:!1,target:n?[n]:[],toJSON:()=>({...i,source:`#${e.id}`,target:n?[`#${n.id}`]:[]})};return i}function zM(e,t){if(t!==void 0)return t.map(n=>{if(typeof n!="string")return n;if(gg(n))return e.machine.getStateNodeById(n);const i=n[0]===o6;if(i&&!e.parent)return Nf(e,n.slice(1));const r=i?e.key+n:n;if(e.parent)try{return Nf(e.parent,r)}catch(o){throw new Error(`Invalid transition definition for state node '${e.id}':
332
332
  ${o.message}`)}else throw new Error(`Invalid target: "${n}" is not a valid target from the root node. Did you mean ".${n}"?`)})}function _6(e){const t=f6(e.config.target);return t?{target:t.map(n=>typeof n=="string"?Nf(e.parent,n):n)}:e.parent.initial}function qo(e){return e.type==="history"}function Sk(e){const t=w6(e);for(const n of t)for(const i of Xd(n,e))t.add(i);return t}function w6(e){const t=new Set;function n(i){if(!t.has(i)){if(t.add(i),i.type==="compound")n(i.initial.target[0]);else if(i.type==="parallel")for(const r of Ga(i))n(r)}}return n(e),t}function Wa(e,t){if(gg(t))return e.machine.getStateNodeById(t);if(!e.states)throw new Error(`Unable to retrieve child state '${t}' from '${e.id}'; no child states exist.`);const n=e.states[t];if(!n)throw new Error(`Child state '${t}' does not exist on '${e.id}'`);return n}function Nf(e,t){if(typeof t=="string"&&gg(t))try{return e.machine.getStateNodeById(t)}catch{}const n=uv(t).slice();let i=e;for(;n.length;){const r=n.shift();if(!r.length)break;i=Wa(i,r)}return i}function Ff(e,t){if(typeof t=="string"){const r=e.states[t];if(!r)throw new Error(`State '${t}' does not exist on '${e.id}'`);return[e,r]}const n=Object.keys(t),i=n.map(r=>Wa(e,r)).filter(Boolean);return[e.machine.root,e].concat(i,n.reduce((r,o)=>{const a=Wa(e,o);if(!a)return r;const c=Ff(a,t[o]);return r.concat(c)},[]))}function PM(e,t,n,i){const o=Wa(e,t).next(n,i);return!o||!o.length?e.next(n,i):o}function NM(e,t,n,i){const r=Object.keys(t),o=Wa(e,r[0]),a=_v(o,t[r[0]],n,i);return!a||!a.length?e.next(n,i):a}function FM(e,t,n,i){const r=[];for(const o of Object.keys(t)){const a=t[o];if(!a)continue;const c=Wa(e,o),l=_v(c,a,n,i);l&&r.push(...l)}return r.length?r:e.next(n,i)}function _v(e,t,n,i){return typeof t=="string"?PM(e,t,n,i):Object.keys(t).length===1?NM(e,t,n,i):FM(e,t,n,i)}function OM(e){return Object.keys(e.states).map(t=>e.states[t]).filter(t=>t.type==="history")}function no(e,t){let n=e;for(;n.parent&&n.parent!==t;)n=n.parent;return n.parent===t}function jM(e,t){const n=new Set(e),i=new Set(t);for(const r of n)if(i.has(r))return!0;for(const r of i)if(n.has(r))return!0;return!1}function b6(e,t,n){const i=new Set;for(const r of e){let o=!1;const a=new Set;for(const c of i)if(jM(K_([r],t,n),K_([c],t,n)))if(no(r.source,c.source))a.add(c);else{o=!0;break}if(!o){for(const c of a)i.delete(c);i.add(r)}}return Array.from(i)}function RM(e){const[t,...n]=e;for(const i of Xd(t,void 0))if(n.every(r=>no(r,i)))return i}function wv(e,t){if(!e.target)return[];const n=new Set;for(const i of e.target)if(qo(i))if(t[i.id])for(const r of t[i.id])n.add(r);else for(const r of wv(_6(i),t))n.add(r);else n.add(i);return[...n]}function v6(e,t){const n=wv(e,t);if(!n)return;if(!e.reenter&&n.every(r=>r===e.source||no(r,e.source)))return e.source;const i=RM(n.concat(e.source));if(i)return i;if(!e.reenter)return e.source.machine.root}function K_(e,t,n){const i=new Set;for(const r of e)if(r.target?.length){const o=v6(r,n);r.reenter&&r.source===o&&i.add(o);for(const a of t)no(a,o)&&i.add(a)}return[...i]}function DM(e,t){if(e.length!==t.size)return!1;for(const n of e)if(!t.has(n))return!1;return!0}function BM(e,t,n,i,r){return G_([{target:[...w6(e)],source:e,reenter:!0,actions:[],eventType:null,toJSON:null}],t,n,i,!0,r)}function G_(e,t,n,i,r,o){const a=[];if(!e.length)return[t,a];const c=n.actionExecutor;n.actionExecutor=l=>{a.push(l),c(l)};try{const l=new Set(t._nodes);let d=t.historyValue;const u=b6(e,l,d);let p=t;r||([p,d]=qM(p,i,n,u,l,d,o,n.actionExecutor)),p=Ja(p,i,n,u.flatMap(h=>h.actions),o,void 0),p=MM(p,i,n,u,l,o,d,r);const f=[...l];p.status==="done"&&(p=Ja(p,i,n,f.sort((h,g)=>g.order-h.order).flatMap(h=>h.exit),o,void 0));try{return d===t.historyValue&&DM(t._nodes,l)?[p,a]:[ps(p,{_nodes:f,historyValue:d}),a]}catch(h){throw h}}finally{n.actionExecutor=c}}function LM(e,t,n,i,r){if(i.output===void 0)return;const o=H_(r.id,r.output!==void 0&&r.parent?V_(r.output,e.context,t,n.self):void 0);return V_(i.output,e.context,o,n.self)}function MM(e,t,n,i,r,o,a,c){let l=e;const d=new Set,u=new Set;UM(i,a,u,d),c&&u.add(e.machine.root);const p=new Set;for(const f of[...d].sort((h,g)=>h.order-g.order)){r.add(f);const h=[];h.push(...f.entry);for(const g of f.invoke)h.push(gv(g.src,{...g,syncSnapshot:!!g.onSnapshot}));if(u.has(f)){const g=f.initial.actions;h.push(...g)}if(l=Ja(l,t,n,h,o,f.invoke.map(g=>g.id)),f.type==="final"){const g=f.parent;let m=g?.type==="parallel"?g:g?.parent,_=m||f;for(g?.type==="compound"&&o.push(H_(g.id,f.output!==void 0?V_(f.output,l.context,t,n.self):void 0));m?.type==="parallel"&&!p.has(m)&&yv(r,m);)p.add(m),o.push(H_(m.id)),_=m,m=m.parent;if(m)continue;l=ps(l,{status:"done",output:LM(l,t,n,l.machine.root,_)})}}return l}function UM(e,t,n,i){for(const r of e){const o=v6(r,t);for(const c of r.target||[])!qo(c)&&(r.source!==c||r.source!==o||r.reenter)&&(i.add(c),n.add(c)),ga(c,t,n,i);const a=wv(r,t);for(const c of a){const l=Xd(c,o);o?.type==="parallel"&&l.push(o),A6(i,t,n,l,!r.source.parent&&r.reenter?void 0:o)}}}function ga(e,t,n,i){if(qo(e))if(t[e.id]){const r=t[e.id];for(const o of r)i.add(o),ga(o,t,n,i);for(const o of r)_m(o,e.parent,i,t,n)}else{const r=_6(e);for(const o of r.target)i.add(o),r===e.parent?.initial&&n.add(e.parent),ga(o,t,n,i);for(const o of r.target)_m(o,e.parent,i,t,n)}else if(e.type==="compound"){const[r]=e.initial.target;qo(r)||(i.add(r),n.add(r)),ga(r,t,n,i),_m(r,e,i,t,n)}else if(e.type==="parallel")for(const r of Ga(e).filter(o=>!qo(o)))[...i].some(o=>no(o,r))||(qo(r)||(i.add(r),n.add(r)),ga(r,t,n,i))}function A6(e,t,n,i,r){for(const o of i)if((!r||no(o,r))&&e.add(o),o.type==="parallel")for(const a of Ga(o).filter(c=>!qo(c)))[...e].some(c=>no(c,a))||(e.add(a),ga(a,t,n,e))}function _m(e,t,n,i,r){A6(n,i,r,Xd(e,t))}function qM(e,t,n,i,r,o,a,c){let l=e;const d=K_(i,r,o);d.sort((p,f)=>f.order-p.order);let u;for(const p of d)for(const f of OM(p)){let h;f.history==="deep"?h=g=>mv(g)&&no(g,p):h=g=>g.parent===p,u??={...o},u[f.id]=Array.from(r).filter(h)}for(const p of d)l=Ja(l,t,n,[...p.exit,...p.invoke.map(f=>hg(f.id))],a,void 0),r.delete(p);return[l,u||o]}function HM(e,t){return e.implementations.actions[t]}function k6(e,t,n,i,r,o){const{machine:a}=e;let c=e;for(const l of i){const d=typeof l=="function",u=d?l:HM(a,typeof l=="string"?l:l.type),p={context:c.context,event:t,self:n.self,system:n.system},f=d||typeof l=="string"?void 0:"params"in l?typeof l.params=="function"?l.params({context:c.context,event:t}):l.params:void 0;if(!u||!("resolve"in u)){n.actionExecutor({type:typeof l=="string"?l:typeof l=="object"?l.type:l.name||"(anonymous)",info:p,params:f,exec:u});continue}const h=u,[g,m,_]=h.resolve(n,c,p,f,u,r);c=g,"retryResolve"in h&&o?.push([h,m]),"execute"in h&&n.actionExecutor({type:h.type,info:p,params:m,exec:h.execute.bind(null,n,m)}),_&&(c=k6(c,t,n,_,r,o))}return c}function Ja(e,t,n,i,r,o){const a=o?[]:void 0,c=k6(e,t,n,i,{internalQueue:r,deferredActorIds:o},a);return a?.forEach(([l,d])=>{l.retryResolve(n,c,d)}),c}function wm(e,t,n,i){let r=e;const o=[];function a(p,f,h){n.system._sendInspectionEvent({type:"@xstate.microstep",actorRef:n.self,event:f,snapshot:p[0],_transitions:h}),o.push(p)}if(t.type===q_)return r=ps(Ek(r,t,n),{status:"stopped"}),a([r,[]],t,[]),{snapshot:r,microsteps:o};let c=t;if(c.type!==a6){const p=c,f=pM(p),h=xk(p,r);if(f&&!h.length)return r=ps(e,{status:"error",error:p.error}),a([r,[]],p,[]),{snapshot:r,microsteps:o};const g=G_(h,e,n,c,!1,i);r=g[0],a(g,p,h)}let l=!0;const d=e.machine.options?.maxIterations??1/0;let u=0;for(;r.status==="active";){if(u++,u>d)throw new Error(`Infinite loop detected: the machine has processed more than ${d} microsteps without reaching a stable state. This usually happens when there's a cycle of transitions (e.g., eventless transitions or raised events causing state A -> B -> C -> A).`);let p=l?VM(r,c):[];const f=p.length?r:void 0;if(!p.length){if(!i.length)break;c=i.shift(),p=xk(c,r)}const h=G_(p,r,n,c,!1,i);r=h[0],l=r!==f,a(h,c,p)}return r.status!=="active"&&Ek(r,c,n),{snapshot:r,microsteps:o}}function Ek(e,t,n){return Ja(e,t,n,Object.values(e.children).map(i=>hg(i)),[],void 0)}function xk(e,t){return t.machine.getTransitionData(t,e)}function VM(e,t){const n=new Set,i=e._nodes.filter(mv);for(const r of i)e:for(const o of[r].concat(Xd(r,void 0)))if(o.always){for(const a of o.always)if(a.guard===void 0||Zd(a.guard,e.context,t,e)){n.add(a);break e}}return b6(Array.from(n),new Set(e._nodes),e.historyValue)}function KM(e,t){const n=Pf(Ff(e,t));return y6(e,[...n])}function GM(e){return!!e&&typeof e=="object"&&"machine"in e&&"value"in e}const WM=function(t){return d6(t,this.value)},JM=function(t){return this.tags.has(t)},YM=function(t){const n=this.machine.getTransitionData(this,t);return!!n?.length&&n.some(i=>i.target!==void 0||i.actions.length)},QM=function(){const{_nodes:t,tags:n,machine:i,getMeta:r,toJSON:o,can:a,hasTag:c,matches:l,...d}=this;return{...d,tags:Array.from(n)}},ZM=function(){return this._nodes.reduce((t,n)=>(n.meta!==void 0&&(t[n.id]=n.meta),t),{})};function ip(e,t){return{status:e.status,output:e.output,error:e.error,machine:t,context:e.context,_nodes:e._nodes,value:y6(t.root,e._nodes),tags:new Set(e._nodes.flatMap(n=>n.tags)),children:e.children,historyValue:e.historyValue||{},matches:WM,hasTag:JM,can:YM,getMeta:ZM,toJSON:QM}}function ps(e,t={}){return ip({...e,...t},e.machine)}function XM(e){if(typeof e!="object"||e===null)return{};const t={};for(const n in e){const i=e[n];Array.isArray(i)&&(t[n]=i.map(r=>({id:r.id})))}return t}function eU(e,t){const{_nodes:n,tags:i,machine:r,children:o,context:a,can:c,hasTag:l,matches:d,getMeta:u,toJSON:p,...f}=e,h={};for(const m in o){const _=o[m];h[m]={snapshot:_.getPersistedSnapshot(t),src:_.src,systemId:_.systemId,syncSnapshot:_._syncSnapshot}}return{...f,context:S6(a),children:h,historyValue:XM(f.historyValue)}}function S6(e){let t;for(const n in e){const i=e[n];if(i&&typeof i=="object")if("sessionId"in i&&"send"in i&&"ref"in i)t??=Array.isArray(e)?e.slice():{...e},t[n]={xstate$$type:fv,id:i.id};else{const r=S6(i);r!==i&&(t??=Array.isArray(e)?e.slice():{...e},t[n]=r)}}return t??e}function tU(e,t,n,i,{event:r,id:o,delay:a},{internalQueue:c}){const l=t.machine.implementations.delays;if(typeof r=="string")throw new Error(`Only event objects may be used with raise; use raise({ type: "${r}" }) instead`);const d=typeof r=="function"?r(n,i):r;let u;if(typeof a=="string"){const p=l&&l[a];u=typeof p=="function"?p(n,i):p}else u=typeof a=="function"?a(n,i):a;return typeof u!="number"&&c.push(d),[t,{event:d,id:o,delay:u},void 0]}function nU(e,t){const{event:n,delay:i,id:r}=t;if(typeof i=="number"){e.defer(()=>{const o=e.self;e.system.scheduler.schedule(o,o,n,i,r)});return}}function bv(e,t){function n(i,r){}return n.type="xstate.raise",n.event=e,n.id=t?.id,n.delay=t?.delay,n.resolve=tU,n.execute=nU,n}function iU(e,{machine:t,context:n},i,r){const o=(a,c)=>{if(typeof a=="string"){const l=pv(t,a);if(!l)throw new Error(`Actor logic '${a}' not implemented in machine '${t.id}'`);const d=dd(l,{id:c?.id,parent:e.self,syncSnapshot:c?.syncSnapshot,input:typeof c?.input=="function"?c.input({context:n,event:i,self:e.self}):c?.input,src:a,systemId:c?.systemId});return r[d.id]=d,d}else return dd(a,{id:c?.id,parent:e.self,syncSnapshot:c?.syncSnapshot,input:c?.input,src:a,systemId:c?.systemId})};return(a,c)=>{const l=o(a,c);return r[l.id]=l,e.defer(()=>{l._processingStatus!==ln.Stopped&&l.start()}),l}}function rU(e,t,n,i,{assignment:r}){if(!t.context)throw new Error("Cannot assign to undefined `context`. Ensure that `context` is defined in the machine config.");const o={},a={context:t.context,event:n.event,spawn:iU(e,t,n.event,o),self:e.self,system:e.system};let c={};if(typeof r=="function")c=r(a,i);else for(const d of Object.keys(r)){const u=r[d];c[d]=typeof u=="function"?u(a,i):u}const l=Object.assign({},t.context,c);return[ps(t,{context:l,children:Object.keys(o).length?{...t.children,...o}:t.children}),void 0,void 0]}function er(e){function t(n,i){}return t.type="xstate.assign",t.assignment=e,t.resolve=rU,t}const Ck=new WeakMap;function Bs(e,t,n){let i=Ck.get(e);return i?t in i||(i[t]=n()):(i={[t]:n()},Ck.set(e,i)),i[t]}const oU={},Rc=e=>typeof e=="string"?{type:e}:typeof e=="function"?"resolve"in e?{type:e.type}:{type:e.name}:e;class Of{constructor(t,n){if(this.config=t,this.key=void 0,this.id=void 0,this.type=void 0,this.path=void 0,this.states=void 0,this.history=void 0,this.entry=void 0,this.exit=void 0,this.parent=void 0,this.machine=void 0,this.meta=void 0,this.output=void 0,this.order=-1,this.description=void 0,this.tags=[],this.transitions=void 0,this.always=void 0,this.parent=n._parent,this.key=n._key,this.machine=n._machine,this.path=this.parent?this.parent.path.concat(this.key):[],this.id=this.config.id||[this.machine.id,...this.path].join(o6),this.type=this.config.type||(this.config.states&&Object.keys(this.config.states).length?"compound":this.config.history?"history":"atomic"),this.description=this.config.description,this.order=this.machine.idMap.size,this.machine.idMap.set(this.id,this),this.states=this.config.states?vk(this.config.states,(i,r)=>new Of(i,{_parent:this,_key:r,_machine:this.machine})):oU,this.type==="compound"&&!this.config.initial)throw new Error(`No initial state specified for compound state node "#${this.id}". Try adding { initial: "${Object.keys(this.states)[0]}" } to the state config.`);this.history=this.config.history===!0?"shallow":this.config.history||!1,this.entry=qr(this.config.entry).slice(),this.exit=qr(this.config.exit).slice(),this.meta=this.config.meta,this.output=this.type==="final"||!this.parent?this.config.output:void 0,this.tags=qr(t.tags).slice()}_initialize(){this.transitions=TM(this),this.config.always&&(this.always=ia(this.config.always).map(t=>jr(this,s6,t))),Object.keys(this.states).forEach(t=>{this.states[t]._initialize()})}get definition(){return{id:this.id,key:this.key,version:this.machine.version,type:this.type,initial:this.initial?{target:this.initial.target,source:this,actions:this.initial.actions.map(Rc),eventType:null,reenter:!1,toJSON:()=>({target:this.initial.target.map(t=>`#${t.id}`),source:`#${this.id}`,actions:this.initial.actions.map(Rc),eventType:null})}:void 0,history:this.history,states:vk(this.states,t=>t.definition),on:this.on,transitions:[...this.transitions.values()].flat().map(t=>({...t,actions:t.actions.map(Rc)})),entry:this.entry.map(Rc),exit:this.exit.map(Rc),meta:this.meta,order:this.order||-1,output:this.output,invoke:this.invoke,description:this.description,tags:this.tags}}toJSON(){return this.definition}get invoke(){return Bs(this,"invoke",()=>qr(this.config.invoke).map((t,n)=>{const{src:i,systemId:r}=t,o=t.id??Ak(this.id,n),a=typeof i=="string"?i:`xstate.invoke.${Ak(this.id,n)}`;return{...t,src:a,id:o,systemId:r,toJSON(){const{onDone:c,onError:l,...d}=t;return{...d,type:"xstate.invoke",src:a,id:o}}}}))}get on(){return Bs(this,"on",()=>[...this.transitions].flatMap(([n,i])=>i.map(r=>[n,r])).reduce((n,[i,r])=>(n[i]=n[i]||[],n[i].push(r),n),{}))}get after(){return Bs(this,"delayedTransitions",()=>CM(this))}get initial(){return Bs(this,"initial",()=>IM(this,this.config.initial))}next(t,n){const i=n.type,r=[];let o;const a=Bs(this,`candidates-${i}`,()=>xM(this,i));for(const c of a){const{guard:l}=c,d=t.context;let u=!1;try{u=!l||Zd(l,d,n,t)}catch(p){const f=typeof l=="string"?l:typeof l=="object"?l.type:void 0;throw new Error(`Unable to evaluate guard ${f?`'${f}' `:""}in transition for event '${i}' in state node '${this.id}':
333
- ${p.message}`)}if(u){r.push(...c.actions),o=c;break}}return o?[o]:void 0}get events(){return Bs(this,"events",()=>{const{states:t}=this,n=new Set(this.ownEvents);if(t)for(const i of Object.keys(t)){const r=t[i];if(r.states)for(const o of r.events)n.add(`${o}`)}return Array.from(n)})}get ownEvents(){const t=Object.keys(Object.fromEntries(this.transitions)),n=new Set(t.filter(i=>this.transitions.get(i).some(r=>!(!r.target&&!r.actions.length&&!r.reenter))));return Array.from(n)}}const sU="#";class vv{constructor(t,n){this.config=t,this.version=void 0,this.schemas=void 0,this.implementations=void 0,this.options=void 0,this.__xstatenode=!0,this.idMap=new Map,this.root=void 0,this.id=void 0,this.states=void 0,this.events=void 0,this.id=t.id||"(machine)",this.implementations={actors:n?.actors??{},actions:n?.actions??{},delays:n?.delays??{},guards:n?.guards??{}},this.version=this.config.version,this.schemas=this.config.schemas,this.options={maxIterations:1/0,...this.config.options},this.transition=this.transition.bind(this),this.getInitialSnapshot=this.getInitialSnapshot.bind(this),this.getPersistedSnapshot=this.getPersistedSnapshot.bind(this),this.restoreSnapshot=this.restoreSnapshot.bind(this),this.start=this.start.bind(this),this.root=new Of(t,{_key:this.id,_machine:this}),this.root._initialize(),$M(this.root),this.states=this.root.states,this.events=this.root.events}provide(t){const{actions:n,guards:i,actors:r,delays:o}=this.implementations;return new vv(this.config,{actions:{...n,...t.actions},guards:{...i,...t.guards},actors:{...r,...t.actors},delays:{...o,...t.delays}})}resolveState(t){const n=KM(this.root,t.value),i=Pf(Ff(this.root,n));return ip({_nodes:[...i],context:t.context||{},children:{},status:yv(i,this.root)?"done":t.status||"active",output:t.output,error:t.error,historyValue:t.historyValue},this)}transition(t,n,i){return wm(t,n,i,[]).snapshot}microstep(t,n,i){return wm(t,n,i,[]).microsteps.map(([r])=>r)}getTransitionData(t,n){return _v(this.root,t.value,t,n)||[]}_getPreInitialState(t,n,i){const{context:r}=this.config,o=ip({context:typeof r!="function"&&r?r:{},_nodes:[this.root],children:{},status:"active"},this);return typeof r=="function"?Ja(o,n,t,[er(({spawn:c,event:l,self:d})=>r({spawn:c,input:l.input,self:d}))],i,void 0):o}getInitialSnapshot(t,n){const i=l6(n),r=[],o=this._getPreInitialState(t,i,r),[a]=BM(this.root,o,t,i,r),{snapshot:c}=wm(a,i,t,r);return c}start(t){Object.values(t.children).forEach(n=>{n.getSnapshot().status==="active"&&n.start()})}getStateNodeById(t){const n=uv(t),i=n.slice(1),r=gg(n[0])?n[0].slice(sU.length):n[0],o=this.idMap.get(r);if(!o)throw new Error(`Child state node '#${r}' does not exist on machine '${this.id}'`);return Nf(o,i)}get definition(){return this.root.definition}toJSON(){return this.definition}getPersistedSnapshot(t,n){return eU(t,n)}restoreSnapshot(t,n){const i={},r=t.children;Object.keys(r).forEach(p=>{const f=r[p],h=f.snapshot,g=f.src,m=typeof g=="string"?pv(this,g):g;if(!m)return;const _=dd(m,{id:p,parent:n.self,syncSnapshot:f.syncSnapshot,snapshot:h,src:g,systemId:f.systemId});i[p]=_});function o(p,f){if(f instanceof Of)return f;try{return p.machine.getStateNodeById(f.id)}catch{}}function a(p,f){if(!f||typeof f!="object")return{};const h={};for(const g in f){const m=f[g];for(const _ of m){const y=o(p,_);y&&(h[g]??=[],h[g].push(y))}}return h}const c=a(this.root,t.historyValue),l=ip({...t,children:i,_nodes:Array.from(Pf(Ff(this.root,t.value))),historyValue:c},this),d=new Set;function u(p,f){if(!d.has(p)){d.add(p);for(const h in p){const g=p[h];if(g&&typeof g=="object"){if("xstate$$type"in g&&g.xstate$$type===fv){p[h]=f[g.id];continue}u(g,f)}}}}return u(l.context,i),l}}function aU(e,t,n,i,{event:r}){const o=typeof r=="function"?r(n,i):r;return[t,{event:o},void 0]}function cU(e,{event:t}){e.defer(()=>e.emit(t))}function E6(e){function t(n,i){}return t.type="xstate.emit",t.event=e,t.resolve=aU,t.execute=cU,t}let W_=(function(e){return e.Parent="#_parent",e.Internal="#_internal",e})({});function lU(e,t,n,i,{to:r,event:o,id:a,delay:c},l){const d=t.machine.implementations.delays;if(typeof o=="string")throw new Error(`Only event objects may be used with sendTo; use sendTo({ type: "${o}" }) instead`);const u=typeof o=="function"?o(n,i):o;let p;if(typeof c=="string"){const g=d&&d[c];p=typeof g=="function"?g(n,i):g}else p=typeof c=="function"?c(n,i):c;const f=typeof r=="function"?r(n,i):r;let h;if(typeof f=="string"){if(f===W_.Parent?h=e.self._parent:f===W_.Internal?h=e.self:f.startsWith("#_")?h=t.children[f.slice(2)]:h=l.deferredActorIds?.includes(f)?f:t.children[f],!h)throw new Error(`Unable to send event to actor '${f}' from machine '${t.machine.id}'.`)}else h=f||e.self;return[t,{to:h,targetId:typeof f=="string"?f:void 0,event:u,id:a,delay:p},void 0]}function dU(e,t,n){typeof n.to=="string"&&(n.to=t.children[n.to])}function uU(e,t){e.defer(()=>{const{to:n,event:i,delay:r,id:o}=t;if(typeof r=="number"){e.system.scheduler.schedule(e.self,n,i,r,o);return}e.system._relay(e.self,n,i.type===aM?c6(e.self.id,i.data):i)})}function Av(e,t,n){function i(r,o){}return i.type="xstate.sendTo",i.to=e,i.event=t,i.id=n?.id,i.delay=n?.delay,i.resolve=lU,i.retryResolve=dU,i.execute=uU,i}function pU(e,t){return Av(W_.Parent,e,t)}function fU(e,t,n,i,{collect:r}){const o=[],a=function(l){o.push(l)};return a.assign=(...c)=>{o.push(er(...c))},a.cancel=(...c)=>{o.push(hv(...c))},a.raise=(...c)=>{o.push(bv(...c))},a.sendTo=(...c)=>{o.push(Av(...c))},a.sendParent=(...c)=>{o.push(pU(...c))},a.spawnChild=(...c)=>{o.push(gv(...c))},a.stopChild=(...c)=>{o.push(hg(...c))},a.emit=(...c)=>{o.push(E6(...c))},r({context:n.context,event:n.event,enqueue:a,check:c=>Zd(c,t.context,n.event,t),self:e.self,system:e.system},i),[t,void 0,o]}function hU(e){function t(n,i){}return t.type="xstate.enqueueActions",t.collect=e,t.resolve=fU,t}function gU(e,t,n,i,{value:r,label:o}){return[t,{value:typeof r=="function"?r(n,i):r,label:o},void 0]}function mU({logger:e},{value:t,label:n}){n?e(n,t):e(t)}function yU(e=({context:n,event:i})=>({context:n,event:i}),t){function n(i,r){}return n.type="xstate.log",n.value=e,n.label=t,n.resolve=gU,n.execute=mU,n}function _U(e,t){return new vv(e,t)}function wU(e){const t=dd(e);return{self:t,defer:()=>{},id:"",logger:()=>{},sessionId:"",stopChild:()=>{},system:t.system,emit:()=>{},actionExecutor:()=>{}}}function x6({schemas:e,actors:t,actions:n,guards:i,delays:r}){return{assign:er,sendTo:Av,raise:bv,log:yU,cancel:hv,stopChild:hg,enqueueActions:hU,emit:E6,spawnChild:gv,createStateConfig:o=>o,createAction:o=>o,createMachine:o=>_U({...o,schemas:e},{actors:t,actions:n,guards:i,delays:r}),extend:o=>x6({schemas:e,actors:t,actions:{...n,...o.actions},guards:{...i,...o.guards},delays:{...r,...o.delays}})}}function bU(e,t,n){const i=[],r=wU(e);return r.actionExecutor=a=>{i.push(a)},[e.transition(t,n,r),i]}var qn=(e=>(e.AUTHENTICATE="AUTHENTICATE",e.REQUIRE_EMAIL_VERIFICATION="REQUIRE_EMAIL_VERIFICATION",e.REQUIRE_MFA="REQUIRE_MFA",e.COMPLETE_MFA="COMPLETE_MFA",e.START_HOOK="START_HOOK",e.COMPLETE_HOOK="COMPLETE_HOOK",e.START_CONTINUATION="START_CONTINUATION",e.COMPLETE_CONTINUATION="COMPLETE_CONTINUATION",e.COMPLETE="COMPLETE",e.FAIL="FAIL",e.EXPIRE="EXPIRE",e))(qn||{});const C6=x6({actions:{setUserId:er(({event:e})=>e.type==="AUTHENTICATE"?{userId:e.userId}:{}),setHookId:er(({event:e})=>e.type==="START_HOOK"?{hookId:e.hookId}:{}),clearHookId:er({hookId:void 0}),setContinuationScope:er(({event:e})=>e.type==="START_CONTINUATION"?{continuationScope:e.scope}:{}),clearContinuationScope:er({continuationScope:void 0}),setFailureReason:er(({event:e})=>e.type==="FAIL"?{failureReason:e.reason}:{})}}).createMachine({id:"loginSession",initial:"pending",context:{},states:{pending:{on:{AUTHENTICATE:{target:"authenticated",actions:"setUserId"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},authenticated:{on:{REQUIRE_EMAIL_VERIFICATION:{target:"awaiting_email_verification"},REQUIRE_MFA:{target:"awaiting_mfa"},START_HOOK:{target:"awaiting_hook",actions:"setHookId"},START_CONTINUATION:{target:"awaiting_continuation",actions:"setContinuationScope"},COMPLETE:{target:"completed"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_email_verification:{on:{COMPLETE:{target:"authenticated"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_mfa:{on:{COMPLETE_MFA:{target:"authenticated"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_hook:{on:{COMPLETE_HOOK:{target:"authenticated",actions:"clearHookId"},START_CONTINUATION:{target:"awaiting_continuation",actions:"setContinuationScope"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_continuation:{on:{COMPLETE_CONTINUATION:{target:"authenticated",actions:"clearContinuationScope"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},completed:{type:"final"},failed:{type:"final"},expired:{type:"final"}}});function vU(e,t={}){return C6.resolveState({value:e,context:t})}function _i(e,t,n={}){const i=vU(e,n),[r]=bU(C6,i,t),o={},a=r.context,c=n;return a.userId!==c.userId&&(o.userId=a.userId),a.hookId!==c.hookId&&(o.hookId=a.hookId),a.continuationScope!==c.continuationScope&&(o.continuationScope=a.continuationScope),a.failureReason!==c.failureReason&&(o.failureReason=a.failureReason),{state:r.value,context:o}}function T6(e,t){Object.keys(t).forEach(n=>{const i=t[n];i!=null&&i.length&&e.searchParams.set(n,i)})}function AU(e){try{const t=typeof e=="string"?new URL(e):e;let n=`${t.protocol}//${t.host}${t.pathname}`;if(t.search){const i=Array.from(t.searchParams.keys()).map(r=>`${r}=[REDACTED]`).join("&");n+=`?${i}`}return t.hash&&(n+="#[REDACTED]"),n}catch{const n=(typeof e=="string"?e:e.toString()).match(/^([^?#]*)(\?[^#]*)?(#.*)?$/);if(!n)return"[invalid-url]";const[,i="",r,o]=n;let a=i;if(r){const c=r.substring(1).split("&").map(l=>{const[d]=l.split("=");return`${d}=[REDACTED]`}).join("&");a+=`?${c}`}return o&&(a+="#[REDACTED]"),a}}const J_=["sub","iss","aud","exp","nbf","iat","jti"];function bm(e,t,n){return{accessToken:{setCustomClaim:(i,r)=>{if(J_.includes(i))throw new Error(`Cannot overwrite reserved claim '${i}'`);t[i]=r}},idToken:{setCustomClaim:(i,r)=>{if(J_.includes(i))throw new Error(`Cannot overwrite reserved claim '${i}'`);n&&(n[i]=r)}},access:{deny:i=>{throw new U(400,{message:`Access denied: ${i}`})}},token:{createServiceToken:async i=>(await Es(e,e.var.tenant_id,i.scope,i.expiresInSeconds,i.customClaims)).access_token}}}async function Ya(e,t){const{authParams:n,user:i,client:r,session_id:o,organization:a,permissions:c,impersonatingUser:l}=t;let d=t.auth_time;if(d===void 0&&o&&e.var.tenant_id){const N=await e.env.data.sessions.get(e.var.tenant_id,o);N?.authenticated_at&&(d=Math.floor(new Date(N.authenticated_at).getTime()/1e3))}const u=e.var.tenant_id,f=(await nv(e.env.data.keys,u??"",u?e.env.signingKeyMode:"control-plane",{purpose:"sign"}))[0];if(!f?.pkcs7||!f.cert)throw new U(500,{message:"No signing key available"});const h=K5(f.pkcs7),g=await D5(f.cert),m=Dn(e.env,e.var.custom_domain),_=n.audience??r.tenant.default_audience;if(!_)throw new U(400,{error:"invalid_request",error_description:"An audience must be specified in the request or configured as the tenant default_audience"});const y={aud:_,scope:n.scope||"",sub:i?.user_id||n.client_id,iss:m,tenant_id:e.var.tenant_id,sid:o,act:l?{sub:l.user_id}:void 0,org_id:a?a.id:void 0,org_name:a&&r.tenant.allow_organization_name_in_authentication_api?a.name.toLowerCase():void 0,permissions:c,...t.customClaims};if(t.customClaims){for(const N of J_)if(N in t.customClaims)throw new Error(`Cannot overwrite reserved claim '${N}'`)}const w=n.scope?.split(" ")||[],b=w.includes("openid"),A=(n.response_type??"").trim()===Sn.ID_TOKEN,v=r.auth0_conformant!==!1||A,k=i&&b?{aud:n.client_id,sub:i.user_id,iss:m,sid:o,nonce:n.nonce,...d!==void 0?{auth_time:d}:{},...n.acr_values?{acr:n.acr_values.split(" ")[0]}:{},...v?r6(i,w):{},act:l?{sub:l.user_id}:void 0,org_id:a?.id,org_name:a?.name.toLowerCase()}:void 0,x=t.loginSession?.auth_connection||t.authConnection||e.var.connection;let T;if(x)try{const N=await e.env.data.connections.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1}),D=N.connections.find(B=>B.name===x)??N.connections.find(B=>B.name.toLowerCase()===x.toLowerCase());D&&(T={id:D.id||D.name,name:D.name,strategy:D.strategy||i?.provider||"auth0",metadata:D.options||{}})}catch(N){console.error("Error fetching connection info:",N)}e.env.hooks?.onExecuteCredentialsExchange&&await e.env.hooks.onExecuteCredentialsExchange({ctx:e,client:r,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req.method,url:e.req.url},scope:n.scope||"",grant_type:"",connection:T||(x?{id:x,name:x,strategy:i?.provider||"auth0"}:void 0)},bm(e,y,k));{const{hooks:N}=await e.env.data.hooks.list(e.var.tenant_id,{q:"trigger_id:credentials-exchange",page:0,per_page:100,include_totals:!1}),D=N.filter(Z=>Z.enabled&&to(Z)),B=bm(e,y,k);if(i){for(const Z of D)if(to(Z))try{await GL(e,Z.template_id,i,B)}catch(te){if(te instanceof z)throw te;console.warn(`[credentials-exchange] Failed to execute template hook: ${Z.template_id}`,te)}}const V=bm(e,y,k);await QL(e,N,{ctx:e,client:r,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req?.method||"",url:e.req?.url||""},scope:n.scope||"",grant_type:"",connection:T||(x?{id:x,name:x,strategy:i?.provider||"auth0"}:void 0)},V)}const I=l?3600:t.token_lifetime??86400,F={includeIssuedTimestamp:!0,expiresIn:new Pd(I,"s"),headers:{kid:f.kid}},$=await yy(g,h,y,F);if(k){const N=(n.response_type??"").split(" ");t.code&&N.includes("code")&&(k.c_hash=await uk(t.code,g)),N.includes("id_token")&&N.includes("token")&&(k.at_hash=await uk($,g))}const P=k?await yy(g,h,k,F):void 0;return{access_token:$,refresh_token:t.refresh_token,id_token:P,token_type:"Bearer",expires_in:I}}async function jf(e,t){return{code:(await e.env.data.codes.create(t.client.tenant.id,{code_id:Ue(32),user_id:t.user.user_id,code_type:"authorization_code",login_id:t.login_id,expires_at:new Date(Date.now()+dL*1e3).toISOString(),code_challenge:t.authParams.code_challenge,code_challenge_method:t.authParams.code_challenge_method,redirect_uri:t.authParams.redirect_uri,state:t.authParams.state,nonce:t.authParams.nonce})).code_id,state:t.authParams.state}}function Rf(e){if(e)return new Date(Date.now()+e*60*60*1e3).toISOString()}async function $6(e,t){const{client:n,scope:i,login_id:r}=t,o=t.audience??n.tenant.default_audience;if(!o)throw new U(400,{error:"invalid_request",error_description:"An audience must be specified in the request or configured as the tenant default_audience"});const a=Rf(n.tenant.idle_session_lifetime),c=Rf(n.tenant.session_lifetime),l=av(),{lookup:d,secret:u}=U5(),p=await Tf(u),f=n.refresh_token?.rotation_type==="rotating";return{row:await e.env.data.refreshTokens.create(n.tenant.id,{id:l,login_id:r,client_id:n.client_id,idle_expires_at:a,expires_at:c,user_id:t.user.user_id,device:{last_ip:e.var.ip,initial_ip:e.var.ip,last_user_agent:e.var.useragent||"",initial_user_agent:e.var.useragent||"",initial_asn:"",last_asn:""},resource_servers:[{audience:o,scopes:i}],rotating:f,token_lookup:d,token_hash:p,family_id:l}),wireToken:q5(d,u)}}async function Tk(e,{user:t,client:n,loginSession:i}){const r=Rf(n.tenant.idle_session_lifetime),o=Rf(n.tenant.session_lifetime);return await e.env.data.sessions.create(n.tenant.id,{id:av(),user_id:t.user_id,login_session_id:i.id,idle_expires_at:r,expires_at:o,device:{last_ip:e.var.ip||"",initial_ip:e.var.ip||"",last_user_agent:e.var.useragent||"",initial_user_agent:e.var.useragent||"",initial_asn:"",last_asn:""},clients:[n.client_id]})}async function I6(e,{user:t,client:n,loginSession:i,existingSessionId:r,authConnection:o}){const a=await e.env.data.loginSessions.get(n.tenant.id,i.id);if(!a)throw new z(400,{message:`Login session ${i.id} not found`});const c=a.state||be.PENDING;if(c===be.FAILED)throw new U(400,{error:"access_denied",error_description:a.failure_reason||"Cannot authenticate login session in failed state"});if(c===be.COMPLETED)throw new U(400,{error:"access_denied",error_description:"Login session has already been completed"});if(c===be.AUTHENTICATED){if(a.session_id)return a.session_id;throw new z(500,{message:"Login session is authenticated but has no session_id"})}let l;if(r){const f=await e.env.data.sessions.get(n.tenant.id,r);!f||f.revoked_at?l=(await Tk(e,{user:t,client:n,loginSession:i})).id:(l=r,f.clients.includes(n.client_id)||await e.env.data.sessions.update(n.tenant.id,r,{clients:[...f.clients,n.client_id]}))}else l=(await Tk(e,{user:t,client:n,loginSession:i})).id;const d=c===be.EXPIRED?be.PENDING:c,{state:u}=_i(d,{type:qn.AUTHENTICATE,userId:t.user_id}),p=o||e.var.connection;return await e.env.data.loginSessions.update(n.tenant.id,i.id,{session_id:l,state:u,user_id:t.user_id,...p?{auth_connection:p}:{},...c===be.EXPIRED?{expires_at:new Date(Date.now()+eo*1e3).toISOString()}:{}}),l}async function kU(e,t){const{user:n,client:i,loginSession:r,authStrategy:o,authConnection:a}=t;await I6(e,{user:n,client:i,loginSession:r,existingSessionId:t.existingSessionId,authConnection:a}),await e.env.data.loginSessions.update(i.tenant.id,r.id,{...o?{auth_strategy:o}:{},authenticated_at:new Date().toISOString()});const c=`/authorize/resume?state=${encodeURIComponent(r.id)}`;let l=c;if(r.authorization_url)try{const d=new URL(r.authorization_url),u=e.var.host||"";d.host&&d.host!==u&&(l=`${d.origin}${c}`)}catch{}return new Response(null,{status:302,headers:{location:l}})}async function SU(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to mark as failed`);return}const o=r.state||be.PENDING,{state:a,context:c}=_i(o,{type:qn.FAIL,reason:i});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,failure_reason:c.failureReason})}async function Df(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to start hook`);return}const o=r.state||be.PENDING,{state:a,context:c}=_i(o,{type:qn.START_HOOK,hookId:i});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,state_data:c.hookId?JSON.stringify({hookId:c.hookId}):void 0})}async function ud(e,t,n){const i=await e.env.data.loginSessions.get(t,n.id);if(!i){console.warn(`Login session ${n.id} not found when trying to complete hook`);return}const r=i.state||be.PENDING,{state:o}=_i(r,{type:qn.COMPLETE_HOOK});o!==r&&await e.env.data.loginSessions.update(t,n.id,{state:o,state_data:void 0})}async function vm(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to mark as completed`);return}const o=r.state||be.PENDING,{state:a}=_i(o,{type:qn.COMPLETE});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,...i?{auth_connection:i}:{}})}async function eu(e,t,n,i,r){const o=await e.env.data.loginSessions.get(t,n.id);if(!o){console.warn(`Login session ${n.id} not found when trying to start continuation`);return}const a=o.state||be.PENDING,{state:c}=_i(a,{type:qn.START_CONTINUATION,scope:i});if(c!==a){let l={};if(o.state_data)try{l=JSON.parse(o.state_data)}catch{}await e.env.data.loginSessions.update(t,n.id,{state:c,state_data:JSON.stringify({...l,continuationScope:i,continuationReturnUrl:r})})}else console.warn(`Failed to start continuation for login session ${n.id}: cannot transition from ${a} to AWAITING_CONTINUATION. Scope: ${JSON.stringify(i)}, Return URL: ${AU(r)}`)}async function Bf(e,t,n){const i=await e.env.data.loginSessions.get(t,n.id);if(!i){console.warn(`Login session ${n.id} not found when trying to complete continuation`);return}let r,o={};if(i.state_data)try{const l=JSON.parse(i.state_data);r=l.continuationReturnUrl;const{continuationScope:d,continuationReturnUrl:u,...p}=l;o=p}catch{}const a=i.state||be.PENDING,{state:c}=_i(a,{type:qn.COMPLETE_CONTINUATION});return c!==a?await e.env.data.loginSessions.update(t,n.id,{state:c,state_data:Object.keys(o).length>0?JSON.stringify(o):void 0}):console.warn(`completeLoginSessionContinuation: State transition from ${a} with COMPLETE_CONTINUATION was invalid or no-op`),r}function EU(e){if(!e.state_data)return null;try{return JSON.parse(e.state_data).continuationScope||null}catch{return null}}function Lf(e,t){if(e.state!==be.AWAITING_CONTINUATION)return!1;const n=EU(e);return n?n.includes(t):!1}async function nt(e,t){const{authParams:n,client:i,ticketAuth:r}=t;let{user:o}=t;const a=n.response_type||Sn.CODE,c=n.response_mode||vt.QUERY;if(r){if(!t.loginSession)throw new U(500,{message:"Login session not found for ticket auth."});o&&!t.skipHooks&&(t.authStrategy&&o.app_metadata?.strategy!==t.authStrategy.strategy&&(o.app_metadata={...o.app_metadata,strategy:t.authStrategy.strategy},await e.env.data.users.update(i.tenant.id,o.user_id,{app_metadata:{...o.app_metadata||{},strategy:t.authStrategy.strategy}})),await O6(e,e.env.data,i.tenant.id,o,t.loginSession,{client:i,authParams:n,authStrategy:t.authStrategy}));const T=sL(),I=Ue(12),F=await e.env.data.codes.create(i.tenant.id,{code_id:Ue(32),code_type:"ticket",login_id:t.loginSession.id,expires_at:new Date(Date.now()+pL).toISOString(),code_verifier:[I,T].join("|"),redirect_uri:n.redirect_uri,state:n.state,nonce:n.nonce});return e.json({login_ticket:F.code_id,co_verifier:T,co_id:I})}let l=t.refreshToken,d;if(t.loginSession){const T=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if(!T)throw new U(500,{message:"Login session not found."});const I=T.state||be.PENDING;if(I===be.COMPLETED)throw new U(400,{error:"invalid_request",error_description:"Login session has already been completed"});if(I===be.FAILED)throw new U(400,{error:"access_denied",error_description:`Login session failed: ${T.failure_reason||"unknown reason"}`});if(I===be.PENDING||I===be.EXPIRED)d=await I6(e,{user:o,client:i,loginSession:t.loginSession,existingSessionId:t.existingSessionIdToLink,authConnection:t.authConnection});else if(d=T.session_id,!d)throw new U(500,{message:`Login session in ${I} state but has no session_id`})}else throw new U(500,{message:"loginSession must be provided for front-channel auth responses."});if(t.loginSession&&o){const T=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if(T){const I=T.state||be.PENDING;let F={};if(T.state_data)try{F=JSON.parse(T.state_data)}catch{console.error("Failed to parse state_data for login session",T.id)}if(I===be.AWAITING_MFA){let $="/u2/mfa/login-options";if(F.authenticationMethodId){const N=(await e.env.data.authenticationMethods.list(i.tenant.id,o.user_id)).find(D=>D.id===F.authenticationMethodId);N?.confirmed&&N.type==="phone"?$="/u2/mfa/phone-challenge":N?.confirmed&&N.type==="totp"?$="/u2/mfa/totp-challenge":N?.confirmed&&(N.type==="passkey"||N.type==="webauthn-roaming"||N.type==="webauthn-platform")?$="/u2/passkey/challenge":N?.type==="totp"?$="/u2/mfa/totp-enrollment":N?.type==="phone"&&($="/u2/mfa/phone-enrollment")}return new Response(null,{status:302,headers:{location:`${$}?state=${encodeURIComponent(t.loginSession.id)}`}})}if(I===be.AUTHENTICATED&&!F.mfa_verified){const{checkMfaRequired:$,sendMfaOtp:P}=await Promise.resolve().then(()=>lP),N=await $(e,i.tenant.id,o.user_id);if(N.required){const{state:D}=_i(be.AUTHENTICATED,{type:qn.REQUIRE_MFA});if(N.enrolled){if(N.allEnrollments.length>1)return await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:D}),new Response(null,{status:302,headers:{location:`/u2/mfa/login-options?state=${encodeURIComponent(t.loginSession.id)}`}});if(await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:D,state_data:JSON.stringify({...F,authenticationMethodId:N.enrollment.id})}),N.enrollment.type==="totp")return new Response(null,{status:302,headers:{location:`/u2/mfa/totp-challenge?state=${encodeURIComponent(t.loginSession.id)}`}});if(N.enrollment.type==="passkey"||N.enrollment.type==="webauthn-roaming"||N.enrollment.type==="webauthn-platform")return new Response(null,{status:302,headers:{location:`/u2/passkey/challenge?state=${encodeURIComponent(t.loginSession.id)}`}});if(!N.enrollment.phone_number)throw new Error("MFA enrollment is missing phone_number");return await P(e,i,t.loginSession,N.enrollment.phone_number),new Response(null,{status:302,headers:{location:`/u2/mfa/phone-challenge?state=${encodeURIComponent(t.loginSession.id)}`}})}else{const B=i.tenant,V=B.mfa?.factors?.otp===!0,Z=B.mfa?.factors?.sms===!0,te=B.mfa?.factors?.webauthn_roaming===!0||B.mfa?.factors?.webauthn_platform===!0;return await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:D}),(V?1:0)+(Z?1:0)+(te?1:0)>1?new Response(null,{status:302,headers:{location:`/u2/mfa/login-options?state=${encodeURIComponent(t.loginSession.id)}`}}):V?new Response(null,{status:302,headers:{location:`/u2/mfa/totp-enrollment?state=${encodeURIComponent(t.loginSession.id)}`}}):te?new Response(null,{status:302,headers:{location:`/u2/passkey/enrollment?state=${encodeURIComponent(t.loginSession.id)}`}}):new Response(null,{status:302,headers:{location:`/u2/mfa/phone-enrollment?state=${encodeURIComponent(t.loginSession.id)}`}})}}}}}if(t.loginSession&&o&&c!==vt.WEB_MESSAGE){const T=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if(T){const I=T.state||be.PENDING;let F={};if(T.state_data)try{F=JSON.parse(T.state_data)}catch{}if(I===be.AUTHENTICATED&&!F.passkey_nudge_completed){const{checkPasskeyNudgeRequired:$}=await Promise.resolve().then(()=>require("./passkey-enrollment-dbZd6Zqw.js"));if((await $(e,i.tenant.id,o.user_id,T.auth_connection)).show)return await eu(e,i.tenant.id,T,["passkey-enrollment"],`/u/continue?state=${encodeURIComponent(t.loginSession.id)}`),new Response(null,{status:302,headers:{location:`/u2/passkey/enrollment-nudge?state=${encodeURIComponent(t.loginSession.id)}`}});await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state_data:JSON.stringify({...F,passkey_nudge_completed:!0})})}}}const u=a.split(" ").includes("code");if(!l&&n.scope?.split(" ").includes("offline_access")&&a!==Sn.TOKEN&&!u&&!t.impersonatingUser&&(l=(await $6(e,{user:o,client:i,login_id:t.loginSession?.id||"",scope:n.scope,audience:n.audience})).wireToken),c===vt.SAML_POST){if(!d)throw new z(500,{message:"Session ID not available for SAML response"});return ML(e,t.client,t.authParams,o,d)}const p=await xU(e,{authParams:n,user:o,client:i,session_id:d,refresh_token:l,authStrategy:t.authStrategy,authConnection:t.authConnection,loginSession:t.loginSession,responseType:a,skipHooks:t.skipHooks,organization:t.organization,impersonatingUser:t.impersonatingUser});if(p instanceof Response)return p;if(!n.redirect_uri)throw new U(400,{message:c===vt.WEB_MESSAGE?"Redirect URI not allowed for WEB_MESSAGE response mode.":"Redirect uri not found for this response mode."});const f=new Headers;d?lv(i.tenant.id,d,e.var.host||"").forEach(I=>{f.append("set-cookie",I)}):c===vt.WEB_MESSAGE&&console.warn("Session ID not available for WEB_MESSAGE, cookie will not be set.");const h=a.split(" "),g=h.includes("code"),m=h.includes("id_token"),_=h.includes("token"),y={},w="code"in p&&typeof p.code=="string",b="access_token"in p&&typeof p.access_token=="string";if(w&&g&&(y.code=p.code),b&&(_&&(y.access_token=p.access_token,y.token_type=p.token_type,y.expires_in=p.expires_in.toString()),m&&p.id_token&&(y.id_token=p.id_token)),!w&&!b)throw new U(500,{message:"Invalid token response for front-channel flow."});const v=("state"in p&&typeof p.state=="string"?p.state:void 0)??n.state;if(v&&(y.state=v),(_||m)&&n.scope&&(y.scope=n.scope),c===vt.WEB_MESSAGE){const T=new URL(n.redirect_uri),I=`${T.protocol}//${T.host}`;return U_(e,I,JSON.stringify(y),f)}if(c===vt.FORM_POST)return If(n.redirect_uri,y,f);const k=m||_,x=new URL(n.redirect_uri);if(k)x.hash=new URLSearchParams(y).toString();else for(const[T,I]of Object.entries(y))x.searchParams.set(T,I);return f.set("location",x.toString()),new Response("Redirecting",{status:302,headers:f})}async function xU(e,t){let{user:n}=t;const i=t.responseType||Sn.TOKEN;if(n&&t.organization&&!(await e.env.data.userOrganizations.list(t.client.tenant.id,{q:`user_id:${n.user_id}`,per_page:1e3})).userOrganizations.some(_=>_.organization_id===t.organization.id))throw new U(403,{error:"access_denied",error_description:"User is not a member of the specified organization"});let r=t.authParams.scope||"",o=[],a;const c=t.authParams.audience??t.client.tenant.default_audience;if(c)try{let g;if(t.grantType===Zt.ClientCredential||!n&&!t.user)g=await ld(e,{grantType:Zt.ClientCredential,tenantId:t.client.tenant.id,clientId:t.client.client_id,audience:c,requestedScopes:t.authParams.scope?.split(" ")||[],organizationId:t.organization?.id});else{const m=n?.user_id||t.user?.user_id;if(!m)throw new U(400,{error:"invalid_request",error_description:"User ID is required for user-based grants"});g=await ld(e,{grantType:t.grantType,tenantId:t.client.tenant.id,userId:m,clientId:t.client.client_id,audience:c,requestedScopes:t.authParams.scope?.split(" ")||[],organizationId:t.organization?.id})}r=g.scopes.join(" "),o=g.permissions,a=t.client.app_type==="spa"&&g.token_lifetime_for_web?g.token_lifetime_for_web:g.token_lifetime}catch(g){if(g instanceof z)throw g}const l={...t.authParams,scope:r};if(t.loginSession&&n&&!t.skipHooks){t.authStrategy&&n.app_metadata?.strategy!==t.authStrategy.strategy&&(n.app_metadata={...n.app_metadata,strategy:t.authStrategy.strategy},await e.env.data.users.update(t.client.tenant.id,n.user_id,{app_metadata:{...n.app_metadata||{},strategy:t.authStrategy.strategy}}));const g=await O6(e,e.env.data,t.client.tenant.id,n,t.loginSession,{client:t.client,authParams:l,authStrategy:t.authStrategy});if(g instanceof Response)return g;n=g}const d=t.loginSession?.auth_connection||t.authConnection||e.var.connection,u=i.split(" "),p=u.includes("code"),f=u.includes("id_token")||u.includes("token"),h=p&&f;if(i===Sn.CODE){if(!n||!t.loginSession)throw new U(500,{message:"User and loginSession is required for code flow"});const g=await jf(e,{user:n,client:t.client,authParams:l,login_id:t.loginSession.id});return await vm(e,t.client.tenant.id,t.loginSession,d),g}else if(h){if(!n||!t.loginSession)throw new U(500,{message:"User and loginSession is required for hybrid flow"});const g=await jf(e,{user:n,client:t.client,authParams:l,login_id:t.loginSession.id}),m=await Ya(e,{...t,user:n,authParams:l,permissions:o,token_lifetime:a,code:g.code});return await vm(e,t.client.tenant.id,t.loginSession,d),{...m,code:g.code,state:g.state}}else{const g=await Ya(e,{...t,user:n,authParams:l,permissions:o,token_lifetime:a});return t.loginSession&&await vm(e,t.client.tenant.id,t.loginSession,d),g}}const Mf="auth-service",z6=3600,CU=["sub","iss","aud","exp","nbf","iat","jti","scope","azp","tenant_id"];async function TU(e){const{tenants:t,keys:n,tenantId:i,scope:r,issuer:o}=e,a=await t.get(i);if(!a)throw new Error(`Tenant not found: ${i}`);const c=a.audience;if(!c)throw new Error(`Cannot mint service token: tenant "${i}" has no default audience`);if(e.customClaims){for(const m of CU)if(m in e.customClaims)throw new Error(`Cannot overwrite reserved claim '${m}'`)}const d=(await nv(n,i,e.signingKeyMode,{purpose:"sign"}))[0];if(!d?.pkcs7||!d.cert)throw new Error("No signing key available");const u=K5(d.pkcs7),p=await D5(d.cert),f=e.expiresInSeconds??z6,h={aud:c,scope:r,sub:Mf,azp:Mf,iss:o,tenant_id:i,...e.customClaims};return{access_token:await yy(p,u,h,{includeIssuedTimestamp:!0,expiresIn:new Pd(f,"s"),headers:{kid:d.kid}}),token_type:"Bearer",expires_in:f}}async function Es(e,t,n,i,r){const o=await e.env.data.tenants.get(t);if(!o)throw new Error(`Tenant not found: ${t}`);const c=await Ya(e,{client:{client_id:Mf,tenant:o,auth0_conformant:!0},authParams:{client_id:Mf,response_type:Sn.TOKEN,scope:n,audience:o.audience},customClaims:r});return{access_token:c.access_token,token_type:c.token_type,expires_in:i||z6}}function P6(e){return async(t,n="webhook")=>(await TU({tenants:e.tenants,keys:e.keys,tenantId:t,scope:n,issuer:e.issuer,signingKeyMode:e.signingKeyMode})).access_token}function fs(e){const{registration_completed_at:t,...n}=e;return n}async function mg(e,t,n){n?.user&&(n={...n,user:fs(n.user)});const i=e.env.webhookInvoker,r=async(o="webhook")=>(await Es(e,n.tenant_id,o)).access_token;for await(const o of t.filter(a=>"url"in a)){let a,c;try{const l=performance.now(),d=i?await i({hook:o,data:n,tenant_id:n.tenant_id,createServiceToken:r}):await fetch(o.url,{method:"POST",headers:{Authorization:`Bearer ${await r()}`,"Content-Type":"application/json"},body:JSON.stringify(n)}),u=performance.now()-l,p=e.res.headers.get("Server-Timing")||"",f=`webhook-${o.hook_id};dur=${u.toFixed(2)}`;if(e.res.headers.set("Server-Timing",p?`${p}, ${f}`:f),c=d.status,!d.ok){try{a=await d.text()}catch{}const h=`Failed to invoke hook ${o.hook_id} - ${d.status} ${d.statusText}`;console.error(h,{hook_url:o.url,body:a?.substring(0,512)}),await R(e,n.tenant_id,{type:O.FAILED_HOOK,description:h,userId:n.user?.user_id,details:{trigger_id:n.trigger_id,hook_id:o.hook_id,hook_url:o.url,user_id:n.user?.user_id,user_name:n.user?.name||n.user?.email,connection:n.user?.connection,response:{statusCode:c,body:a?.substring(0,512)}},connection:n.user?.connection,waitForCompletion:!0})}}catch(l){const d=`Failed to invoke hook ${o.hook_id} - ${l instanceof Error?l.message:"Unknown error"}`;console.error(d,l),await R(e,n.tenant_id,{type:O.FAILED_HOOK,description:d,userId:n.user?.user_id,details:{trigger_id:n.trigger_id,hook_id:o.hook_id,hook_url:o.url,user_id:n.user?.user_id,user_name:n.user?.name||n.user?.email,connection:n.user?.connection,error:l instanceof Error?l.message:String(l)},connection:n.user?.connection,waitForCompletion:!0})}}}function $U(e){return async(t,n)=>{const{hooks:i}=await e.env.data.hooks.list(t),r=i.filter(o=>o.trigger_id==="pre-user-registration");await mg(e,r,{tenant_id:t,email:n,trigger_id:"pre-user-registration"})}}async function IU(e,t){const{hooks:n}=await e.env.data.hooks.list(t);return n.find(i=>i.trigger_id==="validate-registration-username"&&"url"in i&&i.enabled)||null}function zU(e){return async(t,n)=>{const{hooks:i}=await e.env.data.hooks.list(t),r=i.filter(o=>o.trigger_id==="pre-user-deletion");return await mg(e,r,{tenant_id:t,user:n,trigger_id:"pre-user-deletion"}),n}}function N6(e,t,n,i){if(!e.env.outbox?.enabled||!e.env.data.outbox){ph(e,PU(e,t,n,i));return}const r={tenant_id:t,event_type:`hook.${n}`,log_type:O.SUCCESS_API_OPERATION,description:`Enqueued ${n} hook dispatch`,category:"system",actor:{type:e.var.user_id?"admin":e.var.client_id?"client_credentials":"system",id:e.var.user_id||void 0,client_id:e.var.client_id||void 0},target:{type:"user",id:i.user_id,after:fs(i)},request:{method:e.req.method,path:e.req.path,ip:e.var.ip||"",user_agent:e.var.useragent||void 0},hostname:e.var.host||"",auth0_client:e.var.auth0_client,timestamp:new Date().toISOString()},o=e.env.data.outbox.create(t,r),a=e.var.outboxEventPromises||[];a.push(o),e.set("outboxEventPromises",a)}async function PU(e,t,n,i){const{hooks:r}=await e.env.data.hooks.list(t),o=r.filter(a=>a.enabled&&a.trigger_id===n&&"url"in a);if(o.length>0&&await mg(e,o,{tenant_id:t,user:fs(i),trigger_id:n}),n==="post-user-registration"&&i.user_id)try{await e.env.data.users.update(t,i.user_id,{registration_completed_at:new Date().toISOString()})}catch(a){console.error("Failed to mark registration_completed_at on inline dispatch:",a)}}function NU(e){return async(t,n,i={})=>{const{resolveEmailLinkedPrimary:r=!1}=i;try{return{user:await e.transaction(async a=>{if(r&&!n.linked_to){const l=n.email?.toLowerCase();if(l&&n.email_verified){const d=await co({userAdapter:a.users,tenant_id:t,email:l});d&&(n.linked_to=d.user_id)}}if(n.linked_to&&!await a.users.get(t,n.linked_to))throw new U(400,{error:"invalid_request",error_description:"Primary user does not exist"});const c=await a.users.rawCreate(t,n);if(n.linked_to){const l=await a.users.get(t,n.linked_to);if(!l)throw new U(500,{error:"server_error",error_description:"Failed to fetch primary user after linking"});return l}return c}),created:!0}}catch(o){if(e6(o)){const a=await FU(e,t,n);if(a)return{user:a,created:!1}}throw o}}}async function FU(e,t,n){const i=n.email?`email:${n.email.toLowerCase()}`:n.phone_number?`phone_number:${n.phone_number}`:n.username?`username:${n.username.toLowerCase()}`:null;if(!i)return null;const{users:r}=await e.users.list(t,{page:0,per_page:10,include_totals:!1,q:i}),o=r.find(a=>a.provider===n.provider);if(!o)return null;if(o.linked_to){const a=await e.users.get(t,o.linked_to);if(!a)throw new U(500,{error:"server_error",error_description:"Primary user does not exist for linked user"});return a}return o}function hs(e,t){return{createServiceToken:async n=>(await Es(e,t,n.scope,n.expiresInSeconds,n.customClaims)).access_token}}async function tu(e,t,n,i,r="email"){if(t.client_metadata?.disable_sign_ups==="true"){const a=e.var.loginSession?.authorization_url;if(a&&new URL(a).searchParams.get("screen_hint")==="signup")return{allowed:!0};if(!await co({userAdapter:n.users,tenant_id:t.tenant.id,email:i}))return{allowed:!1,reason:"User account does not exist"}}if(e.env.hooks?.onExecuteValidateRegistrationUsername){const a={method:e.req.method,ip:e.var.ip||e.get("ip")||"",user_agent:e.var.useragent||e.get("useragent")||"",url:e.req.url};let c=!1,l;try{if(await e.env.hooks.onExecuteValidateRegistrationUsername({ctx:e,client:t,request:a,tenant:{id:t.tenant.id},user:{email:i,connection:r}},{deny:d=>{c=!0,l=d},token:hs(e,t.tenant.id)}),c)return{allowed:!1,reason:l}}catch{return{allowed:!1,reason:"Signup validation hook failed"}}}const o=await IU(e,t.tenant.id);if(o&&"url"in o)try{const a=await Es(e,t.tenant.id,"webhook"),c=await fetch(o.url,{method:"POST",headers:{Authorization:`Bearer ${a.access_token}`,"Content-Type":"application/json"},body:JSON.stringify({tenant_id:t.tenant.id,email:i,connection:r,client_id:t.client_id,trigger_id:"validate-registration-username"})});if(!c.ok)return{allowed:!1,reason:await c.text()||"Signup not allowed by webhook"};const l=await c.json();if(l.allowed===!1)return{allowed:!1,reason:l.reason||"Signup not allowed by webhook"}}catch{R(e,t.tenant.id,{type:O.FAILED_HOOK,description:"Validate signup email webhook failed"})}return{allowed:!0}}async function OU(e,t,n,i,r){const o=await tu(e,t,n,i,r);if(!o.allowed)throw R(e,t.tenant.id,{type:O.FAILED_SIGNUP,description:o.reason||"Signup not allowed"}),new U(400,{message:o.reason||"Signups are disabled for this client"});await $U(e)(t.tenant.id,i)}async function jU(e,t,n){if(n){const r=await e.env.data.clients.get(t,n);if(r?.user_linking_mode)return r.user_linking_mode}const i=e.env.userLinkingMode;if(typeof i=="function"){const r=await i({tenant_id:t,client_id:n});return r==="builtin"||r==="off"?r:"builtin"}return i??"builtin"}async function F6(e,t,n){return await jU(e,t,n)==="builtin"}function RU(e,t){return async(n,i)=>{if(e.var.client_id){const d=await Ze(e.env,e.var.client_id,e.var.tenant_id);i.email&&await OU(e,d,t,i.email,i.connection)}const r={method:e.req.method,ip:e.req.query("x-real-ip")||"",user_agent:e.req.query("user-agent"),url:e.var.loginSession?.authorization_url||e.req.url};if(e.env.hooks?.onExecutePreUserRegistration)try{await e.env.hooks.onExecutePreUserRegistration({ctx:e,user:i,request:r},{user:{setUserMetadata:async(d,u)=>{i[d]=u},setLinkedTo:d=>{i.linked_to=d}},access:{deny:(d,u)=>{throw new U(400,{message:u?`Registration denied: ${d} - ${u}`:`Registration denied: ${d}`})}},token:hs(e,n)})}catch(d){if(d instanceof z)throw d;R(e,n,{type:O.FAILED_SIGNUP,description:"Pre user registration hook failed"})}{const{hooks:d}=await t.hooks.list(n,{q:"trigger_id:pre-user-registration",page:0,per_page:100,include_totals:!1}),u=d.filter(p=>p.enabled).filter(Zo);for(const p of u)try{await $f(e,t,p,{ctx:e,user:i,request:r},"pre-user-registration",{user:{setUserMetadata:(f,h)=>{i[f]=h},setLinkedTo:f=>{i.linked_to=f}},access:{deny:(f,h)=>{throw new U(400,{message:h?`Registration denied: ${f} - ${h}`:`Registration denied: ${f}`})}}})}catch(f){if(f instanceof z)throw f;R(e,n,{type:O.FAILED_SIGNUP,description:`Pre user registration code hook ${p.hook_id} failed`})}}const o=await F6(e,n,e.var.client_id),a=await NU(t)(n,i,{resolveEmailLinkedPrimary:o});if(!a.created)throw new U(409,{message:"User already exists"});let c=a.user;return await(async()=>{if(e.env.hooks?.onExecutePostUserRegistration)try{await e.env.hooks.onExecutePostUserRegistration({ctx:e,user:i,request:r},{user:{},token:hs(e,n)})}catch{R(e,n,{type:O.FAILED_SIGNUP,description:"Post user registration hook failed"})}{const{hooks:d}=await e.env.data.hooks.list(n,{q:"trigger_id:post-user-registration",page:0,per_page:100,include_totals:!1}),u=d.filter(f=>f.enabled&&Zo(f));for(const f of u)if(Zo(f))try{await $f(e,e.env.data,f,{ctx:e,user:c,request:r},"post-user-registration",{user:{}})}catch{R(e,n,{type:O.FAILED_SIGNUP,description:`Post user registration code hook ${f.hook_id} failed`})}const p=d.filter(f=>f.enabled&&to(f));for(const f of p)if(to(f))try{c=await dv(e,f.template_id,c,f.metadata)}catch{R(e,n,{type:O.FAILED_SIGNUP,description:`Post user registration template hook ${f.template_id} failed`})}}N6(e,n,"post-user-registration",c)})(),c}}function DU(e,t){return async(n,i,r)=>{if(Object.keys(r).length===1&&"linked_to"in r)return t.users.update(n,i,r);const o=await t.users.get(n,i);if(!o)throw new U(404,{message:"User not found"});const a={method:e.req.method,ip:e.var.ip||e.get("ip")||"",user_agent:e.var.useragent||e.get("useragent")||"",url:e.req.url};if(e.env.hooks?.onExecutePreUserUpdate)try{await e.env.hooks.onExecutePreUserUpdate({ctx:e,tenant:{id:n},user_id:i,user:fs(o),updates:r,request:a},{user:{setUserMetadata:async(l,d)=>{r[l]=d}},cancel:()=>{throw new U(400,{message:"User update cancelled by pre-update hook"})},token:hs(e,n)})}catch(l){throw R(e,n,{type:O.ACTIONS_EXECUTION_FAILED,description:`Pre user update hook failed: ${l instanceof Error?l.message:"Unknown error"}`,userId:i}),new U(400,{message:"Pre user update hook failed"})}const c=await F6(e,n,e.var.client_id);await t.transaction(async l=>{if(!await l.users.update(n,i,r))throw new U(404,{message:"User not found"});if(c&&(r.email||r.email_verified)){const u=await l.users.get(n,i);if(u&&!u.linked_to&&u.email&&u.email_verified){const p=u.email.toLowerCase(),{users:f}=await l.users.list(n,{page:0,per_page:10,include_totals:!1,q:`email:${p}`}),h=f.filter(m=>m.user_id!==i),g=h.find(m=>!m.linked_to);if(g)await l.users.update(n,i,{linked_to:g.user_id});else if(h[0]?.linked_to){const m=await l.users.get(n,h[0].linked_to);m&&await l.users.update(n,i,{linked_to:m.user_id})}}}});{const{hooks:l}=await t.hooks.list(n,{q:"trigger_id:post-user-update",page:0,per_page:100,include_totals:!1}),d=l.filter(u=>to(u)&&u.enabled===!0);if(d.length>0){const u=await t.users.get(n,i);if(u){let p=u;for(const f of d)if(to(f))try{p=await dv(e,f.template_id,p,f.metadata)}catch{R(e,n,{type:O.ACTIONS_EXECUTION_FAILED,description:`Post user update template hook ${f.template_id} failed`,userId:i})}}}}return r.email&&R(e,n,{type:O.SUCCESS_CHANGE_EMAIL,description:`Email updated to ${r.email}`,userId:i}),!0}}function BU(e,t){return async(n,i)=>{const r=await t.users.get(n,i);if(!r)return!1;const o={method:e.req.method,ip:e.var.ip||e.get("ip")||"",user_agent:e.var.useragent||e.get("useragent")||"",url:e.req.url};if(e.env.hooks?.onExecutePreUserDeletion)try{await e.env.hooks.onExecutePreUserDeletion({ctx:e,user:fs(r),user_id:i,request:o,tenant:{id:n}},{cancel:()=>{throw new U(400,{message:"User deletion cancelled by pre-deletion hook"})},token:hs(e,n)})}catch(c){throw c instanceof z?c:(R(e,n,{type:O.FAILED_HOOK,description:`Pre user deletion hook failed: ${c instanceof Error?c.message:String(c)}`}),new U(400,{message:"Pre user deletion hook failed"}))}try{await zU(e)(n,r)}catch(c){throw R(e,n,{type:O.FAILED_HOOK,description:`Pre user deletion webhook failed: ${c instanceof Error?c.message:String(c)}`}),new U(400,{message:"Pre user deletion webhook failed"})}const a=await t.transaction(async c=>{const l=await c.users.list(n,{q:`linked_to:${i}`});for(const d of l.users){const[u,...p]=d.user_id.split("|");u&&await c.users.unlink(n,i,u,p.join("|"))}return c.users.remove(n,i)});if(a&&R(e,n,{type:O.SUCCESS_USER_DELETION,description:`Deleted user: ${r.email||i}`,userId:i,strategy:r.provider||"auth0",strategy_type:r.is_social?Ht.SOCIAL:Ht.DATABASE,connection:r.connection||"",body:{tenant:n,connection:r.connection||""}}),a&&(N6(e,n,"post-user-deletion",r),e.env.hooks?.onExecutePostUserDeletion))try{await e.env.hooks.onExecutePostUserDeletion({ctx:e,user:fs(r),user_id:i,request:o,tenant:{id:n}},{token:hs(e,n)})}catch(c){R(e,n,{type:O.FAILED_HOOK,description:`Post user deletion hook failed: ${c instanceof Error?c.message:String(c)}`})}return a}}function nu(e,t){const n=t;return{...t,users:{...t.users,create:RU(e,n),update:DU(e,n),remove:BU(e,n)}}}function $k(e){return typeof e.form_id=="string"}function Qa(e,t){const n=e.match(/^\{\{context\.user\.(.+)\}\}$/);if(n&&n[1])return Ik(t.user,n[1]);const i=e.match(/^\{\{user\.(.+)\}\}$/);if(i&&i[1])return Ik(t.user,i[1]);const r=e.match(/^\{\{\$form\.(.+)\}\}$/);if(r&&r[1]&&t.submittedFields){const o=t.submittedFields[r[1]];return o!==void 0?String(o):void 0}return e}function Ik(e,t){const n=t.split(".");let i=e;for(const r of n)if(i&&typeof i=="object"&&r in i)i=i[r];else return;return typeof i=="string"?i:i==null?void 0:String(i)}function LU(e,t){const n={};for(const[i,r]of Object.entries(e))if(typeof r=="string"){const o=Qa(r,t);o!==void 0&&(n[i]=o)}else r!=null&&(n[i]=String(r));return n}function zk(e,t){const n=e.operator?.toLowerCase(),i=e.field?Qa(e.field,t):"",r=e.value||"";switch(n){case"exists":return i!=null&&i!=="";case"not_exists":return i==null||i==="";case"ends_with":return typeof i=="string"&&i.endsWith(r);case"starts_with":return typeof i=="string"&&i.startsWith(r);case"contains":return typeof i=="string"&&i.includes(r);case"not_contains":return typeof i!="string"||!i.includes(r);case"equals":case"eq":return i===r;case"not_equals":case"neq":return i!==r;default:if(e.operands&&Array.isArray(e.operands)){for(const o of e.operands)if(o.operator==="ENDS_WITH"&&Array.isArray(o.operands)&&o.operands.length>=2){const a=o.operands[0],c=o.operands[1];if(a&&c){const l=Qa(`{{context.user.${a}}}`,t);if(typeof l=="string"&&l.endsWith(c))return!0}}}return!1}}function MU(e,t){return e.type==="and"&&Array.isArray(e.conditions)?e.conditions.every(n=>zk(n,t)):zk(e,t)}function yg(e,t){const n={};for(const[i,r]of Object.entries(e))if(i.startsWith("user_metadata.")||i.startsWith("metadata.")){const o=i.startsWith("user_metadata.")?i.slice(14):i.slice(9),a=t.user_metadata||{};n.user_metadata={...a,...n.user_metadata||{},[o]:r}}else if(i.startsWith("address.")){const o=i.slice(8),a=t.address||{};n.address={...a,...n.address||{},[o]:r}}else n[i]=r;return n}function _g(e){const t=new Map;for(const n of e){const i=t.get(n.user_id);i?i.changes={...i.changes,...n.changes}:t.set(n.user_id,{user_id:n.user_id,changes:{...n.changes}})}return Array.from(t.values())}function wg(e,t,n){switch(e){case"change-email":return`/u/account/change-email?state=${encodeURIComponent(n)}`;case"account":return`/u/account?state=${encodeURIComponent(n)}`;case"custom":if(!t)throw new z(400,{message:"Custom URL is required for custom redirect target"});const i=new URL(t,"http://placeholder");return i.searchParams.set("state",n),i.pathname+i.search;default:throw new z(400,{message:`Unknown redirect target: ${e}`})}}async function bg(e,t,n,i,r=10){let o=t,a=0;const c=[];for(;a<r;){if(o==="$ending")return{type:"end",userUpdates:c.length>0?c:void 0};const l=e.find(d=>d.id===o);if(!l)return null;if(l.type==="STEP")return{type:"step",nodeId:l.id,userUpdates:c.length>0?c:void 0};if(l.type==="ACTION"){const d=l;if(d.config.action_type==="REDIRECT")return{type:"redirect",target:d.config.target,customUrl:d.config.custom_url,userUpdates:c.length>0?c:void 0};o=d.config.next_node,a++;continue}if(l.type==="ROUTER"){const d=l;let u=null;for(const p of d.config.rules)if(MU(p.condition,n)){u=p.next_node;break}if(u||(u=d.config.fallback),!u)return null;o=u,a++;continue}if(l.type==="FLOW"){const d=l;if(i&&d.config.flow_id){const u=await i(d.config.flow_id);if(u&&u.actions&&u.actions.length>0)for(const p of u.actions){if(p.type==="REDIRECT"&&p.action==="REDIRECT_USER"){const f=p.params?.target;if(f)return{type:"redirect",target:f,customUrl:p.params?.custom_url,userUpdates:c.length>0?c:void 0}}if(p.type==="AUTH0"&&p.action==="UPDATE_USER"&&p.params){const f=p.params.user_id&&Qa(p.params.user_id,n)||n.user.user_id,h=p.params.changes?LU(p.params.changes,n):{};Object.keys(h).length>0&&c.push({user_id:f,changes:h})}}}if(d.config.next_node){o=d.config.next_node,a++;continue}return{type:"end",userUpdates:c.length>0?c:void 0}}return null}return null}async function UU(e,t,n,i,r){const o=e.env.data,a=e.var.tenant_id||e.req.header("tenant-id");if(!a)throw new z(400,{message:"Missing tenant_id in context"});const c=r?.client_metadata?.universal_login_version==="2"?"/u2":"/u",l=await o.forms.get(a,t);if(!l)throw new z(404,{message:"Form not found for post-user-login hook"});let d=l.start?.next_node;if(!d&&l.nodes&&l.nodes.length>0&&(d=l.nodes.find(f=>f.type==="STEP")?.id),!d)throw new z(400,{message:"No start node found in form"});if(i&&l.nodes){const p=async h=>{const g=await o.flows.get(a,h);return g?{actions:g.actions?.map(m=>({type:m.type,action:m.action,params:"params"in m&&m.params?m.params:void 0}))}:null},f=await bg(l.nodes,d,{user:i},p);if(f&&f.userUpdates&&f.userUpdates.length>0){const h=_g(f.userUpdates);for(const g of h){const m=yg(g.changes,i);await o.users.update(a,g.user_id,m)}}if(!f||f.type==="end")return i;if(f.type==="redirect"){const h=f.target,g=wg(h,f.customUrl,n.id);if(h==="change-email"||h==="account"){const m=`${c}/continue?state=${encodeURIComponent(n.id)}`;await eu(e,a,n,[h],m)}else await Df(e,a,n,`form:${t}`);return new Response(null,{status:302,headers:{location:g}})}d=f.nodeId}await Df(e,a,n,`form:${t}`);let u=`${c}/forms/${l.id}/nodes/${d}?state=${encodeURIComponent(n.id)}`;return new Response(null,{status:302,headers:{location:u}})}function Pk(e){return typeof e.page_id=="string"&&typeof e.enabled=="boolean"}async function qU(e,t,n,i,r){const o=e.env.data,a=e.var.tenant_id||e.req.header("tenant-id");if(!a)throw new z(400,{message:"Missing tenant_id in context"});if(r&&!(await o.userPermissions.list(a,i.user_id)).some(p=>p.permission_name===r))return i;await Df(e,a,n,`page:${t}`);let c="/u";if(n.authParams.client_id)try{(await Ze(e.env,n.authParams.client_id,a))?.client_metadata?.universal_login_version==="2"&&(c="/u2")}catch{}let l=`${c}/${t}?state=${encodeURIComponent(n.id)}`;return new Response(null,{status:302,headers:{location:l}})}function HU(e){return typeof e.url=="string"}async function VU(e,t,n,i,r,o){let a=[];try{a=(await t.userRoles.list(n,i.user_id,void 0,"")).map(f=>f.name||f.id)}catch(u){console.error("Error fetching user roles:",u)}let c={};if(i.connection)try{const p=(await t.connections.list(n,{page:0,per_page:100,include_totals:!1})).connections.find(f=>f.name===i.connection);p&&(c={id:p.id,name:p.name,strategy:p.strategy||i.provider,metadata:p.options||{}})}catch(u){console.error("Error fetching connection info:",u)}let l;try{if(r.authParams?.organization){const u=await t.organizations.get(n,r.authParams.organization);u&&(l={id:u.id,name:u.name,display_name:u.display_name||u.name,metadata:u.metadata||{}})}}catch(u){console.error("Error fetching organization info:",u)}const d=e.get("countryCode");return{ctx:e,client:o.client,user:fs(i),request:{asn:void 0,ip:e.get("ip")||"",user_agent:e.get("useragent"),method:e.req.method,url:e.req.url,geoip:{cityName:void 0,continentCode:void 0,countryCode:d||void 0,countryName:void 0,latitude:void 0,longitude:void 0,timeZone:void 0}},transaction:{id:r.id,locale:r.authParams?.ui_locales||"en",login_hint:void 0,prompt:r.authParams?.prompt,redirect_uri:r.authParams?.redirect_uri,requested_scopes:r.authParams?.scope?.split(" ")||[],response_mode:r.authParams?.response_mode,response_type:r.authParams?.response_type,state:r.authParams?.state,ui_locales:r.authParams?.ui_locales},scope:o.authParams?.scope||"",grant_type:o.authParams?.grant_type||"",audience:o.authParams?.audience,authentication:{methods:[{name:i.is_social?"federated":"pwd",timestamp:new Date().toISOString()}]},authorization:{roles:a},connection:Object.keys(c).length>0?c:{id:i.connection||W.USERNAME_PASSWORD,name:i.connection||W.USERNAME_PASSWORD,strategy:i.provider||"auth0"},organization:l,resource_server:o.authParams?.audience?{identifier:o.authParams.audience}:void 0,stats:{logins_count:i.login_count||0},tenant:{id:n},session:{id:r.id,created_at:r.created_at,authenticated_at:new Date().toISOString(),clients:[{client_id:o.client.client_id}],device:{initial_ip:e.get("ip"),initial_user_agent:e.get("useragent"),last_ip:i.last_ip||e.get("ip"),last_user_agent:e.get("useragent")}}}}async function O6(e,t,n,i,r,o){const a=o?.authStrategy?.strategy_type?o.authStrategy.strategy_type:i.is_social?Ht.SOCIAL:Ht.DATABASE,c=o?.authStrategy?.strategy||i.connection||"";if(R(e,n,{type:O.SUCCESS_LOGIN,description:`Successful login for ${i.user_id}`,userId:i.user_id,strategy_type:a,strategy:c,connection:c,audience:o?.authParams?.audience,scope:o?.authParams?.scope}),await t.users.update(n,i.user_id,{last_login:new Date().toISOString(),last_ip:e.var.ip||"",login_count:i.login_count+1}),e.env.hooks?.onExecutePostLogin&&o?.client&&o?.authParams&&r){let h=null;const g=await VU(e,t,n,i,r,{client:o.client,authParams:o.authParams});if(await e.env.hooks.onExecutePostLogin(g,{prompt:{render:m=>{}},redirect:{sendUserTo:(m,_)=>{const y=new URL(m,e.req.url);y.searchParams.set("state",r.id),_?.query&&Object.entries(_.query).forEach(([w,b])=>{y.searchParams.set(w,b)}),h=y.toString()},encodeToken:m=>JSON.stringify({payload:m.payload,exp:Date.now()+(m.expiresInSeconds||900)*1e3}),validateToken:m=>null},token:hs(e,n)}),h)return await Df(e,n,r,"onExecutePostLogin"),new Response(null,{status:302,headers:{location:h}})}const{hooks:l}=await t.hooks.list(n),d=l.filter(h=>h.trigger_id==="post-user-login");if(r){const h=d.find(m=>m.enabled&&$k(m));if(h&&$k(h))return UU(e,h.form_id,r,i,o?.client);const g=d.find(m=>m.enabled&&Pk(m));if(g&&Pk(g))return qU(e,g.page_id,r,i,g.permission_required)}const u=d.filter(h=>h.enabled&&to(h));for(const h of u)if(to(h))try{i=await dv(e,h.template_id,i,h.metadata)}catch{R(e,n,{type:O.FAILED_HOOK,description:`Failed to execute template hook: ${h.template_id}`})}const p=d.filter(h=>h.enabled&&Zo(h));for(const h of p)if(Zo(h))try{await $f(e,t,h,{ctx:e,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req.method,url:e.req.url},tenant:{id:n}},"post-user-login",{})}catch{R(e,n,{type:O.FAILED_HOOK,description:`Failed to execute code hook: ${h.hook_id}`})}const f=d.filter(h=>h.enabled&&HU(h));return await mg(e,f,{tenant_id:n,user:i,trigger_id:"post-user-login"}),i}function iu(e,t){const n={};for(const[i,r]of Object.entries(t)){if(r==null)continue;if(typeof r=="function"){n[i]=r;continue}const o={};for(const[a,c]of Object.entries(r))typeof c=="function"?o[a]=async(...l)=>{const d=performance.now();try{const u=await c(...l),f=performance.now()-d,h=e.res.headers.get("Server-Timing")||"",g=h?`${h}, ${i}-${a};dur=${f.toFixed(2)}`:`${i}-${a};dur=${f.toFixed(2)}`;return e.res.headers.set("Server-Timing",g),u}catch(u){const f=performance.now()-d,h=e.res.headers.get("Server-Timing")||"",g=h?`${h}, ${i}-${a}-error;dur=${f.toFixed(2)}`:`${i}-${a}-error;dur=${f.toFixed(2)}`;throw e.res.headers.set("Server-Timing",g),u}}:o[a]=c;n[i]=o}return n}function Sc(e){return async(t,n)=>(t.env||(t.env={}),!t.env.data&&e.dataAdapter&&(t.env.data=e.dataAdapter),e.hooks&&(t.env.hooks={...e.hooks,...t.env.hooks||{}}),e.samlSigner&&(t.env.samlSigner=e.samlSigner),e.poweredByLogo&&(t.env.poweredByLogo=e.poweredByLogo),t.env.codeExecutor==null&&e.codeExecutor&&(t.env.codeExecutor=e.codeExecutor),e.webhookInvoker&&(t.env.webhookInvoker=e.webhookInvoker),e.outbox&&(t.env.outbox=e.outbox),e.userLinkingMode&&(t.env.userLinkingMode=e.userLinkingMode),e.usernamePasswordProvider&&(t.env.usernamePasswordProvider=e.usernamePasswordProvider),e.signingKeyMode&&(t.env.signingKeyMode=e.signingKeyMode),n())}async function Ec(e,t){const n=e.req.header("x-forwarded-host"),i=e.req.header("host");e.set("host",n||i||new URL(Dn(e.env)).host);const r=e.var.user;if(r?.tenant_id)return e.set("tenant_id",r.tenant_id),await t();const o=e.req.header("tenant-id");if(o)return e.set("tenant_id",o),await t();if(n){const a=await e.env.data.customDomains.getByDomain(n.toLowerCase());if(a)return e.set("tenant_id",a.tenant_id),e.set("custom_domain",n),await t()}if(i){const a=i.toLowerCase(),c=await e.env.data.customDomains.getByDomain(a);if(c)return e.set("tenant_id",c.tenant_id),e.set("custom_domain",i),await t();const l=a.split(".");if(l.length>1&&typeof l[0]=="string"){const d=l[0];if(await e.env.data.tenants.get(d)){e.set("tenant_id",d);const p=new URL(Dn(e.env)).host.toLowerCase();a!==p&&e.set("custom_domain",i)}}}if(!e.var.tenant_id){const a=e.req.query("tenant_id");if(a)return e.set("tenant_id",a),await t()}if(!e.var.tenant_id){const{tenants:a}=await e.env.data.tenants.list({per_page:2});a.length===1&&a[0]&&e.set("tenant_id",a[0].id)}return await t()}const KU=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.object({node:s.z.string().optional()}).optional()});function GU(e){if(e)try{let t=e;try{t=atob(e)}catch{}try{const n=JSON.parse(t);return KU.parse(n)}catch{}}catch{return}}const xc=async(e,t)=>{const n=e.req.query("auth0Client")?.slice(0,255),r=(e.req.header("x-forwarded-host")&&e.req.header("x-forwarded-for")?e.req.header("x-forwarded-for")?.split(",")[0]?.trim():e.req.header("cf-connecting-ip")||e.req.header("x-real-ip"))?.slice(0,45),o=e.req.header("user-agent")?.slice(0,512),a=e.req.header("cf-ipcountry")?.slice(0,2),c=n?GU(n):void 0;c&&e.set("auth0_client",c),r&&e.set("ip",r),o&&e.set("useragent",o),a&&e.set("countryCode",a),await t()};function Am(e,t,n,i){try{const r=`${e}:${t}:${JSON.stringify(n)}`;return i?`${i}:${r}`:r}catch{const o=`${e}:${t}:${Date.now()}-${Math.random()}`;return i?`${i}:${o}`:o}}function ru(e,t){const{cache:n,defaultTtl:i,customTtls:r={},excludeMethods:o=[],cacheEntities:a=[],keyPrefix:c}=t,l=new Set(o),d=a.length===0,u=new Set(a),p={};for(const[f,h]of Object.entries(e)){if(h==null)continue;if(typeof h=="function"){p[f]=h;continue}const g=d||u.has(f),m={};for(const[_,y]of Object.entries(h))if(typeof y=="function"){if(!g){m[_]=y;continue}const w=`${f}:${_}`;if(l.has(w)){m[_]=y;continue}const b=r[w]??i,A=["create","update","remove","delete","set","used","add"].some(v=>_.startsWith(v));m[_]=async(...v)=>{if(A){const I=await y.apply(h,v);try{if(v.length>=2&&["update","remove","delete"].includes(_)){const $=Am(f,"get",[v[0],v[1]],c);await n.delete($);const P=Am(f,"list",[v[0],{}],c);await n.delete(P)}const F=c?`${c}:${f}:`:`${f}:`;await n.deleteByPrefix(F)}catch{}return I}const k=Am(f,_,v,c),x=await n.get(k);if(x!==null)if(x&&typeof x=="object"&&"isCachedNull"in x){const I=x;return I.isCachedNull?null:I.value}else return x;const T=await y.apply(h,v);if(b>=0)if(T!==null)await n.set(k,T,b);else{const I={value:null,isCachedNull:!0};await n.set(k,I,b)}return T}}else m[_]=y;p[f]=m}return p}function Iu(e){if(!e)return;const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:{beforeCreate:Uf(t.map(n=>n.beforeCreate),(n,i)=>[n,i],(n,i)=>[n[0],i]),afterCreate:ma(t.map(n=>n.afterCreate)),beforeUpdate:Uf(t.map(n=>n.beforeUpdate),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterUpdate:ma(t.map(n=>n.afterUpdate)),beforeDelete:ma(t.map(n=>n.beforeDelete)),afterDelete:ma(t.map(n=>n.afterDelete))}}function Uf(e,t,n){const i=e.filter(r=>r!==void 0);if(i.length!==0)return i.length===1?i[0]:async(...r)=>{let o=t(...r),a=o[o.length-1];for(const c of i)a=await c(...o),o=n(o,a);return a}}function ma(e){const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:async(...n)=>{for(const i of t)await i(...n)}}function WU(e){if(!e)return;const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:{beforeAssign:Uf(t.map(n=>n.beforeAssign),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterAssign:ma(t.map(n=>n.afterAssign)),beforeRemove:Uf(t.map(n=>n.beforeRemove),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterRemove:ma(t.map(n=>n.afterRemove))}}function km(e,t,n){return t?{...e,create:async(i,r)=>{let o=r;t.beforeCreate&&(o=await t.beforeCreate(n,r));const a=await e.create(i,o);return t.afterCreate&&await t.afterCreate(n,a),a},update:async(i,r,o)=>{let a=o;t.beforeUpdate&&(a=await t.beforeUpdate(n,r,o));const c=await e.update(i,r,a);if(t.afterUpdate){let l;typeof c=="boolean"?l=await e.get(i,r):l=c,l&&await t.afterUpdate(n,r,l)}return c},remove:async(i,r)=>{t.beforeDelete&&await t.beforeDelete(n,r);const o=await e.remove(i,r);return t.afterDelete&&o&&await t.afterDelete(n,r),o}}:e}function JU(e,t,n){return t?{...e,assign:async(i,r,o)=>{let a=o;t.beforeAssign&&(a=await t.beforeAssign(n,r,o));const c=await e.assign(i,r,a);return t.afterAssign&&c&&await t.afterAssign(n,r,a),c},remove:async(i,r,o)=>{let a=o;t.beforeRemove&&(a=await t.beforeRemove(n,r,o));const c=await e.remove(i,r,a);return t.afterRemove&&c&&await t.afterRemove(n,r,a),c}}:e}function YU(e,t,n){return t?{...e,create:async i=>{let r=i;t.beforeCreate&&(r=await t.beforeCreate(n,i));const o=await e.create(r);return t.afterCreate&&await t.afterCreate(n,o),o},update:async(i,r)=>{let o=r;if(t.beforeUpdate&&(o=await t.beforeUpdate(n,i,r)),await e.update(i,o),t.afterUpdate){const a=await e.get(i);a&&await t.afterUpdate(n,i,a)}},remove:async i=>{t.beforeDelete&&await t.beforeDelete(n,i);const r=await e.remove(i);return t.afterDelete&&r&&await t.afterDelete(n,i),r}}:e}function j6(e,t){const{tenantId:n,entityHooks:i}=t;if(!i)return e;const r={connections:Iu(i.connections),roles:Iu(i.roles),resourceServers:Iu(i.resourceServers),rolePermissions:WU(i.rolePermissions),tenants:Iu(i.tenants)},o={tenantId:n,adapters:e};return{...e,connections:km(e.connections,r.connections,o),roles:km(e.roles,r.roles,o),resourceServers:km(e.resourceServers,r.resourceServers,o),rolePermissions:JU(e.rolePermissions,r.rolePermissions,o),tenants:YU(e.tenants,r.tenants,o)}}class QU{constructor(t={}){this.config=t;const n=t.cleanupIntervalMs;n&&n>0&&(this.cleanupTimer=setInterval(()=>{this.cleanupExpired()},n))}config;cache=new Map;accessOrder=new Map;accessCounter=0;cleanupTimer;async get(t){const n=this.cache.get(t);return n?n.expiresAt&&n.expiresAt<new Date?(this.cache.delete(t),this.accessOrder.delete(t),null):(this.accessOrder.set(t,++this.accessCounter),n.value):null}async set(t,n,i){let r;const o=i??this.config.defaultTtlSeconds,a=o!==void 0,c=a?Math.max(0,o):0;a&&(r=new Date(Date.now()+(c>0?c*1e3:-1))),this.config.maxEntries&&this.cache.size>=this.config.maxEntries&&!this.cache.has(t)&&this.evictLeastRecentlyUsed();const l={value:n,expiresAt:r};this.cache.set(t,l),this.accessOrder.set(t,++this.accessCounter)}async delete(t){const n=this.cache.has(t);return this.cache.delete(t),this.accessOrder.delete(t),n}async deleteByPrefix(t){let n=0;for(const i of this.cache.keys())i.startsWith(t)&&(this.cache.delete(i),this.accessOrder.delete(i),n++);return n}async clear(){this.cache.clear(),this.accessOrder.clear(),this.accessCounter=0}getStats(){return{size:this.cache.size,maxEntries:this.config.maxEntries,defaultTtlSeconds:this.config.defaultTtlSeconds}}cleanupExpired(){const t=new Date,n=[];for(const[i,r]of this.cache.entries())r.expiresAt&&r.expiresAt<t&&n.push(i);for(const i of n)this.cache.delete(i),this.accessOrder.delete(i)}evictLeastRecentlyUsed(){let t=null,n=1/0;for(const[i,r]of this.accessOrder.entries())r<n&&(n=r,t=i);t&&(this.cache.delete(t),this.accessOrder.delete(t))}destroy(){this.cleanupTimer&&(clearInterval(this.cleanupTimer),this.cleanupTimer=void 0)}}function Cc(e={}){return new QU(e)}const ZU=Et.extend({forms:s.z.array(sa)}),XU=new s.OpenAPIHono().openapi(s.createRoute({tags:["forms"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:forms","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(sa),ZU])}},description:"List of forms"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.forms.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a});return r?e.json(c):e.json(c.forms)}).openapi(s.createRoute({tags:["forms"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:forms","auth:read"]}],responses:{200:{content:{"application/json":{schema:sa}},description:"A form"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.forms.get(t,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["forms"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:forms","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.forms.remove(t,n))throw new z(404,{message:"Form not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Form",targetType:"form",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["forms"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(kp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:forms","auth:write"]}],responses:{200:{content:{"application/json":{schema:sa}},description:"The updated form"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.forms.update(t,n,i))throw new z(404,{message:"Form not found"});const o=await e.env.data.forms.get(t,n);if(!o)throw new z(404,{message:"Form not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Form",targetType:"form",targetId:n,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["forms"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(kp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:forms","auth:write"]}],responses:{201:{content:{"application/json":{schema:sa}},description:"A form"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.forms.create(t,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Form",targetType:"form",targetId:i.id,afterState:i}),e.json(i,{status:201})}),eq=Et.extend({flows:s.z.array(oa)}),tq=new s.OpenAPIHono().openapi(s.createRoute({tags:["flows"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:flows","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(oa),eq])}},description:"List of flows"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.flows.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a});return r?e.json(c):e.json(c.flows)}).openapi(s.createRoute({tags:["flows"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:flows","auth:read"]}],responses:{200:{content:{"application/json":{schema:oa}},description:"A flow"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.flows.get(t,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["flows"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:flows","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.flows.remove(t,n))throw new z(404,{message:"Flow not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Flow",targetType:"flow",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["flows"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(yp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:flows","auth:write"]}],responses:{200:{content:{"application/json":{schema:oa}},description:"The updated flow"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.flows.update(t,n,i);if(!r)throw new z(404,{message:"Flow not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Flow",targetType:"flow",targetId:n,afterState:r}),e.json(r)}).openapi(s.createRoute({tags:["flows"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(yp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:flows","auth:write"]}],responses:{201:{content:{"application/json":{schema:oa}},description:"The created flow"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.flows.create(t,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Flow",targetType:"flow",targetId:i.id,afterState:i}),e.json(i,{status:201})}),nq=Et.extend({roles:s.z.array(Mo)}),iq=Et.extend({permissions:s.z.array(Gw)}),rq=new s.OpenAPIHono().openapi(s.createRoute({tags:["roles"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:roles","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Mo),nq])}},description:"List of roles"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=e.var.tenant_id;if(!a)throw new z(400,{message:"tenant-id header is required"});const c=await e.env.data.roles.list(a,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o});return i?e.json(c):e.json(c.roles)}).openapi(s.createRoute({tags:["roles"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:roles","auth:read"]}],responses:{200:{content:{"application/json":{schema:Mo}},description:"A role"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!n)throw new z(400,{message:"tenant-id header is required"});const i=await e.env.data.roles.get(n,t);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["roles"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Tp}}}},security:[{Bearer:["create:roles","auth:write"]}],responses:{201:{content:{"application/json":{schema:Mo}},description:"Role created"}}}),async e=>{const t=e.req.valid("json"),n=e.var.tenant_id;if(!n)throw new z(400,{message:"tenant-id header is required"});const i=await e.env.data.roles.create(n,t);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Role",targetType:"role",targetId:i.id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["roles"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Tp.partial()}}}},security:[{Bearer:["update:roles","auth:write"]}],responses:{200:{content:{"application/json":{schema:Mo}},description:"Updated role"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.update(i,t,n))throw new z(404);const o=await e.env.data.roles.get(i,t);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Role",targetType:"role",targetId:t,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["roles"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:roles","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!n)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.remove(n,t))throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Role",targetType:"role",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["roles"],method:"get",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:ct},security:[{Bearer:["read:roles","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([rC,iq])}},description:"Role permissions"}}}),async e=>{const{id:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o,q:a}=e.req.valid("query"),c=e.var.tenant_id;if(!c)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(c,t))throw new z(404,{message:"Role not found"});if(r){const u=await e.env.data.rolePermissions.list(c,t,{per_page:1e4,sort:kt(o),q:a}),p=i??50,f=(n??0)*p,h=u.slice(f,f+p);return e.json({permissions:h,total:u.length,start:f,limit:p,length:h.length})}const d=await e.env.data.rolePermissions.list(c,t,{page:n,per_page:i,include_totals:!1,sort:kt(o),q:a});return e.json(d)}).openapi(s.createRoute({tags:["roles"],method:"post",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:roles","auth:write"]}],responses:{204:{description:"Permissions assigned to role"}}}),async e=>{const{id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(i,t))throw new z(404,{message:"Role not found"});const o=n.map(c=>({role_id:t,resource_server_identifier:c.resource_server_identifier,permission_name:c.permission_name}));if(!await e.env.data.rolePermissions.assign(i,t,o))throw new z(500,{message:"Failed to assign permissions to role"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Assign Permissions to a Role",targetType:"role_permission",targetId:t}),e.body(null,204)}).openapi(s.createRoute({tags:["roles"],method:"delete",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:roles","auth:write"]}],responses:{200:{description:"Permissions removed from role"}}}),async e=>{const{id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(i,t))throw new z(404,{message:"Role not found"});if(!await e.env.data.rolePermissions.remove(i,t,n))throw new z(500,{message:"Failed to remove permissions from role"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove Permissions from a Role",targetType:"role_permission",targetId:t}),e.json({message:"Permissions removed successfully"})}),oq=Et.extend({resource_servers:s.z.array(Lo)});async function Sm(e,t,n){const i=await e.env.data.resourceServers.get(t,n);return i||((await e.env.data.resourceServers.list(t,{})).resource_servers.find(o=>o.identifier===n)??null)}const sq=new s.OpenAPIHono().openapi(s.createRoute({tags:["resource-servers"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:resource_servers","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Lo),oq])}},description:"List of resource servers"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.resourceServers.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a});return r?e.json(c):e.json(c.resource_servers)}).openapi(s.createRoute({tags:["resource-servers"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:resource_servers","auth:read"]}],responses:{200:{content:{"application/json":{schema:Lo}},description:"A resource server"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await Sm(e,t,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["resource-servers"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:resource_servers","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await Sm(e,t,n);if(!i)throw new z(404,{message:"Resource server not found"});if(i.is_system)throw new z(403,{message:"System entities cannot be deleted"});return await e.env.data.resourceServers.remove(t,i.id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Resource Server",targetType:"resource_server",targetId:i.id,beforeState:i}),e.text("OK")}).openapi(s.createRoute({tags:["resource-servers"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Cp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:resource_servers","auth:write"]}],responses:{200:{content:{"application/json":{schema:Lo}},description:"The updated resource server"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await Sm(e,t,n);if(!r)throw new z(404,{message:"Resource server not found"});if(r.is_system)throw new z(403,{message:"System entities cannot be modified"});const o=r.id;await e.env.data.resourceServers.update(t,o,i);const a=await e.env.data.resourceServers.get(t,o);if(!a)throw new z(404,{message:"Resource server not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Resource Server",targetType:"resource_server",targetId:a.id,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["resource-servers"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Cp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:resource_servers","auth:write"]}],responses:{201:{content:{"application/json":{schema:Lo}},description:"A resource server"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.resourceServers.create(t,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Resource Server",targetType:"resource_server",targetId:i.id,afterState:i}),e.json(i,{status:201})}),aq=s.z.object({per_page:s.z.string().min(1).optional().default("50").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"Return results inside an object that contains the total result count (true) or as a direct array of results (false, default)."}),from:s.z.string().optional().openapi({description:"Optional Id from which to start selection."}),take:s.z.string().min(1).optional().transform(e=>e?parseInt(e,10):void 0).openapi({description:"Number of results per page. Defaults to 50."}),audience:s.z.string().optional().openapi({description:"Optional filter on audience."}),client_id:s.z.string().optional().openapi({description:"Optional filter on client_id."}),allow_any_organization:s.z.string().optional().transform(e=>e==="true"?!0:e==="false"?!1:void 0).openapi({description:"Optional filter on allow_any_organization."}),subject_type:s.z.enum(["client","user"]).optional().openapi({description:"EA The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."})}),cq=Et.extend({client_grants:s.z.array(Bo)}),lq=new s.OpenAPIHono().openapi(s.createRoute({tags:["client-grants"],method:"get",path:"/",request:{query:aq,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:client_grants","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Bo),cq])}},description:"List of client grants"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,from:o,take:a,audience:c,client_id:l,allow_any_organization:d,subject_type:u}=e.req.valid("query"),p=[];l&&p.push(`client_id:"${l}"`),c&&p.push(`audience:"${c}"`),d!==void 0&&p.push(`allow_any_organization:${d}`),u&&p.push(`subject_type:"${u}"`),o&&p.push(`id:>${o}`);const f=p.length>0?p.join(" AND "):void 0,h=a??i,g=await e.env.data.clientGrants.list(t,{page:n,per_page:h,include_totals:r,q:f});return r?e.json(g):e.json(g.client_grants)}).openapi(s.createRoute({tags:["client-grants"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:client_grants","auth:read"]}],responses:{200:{content:{"application/json":{schema:Bo}},description:"A client grant"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.clientGrants.get(t,n);if(!i)throw new z(404,{message:"Client grant not found"});return e.json(i)}).openapi(s.createRoute({tags:["client-grants"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:client_grants","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.clientGrants.remove(t,n))throw new z(404,{message:"Client grant not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Client Grant",targetType:"client_grant",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["client-grants"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(vp.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:client_grants","auth:write"]}],responses:{200:{content:{"application/json":{schema:Bo}},description:"The updated client grant"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.clientGrants.get(t,n);if(!r)throw new z(404,{message:"Client grant not found"});if(!await e.env.data.clientGrants.update(t,n,i))throw new z(500,{message:"Failed to update client grant"});const a=await e.env.data.clientGrants.get(t,n);if(!a)throw new z(404,{message:"Client grant not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Client Grant",targetType:"client_grant",targetId:n,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["client-grants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(vp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:client_grants","auth:write"]}],responses:{201:{content:{"application/json":{schema:Bo}},description:"A client grant"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.clientGrants.create(t,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Client Grant",targetType:"client_grant",targetId:i.id,afterState:i}),e.json(i,{status:201})});function dq(e){const t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function R6(e){const t=new TextEncoder().encode(e);return Mp(await yh(t))}async function D6(){const e=Rt.encode(dq(32),{includePadding:!1}),t=await R6(e);return{id:Ue(),token:e,token_hash:t}}const uq=300;async function B6(e,t,n={}){const i=await D6(),r=n.expires_in_seconds??uq,o=new Date(Date.now()+r*1e3).toISOString(),a=await e.create(t,{id:i.id,token_hash:i.token_hash,type:"iat",sub:n.sub,constraints:n.constraints,single_use:n.single_use??!0,expires_at:o});return{id:i.id,token:i.token,expires_at:o,record:a}}async function L6(e,t,n,i){const r=await R6(n),o=await e.getByHash(t,r);return o?o.type!==i?{ok:!1,failure:"wrong_type"}:o.revoked_at?{ok:!1,failure:"revoked"}:o.expires_at&&new Date(o.expires_at).getTime()<=Date.now()?{ok:!1,failure:"expired"}:o.single_use&&o.used_at?{ok:!1,failure:"already_used"}:{ok:!0,token:o}:{ok:!1,failure:"not_found"}}function Em(e,t){return`${ti(e.env,e.var.custom_domain)}oidc/register/${t}`}async function zu(e){const t=await e.env.data.tenants.get(e.var.tenant_id);if(!t)throw new U(404,{error:"invalid_request",error_description:"Tenant not found"});return t}function Pu(e){if(!e.flags?.enable_dynamic_client_registration)throw new U(404,{error:"invalid_request",error_description:"Dynamic Client Registration is not enabled"})}function Za(e){if(!e.clientRegistrationTokens)throw new U(500,{error:"server_error",error_description:"Dynamic Client Registration requires a clientRegistrationTokens adapter"});return e.clientRegistrationTokens}async function pq(e,t){const n=e.req.header("authorization"),i=ov(n);if(i){const r=await L6(Za(e.env.data),e.var.tenant_id,i,"iat");if(!r.ok||!r.token)throw new U(401,{error:"invalid_token",error_description:`Initial access token ${r.failure??"invalid"}`});return r.token}if(t.flags?.dcr_require_initial_access_token!==!1)throw new U(401,{error:"invalid_token",error_description:"Initial access token required"})}async function xm(e,t){const n=ov(e.req.header("authorization"));if(!n)throw new U(401,{error:"invalid_token",error_description:"Registration access token required"});const i=await L6(Za(e.env.data),e.var.tenant_id,n,"rat");if(!i.ok||!i.token)throw new U(401,{error:"invalid_token",error_description:`Registration access token ${i.failure??"invalid"}`});if(i.token.client_id!==t)throw new U(401,{error:"invalid_token",error_description:"Registration access token is not bound to this client"});return i.token}function Cm(e){return e.client_metadata?.status==="deleted"}function fq(){return Ue(24)}function hq(){return Ue(43)}const gq=s.z.object({sub:s.z.string().optional().openapi({description:"User ID to bind the IAT to (optional)"}),constraints:s.z.record(s.z.unknown()).optional().openapi({description:"Pre-bound metadata that the registration request must match exactly (or omit, in which case the value is filled in from this map)"}),expires_in_seconds:s.z.number().int().min(30).max(3600*24).optional().openapi({description:"Token TTL in seconds. Default 300 (5 minutes)."}),single_use:s.z.boolean().optional().openapi({description:"Whether the IAT is invalidated after first use. Default true."})}),mq=s.z.object({id:s.z.string(),token:s.z.string(),expires_at:s.z.string(),sub:s.z.string().optional(),constraints:s.z.record(s.z.unknown()).optional(),single_use:s.z.boolean()}),yq=new s.OpenAPIHono().openapi(s.createRoute({tags:["client-registration-tokens"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:gq}}}},security:[{Bearer:["create:client_registration_tokens","auth:write"]}],responses:{201:{content:{"application/json":{schema:mq}},description:"Initial Access Token issued. The `token` field is shown once and not retrievable later."}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await B6(Za(e.env.data),t,{sub:n.sub,constraints:n.constraints,expires_in_seconds:n.expires_in_seconds,single_use:n.single_use});return await R(e,t,{type:O.SUCCESS_API_OPERATION,description:"DCR Initial Access Token issued via Management API",targetType:"client_registration_token",targetId:i.id,userId:n.sub}),e.json({id:i.id,token:i.token,expires_at:i.expires_at,sub:i.record.sub,constraints:i.record.constraints,single_use:i.record.single_use},201)}),_q=s.z.object({page:s.z.string().optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),per_page:s.z.string().optional().default("50").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"When true, return results inside an object that also contains the start and limit. When false (default), a direct array of results is returned."}),fields:s.z.string().optional().openapi({description:"Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields."}),include_fields:s.z.string().optional().default("true").transform(e=>e==="true").openapi({description:"Whether specified fields are to be included (true) or excluded (false). Defaults to true."}),sort:s.z.string().optional().default("created_at:-1").openapi({description:"Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. Defaults to created_at:-1."})}),wq=s.z.object({invitations:s.z.array($l),start:s.z.number(),limit:s.z.number(),length:s.z.number()}),bq=Lw.omit({organization_id:!0,invitation_url:!0}),vq=Et.extend({organizations:s.z.array(Br)}),kv=s.z.object({user_id:s.z.string().openapi({description:"ID of this user"}),email:s.z.string().email().optional().openapi({description:"Email address of this user",format:"email"}),roles:s.z.array(s.z.object({})).default([]).openapi({description:"Array of roles assigned to this user in the organization"})}),Aq=s.z.object({start:s.z.number().openapi({description:"Start index of the current page"}),limit:s.z.number().openapi({description:"Number of items per page"}),total:s.z.number().openapi({description:"Total number of members"}),members:s.z.array(kv).openapi({description:"Array of organization members"})}),kq=s.z.object({next:s.z.string().optional().openapi({description:"Checkpoint ID to be used to retrieve the next set of results"}),members:s.z.array(kv).openapi({description:"Array of organization members"})}),Sq=s.z.object({members:s.z.array(s.z.string()).openapi({description:"Array of user IDs to add to the organization"})}),Eq=s.z.object({members:s.z.array(s.z.string()).openapi({description:"Array of user IDs to remove from the organization"})}),xq=new s.OpenAPIHono().openapi(s.createRoute({tags:["organizations"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([vq,s.z.array(Br)])}},description:"List of organizations"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r,sort:o,q:a,from:c,take:l}=e.req.valid("query"),d=await e.env.data.organizations.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a,from:c,take:l});return r?e.json(d):e.json(d.organizations)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"An organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.organizations.get(t,n);if(!i)throw new z(404,{message:"Organization not found"});return e.json(i)}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:organizations","auth:write"]}],responses:{200:{description:"Organization deleted successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.organizations.remove(t,n))throw new z(404,{message:"Organization not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete an Organization",targetType:"organization",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["organizations"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:Ip.partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations","auth:write"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"The updated organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new z(404,{message:"Organization not found"});if(!await e.env.data.organizations.update(t,n,i))throw new z(404,{message:"Organization not found"});const a=await e.env.data.organizations.get(t,n);if(!a)throw new z(404,{message:"Organization not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update an Organization",targetType:"organization",targetId:n,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:Ip}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:organizations","auth:write"]}],responses:{201:{content:{"application/json":{schema:Br}},description:"The created organization"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i={...n,id:n.id||EF()},r=await e.env.data.organizations.create(t,i);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create an Organization",targetType:"organization",targetId:r.id,afterState:r}),e.json(r,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(kv),Aq,kq])}},description:"List of organization members"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,include_totals:o,sort:a}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});const l=await e.env.data.userOrganizations.list(t,{page:i,per_page:r,include_totals:o,sort:kt(a),q:`organization_id:${n}`}),d=[];for(const u of l.userOrganizations){const p=await e.env.data.users.get(t,u.user_id);p&&d.push({user_id:p.user_id,email:p.email||void 0,roles:[]})}return o?e.json({start:l.start,limit:l.limit,total:l.length,members:d}):e.json(d)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Sq}}}},security:[{Bearer:["update:organizations","auth:write"]}],responses:{204:{description:"Members added successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{members:i}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});for(const o of i)(await e.env.data.userOrganizations.list(t,{q:`user_id:${o}`,per_page:1})).userOrganizations.some(l=>l.organization_id===n)||await e.env.data.userOrganizations.create(t,{user_id:o,organization_id:n});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Add Members to an Organization",targetType:"organization_member",targetId:n}),new Response(null,{status:204})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Eq}}}},security:[{Bearer:["update:organizations","auth:write"]}],responses:{200:{description:"Members removed successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{members:i}=e.req.valid("json");for(const r of i){const a=(await e.env.data.userOrganizations.list(t,{q:`user_id:${r}`,per_page:100})).userOrganizations.find(c=>c.organization_id===n);a&&await e.env.data.userOrganizations.remove(t,a.id)}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove Members from an Organization",targetType:"organization_member",targetId:n}),e.json({message:"Members removed successfully"})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:ct},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:$p}},description:"User roles in organization"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new z(404,{message:"User not found"});const a=await e.env.data.userRoles.list(t,i,void 0,n);return e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string()).openapi({description:"List of role IDs to associate with the user"})})}}}},security:[{Bearer:["update:organizations","auth:write"]}],responses:{201:{description:"Roles assigned successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param"),{roles:r}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new z(404,{message:"User not found"});for(const c of r){if(!await e.env.data.roles.get(t,c))throw new z(400,{message:`Role ${c} not found`});if(!await e.env.data.userRoles.create(t,i,c,n))throw new z(500,{message:`Failed to assign role ${c} to user`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Assign Roles to an Organization Member",targetType:"organization_member_role",targetId:i}),e.json({message:"Roles assigned successfully"},{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string()).openapi({description:"List of role IDs to remove from the user"})})}}}},security:[{Bearer:["update:organizations","auth:write"]}],responses:{200:{description:"Roles removed successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param"),{roles:r}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new z(404,{message:"User not found"});for(const c of r)if(!await e.env.data.userRoles.remove(t,i,c,n))throw new z(500,{message:`Failed to remove role ${c} from user`});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove Roles from an Organization Member",targetType:"organization_member_role",targetId:i}),e.json({message:"Roles removed successfully"})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/roles",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:ct},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:$p}},description:"List of roles available in organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,sort:o,q:a}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});const l=await e.env.data.roles.list(t,{page:i,per_page:r,sort:kt(o),q:a});return e.json(l.roles)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/invitations",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}})}),query:_q,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array($l),wq])}},description:"List of organization invitations"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,include_totals:o,fields:a,include_fields:c,sort:l}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});let p=(await e.env.data.invites.list(t,{page:i,per_page:r})).invites.filter(f=>f.organization_id===n);if(l){const f=kt(l);if(f){const{sort_by:h,sort_order:g}=f;p.sort((m,_)=>{const y=m[h],w=_[h];if(y===void 0||w===void 0||y===w)return 0;const b=y<w?-1:1;return g==="asc"?b:-b})}}if(a){const f=a.split(",").map(h=>h.trim());p=p.map(h=>{const g={};for(const m of Object.keys(h))(c?f.includes(m):!f.includes(m))&&(g[m]=h[m]);return g})}return o?e.json({invitations:p,start:i*r,limit:r,length:p.length}):e.json(p)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/invitations/{invitation_id}",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}}),invitation_id:s.z.string().openapi({description:"Invitation ID",param:{name:"invitation_id",in:"path"}})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:$l}},description:"An invitation"},404:{description:"Invitation not found"}}}),async e=>{const t=e.var.tenant_id,{id:n,invitation_id:i}=e.req.valid("param"),r=await e.env.data.invites.get(t,i);if(!r||r.organization_id!==n)throw new z(404,{message:"Invitation not found"});return e.json(r)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/invitations",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}})}),body:{content:{"application/json":{schema:bq}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations","auth:write"]}],responses:{201:{content:{"application/json":{schema:$l}},description:"The created invitation"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});const a=`https://invite.placeholder/${CF()}`,c={...i,organization_id:n,invitation_url:a},l=await e.env.data.invites.create(t,c);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create an Organization Invitation",targetType:"invitation",targetId:l.id,afterState:l}),e.json(l,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/invitations/{invitation_id}",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}}),invitation_id:s.z.string().openapi({description:"Invitation ID",param:{name:"invitation_id",in:"path"}})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations","auth:write"]}],responses:{204:{description:"Invitation deleted successfully"},404:{description:"Invitation not found"}}}),async e=>{const t=e.var.tenant_id,{id:n,invitation_id:i}=e.req.valid("param"),r=await e.env.data.invites.get(t,i);if(!r||r.organization_id!==n)throw new z(404,{message:"Invitation not found"});if(!await e.env.data.invites.remove(t,i))throw new z(404,{message:"Invitation not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete an Organization Invitation",targetType:"invitation",targetId:i}),e.body(null,{status:204})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/enabled_connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:s.z.object({include_totals:s.z.string().optional().transform(e=>e==="true").openapi({deprecated:!0,description:"Ignored for compatibility; the connections/total/start/limit/length wrapper is always returned."}),page:s.z.string().optional().transform(e=>e?parseInt(e,10):0),per_page:s.z.string().optional().transform(e=>e?parseInt(e,10):50)})},security:[{Bearer:["read:organization_connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:Et.extend({connections:s.z.array(ua)})}},description:"Connections enabled for the organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{include_totals:i,page:r,per_page:o}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});const c=await e.env.data.organizationConnections.list(t,n),l=r*o,d=c.slice(l,l+o);return e.json({connections:d,total:c.length,start:l,limit:o,length:d.length})}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/enabled_connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:zp}}}},security:[{Bearer:["create:organization_connections","auth:write"]}],responses:{201:{content:{"application/json":{schema:ua}},description:"Connection enabled for the organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});if(!await e.env.data.connections.get(t,i.connection_id))throw new z(400,{message:`Connection ${i.connection_id} not found`});if(await e.env.data.organizationConnections.get(t,n,i.connection_id))throw new z(409,{message:"Connection already enabled for this organization"});const c=await e.env.data.organizationConnections.create(t,n,i);return await R(e,t,{type:O.SUCCESS_API_OPERATION,description:"Enable an Organization Connection",targetType:"organization_connection",targetId:`${n}:${i.connection_id}`}),e.json(c,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organization_connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:ua}},description:"An enabled organization connection"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=await e.env.data.organizationConnections.get(t,n,i);if(!r)throw new z(404,{message:"Organization connection not found"});return e.json(r)}).openapi(s.createRoute({tags:["organizations"],method:"patch",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:zp.omit({connection_id:!0}).partial()}}}},security:[{Bearer:["update:organization_connections","auth:write"]}],responses:{200:{content:{"application/json":{schema:ua}},description:"Updated organization connection"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=e.req.valid("json"),o=await e.env.data.organizationConnections.update(t,n,i,r);if(!o)throw new z(404,{message:"Organization connection not found"});return await R(e,t,{type:O.SUCCESS_API_OPERATION,description:"Update an Organization Connection",targetType:"organization_connection",targetId:`${n}:${i}`}),e.json(o)}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:organization_connections","auth:write"]}],responses:{204:{description:"Connection disabled"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param");if(!await e.env.data.organizationConnections.remove(t,n,i))throw new z(404,{message:"Organization connection not found"});return await R(e,t,{type:O.SUCCESS_API_OPERATION,description:"Disable an Organization Connection",targetType:"organization_connection",targetId:`${n}:${i}`}),e.body(null,{status:204})}),Cq=new s.OpenAPIHono().openapi(s.createRoute({tags:["stats"],method:"get",path:"/daily",request:{query:s.z.object({from:s.z.string().optional().openapi({description:"Optional first day of the date range (inclusive) in YYYYMMDD format",example:"20251120"}),to:s.z.string().optional().openapi({description:"Optional last day of the date range (inclusive) in YYYYMMDD format",example:"20251219"})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(gC)}},description:"Daily statistics including logins, signups, and leaked passwords"}}}),async e=>{const{from:t,to:n}=e.req.valid("query");if(!e.env.data.stats)throw new z(501,{message:"Stats adapter not configured"});const i=await e.env.data.stats.getDaily(e.var.tenant_id,{from:t,to:n});return e.json(i)}).openapi(s.createRoute({tags:["stats"],method:"get",path:"/active-users",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.number().openapi({description:"Number of active users in the last 30 days",example:1234})}},description:"Number of active users in the last 30 days"}}}),async e=>{if(!e.env.data.stats)throw new z(501,{message:"Stats adapter not configured"});const t=await e.env.data.stats.getActiveUsers(e.var.tenant_id);return e.json(t)}),rp=["sms","otp","email","push-notification","webauthn-roaming","webauthn-platform","recovery-code","duo"];function Tm(e){return e.replace(/-/g,"_")}const Y_=s.z.object({name:s.z.enum(rp),enabled:s.z.boolean(),trial_expired:s.z.boolean().optional()}),Tq=s.z.array(Y_),$q=s.z.object({enabled:s.z.boolean()}),$m=s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"])}),Im=s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}),Iq=s.z.object({message_type:s.z.enum(["sms","voice"])}),zq=new s.OpenAPIHono().openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:Tq}},description:"List of MFA factors"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.factors,i=rp.map(r=>{const o=Tm(r);return{name:r,enabled:!!n?.[o],trial_expired:!1}});return e.json(i)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/sms/selected-provider",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:$m}},description:"Selected SMS provider"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.sms_provider?.provider||"twilio";return e.json({provider:n})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/sms/selected-provider",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:$m}}}},security:[{Bearer:["update:guardian_factors","auth:write"]}],responses:{200:{content:{"application/json":{schema:$m}},description:"Updated SMS provider selection"}}}),async e=>{const{provider:t}=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Tenant not found"});return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,sms_provider:{provider:t}}}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Set SMS Provider",targetType:"guardian",targetId:e.var.tenant_id}),e.json({provider:t})}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/sms/providers/twilio",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:Im}},description:"Twilio provider configuration"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.twilio||{};return e.json({sid:n.sid,auth_token:n.auth_token?"********":void 0,from:n.from,messaging_service_sid:n.messaging_service_sid})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/sms/providers/twilio",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Im}}}},security:[{Bearer:["update:guardian_factors","auth:write"]}],responses:{200:{content:{"application/json":{schema:Im}},description:"Updated Twilio configuration"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Tenant not found"});const i=n.mfa?.twilio||{},r={...i,...t,auth_token:t.auth_token&&t.auth_token!=="********"?t.auth_token:i.auth_token};return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,twilio:r}}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Configure Twilio Provider",targetType:"guardian",targetId:e.var.tenant_id}),e.json({sid:r.sid,auth_token:r.auth_token?"********":void 0,from:r.from,messaging_service_sid:r.messaging_service_sid})}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/phone/message-types",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Iq)}},description:"Available message types"}}}),async e=>{const t=[{message_type:"sms"}];return e.json(t)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/policies",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.string())}},description:"Current MFA policies"}}}),async e=>(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.policy==="always"?e.json(["all-applications"]):e.json([])).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/policies",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.array(s.z.string())}}}},security:[{Bearer:["update:guardian_factors","auth:write"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.string())}},description:"Updated MFA policies"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Tenant not found"});const i=t.includes("all-applications")?"always":"never";return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,policy:i}}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Set Guardian Policies",targetType:"guardian",targetId:e.var.tenant_id}),e.json(i==="always"?["all-applications"]:[])}).openapi(s.createRoute({tags:["guardian"],method:"post",path:"/enrollments/ticket",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({user_id:s.z.string(),send_mail:s.z.boolean().optional(),email:s.z.string().email().optional()})}}}},security:[{Bearer:["create:guardian_enrollment_tickets","auth:write"]}],responses:{201:{content:{"application/json":{schema:s.z.object({ticket_id:s.z.string(),ticket_url:s.z.string()})}},description:"Enrollment ticket created"}}}),async e=>{const{user_id:t,email:n}=e.req.valid("json"),i=e.var.tenant_id,r=await e.env.data.tenants.get(i);if(!r)throw new z(404,{message:"Tenant not found"});if(!(r.mfa?.factors?.sms===!0||r.mfa?.factors?.otp===!0||r.mfa?.factors?.webauthn_roaming===!0||r.mfa?.factors?.webauthn_platform===!0))throw new z(400,{message:"At least one MFA factor (SMS, OTP, or WebAuthn) must be enabled before creating enrollment tickets."});const a=await e.env.data.users.get(i,t);if(!a)throw new z(404,{message:"User not found"});const{clients:c}=await e.env.data.clients.list(i);if(!c.length)throw new z(400,{message:"No clients configured for this tenant"});const l=c[0].client_id,d=7200*60*1e3,u=new Date(Date.now()+d).toISOString(),p=await e.env.data.loginSessions.create(i,{expires_at:u,authParams:{client_id:l,username:n||a.email},csrf_token:Ue(),user_id:t,state:be.AWAITING_MFA,state_data:JSON.stringify({guardian_enrollment:!0})}),f=Ue();await e.env.data.codes.create(i,{code_id:f,code_type:"ticket",login_id:p.id,user_id:t,expires_at:u});const h=Dn(e.env,e.var.custom_domain),g=new URL("u2/guardian/enroll",h);g.searchParams.append("ticket",f),e.var.custom_domain||g.searchParams.append("tenant_id",i);const m=g.toString();return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create Enrollment Ticket",targetType:"guardian",targetId:e.var.tenant_id}),e.json({ticket_id:f,ticket_url:m},201)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/{factor_name}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({factor_name:s.z.enum(rp)})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:Y_}},description:"MFA factor details"}}}),async e=>{const{factor_name:t}=e.req.valid("param"),i=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.factors,r=Tm(t);return e.json({name:t,enabled:!!i?.[r],trial_expired:!1})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/{factor_name}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({factor_name:s.z.enum(rp)}),body:{content:{"application/json":{schema:$q}}}},security:[{Bearer:["update:guardian_factors","auth:write"]}],responses:{200:{content:{"application/json":{schema:Y_}},description:"Updated MFA factor"}}}),async e=>{const{factor_name:t}=e.req.valid("param"),{enabled:n}=e.req.valid("json"),i=Tm(t),r=await e.env.data.tenants.get(e.var.tenant_id);if(!r)throw new z(404,{message:"Tenant not found"});const o=r.mfa?.factors;return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...r.mfa,factors:{sms:o?.sms??!1,otp:o?.otp??!1,email:o?.email??!1,push_notification:o?.push_notification??!1,webauthn_roaming:o?.webauthn_roaming??!1,webauthn_platform:o?.webauthn_platform??!1,recovery_code:o?.recovery_code??!1,duo:o?.duo??!1,[i]:n}}}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Guardian Factor",targetType:"guardian",targetId:e.var.tenant_id}),e.json({name:t,enabled:n,trial_expired:!1})}),Q_=s.z.object({id:s.z.string(),type:s.z.string(),confirmed:s.z.boolean(),phone_number:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),created_at:s.z.string()}),Pq=s.z.array(Q_),Nq=s.z.object({type:s.z.enum(["phone","totp","email","push","webauthn-roaming","webauthn-platform","passkey"]),phone_number:s.z.string().optional(),totp_secret:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().int().nonnegative().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),confirmed:s.z.boolean().optional().default(!0)}).superRefine((e,t)=>{e.type==="phone"&&!e.phone_number&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"phone_number is required when type is 'phone'",path:["phone_number"]}),e.type==="totp"&&!e.totp_secret&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"totp_secret is required when type is 'totp'",path:["totp_secret"]}),["webauthn-roaming","webauthn-platform","passkey"].includes(e.type)&&(e.credential_id||t.addIssue({code:s.z.ZodIssueCode.custom,message:`credential_id is required when type is '${e.type}'`,path:["credential_id"]}),e.public_key||t.addIssue({code:s.z.ZodIssueCode.custom,message:`public_key is required when type is '${e.type}'`,path:["public_key"]}))}),Fq=new s.OpenAPIHono().openapi(s.createRoute({tags:["users"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:Pq}},description:"List of authentication methods for the user"}}}),async e=>{const t=e.req.param("user_id");if(!t)throw new z(400,{message:"user_id is required"});const i=(await e.env.data.authenticationMethods.list(e.var.tenant_id,t)).map(r=>({id:r.id,type:r.type,confirmed:r.confirmed,phone_number:r.phone_number,credential_id:r.credential_id,public_key:r.public_key,sign_count:r.sign_count,credential_backed_up:r.credential_backed_up,transports:r.transports,friendly_name:r.friendly_name,created_at:r.created_at}));return e.json(i)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Nq}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{201:{content:{"application/json":{schema:Q_}},description:"Created authentication method"}}}),async e=>{const t=e.req.param("user_id");if(!t)throw new z(400,{message:"user_id is required"});const n=e.req.valid("json"),i=await e.env.data.authenticationMethods.create(e.var.tenant_id,{user_id:t,type:n.type,phone_number:n.phone_number,totp_secret:n.totp_secret,credential_id:n.credential_id,public_key:n.public_key,sign_count:n.sign_count,credential_backed_up:n.credential_backed_up,transports:n.transports,friendly_name:n.friendly_name,confirmed:n.confirmed??!0});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create Authentication Method",targetType:"authentication_method",targetId:i.id}),e.json({id:i.id,type:i.type,confirmed:i.confirmed,phone_number:i.phone_number,credential_id:i.credential_id,public_key:i.public_key,sign_count:i.sign_count,credential_backed_up:i.credential_backed_up,transports:i.transports,friendly_name:i.friendly_name,created_at:i.created_at},201)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{method_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({method_id:s.z.string()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:Q_}},description:"Authentication method details"}}}),async e=>{const{method_id:t}=e.req.valid("param"),n=e.req.param("user_id"),i=await e.env.data.authenticationMethods.get(e.var.tenant_id,t);if(!i||i.user_id!==n)throw new z(404,{message:"Authentication method not found"});return e.json({id:i.id,type:i.type,confirmed:i.confirmed,phone_number:i.phone_number,credential_id:i.credential_id,public_key:i.public_key,sign_count:i.sign_count,credential_backed_up:i.credential_backed_up,transports:i.transports,friendly_name:i.friendly_name,created_at:i.created_at})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{method_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({method_id:s.z.string()})},security:[{Bearer:["update:users","auth:write"]}],responses:{204:{description:"Authentication method deleted"}}}),async e=>{const{method_id:t}=e.req.valid("param"),n=e.req.param("user_id"),i=await e.env.data.authenticationMethods.get(e.var.tenant_id,t);if(!i||i.user_id!==n)throw new z(404,{message:"Authentication method not found"});if(!await e.env.data.authenticationMethods.remove(e.var.tenant_id,t))throw new z(404,{message:"Authentication method not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete Authentication Method",targetType:"authentication_method",targetId:t}),e.body(null,204)}),Oq=50,jq=1e3,Rq=3e5,M6=5,Dq=7,U6=3e4;async function qf(e,t,n){console.warn(`Outbox event ${t} dead-lettering: ${n}`);try{await e.deadLetter(t,n)}catch{}}function q6(e){const t=Math.min(jq*Math.pow(2,e),Rq);return new Date(Date.now()+t).toISOString()}async function Bq(e,t,n,i){if(t.length===0)return;const r=i?.maxRetries??M6,o=crypto.randomUUID(),a=await e.claimEvents(t,o,U6);if(a.length===0)return;const c=await e.getByIds(a);if(c.length===0)return;const l=[];for(const d of c){if(d.retry_count>=r){await qf(e,d.id,d.error||`Exceeded max retries (${r})`);continue}let u=!0,p=!1;for(const f of n)if(!(f.accepts&&!f.accepts(d))){p=!0;try{const h=f.transform(d);await f.deliver([h])}catch(h){u=!1;const g=h instanceof Error?h.message:String(h);try{await e.markRetry(d.id,`${f.name}: ${g}`,q6(d.retry_count))}catch{}break}}if(!p){await qf(e,d.id,`No destination accepts event_type=${d.event_type}`);continue}u&&l.push(d.id)}if(l.length>0)try{await e.markProcessed(l)}catch{}}async function H6(e,t,n){const i=n?.batchSize??Oq,r=n?.maxRetries??M6,o=n?.retentionDays??Dq,a=await e.getUnprocessed(i);if(a.length===0)return;const c=crypto.randomUUID(),l=a.map(h=>h.id),d=new Set(await e.claimEvents(l,c,U6)),u=a.filter(h=>d.has(h.id));if(u.length===0)return;const p=[],f=[];for(const h of u){if(h.retry_count>=r){await qf(e,h.id,h.error||`Exceeded max retries (${r})`);continue}let g=!0,m=!1;for(const _ of t)if(!(_.accepts&&!_.accepts(h))){m=!0;try{const y=_.transform(h);await _.deliver([y])}catch(y){g=!1;const w=y instanceof Error?y.message:String(y);try{await e.markRetry(h.id,`${_.name}: ${w}`,q6(h.retry_count))}catch{}break}}if(!m){await qf(e,h.id,`No destination accepts event_type=${h.event_type}`);continue}g?p.push(h.id):f.push(h.id)}if(p.length>0)try{await e.markProcessed(p)}catch{}try{const h=new Date(Date.now()-o*24*60*60*1e3).toISOString();await e.cleanup(h)}catch{}}function ou(e){return async(t,n)=>{t.set("outboxEventPromises",[]),t.set("backgroundPromises",[]);let i;try{await n()}catch(r){i=r}finally{const r=t.var.outboxEventPromises??[];let o=[];if(r.length>0){const a=await Promise.allSettled(r);for(const c of a)c.status==="fulfilled"?o.push(c.value):console.error("Outbox event creation failed",c.reason)}if(o.length>0){const a=e.getOutbox(t);a&&ph(t,Bq(a,o,e.getDestinations(t),{maxRetries:t.env.outbox?.maxRetries}))}typeof process<"u"&&process.env?.NODE_ENV==="test"&&await dF(t)}if(i)throw i}}function Lq(e){return{log_id:e.id,type:e.log_type,date:e.timestamp,description:e.description||"",ip:e.request.ip,user_agent:e.request.user_agent||"",user_id:e.actor.id||"",user_name:e.actor.email||"",client_id:e.actor.client_id,client_name:"",connection:e.connection,strategy:e.strategy,strategy_type:e.strategy_type,audience:e.audience||"",scope:e.scope||e.actor.scopes?.join(" "),hostname:e.hostname,auth0_client:e.auth0_client,isMobile:e.is_mobile||!1,location_info:e.location,details:{request:{method:e.request.method,path:e.request.path,qs:e.request.query,body:e.request.body},...e.response&&{response:{statusCode:e.response.status_code,body:e.response.body}}}}}class xs{name="logs";logs;constructor(t){this.logs=t}accepts(t){return!t.event_type.startsWith("hook.")}transform(t){return{tenantId:t.tenant_id,log:Lq(t)}}async deliver(t){for(const{tenantId:n,log:i}of t)try{await this.logs.create(n,i)}catch(r){const o=r instanceof Error?r.message:String(r);if(o.includes("UNIQUE constraint failed")||o.includes("Duplicate entry"))continue;throw r}}}const Nk="hook.",Mq=1e4,Fk="webhook";class Tc{name="webhooks";hooks;getServiceToken;timeoutMs;webhookInvoker;constructor(t,n,i={}){this.hooks=t,this.getServiceToken=n,this.timeoutMs=i.timeoutMs??Mq,this.webhookInvoker=i.webhookInvoker}accepts(t){return t.event_type.startsWith(Nk)}transform(t){const n=t.event_type.slice(Nk.length);return{eventId:t.id,tenantId:t.tenant_id,triggerId:n,payload:{tenant_id:t.tenant_id,trigger_id:n,user:t.target?.after,request:t.request}}}async deliver(t){for(const n of t){const{hooks:i}=await this.hooks.list(n.tenantId),r=i.filter(o=>o.enabled&&o.trigger_id===n.triggerId&&"url"in o);if(r.length!==0)for(const o of r)this.webhookInvoker?await this.invokeCustom(o,n):await this.invokeDefault(o,n)}}async invokeCustom(t,n){const i=this.webhookInvoker,r=(c=Fk)=>this.getServiceToken(n.tenantId,c),o=new Promise((c,l)=>{setTimeout(()=>l(new Error(`Webhook ${t.hook_id} (${n.triggerId}) timed out after ${this.timeoutMs}ms`)),this.timeoutMs)}),a=await Promise.race([i({hook:t,data:n.payload,tenant_id:n.tenantId,idempotency_key:n.eventId,createServiceToken:r}),o]);if(!a.ok){const c=await a.text().catch(()=>"");throw new Error(`Webhook ${t.hook_id} (${n.triggerId}) returned ${a.status}: ${c.slice(0,256)}`)}}async invokeDefault(t,n){const i=await this.getServiceToken(n.tenantId,Fk),r=new AbortController,o=setTimeout(()=>r.abort(),this.timeoutMs);try{const a=await fetch(t.url,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${i}`,"Idempotency-Key":n.eventId},body:JSON.stringify(n.payload),signal:r.signal});if(!a.ok){const c=await a.text().catch(()=>"");throw new Error(`Webhook ${t.hook_id} (${n.triggerId}) returned ${a.status}: ${c.slice(0,256)}`)}}finally{clearTimeout(o)}}}const Uq="hook.post-user-registration";class $c{name="registration-finalizer";users;constructor(t){this.users=t}accepts(t){return t.event_type===Uq}transform(t){return{tenantId:t.tenant_id,userId:t.target?.id??"",timestamp:new Date().toISOString()}}async deliver(t){for(const{tenantId:n,userId:i,timestamp:r}of t)i&&await this.users.update(n,i,{registration_completed_at:r})}}function qq(e){const t=new s.OpenAPIHono,n=e.managementDataAdapter??e.dataAdapter;t.use(Sc(e)),t.use(async(a,c)=>{const l=a.req.header("origin"),d=u=>{a.res.headers.set("Access-Control-Allow-Origin",u),a.res.headers.set("Access-Control-Allow-Headers","Tenant-Id, Content-Type, Content-Range, Auth0-Client, Authorization, Range, Upgrade-Insecure-Requests"),a.res.headers.set("Access-Control-Allow-Methods","POST, PUT, GET, DELETE, PATCH, OPTIONS"),a.res.headers.set("Access-Control-Expose-Headers","Content-Length, Content-Range"),a.res.headers.set("Access-Control-Max-Age","600"),a.res.headers.set("Access-Control-Allow-Credentials","true"),a.res.headers.append("Vary","Origin")};if(a.req.method==="OPTIONS"){const u=new Response(null,{status:204});if(l){const p=h=>{u.headers.set("Access-Control-Allow-Origin",h),u.headers.set("Access-Control-Allow-Headers","Tenant-Id, Content-Type, Content-Range, Auth0-Client, Authorization, Range, Upgrade-Insecure-Requests"),u.headers.set("Access-Control-Allow-Methods","POST, PUT, GET, DELETE, PATCH, OPTIONS"),u.headers.set("Access-Control-Expose-Headers","Content-Length, Content-Range"),u.headers.set("Access-Control-Max-Age","600"),u.headers.set("Access-Control-Allow-Credentials","true"),u.headers.append("Vary","Origin")};if(e.allowedOrigins?.includes(l))return p(l),u;const f=a.req.header("tenant-id");if(f&&(await n.clients.list(f,{})).clients.flatMap(m=>m.web_origins||[]).includes(l))return p(l),u}return u.headers.append("Vary","Origin"),u}if(await c(),a.res.headers.append("Vary","Origin"),l){if(e.allowedOrigins?.includes(l)){d(l);return}const u=a.var.tenant_id||a.req.header("tenant-id");u&&(await n.clients.list(u,{})).clients.flatMap(h=>h.web_origins||[]).includes(l)&&d(l)}}),t.onError((a,c)=>{if(!(a instanceof z))throw a;const l=a.status;if(l<400||l>=500)throw a;const d=a.getResponse();if(d.headers.get("content-type")?.includes("application/json"))return d;const u={400:"Bad Request",401:"Unauthorized",403:"Forbidden",404:"Not Found",405:"Method Not Allowed",409:"Conflict",422:"Unprocessable Entity",429:"Too Many Requests"};return c.json({statusCode:l,error:u[l]??"Error",message:a.message||u[l]||"Error"},l)}),t.use(async(a,c)=>{if(await c(),a.res.status!==400||!a.res.headers.get("content-type")?.includes("application/json"))return;let l;try{l=await a.res.clone().json()}catch{return}if(typeof l!="object"||l===null||!("success"in l)||l.success!==!1||!("error"in l)||typeof l.error!="object"||l.error===null||!("name"in l.error)||l.error.name!=="ZodError")return;const d="issues"in l.error&&Array.isArray(l.error.issues)?l.error.issues:[],u=d.length?`Payload validation error: ${d.map(p=>{const f=Array.isArray(p.path)?p.path:[];return`'${f.length?f.join("."):"root"}': ${p.message??"invalid"}`}).join("; ")}`:"Payload validation error";a.res=new Response(JSON.stringify({statusCode:400,error:"Bad Request",message:u,errorCode:"invalid_body"}),{status:400,headers:{"content-type":"application/json"}})}),iv(t);const i=(a,c)=>{const l=nu(a,c),d=Cc({defaultTtlSeconds:0,maxEntries:100,cleanupIntervalMs:0}),u=ru(l,{defaultTtl:0,cacheEntities:["tenants","connections","clients","branding","themes","promptSettings","customText","forms","hooks"],cache:d});return iu(a,u)};t.use(ou({getOutbox:()=>n.outbox,getDestinations:a=>[new xs(n.logs),new Tc(n.hooks,async c=>(await Es(a,c,"webhook")).access_token),new $c(n.users)]})),t.use(async(a,c)=>{a.env.data=i(a,n),a.env.entityHooks=e.entityHooks,await c()}),t.use(xc).use(Ec).use(pg(t)).use(async(a,c)=>(e.entityHooks&&a.var.tenant_id&&(a.env.data=j6(a.env.data,{tenantId:a.var.tenant_id,entityHooks:e.entityHooks})),c()));const r=new Set(e.managementApiExtensions?.map(a=>a.path)||[]),o=t.route("/actions/actions",wF).route("/actions/triggers",PF).route("/branding",GO).route("/custom-domains",QB).route("/email/providers",ck).route("/emails/provider",ck).route("/email-templates",WB).route("/users",OR).route("/keys",tB).route("/users-by-email",nB).route("/clients",oB).route("/client-grants",lq).route("/client-registration-tokens",yq).route("/logs",cB).route("/log-streams",ZB).route("/attack-protection",XB).route("/failed-events",uB).route("/hooks",fB).route("/hook-code",hB).route("/connections",_B).route("/prompts",wB).route("/sessions",JB).route("/refresh_tokens",YB).route("/forms",XU).route("/flows",tq).route("/roles",rq).route("/resource-servers",sq).route("/organizations",xq).route("/stats",Cq).route("/guardian",zq).route("/users/:user_id/authentication-methods",Fq);if(r.has("/tenants")||o.route("/tenants",sB),e.managementApiExtensions)for(const a of e.managementApiExtensions)o.route(a.path,a.router);return o.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management API"},servers:[{url:"/api/v2",description:"API V2"}],security:[{oauth2:["openid","email","profile"]}]}),o}var V6=e=>{const t={origin:"*",allowMethods:["GET","HEAD","PUT","POST","DELETE","PATCH"],allowHeaders:[],exposeHeaders:[],...e},n=(r=>typeof r=="string"?r==="*"?t.credentials?o=>o||null:()=>r:o=>r===o?o:null:typeof r=="function"?r:o=>r.includes(o)?o:null)(t.origin),i=(r=>typeof r=="function"?r:Array.isArray(r)?()=>r:()=>[])(t.allowMethods);return async function(o,a){function c(d,u){o.res.headers.set(d,u)}const l=await n(o.req.header("origin")||"",o);if(l&&c("Access-Control-Allow-Origin",l),t.credentials&&c("Access-Control-Allow-Credentials","true"),t.exposeHeaders?.length&&c("Access-Control-Expose-Headers",t.exposeHeaders.join(",")),o.req.method==="OPTIONS"){(t.origin!=="*"||t.credentials)&&c("Vary","Origin"),t.maxAge!=null&&c("Access-Control-Max-Age",t.maxAge.toString());const d=await i(o.req.header("origin")||"",o);d.length&&c("Access-Control-Allow-Methods",d.join(","));let u=t.allowHeaders;if(!u?.length){const p=o.req.header("Access-Control-Request-Headers");p&&(u=p.split(/\s*,\s*/))}return u?.length&&(c("Access-Control-Allow-Headers",u.join(",")),o.res.headers.append("Vary","Access-Control-Request-Headers")),o.res.headers.delete("Content-Length"),o.res.headers.delete("Content-Type"),new Response(null,{headers:o.res.headers,status:204,statusText:"No Content"})}await a(),(t.origin!=="*"||t.credentials)&&o.header("Vary","Origin",{append:!0})}};function yr(e){if(e)return`${e.name}/${e.version}${e.env?.node?` (env: node/${e.env.node})`:""}`}function tn(e,t){const n=e.var.tenant_id;if(!n){e.set("tenant_id",t);return}if(n!==t)throw new z(403,{message:"Tenant mismatch"})}async function Hf(e,t,n,i){if(!i.state)throw new U(400,{message:"State not found"});const r=t.connections.find(l=>l.name===n);if(!r)throw e.set("client_id",t.client_id),await R(e,t.tenant.id,{type:O.FAILED_LOGIN,description:"Connection not found"}),new U(403,{message:"Connection Not Found"});let o=await e.env.data.loginSessions.get(t.tenant.id,i.state);if(!o){const l=e.get("ip"),d=e.get("useragent"),u=e.get("auth0_client");o=await e.env.data.loginSessions.create(t.tenant.id,{expires_at:new Date(Date.now()+eo*1e3).toISOString(),authParams:i,csrf_token:Ue(),ip:l,useragent:d,auth0Client:yr(u)})}const c=await j$(e,r.strategy).getRedirect(e,r);return await e.env.data.codes.create(t.tenant.id,{login_id:o.id,code_id:c.code,code_type:"oauth2_state",connection_id:r.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+uL*1e3).toISOString()}),new Response(null,{status:302,headers:{location:c.redirectUrl}})}async function Hq(e,{code:t,state:n}){const{env:i}=e,r=await i.data.codes.get(e.var.tenant_id||"",n,"oauth2_state");if(!r||!r.connection_id)throw new U(403,{message:"State not found"});const o=await i.data.loginSessions.get(e.var.tenant_id||"",r.login_id);if(!o)throw new U(403,{message:"Session not found"});const a=await Ze(i,o.authParams.client_id);e.set("client_id",a.client_id),tn(e,a.tenant.id);const c=a.connections.find(y=>y.id===r.connection_id);if(!c)throw await R(e,a.tenant.id,{type:O.FAILED_LOGIN,description:"Connection not found"}),new U(403,{message:"Connection not found"});if(e.set("connection",c.name),!o.authParams.redirect_uri)throw await R(e,a.tenant.id,{type:O.FAILED_LOGIN,description:"Redirect URI not defined"}),new U(403,{message:"Redirect URI not defined"});const d=await j$(e,c.strategy).validateAuthorizationCodeAndGetUser(e,c,t,r.code_verifier),{sub:u,...p}=d;e.set("user_id",u);const f=d.email?.toLocaleLowerCase()||`${c.name}.${u}@${new URL(e.env.ISSUER).hostname}`;e.set("username",f);const h=R$.has(c.strategy),g=h?"enterprise":Ht.SOCIAL,m=!h,_=await gh(e,{client:a,username:f,provider:D$(c),connection:c.name,userId:u,profileData:p,isSocial:m,ip:e.var.ip,set_user_root_attributes:c.options.set_user_root_attributes});return kU(e,{client:a,loginSession:o,user:_,authConnection:c.name,authStrategy:{strategy:c.strategy,strategy_type:g}})}function Z_(e,t,n){const i=new URL("/u/error",Dn(e.env,e.var.custom_domain));return T6(i,{error:t,error_description:n}),e.redirect(i.toString())}async function zm(e,t,n,i,r,o){const a=await e.env.data.codes.get(e.var.tenant_id||"",t,"oauth2_state");if(!a)return Z_(e,"state_not_found");const c=await e.env.data.loginSessions.get(e.var.tenant_id,a.login_id);if(!c)return Z_(e,"session_not_found");const{redirect_uri:l}=c.authParams;if(!l)throw new z(400,{message:"Redirect uri not found"});o||R(e,e.var.tenant_id,{type:O.FAILED_LOGIN,description:`Failed connection login: ${r} ${n}, ${i}`});let d="/u",u="/login/identifier";if(c.authParams.client_id)try{const f=await Ze(e.env,c.authParams.client_id,e.var.tenant_id);if(f?.client_metadata?.universal_login_version==="2"){d="/u2";const h=await e.env.data.promptSettings.get(e.var.tenant_id),g=Ko.parse(h||{}),m=f.connections.some(_=>_.strategy===W.USERNAME_PASSWORD);g.identifier_first===!1&&m&&(u="/login")}}catch{}const p=new URL(`${d}${u}`,Dn(e.env,e.var.custom_domain));return T6(p,{state:c.id,error:n,error_description:i}),e.redirect(p.toString())}function Vq(e){if(e instanceof Error){if("code"in e&&"description"in e){const t=e;return t.description?`${t.code}: ${t.description}`:t.code}if("status"in e){const t=e;return`${e.message} (status: ${t.status})`}return e.message}return String(e)}async function Ok(e,t){const{state:n,code:i,error:r,error_description:o,error_code:a}=t;if(r)return zm(e,n,r,o,a);if(!i)throw new z(400,{message:"Code is required"});try{const c=await Hq(e,{code:i,state:n});if(!(c instanceof Response))throw new z(500,{message:"Internal server error"});return c}catch(c){if(c instanceof U){if(c.status===403)return Z_(e,"state_not_found");if(c.status===400){const d=await e.env.data.codes.get(e.var.tenant_id||"",n,"oauth2_state");if(d&&await e.env.data.loginSessions.get(e.var.tenant_id,d.login_id)){let p="access_denied",f="access_denied";try{const h=JSON.parse(c.message);p=h.error_description||h.message||p,f=h.error||f}catch{p=c.message||p}return zm(e,n,f,p)}}}if(c instanceof z)throw c;const l=Vq(c);return R(e,e.var.tenant_id,{type:O.FAILED_LOGIN,description:`Connection callback failed: ${l}`}),zm(e,n,"connection_error","Connection failed",void 0,!0)}}const jk=s.z.object({state:s.z.string(),code:s.z.string().optional(),scope:s.z.string().optional(),hd:s.z.string().optional(),error:s.z.string().optional(),error_description:s.z.string().optional(),error_code:s.z.string().optional(),error_reason:s.z.string().optional()});function K6(e){return new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth2"],method:"get",path:"/",operationId:`${e.operationIdPrefix}Get`,deprecated:e.deprecated,request:{query:jk},responses:{302:{description:"Redirect to the client's redirect uri"},400:{description:"Bad Request",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},500:{description:"Internal Server Error",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>Ok(t,t.req.valid("query"))).openapi(s.createRoute({tags:["oauth2"],method:"post",path:"/",operationId:`${e.operationIdPrefix}Post`,deprecated:e.deprecated,request:{body:{content:{"application/x-www-form-urlencoded":{schema:jk}}}},responses:{302:{description:"Redirect to the client's redirect uri"},400:{description:"Bad Request",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},500:{description:"Internal Server Error",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>Ok(t,t.req.valid("form")))}const Kq=K6({operationIdPrefix:"callback",deprecated:!0}),Gq=K6({operationIdPrefix:"loginCallback"});function Vf(e,t=[],n={}){try{const i=new URL(e);return t.some(r=>{try{return Wq(i,new URL(r),n)}catch{return!1}})}catch{return!1}}function Wq(e,t,n={}){if(e.protocol!==t.protocol)return!1;if(n.allowPathWildcards&&t.pathname.includes("*")){const i=t.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${i}$`).test(e.pathname))return!1}else if(e.pathname!==t.pathname)return!1;if(n.allowSubDomainWildcards&&t.hostname.startsWith("*.")&&t.hostname.split(".").length>2&&["http:","https:"].includes(t.protocol)){const i=t.hostname.split(".").slice(1).join(".");return e.hostname===i||e.hostname.endsWith("."+i)}return e.hostname===t.hostname}const Jq=new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:s.z.object({client_id:s.z.string(),returnTo:s.z.string().optional()}),header:s.z.object({cookie:s.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async e=>{const{client_id:t,returnTo:n}=e.req.valid("query");let i;try{i=await Ze(e.env,t)}catch{return e.text("OK")}let r;try{r=await Ze(e.env,"DEFAULT_CLIENT")}catch{}e.set("client_id",t),tn(e,i.tenant.id);const o=n||e.req.header("referer");if(!o)return e.text("OK");if(!Vf(o,[...i.allowed_logout_urls||[],...r?.allowed_logout_urls||[]],{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw R(e,i.tenant.id,{type:O.FAILED_LOGOUT,description:"Invalid redirect uri"}),new z(400,{message:"Invalid redirect uri"});const a=e.req.header("cookie");if(a){const d=Sr(i.tenant.id,a);if(d){const u=await e.env.data.sessions.get(i.tenant.id,d);if(u){const p=await e.env.data.users.get(i.tenant.id,u.user_id);p&&(e.set("user_id",p.user_id),e.set("connection",p.connection));const f=new Date().toISOString(),{revokedCount:h,committedEventId:g}=await e.env.data.transaction(async m=>{const _=u.login_session_id?await m.refreshTokens.revokeByLoginSession(i.tenant.id,u.login_session_id,f):0;await m.sessions.update(i.tenant.id,d,{revoked_at:f});const y=_>0?await vC(e,m,i.tenant.id,{type:O.SUCCESS_REVOCATION,description:`Revoked ${_} refresh token(s)`}):void 0;return{revokedCount:_,committedEventId:y}});if(g){const m=e.var.outboxEventPromises??[];m.push(Promise.resolve(g)),e.set("outboxEventPromises",m)}else h>0&&R(e,i.tenant.id,{type:O.SUCCESS_REVOCATION,description:`Revoked ${h} refresh token(s)`})}}}R(e,i.tenant.id,{type:O.SUCCESS_LOGOUT,description:"User successfully logged out"});const c=new Headers;return cv(i.tenant.id,e.var.host).forEach(d=>{c.append("set-cookie",d)}),c.set("location",o),new Response("Redirecting",{status:302,headers:c})}),Yq=s.z.object({id_token_hint:s.z.string().optional(),client_id:s.z.string().optional(),post_logout_redirect_uri:s.z.string().optional(),state:s.z.string().optional(),logout_hint:s.z.string().optional(),ui_locales:s.z.string().optional()}),Qq=`<!DOCTYPE html>
333
+ ${p.message}`)}if(u){r.push(...c.actions),o=c;break}}return o?[o]:void 0}get events(){return Bs(this,"events",()=>{const{states:t}=this,n=new Set(this.ownEvents);if(t)for(const i of Object.keys(t)){const r=t[i];if(r.states)for(const o of r.events)n.add(`${o}`)}return Array.from(n)})}get ownEvents(){const t=Object.keys(Object.fromEntries(this.transitions)),n=new Set(t.filter(i=>this.transitions.get(i).some(r=>!(!r.target&&!r.actions.length&&!r.reenter))));return Array.from(n)}}const sU="#";class vv{constructor(t,n){this.config=t,this.version=void 0,this.schemas=void 0,this.implementations=void 0,this.options=void 0,this.__xstatenode=!0,this.idMap=new Map,this.root=void 0,this.id=void 0,this.states=void 0,this.events=void 0,this.id=t.id||"(machine)",this.implementations={actors:n?.actors??{},actions:n?.actions??{},delays:n?.delays??{},guards:n?.guards??{}},this.version=this.config.version,this.schemas=this.config.schemas,this.options={maxIterations:1/0,...this.config.options},this.transition=this.transition.bind(this),this.getInitialSnapshot=this.getInitialSnapshot.bind(this),this.getPersistedSnapshot=this.getPersistedSnapshot.bind(this),this.restoreSnapshot=this.restoreSnapshot.bind(this),this.start=this.start.bind(this),this.root=new Of(t,{_key:this.id,_machine:this}),this.root._initialize(),$M(this.root),this.states=this.root.states,this.events=this.root.events}provide(t){const{actions:n,guards:i,actors:r,delays:o}=this.implementations;return new vv(this.config,{actions:{...n,...t.actions},guards:{...i,...t.guards},actors:{...r,...t.actors},delays:{...o,...t.delays}})}resolveState(t){const n=KM(this.root,t.value),i=Pf(Ff(this.root,n));return ip({_nodes:[...i],context:t.context||{},children:{},status:yv(i,this.root)?"done":t.status||"active",output:t.output,error:t.error,historyValue:t.historyValue},this)}transition(t,n,i){return wm(t,n,i,[]).snapshot}microstep(t,n,i){return wm(t,n,i,[]).microsteps.map(([r])=>r)}getTransitionData(t,n){return _v(this.root,t.value,t,n)||[]}_getPreInitialState(t,n,i){const{context:r}=this.config,o=ip({context:typeof r!="function"&&r?r:{},_nodes:[this.root],children:{},status:"active"},this);return typeof r=="function"?Ja(o,n,t,[er(({spawn:c,event:l,self:d})=>r({spawn:c,input:l.input,self:d}))],i,void 0):o}getInitialSnapshot(t,n){const i=l6(n),r=[],o=this._getPreInitialState(t,i,r),[a]=BM(this.root,o,t,i,r),{snapshot:c}=wm(a,i,t,r);return c}start(t){Object.values(t.children).forEach(n=>{n.getSnapshot().status==="active"&&n.start()})}getStateNodeById(t){const n=uv(t),i=n.slice(1),r=gg(n[0])?n[0].slice(sU.length):n[0],o=this.idMap.get(r);if(!o)throw new Error(`Child state node '#${r}' does not exist on machine '${this.id}'`);return Nf(o,i)}get definition(){return this.root.definition}toJSON(){return this.definition}getPersistedSnapshot(t,n){return eU(t,n)}restoreSnapshot(t,n){const i={},r=t.children;Object.keys(r).forEach(p=>{const f=r[p],h=f.snapshot,g=f.src,m=typeof g=="string"?pv(this,g):g;if(!m)return;const _=dd(m,{id:p,parent:n.self,syncSnapshot:f.syncSnapshot,snapshot:h,src:g,systemId:f.systemId});i[p]=_});function o(p,f){if(f instanceof Of)return f;try{return p.machine.getStateNodeById(f.id)}catch{}}function a(p,f){if(!f||typeof f!="object")return{};const h={};for(const g in f){const m=f[g];for(const _ of m){const y=o(p,_);y&&(h[g]??=[],h[g].push(y))}}return h}const c=a(this.root,t.historyValue),l=ip({...t,children:i,_nodes:Array.from(Pf(Ff(this.root,t.value))),historyValue:c},this),d=new Set;function u(p,f){if(!d.has(p)){d.add(p);for(const h in p){const g=p[h];if(g&&typeof g=="object"){if("xstate$$type"in g&&g.xstate$$type===fv){p[h]=f[g.id];continue}u(g,f)}}}}return u(l.context,i),l}}function aU(e,t,n,i,{event:r}){const o=typeof r=="function"?r(n,i):r;return[t,{event:o},void 0]}function cU(e,{event:t}){e.defer(()=>e.emit(t))}function E6(e){function t(n,i){}return t.type="xstate.emit",t.event=e,t.resolve=aU,t.execute=cU,t}let W_=(function(e){return e.Parent="#_parent",e.Internal="#_internal",e})({});function lU(e,t,n,i,{to:r,event:o,id:a,delay:c},l){const d=t.machine.implementations.delays;if(typeof o=="string")throw new Error(`Only event objects may be used with sendTo; use sendTo({ type: "${o}" }) instead`);const u=typeof o=="function"?o(n,i):o;let p;if(typeof c=="string"){const g=d&&d[c];p=typeof g=="function"?g(n,i):g}else p=typeof c=="function"?c(n,i):c;const f=typeof r=="function"?r(n,i):r;let h;if(typeof f=="string"){if(f===W_.Parent?h=e.self._parent:f===W_.Internal?h=e.self:f.startsWith("#_")?h=t.children[f.slice(2)]:h=l.deferredActorIds?.includes(f)?f:t.children[f],!h)throw new Error(`Unable to send event to actor '${f}' from machine '${t.machine.id}'.`)}else h=f||e.self;return[t,{to:h,targetId:typeof f=="string"?f:void 0,event:u,id:a,delay:p},void 0]}function dU(e,t,n){typeof n.to=="string"&&(n.to=t.children[n.to])}function uU(e,t){e.defer(()=>{const{to:n,event:i,delay:r,id:o}=t;if(typeof r=="number"){e.system.scheduler.schedule(e.self,n,i,r,o);return}e.system._relay(e.self,n,i.type===aM?c6(e.self.id,i.data):i)})}function Av(e,t,n){function i(r,o){}return i.type="xstate.sendTo",i.to=e,i.event=t,i.id=n?.id,i.delay=n?.delay,i.resolve=lU,i.retryResolve=dU,i.execute=uU,i}function pU(e,t){return Av(W_.Parent,e,t)}function fU(e,t,n,i,{collect:r}){const o=[],a=function(l){o.push(l)};return a.assign=(...c)=>{o.push(er(...c))},a.cancel=(...c)=>{o.push(hv(...c))},a.raise=(...c)=>{o.push(bv(...c))},a.sendTo=(...c)=>{o.push(Av(...c))},a.sendParent=(...c)=>{o.push(pU(...c))},a.spawnChild=(...c)=>{o.push(gv(...c))},a.stopChild=(...c)=>{o.push(hg(...c))},a.emit=(...c)=>{o.push(E6(...c))},r({context:n.context,event:n.event,enqueue:a,check:c=>Zd(c,t.context,n.event,t),self:e.self,system:e.system},i),[t,void 0,o]}function hU(e){function t(n,i){}return t.type="xstate.enqueueActions",t.collect=e,t.resolve=fU,t}function gU(e,t,n,i,{value:r,label:o}){return[t,{value:typeof r=="function"?r(n,i):r,label:o},void 0]}function mU({logger:e},{value:t,label:n}){n?e(n,t):e(t)}function yU(e=({context:n,event:i})=>({context:n,event:i}),t){function n(i,r){}return n.type="xstate.log",n.value=e,n.label=t,n.resolve=gU,n.execute=mU,n}function _U(e,t){return new vv(e,t)}function wU(e){const t=dd(e);return{self:t,defer:()=>{},id:"",logger:()=>{},sessionId:"",stopChild:()=>{},system:t.system,emit:()=>{},actionExecutor:()=>{}}}function x6({schemas:e,actors:t,actions:n,guards:i,delays:r}){return{assign:er,sendTo:Av,raise:bv,log:yU,cancel:hv,stopChild:hg,enqueueActions:hU,emit:E6,spawnChild:gv,createStateConfig:o=>o,createAction:o=>o,createMachine:o=>_U({...o,schemas:e},{actors:t,actions:n,guards:i,delays:r}),extend:o=>x6({schemas:e,actors:t,actions:{...n,...o.actions},guards:{...i,...o.guards},delays:{...r,...o.delays}})}}function bU(e,t,n){const i=[],r=wU(e);return r.actionExecutor=a=>{i.push(a)},[e.transition(t,n,r),i]}var qn=(e=>(e.AUTHENTICATE="AUTHENTICATE",e.REQUIRE_EMAIL_VERIFICATION="REQUIRE_EMAIL_VERIFICATION",e.REQUIRE_MFA="REQUIRE_MFA",e.COMPLETE_MFA="COMPLETE_MFA",e.START_HOOK="START_HOOK",e.COMPLETE_HOOK="COMPLETE_HOOK",e.START_CONTINUATION="START_CONTINUATION",e.COMPLETE_CONTINUATION="COMPLETE_CONTINUATION",e.COMPLETE="COMPLETE",e.FAIL="FAIL",e.EXPIRE="EXPIRE",e))(qn||{});const C6=x6({actions:{setUserId:er(({event:e})=>e.type==="AUTHENTICATE"?{userId:e.userId}:{}),setHookId:er(({event:e})=>e.type==="START_HOOK"?{hookId:e.hookId}:{}),clearHookId:er({hookId:void 0}),setContinuationScope:er(({event:e})=>e.type==="START_CONTINUATION"?{continuationScope:e.scope}:{}),clearContinuationScope:er({continuationScope:void 0}),setFailureReason:er(({event:e})=>e.type==="FAIL"?{failureReason:e.reason}:{})}}).createMachine({id:"loginSession",initial:"pending",context:{},states:{pending:{on:{AUTHENTICATE:{target:"authenticated",actions:"setUserId"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},authenticated:{on:{REQUIRE_EMAIL_VERIFICATION:{target:"awaiting_email_verification"},REQUIRE_MFA:{target:"awaiting_mfa"},START_HOOK:{target:"awaiting_hook",actions:"setHookId"},START_CONTINUATION:{target:"awaiting_continuation",actions:"setContinuationScope"},COMPLETE:{target:"completed"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_email_verification:{on:{COMPLETE:{target:"authenticated"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_mfa:{on:{COMPLETE_MFA:{target:"authenticated"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_hook:{on:{COMPLETE_HOOK:{target:"authenticated",actions:"clearHookId"},START_CONTINUATION:{target:"awaiting_continuation",actions:"setContinuationScope"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_continuation:{on:{COMPLETE_CONTINUATION:{target:"authenticated",actions:"clearContinuationScope"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},completed:{type:"final"},failed:{type:"final"},expired:{type:"final"}}});function vU(e,t={}){return C6.resolveState({value:e,context:t})}function _i(e,t,n={}){const i=vU(e,n),[r]=bU(C6,i,t),o={},a=r.context,c=n;return a.userId!==c.userId&&(o.userId=a.userId),a.hookId!==c.hookId&&(o.hookId=a.hookId),a.continuationScope!==c.continuationScope&&(o.continuationScope=a.continuationScope),a.failureReason!==c.failureReason&&(o.failureReason=a.failureReason),{state:r.value,context:o}}function T6(e,t){Object.keys(t).forEach(n=>{const i=t[n];i!=null&&i.length&&e.searchParams.set(n,i)})}function AU(e){try{const t=typeof e=="string"?new URL(e):e;let n=`${t.protocol}//${t.host}${t.pathname}`;if(t.search){const i=Array.from(t.searchParams.keys()).map(r=>`${r}=[REDACTED]`).join("&");n+=`?${i}`}return t.hash&&(n+="#[REDACTED]"),n}catch{const n=(typeof e=="string"?e:e.toString()).match(/^([^?#]*)(\?[^#]*)?(#.*)?$/);if(!n)return"[invalid-url]";const[,i="",r,o]=n;let a=i;if(r){const c=r.substring(1).split("&").map(l=>{const[d]=l.split("=");return`${d}=[REDACTED]`}).join("&");a+=`?${c}`}return o&&(a+="#[REDACTED]"),a}}const J_=["sub","iss","aud","exp","nbf","iat","jti"];function bm(e,t,n){return{accessToken:{setCustomClaim:(i,r)=>{if(J_.includes(i))throw new Error(`Cannot overwrite reserved claim '${i}'`);t[i]=r}},idToken:{setCustomClaim:(i,r)=>{if(J_.includes(i))throw new Error(`Cannot overwrite reserved claim '${i}'`);n&&(n[i]=r)}},access:{deny:i=>{throw new U(400,{message:`Access denied: ${i}`})}},token:{createServiceToken:async i=>(await Es(e,e.var.tenant_id,i.scope,i.expiresInSeconds,i.customClaims)).access_token}}}async function Ya(e,t){const{authParams:n,user:i,client:r,session_id:o,organization:a,permissions:c,impersonatingUser:l}=t;let d=t.auth_time;if(d===void 0&&o&&e.var.tenant_id){const N=await e.env.data.sessions.get(e.var.tenant_id,o);N?.authenticated_at&&(d=Math.floor(new Date(N.authenticated_at).getTime()/1e3))}const u=e.var.tenant_id,f=(await nv(e.env.data.keys,u??"",u?e.env.signingKeyMode:"control-plane",{purpose:"sign"}))[0];if(!f?.pkcs7||!f.cert)throw new U(500,{message:"No signing key available"});const h=K5(f.pkcs7),g=await D5(f.cert),m=Dn(e.env,e.var.custom_domain),_=n.audience??r.tenant.default_audience;if(!_)throw new U(400,{error:"invalid_request",error_description:"An audience must be specified in the request or configured as the tenant default_audience"});const y={aud:_,scope:n.scope||"",sub:i?.user_id||n.client_id,iss:m,tenant_id:e.var.tenant_id,sid:o,act:l?{sub:l.user_id}:void 0,org_id:a?a.id:void 0,org_name:a&&r.tenant.allow_organization_name_in_authentication_api?a.name.toLowerCase():void 0,permissions:c,...t.customClaims};if(t.customClaims){for(const N of J_)if(N in t.customClaims)throw new Error(`Cannot overwrite reserved claim '${N}'`)}const w=n.scope?.split(" ")||[],b=w.includes("openid"),A=(n.response_type??"").trim()===Sn.ID_TOKEN,v=r.auth0_conformant!==!1||A,k=i&&b?{aud:n.client_id,sub:i.user_id,iss:m,sid:o,nonce:n.nonce,...d!==void 0?{auth_time:d}:{},...n.acr_values?{acr:n.acr_values.split(" ")[0]}:{},...v?r6(i,w):{},act:l?{sub:l.user_id}:void 0,org_id:a?.id,org_name:a?.name.toLowerCase()}:void 0,x=t.loginSession?.auth_connection||t.authConnection||e.var.connection;let T;if(x)try{const N=await e.env.data.connections.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1}),D=N.connections.find(B=>B.name===x)??N.connections.find(B=>B.name.toLowerCase()===x.toLowerCase());D&&(T={id:D.id||D.name,name:D.name,strategy:D.strategy||i?.provider||"auth0",metadata:D.options||{}})}catch(N){console.error("Error fetching connection info:",N)}e.env.hooks?.onExecuteCredentialsExchange&&await e.env.hooks.onExecuteCredentialsExchange({ctx:e,client:r,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req.method,url:e.req.url},scope:n.scope||"",grant_type:"",connection:T||(x?{id:x,name:x,strategy:i?.provider||"auth0"}:void 0)},bm(e,y,k));{const{hooks:N}=await e.env.data.hooks.list(e.var.tenant_id,{q:"trigger_id:credentials-exchange",page:0,per_page:100,include_totals:!1}),D=N.filter(Z=>Z.enabled&&to(Z)),B=bm(e,y,k);if(i){for(const Z of D)if(to(Z))try{await GL(e,Z.template_id,i,B)}catch(te){if(te instanceof z)throw te;console.warn(`[credentials-exchange] Failed to execute template hook: ${Z.template_id}`,te)}}const V=bm(e,y,k);await QL(e,N,{ctx:e,client:r,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req?.method||"",url:e.req?.url||""},scope:n.scope||"",grant_type:"",connection:T||(x?{id:x,name:x,strategy:i?.provider||"auth0"}:void 0)},V)}const I=l?3600:t.token_lifetime??86400,F={includeIssuedTimestamp:!0,expiresIn:new Pd(I,"s"),headers:{kid:f.kid}},$=await yy(g,h,y,F);if(k){const N=(n.response_type??"").split(" ");t.code&&N.includes("code")&&(k.c_hash=await uk(t.code,g)),N.includes("id_token")&&N.includes("token")&&(k.at_hash=await uk($,g))}const P=k?await yy(g,h,k,F):void 0;return{access_token:$,refresh_token:t.refresh_token,id_token:P,token_type:"Bearer",expires_in:I}}async function jf(e,t){return{code:(await e.env.data.codes.create(t.client.tenant.id,{code_id:Ue(32),user_id:t.user.user_id,code_type:"authorization_code",login_id:t.login_id,expires_at:new Date(Date.now()+dL*1e3).toISOString(),code_challenge:t.authParams.code_challenge,code_challenge_method:t.authParams.code_challenge_method,redirect_uri:t.authParams.redirect_uri,state:t.authParams.state,nonce:t.authParams.nonce})).code_id,state:t.authParams.state}}function Rf(e){if(e)return new Date(Date.now()+e*60*60*1e3).toISOString()}async function $6(e,t){const{client:n,scope:i,login_id:r}=t,o=t.audience??n.tenant.default_audience;if(!o)throw new U(400,{error:"invalid_request",error_description:"An audience must be specified in the request or configured as the tenant default_audience"});const a=Rf(n.tenant.idle_session_lifetime),c=Rf(n.tenant.session_lifetime),l=av(),{lookup:d,secret:u}=U5(),p=await Tf(u),f=n.refresh_token?.rotation_type==="rotating";return{row:await e.env.data.refreshTokens.create(n.tenant.id,{id:l,login_id:r,client_id:n.client_id,idle_expires_at:a,expires_at:c,user_id:t.user.user_id,device:{last_ip:e.var.ip,initial_ip:e.var.ip,last_user_agent:e.var.useragent||"",initial_user_agent:e.var.useragent||"",initial_asn:"",last_asn:""},resource_servers:[{audience:o,scopes:i}],rotating:f,token_lookup:d,token_hash:p,family_id:l}),wireToken:q5(d,u)}}async function Tk(e,{user:t,client:n,loginSession:i}){const r=Rf(n.tenant.idle_session_lifetime),o=Rf(n.tenant.session_lifetime);return await e.env.data.sessions.create(n.tenant.id,{id:av(),user_id:t.user_id,login_session_id:i.id,idle_expires_at:r,expires_at:o,device:{last_ip:e.var.ip||"",initial_ip:e.var.ip||"",last_user_agent:e.var.useragent||"",initial_user_agent:e.var.useragent||"",initial_asn:"",last_asn:""},clients:[n.client_id]})}async function I6(e,{user:t,client:n,loginSession:i,existingSessionId:r,authConnection:o}){const a=await e.env.data.loginSessions.get(n.tenant.id,i.id);if(!a)throw new z(400,{message:`Login session ${i.id} not found`});const c=a.state||be.PENDING;if(c===be.FAILED)throw new U(400,{error:"access_denied",error_description:a.failure_reason||"Cannot authenticate login session in failed state"});if(c===be.COMPLETED)throw new U(400,{error:"access_denied",error_description:"Login session has already been completed"});if(c===be.AUTHENTICATED){if(a.session_id)return a.session_id;throw new z(500,{message:"Login session is authenticated but has no session_id"})}let l;if(r){const f=await e.env.data.sessions.get(n.tenant.id,r);!f||f.revoked_at?l=(await Tk(e,{user:t,client:n,loginSession:i})).id:(l=r,f.clients.includes(n.client_id)||await e.env.data.sessions.update(n.tenant.id,r,{clients:[...f.clients,n.client_id]}))}else l=(await Tk(e,{user:t,client:n,loginSession:i})).id;const d=c===be.EXPIRED?be.PENDING:c,{state:u}=_i(d,{type:qn.AUTHENTICATE,userId:t.user_id}),p=o||e.var.connection;return await e.env.data.loginSessions.update(n.tenant.id,i.id,{session_id:l,state:u,user_id:t.user_id,...p?{auth_connection:p}:{},...c===be.EXPIRED?{expires_at:new Date(Date.now()+eo*1e3).toISOString()}:{}}),l}async function kU(e,t){const{user:n,client:i,loginSession:r,authStrategy:o,authConnection:a}=t;await I6(e,{user:n,client:i,loginSession:r,existingSessionId:t.existingSessionId,authConnection:a}),await e.env.data.loginSessions.update(i.tenant.id,r.id,{...o?{auth_strategy:o}:{},authenticated_at:new Date().toISOString()});const c=`/authorize/resume?state=${encodeURIComponent(r.id)}`;let l=c;if(r.authorization_url)try{const d=new URL(r.authorization_url),u=e.var.host||"";d.host&&d.host!==u&&(l=`${d.origin}${c}`)}catch{}return new Response(null,{status:302,headers:{location:l}})}async function SU(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to mark as failed`);return}const o=r.state||be.PENDING,{state:a,context:c}=_i(o,{type:qn.FAIL,reason:i});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,failure_reason:c.failureReason})}async function Df(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to start hook`);return}const o=r.state||be.PENDING,{state:a,context:c}=_i(o,{type:qn.START_HOOK,hookId:i});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,state_data:c.hookId?JSON.stringify({hookId:c.hookId}):void 0})}async function ud(e,t,n){const i=await e.env.data.loginSessions.get(t,n.id);if(!i){console.warn(`Login session ${n.id} not found when trying to complete hook`);return}const r=i.state||be.PENDING,{state:o}=_i(r,{type:qn.COMPLETE_HOOK});o!==r&&await e.env.data.loginSessions.update(t,n.id,{state:o,state_data:void 0})}async function vm(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to mark as completed`);return}const o=r.state||be.PENDING,{state:a}=_i(o,{type:qn.COMPLETE});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,...i?{auth_connection:i}:{}})}async function eu(e,t,n,i,r){const o=await e.env.data.loginSessions.get(t,n.id);if(!o){console.warn(`Login session ${n.id} not found when trying to start continuation`);return}const a=o.state||be.PENDING,{state:c}=_i(a,{type:qn.START_CONTINUATION,scope:i});if(c!==a){let l={};if(o.state_data)try{l=JSON.parse(o.state_data)}catch{}await e.env.data.loginSessions.update(t,n.id,{state:c,state_data:JSON.stringify({...l,continuationScope:i,continuationReturnUrl:r})})}else console.warn(`Failed to start continuation for login session ${n.id}: cannot transition from ${a} to AWAITING_CONTINUATION. Scope: ${JSON.stringify(i)}, Return URL: ${AU(r)}`)}async function Bf(e,t,n){const i=await e.env.data.loginSessions.get(t,n.id);if(!i){console.warn(`Login session ${n.id} not found when trying to complete continuation`);return}let r,o={};if(i.state_data)try{const l=JSON.parse(i.state_data);r=l.continuationReturnUrl;const{continuationScope:d,continuationReturnUrl:u,...p}=l;o=p}catch{}const a=i.state||be.PENDING,{state:c}=_i(a,{type:qn.COMPLETE_CONTINUATION});return c!==a?await e.env.data.loginSessions.update(t,n.id,{state:c,state_data:Object.keys(o).length>0?JSON.stringify(o):void 0}):console.warn(`completeLoginSessionContinuation: State transition from ${a} with COMPLETE_CONTINUATION was invalid or no-op`),r}function EU(e){if(!e.state_data)return null;try{return JSON.parse(e.state_data).continuationScope||null}catch{return null}}function Lf(e,t){if(e.state!==be.AWAITING_CONTINUATION)return!1;const n=EU(e);return n?n.includes(t):!1}async function nt(e,t){const{authParams:n,client:i,ticketAuth:r}=t;let{user:o}=t;const a=n.response_type||Sn.CODE,c=n.response_mode||vt.QUERY;if(r){if(!t.loginSession)throw new U(500,{message:"Login session not found for ticket auth."});o&&!t.skipHooks&&(t.authStrategy&&o.app_metadata?.strategy!==t.authStrategy.strategy&&(o.app_metadata={...o.app_metadata,strategy:t.authStrategy.strategy},await e.env.data.users.update(i.tenant.id,o.user_id,{app_metadata:{...o.app_metadata||{},strategy:t.authStrategy.strategy}})),await O6(e,e.env.data,i.tenant.id,o,t.loginSession,{client:i,authParams:n,authStrategy:t.authStrategy}));const T=sL(),I=Ue(12),F=await e.env.data.codes.create(i.tenant.id,{code_id:Ue(32),code_type:"ticket",login_id:t.loginSession.id,expires_at:new Date(Date.now()+pL).toISOString(),code_verifier:[I,T].join("|"),redirect_uri:n.redirect_uri,state:n.state,nonce:n.nonce});return e.json({login_ticket:F.code_id,co_verifier:T,co_id:I})}let l=t.refreshToken,d;if(t.loginSession){const T=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if(!T)throw new U(500,{message:"Login session not found."});const I=T.state||be.PENDING;if(I===be.COMPLETED)throw new U(400,{error:"invalid_request",error_description:"Login session has already been completed"});if(I===be.FAILED)throw new U(400,{error:"access_denied",error_description:`Login session failed: ${T.failure_reason||"unknown reason"}`});if(I===be.PENDING||I===be.EXPIRED)d=await I6(e,{user:o,client:i,loginSession:t.loginSession,existingSessionId:t.existingSessionIdToLink,authConnection:t.authConnection});else if(d=T.session_id,!d)throw new U(500,{message:`Login session in ${I} state but has no session_id`})}else throw new U(500,{message:"loginSession must be provided for front-channel auth responses."});if(t.loginSession&&o){const T=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if(T){const I=T.state||be.PENDING;let F={};if(T.state_data)try{F=JSON.parse(T.state_data)}catch{console.error("Failed to parse state_data for login session",T.id)}if(I===be.AWAITING_MFA){let $="/u2/mfa/login-options";if(F.authenticationMethodId){const N=(await e.env.data.authenticationMethods.list(i.tenant.id,o.user_id)).find(D=>D.id===F.authenticationMethodId);N?.confirmed&&N.type==="phone"?$="/u2/mfa/phone-challenge":N?.confirmed&&N.type==="totp"?$="/u2/mfa/totp-challenge":N?.confirmed&&(N.type==="passkey"||N.type==="webauthn-roaming"||N.type==="webauthn-platform")?$="/u2/passkey/challenge":N?.type==="totp"?$="/u2/mfa/totp-enrollment":N?.type==="phone"&&($="/u2/mfa/phone-enrollment")}return new Response(null,{status:302,headers:{location:`${$}?state=${encodeURIComponent(t.loginSession.id)}`}})}if(I===be.AUTHENTICATED&&!F.mfa_verified){const{checkMfaRequired:$,sendMfaOtp:P}=await Promise.resolve().then(()=>lP),N=await $(e,i.tenant.id,o.user_id);if(N.required){const{state:D}=_i(be.AUTHENTICATED,{type:qn.REQUIRE_MFA});if(N.enrolled){if(N.allEnrollments.length>1)return await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:D}),new Response(null,{status:302,headers:{location:`/u2/mfa/login-options?state=${encodeURIComponent(t.loginSession.id)}`}});if(await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:D,state_data:JSON.stringify({...F,authenticationMethodId:N.enrollment.id})}),N.enrollment.type==="totp")return new Response(null,{status:302,headers:{location:`/u2/mfa/totp-challenge?state=${encodeURIComponent(t.loginSession.id)}`}});if(N.enrollment.type==="passkey"||N.enrollment.type==="webauthn-roaming"||N.enrollment.type==="webauthn-platform")return new Response(null,{status:302,headers:{location:`/u2/passkey/challenge?state=${encodeURIComponent(t.loginSession.id)}`}});if(!N.enrollment.phone_number)throw new Error("MFA enrollment is missing phone_number");return await P(e,i,t.loginSession,N.enrollment.phone_number),new Response(null,{status:302,headers:{location:`/u2/mfa/phone-challenge?state=${encodeURIComponent(t.loginSession.id)}`}})}else{const B=i.tenant,V=B.mfa?.factors?.otp===!0,Z=B.mfa?.factors?.sms===!0,te=B.mfa?.factors?.webauthn_roaming===!0||B.mfa?.factors?.webauthn_platform===!0;return await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:D}),(V?1:0)+(Z?1:0)+(te?1:0)>1?new Response(null,{status:302,headers:{location:`/u2/mfa/login-options?state=${encodeURIComponent(t.loginSession.id)}`}}):V?new Response(null,{status:302,headers:{location:`/u2/mfa/totp-enrollment?state=${encodeURIComponent(t.loginSession.id)}`}}):te?new Response(null,{status:302,headers:{location:`/u2/passkey/enrollment?state=${encodeURIComponent(t.loginSession.id)}`}}):new Response(null,{status:302,headers:{location:`/u2/mfa/phone-enrollment?state=${encodeURIComponent(t.loginSession.id)}`}})}}}}}if(t.loginSession&&o&&c!==vt.WEB_MESSAGE){const T=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if(T){const I=T.state||be.PENDING;let F={};if(T.state_data)try{F=JSON.parse(T.state_data)}catch{}if(I===be.AUTHENTICATED&&!F.passkey_nudge_completed){const{checkPasskeyNudgeRequired:$}=await Promise.resolve().then(()=>require("./passkey-enrollment-dbZd6Zqw.js"));if((await $(e,i.tenant.id,o.user_id,T.auth_connection)).show)return await eu(e,i.tenant.id,T,["passkey-enrollment"],`/u/continue?state=${encodeURIComponent(t.loginSession.id)}`),new Response(null,{status:302,headers:{location:`/u2/passkey/enrollment-nudge?state=${encodeURIComponent(t.loginSession.id)}`}});await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state_data:JSON.stringify({...F,passkey_nudge_completed:!0})})}}}const u=a.split(" ").includes("code");if(!l&&n.scope?.split(" ").includes("offline_access")&&a!==Sn.TOKEN&&!u&&!t.impersonatingUser&&(l=(await $6(e,{user:o,client:i,login_id:t.loginSession?.id||"",scope:n.scope,audience:n.audience})).wireToken),c===vt.SAML_POST){if(!d)throw new z(500,{message:"Session ID not available for SAML response"});return ML(e,t.client,t.authParams,o,d)}const p=await xU(e,{authParams:n,user:o,client:i,session_id:d,refresh_token:l,authStrategy:t.authStrategy,authConnection:t.authConnection,loginSession:t.loginSession,responseType:a,skipHooks:t.skipHooks,organization:t.organization,impersonatingUser:t.impersonatingUser});if(p instanceof Response)return p;if(!n.redirect_uri)throw new U(400,{message:c===vt.WEB_MESSAGE?"Redirect URI not allowed for WEB_MESSAGE response mode.":"Redirect uri not found for this response mode."});const f=new Headers;d?lv(i.tenant.id,d,e.var.host||"").forEach(I=>{f.append("set-cookie",I)}):c===vt.WEB_MESSAGE&&console.warn("Session ID not available for WEB_MESSAGE, cookie will not be set.");const h=a.split(" "),g=h.includes("code"),m=h.includes("id_token"),_=h.includes("token"),y={},w="code"in p&&typeof p.code=="string",b="access_token"in p&&typeof p.access_token=="string";if(w&&g&&(y.code=p.code),b&&(_&&(y.access_token=p.access_token,y.token_type=p.token_type,y.expires_in=p.expires_in.toString()),m&&p.id_token&&(y.id_token=p.id_token)),!w&&!b)throw new U(500,{message:"Invalid token response for front-channel flow."});const v=("state"in p&&typeof p.state=="string"?p.state:void 0)??n.state;if(v&&(y.state=v),(_||m)&&n.scope&&(y.scope=n.scope),c===vt.WEB_MESSAGE){const T=new URL(n.redirect_uri),I=`${T.protocol}//${T.host}`;return U_(e,I,JSON.stringify(y),f)}if(c===vt.FORM_POST)return If(n.redirect_uri,y,f);const k=m||_,x=new URL(n.redirect_uri);if(k)x.hash=new URLSearchParams(y).toString();else for(const[T,I]of Object.entries(y))x.searchParams.set(T,I);return f.set("location",x.toString()),new Response("Redirecting",{status:302,headers:f})}async function xU(e,t){let{user:n}=t;const i=t.responseType||Sn.TOKEN;if(n&&t.organization&&!(await e.env.data.userOrganizations.list(t.client.tenant.id,{q:`user_id:${n.user_id}`,per_page:1e3})).userOrganizations.some(_=>_.organization_id===t.organization.id))throw new U(403,{error:"access_denied",error_description:"User is not a member of the specified organization"});let r=t.authParams.scope||"",o=[],a;const c=t.authParams.audience??t.client.tenant.default_audience;if(c)try{let g;if(t.grantType===Zt.ClientCredential||!n&&!t.user)g=await ld(e,{grantType:Zt.ClientCredential,tenantId:t.client.tenant.id,clientId:t.client.client_id,audience:c,requestedScopes:t.authParams.scope?.split(" ")||[],organizationId:t.organization?.id});else{const m=n?.user_id||t.user?.user_id;if(!m)throw new U(400,{error:"invalid_request",error_description:"User ID is required for user-based grants"});g=await ld(e,{grantType:t.grantType,tenantId:t.client.tenant.id,userId:m,clientId:t.client.client_id,audience:c,requestedScopes:t.authParams.scope?.split(" ")||[],organizationId:t.organization?.id})}r=g.scopes.join(" "),o=g.permissions,a=t.client.app_type==="spa"&&g.token_lifetime_for_web?g.token_lifetime_for_web:g.token_lifetime}catch(g){if(g instanceof z)throw g}const l={...t.authParams,scope:r};if(t.loginSession&&n&&!t.skipHooks){t.authStrategy&&n.app_metadata?.strategy!==t.authStrategy.strategy&&(n.app_metadata={...n.app_metadata,strategy:t.authStrategy.strategy},await e.env.data.users.update(t.client.tenant.id,n.user_id,{app_metadata:{...n.app_metadata||{},strategy:t.authStrategy.strategy}}));const g=await O6(e,e.env.data,t.client.tenant.id,n,t.loginSession,{client:t.client,authParams:l,authStrategy:t.authStrategy});if(g instanceof Response)return g;n=g}const d=t.loginSession?.auth_connection||t.authConnection||e.var.connection,u=i.split(" "),p=u.includes("code"),f=u.includes("id_token")||u.includes("token"),h=p&&f;if(i===Sn.CODE){if(!n||!t.loginSession)throw new U(500,{message:"User and loginSession is required for code flow"});const g=await jf(e,{user:n,client:t.client,authParams:l,login_id:t.loginSession.id});return await vm(e,t.client.tenant.id,t.loginSession,d),g}else if(h){if(!n||!t.loginSession)throw new U(500,{message:"User and loginSession is required for hybrid flow"});const g=await jf(e,{user:n,client:t.client,authParams:l,login_id:t.loginSession.id}),m=await Ya(e,{...t,user:n,authParams:l,permissions:o,token_lifetime:a,code:g.code});return await vm(e,t.client.tenant.id,t.loginSession,d),{...m,code:g.code,state:g.state}}else{const g=await Ya(e,{...t,user:n,authParams:l,permissions:o,token_lifetime:a});return t.loginSession&&await vm(e,t.client.tenant.id,t.loginSession,d),g}}const Mf="auth-service",z6=3600,CU=["sub","iss","aud","exp","nbf","iat","jti","scope","azp","tenant_id"];async function TU(e){const{tenants:t,keys:n,tenantId:i,scope:r,issuer:o}=e,a=await t.get(i);if(!a)throw new Error(`Tenant not found: ${i}`);const c=a.audience;if(!c)throw new Error(`Cannot mint service token: tenant "${i}" has no default audience`);if(e.customClaims){for(const m of CU)if(m in e.customClaims)throw new Error(`Cannot overwrite reserved claim '${m}'`)}const d=(await nv(n,i,e.signingKeyMode,{purpose:"sign"}))[0];if(!d?.pkcs7||!d.cert)throw new Error("No signing key available");const u=K5(d.pkcs7),p=await D5(d.cert),f=e.expiresInSeconds??z6,h={aud:c,scope:r,sub:Mf,azp:Mf,iss:o,tenant_id:i,...e.customClaims};return{access_token:await yy(p,u,h,{includeIssuedTimestamp:!0,expiresIn:new Pd(f,"s"),headers:{kid:d.kid}}),token_type:"Bearer",expires_in:f}}async function Es(e,t,n,i,r){const o=await e.env.data.tenants.get(t);if(!o)throw new Error(`Tenant not found: ${t}`);const c=await Ya(e,{client:{client_id:Mf,tenant:o,auth0_conformant:!0},authParams:{client_id:Mf,response_type:Sn.TOKEN,scope:n,audience:o.audience},customClaims:r});return{access_token:c.access_token,token_type:c.token_type,expires_in:i||z6}}function P6(e){return async(t,n="webhook")=>(await TU({tenants:e.tenants,keys:e.keys,tenantId:t,scope:n,issuer:e.issuer,signingKeyMode:e.signingKeyMode})).access_token}function fs(e){const{registration_completed_at:t,...n}=e;return n}async function mg(e,t,n){n?.user&&(n={...n,user:fs(n.user)});const i=e.env.webhookInvoker,r=async(o="webhook")=>(await Es(e,n.tenant_id,o)).access_token;for await(const o of t.filter(a=>"url"in a)){let a,c;try{const l=performance.now(),d=i?await i({hook:o,data:n,tenant_id:n.tenant_id,createServiceToken:r}):await fetch(o.url,{method:"POST",headers:{Authorization:`Bearer ${await r()}`,"Content-Type":"application/json"},body:JSON.stringify(n)}),u=performance.now()-l,p=e.res.headers.get("Server-Timing")||"",f=`webhook-${o.hook_id};dur=${u.toFixed(2)}`;if(e.res.headers.set("Server-Timing",p?`${p}, ${f}`:f),c=d.status,!d.ok){try{a=await d.text()}catch{}const h=`Failed to invoke hook ${o.hook_id} - ${d.status} ${d.statusText}`;console.error(h,{hook_url:o.url,body:a?.substring(0,512)}),await R(e,n.tenant_id,{type:O.FAILED_HOOK,description:h,userId:n.user?.user_id,details:{trigger_id:n.trigger_id,hook_id:o.hook_id,hook_url:o.url,user_id:n.user?.user_id,user_name:n.user?.name||n.user?.email,connection:n.user?.connection,response:{statusCode:c,body:a?.substring(0,512)}},connection:n.user?.connection,waitForCompletion:!0})}}catch(l){const d=`Failed to invoke hook ${o.hook_id} - ${l instanceof Error?l.message:"Unknown error"}`;console.error(d,l),await R(e,n.tenant_id,{type:O.FAILED_HOOK,description:d,userId:n.user?.user_id,details:{trigger_id:n.trigger_id,hook_id:o.hook_id,hook_url:o.url,user_id:n.user?.user_id,user_name:n.user?.name||n.user?.email,connection:n.user?.connection,error:l instanceof Error?l.message:String(l)},connection:n.user?.connection,waitForCompletion:!0})}}}function $U(e){return async(t,n)=>{const{hooks:i}=await e.env.data.hooks.list(t),r=i.filter(o=>o.trigger_id==="pre-user-registration");await mg(e,r,{tenant_id:t,email:n,trigger_id:"pre-user-registration"})}}async function IU(e,t){const{hooks:n}=await e.env.data.hooks.list(t);return n.find(i=>i.trigger_id==="validate-registration-username"&&"url"in i&&i.enabled)||null}function zU(e){return async(t,n)=>{const{hooks:i}=await e.env.data.hooks.list(t),r=i.filter(o=>o.trigger_id==="pre-user-deletion");return await mg(e,r,{tenant_id:t,user:n,trigger_id:"pre-user-deletion"}),n}}function N6(e,t,n,i){if(!e.env.outbox?.enabled||!e.env.data.outbox){ph(e,PU(e,t,n,i));return}const r={tenant_id:t,event_type:`hook.${n}`,log_type:O.SUCCESS_API_OPERATION,description:`Enqueued ${n} hook dispatch`,category:"system",actor:{type:e.var.user_id?"admin":e.var.client_id?"client_credentials":"system",id:e.var.user_id||void 0,client_id:e.var.client_id||void 0},target:{type:"user",id:i.user_id,after:fs(i)},request:{method:e.req.method,path:e.req.path,ip:e.var.ip||"",user_agent:e.var.useragent||void 0},hostname:e.var.host||"",auth0_client:e.var.auth0_client,timestamp:new Date().toISOString()},o=e.env.data.outbox.create(t,r),a=e.var.outboxEventPromises||[];a.push(o),e.set("outboxEventPromises",a)}async function PU(e,t,n,i){const{hooks:r}=await e.env.data.hooks.list(t),o=r.filter(a=>a.enabled&&a.trigger_id===n&&"url"in a);if(o.length>0&&await mg(e,o,{tenant_id:t,user:fs(i),trigger_id:n}),n==="post-user-registration"&&i.user_id)try{await e.env.data.users.update(t,i.user_id,{registration_completed_at:new Date().toISOString()})}catch(a){console.error("Failed to mark registration_completed_at on inline dispatch:",a)}}function NU(e){return async(t,n,i={})=>{const{resolveEmailLinkedPrimary:r=!1}=i;try{return{user:await e.transaction(async a=>{if(r&&!n.linked_to){const l=n.email?.toLowerCase();if(l&&n.email_verified){const d=await co({userAdapter:a.users,tenant_id:t,email:l});d&&(n.linked_to=d.user_id)}}if(n.linked_to&&!await a.users.get(t,n.linked_to))throw new U(400,{error:"invalid_request",error_description:"Primary user does not exist"});const c=await a.users.rawCreate(t,n);if(n.linked_to){const l=await a.users.get(t,n.linked_to);if(!l)throw new U(500,{error:"server_error",error_description:"Failed to fetch primary user after linking"});return l}return c}),created:!0}}catch(o){if(e6(o)){const a=await FU(e,t,n);if(a)return{user:a,created:!1}}throw o}}}async function FU(e,t,n){const i=n.email?`email:${n.email.toLowerCase()}`:n.phone_number?`phone_number:${n.phone_number}`:n.username?`username:${n.username.toLowerCase()}`:null;if(!i)return null;const{users:r}=await e.users.list(t,{page:0,per_page:10,include_totals:!1,q:i}),o=r.find(a=>a.provider===n.provider);if(!o)return null;if(o.linked_to){const a=await e.users.get(t,o.linked_to);if(!a)throw new U(500,{error:"server_error",error_description:"Primary user does not exist for linked user"});return a}return o}function hs(e,t){return{createServiceToken:async n=>(await Es(e,t,n.scope,n.expiresInSeconds,n.customClaims)).access_token}}async function tu(e,t,n,i,r="email"){if(t.client_metadata?.disable_sign_ups==="true"){const a=e.var.loginSession?.authorization_url;if(a&&new URL(a).searchParams.get("screen_hint")==="signup")return{allowed:!0};if(!await co({userAdapter:n.users,tenant_id:t.tenant.id,email:i}))return{allowed:!1,reason:"User account does not exist"}}if(e.env.hooks?.onExecuteValidateRegistrationUsername){const a={method:e.req.method,ip:e.var.ip||e.get("ip")||"",user_agent:e.var.useragent||e.get("useragent")||"",url:e.req.url};let c=!1,l;try{if(await e.env.hooks.onExecuteValidateRegistrationUsername({ctx:e,client:t,request:a,tenant:{id:t.tenant.id},user:{email:i,connection:r}},{deny:d=>{c=!0,l=d},token:hs(e,t.tenant.id)}),c)return{allowed:!1,reason:l}}catch{return{allowed:!1,reason:"Signup validation hook failed"}}}const o=await IU(e,t.tenant.id);if(o&&"url"in o)try{const a=await Es(e,t.tenant.id,"webhook"),c=await fetch(o.url,{method:"POST",headers:{Authorization:`Bearer ${a.access_token}`,"Content-Type":"application/json"},body:JSON.stringify({tenant_id:t.tenant.id,email:i,connection:r,client_id:t.client_id,trigger_id:"validate-registration-username"})});if(!c.ok)return{allowed:!1,reason:await c.text()||"Signup not allowed by webhook"};const l=await c.json();if(l.allowed===!1)return{allowed:!1,reason:l.reason||"Signup not allowed by webhook"}}catch{R(e,t.tenant.id,{type:O.FAILED_HOOK,description:"Validate signup email webhook failed"})}return{allowed:!0}}async function OU(e,t,n,i,r){const o=await tu(e,t,n,i,r);if(!o.allowed)throw R(e,t.tenant.id,{type:O.FAILED_SIGNUP,description:o.reason||"Signup not allowed"}),new U(400,{message:o.reason||"Signups are disabled for this client"});await $U(e)(t.tenant.id,i)}async function jU(e,t,n){if(n){const r=await e.env.data.clients.get(t,n);if(r?.user_linking_mode)return r.user_linking_mode}const i=e.env.userLinkingMode;if(typeof i=="function"){const r=await i({tenant_id:t,client_id:n});return r==="builtin"||r==="off"?r:"builtin"}return i??"builtin"}async function F6(e,t,n){return await jU(e,t,n)==="builtin"}function RU(e,t){return async(n,i)=>{if(e.var.client_id){const d=await Ze(e.env,e.var.client_id,e.var.tenant_id);i.email&&await OU(e,d,t,i.email,i.connection)}const r={method:e.req.method,ip:e.req.query("x-real-ip")||"",user_agent:e.req.query("user-agent"),url:e.var.loginSession?.authorization_url||e.req.url};if(e.env.hooks?.onExecutePreUserRegistration)try{await e.env.hooks.onExecutePreUserRegistration({ctx:e,user:i,request:r},{user:{setUserMetadata:async(d,u)=>{i[d]=u},setLinkedTo:d=>{i.linked_to=d}},access:{deny:(d,u)=>{throw new U(400,{message:u?`Registration denied: ${d} - ${u}`:`Registration denied: ${d}`})}},token:hs(e,n)})}catch(d){if(d instanceof z)throw d;const u=d instanceof Error?d.message:String(d);R(e,n,{type:O.FAILED_SIGNUP,description:`Pre user registration hook failed: ${u}`,details:{error:u}})}{const{hooks:d}=await t.hooks.list(n,{q:"trigger_id:pre-user-registration",page:0,per_page:100,include_totals:!1}),u=d.filter(p=>p.enabled).filter(Zo);for(const p of u)try{await $f(e,t,p,{ctx:e,user:i,request:r},"pre-user-registration",{user:{setUserMetadata:(f,h)=>{i[f]=h},setLinkedTo:f=>{i.linked_to=f}},access:{deny:(f,h)=>{throw new U(400,{message:h?`Registration denied: ${f} - ${h}`:`Registration denied: ${f}`})}}})}catch(f){if(f instanceof z)throw f;const h=f instanceof Error?f.message:String(f);R(e,n,{type:O.FAILED_SIGNUP,description:`Pre user registration code hook ${p.hook_id} failed: ${h}`,details:{hook_id:p.hook_id,code_id:p.code_id,trigger_id:"pre-user-registration",error:h}})}}const o=await F6(e,n,e.var.client_id),a=await NU(t)(n,i,{resolveEmailLinkedPrimary:o});if(!a.created)throw new U(409,{message:"User already exists"});let c=a.user;return await(async()=>{if(e.env.hooks?.onExecutePostUserRegistration)try{await e.env.hooks.onExecutePostUserRegistration({ctx:e,user:i,request:r},{user:{},token:hs(e,n)})}catch(d){const u=d instanceof Error?d.message:String(d);R(e,n,{type:O.FAILED_SIGNUP,description:`Post user registration hook failed: ${u}`,details:{error:u}})}{const{hooks:d}=await e.env.data.hooks.list(n,{q:"trigger_id:post-user-registration",page:0,per_page:100,include_totals:!1}),u=d.filter(f=>f.enabled&&Zo(f));for(const f of u)if(Zo(f))try{await $f(e,e.env.data,f,{ctx:e,user:c,request:r},"post-user-registration",{user:{}})}catch(h){const g=h instanceof Error?h.message:String(h);R(e,n,{type:O.FAILED_SIGNUP,description:`Post user registration code hook ${f.hook_id} failed: ${g}`,details:{hook_id:f.hook_id,code_id:f.code_id,trigger_id:"post-user-registration",error:g}})}const p=d.filter(f=>f.enabled&&to(f));for(const f of p)if(to(f))try{c=await dv(e,f.template_id,c,f.metadata)}catch(h){const g=h instanceof Error?h.message:String(h);R(e,n,{type:O.FAILED_SIGNUP,description:`Post user registration template hook ${f.template_id} failed: ${g}`,details:{template_id:f.template_id,trigger_id:"post-user-registration",error:g}})}}N6(e,n,"post-user-registration",c)})(),c}}function DU(e,t){return async(n,i,r)=>{if(Object.keys(r).length===1&&"linked_to"in r)return t.users.update(n,i,r);const o=await t.users.get(n,i);if(!o)throw new U(404,{message:"User not found"});const a={method:e.req.method,ip:e.var.ip||e.get("ip")||"",user_agent:e.var.useragent||e.get("useragent")||"",url:e.req.url};if(e.env.hooks?.onExecutePreUserUpdate)try{await e.env.hooks.onExecutePreUserUpdate({ctx:e,tenant:{id:n},user_id:i,user:fs(o),updates:r,request:a},{user:{setUserMetadata:async(l,d)=>{r[l]=d}},cancel:()=>{throw new U(400,{message:"User update cancelled by pre-update hook"})},token:hs(e,n)})}catch(l){throw R(e,n,{type:O.ACTIONS_EXECUTION_FAILED,description:`Pre user update hook failed: ${l instanceof Error?l.message:"Unknown error"}`,userId:i}),new U(400,{message:"Pre user update hook failed"})}const c=await F6(e,n,e.var.client_id);await t.transaction(async l=>{if(!await l.users.update(n,i,r))throw new U(404,{message:"User not found"});if(c&&(r.email||r.email_verified)){const u=await l.users.get(n,i);if(u&&!u.linked_to&&u.email&&u.email_verified){const p=u.email.toLowerCase(),{users:f}=await l.users.list(n,{page:0,per_page:10,include_totals:!1,q:`email:${p}`}),h=f.filter(m=>m.user_id!==i),g=h.find(m=>!m.linked_to);if(g)await l.users.update(n,i,{linked_to:g.user_id});else if(h[0]?.linked_to){const m=await l.users.get(n,h[0].linked_to);m&&await l.users.update(n,i,{linked_to:m.user_id})}}}});{const{hooks:l}=await t.hooks.list(n,{q:"trigger_id:post-user-update",page:0,per_page:100,include_totals:!1}),d=l.filter(u=>to(u)&&u.enabled===!0);if(d.length>0){const u=await t.users.get(n,i);if(u){let p=u;for(const f of d)if(to(f))try{p=await dv(e,f.template_id,p,f.metadata)}catch{R(e,n,{type:O.ACTIONS_EXECUTION_FAILED,description:`Post user update template hook ${f.template_id} failed`,userId:i})}}}}return r.email&&R(e,n,{type:O.SUCCESS_CHANGE_EMAIL,description:`Email updated to ${r.email}`,userId:i}),!0}}function BU(e,t){return async(n,i)=>{const r=await t.users.get(n,i);if(!r)return!1;const o={method:e.req.method,ip:e.var.ip||e.get("ip")||"",user_agent:e.var.useragent||e.get("useragent")||"",url:e.req.url};if(e.env.hooks?.onExecutePreUserDeletion)try{await e.env.hooks.onExecutePreUserDeletion({ctx:e,user:fs(r),user_id:i,request:o,tenant:{id:n}},{cancel:()=>{throw new U(400,{message:"User deletion cancelled by pre-deletion hook"})},token:hs(e,n)})}catch(c){throw c instanceof z?c:(R(e,n,{type:O.FAILED_HOOK,description:`Pre user deletion hook failed: ${c instanceof Error?c.message:String(c)}`}),new U(400,{message:"Pre user deletion hook failed"}))}try{await zU(e)(n,r)}catch(c){throw R(e,n,{type:O.FAILED_HOOK,description:`Pre user deletion webhook failed: ${c instanceof Error?c.message:String(c)}`}),new U(400,{message:"Pre user deletion webhook failed"})}const a=await t.transaction(async c=>{const l=await c.users.list(n,{q:`linked_to:${i}`});for(const d of l.users){const[u,...p]=d.user_id.split("|");u&&await c.users.unlink(n,i,u,p.join("|"))}return c.users.remove(n,i)});if(a&&R(e,n,{type:O.SUCCESS_USER_DELETION,description:`Deleted user: ${r.email||i}`,userId:i,strategy:r.provider||"auth0",strategy_type:r.is_social?Ht.SOCIAL:Ht.DATABASE,connection:r.connection||"",body:{tenant:n,connection:r.connection||""}}),a&&(N6(e,n,"post-user-deletion",r),e.env.hooks?.onExecutePostUserDeletion))try{await e.env.hooks.onExecutePostUserDeletion({ctx:e,user:fs(r),user_id:i,request:o,tenant:{id:n}},{token:hs(e,n)})}catch(c){R(e,n,{type:O.FAILED_HOOK,description:`Post user deletion hook failed: ${c instanceof Error?c.message:String(c)}`})}return a}}function nu(e,t){const n=t;return{...t,users:{...t.users,create:RU(e,n),update:DU(e,n),remove:BU(e,n)}}}function $k(e){return typeof e.form_id=="string"}function Qa(e,t){const n=e.match(/^\{\{context\.user\.(.+)\}\}$/);if(n&&n[1])return Ik(t.user,n[1]);const i=e.match(/^\{\{user\.(.+)\}\}$/);if(i&&i[1])return Ik(t.user,i[1]);const r=e.match(/^\{\{\$form\.(.+)\}\}$/);if(r&&r[1]&&t.submittedFields){const o=t.submittedFields[r[1]];return o!==void 0?String(o):void 0}return e}function Ik(e,t){const n=t.split(".");let i=e;for(const r of n)if(i&&typeof i=="object"&&r in i)i=i[r];else return;return typeof i=="string"?i:i==null?void 0:String(i)}function LU(e,t){const n={};for(const[i,r]of Object.entries(e))if(typeof r=="string"){const o=Qa(r,t);o!==void 0&&(n[i]=o)}else r!=null&&(n[i]=String(r));return n}function zk(e,t){const n=e.operator?.toLowerCase(),i=e.field?Qa(e.field,t):"",r=e.value||"";switch(n){case"exists":return i!=null&&i!=="";case"not_exists":return i==null||i==="";case"ends_with":return typeof i=="string"&&i.endsWith(r);case"starts_with":return typeof i=="string"&&i.startsWith(r);case"contains":return typeof i=="string"&&i.includes(r);case"not_contains":return typeof i!="string"||!i.includes(r);case"equals":case"eq":return i===r;case"not_equals":case"neq":return i!==r;default:if(e.operands&&Array.isArray(e.operands)){for(const o of e.operands)if(o.operator==="ENDS_WITH"&&Array.isArray(o.operands)&&o.operands.length>=2){const a=o.operands[0],c=o.operands[1];if(a&&c){const l=Qa(`{{context.user.${a}}}`,t);if(typeof l=="string"&&l.endsWith(c))return!0}}}return!1}}function MU(e,t){return e.type==="and"&&Array.isArray(e.conditions)?e.conditions.every(n=>zk(n,t)):zk(e,t)}function yg(e,t){const n={};for(const[i,r]of Object.entries(e))if(i.startsWith("user_metadata.")||i.startsWith("metadata.")){const o=i.startsWith("user_metadata.")?i.slice(14):i.slice(9),a=t.user_metadata||{};n.user_metadata={...a,...n.user_metadata||{},[o]:r}}else if(i.startsWith("address.")){const o=i.slice(8),a=t.address||{};n.address={...a,...n.address||{},[o]:r}}else n[i]=r;return n}function _g(e){const t=new Map;for(const n of e){const i=t.get(n.user_id);i?i.changes={...i.changes,...n.changes}:t.set(n.user_id,{user_id:n.user_id,changes:{...n.changes}})}return Array.from(t.values())}function wg(e,t,n){switch(e){case"change-email":return`/u/account/change-email?state=${encodeURIComponent(n)}`;case"account":return`/u/account?state=${encodeURIComponent(n)}`;case"custom":if(!t)throw new z(400,{message:"Custom URL is required for custom redirect target"});const i=new URL(t,"http://placeholder");return i.searchParams.set("state",n),i.pathname+i.search;default:throw new z(400,{message:`Unknown redirect target: ${e}`})}}async function bg(e,t,n,i,r=10){let o=t,a=0;const c=[];for(;a<r;){if(o==="$ending")return{type:"end",userUpdates:c.length>0?c:void 0};const l=e.find(d=>d.id===o);if(!l)return null;if(l.type==="STEP")return{type:"step",nodeId:l.id,userUpdates:c.length>0?c:void 0};if(l.type==="ACTION"){const d=l;if(d.config.action_type==="REDIRECT")return{type:"redirect",target:d.config.target,customUrl:d.config.custom_url,userUpdates:c.length>0?c:void 0};o=d.config.next_node,a++;continue}if(l.type==="ROUTER"){const d=l;let u=null;for(const p of d.config.rules)if(MU(p.condition,n)){u=p.next_node;break}if(u||(u=d.config.fallback),!u)return null;o=u,a++;continue}if(l.type==="FLOW"){const d=l;if(i&&d.config.flow_id){const u=await i(d.config.flow_id);if(u&&u.actions&&u.actions.length>0)for(const p of u.actions){if(p.type==="REDIRECT"&&p.action==="REDIRECT_USER"){const f=p.params?.target;if(f)return{type:"redirect",target:f,customUrl:p.params?.custom_url,userUpdates:c.length>0?c:void 0}}if(p.type==="AUTH0"&&p.action==="UPDATE_USER"&&p.params){const f=p.params.user_id&&Qa(p.params.user_id,n)||n.user.user_id,h=p.params.changes?LU(p.params.changes,n):{};Object.keys(h).length>0&&c.push({user_id:f,changes:h})}}}if(d.config.next_node){o=d.config.next_node,a++;continue}return{type:"end",userUpdates:c.length>0?c:void 0}}return null}return null}async function UU(e,t,n,i,r){const o=e.env.data,a=e.var.tenant_id||e.req.header("tenant-id");if(!a)throw new z(400,{message:"Missing tenant_id in context"});const c=r?.client_metadata?.universal_login_version==="2"?"/u2":"/u",l=await o.forms.get(a,t);if(!l)throw new z(404,{message:"Form not found for post-user-login hook"});let d=l.start?.next_node;if(!d&&l.nodes&&l.nodes.length>0&&(d=l.nodes.find(f=>f.type==="STEP")?.id),!d)throw new z(400,{message:"No start node found in form"});if(i&&l.nodes){const p=async h=>{const g=await o.flows.get(a,h);return g?{actions:g.actions?.map(m=>({type:m.type,action:m.action,params:"params"in m&&m.params?m.params:void 0}))}:null},f=await bg(l.nodes,d,{user:i},p);if(f&&f.userUpdates&&f.userUpdates.length>0){const h=_g(f.userUpdates);for(const g of h){const m=yg(g.changes,i);await o.users.update(a,g.user_id,m)}}if(!f||f.type==="end")return i;if(f.type==="redirect"){const h=f.target,g=wg(h,f.customUrl,n.id);if(h==="change-email"||h==="account"){const m=`${c}/continue?state=${encodeURIComponent(n.id)}`;await eu(e,a,n,[h],m)}else await Df(e,a,n,`form:${t}`);return new Response(null,{status:302,headers:{location:g}})}d=f.nodeId}await Df(e,a,n,`form:${t}`);let u=`${c}/forms/${l.id}/nodes/${d}?state=${encodeURIComponent(n.id)}`;return new Response(null,{status:302,headers:{location:u}})}function Pk(e){return typeof e.page_id=="string"&&typeof e.enabled=="boolean"}async function qU(e,t,n,i,r){const o=e.env.data,a=e.var.tenant_id||e.req.header("tenant-id");if(!a)throw new z(400,{message:"Missing tenant_id in context"});if(r&&!(await o.userPermissions.list(a,i.user_id)).some(p=>p.permission_name===r))return i;await Df(e,a,n,`page:${t}`);let c="/u";if(n.authParams.client_id)try{(await Ze(e.env,n.authParams.client_id,a))?.client_metadata?.universal_login_version==="2"&&(c="/u2")}catch{}let l=`${c}/${t}?state=${encodeURIComponent(n.id)}`;return new Response(null,{status:302,headers:{location:l}})}function HU(e){return typeof e.url=="string"}async function VU(e,t,n,i,r,o){let a=[];try{a=(await t.userRoles.list(n,i.user_id,void 0,"")).map(f=>f.name||f.id)}catch(u){console.error("Error fetching user roles:",u)}let c={};if(i.connection)try{const p=(await t.connections.list(n,{page:0,per_page:100,include_totals:!1})).connections.find(f=>f.name===i.connection);p&&(c={id:p.id,name:p.name,strategy:p.strategy||i.provider,metadata:p.options||{}})}catch(u){console.error("Error fetching connection info:",u)}let l;try{if(r.authParams?.organization){const u=await t.organizations.get(n,r.authParams.organization);u&&(l={id:u.id,name:u.name,display_name:u.display_name||u.name,metadata:u.metadata||{}})}}catch(u){console.error("Error fetching organization info:",u)}const d=e.get("countryCode");return{ctx:e,client:o.client,user:fs(i),request:{asn:void 0,ip:e.get("ip")||"",user_agent:e.get("useragent"),method:e.req.method,url:e.req.url,geoip:{cityName:void 0,continentCode:void 0,countryCode:d||void 0,countryName:void 0,latitude:void 0,longitude:void 0,timeZone:void 0}},transaction:{id:r.id,locale:r.authParams?.ui_locales||"en",login_hint:void 0,prompt:r.authParams?.prompt,redirect_uri:r.authParams?.redirect_uri,requested_scopes:r.authParams?.scope?.split(" ")||[],response_mode:r.authParams?.response_mode,response_type:r.authParams?.response_type,state:r.authParams?.state,ui_locales:r.authParams?.ui_locales},scope:o.authParams?.scope||"",grant_type:o.authParams?.grant_type||"",audience:o.authParams?.audience,authentication:{methods:[{name:i.is_social?"federated":"pwd",timestamp:new Date().toISOString()}]},authorization:{roles:a},connection:Object.keys(c).length>0?c:{id:i.connection||W.USERNAME_PASSWORD,name:i.connection||W.USERNAME_PASSWORD,strategy:i.provider||"auth0"},organization:l,resource_server:o.authParams?.audience?{identifier:o.authParams.audience}:void 0,stats:{logins_count:i.login_count||0},tenant:{id:n},session:{id:r.id,created_at:r.created_at,authenticated_at:new Date().toISOString(),clients:[{client_id:o.client.client_id}],device:{initial_ip:e.get("ip"),initial_user_agent:e.get("useragent"),last_ip:i.last_ip||e.get("ip"),last_user_agent:e.get("useragent")}}}}async function O6(e,t,n,i,r,o){const a=o?.authStrategy?.strategy_type?o.authStrategy.strategy_type:i.is_social?Ht.SOCIAL:Ht.DATABASE,c=o?.authStrategy?.strategy||i.connection||"";if(R(e,n,{type:O.SUCCESS_LOGIN,description:`Successful login for ${i.user_id}`,userId:i.user_id,strategy_type:a,strategy:c,connection:c,audience:o?.authParams?.audience,scope:o?.authParams?.scope}),await t.users.update(n,i.user_id,{last_login:new Date().toISOString(),last_ip:e.var.ip||"",login_count:i.login_count+1}),e.env.hooks?.onExecutePostLogin&&o?.client&&o?.authParams&&r){let h=null;const g=await VU(e,t,n,i,r,{client:o.client,authParams:o.authParams});if(await e.env.hooks.onExecutePostLogin(g,{prompt:{render:m=>{}},redirect:{sendUserTo:(m,_)=>{const y=new URL(m,e.req.url);y.searchParams.set("state",r.id),_?.query&&Object.entries(_.query).forEach(([w,b])=>{y.searchParams.set(w,b)}),h=y.toString()},encodeToken:m=>JSON.stringify({payload:m.payload,exp:Date.now()+(m.expiresInSeconds||900)*1e3}),validateToken:m=>null},token:hs(e,n)}),h)return await Df(e,n,r,"onExecutePostLogin"),new Response(null,{status:302,headers:{location:h}})}const{hooks:l}=await t.hooks.list(n),d=l.filter(h=>h.trigger_id==="post-user-login");if(r){const h=d.find(m=>m.enabled&&$k(m));if(h&&$k(h))return UU(e,h.form_id,r,i,o?.client);const g=d.find(m=>m.enabled&&Pk(m));if(g&&Pk(g))return qU(e,g.page_id,r,i,g.permission_required)}const u=d.filter(h=>h.enabled&&to(h));for(const h of u)if(to(h))try{i=await dv(e,h.template_id,i,h.metadata)}catch(g){const m=g instanceof Error?g.message:String(g);R(e,n,{type:O.FAILED_HOOK,description:`Failed to execute template hook ${h.template_id}: ${m}`,details:{template_id:h.template_id,trigger_id:"post-user-login",error:m}})}const p=d.filter(h=>h.enabled&&Zo(h));for(const h of p)if(Zo(h))try{await $f(e,t,h,{ctx:e,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req.method,url:e.req.url},tenant:{id:n}},"post-user-login",{})}catch(g){const m=g instanceof Error?g.message:String(g);R(e,n,{type:O.FAILED_HOOK,description:`Failed to execute code hook ${h.hook_id}: ${m}`,details:{hook_id:h.hook_id,code_id:h.code_id,trigger_id:"post-user-login",error:m}})}const f=d.filter(h=>h.enabled&&HU(h));return await mg(e,f,{tenant_id:n,user:i,trigger_id:"post-user-login"}),i}function iu(e,t){const n={};for(const[i,r]of Object.entries(t)){if(r==null)continue;if(typeof r=="function"){n[i]=r;continue}const o={};for(const[a,c]of Object.entries(r))typeof c=="function"?o[a]=async(...l)=>{const d=performance.now();try{const u=await c(...l),f=performance.now()-d,h=e.res.headers.get("Server-Timing")||"",g=h?`${h}, ${i}-${a};dur=${f.toFixed(2)}`:`${i}-${a};dur=${f.toFixed(2)}`;return e.res.headers.set("Server-Timing",g),u}catch(u){const f=performance.now()-d,h=e.res.headers.get("Server-Timing")||"",g=h?`${h}, ${i}-${a}-error;dur=${f.toFixed(2)}`:`${i}-${a}-error;dur=${f.toFixed(2)}`;throw e.res.headers.set("Server-Timing",g),u}}:o[a]=c;n[i]=o}return n}function Sc(e){return async(t,n)=>(t.env||(t.env={}),!t.env.data&&e.dataAdapter&&(t.env.data=e.dataAdapter),e.hooks&&(t.env.hooks={...e.hooks,...t.env.hooks||{}}),e.samlSigner&&(t.env.samlSigner=e.samlSigner),e.poweredByLogo&&(t.env.poweredByLogo=e.poweredByLogo),t.env.codeExecutor==null&&e.codeExecutor&&(t.env.codeExecutor=e.codeExecutor),e.webhookInvoker&&(t.env.webhookInvoker=e.webhookInvoker),e.outbox&&(t.env.outbox=e.outbox),e.userLinkingMode&&(t.env.userLinkingMode=e.userLinkingMode),e.usernamePasswordProvider&&(t.env.usernamePasswordProvider=e.usernamePasswordProvider),e.signingKeyMode&&(t.env.signingKeyMode=e.signingKeyMode),n())}async function Ec(e,t){const n=e.req.header("x-forwarded-host"),i=e.req.header("host");e.set("host",n||i||new URL(Dn(e.env)).host);const r=e.var.user;if(r?.tenant_id)return e.set("tenant_id",r.tenant_id),await t();const o=e.req.header("tenant-id");if(o)return e.set("tenant_id",o),await t();if(n){const a=await e.env.data.customDomains.getByDomain(n.toLowerCase());if(a)return e.set("tenant_id",a.tenant_id),e.set("custom_domain",n),await t()}if(i){const a=i.toLowerCase(),c=await e.env.data.customDomains.getByDomain(a);if(c)return e.set("tenant_id",c.tenant_id),e.set("custom_domain",i),await t();const l=a.split(".");if(l.length>1&&typeof l[0]=="string"){const d=l[0];if(await e.env.data.tenants.get(d)){e.set("tenant_id",d);const p=new URL(Dn(e.env)).host.toLowerCase();a!==p&&e.set("custom_domain",i)}}}if(!e.var.tenant_id){const a=e.req.query("tenant_id");if(a)return e.set("tenant_id",a),await t()}if(!e.var.tenant_id){const{tenants:a}=await e.env.data.tenants.list({per_page:2});a.length===1&&a[0]&&e.set("tenant_id",a[0].id)}return await t()}const KU=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.object({node:s.z.string().optional()}).optional()});function GU(e){if(e)try{let t=e;try{t=atob(e)}catch{}try{const n=JSON.parse(t);return KU.parse(n)}catch{}}catch{return}}const xc=async(e,t)=>{const n=e.req.query("auth0Client")?.slice(0,255),r=(e.req.header("x-forwarded-host")&&e.req.header("x-forwarded-for")?e.req.header("x-forwarded-for")?.split(",")[0]?.trim():e.req.header("cf-connecting-ip")||e.req.header("x-real-ip"))?.slice(0,45),o=e.req.header("user-agent")?.slice(0,512),a=e.req.header("cf-ipcountry")?.slice(0,2),c=n?GU(n):void 0;c&&e.set("auth0_client",c),r&&e.set("ip",r),o&&e.set("useragent",o),a&&e.set("countryCode",a),await t()};function Am(e,t,n,i){try{const r=`${e}:${t}:${JSON.stringify(n)}`;return i?`${i}:${r}`:r}catch{const o=`${e}:${t}:${Date.now()}-${Math.random()}`;return i?`${i}:${o}`:o}}function ru(e,t){const{cache:n,defaultTtl:i,customTtls:r={},excludeMethods:o=[],cacheEntities:a=[],keyPrefix:c}=t,l=new Set(o),d=a.length===0,u=new Set(a),p={};for(const[f,h]of Object.entries(e)){if(h==null)continue;if(typeof h=="function"){p[f]=h;continue}const g=d||u.has(f),m={};for(const[_,y]of Object.entries(h))if(typeof y=="function"){if(!g){m[_]=y;continue}const w=`${f}:${_}`;if(l.has(w)){m[_]=y;continue}const b=r[w]??i,A=["create","update","remove","delete","set","used","add"].some(v=>_.startsWith(v));m[_]=async(...v)=>{if(A){const I=await y.apply(h,v);try{if(v.length>=2&&["update","remove","delete"].includes(_)){const $=Am(f,"get",[v[0],v[1]],c);await n.delete($);const P=Am(f,"list",[v[0],{}],c);await n.delete(P)}const F=c?`${c}:${f}:`:`${f}:`;await n.deleteByPrefix(F)}catch{}return I}const k=Am(f,_,v,c),x=await n.get(k);if(x!==null)if(x&&typeof x=="object"&&"isCachedNull"in x){const I=x;return I.isCachedNull?null:I.value}else return x;const T=await y.apply(h,v);if(b>=0)if(T!==null)await n.set(k,T,b);else{const I={value:null,isCachedNull:!0};await n.set(k,I,b)}return T}}else m[_]=y;p[f]=m}return p}function Iu(e){if(!e)return;const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:{beforeCreate:Uf(t.map(n=>n.beforeCreate),(n,i)=>[n,i],(n,i)=>[n[0],i]),afterCreate:ma(t.map(n=>n.afterCreate)),beforeUpdate:Uf(t.map(n=>n.beforeUpdate),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterUpdate:ma(t.map(n=>n.afterUpdate)),beforeDelete:ma(t.map(n=>n.beforeDelete)),afterDelete:ma(t.map(n=>n.afterDelete))}}function Uf(e,t,n){const i=e.filter(r=>r!==void 0);if(i.length!==0)return i.length===1?i[0]:async(...r)=>{let o=t(...r),a=o[o.length-1];for(const c of i)a=await c(...o),o=n(o,a);return a}}function ma(e){const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:async(...n)=>{for(const i of t)await i(...n)}}function WU(e){if(!e)return;const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:{beforeAssign:Uf(t.map(n=>n.beforeAssign),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterAssign:ma(t.map(n=>n.afterAssign)),beforeRemove:Uf(t.map(n=>n.beforeRemove),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterRemove:ma(t.map(n=>n.afterRemove))}}function km(e,t,n){return t?{...e,create:async(i,r)=>{let o=r;t.beforeCreate&&(o=await t.beforeCreate(n,r));const a=await e.create(i,o);return t.afterCreate&&await t.afterCreate(n,a),a},update:async(i,r,o)=>{let a=o;t.beforeUpdate&&(a=await t.beforeUpdate(n,r,o));const c=await e.update(i,r,a);if(t.afterUpdate){let l;typeof c=="boolean"?l=await e.get(i,r):l=c,l&&await t.afterUpdate(n,r,l)}return c},remove:async(i,r)=>{t.beforeDelete&&await t.beforeDelete(n,r);const o=await e.remove(i,r);return t.afterDelete&&o&&await t.afterDelete(n,r),o}}:e}function JU(e,t,n){return t?{...e,assign:async(i,r,o)=>{let a=o;t.beforeAssign&&(a=await t.beforeAssign(n,r,o));const c=await e.assign(i,r,a);return t.afterAssign&&c&&await t.afterAssign(n,r,a),c},remove:async(i,r,o)=>{let a=o;t.beforeRemove&&(a=await t.beforeRemove(n,r,o));const c=await e.remove(i,r,a);return t.afterRemove&&c&&await t.afterRemove(n,r,a),c}}:e}function YU(e,t,n){return t?{...e,create:async i=>{let r=i;t.beforeCreate&&(r=await t.beforeCreate(n,i));const o=await e.create(r);return t.afterCreate&&await t.afterCreate(n,o),o},update:async(i,r)=>{let o=r;if(t.beforeUpdate&&(o=await t.beforeUpdate(n,i,r)),await e.update(i,o),t.afterUpdate){const a=await e.get(i);a&&await t.afterUpdate(n,i,a)}},remove:async i=>{t.beforeDelete&&await t.beforeDelete(n,i);const r=await e.remove(i);return t.afterDelete&&r&&await t.afterDelete(n,i),r}}:e}function j6(e,t){const{tenantId:n,entityHooks:i}=t;if(!i)return e;const r={connections:Iu(i.connections),roles:Iu(i.roles),resourceServers:Iu(i.resourceServers),rolePermissions:WU(i.rolePermissions),tenants:Iu(i.tenants)},o={tenantId:n,adapters:e};return{...e,connections:km(e.connections,r.connections,o),roles:km(e.roles,r.roles,o),resourceServers:km(e.resourceServers,r.resourceServers,o),rolePermissions:JU(e.rolePermissions,r.rolePermissions,o),tenants:YU(e.tenants,r.tenants,o)}}class QU{constructor(t={}){this.config=t;const n=t.cleanupIntervalMs;n&&n>0&&(this.cleanupTimer=setInterval(()=>{this.cleanupExpired()},n))}config;cache=new Map;accessOrder=new Map;accessCounter=0;cleanupTimer;async get(t){const n=this.cache.get(t);return n?n.expiresAt&&n.expiresAt<new Date?(this.cache.delete(t),this.accessOrder.delete(t),null):(this.accessOrder.set(t,++this.accessCounter),n.value):null}async set(t,n,i){let r;const o=i??this.config.defaultTtlSeconds,a=o!==void 0,c=a?Math.max(0,o):0;a&&(r=new Date(Date.now()+(c>0?c*1e3:-1))),this.config.maxEntries&&this.cache.size>=this.config.maxEntries&&!this.cache.has(t)&&this.evictLeastRecentlyUsed();const l={value:n,expiresAt:r};this.cache.set(t,l),this.accessOrder.set(t,++this.accessCounter)}async delete(t){const n=this.cache.has(t);return this.cache.delete(t),this.accessOrder.delete(t),n}async deleteByPrefix(t){let n=0;for(const i of this.cache.keys())i.startsWith(t)&&(this.cache.delete(i),this.accessOrder.delete(i),n++);return n}async clear(){this.cache.clear(),this.accessOrder.clear(),this.accessCounter=0}getStats(){return{size:this.cache.size,maxEntries:this.config.maxEntries,defaultTtlSeconds:this.config.defaultTtlSeconds}}cleanupExpired(){const t=new Date,n=[];for(const[i,r]of this.cache.entries())r.expiresAt&&r.expiresAt<t&&n.push(i);for(const i of n)this.cache.delete(i),this.accessOrder.delete(i)}evictLeastRecentlyUsed(){let t=null,n=1/0;for(const[i,r]of this.accessOrder.entries())r<n&&(n=r,t=i);t&&(this.cache.delete(t),this.accessOrder.delete(t))}destroy(){this.cleanupTimer&&(clearInterval(this.cleanupTimer),this.cleanupTimer=void 0)}}function Cc(e={}){return new QU(e)}const ZU=Et.extend({forms:s.z.array(sa)}),XU=new s.OpenAPIHono().openapi(s.createRoute({tags:["forms"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:forms","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(sa),ZU])}},description:"List of forms"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.forms.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a});return r?e.json(c):e.json(c.forms)}).openapi(s.createRoute({tags:["forms"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:forms","auth:read"]}],responses:{200:{content:{"application/json":{schema:sa}},description:"A form"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.forms.get(t,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["forms"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:forms","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.forms.remove(t,n))throw new z(404,{message:"Form not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Form",targetType:"form",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["forms"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(kp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:forms","auth:write"]}],responses:{200:{content:{"application/json":{schema:sa}},description:"The updated form"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.forms.update(t,n,i))throw new z(404,{message:"Form not found"});const o=await e.env.data.forms.get(t,n);if(!o)throw new z(404,{message:"Form not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Form",targetType:"form",targetId:n,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["forms"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(kp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:forms","auth:write"]}],responses:{201:{content:{"application/json":{schema:sa}},description:"A form"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.forms.create(t,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Form",targetType:"form",targetId:i.id,afterState:i}),e.json(i,{status:201})}),eq=Et.extend({flows:s.z.array(oa)}),tq=new s.OpenAPIHono().openapi(s.createRoute({tags:["flows"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:flows","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(oa),eq])}},description:"List of flows"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.flows.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a});return r?e.json(c):e.json(c.flows)}).openapi(s.createRoute({tags:["flows"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:flows","auth:read"]}],responses:{200:{content:{"application/json":{schema:oa}},description:"A flow"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.flows.get(t,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["flows"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:flows","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.flows.remove(t,n))throw new z(404,{message:"Flow not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Flow",targetType:"flow",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["flows"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(yp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:flows","auth:write"]}],responses:{200:{content:{"application/json":{schema:oa}},description:"The updated flow"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.flows.update(t,n,i);if(!r)throw new z(404,{message:"Flow not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Flow",targetType:"flow",targetId:n,afterState:r}),e.json(r)}).openapi(s.createRoute({tags:["flows"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(yp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:flows","auth:write"]}],responses:{201:{content:{"application/json":{schema:oa}},description:"The created flow"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.flows.create(t,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Flow",targetType:"flow",targetId:i.id,afterState:i}),e.json(i,{status:201})}),nq=Et.extend({roles:s.z.array(Mo)}),iq=Et.extend({permissions:s.z.array(Gw)}),rq=new s.OpenAPIHono().openapi(s.createRoute({tags:["roles"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:roles","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Mo),nq])}},description:"List of roles"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=e.var.tenant_id;if(!a)throw new z(400,{message:"tenant-id header is required"});const c=await e.env.data.roles.list(a,{page:t,per_page:n,include_totals:i,sort:kt(r),q:o});return i?e.json(c):e.json(c.roles)}).openapi(s.createRoute({tags:["roles"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:roles","auth:read"]}],responses:{200:{content:{"application/json":{schema:Mo}},description:"A role"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!n)throw new z(400,{message:"tenant-id header is required"});const i=await e.env.data.roles.get(n,t);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["roles"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Tp}}}},security:[{Bearer:["create:roles","auth:write"]}],responses:{201:{content:{"application/json":{schema:Mo}},description:"Role created"}}}),async e=>{const t=e.req.valid("json"),n=e.var.tenant_id;if(!n)throw new z(400,{message:"tenant-id header is required"});const i=await e.env.data.roles.create(n,t);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Role",targetType:"role",targetId:i.id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["roles"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Tp.partial()}}}},security:[{Bearer:["update:roles","auth:write"]}],responses:{200:{content:{"application/json":{schema:Mo}},description:"Updated role"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.update(i,t,n))throw new z(404);const o=await e.env.data.roles.get(i,t);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Role",targetType:"role",targetId:t,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["roles"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:roles","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!n)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.remove(n,t))throw new z(404);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Role",targetType:"role",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["roles"],method:"get",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:ct},security:[{Bearer:["read:roles","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([rC,iq])}},description:"Role permissions"}}}),async e=>{const{id:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o,q:a}=e.req.valid("query"),c=e.var.tenant_id;if(!c)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(c,t))throw new z(404,{message:"Role not found"});if(r){const u=await e.env.data.rolePermissions.list(c,t,{per_page:1e4,sort:kt(o),q:a}),p=i??50,f=(n??0)*p,h=u.slice(f,f+p);return e.json({permissions:h,total:u.length,start:f,limit:p,length:h.length})}const d=await e.env.data.rolePermissions.list(c,t,{page:n,per_page:i,include_totals:!1,sort:kt(o),q:a});return e.json(d)}).openapi(s.createRoute({tags:["roles"],method:"post",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:roles","auth:write"]}],responses:{204:{description:"Permissions assigned to role"}}}),async e=>{const{id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(i,t))throw new z(404,{message:"Role not found"});const o=n.map(c=>({role_id:t,resource_server_identifier:c.resource_server_identifier,permission_name:c.permission_name}));if(!await e.env.data.rolePermissions.assign(i,t,o))throw new z(500,{message:"Failed to assign permissions to role"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Assign Permissions to a Role",targetType:"role_permission",targetId:t}),e.body(null,204)}).openapi(s.createRoute({tags:["roles"],method:"delete",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:roles","auth:write"]}],responses:{200:{description:"Permissions removed from role"}}}),async e=>{const{id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new z(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(i,t))throw new z(404,{message:"Role not found"});if(!await e.env.data.rolePermissions.remove(i,t,n))throw new z(500,{message:"Failed to remove permissions from role"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove Permissions from a Role",targetType:"role_permission",targetId:t}),e.json({message:"Permissions removed successfully"})}),oq=Et.extend({resource_servers:s.z.array(Lo)});async function Sm(e,t,n){const i=await e.env.data.resourceServers.get(t,n);return i||((await e.env.data.resourceServers.list(t,{})).resource_servers.find(o=>o.identifier===n)??null)}const sq=new s.OpenAPIHono().openapi(s.createRoute({tags:["resource-servers"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:resource_servers","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Lo),oq])}},description:"List of resource servers"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.resourceServers.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a});return r?e.json(c):e.json(c.resource_servers)}).openapi(s.createRoute({tags:["resource-servers"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:resource_servers","auth:read"]}],responses:{200:{content:{"application/json":{schema:Lo}},description:"A resource server"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await Sm(e,t,n);if(!i)throw new z(404);return e.json(i)}).openapi(s.createRoute({tags:["resource-servers"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:resource_servers","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await Sm(e,t,n);if(!i)throw new z(404,{message:"Resource server not found"});if(i.is_system)throw new z(403,{message:"System entities cannot be deleted"});return await e.env.data.resourceServers.remove(t,i.id),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Resource Server",targetType:"resource_server",targetId:i.id,beforeState:i}),e.text("OK")}).openapi(s.createRoute({tags:["resource-servers"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Cp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:resource_servers","auth:write"]}],responses:{200:{content:{"application/json":{schema:Lo}},description:"The updated resource server"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await Sm(e,t,n);if(!r)throw new z(404,{message:"Resource server not found"});if(r.is_system)throw new z(403,{message:"System entities cannot be modified"});const o=r.id;await e.env.data.resourceServers.update(t,o,i);const a=await e.env.data.resourceServers.get(t,o);if(!a)throw new z(404,{message:"Resource server not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Resource Server",targetType:"resource_server",targetId:a.id,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["resource-servers"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Cp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:resource_servers","auth:write"]}],responses:{201:{content:{"application/json":{schema:Lo}},description:"A resource server"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.resourceServers.create(t,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Resource Server",targetType:"resource_server",targetId:i.id,afterState:i}),e.json(i,{status:201})}),aq=s.z.object({per_page:s.z.string().min(1).optional().default("50").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"Return results inside an object that contains the total result count (true) or as a direct array of results (false, default)."}),from:s.z.string().optional().openapi({description:"Optional Id from which to start selection."}),take:s.z.string().min(1).optional().transform(e=>e?parseInt(e,10):void 0).openapi({description:"Number of results per page. Defaults to 50."}),audience:s.z.string().optional().openapi({description:"Optional filter on audience."}),client_id:s.z.string().optional().openapi({description:"Optional filter on client_id."}),allow_any_organization:s.z.string().optional().transform(e=>e==="true"?!0:e==="false"?!1:void 0).openapi({description:"Optional filter on allow_any_organization."}),subject_type:s.z.enum(["client","user"]).optional().openapi({description:"EA The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."})}),cq=Et.extend({client_grants:s.z.array(Bo)}),lq=new s.OpenAPIHono().openapi(s.createRoute({tags:["client-grants"],method:"get",path:"/",request:{query:aq,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:client_grants","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Bo),cq])}},description:"List of client grants"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,from:o,take:a,audience:c,client_id:l,allow_any_organization:d,subject_type:u}=e.req.valid("query"),p=[];l&&p.push(`client_id:"${l}"`),c&&p.push(`audience:"${c}"`),d!==void 0&&p.push(`allow_any_organization:${d}`),u&&p.push(`subject_type:"${u}"`),o&&p.push(`id:>${o}`);const f=p.length>0?p.join(" AND "):void 0,h=a??i,g=await e.env.data.clientGrants.list(t,{page:n,per_page:h,include_totals:r,q:f});return r?e.json(g):e.json(g.client_grants)}).openapi(s.createRoute({tags:["client-grants"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:client_grants","auth:read"]}],responses:{200:{content:{"application/json":{schema:Bo}},description:"A client grant"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.clientGrants.get(t,n);if(!i)throw new z(404,{message:"Client grant not found"});return e.json(i)}).openapi(s.createRoute({tags:["client-grants"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:client_grants","auth:write"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.clientGrants.remove(t,n))throw new z(404,{message:"Client grant not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete a Client Grant",targetType:"client_grant",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["client-grants"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(vp.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:client_grants","auth:write"]}],responses:{200:{content:{"application/json":{schema:Bo}},description:"The updated client grant"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.clientGrants.get(t,n);if(!r)throw new z(404,{message:"Client grant not found"});if(!await e.env.data.clientGrants.update(t,n,i))throw new z(500,{message:"Failed to update client grant"});const a=await e.env.data.clientGrants.get(t,n);if(!a)throw new z(404,{message:"Client grant not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update a Client Grant",targetType:"client_grant",targetId:n,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["client-grants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(vp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:client_grants","auth:write"]}],responses:{201:{content:{"application/json":{schema:Bo}},description:"A client grant"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.clientGrants.create(t,n);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create a Client Grant",targetType:"client_grant",targetId:i.id,afterState:i}),e.json(i,{status:201})});function dq(e){const t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function R6(e){const t=new TextEncoder().encode(e);return Mp(await yh(t))}async function D6(){const e=Rt.encode(dq(32),{includePadding:!1}),t=await R6(e);return{id:Ue(),token:e,token_hash:t}}const uq=300;async function B6(e,t,n={}){const i=await D6(),r=n.expires_in_seconds??uq,o=new Date(Date.now()+r*1e3).toISOString(),a=await e.create(t,{id:i.id,token_hash:i.token_hash,type:"iat",sub:n.sub,constraints:n.constraints,single_use:n.single_use??!0,expires_at:o});return{id:i.id,token:i.token,expires_at:o,record:a}}async function L6(e,t,n,i){const r=await R6(n),o=await e.getByHash(t,r);return o?o.type!==i?{ok:!1,failure:"wrong_type"}:o.revoked_at?{ok:!1,failure:"revoked"}:o.expires_at&&new Date(o.expires_at).getTime()<=Date.now()?{ok:!1,failure:"expired"}:o.single_use&&o.used_at?{ok:!1,failure:"already_used"}:{ok:!0,token:o}:{ok:!1,failure:"not_found"}}function Em(e,t){return`${ti(e.env,e.var.custom_domain)}oidc/register/${t}`}async function zu(e){const t=await e.env.data.tenants.get(e.var.tenant_id);if(!t)throw new U(404,{error:"invalid_request",error_description:"Tenant not found"});return t}function Pu(e){if(!e.flags?.enable_dynamic_client_registration)throw new U(404,{error:"invalid_request",error_description:"Dynamic Client Registration is not enabled"})}function Za(e){if(!e.clientRegistrationTokens)throw new U(500,{error:"server_error",error_description:"Dynamic Client Registration requires a clientRegistrationTokens adapter"});return e.clientRegistrationTokens}async function pq(e,t){const n=e.req.header("authorization"),i=ov(n);if(i){const r=await L6(Za(e.env.data),e.var.tenant_id,i,"iat");if(!r.ok||!r.token)throw new U(401,{error:"invalid_token",error_description:`Initial access token ${r.failure??"invalid"}`});return r.token}if(t.flags?.dcr_require_initial_access_token!==!1)throw new U(401,{error:"invalid_token",error_description:"Initial access token required"})}async function xm(e,t){const n=ov(e.req.header("authorization"));if(!n)throw new U(401,{error:"invalid_token",error_description:"Registration access token required"});const i=await L6(Za(e.env.data),e.var.tenant_id,n,"rat");if(!i.ok||!i.token)throw new U(401,{error:"invalid_token",error_description:`Registration access token ${i.failure??"invalid"}`});if(i.token.client_id!==t)throw new U(401,{error:"invalid_token",error_description:"Registration access token is not bound to this client"});return i.token}function Cm(e){return e.client_metadata?.status==="deleted"}function fq(){return Ue(24)}function hq(){return Ue(43)}const gq=s.z.object({sub:s.z.string().optional().openapi({description:"User ID to bind the IAT to (optional)"}),constraints:s.z.record(s.z.unknown()).optional().openapi({description:"Pre-bound metadata that the registration request must match exactly (or omit, in which case the value is filled in from this map)"}),expires_in_seconds:s.z.number().int().min(30).max(3600*24).optional().openapi({description:"Token TTL in seconds. Default 300 (5 minutes)."}),single_use:s.z.boolean().optional().openapi({description:"Whether the IAT is invalidated after first use. Default true."})}),mq=s.z.object({id:s.z.string(),token:s.z.string(),expires_at:s.z.string(),sub:s.z.string().optional(),constraints:s.z.record(s.z.unknown()).optional(),single_use:s.z.boolean()}),yq=new s.OpenAPIHono().openapi(s.createRoute({tags:["client-registration-tokens"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:gq}}}},security:[{Bearer:["create:client_registration_tokens","auth:write"]}],responses:{201:{content:{"application/json":{schema:mq}},description:"Initial Access Token issued. The `token` field is shown once and not retrievable later."}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await B6(Za(e.env.data),t,{sub:n.sub,constraints:n.constraints,expires_in_seconds:n.expires_in_seconds,single_use:n.single_use});return await R(e,t,{type:O.SUCCESS_API_OPERATION,description:"DCR Initial Access Token issued via Management API",targetType:"client_registration_token",targetId:i.id,userId:n.sub}),e.json({id:i.id,token:i.token,expires_at:i.expires_at,sub:i.record.sub,constraints:i.record.constraints,single_use:i.record.single_use},201)}),_q=s.z.object({page:s.z.string().optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),per_page:s.z.string().optional().default("50").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"When true, return results inside an object that also contains the start and limit. When false (default), a direct array of results is returned."}),fields:s.z.string().optional().openapi({description:"Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields."}),include_fields:s.z.string().optional().default("true").transform(e=>e==="true").openapi({description:"Whether specified fields are to be included (true) or excluded (false). Defaults to true."}),sort:s.z.string().optional().default("created_at:-1").openapi({description:"Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. Defaults to created_at:-1."})}),wq=s.z.object({invitations:s.z.array($l),start:s.z.number(),limit:s.z.number(),length:s.z.number()}),bq=Lw.omit({organization_id:!0,invitation_url:!0}),vq=Et.extend({organizations:s.z.array(Br)}),kv=s.z.object({user_id:s.z.string().openapi({description:"ID of this user"}),email:s.z.string().email().optional().openapi({description:"Email address of this user",format:"email"}),roles:s.z.array(s.z.object({})).default([]).openapi({description:"Array of roles assigned to this user in the organization"})}),Aq=s.z.object({start:s.z.number().openapi({description:"Start index of the current page"}),limit:s.z.number().openapi({description:"Number of items per page"}),total:s.z.number().openapi({description:"Total number of members"}),members:s.z.array(kv).openapi({description:"Array of organization members"})}),kq=s.z.object({next:s.z.string().optional().openapi({description:"Checkpoint ID to be used to retrieve the next set of results"}),members:s.z.array(kv).openapi({description:"Array of organization members"})}),Sq=s.z.object({members:s.z.array(s.z.string()).openapi({description:"Array of user IDs to add to the organization"})}),Eq=s.z.object({members:s.z.array(s.z.string()).openapi({description:"Array of user IDs to remove from the organization"})}),xq=new s.OpenAPIHono().openapi(s.createRoute({tags:["organizations"],method:"get",path:"/",request:{query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([vq,s.z.array(Br)])}},description:"List of organizations"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r,sort:o,q:a,from:c,take:l}=e.req.valid("query"),d=await e.env.data.organizations.list(t,{page:n,per_page:i,include_totals:r,sort:kt(o),q:a,from:c,take:l});return r?e.json(d):e.json(d.organizations)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"An organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.organizations.get(t,n);if(!i)throw new z(404,{message:"Organization not found"});return e.json(i)}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:organizations","auth:write"]}],responses:{200:{description:"Organization deleted successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.organizations.remove(t,n))throw new z(404,{message:"Organization not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete an Organization",targetType:"organization",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["organizations"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:Ip.partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations","auth:write"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"The updated organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new z(404,{message:"Organization not found"});if(!await e.env.data.organizations.update(t,n,i))throw new z(404,{message:"Organization not found"});const a=await e.env.data.organizations.get(t,n);if(!a)throw new z(404,{message:"Organization not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update an Organization",targetType:"organization",targetId:n,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:Ip}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:organizations","auth:write"]}],responses:{201:{content:{"application/json":{schema:Br}},description:"The created organization"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i={...n,id:n.id||EF()},r=await e.env.data.organizations.create(t,i);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create an Organization",targetType:"organization",targetId:r.id,afterState:r}),e.json(r,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),query:ct,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(kv),Aq,kq])}},description:"List of organization members"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,include_totals:o,sort:a}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});const l=await e.env.data.userOrganizations.list(t,{page:i,per_page:r,include_totals:o,sort:kt(a),q:`organization_id:${n}`}),d=[];for(const u of l.userOrganizations){const p=await e.env.data.users.get(t,u.user_id);p&&d.push({user_id:p.user_id,email:p.email||void 0,roles:[]})}return o?e.json({start:l.start,limit:l.limit,total:l.length,members:d}):e.json(d)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Sq}}}},security:[{Bearer:["update:organizations","auth:write"]}],responses:{204:{description:"Members added successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{members:i}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});for(const o of i)(await e.env.data.userOrganizations.list(t,{q:`user_id:${o}`,per_page:1})).userOrganizations.some(l=>l.organization_id===n)||await e.env.data.userOrganizations.create(t,{user_id:o,organization_id:n});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Add Members to an Organization",targetType:"organization_member",targetId:n}),new Response(null,{status:204})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Eq}}}},security:[{Bearer:["update:organizations","auth:write"]}],responses:{200:{description:"Members removed successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{members:i}=e.req.valid("json");for(const r of i){const a=(await e.env.data.userOrganizations.list(t,{q:`user_id:${r}`,per_page:100})).userOrganizations.find(c=>c.organization_id===n);a&&await e.env.data.userOrganizations.remove(t,a.id)}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove Members from an Organization",targetType:"organization_member",targetId:n}),e.json({message:"Members removed successfully"})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:ct},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:$p}},description:"User roles in organization"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new z(404,{message:"User not found"});const a=await e.env.data.userRoles.list(t,i,void 0,n);return e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string()).openapi({description:"List of role IDs to associate with the user"})})}}}},security:[{Bearer:["update:organizations","auth:write"]}],responses:{201:{description:"Roles assigned successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param"),{roles:r}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new z(404,{message:"User not found"});for(const c of r){if(!await e.env.data.roles.get(t,c))throw new z(400,{message:`Role ${c} not found`});if(!await e.env.data.userRoles.create(t,i,c,n))throw new z(500,{message:`Failed to assign role ${c} to user`})}return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Assign Roles to an Organization Member",targetType:"organization_member_role",targetId:i}),e.json({message:"Roles assigned successfully"},{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string()).openapi({description:"List of role IDs to remove from the user"})})}}}},security:[{Bearer:["update:organizations","auth:write"]}],responses:{200:{description:"Roles removed successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param"),{roles:r}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new z(404,{message:"User not found"});for(const c of r)if(!await e.env.data.userRoles.remove(t,i,c,n))throw new z(500,{message:`Failed to remove role ${c} from user`});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Remove Roles from an Organization Member",targetType:"organization_member_role",targetId:i}),e.json({message:"Roles removed successfully"})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/roles",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:ct},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:$p}},description:"List of roles available in organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,sort:o,q:a}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});const l=await e.env.data.roles.list(t,{page:i,per_page:r,sort:kt(o),q:a});return e.json(l.roles)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/invitations",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}})}),query:_q,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array($l),wq])}},description:"List of organization invitations"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,include_totals:o,fields:a,include_fields:c,sort:l}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});let p=(await e.env.data.invites.list(t,{page:i,per_page:r})).invites.filter(f=>f.organization_id===n);if(l){const f=kt(l);if(f){const{sort_by:h,sort_order:g}=f;p.sort((m,_)=>{const y=m[h],w=_[h];if(y===void 0||w===void 0||y===w)return 0;const b=y<w?-1:1;return g==="asc"?b:-b})}}if(a){const f=a.split(",").map(h=>h.trim());p=p.map(h=>{const g={};for(const m of Object.keys(h))(c?f.includes(m):!f.includes(m))&&(g[m]=h[m]);return g})}return o?e.json({invitations:p,start:i*r,limit:r,length:p.length}):e.json(p)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/invitations/{invitation_id}",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}}),invitation_id:s.z.string().openapi({description:"Invitation ID",param:{name:"invitation_id",in:"path"}})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations","auth:read"]}],responses:{200:{content:{"application/json":{schema:$l}},description:"An invitation"},404:{description:"Invitation not found"}}}),async e=>{const t=e.var.tenant_id,{id:n,invitation_id:i}=e.req.valid("param"),r=await e.env.data.invites.get(t,i);if(!r||r.organization_id!==n)throw new z(404,{message:"Invitation not found"});return e.json(r)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/invitations",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}})}),body:{content:{"application/json":{schema:bq}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations","auth:write"]}],responses:{201:{content:{"application/json":{schema:$l}},description:"The created invitation"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});const a=`https://invite.placeholder/${CF()}`,c={...i,organization_id:n,invitation_url:a},l=await e.env.data.invites.create(t,c);return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create an Organization Invitation",targetType:"invitation",targetId:l.id,afterState:l}),e.json(l,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/invitations/{invitation_id}",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}}),invitation_id:s.z.string().openapi({description:"Invitation ID",param:{name:"invitation_id",in:"path"}})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations","auth:write"]}],responses:{204:{description:"Invitation deleted successfully"},404:{description:"Invitation not found"}}}),async e=>{const t=e.var.tenant_id,{id:n,invitation_id:i}=e.req.valid("param"),r=await e.env.data.invites.get(t,i);if(!r||r.organization_id!==n)throw new z(404,{message:"Invitation not found"});if(!await e.env.data.invites.remove(t,i))throw new z(404,{message:"Invitation not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete an Organization Invitation",targetType:"invitation",targetId:i}),e.body(null,{status:204})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/enabled_connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:s.z.object({include_totals:s.z.string().optional().transform(e=>e==="true").openapi({deprecated:!0,description:"Ignored for compatibility; the connections/total/start/limit/length wrapper is always returned."}),page:s.z.string().optional().transform(e=>e?parseInt(e,10):0),per_page:s.z.string().optional().transform(e=>e?parseInt(e,10):50)})},security:[{Bearer:["read:organization_connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:Et.extend({connections:s.z.array(ua)})}},description:"Connections enabled for the organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{include_totals:i,page:r,per_page:o}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});const c=await e.env.data.organizationConnections.list(t,n),l=r*o,d=c.slice(l,l+o);return e.json({connections:d,total:c.length,start:l,limit:o,length:d.length})}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/enabled_connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:zp}}}},security:[{Bearer:["create:organization_connections","auth:write"]}],responses:{201:{content:{"application/json":{schema:ua}},description:"Connection enabled for the organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new z(404,{message:"Organization not found"});if(!await e.env.data.connections.get(t,i.connection_id))throw new z(400,{message:`Connection ${i.connection_id} not found`});if(await e.env.data.organizationConnections.get(t,n,i.connection_id))throw new z(409,{message:"Connection already enabled for this organization"});const c=await e.env.data.organizationConnections.create(t,n,i);return await R(e,t,{type:O.SUCCESS_API_OPERATION,description:"Enable an Organization Connection",targetType:"organization_connection",targetId:`${n}:${i.connection_id}`}),e.json(c,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organization_connections","auth:read"]}],responses:{200:{content:{"application/json":{schema:ua}},description:"An enabled organization connection"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=await e.env.data.organizationConnections.get(t,n,i);if(!r)throw new z(404,{message:"Organization connection not found"});return e.json(r)}).openapi(s.createRoute({tags:["organizations"],method:"patch",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:zp.omit({connection_id:!0}).partial()}}}},security:[{Bearer:["update:organization_connections","auth:write"]}],responses:{200:{content:{"application/json":{schema:ua}},description:"Updated organization connection"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=e.req.valid("json"),o=await e.env.data.organizationConnections.update(t,n,i,r);if(!o)throw new z(404,{message:"Organization connection not found"});return await R(e,t,{type:O.SUCCESS_API_OPERATION,description:"Update an Organization Connection",targetType:"organization_connection",targetId:`${n}:${i}`}),e.json(o)}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:organization_connections","auth:write"]}],responses:{204:{description:"Connection disabled"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param");if(!await e.env.data.organizationConnections.remove(t,n,i))throw new z(404,{message:"Organization connection not found"});return await R(e,t,{type:O.SUCCESS_API_OPERATION,description:"Disable an Organization Connection",targetType:"organization_connection",targetId:`${n}:${i}`}),e.body(null,{status:204})}),Cq=new s.OpenAPIHono().openapi(s.createRoute({tags:["stats"],method:"get",path:"/daily",request:{query:s.z.object({from:s.z.string().optional().openapi({description:"Optional first day of the date range (inclusive) in YYYYMMDD format",example:"20251120"}),to:s.z.string().optional().openapi({description:"Optional last day of the date range (inclusive) in YYYYMMDD format",example:"20251219"})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(gC)}},description:"Daily statistics including logins, signups, and leaked passwords"}}}),async e=>{const{from:t,to:n}=e.req.valid("query");if(!e.env.data.stats)throw new z(501,{message:"Stats adapter not configured"});const i=await e.env.data.stats.getDaily(e.var.tenant_id,{from:t,to:n});return e.json(i)}).openapi(s.createRoute({tags:["stats"],method:"get",path:"/active-users",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.number().openapi({description:"Number of active users in the last 30 days",example:1234})}},description:"Number of active users in the last 30 days"}}}),async e=>{if(!e.env.data.stats)throw new z(501,{message:"Stats adapter not configured"});const t=await e.env.data.stats.getActiveUsers(e.var.tenant_id);return e.json(t)}),rp=["sms","otp","email","push-notification","webauthn-roaming","webauthn-platform","recovery-code","duo"];function Tm(e){return e.replace(/-/g,"_")}const Y_=s.z.object({name:s.z.enum(rp),enabled:s.z.boolean(),trial_expired:s.z.boolean().optional()}),Tq=s.z.array(Y_),$q=s.z.object({enabled:s.z.boolean()}),$m=s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"])}),Im=s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}),Iq=s.z.object({message_type:s.z.enum(["sms","voice"])}),zq=new s.OpenAPIHono().openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:Tq}},description:"List of MFA factors"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.factors,i=rp.map(r=>{const o=Tm(r);return{name:r,enabled:!!n?.[o],trial_expired:!1}});return e.json(i)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/sms/selected-provider",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:$m}},description:"Selected SMS provider"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.sms_provider?.provider||"twilio";return e.json({provider:n})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/sms/selected-provider",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:$m}}}},security:[{Bearer:["update:guardian_factors","auth:write"]}],responses:{200:{content:{"application/json":{schema:$m}},description:"Updated SMS provider selection"}}}),async e=>{const{provider:t}=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Tenant not found"});return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,sms_provider:{provider:t}}}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Set SMS Provider",targetType:"guardian",targetId:e.var.tenant_id}),e.json({provider:t})}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/sms/providers/twilio",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:Im}},description:"Twilio provider configuration"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.twilio||{};return e.json({sid:n.sid,auth_token:n.auth_token?"********":void 0,from:n.from,messaging_service_sid:n.messaging_service_sid})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/sms/providers/twilio",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Im}}}},security:[{Bearer:["update:guardian_factors","auth:write"]}],responses:{200:{content:{"application/json":{schema:Im}},description:"Updated Twilio configuration"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Tenant not found"});const i=n.mfa?.twilio||{},r={...i,...t,auth_token:t.auth_token&&t.auth_token!=="********"?t.auth_token:i.auth_token};return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,twilio:r}}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Configure Twilio Provider",targetType:"guardian",targetId:e.var.tenant_id}),e.json({sid:r.sid,auth_token:r.auth_token?"********":void 0,from:r.from,messaging_service_sid:r.messaging_service_sid})}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/phone/message-types",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Iq)}},description:"Available message types"}}}),async e=>{const t=[{message_type:"sms"}];return e.json(t)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/policies",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.string())}},description:"Current MFA policies"}}}),async e=>(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.policy==="always"?e.json(["all-applications"]):e.json([])).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/policies",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.array(s.z.string())}}}},security:[{Bearer:["update:guardian_factors","auth:write"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.string())}},description:"Updated MFA policies"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new z(404,{message:"Tenant not found"});const i=t.includes("all-applications")?"always":"never";return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,policy:i}}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Set Guardian Policies",targetType:"guardian",targetId:e.var.tenant_id}),e.json(i==="always"?["all-applications"]:[])}).openapi(s.createRoute({tags:["guardian"],method:"post",path:"/enrollments/ticket",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({user_id:s.z.string(),send_mail:s.z.boolean().optional(),email:s.z.string().email().optional()})}}}},security:[{Bearer:["create:guardian_enrollment_tickets","auth:write"]}],responses:{201:{content:{"application/json":{schema:s.z.object({ticket_id:s.z.string(),ticket_url:s.z.string()})}},description:"Enrollment ticket created"}}}),async e=>{const{user_id:t,email:n}=e.req.valid("json"),i=e.var.tenant_id,r=await e.env.data.tenants.get(i);if(!r)throw new z(404,{message:"Tenant not found"});if(!(r.mfa?.factors?.sms===!0||r.mfa?.factors?.otp===!0||r.mfa?.factors?.webauthn_roaming===!0||r.mfa?.factors?.webauthn_platform===!0))throw new z(400,{message:"At least one MFA factor (SMS, OTP, or WebAuthn) must be enabled before creating enrollment tickets."});const a=await e.env.data.users.get(i,t);if(!a)throw new z(404,{message:"User not found"});const{clients:c}=await e.env.data.clients.list(i);if(!c.length)throw new z(400,{message:"No clients configured for this tenant"});const l=c[0].client_id,d=7200*60*1e3,u=new Date(Date.now()+d).toISOString(),p=await e.env.data.loginSessions.create(i,{expires_at:u,authParams:{client_id:l,username:n||a.email},csrf_token:Ue(),user_id:t,state:be.AWAITING_MFA,state_data:JSON.stringify({guardian_enrollment:!0})}),f=Ue();await e.env.data.codes.create(i,{code_id:f,code_type:"ticket",login_id:p.id,user_id:t,expires_at:u});const h=Dn(e.env,e.var.custom_domain),g=new URL("u2/guardian/enroll",h);g.searchParams.append("ticket",f),e.var.custom_domain||g.searchParams.append("tenant_id",i);const m=g.toString();return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create Enrollment Ticket",targetType:"guardian",targetId:e.var.tenant_id}),e.json({ticket_id:f,ticket_url:m},201)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/{factor_name}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({factor_name:s.z.enum(rp)})},security:[{Bearer:["read:guardian_factors","auth:read"]}],responses:{200:{content:{"application/json":{schema:Y_}},description:"MFA factor details"}}}),async e=>{const{factor_name:t}=e.req.valid("param"),i=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.factors,r=Tm(t);return e.json({name:t,enabled:!!i?.[r],trial_expired:!1})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/{factor_name}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({factor_name:s.z.enum(rp)}),body:{content:{"application/json":{schema:$q}}}},security:[{Bearer:["update:guardian_factors","auth:write"]}],responses:{200:{content:{"application/json":{schema:Y_}},description:"Updated MFA factor"}}}),async e=>{const{factor_name:t}=e.req.valid("param"),{enabled:n}=e.req.valid("json"),i=Tm(t),r=await e.env.data.tenants.get(e.var.tenant_id);if(!r)throw new z(404,{message:"Tenant not found"});const o=r.mfa?.factors;return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...r.mfa,factors:{sms:o?.sms??!1,otp:o?.otp??!1,email:o?.email??!1,push_notification:o?.push_notification??!1,webauthn_roaming:o?.webauthn_roaming??!1,webauthn_platform:o?.webauthn_platform??!1,recovery_code:o?.recovery_code??!1,duo:o?.duo??!1,[i]:n}}}),await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Update Guardian Factor",targetType:"guardian",targetId:e.var.tenant_id}),e.json({name:t,enabled:n,trial_expired:!1})}),Q_=s.z.object({id:s.z.string(),type:s.z.string(),confirmed:s.z.boolean(),phone_number:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),created_at:s.z.string()}),Pq=s.z.array(Q_),Nq=s.z.object({type:s.z.enum(["phone","totp","email","push","webauthn-roaming","webauthn-platform","passkey"]),phone_number:s.z.string().optional(),totp_secret:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().int().nonnegative().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),confirmed:s.z.boolean().optional().default(!0)}).superRefine((e,t)=>{e.type==="phone"&&!e.phone_number&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"phone_number is required when type is 'phone'",path:["phone_number"]}),e.type==="totp"&&!e.totp_secret&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"totp_secret is required when type is 'totp'",path:["totp_secret"]}),["webauthn-roaming","webauthn-platform","passkey"].includes(e.type)&&(e.credential_id||t.addIssue({code:s.z.ZodIssueCode.custom,message:`credential_id is required when type is '${e.type}'`,path:["credential_id"]}),e.public_key||t.addIssue({code:s.z.ZodIssueCode.custom,message:`public_key is required when type is '${e.type}'`,path:["public_key"]}))}),Fq=new s.OpenAPIHono().openapi(s.createRoute({tags:["users"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:Pq}},description:"List of authentication methods for the user"}}}),async e=>{const t=e.req.param("user_id");if(!t)throw new z(400,{message:"user_id is required"});const i=(await e.env.data.authenticationMethods.list(e.var.tenant_id,t)).map(r=>({id:r.id,type:r.type,confirmed:r.confirmed,phone_number:r.phone_number,credential_id:r.credential_id,public_key:r.public_key,sign_count:r.sign_count,credential_backed_up:r.credential_backed_up,transports:r.transports,friendly_name:r.friendly_name,created_at:r.created_at}));return e.json(i)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Nq}}}},security:[{Bearer:["update:users","auth:write"]}],responses:{201:{content:{"application/json":{schema:Q_}},description:"Created authentication method"}}}),async e=>{const t=e.req.param("user_id");if(!t)throw new z(400,{message:"user_id is required"});const n=e.req.valid("json"),i=await e.env.data.authenticationMethods.create(e.var.tenant_id,{user_id:t,type:n.type,phone_number:n.phone_number,totp_secret:n.totp_secret,credential_id:n.credential_id,public_key:n.public_key,sign_count:n.sign_count,credential_backed_up:n.credential_backed_up,transports:n.transports,friendly_name:n.friendly_name,confirmed:n.confirmed??!0});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Create Authentication Method",targetType:"authentication_method",targetId:i.id}),e.json({id:i.id,type:i.type,confirmed:i.confirmed,phone_number:i.phone_number,credential_id:i.credential_id,public_key:i.public_key,sign_count:i.sign_count,credential_backed_up:i.credential_backed_up,transports:i.transports,friendly_name:i.friendly_name,created_at:i.created_at},201)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{method_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({method_id:s.z.string()})},security:[{Bearer:["read:users","auth:read"]}],responses:{200:{content:{"application/json":{schema:Q_}},description:"Authentication method details"}}}),async e=>{const{method_id:t}=e.req.valid("param"),n=e.req.param("user_id"),i=await e.env.data.authenticationMethods.get(e.var.tenant_id,t);if(!i||i.user_id!==n)throw new z(404,{message:"Authentication method not found"});return e.json({id:i.id,type:i.type,confirmed:i.confirmed,phone_number:i.phone_number,credential_id:i.credential_id,public_key:i.public_key,sign_count:i.sign_count,credential_backed_up:i.credential_backed_up,transports:i.transports,friendly_name:i.friendly_name,created_at:i.created_at})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{method_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({method_id:s.z.string()})},security:[{Bearer:["update:users","auth:write"]}],responses:{204:{description:"Authentication method deleted"}}}),async e=>{const{method_id:t}=e.req.valid("param"),n=e.req.param("user_id"),i=await e.env.data.authenticationMethods.get(e.var.tenant_id,t);if(!i||i.user_id!==n)throw new z(404,{message:"Authentication method not found"});if(!await e.env.data.authenticationMethods.remove(e.var.tenant_id,t))throw new z(404,{message:"Authentication method not found"});return await R(e,e.var.tenant_id,{type:O.SUCCESS_API_OPERATION,description:"Delete Authentication Method",targetType:"authentication_method",targetId:t}),e.body(null,204)}),Oq=50,jq=1e3,Rq=3e5,M6=5,Dq=7,U6=3e4;async function qf(e,t,n){console.warn(`Outbox event ${t} dead-lettering: ${n}`);try{await e.deadLetter(t,n)}catch{}}function q6(e){const t=Math.min(jq*Math.pow(2,e),Rq);return new Date(Date.now()+t).toISOString()}async function Bq(e,t,n,i){if(t.length===0)return;const r=i?.maxRetries??M6,o=crypto.randomUUID(),a=await e.claimEvents(t,o,U6);if(a.length===0)return;const c=await e.getByIds(a);if(c.length===0)return;const l=[];for(const d of c){if(d.retry_count>=r){await qf(e,d.id,d.error||`Exceeded max retries (${r})`);continue}let u=!0,p=!1;for(const f of n)if(!(f.accepts&&!f.accepts(d))){p=!0;try{const h=f.transform(d);await f.deliver([h])}catch(h){u=!1;const g=h instanceof Error?h.message:String(h);try{await e.markRetry(d.id,`${f.name}: ${g}`,q6(d.retry_count))}catch{}break}}if(!p){await qf(e,d.id,`No destination accepts event_type=${d.event_type}`);continue}u&&l.push(d.id)}if(l.length>0)try{await e.markProcessed(l)}catch{}}async function H6(e,t,n){const i=n?.batchSize??Oq,r=n?.maxRetries??M6,o=n?.retentionDays??Dq,a=await e.getUnprocessed(i);if(a.length===0)return;const c=crypto.randomUUID(),l=a.map(h=>h.id),d=new Set(await e.claimEvents(l,c,U6)),u=a.filter(h=>d.has(h.id));if(u.length===0)return;const p=[],f=[];for(const h of u){if(h.retry_count>=r){await qf(e,h.id,h.error||`Exceeded max retries (${r})`);continue}let g=!0,m=!1;for(const _ of t)if(!(_.accepts&&!_.accepts(h))){m=!0;try{const y=_.transform(h);await _.deliver([y])}catch(y){g=!1;const w=y instanceof Error?y.message:String(y);try{await e.markRetry(h.id,`${_.name}: ${w}`,q6(h.retry_count))}catch{}break}}if(!m){await qf(e,h.id,`No destination accepts event_type=${h.event_type}`);continue}g?p.push(h.id):f.push(h.id)}if(p.length>0)try{await e.markProcessed(p)}catch{}try{const h=new Date(Date.now()-o*24*60*60*1e3).toISOString();await e.cleanup(h)}catch{}}function ou(e){return async(t,n)=>{t.set("outboxEventPromises",[]),t.set("backgroundPromises",[]);let i;try{await n()}catch(r){i=r}finally{const r=t.var.outboxEventPromises??[];let o=[];if(r.length>0){const a=await Promise.allSettled(r);for(const c of a)c.status==="fulfilled"?o.push(c.value):console.error("Outbox event creation failed",c.reason)}if(o.length>0){const a=e.getOutbox(t);a&&ph(t,Bq(a,o,e.getDestinations(t),{maxRetries:t.env.outbox?.maxRetries}))}typeof process<"u"&&process.env?.NODE_ENV==="test"&&await dF(t)}if(i)throw i}}function Lq(e){return{log_id:e.id,type:e.log_type,date:e.timestamp,description:e.description||"",ip:e.request.ip,user_agent:e.request.user_agent||"",user_id:e.actor.id||"",user_name:e.actor.email||"",client_id:e.actor.client_id,client_name:"",connection:e.connection,strategy:e.strategy,strategy_type:e.strategy_type,audience:e.audience||"",scope:e.scope||e.actor.scopes?.join(" "),hostname:e.hostname,auth0_client:e.auth0_client,isMobile:e.is_mobile||!1,location_info:e.location,details:{request:{method:e.request.method,path:e.request.path,qs:e.request.query,body:e.request.body},...e.response&&{response:{statusCode:e.response.status_code,body:e.response.body}}}}}class xs{name="logs";logs;constructor(t){this.logs=t}accepts(t){return!t.event_type.startsWith("hook.")}transform(t){return{tenantId:t.tenant_id,log:Lq(t)}}async deliver(t){for(const{tenantId:n,log:i}of t)try{await this.logs.create(n,i)}catch(r){const o=r instanceof Error?r.message:String(r);if(o.includes("UNIQUE constraint failed")||o.includes("Duplicate entry"))continue;throw r}}}const Nk="hook.",Mq=1e4,Fk="webhook";class Tc{name="webhooks";hooks;getServiceToken;timeoutMs;webhookInvoker;constructor(t,n,i={}){this.hooks=t,this.getServiceToken=n,this.timeoutMs=i.timeoutMs??Mq,this.webhookInvoker=i.webhookInvoker}accepts(t){return t.event_type.startsWith(Nk)}transform(t){const n=t.event_type.slice(Nk.length);return{eventId:t.id,tenantId:t.tenant_id,triggerId:n,payload:{tenant_id:t.tenant_id,trigger_id:n,user:t.target?.after,request:t.request}}}async deliver(t){for(const n of t){const{hooks:i}=await this.hooks.list(n.tenantId),r=i.filter(o=>o.enabled&&o.trigger_id===n.triggerId&&"url"in o);if(r.length!==0)for(const o of r)this.webhookInvoker?await this.invokeCustom(o,n):await this.invokeDefault(o,n)}}async invokeCustom(t,n){const i=this.webhookInvoker,r=(c=Fk)=>this.getServiceToken(n.tenantId,c),o=new Promise((c,l)=>{setTimeout(()=>l(new Error(`Webhook ${t.hook_id} (${n.triggerId}) timed out after ${this.timeoutMs}ms`)),this.timeoutMs)}),a=await Promise.race([i({hook:t,data:n.payload,tenant_id:n.tenantId,idempotency_key:n.eventId,createServiceToken:r}),o]);if(!a.ok){const c=await a.text().catch(()=>"");throw new Error(`Webhook ${t.hook_id} (${n.triggerId}) returned ${a.status}: ${c.slice(0,256)}`)}}async invokeDefault(t,n){const i=await this.getServiceToken(n.tenantId,Fk),r=new AbortController,o=setTimeout(()=>r.abort(),this.timeoutMs);try{const a=await fetch(t.url,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${i}`,"Idempotency-Key":n.eventId},body:JSON.stringify(n.payload),signal:r.signal});if(!a.ok){const c=await a.text().catch(()=>"");throw new Error(`Webhook ${t.hook_id} (${n.triggerId}) returned ${a.status}: ${c.slice(0,256)}`)}}finally{clearTimeout(o)}}}const Uq="hook.post-user-registration";class $c{name="registration-finalizer";users;constructor(t){this.users=t}accepts(t){return t.event_type===Uq}transform(t){return{tenantId:t.tenant_id,userId:t.target?.id??"",timestamp:new Date().toISOString()}}async deliver(t){for(const{tenantId:n,userId:i,timestamp:r}of t)i&&await this.users.update(n,i,{registration_completed_at:r})}}function qq(e){const t=new s.OpenAPIHono,n=e.managementDataAdapter??e.dataAdapter;t.use(Sc(e)),t.use(async(a,c)=>{const l=a.req.header("origin"),d=u=>{a.res.headers.set("Access-Control-Allow-Origin",u),a.res.headers.set("Access-Control-Allow-Headers","Tenant-Id, Content-Type, Content-Range, Auth0-Client, Authorization, Range, Upgrade-Insecure-Requests"),a.res.headers.set("Access-Control-Allow-Methods","POST, PUT, GET, DELETE, PATCH, OPTIONS"),a.res.headers.set("Access-Control-Expose-Headers","Content-Length, Content-Range"),a.res.headers.set("Access-Control-Max-Age","600"),a.res.headers.set("Access-Control-Allow-Credentials","true"),a.res.headers.append("Vary","Origin")};if(a.req.method==="OPTIONS"){const u=new Response(null,{status:204});if(l){const p=h=>{u.headers.set("Access-Control-Allow-Origin",h),u.headers.set("Access-Control-Allow-Headers","Tenant-Id, Content-Type, Content-Range, Auth0-Client, Authorization, Range, Upgrade-Insecure-Requests"),u.headers.set("Access-Control-Allow-Methods","POST, PUT, GET, DELETE, PATCH, OPTIONS"),u.headers.set("Access-Control-Expose-Headers","Content-Length, Content-Range"),u.headers.set("Access-Control-Max-Age","600"),u.headers.set("Access-Control-Allow-Credentials","true"),u.headers.append("Vary","Origin")};if(e.allowedOrigins?.includes(l))return p(l),u;const f=a.req.header("tenant-id");if(f&&(await n.clients.list(f,{})).clients.flatMap(m=>m.web_origins||[]).includes(l))return p(l),u}return u.headers.append("Vary","Origin"),u}if(await c(),a.res.headers.append("Vary","Origin"),l){if(e.allowedOrigins?.includes(l)){d(l);return}const u=a.var.tenant_id||a.req.header("tenant-id");u&&(await n.clients.list(u,{})).clients.flatMap(h=>h.web_origins||[]).includes(l)&&d(l)}}),t.onError((a,c)=>{if(!(a instanceof z))throw a;const l=a.status;if(l<400||l>=500)throw a;const d=a.getResponse();if(d.headers.get("content-type")?.includes("application/json"))return d;const u={400:"Bad Request",401:"Unauthorized",403:"Forbidden",404:"Not Found",405:"Method Not Allowed",409:"Conflict",422:"Unprocessable Entity",429:"Too Many Requests"};return c.json({statusCode:l,error:u[l]??"Error",message:a.message||u[l]||"Error"},l)}),t.use(async(a,c)=>{if(await c(),a.res.status!==400||!a.res.headers.get("content-type")?.includes("application/json"))return;let l;try{l=await a.res.clone().json()}catch{return}if(typeof l!="object"||l===null||!("success"in l)||l.success!==!1||!("error"in l)||typeof l.error!="object"||l.error===null||!("name"in l.error)||l.error.name!=="ZodError")return;const d="issues"in l.error&&Array.isArray(l.error.issues)?l.error.issues:[],u=d.length?`Payload validation error: ${d.map(p=>{const f=Array.isArray(p.path)?p.path:[];return`'${f.length?f.join("."):"root"}': ${p.message??"invalid"}`}).join("; ")}`:"Payload validation error";a.res=new Response(JSON.stringify({statusCode:400,error:"Bad Request",message:u,errorCode:"invalid_body"}),{status:400,headers:{"content-type":"application/json"}})}),iv(t);const i=(a,c)=>{const l=nu(a,c),d=Cc({defaultTtlSeconds:0,maxEntries:100,cleanupIntervalMs:0}),u=ru(l,{defaultTtl:0,cacheEntities:["tenants","connections","clients","branding","themes","promptSettings","customText","forms","hooks"],cache:d});return iu(a,u)};t.use(ou({getOutbox:()=>n.outbox,getDestinations:a=>[new xs(n.logs),new Tc(n.hooks,async c=>(await Es(a,c,"webhook")).access_token),new $c(n.users)]})),t.use(async(a,c)=>{a.env.data=i(a,n),a.env.entityHooks=e.entityHooks,await c()}),t.use(xc).use(Ec).use(pg(t)).use(async(a,c)=>(e.entityHooks&&a.var.tenant_id&&(a.env.data=j6(a.env.data,{tenantId:a.var.tenant_id,entityHooks:e.entityHooks})),c()));const r=new Set(e.managementApiExtensions?.map(a=>a.path)||[]),o=t.route("/actions/actions",wF).route("/actions/triggers",PF).route("/branding",GO).route("/custom-domains",QB).route("/email/providers",ck).route("/emails/provider",ck).route("/email-templates",WB).route("/users",OR).route("/keys",tB).route("/users-by-email",nB).route("/clients",oB).route("/client-grants",lq).route("/client-registration-tokens",yq).route("/logs",cB).route("/log-streams",ZB).route("/attack-protection",XB).route("/failed-events",uB).route("/hooks",fB).route("/hook-code",hB).route("/connections",_B).route("/prompts",wB).route("/sessions",JB).route("/refresh_tokens",YB).route("/forms",XU).route("/flows",tq).route("/roles",rq).route("/resource-servers",sq).route("/organizations",xq).route("/stats",Cq).route("/guardian",zq).route("/users/:user_id/authentication-methods",Fq);if(r.has("/tenants")||o.route("/tenants",sB),e.managementApiExtensions)for(const a of e.managementApiExtensions)o.route(a.path,a.router);return o.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management API"},servers:[{url:"/api/v2",description:"API V2"}],security:[{oauth2:["openid","email","profile"]}]}),o}var V6=e=>{const t={origin:"*",allowMethods:["GET","HEAD","PUT","POST","DELETE","PATCH"],allowHeaders:[],exposeHeaders:[],...e},n=(r=>typeof r=="string"?r==="*"?t.credentials?o=>o||null:()=>r:o=>r===o?o:null:typeof r=="function"?r:o=>r.includes(o)?o:null)(t.origin),i=(r=>typeof r=="function"?r:Array.isArray(r)?()=>r:()=>[])(t.allowMethods);return async function(o,a){function c(d,u){o.res.headers.set(d,u)}const l=await n(o.req.header("origin")||"",o);if(l&&c("Access-Control-Allow-Origin",l),t.credentials&&c("Access-Control-Allow-Credentials","true"),t.exposeHeaders?.length&&c("Access-Control-Expose-Headers",t.exposeHeaders.join(",")),o.req.method==="OPTIONS"){(t.origin!=="*"||t.credentials)&&c("Vary","Origin"),t.maxAge!=null&&c("Access-Control-Max-Age",t.maxAge.toString());const d=await i(o.req.header("origin")||"",o);d.length&&c("Access-Control-Allow-Methods",d.join(","));let u=t.allowHeaders;if(!u?.length){const p=o.req.header("Access-Control-Request-Headers");p&&(u=p.split(/\s*,\s*/))}return u?.length&&(c("Access-Control-Allow-Headers",u.join(",")),o.res.headers.append("Vary","Access-Control-Request-Headers")),o.res.headers.delete("Content-Length"),o.res.headers.delete("Content-Type"),new Response(null,{headers:o.res.headers,status:204,statusText:"No Content"})}await a(),(t.origin!=="*"||t.credentials)&&o.header("Vary","Origin",{append:!0})}};function yr(e){if(e)return`${e.name}/${e.version}${e.env?.node?` (env: node/${e.env.node})`:""}`}function tn(e,t){const n=e.var.tenant_id;if(!n){e.set("tenant_id",t);return}if(n!==t)throw new z(403,{message:"Tenant mismatch"})}async function Hf(e,t,n,i){if(!i.state)throw new U(400,{message:"State not found"});const r=t.connections.find(l=>l.name===n);if(!r)throw e.set("client_id",t.client_id),await R(e,t.tenant.id,{type:O.FAILED_LOGIN,description:"Connection not found"}),new U(403,{message:"Connection Not Found"});let o=await e.env.data.loginSessions.get(t.tenant.id,i.state);if(!o){const l=e.get("ip"),d=e.get("useragent"),u=e.get("auth0_client");o=await e.env.data.loginSessions.create(t.tenant.id,{expires_at:new Date(Date.now()+eo*1e3).toISOString(),authParams:i,csrf_token:Ue(),ip:l,useragent:d,auth0Client:yr(u)})}const c=await j$(e,r.strategy).getRedirect(e,r);return await e.env.data.codes.create(t.tenant.id,{login_id:o.id,code_id:c.code,code_type:"oauth2_state",connection_id:r.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+uL*1e3).toISOString()}),new Response(null,{status:302,headers:{location:c.redirectUrl}})}async function Hq(e,{code:t,state:n}){const{env:i}=e,r=await i.data.codes.get(e.var.tenant_id||"",n,"oauth2_state");if(!r||!r.connection_id)throw new U(403,{message:"State not found"});const o=await i.data.loginSessions.get(e.var.tenant_id||"",r.login_id);if(!o)throw new U(403,{message:"Session not found"});const a=await Ze(i,o.authParams.client_id);e.set("client_id",a.client_id),tn(e,a.tenant.id);const c=a.connections.find(y=>y.id===r.connection_id);if(!c)throw await R(e,a.tenant.id,{type:O.FAILED_LOGIN,description:"Connection not found"}),new U(403,{message:"Connection not found"});if(e.set("connection",c.name),!o.authParams.redirect_uri)throw await R(e,a.tenant.id,{type:O.FAILED_LOGIN,description:"Redirect URI not defined"}),new U(403,{message:"Redirect URI not defined"});const d=await j$(e,c.strategy).validateAuthorizationCodeAndGetUser(e,c,t,r.code_verifier),{sub:u,...p}=d;e.set("user_id",u);const f=d.email?.toLocaleLowerCase()||`${c.name}.${u}@${new URL(e.env.ISSUER).hostname}`;e.set("username",f);const h=R$.has(c.strategy),g=h?"enterprise":Ht.SOCIAL,m=!h,_=await gh(e,{client:a,username:f,provider:D$(c),connection:c.name,userId:u,profileData:p,isSocial:m,ip:e.var.ip,set_user_root_attributes:c.options.set_user_root_attributes});return kU(e,{client:a,loginSession:o,user:_,authConnection:c.name,authStrategy:{strategy:c.strategy,strategy_type:g}})}function Z_(e,t,n){const i=new URL("/u/error",Dn(e.env,e.var.custom_domain));return T6(i,{error:t,error_description:n}),e.redirect(i.toString())}async function zm(e,t,n,i,r,o){const a=await e.env.data.codes.get(e.var.tenant_id||"",t,"oauth2_state");if(!a)return Z_(e,"state_not_found");const c=await e.env.data.loginSessions.get(e.var.tenant_id,a.login_id);if(!c)return Z_(e,"session_not_found");const{redirect_uri:l}=c.authParams;if(!l)throw new z(400,{message:"Redirect uri not found"});o||R(e,e.var.tenant_id,{type:O.FAILED_LOGIN,description:`Failed connection login: ${r} ${n}, ${i}`});let d="/u",u="/login/identifier";if(c.authParams.client_id)try{const f=await Ze(e.env,c.authParams.client_id,e.var.tenant_id);if(f?.client_metadata?.universal_login_version==="2"){d="/u2";const h=await e.env.data.promptSettings.get(e.var.tenant_id),g=Ko.parse(h||{}),m=f.connections.some(_=>_.strategy===W.USERNAME_PASSWORD);g.identifier_first===!1&&m&&(u="/login")}}catch{}const p=new URL(`${d}${u}`,Dn(e.env,e.var.custom_domain));return T6(p,{state:c.id,error:n,error_description:i}),e.redirect(p.toString())}function Vq(e){if(e instanceof Error){if("code"in e&&"description"in e){const t=e;return t.description?`${t.code}: ${t.description}`:t.code}if("status"in e){const t=e;return`${e.message} (status: ${t.status})`}return e.message}return String(e)}async function Ok(e,t){const{state:n,code:i,error:r,error_description:o,error_code:a}=t;if(r)return zm(e,n,r,o,a);if(!i)throw new z(400,{message:"Code is required"});try{const c=await Hq(e,{code:i,state:n});if(!(c instanceof Response))throw new z(500,{message:"Internal server error"});return c}catch(c){if(c instanceof U){if(c.status===403)return Z_(e,"state_not_found");if(c.status===400){const d=await e.env.data.codes.get(e.var.tenant_id||"",n,"oauth2_state");if(d&&await e.env.data.loginSessions.get(e.var.tenant_id,d.login_id)){let p="access_denied",f="access_denied";try{const h=JSON.parse(c.message);p=h.error_description||h.message||p,f=h.error||f}catch{p=c.message||p}return zm(e,n,f,p)}}}if(c instanceof z)throw c;const l=Vq(c);return R(e,e.var.tenant_id,{type:O.FAILED_LOGIN,description:`Connection callback failed: ${l}`}),zm(e,n,"connection_error","Connection failed",void 0,!0)}}const jk=s.z.object({state:s.z.string(),code:s.z.string().optional(),scope:s.z.string().optional(),hd:s.z.string().optional(),error:s.z.string().optional(),error_description:s.z.string().optional(),error_code:s.z.string().optional(),error_reason:s.z.string().optional()});function K6(e){return new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth2"],method:"get",path:"/",operationId:`${e.operationIdPrefix}Get`,deprecated:e.deprecated,request:{query:jk},responses:{302:{description:"Redirect to the client's redirect uri"},400:{description:"Bad Request",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},500:{description:"Internal Server Error",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>Ok(t,t.req.valid("query"))).openapi(s.createRoute({tags:["oauth2"],method:"post",path:"/",operationId:`${e.operationIdPrefix}Post`,deprecated:e.deprecated,request:{body:{content:{"application/x-www-form-urlencoded":{schema:jk}}}},responses:{302:{description:"Redirect to the client's redirect uri"},400:{description:"Bad Request",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},500:{description:"Internal Server Error",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>Ok(t,t.req.valid("form")))}const Kq=K6({operationIdPrefix:"callback",deprecated:!0}),Gq=K6({operationIdPrefix:"loginCallback"});function Vf(e,t=[],n={}){try{const i=new URL(e);return t.some(r=>{try{return Wq(i,new URL(r),n)}catch{return!1}})}catch{return!1}}function Wq(e,t,n={}){if(e.protocol!==t.protocol)return!1;if(n.allowPathWildcards&&t.pathname.includes("*")){const i=t.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${i}$`).test(e.pathname))return!1}else if(e.pathname!==t.pathname)return!1;if(n.allowSubDomainWildcards&&t.hostname.startsWith("*.")&&t.hostname.split(".").length>2&&["http:","https:"].includes(t.protocol)){const i=t.hostname.split(".").slice(1).join(".");return e.hostname===i||e.hostname.endsWith("."+i)}return e.hostname===t.hostname}const Jq=new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:s.z.object({client_id:s.z.string(),returnTo:s.z.string().optional()}),header:s.z.object({cookie:s.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async e=>{const{client_id:t,returnTo:n}=e.req.valid("query");let i;try{i=await Ze(e.env,t)}catch{return e.text("OK")}let r;try{r=await Ze(e.env,"DEFAULT_CLIENT")}catch{}e.set("client_id",t),tn(e,i.tenant.id);const o=n||e.req.header("referer");if(!o)return e.text("OK");if(!Vf(o,[...i.allowed_logout_urls||[],...r?.allowed_logout_urls||[]],{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw R(e,i.tenant.id,{type:O.FAILED_LOGOUT,description:"Invalid redirect uri"}),new z(400,{message:"Invalid redirect uri"});const a=e.req.header("cookie");if(a){const d=Sr(i.tenant.id,a);if(d){const u=await e.env.data.sessions.get(i.tenant.id,d);if(u){const p=await e.env.data.users.get(i.tenant.id,u.user_id);p&&(e.set("user_id",p.user_id),e.set("connection",p.connection));const f=new Date().toISOString(),{revokedCount:h,committedEventId:g}=await e.env.data.transaction(async m=>{const _=u.login_session_id?await m.refreshTokens.revokeByLoginSession(i.tenant.id,u.login_session_id,f):0;await m.sessions.update(i.tenant.id,d,{revoked_at:f});const y=_>0?await vC(e,m,i.tenant.id,{type:O.SUCCESS_REVOCATION,description:`Revoked ${_} refresh token(s)`}):void 0;return{revokedCount:_,committedEventId:y}});if(g){const m=e.var.outboxEventPromises??[];m.push(Promise.resolve(g)),e.set("outboxEventPromises",m)}else h>0&&R(e,i.tenant.id,{type:O.SUCCESS_REVOCATION,description:`Revoked ${h} refresh token(s)`})}}}R(e,i.tenant.id,{type:O.SUCCESS_LOGOUT,description:"User successfully logged out"});const c=new Headers;return cv(i.tenant.id,e.var.host).forEach(d=>{c.append("set-cookie",d)}),c.set("location",o),new Response("Redirecting",{status:302,headers:c})}),Yq=s.z.object({id_token_hint:s.z.string().optional(),client_id:s.z.string().optional(),post_logout_redirect_uri:s.z.string().optional(),state:s.z.string().optional(),logout_hint:s.z.string().optional(),ui_locales:s.z.string().optional()}),Qq=`<!DOCTYPE html>
334
334
  <html lang="en">
335
335
  <head>
336
336
  <meta charset="utf-8" />
@@ -827,7 +827,7 @@ ${y}`)}if(i!==void 0&&o?.algorithms!==void 0){const _=o.algorithms.map(y=>y.alg)
827
827
  if(e.name==='AbortError'||e.name==='NotAllowedError')return;
828
828
  console.error('Conditional mediation error:',e);
829
829
  }
830
- })();`}async function g1(e,t){const{ctx:n,client:i,state:r}=e,o=await n.env.data.loginSessions.get(i.tenant.id,r);if(!o)return{success:!1,error:"Session not found"};const a=o.state_data?JSON.parse(o.state_data):{},c=a.webauthn_challenge;if(!c)return{success:!1,error:"Challenge expired"};let l;try{l=JSON.parse(t)}catch{return{success:!1,error:"Invalid credential"}}const d=await n.env.data.authenticationMethods.getByCredentialId(i.tenant.id,l.id);if(!d||!d.public_key||!d.confirmed)return R(n,i.tenant.id,{type:O.FAILED_LOGIN,description:"Passkey not found or not confirmed"}),{success:!1,error:"Passkey not found"};const u=wr(n),p=h1(n);try{const f=Buffer.from(d.public_key,"base64url"),h=await ite({response:l,expectedChallenge:c,expectedOrigin:p,expectedRPID:u,credential:{id:d.credential_id,publicKey:new Uint8Array(f),counter:d.sign_count||0,transports:d.transports||[]},requireUserVerification:!1});if(!h.verified)return R(n,i.tenant.id,{type:O.FAILED_LOGIN,description:"Passkey verification failed"}),{success:!1,error:"Verification failed"};await n.env.data.authenticationMethods.update(i.tenant.id,d.id,{sign_count:h.authenticationInfo.newCounter});const g=await n.env.data.users.get(i.tenant.id,d.user_id);if(!g)return R(n,i.tenant.id,{type:O.FAILED_LOGIN,description:"User not found for passkey"}),{success:!1,error:"User not found"};const m=g.linked_to?await n.env.data.users.get(i.tenant.id,g.linked_to):g;if(!m)return{success:!1,error:"User not found"};R(n,i.tenant.id,{type:O.SUCCESS_LOGIN,description:"Passkey authentication successful",userId:m.user_id});const _=o.state||be.PENDING,y={user_id:m.user_id,state_data:JSON.stringify({...a,mfa_verified:!0})};if(_===be.AWAITING_MFA){const{state:b}=_i(_,{type:qn.COMPLETE_MFA});y.state=b}await n.env.data.loginSessions.update(i.tenant.id,r,y);const w={...o,...y};return{success:!0,user:g,primaryUser:m,loginSession:w,authConnection:g.connection||W.USERNAME_PASSWORD}}catch(f){return R(n,i.tenant.id,{type:O.FAILED_LOGIN,description:`Passkey authentication error: ${f instanceof Error?f.message:"unknown"}`}),{success:!1,error:"Authentication failed"}}}function ste(e,t){const{connections:n}=e,i=n.filter(l=>l.strategy!==W.EMAIL&&l.strategy!==W.SMS&&l.strategy!==W.USERNAME_PASSWORD);if(i.length===0)return[];const r=i.map(l=>{const d=l.display_name||l.name;return{name:l.name,strategy:l.strategy,display_name:t.federatedConnectionButtonText({connectionName:d}),icon_url:_y(l)}}),a={id:"social-buttons",type:"SOCIAL",category:"FIELD",visible:!0,config:{providers:i.map(l=>l.name),provider_details:r},order:0};if(n.some(l=>l.strategy===W.EMAIL||l.strategy===W.SMS||l.strategy===W.USERNAME_PASSWORD)){const l={id:"divider",type:"DIVIDER",category:"BLOCK",visible:!0,order:1,config:{text:t.separatorText()}};return[a,l]}return[a]}async function Qi(e){const{client:t,branding:n,state:i,prefill:r,errors:o,messages:a,customText:c,routePrefix:l}=e,d=e.language||"en",{m:u}=Se("login-id","login-id",d,c),p=ste(e,u),f=p.length,h=e.connections.some(N=>N.strategy===W.EMAIL||N.strategy===W.SMS||N.strategy===W.USERNAME_PASSWORD),g=e.connections.find(N=>N.strategy===W.USERNAME_PASSWORD),m=bs(g),_=m.usernameIdentifierActive,y=m.emailIdentifierActive,w=_&&y?u.usernameOrEmailPlaceholder():_?u.usernamePlaceholder():u.emailPlaceholder(),b=[...p];if(h){const N=o?.username?[{text:o.username,type:"error"}]:void 0;b.push({id:"username",type:_?"TEXT":"EMAIL",category:"FIELD",visible:!0,label:w,config:{placeholder:w},required:!0,order:f+1,messages:N},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:u.buttonText()},order:f+2})}const A=e.connections.some(N=>N.options?.authentication_methods?.passkey?.enabled);if(A){b.push({id:"credential-field",type:"TEXT",category:"FIELD",visible:!1,config:{},order:b.length+1},{id:"action-field",type:"TEXT",category:"FIELD",visible:!1,config:{},order:b.length+2});const N=b.find(D=>D.id==="username");N&&"config"in N&&(N.config.autocomplete="username webauthn")}const v=e.connections.some(N=>N.strategy===W.USERNAME_PASSWORD),k=t.client_metadata?.disable_sign_ups==="true",x=e.ctx.var.loginSession?.authorization_url,T=x&&new URL(x).searchParams.get("screen_hint")==="login";if(v&&!k&&!T){const N=`${l}/signup?state=${encodeURIComponent(i)}`;b.push({id:"signup-link",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:`<div class="signup-link">${u.footerText()} <a href="${N}">${u.footerLinkText()}</a></div>`},order:b.length+1})}const I=[];A&&e.connections.find(B=>B.options?.authentication_methods?.passkey?.enabled)?.options?.passkey_options?.challenge_ui!=="autofill"&&I.push({id:"passkey-link",text:"",linkText:u.passkeyButtonText(),href:`${l}/passkey/challenge?state=${encodeURIComponent(i)}`});const F={name:"identifier",action:`${l}/login/identifier?state=${encodeURIComponent(i)}`,method:"POST",title:u.title(),description:u.description({clientName:t.name||"the application"}),components:b,messages:a,...I.length>0?{links:I}:{}};if(r?.username){const N=F.components.find(D=>D.id==="username");N&&"config"in N&&(N.config.default_value=r.username)}let $,P;if(A){const N=wr(e.ctx),D=await f1({rpID:N,userVerification:"preferred",timeout:6e4}),B=await e.ctx.env.data.loginSessions.get(e.client.tenant.id,i);if(B){const Z=B.state_data?JSON.parse(B.state_data):{};await e.ctx.env.data.loginSessions.update(e.client.tenant.id,i,{state_data:JSON.stringify({...Z,webauthn_challenge:D.challenge})})}const V=JSON.stringify(D);$=sP(V),P=oP(V)}return{screen:F,branding:n,extraScript:$,ceremony:P}}const ate={id:"identifier",name:"Identifier",description:"First screen of the login flow - collects email/username",handler:{get:Qi,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e;if(t["action-field"]==="passkey-authenticate"){const T=t["credential-field"],I=await g1(e,T);if(I.success){const F=await nt(n,{authParams:I.loginSession.authParams,user:I.primaryUser,client:i,loginSession:{...I.loginSession,user_id:I.primaryUser.user_id},authConnection:I.authConnection,authStrategy:{strategy:"passkey",strategy_type:Ht.DATABASE}}),$=F.headers.get("location"),P=F.headers.getSetCookie?.()||[];return $?{redirect:$,cookies:P}:{response:F}}return{error:I.error,screen:await Qi({...e,messages:[{text:I.error,type:"error"}]})}}const a=t.username?.toLowerCase()?.trim(),c=i.connections.find(T=>T.strategy===W.USERNAME_PASSWORD),l=bs(c),d=l.usernameIdentifierActive,u=e.language||"en",{m:p}=Se("login-id","login-id",u,e.customText);if(!a){const T=d?p["no-email-username"]():p["no-email"]();return{error:T,screen:await Qi({...e,errors:{username:T}})}}const f=n.get("countryCode"),{normalized:h,connectionType:g}=fo(a,f);if(!h){const T=p["invalid-email-format"]();return{error:T,screen:await Qi({...e,prefill:{username:a},errors:{username:T}})}}if(g==="email"){const T=Qz(h,i.connections,n.env.STRATEGIES);if(T){const I=await n.env.data.loginSessions.get(i.tenant.id,r);if(I){I.authParams.username=h,await n.env.data.loginSessions.update(i.tenant.id,I.id,I);const F=await Hf(n,i,T.name,I.authParams),$=F.headers.get("location"),P=F.headers.getSetCookie?.()||[];return $?{redirect:$,cookies:P}:{response:F}}}}if(g==="username"&&d){const T=l.usernameMinLength,I=l.usernameMaxLength;if(h.length<T){const F=p.usernameTooShort({min:String(T)});return{error:F,screen:await Qi({...e,prefill:{username:a},errors:{username:F}})}}if(h.length>I){const F=p.usernameTooLong({max:String(I)});return{error:F,screen:await Qi({...e,prefill:{username:a},errors:{username:F}})}}}const m=g==="email"?await co({userAdapter:n.env.data.users,tenant_id:i.tenant.id,email:h}):g==="username"?await ur({env:n.env,tenant_id:i.tenant.id,username:h}):await dr({userAdapter:n.env.data.users,tenant_id:i.tenant.id,username:h,provider:"sms"});if(!(i.connections.find(T=>T.strategy===g)||g==="username"&&d||m)){const T=p.userAccountDoesNotExist();return{error:T,screen:await Qi({...e,prefill:{username:a},errors:{username:T}})}}if(!m){const T=await tu(n,i,n.env.data,h,g);if(!T.allowed)return{error:T.reason||p.userAccountDoesNotExist(),screen:await Qi({...e,prefill:{username:a},errors:{username:p.userAccountDoesNotExist()}})}}const y=await n.env.data.loginSessions.get(i.tenant.id,r);if(!y){const T=p.sessionExpired();return{error:T,screen:await Qi({...e,prefill:{username:a},errors:{username:T}})}}y.authParams.username=h,await n.env.data.loginSessions.update(i.tenant.id,y.id,y);const w=await Kz(n,i,a,g,t.login_selection),b={...e,data:{email:h},errors:void 0};if(w==="password")return{screen:await vl(b)};let A=xn(),v=await n.env.data.codes.get(i.tenant.id,A,"otp");for(;v;)A=xn(),v=await n.env.data.codes.get(i.tenant.id,A,"otp");await n.env.data.codes.create(i.tenant.id,{code_id:A,code_type:"otp",login_id:y.id,expires_at:new Date(Date.now()+ka).toISOString(),redirect_uri:y.authParams.redirect_uri});const k=i.connections.find(T=>T.strategy===g),x=y.authParams?.ui_locales?.split(" ")?.map(T=>T.split("-")[0])[0];return g==="email"&&k?.options?.authentication_method==="magic_link"?await lu(n,{to:h,code:A,authParams:y.authParams,language:x}):await cu(n,{to:h,code:A,language:x}),g==="sms"?{screen:await Ro(b)}:k?.options?.authentication_method==="magic_link"?{screen:await I8(b)}:{screen:await jo(b)}}}};function cte(e,t){const{connections:n}=e,i=n.filter(f=>f.strategy!==W.USERNAME_PASSWORD);if(i.length===0)return[];const r=`${e.routePrefix}/login/login-passwordless-identifier?state=${encodeURIComponent(e.state)}`,o=i.filter(f=>f.strategy===W.EMAIL||f.strategy===W.SMS),a=i.filter(f=>f.strategy!==W.EMAIL&&f.strategy!==W.SMS),c=a.map(f=>{const h=f.display_name||f.name;return{name:f.name,strategy:f.strategy,display_name:t.federatedConnectionButtonText({connectionName:h}),icon_url:_y(f)}}),l=o[0];l&&c.push({name:l.name,strategy:l.strategy,display_name:t.enterACodeBtn(),icon_url:_y(l),href:r});const u={id:"social-buttons",type:"SOCIAL",category:"FIELD",visible:!0,config:{providers:[...a.map(f=>f.name),...l?[l.name]:[]],provider_details:c},order:0};if(n.some(f=>f.strategy===W.USERNAME_PASSWORD)){const f={id:"divider",type:"DIVIDER",category:"BLOCK",visible:!0,order:1,config:{text:t.separatorText()}};return[u,f]}return[u]}async function In(e){const{client:t,branding:n,state:i,prefill:r,errors:o,messages:a,customText:c,routePrefix:l}=e,d=e.language||"en",{m:u}=Se("login","login",d,c),p=cte(e,u),f=p.length,h=e.connections.find(B=>B.strategy===W.USERNAME_PASSWORD),g=!!h,m=bs(h),_=m.usernameIdentifierActive,y=m.emailIdentifierActive,w=_&&y||_?u.usernamePlaceholder():u.emailPlaceholder(),b=[...p];if(g){const B=o?.username?[{text:o.username,type:"error"}]:void 0,V=o?.password?[{text:o.password,type:"error"}]:void 0;b.push({id:"username",type:_?"TEXT":"EMAIL",category:"FIELD",visible:!0,label:w,config:{placeholder:w},required:!0,order:f+1,messages:B},{id:"password",type:"PASSWORD",category:"FIELD",visible:!0,label:u.passwordPlaceholder(),config:{placeholder:u.passwordPlaceholder()},required:!0,sensitive:!0,order:f+2,messages:V});const Z=`${l}/reset-password/request?state=${encodeURIComponent(i)}`;b.push({id:"forgot-password-link",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:`<div class="forgot-password-link"><a href="${Z}">${u.forgotPasswordText()}</a></div>`},order:f+3}),b.push({id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:u.buttonText()},order:f+4})}const A=e.connections.some(B=>B.options?.authentication_methods?.passkey?.enabled),v=A?await e.ctx.env.data.loginSessions.get(t.tenant.id,i):null,k=A&&v?.user_id?await nP(e.ctx,t.tenant.id,v.user_id):[],x=!!v?.user_id;if(A){b.push({id:"credential-field",type:"TEXT",category:"FIELD",visible:!1,config:{},order:b.length+1},{id:"action-field",type:"TEXT",category:"FIELD",visible:!1,config:{},order:b.length+2});const B=b.find(V=>V.id==="username");B&&"config"in B&&(B.config.autocomplete="username webauthn")}const T=t.client_metadata?.disable_sign_ups==="true",I=e.ctx.var.loginSession?.authorization_url,F=I&&new URL(I).searchParams.get("screen_hint")==="login";if(g&&!T&&!F){const B=`${l}/signup?state=${encodeURIComponent(i)}`;b.push({id:"signup-link",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:`<div class="signup-link">${u.footerText()} <a href="${B}">${u.footerLinkText()}</a></div>`},order:b.length+1})}const $=[];if(A){const V=e.connections.find(te=>te.options?.authentication_methods?.passkey?.enabled)?.options?.passkey_options?.challenge_ui,Z=x?k.length>0:!0;V!=="autofill"&&Z&&$.push({id:"passkey-link",text:"",linkText:u.passkeyButtonText(),href:`${l}/passkey/challenge?state=${encodeURIComponent(i)}`})}const P={name:"login",action:`${l}/login?state=${encodeURIComponent(i)}`,method:"POST",title:u.title(),description:u.description({clientName:t.name||"the application"}),components:b,messages:a,...$.length>0?{links:$}:{}};if(r?.username){const B=P.components.find(V=>V.id==="username");B&&"config"in B&&(B.config.default_value=r.username)}let N,D;if(A){const B=wr(e.ctx),V=x?k.map(Q=>({id:Q.credential_id,transports:Q.transports||[],type:"public-key"})):void 0,Z=await f1({rpID:B,userVerification:"preferred",timeout:6e4,...V?{allowCredentials:V}:{}});if(v){const Q=v.state_data?JSON.parse(v.state_data):{};await e.ctx.env.data.loginSessions.update(e.client.tenant.id,i,{state_data:JSON.stringify({...Q,webauthn_challenge:Z.challenge})})}const te=JSON.stringify(Z);N=sP(te),D=oP(te)}return{screen:P,branding:n,extraScript:N,ceremony:D}}const lte={id:"login",name:"Login",description:"Combined login screen with email, password, and social login",handler:{get:In,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e;if(t["action-field"]==="passkey-authenticate"){const w=t["credential-field"],b=await g1(e,w);if(b.success){const A=await nt(n,{authParams:b.loginSession.authParams,user:b.primaryUser,client:i,loginSession:{...b.loginSession,user_id:b.primaryUser.user_id},authConnection:b.authConnection,authStrategy:{strategy:"passkey",strategy_type:Ht.DATABASE}}),v=A.headers.get("location"),k=A.headers.getSetCookie?.()||[];return v?{redirect:v,cookies:k}:{response:A}}return{error:b.error,screen:await In({...e,messages:[{text:b.error,type:"error"}]})}}const a=t.username?.toLowerCase()?.trim(),c=t.password?.trim(),l=e.language||"en",{m:d}=Se("login","login",l,e.customText),u=i.connections.find(w=>w.strategy===W.USERNAME_PASSWORD),p=bs(u),f=p.usernameIdentifierActive;if(!a){const w=d["no-email"]();return{error:w,screen:await In({...e,errors:{username:w}})}}if(!c){const w=d["no-password"]();return{error:w,screen:await In({...e,prefill:{username:a},errors:{password:w}})}}const h=n.get("countryCode"),{normalized:g,connectionType:m}=fo(a,h);if(!g){const w=d.invalidIdentifier();return{error:w,screen:await In({...e,prefill:{username:a},errors:{username:w}})}}if(m==="username"&&f){const w=p.usernameMinLength,b=p.usernameMaxLength;if(g.length<w){const A=d.usernameTooShort({min:String(w)});return{error:A,screen:await In({...e,prefill:{username:a},errors:{username:A}})}}if(g.length>b){const A=d.usernameTooLong({max:String(b)});return{error:A,screen:await In({...e,prefill:{username:a},errors:{username:A}})}}}if(m==="username"&&!f){const w=d.invalidEmail();return{error:w,screen:await In({...e,prefill:{username:a},errors:{username:w}})}}const _=m==="email"?await co({userAdapter:n.env.data.users,tenant_id:i.tenant.id,email:g}):m==="username"?await ur({env:n.env,tenant_id:i.tenant.id,username:g}):await dr({userAdapter:n.env.data.users,tenant_id:i.tenant.id,username:g,provider:"sms"});if(!u){const w=d.passwordLoginNotAvailable();return{error:w,screen:await In({...e,prefill:{username:a},errors:{username:w}})}}if(!_&&!(await tu(n,i,n.env.data,g,m)).allowed){const b=d.userAccountDoesNotExist();return{error:b,screen:await In({...e,prefill:{username:a},errors:{username:b}})}}const y=await n.env.data.loginSessions.get(i.tenant.id,r);if(!y){const w=d.sessionExpired();return{error:w,screen:await In({...e,prefill:{username:a},errors:{username:w}})}}y.authParams.username=g,await n.env.data.loginSessions.update(i.tenant.id,y.id,y);try{const w=await du(n,i,{...y.authParams,password:c},y),b=w.headers.get("location"),A=w.headers.getSetCookie?.()||[];return b?{redirect:b,cookies:A}:{response:w}}catch(w){const b=w;let A=b.message||d["wrong-credentials"]();return b.code==="INVALID_PASSWORD"||b.code==="USER_NOT_FOUND"?A=d["wrong-credentials"]():b.code==="EMAIL_NOT_VERIFIED"?A=d.unverifiedEmail():b.code==="TOO_MANY_FAILED_LOGINS"&&(A=d.tooManyFailedLogins()),{error:A,screen:await In({...e,prefill:{username:a},errors:{password:A}})}}}}};async function Ei(e){const{branding:t,state:n,prefill:i,errors:r,customText:o,routePrefix:a}=e,c=e.language||"en",{m:l}=Se("signup","signup",c,o),d=e.connections.some(h=>h.strategy===W.USERNAME_PASSWORD),u=[];if(d){let h=1;u.push({id:"email",type:"EMAIL",category:"FIELD",visible:!0,label:l.emailPlaceholder(),config:{placeholder:l.emailPlaceholder()},required:!0,order:h++,messages:r?.email?[{text:r.email,type:"error"}]:void 0},{id:"password",type:"PASSWORD",category:"FIELD",visible:!0,label:l.passwordPlaceholder(),config:{placeholder:l.passwordPlaceholder(),show_toggle:!0},required:!0,sensitive:!0,order:h++,messages:r?.password?[{text:r.password,type:"error"}]:void 0},{id:"re_password",type:"PASSWORD",category:"FIELD",visible:!0,label:l.confirmPasswordPlaceholder(),config:{placeholder:l.confirmPasswordPlaceholder(),show_toggle:!0},required:!0,sensitive:!0,order:h++,messages:r?.re_password?[{text:r.re_password,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:l.buttonText()},order:h++})}if(i?.email){const h=u.find(g=>g.id==="email");h&&"config"in h&&(h.config.default_value=i.email)}const p=await qi(e);return{screen:{name:"signup",action:`${a}/signup?state=${encodeURIComponent(n)}`,method:"POST",title:l.title(),description:l.description(),components:u,links:[{id:"login",text:l.loginActionText(),linkText:l.loginActionLinkText(),href:`${p}?state=${encodeURIComponent(n)}`}]},branding:t}}const dte={id:"signup",name:"Sign Up",description:"New user registration screen",handler:{get:Ei,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=t.email?.toLowerCase()?.trim(),a=t.password?.trim(),c=t.re_password?.trim(),l=e.language||"en",{m:d}=Se("signup","signup",l,e.customText),{m:u}=Se("signup-password","signup-password",l,e.customText);if(!o)return{error:"Email is required",screen:await Ei({...e,errors:{email:d["invalid-email-format"]()}})};if(!a)return{error:"Password is required",screen:await Ei({...e,prefill:{email:o},errors:{password:d["no-password"]()}})};if(!c)return{error:"Please confirm your password",screen:await Ei({...e,prefill:{email:o},errors:{re_password:d.confirmPasswordPlaceholder()}})};if(a!==c)return{error:"Passwords don't match",screen:await Ei({...e,prefill:{email:o},errors:{re_password:d.passwordsDidntMatch()}})};const f=i.connections.find(k=>k.strategy===W.USERNAME_PASSWORD)?.name||W.USERNAME_PASSWORD,h=await zd(n.env.data,i.tenant.id,f);try{await Id(h,{tenantId:i.tenant.id,userId:"",newPassword:a,data:n.env.data})}catch(k){const x=k instanceof Error?k.message:u["password-too-weak"]();return{error:x,screen:await Ei({...e,prefill:{email:o},errors:{password:x}})}}if(await lo({env:n.env,tenant_id:i.tenant.id,username:o}))return{error:"User already exists",screen:await Ei({...e,prefill:{email:o},errors:{email:d["email-already-exists"]()}})};const m=await n.env.data.loginSessions.get(i.tenant.id,r);if(!m)return{error:"Session expired",screen:await Ei({...e,prefill:{email:o},errors:{email:d.sessionExpired()}})};m.authParams.username=o,await n.env.data.loginSessions.update(i.tenant.id,m.id,m);const _=await uc(n.env,i.tenant.id),y=`${_}|${ao()}`,{hash:w,algorithm:b}=await Pa(a);let A;try{A=await n.env.data.users.create(i.tenant.id,{user_id:y,email:o,email_verified:!1,provider:_,connection:f,is_social:!1,password:{hash:w,algorithm:b}})}catch(k){return console.log("Err: "+k.message),{error:"Failed to create user",screen:await Ei({...e,prefill:{email:o},errors:{email:"Failed to create user"}})}}const v=m.authParams?.ui_locales?.split(" ")?.map(k=>k.split("-")[0])[0];try{await Tg(n,A,v)}catch(k){console.error("Failed to send verification email:",k)}try{const k=await du(n,i,{...m.authParams,password:a},m),x=k.headers.get("location"),T=k.headers.getSetCookie?.()||[];return x?{redirect:x,cookies:T}:{response:k}}catch{return{screen:await Ei({...e,messages:[{text:d.verifyEmailText(),type:"success"}]})}}}}};async function aP(e){const{ctx:t,client:n,code:i,password:r,username:o}=e,{env:a}=t,c=await lo({env:a,tenant_id:n.tenant.id,username:o});if(!c)return{error:"User not found",field:"password"};const d=n.connections.find(h=>h.strategy===W.USERNAME_PASSWORD)?.name||c.connection,u=await zd(a.data,n.tenant.id,d);try{await Id(u,{tenantId:n.tenant.id,userId:c.user_id,newPassword:r,userData:c,data:a.data})}catch(h){return{error:h instanceof Error?h.message:"Password too weak",field:"password"}}const p=await a.data.codes.get(n.tenant.id,i,"password_reset");if(!p)return{error:"code_expired",field:"code"};if(!await a.data.codes.consume(n.tenant.id,p.code_id))return{error:"code_expired",field:"code"};try{const h=await a.data.passwords.get(n.tenant.id,c.user_id);return h&&await a.data.passwords.update(n.tenant.id,{id:h.id,user_id:c.user_id,password:h.password,algorithm:h.algorithm,is_current:!1}),await a.data.passwords.create(n.tenant.id,{user_id:c.user_id,password:await lc.hash(r,10),algorithm:"bcrypt",is_current:!0}),c.email_verified||await a.data.users.update(n.tenant.id,c.user_id,{email_verified:!0}),await R(t,n.tenant.id,{type:O.SUCCESS_CHANGE_PASSWORD,description:`Password changed for ${c.email}`,userId:c.user_id}),{success:!0}}catch(h){const g=h instanceof Error?h.message:JSON.stringify(h);return await R(t,n.tenant.id,{type:O.FAILED_CHANGE_PASSWORD,description:`Password reset failed for ${c.email}: ${g}`,userId:c.user_id}),{error:h instanceof Error?h.message:"Password reset failed",field:"password"}}}async function Us(e){const{branding:t,state:n,errors:i,messages:r,customText:o,routePrefix:a}=e,c=e.language||"en",{m:l}=Se("reset-password","reset-password",c,o),d=[{id:"password",type:"PASSWORD",category:"FIELD",visible:!0,label:l.passwordLabel(),config:{placeholder:l.passwordPlaceholder(),show_toggle:!0},required:!0,sensitive:!0,order:0,messages:i?.password?[{text:i.password,type:"error"}]:void 0},{id:"confirm_password",type:"PASSWORD",category:"FIELD",visible:!0,label:l.confirmPasswordLabel(),config:{placeholder:l.confirmPasswordPlaceholder()},required:!0,sensitive:!0,order:1,messages:i?.confirm_password?[{text:i.confirm_password,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:l.buttonText()},order:2}];return{screen:{name:"reset-password",action:`${a}/reset-password?state=${encodeURIComponent(n)}`,method:"POST",title:l.title(),description:l.description(),components:d,messages:r?.map(p=>({text:p.text,type:p.type}))},branding:t}}const ute={id:"reset-password",name:"Reset Password",description:"Set new password screen",handler:{get:Us,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,{env:o}=n,a=t.password?.trim(),c=t.confirm_password?.trim(),l=e.language||"en",{m:d}=Se("reset-password","reset-password",l,e.customText);if(!a)return{error:"Password is required",screen:await Us({...e,errors:{password:"Password is required"}})};if(a!==c){const g=d.passwordsDidntMatch();return{error:g,screen:await Us({...e,errors:{confirm_password:g}})}}const u=await o.data.loginSessions.get(i.tenant.id,r);if(!u||!u.authParams?.username)return{error:"Session expired",screen:await Us({...e,errors:{password:"Session expired. Please start over."}})};const p=e.data?.code;if(!p)return{error:"Reset code not found",screen:await Us({...e,errors:{password:"Reset code not found"}})};const f=await aP({ctx:n,client:i,code:p,password:a,username:u.authParams.username});if("success"in f)return{redirect:`/u2/identifier?state=${encodeURIComponent(r)}&message=password_reset_success`};const h=f.error==="code_expired"?d.codeExpired():f.error;return{error:h,screen:await Us({...e,errors:{[f.field]:h}})}}}};async function Ci(e){const{branding:t,state:n,errors:i,messages:r,data:o,customText:a,routePrefix:c="/u2"}=e,l=e.language||"en",{m:d}=Se("reset-password","reset-password-code",l,a),{m:u}=Se("login","login",l,a),p=o?.email,f=p?p.replace(/(.{2})(.*)(@.*)/,"$1***$3"):"",g=[{id:"info",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:f?d.description({email:`<strong>${Te(f)}</strong>`}):d.defaultDescription()},order:0},{id:"code",type:"TEXT",category:"FIELD",visible:!0,label:d.codeLabel(),config:{placeholder:d.codePlaceholder(),max_length:6},required:!0,order:1,messages:i?.code?[{text:i.code,type:"error"}]:void 0},{id:"password",type:"PASSWORD",category:"FIELD",visible:!0,label:d.passwordLabel(),config:{placeholder:d.passwordPlaceholder(),show_toggle:!0},required:!0,sensitive:!0,order:2,messages:i?.password?[{text:i.password,type:"error"}]:void 0},{id:"confirm_password",type:"PASSWORD",category:"FIELD",visible:!0,label:d.confirmPasswordLabel(),config:{placeholder:d.confirmPasswordPlaceholder()},required:!0,sensitive:!0,order:3,messages:i?.confirm_password?[{text:i.confirm_password,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:d.buttonText()},order:4},{id:"resend",type:"RESEND_BUTTON",category:"BLOCK",visible:!0,config:{text:d.resendText()},order:5}];return{screen:{name:"reset-password-code",action:`${c}/reset-password/code?state=${encodeURIComponent(n)}`,method:"POST",title:d.title(),components:g,messages:r?.map(_=>({text:_.text,type:_.type})),links:[{id:"back",text:d.backToLoginText(),linkText:u.buttonText(),href:`${await qi(e)}?state=${encodeURIComponent(n)}`}]},branding:t}}const pte={id:"reset-password-code",name:"Reset Password Code",description:"Enter reset code and new password screen",handler:{get:Ci,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=e.language||"en",{m:a}=Se("reset-password","reset-password-code",o,e.customText);if(t.action==="resend"){const h=await n.env.data.loginSessions.get(i.tenant.id,r);if(!h?.authParams?.username){const g=a.sessionExpired();return{error:g,screen:await Ci({...e,errors:{code:g}})}}try{await Kv(n,i,h.authParams.username,r,"code")}catch(g){return console.error("Failed to resend password reset code:",g),{error:a.resendFailed(),screen:await Ci({...e,messages:[{text:a.resendFailed(),type:"error"}]})}}return{screen:await Ci({...e,messages:[{text:a.resendSuccess(),type:"success"}]})}}const c=t.code?.trim(),l=t.password?.trim(),d=t.confirm_password?.trim();if(!c){const h=a.noCode();return{error:h,screen:await Ci({...e,errors:{code:h}})}}if(!l)return{error:"Password is required",screen:await Ci({...e,errors:{password:"Password is required"}})};if(l!==d){const h=a.passwordsDidntMatch();return{error:h,screen:await Ci({...e,errors:{confirm_password:h}})}}const u=await n.env.data.loginSessions.get(i.tenant.id,r);if(!u?.authParams?.username){const h=a.sessionExpired();return{error:h,screen:await Ci({...e,errors:{code:h}})}}const p=await aP({ctx:n,client:i,code:c,password:l,username:u.authParams.username});if("success"in p)return{redirect:`/u2/identifier?state=${encodeURIComponent(r)}&message=password_reset_success`};const f=p.error==="code_expired"?a.invalidCode():p.error;return{error:f,screen:await Ci({...e,errors:{[p.field]:f}})}}}};async function XE(e){const{branding:t,state:n,prefill:i,errors:r,messages:o,customText:a,routePrefix:c="/u2"}=e,l=e.language||"en",{m:d}=Se("reset-password","reset-password",l,a),{m:u}=Se("login","login",l,a),p=[{id:"info",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:d.description()},order:0},{id:"email",type:"EMAIL",category:"FIELD",visible:!0,label:d.emailPlaceholder(),config:{placeholder:d.emailPlaceholder()},required:!0,order:1,messages:r?.email?[{text:r.email,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:d.buttonText()},order:2}];if(i?.email){const h=p.find(g=>g.id==="email");h&&"config"in h&&(h.config.default_value=i.email)}return{screen:{name:"forgot-password",action:`${c}/reset-password/request?state=${encodeURIComponent(n)}`,method:"POST",title:d.title(),components:p,messages:o?.map(h=>({text:h.text,type:h.type})),links:[{id:"back",text:d.backToLoginText(),linkText:u.buttonText(),href:`${await qi(e)}?state=${encodeURIComponent(n)}`}]},branding:t}}async function fte(e){const{branding:t,state:n,customText:i}=e,r=e.language||"en",{m:o}=Se("reset-password","reset-password",r,i),{m:a}=Se("login","login",r,i),c=[{id:"info",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:o.successDescription()},order:0}];return{screen:{name:"forgot-password",action:"",method:"GET",title:o.successTitle(),components:c,links:[{id:"back",text:o.backToLoginText(),linkText:a.buttonText(),href:`${await qi(e)}?state=${encodeURIComponent(n)}`}]},branding:t}}const hte={id:"forgot-password",name:"Forgot Password",description:"Password reset request screen",handler:{get:XE,post:async(e,t)=>{const{ctx:n,client:i,state:r,customText:o}=e,a=e.language||"en",{m:c}=Se("reset-password","reset-password",a,o),l=t.email?.trim();if(!l){const f=c["no-email"]();return{error:f,screen:await XE({...e,errors:{email:f}})}}const d=await n.env.data.loginSessions.get(i.tenant.id,r);d&&await n.env.data.loginSessions.update(i.tenant.id,r,{authParams:{...d.authParams,username:l}});const p=e.client.connections.find(f=>f.strategy===W.USERNAME_PASSWORD)?.options?.attributes?.email?.verification_method;return await Kv(n,i,l,r,p),p==="code"?{screen:await Ci({...e,data:{...e.data,email:l}})}:{screen:await fte(e)}}}};async function cP(e){const{ctx:t,tenant:n,client:i,branding:r,state:o,errors:a,routePrefix:c="/u2"}=e,l=await t.env.data.loginSessions.get(n.id,o);if(!l)throw new z(400,{message:"Login session not found"});if(!l.session_id)throw new z(400,{message:"No session linked to login session"});const d=await t.env.data.sessions.get(n.id,l.session_id);if(!d)throw new z(400,{message:"Session not found"});const u=await t.env.data.users.get(n.id,d.user_id);if(!u)throw new z(400,{message:"User not found"});if(!(await t.env.data.userPermissions.list(n.id,u.user_id)).some(m=>m.permission_name==="users:impersonate"))return{screen:{name:"impersonate",action:`${c}/impersonate?state=${encodeURIComponent(o)}`,method:"POST",title:"Access Denied",description:"You do not have permission to impersonate other users.",components:[],messages:[{id:1,text:"You do not have permission to impersonate other users.",type:"error"}]},branding:r};const h=[{id:"info",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:"<p>You have permission to impersonate other users.</p><p>Leave the field empty and click Continue to proceed as yourself, or enter a user ID to impersonate.</p>"},order:0},{id:"current-user",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:`<div class="current-user-info"><strong>Current user:</strong> ${Te(u.email||u.user_id)}</div>`},order:1},{id:"divider",type:"DIVIDER",category:"BLOCK",visible:!0,order:2},{id:"user_id",type:"TEXT",category:"FIELD",visible:!0,label:"User ID to impersonate (optional)",config:{placeholder:"Enter user ID or leave empty to continue as yourself"},required:!1,order:3,messages:a?.user_id?[{text:a.user_id,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:"Continue"},order:4}];return{screen:{name:"impersonate",action:`${c}/impersonate?state=${encodeURIComponent(o)}`,method:"POST",title:"Impersonation",description:i.name?`Impersonation for ${Te(i.name)}`:"User impersonation",components:h},branding:r}}async function gte(e,t){const{ctx:n,tenant:i,client:r,state:o}=e,a=await n.env.data.loginSessions.get(i.id,o);if(!a)throw new z(400,{message:"Login session not found"});if(!a.session_id)throw new z(400,{message:"No session linked to login session"});const c=await n.env.data.sessions.get(i.id,a.session_id);if(!c)throw new z(400,{message:"Current session not found"});const l=await n.env.data.users.get(i.id,c.user_id);if(!l)throw new z(400,{message:"Current user not found"});if(!(await n.env.data.userPermissions.list(i.id,l.user_id)).some(_=>_.permission_name==="users:impersonate"))throw new z(403,{message:"Access denied: insufficient permissions"});const p=t.user_id?.trim();if(!p){const _=await nt(n,{client:r,authParams:a.authParams,loginSession:a,user:l,existingSessionIdToLink:c.id,skipHooks:!0}),y=_.headers.get("Location"),w=_.headers.getSetCookie?.()||[];if(y)return{redirect:y,cookies:w};throw new z(500,{message:"Failed to generate redirect"})}const f=await n.env.data.users.get(i.id,p);if(!f)return R(n,i.id,{type:O.FAILED_IMPERSONATION,description:`User ${l.email} failed to impersonate non-existent user: ${p}`,userId:l.user_id}),{error:"User not found",screen:await cP({...e,errors:{user_id:"User not found"}})};const h=await nt(n,{client:r,authParams:a.authParams,loginSession:a,user:f,existingSessionIdToLink:c.id,impersonatingUser:l,skipHooks:!0}),g=h.headers.get("Location"),m=h.headers.getSetCookie?.()||[];if(!g)throw new z(500,{message:"Failed to generate redirect"});return R(n,i.id,{type:O.SUCCESS_IMPERSONATION,description:`User ${l.email} impersonating ${f.email||f.user_id}`,userId:f.user_id}),{redirect:g,cookies:m}}const mte={id:"impersonate",name:"Impersonate",description:"Allows users with permission to impersonate other users",handler:{get:cP,post:gte}};async function zr(e){const{branding:t,state:n,prefill:i,errors:r,messages:o,customText:a,routePrefix:c}=e,l=e.language||"en",{m:d}=Se("login-passwordless","login-passwordless",l,a),{m:u}=Se("common","common",l,a),p=e.connections.some(w=>w.strategy===W.EMAIL),f=e.connections.some(w=>w.strategy===W.SMS),h=p&&f?d.authMethodEmailOrPhone():f?d.authMethodPhone():d.authMethodEmail(),g=[];let m=0;if(f&&!p){const w=r?.username?[{text:r.username,type:"error"}]:void 0;g.push({id:"username",type:"TEL",category:"FIELD",visible:!0,label:d.phonePlaceholder(),config:{placeholder:d.phonePlaceholder(),default_country:e.ctx.get("countryCode")||"US"},required:!0,order:m++,messages:w})}else if(p&&!f){const w=r?.username?[{text:r.username,type:"error"}]:void 0;g.push({id:"username",type:"EMAIL",category:"FIELD",visible:!0,label:d.emailPlaceholder(),config:{placeholder:d.emailPlaceholder()},required:!0,order:m++,messages:w})}else{const w=r?.username?[{text:r.username,type:"error"}]:void 0;g.push({id:"username",type:"TEL",category:"FIELD",visible:!0,label:d.emailOrPhonePlaceholder(),config:{placeholder:d.emailOrPhonePlaceholder(),default_country:e.ctx.get("countryCode")||"US",allow_email:!0},required:!0,order:m++,messages:w})}g.push({id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:u.continueText()},order:m++});const _=`${c}/login?state=${encodeURIComponent(n)}`,y={name:"login-passwordless-identifier",action:`${c}/login/login-passwordless-identifier?state=${encodeURIComponent(n)}`,method:"POST",title:d.title(),description:d.description({authMethod:h}),components:g,messages:o,links:[{id:"back",text:"",linkText:u.backText(),href:_}]};if(i?.username){const w=y.components.find(b=>b.id==="username");w&&"config"in w&&(w.config.default_value=i.username)}return{screen:y,branding:t}}const yte={id:"login-passwordless-identifier",name:"Login Passwordless Identifier",description:"Collects email or phone for passwordless code-based login",handler:{get:zr,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=t.username?.toLowerCase()?.trim(),a=e.language||"en",{m:c}=Se("login-passwordless","login-passwordless",a,e.customText);if(!o){const b=e.connections.some(A=>A.strategy===W.SMS)&&!e.connections.some(A=>A.strategy===W.EMAIL)?c.noPhone():c.noEmail();return{error:b,screen:await zr({...e,errors:{username:b}})}}const l=n.get("countryCode"),{normalized:d,connectionType:u}=fo(o,l);if(!d){const w=c.invalidIdentifier();return{error:w,screen:await zr({...e,prefill:{username:o},errors:{username:w}})}}if(u==="username"){const w=c.invalidIdentifier();return{error:w,screen:await zr({...e,prefill:{username:o},errors:{username:w}})}}const p=i.connections.find(w=>w.strategy===u);if(!p){const w=u==="sms"?c.invalidPhone():c.invalidEmail();return{error:w,screen:await zr({...e,prefill:{username:o},errors:{username:w}})}}if(!(u==="email"?await co({userAdapter:n.env.data.users,tenant_id:i.tenant.id,email:d}):await dr({userAdapter:n.env.data.users,tenant_id:i.tenant.id,username:d,provider:"sms"}))){const w=await tu(n,i,n.env.data,d,u);if(!w.allowed){const b=w.reason||c.userAccountDoesNotExist();return{error:b,screen:await zr({...e,prefill:{username:o},errors:{username:b}})}}}const h=await n.env.data.loginSessions.get(i.tenant.id,r);if(!h){const w=c.sessionExpired();return{error:w,screen:await zr({...e,prefill:{username:o},errors:{username:w}})}}h.authParams.username=d,await n.env.data.loginSessions.update(i.tenant.id,h.id,h);let g=xn(),m=await n.env.data.codes.get(i.tenant.id,g,"otp");for(;m;)g=xn(),m=await n.env.data.codes.get(i.tenant.id,g,"otp");await n.env.data.codes.create(i.tenant.id,{code_id:g,code_type:"otp",login_id:h.id,expires_at:new Date(Date.now()+ka).toISOString(),redirect_uri:h.authParams.redirect_uri});const _=h.authParams?.ui_locales?.split(" ")?.map(w=>w.split("-")[0])[0];try{u==="email"&&p?.options?.authentication_method==="magic_link"?await lu(n,{to:d,code:g,authParams:h.authParams,language:_}):await cu(n,{to:d,code:g,language:_})}catch(w){const b=w instanceof Error?{name:w.name,message:w.message}:{name:"UnknownError"};console.error("Failed to send verification code:",b),await n.env.data.codes.remove(i.tenant.id,g);const A=c.invalidIdentifier();return{error:A,screen:await zr({...e,prefill:{username:o},errors:{username:A}})}}const y={...e,data:{email:d},errors:void 0};return u==="sms"?{screen:await Ro(y)}:p?.options?.authentication_method==="magic_link"?{screen:await I8(y)}:{screen:await jo(y)}}}};async function _te(e,t,n=6){if(n>8)throw new TypeError("Digits must be 8 or smaller");const i=bte(t),r=await new z$("SHA-1").sign(e,i),o=wte(new Uint8Array(r));return(sb(o)%10**n).toString().padStart(n,"0")}function wte(e){const t=sb(P$(e[e.byteLength-1]).slice(4));return Fj(e).slice(t*8+1,(t+4)*8)}function bte(e){const t=new Uint8Array(8),n=e.toString(2).padStart(64,"0");for(let i=0;i<8;i++)t[i]=sb(n.slice(i*8,(i+1)*8));return t}class vte{digits;period;constructor(t){this.digits=t?.digits??6,this.period=t?.period??new Pd(30,"s")}async generate(t){const n=Math.floor(Date.now()/this.period.milliseconds());return await _te(t,n,this.digits)}async verify(t,n){const i=await this.generate(n);return t===i}}function Ate(e,t,n,i){const[r,o]=kte("totp",e,t,n);return r+"?"+o.toString()}function kte(e,t,n,i,r){const o=encodeURIComponent(t),a=encodeURIComponent(n),c=`otpauth://${e}/${o}:${a}`,l=new URLSearchParams({secret:_h.encode(new Uint8Array(i),{includePadding:!1}),issuer:t});return[c,l]}const Ste=600*1e3;async function Ete(e,t,n){const i=await e.env.data.tenants.get(t);if(!i)return{required:!1};const r=i.mfa?.policy;if(!r||r==="never")return{required:!1};if(!(i.mfa?.factors?.sms===!0||i.mfa?.factors?.otp===!0||i.mfa?.factors?.webauthn_roaming===!0||i.mfa?.factors?.webauthn_platform===!0))throw new z(500,{message:"MFA policy requires MFA but no supported factors are enabled. Enable at least one factor (e.g. SMS, OTP, or WebAuthn) in the tenant MFA configuration."});const a=i.mfa?.factors,c=a?.webauthn_roaming===!0||a?.webauthn_platform===!0,l=["passkey","webauthn-roaming","webauthn-platform"],u=(await e.env.data.authenticationMethods.list(t,n)).filter(p=>p.confirmed&&(p.type==="phone"&&a?.sms===!0||p.type==="totp"&&a?.otp===!0||l.includes(p.type)&&c));return u.length>0?{required:!0,enrolled:!0,enrollment:u[0],allEnrollments:u}:{required:!0,enrolled:!1}}async function Dg(e,t,n,i){const r=t.tenant,o=xn(),a=`mfa:${n.id}`;await e.env.data.codes.remove(r.id,a),await e.env.data.codes.create(r.id,{code_id:a,code_type:"mfa_otp",login_id:n.id,otp:o,expires_at:new Date(Date.now()+Ste).toISOString()});const c=t.connections.find(u=>u.strategy===W.SMS),l=e.env.data.smsService;if(!l)throw new z(500,{message:"SMS service not configured"});const d=c?.options||r.mfa?.twilio||{};try{await l.send({options:d,to:i,from:r.friendly_name,text:`Your verification code is: ${o}`,template:"mfa-code",data:{code:o,tenantName:r.friendly_name||"",tenantId:r.id}}),R(e,r.id,{type:O.MFA_SMS_SENT,description:"MFA SMS sent"})}catch(u){throw R(e,r.id,{type:O.ERROR_SENDING_MFA_SMS,description:`Failed to send MFA SMS: ${u instanceof Error?u.message:String(u)}`}),u}}async function m1(e,t,n,i){const r=`mfa:${n}`,o=await e.env.data.codes.get(t,r,"mfa_otp");return!o||new Date(o.expires_at)<new Date||o.otp!==i?!1:await e.env.data.codes.consume(t,r)}const xte=20,Cte=new vte;function y1(){const e=new Uint8Array(xte);return crypto.getRandomValues(e),_h.encode(e,{includePadding:!1})}function Ca(e,t,n){const i=_h.decode(n,{strict:!1});return Ate(e,t,i)}async function Bg(e,t){const n=_h.decode(e,{strict:!1});return Cte.verify(t,n)}const lP=Object.freeze(Object.defineProperty({__proto__:null,checkMfaRequired:Ete,createTotpUri:Ca,generateTotpSecret:y1,sendMfaOtp:Dg,verifyMfaOtp:m1,verifyTotpCode:Bg},Symbol.toStringTag,{value:"Module"}));function dP(e){return e&&SK(e)?e:"US"}async function Uc(e){const{branding:t,state:n,errors:i,customText:r,routePrefix:o}=e,a=e.language||"en",{m:c}=Se("mfa-phone","mfa-phone-enrollment",a,r),l=[{id:"phone_number",type:"TEL",category:"FIELD",visible:!0,label:c.placeholder(),config:{placeholder:c.placeholder(),default_country:dP(e.ctx.get("countryCode"))},required:!0,order:0,messages:i?.phone_number?[{text:i.phone_number,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:c.continueButtonText()},order:1}],d=[],u=e.client.tenant;return u.mfa?.factors?.otp===!0&&u.mfa?.factors?.sms===!0&&d.push({id:"back",text:"",linkText:"Try another method",href:`${o}/mfa/login-options?state=${encodeURIComponent(n)}`}),{screen:{name:"mfa-phone-enrollment",action:`${o}/mfa/phone-enrollment?state=${encodeURIComponent(n)}`,method:"POST",title:c.title(),description:c.description(),components:l,...d.length>0&&{links:d}},branding:t}}const Tte={id:"mfa-phone-enrollment",name:"MFA Phone Enrollment",description:"Phone number enrollment screen for SMS MFA",handler:{get:async e=>{const{ctx:t,client:n,state:i}=e,r=await t.env.data.loginSessions.get(n.tenant.id,i);if(r?.user_id&&(await t.env.data.authenticationMethods.list(n.tenant.id,r.user_id)).some(a=>a.confirmed))throw new z(403,{message:"Cannot enroll new MFA factor while existing factors are active"});return Uc(e)},post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=t.phone_number?.trim(),a=e.language||"en",{m:c}=Se("mfa-phone","mfa-phone-enrollment",a,e.customText),l=await n.env.data.loginSessions.get(i.tenant.id,r);if(!l||!l.user_id){const h=c["transaction-not-found"]();return{error:h,screen:await Uc({...e,errors:{phone_number:h}})}}if((await n.env.data.authenticationMethods.list(i.tenant.id,l.user_id)).some(h=>h.confirmed))throw new z(403,{message:"Cannot enroll new MFA factor while existing factors are active"});if(!o){const h=c["no-phone"]();return{error:h,screen:await Uc({...e,errors:{phone_number:h}})}}const u=dP(n.get("countryCode")),p=Pv(o,{defaultCountry:u});if(!p||!p.isValid()){const h=c["invalid-phone"]();return{error:h,screen:await Uc({...e,errors:{phone_number:h}})}}const f=p.number;try{R(n,i.tenant.id,{type:O.MFA_ENROLL_STARTED,description:"MFA phone enrollment started",userId:l.user_id});const h=await n.env.data.authenticationMethods.create(i.tenant.id,{user_id:l.user_id,type:"phone",phone_number:f,confirmed:!1}),g=l.state_data?JSON.parse(l.state_data):{};await n.env.data.loginSessions.update(i.tenant.id,r,{state_data:JSON.stringify({...g,authenticationMethodId:h.id})});try{await Dg(n,i,l,f)}catch(_){throw await n.env.data.authenticationMethods.remove(i.tenant.id,h.id),await n.env.data.loginSessions.update(i.tenant.id,r,{state_data:JSON.stringify(g)}),_}return{redirect:`${e.routePrefix||"/u2"}/mfa/phone-challenge?state=${encodeURIComponent(r)}`}}catch(h){console.error("[mfa-phone-enrollment] Error during phone enrollment:",h),R(n,i.tenant.id,{type:O.MFA_ENROLLMENT_FAILED,description:`MFA phone enrollment failed: ${h instanceof Error?h.message:String(h)}`,userId:l.user_id});const g=c["sms-authenticator-error"]();return{error:g,screen:await Uc({...e,errors:{phone_number:g}})}}}}};async function Zi(e){const{branding:t,state:n,errors:i,messages:r,data:o,customText:a,routePrefix:c}=e,l=e.language||"en",{m:d}=Se("mfa-phone","mfa-phone-challenge",l,a),u=o?.phone;let p="";if(u)if(u.replace(/\D/g,"").length>6){const _=u.slice(0,4),y=u.slice(-2);p=_+"*".repeat(u.length-6)+y}else p=u;const f=p?d.description({phoneNumber:`<strong>${Te(p)}</strong>`}):d.description({phoneNumber:""}),h=[{id:"code",type:"TEXT",category:"FIELD",visible:!0,label:d.codePlaceholder(),config:{placeholder:d.codePlaceholder(),max_length:6},required:!0,order:0,messages:i?.code?[{text:i.code,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:d.continueButtonText()},order:1},{id:"resend",type:"RESEND_BUTTON",category:"BLOCK",visible:!0,config:{text:d.smsButtonText()},order:2}];return{screen:{name:"mfa-phone-challenge",action:`${c}/mfa/phone-challenge?state=${encodeURIComponent(n)}`,method:"POST",title:d.title(),description:f,components:h,messages:r?.map(m=>({text:m.text,type:m.type}))},branding:t}}async function Hu(e,t,n){const i=n.state_data?JSON.parse(n.state_data):{};if(i.authenticationMethodId){const r=await e.env.data.authenticationMethods.get(t,i.authenticationMethodId);if(r?.phone_number)return r.phone_number}if(n.user_id){const o=(await e.env.data.authenticationMethods.list(t,n.user_id)).find(a=>a.type==="phone");if(o?.phone_number)return o.phone_number}}const $te={id:"mfa-phone-challenge",name:"MFA Phone Challenge",description:"Phone code verification screen for MFA",handler:{get:Zi,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=t.code?.trim(),a=e.language||"en",{m:c}=Se("mfa-phone","mfa-phone-challenge",a,e.customText);if(t.action==="resend"){const u=await n.env.data.loginSessions.get(i.tenant.id,r);if(!u||u.state!==be.AWAITING_MFA){const h=c["transaction-not-found"]();return{error:h,screen:await Zi({...e,errors:{code:h}})}}const p=await Hu(n,i.tenant.id,u);if(!p)return{screen:await Zi({...e,data:{...e.data,phone:p}})};const f=[];try{await Dg(n,i,u,p),f.push({text:c.resendSuccess(),type:"success"})}catch{f.push({text:c["send-sms-failed"](),type:"error"})}return{screen:await Zi({...e,data:{...e.data,phone:p},messages:f})}}if(!o){const u=c.noCode();return{error:u,screen:await Zi({...e,errors:{code:u}})}}const l=await n.env.data.loginSessions.get(i.tenant.id,r);if(!l||!l.user_id||l.state!==be.AWAITING_MFA){const u=c["transaction-not-found"]();return{error:u,screen:await Zi({...e,errors:{code:u}})}}R(n,i.tenant.id,{type:O.SECOND_FACTOR_STARTED,description:"MFA verification started",userId:l.user_id});let d;try{d=await m1(n,i.tenant.id,l.id,o)}catch(u){R(n,i.tenant.id,{type:O.MFA_AUTH_FAILED,description:`MFA verification error: ${u instanceof Error?u.message:"unknown error"}`,userId:l.user_id});const p=await Hu(n,i.tenant.id,l),f=c.unexpectedError();return{error:f,screen:await Zi({...e,data:{...e.data,phone:p},errors:{code:f}})}}if(!d){R(n,i.tenant.id,{type:O.MFA_AUTH_FAILED,description:"MFA verification failed - invalid code",userId:l.user_id});const u=await Hu(n,i.tenant.id,l),p=c.invalidCode();return{error:p,screen:await Zi({...e,data:{...e.data,phone:u},errors:{code:p}})}}try{const u=l.state_data?JSON.parse(l.state_data):{};if(u.authenticationMethodId){const y=await n.env.data.authenticationMethods.get(i.tenant.id,u.authenticationMethodId);y&&!y.confirmed&&(await n.env.data.authenticationMethods.update(i.tenant.id,y.id,{confirmed:!0}),R(n,i.tenant.id,{type:O.MFA_ENROLLMENT_COMPLETE,description:"MFA phone enrollment completed",userId:l.user_id}))}if(u.guardian_enrollment)return R(n,i.tenant.id,{type:O.MFA_AUTH_SUCCESS,description:"MFA phone verification succeeded (guardian enrollment)",userId:l.user_id}),{screen:{screen:{name:"mfa-phone-challenge",action:"",method:"GET",title:c.title(),description:c.enrollmentComplete(),components:[]},branding:e.branding}};const p=l.state||be.AWAITING_MFA,{state:f}=_i(p,{type:qn.COMPLETE_MFA});R(n,i.tenant.id,{type:O.MFA_AUTH_SUCCESS,description:"MFA verification succeeded",userId:l.user_id}),await n.env.data.loginSessions.update(i.tenant.id,r,{state:f,state_data:JSON.stringify({...u,mfa_verified:!0})});const h=await n.env.data.users.get(i.tenant.id,l.user_id);if(!h)throw new Error("User not found");const g=await nt(n,{authParams:l.authParams,user:h,client:i,loginSession:l,authConnection:l.auth_connection}),m=g.headers.get("location"),_=g.headers.getSetCookie?.()||[];return m?{redirect:m,cookies:_}:{response:g}}catch{const u=await Hu(n,i.tenant.id,l),p=c.unexpectedError();return{error:p,screen:await Zi({...e,data:{...e.data,phone:u},errors:{code:p}})}}}}};var qs={},P0,e4;function Ite(){return e4||(e4=1,P0=function(){return typeof Promise=="function"&&Promise.prototype&&Promise.prototype.then}),P0}var N0={},Pr={},t4;function Ps(){if(t4)return Pr;t4=1;let e;const t=[0,26,44,70,100,134,172,196,242,292,346,404,466,532,581,655,733,815,901,991,1085,1156,1258,1364,1474,1588,1706,1828,1921,2051,2185,2323,2465,2611,2761,2876,3034,3196,3362,3532,3706];return Pr.getSymbolSize=function(i){if(!i)throw new Error('"version" cannot be null or undefined');if(i<1||i>40)throw new Error('"version" should be in range from 1 to 40');return i*4+17},Pr.getSymbolTotalCodewords=function(i){return t[i]},Pr.getBCHDigit=function(n){let i=0;for(;n!==0;)i++,n>>>=1;return i},Pr.setToSJISFunction=function(i){if(typeof i!="function")throw new Error('"toSJISFunc" is not a valid function.');e=i},Pr.isKanjiModeEnabled=function(){return typeof e<"u"},Pr.toSJIS=function(i){return e(i)},Pr}var F0={},n4;function _1(){return n4||(n4=1,(function(e){e.L={bit:1},e.M={bit:0},e.Q={bit:3},e.H={bit:2};function t(n){if(typeof n!="string")throw new Error("Param is not a string");switch(n.toLowerCase()){case"l":case"low":return e.L;case"m":case"medium":return e.M;case"q":case"quartile":return e.Q;case"h":case"high":return e.H;default:throw new Error("Unknown EC Level: "+n)}}e.isValid=function(i){return i&&typeof i.bit<"u"&&i.bit>=0&&i.bit<4},e.from=function(i,r){if(e.isValid(i))return i;try{return t(i)}catch{return r}}})(F0)),F0}var O0,i4;function zte(){if(i4)return O0;i4=1;function e(){this.buffer=[],this.length=0}return e.prototype={get:function(t){const n=Math.floor(t/8);return(this.buffer[n]>>>7-t%8&1)===1},put:function(t,n){for(let i=0;i<n;i++)this.putBit((t>>>n-i-1&1)===1)},getLengthInBits:function(){return this.length},putBit:function(t){const n=Math.floor(this.length/8);this.buffer.length<=n&&this.buffer.push(0),t&&(this.buffer[n]|=128>>>this.length%8),this.length++}},O0=e,O0}var j0,r4;function Pte(){if(r4)return j0;r4=1;function e(t){if(!t||t<1)throw new Error("BitMatrix size must be defined and greater than 0");this.size=t,this.data=new Uint8Array(t*t),this.reservedBit=new Uint8Array(t*t)}return e.prototype.set=function(t,n,i,r){const o=t*this.size+n;this.data[o]=i,r&&(this.reservedBit[o]=!0)},e.prototype.get=function(t,n){return this.data[t*this.size+n]},e.prototype.xor=function(t,n,i){this.data[t*this.size+n]^=i},e.prototype.isReserved=function(t,n){return this.reservedBit[t*this.size+n]},j0=e,j0}var R0={},o4;function Nte(){return o4||(o4=1,(function(e){const t=Ps().getSymbolSize;e.getRowColCoords=function(i){if(i===1)return[];const r=Math.floor(i/7)+2,o=t(i),a=o===145?26:Math.ceil((o-13)/(2*r-2))*2,c=[o-7];for(let l=1;l<r-1;l++)c[l]=c[l-1]-a;return c.push(6),c.reverse()},e.getPositions=function(i){const r=[],o=e.getRowColCoords(i),a=o.length;for(let c=0;c<a;c++)for(let l=0;l<a;l++)c===0&&l===0||c===0&&l===a-1||c===a-1&&l===0||r.push([o[c],o[l]]);return r}})(R0)),R0}var D0={},s4;function Fte(){if(s4)return D0;s4=1;const e=Ps().getSymbolSize,t=7;return D0.getPositions=function(i){const r=e(i);return[[0,0],[r-t,0],[0,r-t]]},D0}var B0={},a4;function Ote(){return a4||(a4=1,(function(e){e.Patterns={PATTERN000:0,PATTERN001:1,PATTERN010:2,PATTERN011:3,PATTERN100:4,PATTERN101:5,PATTERN110:6,PATTERN111:7};const t={N1:3,N2:3,N3:40,N4:10};e.isValid=function(r){return r!=null&&r!==""&&!isNaN(r)&&r>=0&&r<=7},e.from=function(r){return e.isValid(r)?parseInt(r,10):void 0},e.getPenaltyN1=function(r){const o=r.size;let a=0,c=0,l=0,d=null,u=null;for(let p=0;p<o;p++){c=l=0,d=u=null;for(let f=0;f<o;f++){let h=r.get(p,f);h===d?c++:(c>=5&&(a+=t.N1+(c-5)),d=h,c=1),h=r.get(f,p),h===u?l++:(l>=5&&(a+=t.N1+(l-5)),u=h,l=1)}c>=5&&(a+=t.N1+(c-5)),l>=5&&(a+=t.N1+(l-5))}return a},e.getPenaltyN2=function(r){const o=r.size;let a=0;for(let c=0;c<o-1;c++)for(let l=0;l<o-1;l++){const d=r.get(c,l)+r.get(c,l+1)+r.get(c+1,l)+r.get(c+1,l+1);(d===4||d===0)&&a++}return a*t.N2},e.getPenaltyN3=function(r){const o=r.size;let a=0,c=0,l=0;for(let d=0;d<o;d++){c=l=0;for(let u=0;u<o;u++)c=c<<1&2047|r.get(d,u),u>=10&&(c===1488||c===93)&&a++,l=l<<1&2047|r.get(u,d),u>=10&&(l===1488||l===93)&&a++}return a*t.N3},e.getPenaltyN4=function(r){let o=0;const a=r.data.length;for(let l=0;l<a;l++)o+=r.data[l];return Math.abs(Math.ceil(o*100/a/5)-10)*t.N4};function n(i,r,o){switch(i){case e.Patterns.PATTERN000:return(r+o)%2===0;case e.Patterns.PATTERN001:return r%2===0;case e.Patterns.PATTERN010:return o%3===0;case e.Patterns.PATTERN011:return(r+o)%3===0;case e.Patterns.PATTERN100:return(Math.floor(r/2)+Math.floor(o/3))%2===0;case e.Patterns.PATTERN101:return r*o%2+r*o%3===0;case e.Patterns.PATTERN110:return(r*o%2+r*o%3)%2===0;case e.Patterns.PATTERN111:return(r*o%3+(r+o)%2)%2===0;default:throw new Error("bad maskPattern:"+i)}}e.applyMask=function(r,o){const a=o.size;for(let c=0;c<a;c++)for(let l=0;l<a;l++)o.isReserved(l,c)||o.xor(l,c,n(r,l,c))},e.getBestMask=function(r,o){const a=Object.keys(e.Patterns).length;let c=0,l=1/0;for(let d=0;d<a;d++){o(d),e.applyMask(d,r);const u=e.getPenaltyN1(r)+e.getPenaltyN2(r)+e.getPenaltyN3(r)+e.getPenaltyN4(r);e.applyMask(d,r),u<l&&(l=u,c=d)}return c}})(B0)),B0}var Vu={},c4;function uP(){if(c4)return Vu;c4=1;const e=_1(),t=[1,1,1,1,1,1,1,1,1,1,2,2,1,2,2,4,1,2,4,4,2,4,4,4,2,4,6,5,2,4,6,6,2,5,8,8,4,5,8,8,4,5,8,11,4,8,10,11,4,9,12,16,4,9,16,16,6,10,12,18,6,10,17,16,6,11,16,19,6,13,18,21,7,14,21,25,8,16,20,25,8,17,23,25,9,17,23,34,9,18,25,30,10,20,27,32,12,21,29,35,12,23,34,37,12,25,34,40,13,26,35,42,14,28,38,45,15,29,40,48,16,31,43,51,17,33,45,54,18,35,48,57,19,37,51,60,19,38,53,63,20,40,56,66,21,43,59,70,22,45,62,74,24,47,65,77,25,49,68,81],n=[7,10,13,17,10,16,22,28,15,26,36,44,20,36,52,64,26,48,72,88,36,64,96,112,40,72,108,130,48,88,132,156,60,110,160,192,72,130,192,224,80,150,224,264,96,176,260,308,104,198,288,352,120,216,320,384,132,240,360,432,144,280,408,480,168,308,448,532,180,338,504,588,196,364,546,650,224,416,600,700,224,442,644,750,252,476,690,816,270,504,750,900,300,560,810,960,312,588,870,1050,336,644,952,1110,360,700,1020,1200,390,728,1050,1260,420,784,1140,1350,450,812,1200,1440,480,868,1290,1530,510,924,1350,1620,540,980,1440,1710,570,1036,1530,1800,570,1064,1590,1890,600,1120,1680,1980,630,1204,1770,2100,660,1260,1860,2220,720,1316,1950,2310,750,1372,2040,2430];return Vu.getBlocksCount=function(r,o){switch(o){case e.L:return t[(r-1)*4+0];case e.M:return t[(r-1)*4+1];case e.Q:return t[(r-1)*4+2];case e.H:return t[(r-1)*4+3];default:return}},Vu.getTotalCodewordsCount=function(r,o){switch(o){case e.L:return n[(r-1)*4+0];case e.M:return n[(r-1)*4+1];case e.Q:return n[(r-1)*4+2];case e.H:return n[(r-1)*4+3];default:return}},Vu}var L0={},qc={},l4;function jte(){if(l4)return qc;l4=1;const e=new Uint8Array(512),t=new Uint8Array(256);return(function(){let i=1;for(let r=0;r<255;r++)e[r]=i,t[i]=r,i<<=1,i&256&&(i^=285);for(let r=255;r<512;r++)e[r]=e[r-255]})(),qc.log=function(i){if(i<1)throw new Error("log("+i+")");return t[i]},qc.exp=function(i){return e[i]},qc.mul=function(i,r){return i===0||r===0?0:e[t[i]+t[r]]},qc}var d4;function Rte(){return d4||(d4=1,(function(e){const t=jte();e.mul=function(i,r){const o=new Uint8Array(i.length+r.length-1);for(let a=0;a<i.length;a++)for(let c=0;c<r.length;c++)o[a+c]^=t.mul(i[a],r[c]);return o},e.mod=function(i,r){let o=new Uint8Array(i);for(;o.length-r.length>=0;){const a=o[0];for(let l=0;l<r.length;l++)o[l]^=t.mul(r[l],a);let c=0;for(;c<o.length&&o[c]===0;)c++;o=o.slice(c)}return o},e.generateECPolynomial=function(i){let r=new Uint8Array([1]);for(let o=0;o<i;o++)r=e.mul(r,new Uint8Array([1,t.exp(o)]));return r}})(L0)),L0}var M0,u4;function Dte(){if(u4)return M0;u4=1;const e=Rte();function t(n){this.genPoly=void 0,this.degree=n,this.degree&&this.initialize(this.degree)}return t.prototype.initialize=function(i){this.degree=i,this.genPoly=e.generateECPolynomial(this.degree)},t.prototype.encode=function(i){if(!this.genPoly)throw new Error("Encoder not initialized");const r=new Uint8Array(i.length+this.degree);r.set(i);const o=e.mod(r,this.genPoly),a=this.degree-o.length;if(a>0){const c=new Uint8Array(this.degree);return c.set(o,a),c}return o},M0=t,M0}var U0={},q0={},H0={},p4;function pP(){return p4||(p4=1,H0.isValid=function(t){return!isNaN(t)&&t>=1&&t<=40}),H0}var xi={},f4;function fP(){if(f4)return xi;f4=1;const e="[0-9]+",t="[A-Z $%*+\\-./:]+";let n="(?:[u3000-u303F]|[u3040-u309F]|[u30A0-u30FF]|[uFF00-uFFEF]|[u4E00-u9FAF]|[u2605-u2606]|[u2190-u2195]|u203B|[u2010u2015u2018u2019u2025u2026u201Cu201Du2225u2260]|[u0391-u0451]|[u00A7u00A8u00B1u00B4u00D7u00F7])+";n=n.replace(/u/g,"\\u");const i="(?:(?![A-Z0-9 $%*+\\-./:]|"+n+`)(?:.|[\r
830
+ })();`}async function g1(e,t){const{ctx:n,client:i,state:r}=e,o=await n.env.data.loginSessions.get(i.tenant.id,r);if(!o)return{success:!1,error:"Session not found"};const a=o.state_data?JSON.parse(o.state_data):{},c=a.webauthn_challenge;if(!c)return{success:!1,error:"Challenge expired"};let l;try{l=JSON.parse(t)}catch{return{success:!1,error:"Invalid credential"}}const d=await n.env.data.authenticationMethods.getByCredentialId(i.tenant.id,l.id);if(!d||!d.public_key||!d.confirmed)return R(n,i.tenant.id,{type:O.FAILED_LOGIN,description:"Passkey not found or not confirmed"}),{success:!1,error:"Passkey not found"};const u=wr(n),p=h1(n);try{const f=Buffer.from(d.public_key,"base64url"),h=await ite({response:l,expectedChallenge:c,expectedOrigin:p,expectedRPID:u,credential:{id:d.credential_id,publicKey:new Uint8Array(f),counter:d.sign_count||0,transports:d.transports||[]},requireUserVerification:!1});if(!h.verified)return R(n,i.tenant.id,{type:O.FAILED_LOGIN,description:"Passkey verification failed"}),{success:!1,error:"Verification failed"};await n.env.data.authenticationMethods.update(i.tenant.id,d.id,{sign_count:h.authenticationInfo.newCounter});const g=await n.env.data.users.get(i.tenant.id,d.user_id);if(!g)return R(n,i.tenant.id,{type:O.FAILED_LOGIN,description:"User not found for passkey"}),{success:!1,error:"User not found"};const m=g.linked_to?await n.env.data.users.get(i.tenant.id,g.linked_to):g;if(!m)return{success:!1,error:"User not found"};R(n,i.tenant.id,{type:O.SUCCESS_LOGIN,description:"Passkey authentication successful",userId:m.user_id});const _=o.state||be.PENDING,y={user_id:m.user_id,state_data:JSON.stringify({...a,mfa_verified:!0})};if(_===be.AWAITING_MFA){const{state:b}=_i(_,{type:qn.COMPLETE_MFA});y.state=b}await n.env.data.loginSessions.update(i.tenant.id,r,y);const w={...o,...y};return{success:!0,user:g,primaryUser:m,loginSession:w,authConnection:g.connection||W.USERNAME_PASSWORD}}catch(f){return R(n,i.tenant.id,{type:O.FAILED_LOGIN,description:`Passkey authentication error: ${f instanceof Error?f.message:"unknown"}`}),{success:!1,error:"Authentication failed"}}}function ste(e,t){const{connections:n}=e,i=n.filter(l=>!(l.strategy===W.EMAIL||l.strategy===W.SMS||l.strategy===W.USERNAME_PASSWORD||l.options?.domain_aliases?.length&&l.show_as_button!==!0));if(i.length===0)return[];const r=i.map(l=>{const d=l.display_name||l.name;return{name:l.name,strategy:l.strategy,display_name:t.federatedConnectionButtonText({connectionName:d}),icon_url:_y(l)}}),a={id:"social-buttons",type:"SOCIAL",category:"FIELD",visible:!0,config:{providers:i.map(l=>l.name),provider_details:r},order:0};if(n.some(l=>l.strategy===W.EMAIL||l.strategy===W.SMS||l.strategy===W.USERNAME_PASSWORD)){const l={id:"divider",type:"DIVIDER",category:"BLOCK",visible:!0,order:1,config:{text:t.separatorText()}};return[a,l]}return[a]}async function Qi(e){const{client:t,branding:n,state:i,prefill:r,errors:o,messages:a,customText:c,routePrefix:l}=e,d=e.language||"en",{m:u}=Se("login-id","login-id",d,c),p=ste(e,u),f=p.length,h=e.connections.some(N=>N.strategy===W.EMAIL||N.strategy===W.SMS||N.strategy===W.USERNAME_PASSWORD),g=e.connections.find(N=>N.strategy===W.USERNAME_PASSWORD),m=bs(g),_=m.usernameIdentifierActive,y=m.emailIdentifierActive,w=_&&y?u.usernameOrEmailPlaceholder():_?u.usernamePlaceholder():u.emailPlaceholder(),b=[...p];if(h){const N=o?.username?[{text:o.username,type:"error"}]:void 0;b.push({id:"username",type:_?"TEXT":"EMAIL",category:"FIELD",visible:!0,label:w,config:{placeholder:w},required:!0,order:f+1,messages:N},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:u.buttonText()},order:f+2})}const A=e.connections.some(N=>N.options?.authentication_methods?.passkey?.enabled);if(A){b.push({id:"credential-field",type:"TEXT",category:"FIELD",visible:!1,config:{},order:b.length+1},{id:"action-field",type:"TEXT",category:"FIELD",visible:!1,config:{},order:b.length+2});const N=b.find(D=>D.id==="username");N&&"config"in N&&(N.config.autocomplete="username webauthn")}const v=e.connections.some(N=>N.strategy===W.USERNAME_PASSWORD),k=t.client_metadata?.disable_sign_ups==="true",x=e.ctx.var.loginSession?.authorization_url,T=x&&new URL(x).searchParams.get("screen_hint")==="login";if(v&&!k&&!T){const N=`${l}/signup?state=${encodeURIComponent(i)}`;b.push({id:"signup-link",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:`<div class="signup-link">${u.footerText()} <a href="${N}">${u.footerLinkText()}</a></div>`},order:b.length+1})}const I=[];A&&e.connections.find(B=>B.options?.authentication_methods?.passkey?.enabled)?.options?.passkey_options?.challenge_ui!=="autofill"&&I.push({id:"passkey-link",text:"",linkText:u.passkeyButtonText(),href:`${l}/passkey/challenge?state=${encodeURIComponent(i)}`});const F={name:"identifier",action:`${l}/login/identifier?state=${encodeURIComponent(i)}`,method:"POST",title:u.title(),description:u.description({clientName:t.name||"the application"}),components:b,messages:a,...I.length>0?{links:I}:{}};if(r?.username){const N=F.components.find(D=>D.id==="username");N&&"config"in N&&(N.config.default_value=r.username)}let $,P;if(A){const N=wr(e.ctx),D=await f1({rpID:N,userVerification:"preferred",timeout:6e4}),B=await e.ctx.env.data.loginSessions.get(e.client.tenant.id,i);if(B){const Z=B.state_data?JSON.parse(B.state_data):{};await e.ctx.env.data.loginSessions.update(e.client.tenant.id,i,{state_data:JSON.stringify({...Z,webauthn_challenge:D.challenge})})}const V=JSON.stringify(D);$=sP(V),P=oP(V)}return{screen:F,branding:n,extraScript:$,ceremony:P}}const ate={id:"identifier",name:"Identifier",description:"First screen of the login flow - collects email/username",handler:{get:Qi,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e;if(t["action-field"]==="passkey-authenticate"){const T=t["credential-field"],I=await g1(e,T);if(I.success){const F=await nt(n,{authParams:I.loginSession.authParams,user:I.primaryUser,client:i,loginSession:{...I.loginSession,user_id:I.primaryUser.user_id},authConnection:I.authConnection,authStrategy:{strategy:"passkey",strategy_type:Ht.DATABASE}}),$=F.headers.get("location"),P=F.headers.getSetCookie?.()||[];return $?{redirect:$,cookies:P}:{response:F}}return{error:I.error,screen:await Qi({...e,messages:[{text:I.error,type:"error"}]})}}const a=t.username?.toLowerCase()?.trim(),c=i.connections.find(T=>T.strategy===W.USERNAME_PASSWORD),l=bs(c),d=l.usernameIdentifierActive,u=e.language||"en",{m:p}=Se("login-id","login-id",u,e.customText);if(!a){const T=d?p["no-email-username"]():p["no-email"]();return{error:T,screen:await Qi({...e,errors:{username:T}})}}const f=n.get("countryCode"),{normalized:h,connectionType:g}=fo(a,f);if(!h){const T=p["invalid-email-format"]();return{error:T,screen:await Qi({...e,prefill:{username:a},errors:{username:T}})}}if(g==="email"){const T=Qz(h,i.connections,n.env.STRATEGIES);if(T){const I=await n.env.data.loginSessions.get(i.tenant.id,r);if(I){I.authParams.username=h,await n.env.data.loginSessions.update(i.tenant.id,I.id,I);const F=await Hf(n,i,T.name,I.authParams),$=F.headers.get("location"),P=F.headers.getSetCookie?.()||[];return $?{redirect:$,cookies:P}:{response:F}}}}if(g==="username"&&d){const T=l.usernameMinLength,I=l.usernameMaxLength;if(h.length<T){const F=p.usernameTooShort({min:String(T)});return{error:F,screen:await Qi({...e,prefill:{username:a},errors:{username:F}})}}if(h.length>I){const F=p.usernameTooLong({max:String(I)});return{error:F,screen:await Qi({...e,prefill:{username:a},errors:{username:F}})}}}const m=g==="email"?await co({userAdapter:n.env.data.users,tenant_id:i.tenant.id,email:h}):g==="username"?await ur({env:n.env,tenant_id:i.tenant.id,username:h}):await dr({userAdapter:n.env.data.users,tenant_id:i.tenant.id,username:h,provider:"sms"});if(!(i.connections.find(T=>T.strategy===g)||g==="username"&&d||m)){const T=p.userAccountDoesNotExist();return{error:T,screen:await Qi({...e,prefill:{username:a},errors:{username:T}})}}if(!m){const T=await tu(n,i,n.env.data,h,g);if(!T.allowed)return{error:T.reason||p.userAccountDoesNotExist(),screen:await Qi({...e,prefill:{username:a},errors:{username:p.userAccountDoesNotExist()}})}}const y=await n.env.data.loginSessions.get(i.tenant.id,r);if(!y){const T=p.sessionExpired();return{error:T,screen:await Qi({...e,prefill:{username:a},errors:{username:T}})}}y.authParams.username=h,await n.env.data.loginSessions.update(i.tenant.id,y.id,y);const w=await Kz(n,i,a,g,t.login_selection),b={...e,data:{email:h},errors:void 0};if(w==="password")return{screen:await vl(b)};let A=xn(),v=await n.env.data.codes.get(i.tenant.id,A,"otp");for(;v;)A=xn(),v=await n.env.data.codes.get(i.tenant.id,A,"otp");await n.env.data.codes.create(i.tenant.id,{code_id:A,code_type:"otp",login_id:y.id,expires_at:new Date(Date.now()+ka).toISOString(),redirect_uri:y.authParams.redirect_uri});const k=i.connections.find(T=>T.strategy===g),x=y.authParams?.ui_locales?.split(" ")?.map(T=>T.split("-")[0])[0];return g==="email"&&k?.options?.authentication_method==="magic_link"?await lu(n,{to:h,code:A,authParams:y.authParams,language:x}):await cu(n,{to:h,code:A,language:x}),g==="sms"?{screen:await Ro(b)}:k?.options?.authentication_method==="magic_link"?{screen:await I8(b)}:{screen:await jo(b)}}}};function cte(e,t){const{connections:n}=e,i=n.filter(f=>f.strategy!==W.USERNAME_PASSWORD);if(i.length===0)return[];const r=`${e.routePrefix}/login/login-passwordless-identifier?state=${encodeURIComponent(e.state)}`,o=i.filter(f=>f.strategy===W.EMAIL||f.strategy===W.SMS),a=i.filter(f=>f.strategy!==W.EMAIL&&f.strategy!==W.SMS),c=a.map(f=>{const h=f.display_name||f.name;return{name:f.name,strategy:f.strategy,display_name:t.federatedConnectionButtonText({connectionName:h}),icon_url:_y(f)}}),l=o[0];l&&c.push({name:l.name,strategy:l.strategy,display_name:t.enterACodeBtn(),icon_url:_y(l),href:r});const u={id:"social-buttons",type:"SOCIAL",category:"FIELD",visible:!0,config:{providers:[...a.map(f=>f.name),...l?[l.name]:[]],provider_details:c},order:0};if(n.some(f=>f.strategy===W.USERNAME_PASSWORD)){const f={id:"divider",type:"DIVIDER",category:"BLOCK",visible:!0,order:1,config:{text:t.separatorText()}};return[u,f]}return[u]}async function In(e){const{client:t,branding:n,state:i,prefill:r,errors:o,messages:a,customText:c,routePrefix:l}=e,d=e.language||"en",{m:u}=Se("login","login",d,c),p=cte(e,u),f=p.length,h=e.connections.find(B=>B.strategy===W.USERNAME_PASSWORD),g=!!h,m=bs(h),_=m.usernameIdentifierActive,y=m.emailIdentifierActive,w=_&&y||_?u.usernamePlaceholder():u.emailPlaceholder(),b=[...p];if(g){const B=o?.username?[{text:o.username,type:"error"}]:void 0,V=o?.password?[{text:o.password,type:"error"}]:void 0;b.push({id:"username",type:_?"TEXT":"EMAIL",category:"FIELD",visible:!0,label:w,config:{placeholder:w},required:!0,order:f+1,messages:B},{id:"password",type:"PASSWORD",category:"FIELD",visible:!0,label:u.passwordPlaceholder(),config:{placeholder:u.passwordPlaceholder()},required:!0,sensitive:!0,order:f+2,messages:V});const Z=`${l}/reset-password/request?state=${encodeURIComponent(i)}`;b.push({id:"forgot-password-link",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:`<div class="forgot-password-link"><a href="${Z}">${u.forgotPasswordText()}</a></div>`},order:f+3}),b.push({id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:u.buttonText()},order:f+4})}const A=e.connections.some(B=>B.options?.authentication_methods?.passkey?.enabled),v=A?await e.ctx.env.data.loginSessions.get(t.tenant.id,i):null,k=A&&v?.user_id?await nP(e.ctx,t.tenant.id,v.user_id):[],x=!!v?.user_id;if(A){b.push({id:"credential-field",type:"TEXT",category:"FIELD",visible:!1,config:{},order:b.length+1},{id:"action-field",type:"TEXT",category:"FIELD",visible:!1,config:{},order:b.length+2});const B=b.find(V=>V.id==="username");B&&"config"in B&&(B.config.autocomplete="username webauthn")}const T=t.client_metadata?.disable_sign_ups==="true",I=e.ctx.var.loginSession?.authorization_url,F=I&&new URL(I).searchParams.get("screen_hint")==="login";if(g&&!T&&!F){const B=`${l}/signup?state=${encodeURIComponent(i)}`;b.push({id:"signup-link",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:`<div class="signup-link">${u.footerText()} <a href="${B}">${u.footerLinkText()}</a></div>`},order:b.length+1})}const $=[];if(A){const V=e.connections.find(te=>te.options?.authentication_methods?.passkey?.enabled)?.options?.passkey_options?.challenge_ui,Z=x?k.length>0:!0;V!=="autofill"&&Z&&$.push({id:"passkey-link",text:"",linkText:u.passkeyButtonText(),href:`${l}/passkey/challenge?state=${encodeURIComponent(i)}`})}const P={name:"login",action:`${l}/login?state=${encodeURIComponent(i)}`,method:"POST",title:u.title(),description:u.description({clientName:t.name||"the application"}),components:b,messages:a,...$.length>0?{links:$}:{}};if(r?.username){const B=P.components.find(V=>V.id==="username");B&&"config"in B&&(B.config.default_value=r.username)}let N,D;if(A){const B=wr(e.ctx),V=x?k.map(Q=>({id:Q.credential_id,transports:Q.transports||[],type:"public-key"})):void 0,Z=await f1({rpID:B,userVerification:"preferred",timeout:6e4,...V?{allowCredentials:V}:{}});if(v){const Q=v.state_data?JSON.parse(v.state_data):{};await e.ctx.env.data.loginSessions.update(e.client.tenant.id,i,{state_data:JSON.stringify({...Q,webauthn_challenge:Z.challenge})})}const te=JSON.stringify(Z);N=sP(te),D=oP(te)}return{screen:P,branding:n,extraScript:N,ceremony:D}}const lte={id:"login",name:"Login",description:"Combined login screen with email, password, and social login",handler:{get:In,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e;if(t["action-field"]==="passkey-authenticate"){const w=t["credential-field"],b=await g1(e,w);if(b.success){const A=await nt(n,{authParams:b.loginSession.authParams,user:b.primaryUser,client:i,loginSession:{...b.loginSession,user_id:b.primaryUser.user_id},authConnection:b.authConnection,authStrategy:{strategy:"passkey",strategy_type:Ht.DATABASE}}),v=A.headers.get("location"),k=A.headers.getSetCookie?.()||[];return v?{redirect:v,cookies:k}:{response:A}}return{error:b.error,screen:await In({...e,messages:[{text:b.error,type:"error"}]})}}const a=t.username?.toLowerCase()?.trim(),c=t.password?.trim(),l=e.language||"en",{m:d}=Se("login","login",l,e.customText),u=i.connections.find(w=>w.strategy===W.USERNAME_PASSWORD),p=bs(u),f=p.usernameIdentifierActive;if(!a){const w=d["no-email"]();return{error:w,screen:await In({...e,errors:{username:w}})}}if(!c){const w=d["no-password"]();return{error:w,screen:await In({...e,prefill:{username:a},errors:{password:w}})}}const h=n.get("countryCode"),{normalized:g,connectionType:m}=fo(a,h);if(!g){const w=d.invalidIdentifier();return{error:w,screen:await In({...e,prefill:{username:a},errors:{username:w}})}}if(m==="username"&&f){const w=p.usernameMinLength,b=p.usernameMaxLength;if(g.length<w){const A=d.usernameTooShort({min:String(w)});return{error:A,screen:await In({...e,prefill:{username:a},errors:{username:A}})}}if(g.length>b){const A=d.usernameTooLong({max:String(b)});return{error:A,screen:await In({...e,prefill:{username:a},errors:{username:A}})}}}if(m==="username"&&!f){const w=d.invalidEmail();return{error:w,screen:await In({...e,prefill:{username:a},errors:{username:w}})}}const _=m==="email"?await co({userAdapter:n.env.data.users,tenant_id:i.tenant.id,email:g}):m==="username"?await ur({env:n.env,tenant_id:i.tenant.id,username:g}):await dr({userAdapter:n.env.data.users,tenant_id:i.tenant.id,username:g,provider:"sms"});if(!u){const w=d.passwordLoginNotAvailable();return{error:w,screen:await In({...e,prefill:{username:a},errors:{username:w}})}}if(!_&&!(await tu(n,i,n.env.data,g,m)).allowed){const b=d.userAccountDoesNotExist();return{error:b,screen:await In({...e,prefill:{username:a},errors:{username:b}})}}const y=await n.env.data.loginSessions.get(i.tenant.id,r);if(!y){const w=d.sessionExpired();return{error:w,screen:await In({...e,prefill:{username:a},errors:{username:w}})}}y.authParams.username=g,await n.env.data.loginSessions.update(i.tenant.id,y.id,y);try{const w=await du(n,i,{...y.authParams,password:c},y),b=w.headers.get("location"),A=w.headers.getSetCookie?.()||[];return b?{redirect:b,cookies:A}:{response:w}}catch(w){const b=w;let A=b.message||d["wrong-credentials"]();return b.code==="INVALID_PASSWORD"||b.code==="USER_NOT_FOUND"?A=d["wrong-credentials"]():b.code==="EMAIL_NOT_VERIFIED"?A=d.unverifiedEmail():b.code==="TOO_MANY_FAILED_LOGINS"&&(A=d.tooManyFailedLogins()),{error:A,screen:await In({...e,prefill:{username:a},errors:{password:A}})}}}}};async function Ei(e){const{branding:t,state:n,prefill:i,errors:r,customText:o,routePrefix:a}=e,c=e.language||"en",{m:l}=Se("signup","signup",c,o),d=e.connections.some(h=>h.strategy===W.USERNAME_PASSWORD),u=[];if(d){let h=1;u.push({id:"email",type:"EMAIL",category:"FIELD",visible:!0,label:l.emailPlaceholder(),config:{placeholder:l.emailPlaceholder()},required:!0,order:h++,messages:r?.email?[{text:r.email,type:"error"}]:void 0},{id:"password",type:"PASSWORD",category:"FIELD",visible:!0,label:l.passwordPlaceholder(),config:{placeholder:l.passwordPlaceholder(),show_toggle:!0},required:!0,sensitive:!0,order:h++,messages:r?.password?[{text:r.password,type:"error"}]:void 0},{id:"re_password",type:"PASSWORD",category:"FIELD",visible:!0,label:l.confirmPasswordPlaceholder(),config:{placeholder:l.confirmPasswordPlaceholder(),show_toggle:!0},required:!0,sensitive:!0,order:h++,messages:r?.re_password?[{text:r.re_password,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:l.buttonText()},order:h++})}if(i?.email){const h=u.find(g=>g.id==="email");h&&"config"in h&&(h.config.default_value=i.email)}const p=await qi(e);return{screen:{name:"signup",action:`${a}/signup?state=${encodeURIComponent(n)}`,method:"POST",title:l.title(),description:l.description(),components:u,links:[{id:"login",text:l.loginActionText(),linkText:l.loginActionLinkText(),href:`${p}?state=${encodeURIComponent(n)}`}]},branding:t}}const dte={id:"signup",name:"Sign Up",description:"New user registration screen",handler:{get:Ei,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=t.email?.toLowerCase()?.trim(),a=t.password?.trim(),c=t.re_password?.trim(),l=e.language||"en",{m:d}=Se("signup","signup",l,e.customText),{m:u}=Se("signup-password","signup-password",l,e.customText);if(!o)return{error:"Email is required",screen:await Ei({...e,errors:{email:d["invalid-email-format"]()}})};if(!a)return{error:"Password is required",screen:await Ei({...e,prefill:{email:o},errors:{password:d["no-password"]()}})};if(!c)return{error:"Please confirm your password",screen:await Ei({...e,prefill:{email:o},errors:{re_password:d.confirmPasswordPlaceholder()}})};if(a!==c)return{error:"Passwords don't match",screen:await Ei({...e,prefill:{email:o},errors:{re_password:d.passwordsDidntMatch()}})};const f=i.connections.find(k=>k.strategy===W.USERNAME_PASSWORD)?.name||W.USERNAME_PASSWORD,h=await zd(n.env.data,i.tenant.id,f);try{await Id(h,{tenantId:i.tenant.id,userId:"",newPassword:a,data:n.env.data})}catch(k){const x=k instanceof Error?k.message:u["password-too-weak"]();return{error:x,screen:await Ei({...e,prefill:{email:o},errors:{password:x}})}}if(await lo({env:n.env,tenant_id:i.tenant.id,username:o}))return{error:"User already exists",screen:await Ei({...e,prefill:{email:o},errors:{email:d["email-already-exists"]()}})};const m=await n.env.data.loginSessions.get(i.tenant.id,r);if(!m)return{error:"Session expired",screen:await Ei({...e,prefill:{email:o},errors:{email:d.sessionExpired()}})};m.authParams.username=o,await n.env.data.loginSessions.update(i.tenant.id,m.id,m);const _=await uc(n.env,i.tenant.id),y=`${_}|${ao()}`,{hash:w,algorithm:b}=await Pa(a);let A;try{A=await n.env.data.users.create(i.tenant.id,{user_id:y,email:o,email_verified:!1,provider:_,connection:f,is_social:!1,password:{hash:w,algorithm:b}})}catch(k){return console.log("Err: "+k.message),{error:"Failed to create user",screen:await Ei({...e,prefill:{email:o},errors:{email:"Failed to create user"}})}}const v=m.authParams?.ui_locales?.split(" ")?.map(k=>k.split("-")[0])[0];try{await Tg(n,A,v)}catch(k){console.error("Failed to send verification email:",k)}try{const k=await du(n,i,{...m.authParams,password:a},m),x=k.headers.get("location"),T=k.headers.getSetCookie?.()||[];return x?{redirect:x,cookies:T}:{response:k}}catch{return{screen:await Ei({...e,messages:[{text:d.verifyEmailText(),type:"success"}]})}}}}};async function aP(e){const{ctx:t,client:n,code:i,password:r,username:o}=e,{env:a}=t,c=await lo({env:a,tenant_id:n.tenant.id,username:o});if(!c)return{error:"User not found",field:"password"};const d=n.connections.find(h=>h.strategy===W.USERNAME_PASSWORD)?.name||c.connection,u=await zd(a.data,n.tenant.id,d);try{await Id(u,{tenantId:n.tenant.id,userId:c.user_id,newPassword:r,userData:c,data:a.data})}catch(h){return{error:h instanceof Error?h.message:"Password too weak",field:"password"}}const p=await a.data.codes.get(n.tenant.id,i,"password_reset");if(!p)return{error:"code_expired",field:"code"};if(!await a.data.codes.consume(n.tenant.id,p.code_id))return{error:"code_expired",field:"code"};try{const h=await a.data.passwords.get(n.tenant.id,c.user_id);return h&&await a.data.passwords.update(n.tenant.id,{id:h.id,user_id:c.user_id,password:h.password,algorithm:h.algorithm,is_current:!1}),await a.data.passwords.create(n.tenant.id,{user_id:c.user_id,password:await lc.hash(r,10),algorithm:"bcrypt",is_current:!0}),c.email_verified||await a.data.users.update(n.tenant.id,c.user_id,{email_verified:!0}),await R(t,n.tenant.id,{type:O.SUCCESS_CHANGE_PASSWORD,description:`Password changed for ${c.email}`,userId:c.user_id}),{success:!0}}catch(h){const g=h instanceof Error?h.message:JSON.stringify(h);return await R(t,n.tenant.id,{type:O.FAILED_CHANGE_PASSWORD,description:`Password reset failed for ${c.email}: ${g}`,userId:c.user_id}),{error:h instanceof Error?h.message:"Password reset failed",field:"password"}}}async function Us(e){const{branding:t,state:n,errors:i,messages:r,customText:o,routePrefix:a}=e,c=e.language||"en",{m:l}=Se("reset-password","reset-password",c,o),d=[{id:"password",type:"PASSWORD",category:"FIELD",visible:!0,label:l.passwordLabel(),config:{placeholder:l.passwordPlaceholder(),show_toggle:!0},required:!0,sensitive:!0,order:0,messages:i?.password?[{text:i.password,type:"error"}]:void 0},{id:"confirm_password",type:"PASSWORD",category:"FIELD",visible:!0,label:l.confirmPasswordLabel(),config:{placeholder:l.confirmPasswordPlaceholder()},required:!0,sensitive:!0,order:1,messages:i?.confirm_password?[{text:i.confirm_password,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:l.buttonText()},order:2}];return{screen:{name:"reset-password",action:`${a}/reset-password?state=${encodeURIComponent(n)}`,method:"POST",title:l.title(),description:l.description(),components:d,messages:r?.map(p=>({text:p.text,type:p.type}))},branding:t}}const ute={id:"reset-password",name:"Reset Password",description:"Set new password screen",handler:{get:Us,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,{env:o}=n,a=t.password?.trim(),c=t.confirm_password?.trim(),l=e.language||"en",{m:d}=Se("reset-password","reset-password",l,e.customText);if(!a)return{error:"Password is required",screen:await Us({...e,errors:{password:"Password is required"}})};if(a!==c){const g=d.passwordsDidntMatch();return{error:g,screen:await Us({...e,errors:{confirm_password:g}})}}const u=await o.data.loginSessions.get(i.tenant.id,r);if(!u||!u.authParams?.username)return{error:"Session expired",screen:await Us({...e,errors:{password:"Session expired. Please start over."}})};const p=e.data?.code;if(!p)return{error:"Reset code not found",screen:await Us({...e,errors:{password:"Reset code not found"}})};const f=await aP({ctx:n,client:i,code:p,password:a,username:u.authParams.username});if("success"in f)return{redirect:`/u2/identifier?state=${encodeURIComponent(r)}&message=password_reset_success`};const h=f.error==="code_expired"?d.codeExpired():f.error;return{error:h,screen:await Us({...e,errors:{[f.field]:h}})}}}};async function Ci(e){const{branding:t,state:n,errors:i,messages:r,data:o,customText:a,routePrefix:c="/u2"}=e,l=e.language||"en",{m:d}=Se("reset-password","reset-password-code",l,a),{m:u}=Se("login","login",l,a),p=o?.email,f=p?p.replace(/(.{2})(.*)(@.*)/,"$1***$3"):"",g=[{id:"info",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:f?d.description({email:`<strong>${Te(f)}</strong>`}):d.defaultDescription()},order:0},{id:"code",type:"TEXT",category:"FIELD",visible:!0,label:d.codeLabel(),config:{placeholder:d.codePlaceholder(),max_length:6},required:!0,order:1,messages:i?.code?[{text:i.code,type:"error"}]:void 0},{id:"password",type:"PASSWORD",category:"FIELD",visible:!0,label:d.passwordLabel(),config:{placeholder:d.passwordPlaceholder(),show_toggle:!0},required:!0,sensitive:!0,order:2,messages:i?.password?[{text:i.password,type:"error"}]:void 0},{id:"confirm_password",type:"PASSWORD",category:"FIELD",visible:!0,label:d.confirmPasswordLabel(),config:{placeholder:d.confirmPasswordPlaceholder()},required:!0,sensitive:!0,order:3,messages:i?.confirm_password?[{text:i.confirm_password,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:d.buttonText()},order:4},{id:"resend",type:"RESEND_BUTTON",category:"BLOCK",visible:!0,config:{text:d.resendText()},order:5}];return{screen:{name:"reset-password-code",action:`${c}/reset-password/code?state=${encodeURIComponent(n)}`,method:"POST",title:d.title(),components:g,messages:r?.map(_=>({text:_.text,type:_.type})),links:[{id:"back",text:d.backToLoginText(),linkText:u.buttonText(),href:`${await qi(e)}?state=${encodeURIComponent(n)}`}]},branding:t}}const pte={id:"reset-password-code",name:"Reset Password Code",description:"Enter reset code and new password screen",handler:{get:Ci,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=e.language||"en",{m:a}=Se("reset-password","reset-password-code",o,e.customText);if(t.action==="resend"){const h=await n.env.data.loginSessions.get(i.tenant.id,r);if(!h?.authParams?.username){const g=a.sessionExpired();return{error:g,screen:await Ci({...e,errors:{code:g}})}}try{await Kv(n,i,h.authParams.username,r,"code")}catch(g){return console.error("Failed to resend password reset code:",g),{error:a.resendFailed(),screen:await Ci({...e,messages:[{text:a.resendFailed(),type:"error"}]})}}return{screen:await Ci({...e,messages:[{text:a.resendSuccess(),type:"success"}]})}}const c=t.code?.trim(),l=t.password?.trim(),d=t.confirm_password?.trim();if(!c){const h=a.noCode();return{error:h,screen:await Ci({...e,errors:{code:h}})}}if(!l)return{error:"Password is required",screen:await Ci({...e,errors:{password:"Password is required"}})};if(l!==d){const h=a.passwordsDidntMatch();return{error:h,screen:await Ci({...e,errors:{confirm_password:h}})}}const u=await n.env.data.loginSessions.get(i.tenant.id,r);if(!u?.authParams?.username){const h=a.sessionExpired();return{error:h,screen:await Ci({...e,errors:{code:h}})}}const p=await aP({ctx:n,client:i,code:c,password:l,username:u.authParams.username});if("success"in p)return{redirect:`/u2/identifier?state=${encodeURIComponent(r)}&message=password_reset_success`};const f=p.error==="code_expired"?a.invalidCode():p.error;return{error:f,screen:await Ci({...e,errors:{[p.field]:f}})}}}};async function XE(e){const{branding:t,state:n,prefill:i,errors:r,messages:o,customText:a,routePrefix:c="/u2"}=e,l=e.language||"en",{m:d}=Se("reset-password","reset-password",l,a),{m:u}=Se("login","login",l,a),p=[{id:"info",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:d.description()},order:0},{id:"email",type:"EMAIL",category:"FIELD",visible:!0,label:d.emailPlaceholder(),config:{placeholder:d.emailPlaceholder()},required:!0,order:1,messages:r?.email?[{text:r.email,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:d.buttonText()},order:2}];if(i?.email){const h=p.find(g=>g.id==="email");h&&"config"in h&&(h.config.default_value=i.email)}return{screen:{name:"forgot-password",action:`${c}/reset-password/request?state=${encodeURIComponent(n)}`,method:"POST",title:d.title(),components:p,messages:o?.map(h=>({text:h.text,type:h.type})),links:[{id:"back",text:d.backToLoginText(),linkText:u.buttonText(),href:`${await qi(e)}?state=${encodeURIComponent(n)}`}]},branding:t}}async function fte(e){const{branding:t,state:n,customText:i}=e,r=e.language||"en",{m:o}=Se("reset-password","reset-password",r,i),{m:a}=Se("login","login",r,i),c=[{id:"info",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:o.successDescription()},order:0}];return{screen:{name:"forgot-password",action:"",method:"GET",title:o.successTitle(),components:c,links:[{id:"back",text:o.backToLoginText(),linkText:a.buttonText(),href:`${await qi(e)}?state=${encodeURIComponent(n)}`}]},branding:t}}const hte={id:"forgot-password",name:"Forgot Password",description:"Password reset request screen",handler:{get:XE,post:async(e,t)=>{const{ctx:n,client:i,state:r,customText:o}=e,a=e.language||"en",{m:c}=Se("reset-password","reset-password",a,o),l=t.email?.trim();if(!l){const f=c["no-email"]();return{error:f,screen:await XE({...e,errors:{email:f}})}}const d=await n.env.data.loginSessions.get(i.tenant.id,r);d&&await n.env.data.loginSessions.update(i.tenant.id,r,{authParams:{...d.authParams,username:l}});const p=e.client.connections.find(f=>f.strategy===W.USERNAME_PASSWORD)?.options?.attributes?.email?.verification_method;return await Kv(n,i,l,r,p),p==="code"?{screen:await Ci({...e,data:{...e.data,email:l}})}:{screen:await fte(e)}}}};async function cP(e){const{ctx:t,tenant:n,client:i,branding:r,state:o,errors:a,routePrefix:c="/u2"}=e,l=await t.env.data.loginSessions.get(n.id,o);if(!l)throw new z(400,{message:"Login session not found"});if(!l.session_id)throw new z(400,{message:"No session linked to login session"});const d=await t.env.data.sessions.get(n.id,l.session_id);if(!d)throw new z(400,{message:"Session not found"});const u=await t.env.data.users.get(n.id,d.user_id);if(!u)throw new z(400,{message:"User not found"});if(!(await t.env.data.userPermissions.list(n.id,u.user_id)).some(m=>m.permission_name==="users:impersonate"))return{screen:{name:"impersonate",action:`${c}/impersonate?state=${encodeURIComponent(o)}`,method:"POST",title:"Access Denied",description:"You do not have permission to impersonate other users.",components:[],messages:[{id:1,text:"You do not have permission to impersonate other users.",type:"error"}]},branding:r};const h=[{id:"info",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:"<p>You have permission to impersonate other users.</p><p>Leave the field empty and click Continue to proceed as yourself, or enter a user ID to impersonate.</p>"},order:0},{id:"current-user",type:"RICH_TEXT",category:"BLOCK",visible:!0,config:{content:`<div class="current-user-info"><strong>Current user:</strong> ${Te(u.email||u.user_id)}</div>`},order:1},{id:"divider",type:"DIVIDER",category:"BLOCK",visible:!0,order:2},{id:"user_id",type:"TEXT",category:"FIELD",visible:!0,label:"User ID to impersonate (optional)",config:{placeholder:"Enter user ID or leave empty to continue as yourself"},required:!1,order:3,messages:a?.user_id?[{text:a.user_id,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:"Continue"},order:4}];return{screen:{name:"impersonate",action:`${c}/impersonate?state=${encodeURIComponent(o)}`,method:"POST",title:"Impersonation",description:i.name?`Impersonation for ${Te(i.name)}`:"User impersonation",components:h},branding:r}}async function gte(e,t){const{ctx:n,tenant:i,client:r,state:o}=e,a=await n.env.data.loginSessions.get(i.id,o);if(!a)throw new z(400,{message:"Login session not found"});if(!a.session_id)throw new z(400,{message:"No session linked to login session"});const c=await n.env.data.sessions.get(i.id,a.session_id);if(!c)throw new z(400,{message:"Current session not found"});const l=await n.env.data.users.get(i.id,c.user_id);if(!l)throw new z(400,{message:"Current user not found"});if(!(await n.env.data.userPermissions.list(i.id,l.user_id)).some(_=>_.permission_name==="users:impersonate"))throw new z(403,{message:"Access denied: insufficient permissions"});const p=t.user_id?.trim();if(!p){const _=await nt(n,{client:r,authParams:a.authParams,loginSession:a,user:l,existingSessionIdToLink:c.id,skipHooks:!0}),y=_.headers.get("Location"),w=_.headers.getSetCookie?.()||[];if(y)return{redirect:y,cookies:w};throw new z(500,{message:"Failed to generate redirect"})}const f=await n.env.data.users.get(i.id,p);if(!f)return R(n,i.id,{type:O.FAILED_IMPERSONATION,description:`User ${l.email} failed to impersonate non-existent user: ${p}`,userId:l.user_id}),{error:"User not found",screen:await cP({...e,errors:{user_id:"User not found"}})};const h=await nt(n,{client:r,authParams:a.authParams,loginSession:a,user:f,existingSessionIdToLink:c.id,impersonatingUser:l,skipHooks:!0}),g=h.headers.get("Location"),m=h.headers.getSetCookie?.()||[];if(!g)throw new z(500,{message:"Failed to generate redirect"});return R(n,i.id,{type:O.SUCCESS_IMPERSONATION,description:`User ${l.email} impersonating ${f.email||f.user_id}`,userId:f.user_id}),{redirect:g,cookies:m}}const mte={id:"impersonate",name:"Impersonate",description:"Allows users with permission to impersonate other users",handler:{get:cP,post:gte}};async function zr(e){const{branding:t,state:n,prefill:i,errors:r,messages:o,customText:a,routePrefix:c}=e,l=e.language||"en",{m:d}=Se("login-passwordless","login-passwordless",l,a),{m:u}=Se("common","common",l,a),p=e.connections.some(w=>w.strategy===W.EMAIL),f=e.connections.some(w=>w.strategy===W.SMS),h=p&&f?d.authMethodEmailOrPhone():f?d.authMethodPhone():d.authMethodEmail(),g=[];let m=0;if(f&&!p){const w=r?.username?[{text:r.username,type:"error"}]:void 0;g.push({id:"username",type:"TEL",category:"FIELD",visible:!0,label:d.phonePlaceholder(),config:{placeholder:d.phonePlaceholder(),default_country:e.ctx.get("countryCode")||"US"},required:!0,order:m++,messages:w})}else if(p&&!f){const w=r?.username?[{text:r.username,type:"error"}]:void 0;g.push({id:"username",type:"EMAIL",category:"FIELD",visible:!0,label:d.emailPlaceholder(),config:{placeholder:d.emailPlaceholder()},required:!0,order:m++,messages:w})}else{const w=r?.username?[{text:r.username,type:"error"}]:void 0;g.push({id:"username",type:"TEL",category:"FIELD",visible:!0,label:d.emailOrPhonePlaceholder(),config:{placeholder:d.emailOrPhonePlaceholder(),default_country:e.ctx.get("countryCode")||"US",allow_email:!0},required:!0,order:m++,messages:w})}g.push({id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:u.continueText()},order:m++});const _=`${c}/login?state=${encodeURIComponent(n)}`,y={name:"login-passwordless-identifier",action:`${c}/login/login-passwordless-identifier?state=${encodeURIComponent(n)}`,method:"POST",title:d.title(),description:d.description({authMethod:h}),components:g,messages:o,links:[{id:"back",text:"",linkText:u.backText(),href:_}]};if(i?.username){const w=y.components.find(b=>b.id==="username");w&&"config"in w&&(w.config.default_value=i.username)}return{screen:y,branding:t}}const yte={id:"login-passwordless-identifier",name:"Login Passwordless Identifier",description:"Collects email or phone for passwordless code-based login",handler:{get:zr,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=t.username?.toLowerCase()?.trim(),a=e.language||"en",{m:c}=Se("login-passwordless","login-passwordless",a,e.customText);if(!o){const b=e.connections.some(A=>A.strategy===W.SMS)&&!e.connections.some(A=>A.strategy===W.EMAIL)?c.noPhone():c.noEmail();return{error:b,screen:await zr({...e,errors:{username:b}})}}const l=n.get("countryCode"),{normalized:d,connectionType:u}=fo(o,l);if(!d){const w=c.invalidIdentifier();return{error:w,screen:await zr({...e,prefill:{username:o},errors:{username:w}})}}if(u==="username"){const w=c.invalidIdentifier();return{error:w,screen:await zr({...e,prefill:{username:o},errors:{username:w}})}}const p=i.connections.find(w=>w.strategy===u);if(!p){const w=u==="sms"?c.invalidPhone():c.invalidEmail();return{error:w,screen:await zr({...e,prefill:{username:o},errors:{username:w}})}}if(!(u==="email"?await co({userAdapter:n.env.data.users,tenant_id:i.tenant.id,email:d}):await dr({userAdapter:n.env.data.users,tenant_id:i.tenant.id,username:d,provider:"sms"}))){const w=await tu(n,i,n.env.data,d,u);if(!w.allowed){const b=w.reason||c.userAccountDoesNotExist();return{error:b,screen:await zr({...e,prefill:{username:o},errors:{username:b}})}}}const h=await n.env.data.loginSessions.get(i.tenant.id,r);if(!h){const w=c.sessionExpired();return{error:w,screen:await zr({...e,prefill:{username:o},errors:{username:w}})}}h.authParams.username=d,await n.env.data.loginSessions.update(i.tenant.id,h.id,h);let g=xn(),m=await n.env.data.codes.get(i.tenant.id,g,"otp");for(;m;)g=xn(),m=await n.env.data.codes.get(i.tenant.id,g,"otp");await n.env.data.codes.create(i.tenant.id,{code_id:g,code_type:"otp",login_id:h.id,expires_at:new Date(Date.now()+ka).toISOString(),redirect_uri:h.authParams.redirect_uri});const _=h.authParams?.ui_locales?.split(" ")?.map(w=>w.split("-")[0])[0];try{u==="email"&&p?.options?.authentication_method==="magic_link"?await lu(n,{to:d,code:g,authParams:h.authParams,language:_}):await cu(n,{to:d,code:g,language:_})}catch(w){const b=w instanceof Error?{name:w.name,message:w.message}:{name:"UnknownError"};console.error("Failed to send verification code:",b),await n.env.data.codes.remove(i.tenant.id,g);const A=c.invalidIdentifier();return{error:A,screen:await zr({...e,prefill:{username:o},errors:{username:A}})}}const y={...e,data:{email:d},errors:void 0};return u==="sms"?{screen:await Ro(y)}:p?.options?.authentication_method==="magic_link"?{screen:await I8(y)}:{screen:await jo(y)}}}};async function _te(e,t,n=6){if(n>8)throw new TypeError("Digits must be 8 or smaller");const i=bte(t),r=await new z$("SHA-1").sign(e,i),o=wte(new Uint8Array(r));return(sb(o)%10**n).toString().padStart(n,"0")}function wte(e){const t=sb(P$(e[e.byteLength-1]).slice(4));return Fj(e).slice(t*8+1,(t+4)*8)}function bte(e){const t=new Uint8Array(8),n=e.toString(2).padStart(64,"0");for(let i=0;i<8;i++)t[i]=sb(n.slice(i*8,(i+1)*8));return t}class vte{digits;period;constructor(t){this.digits=t?.digits??6,this.period=t?.period??new Pd(30,"s")}async generate(t){const n=Math.floor(Date.now()/this.period.milliseconds());return await _te(t,n,this.digits)}async verify(t,n){const i=await this.generate(n);return t===i}}function Ate(e,t,n,i){const[r,o]=kte("totp",e,t,n);return r+"?"+o.toString()}function kte(e,t,n,i,r){const o=encodeURIComponent(t),a=encodeURIComponent(n),c=`otpauth://${e}/${o}:${a}`,l=new URLSearchParams({secret:_h.encode(new Uint8Array(i),{includePadding:!1}),issuer:t});return[c,l]}const Ste=600*1e3;async function Ete(e,t,n){const i=await e.env.data.tenants.get(t);if(!i)return{required:!1};const r=i.mfa?.policy;if(!r||r==="never")return{required:!1};if(!(i.mfa?.factors?.sms===!0||i.mfa?.factors?.otp===!0||i.mfa?.factors?.webauthn_roaming===!0||i.mfa?.factors?.webauthn_platform===!0))throw new z(500,{message:"MFA policy requires MFA but no supported factors are enabled. Enable at least one factor (e.g. SMS, OTP, or WebAuthn) in the tenant MFA configuration."});const a=i.mfa?.factors,c=a?.webauthn_roaming===!0||a?.webauthn_platform===!0,l=["passkey","webauthn-roaming","webauthn-platform"],u=(await e.env.data.authenticationMethods.list(t,n)).filter(p=>p.confirmed&&(p.type==="phone"&&a?.sms===!0||p.type==="totp"&&a?.otp===!0||l.includes(p.type)&&c));return u.length>0?{required:!0,enrolled:!0,enrollment:u[0],allEnrollments:u}:{required:!0,enrolled:!1}}async function Dg(e,t,n,i){const r=t.tenant,o=xn(),a=`mfa:${n.id}`;await e.env.data.codes.remove(r.id,a),await e.env.data.codes.create(r.id,{code_id:a,code_type:"mfa_otp",login_id:n.id,otp:o,expires_at:new Date(Date.now()+Ste).toISOString()});const c=t.connections.find(u=>u.strategy===W.SMS),l=e.env.data.smsService;if(!l)throw new z(500,{message:"SMS service not configured"});const d=c?.options||r.mfa?.twilio||{};try{await l.send({options:d,to:i,from:r.friendly_name,text:`Your verification code is: ${o}`,template:"mfa-code",data:{code:o,tenantName:r.friendly_name||"",tenantId:r.id}}),R(e,r.id,{type:O.MFA_SMS_SENT,description:"MFA SMS sent"})}catch(u){throw R(e,r.id,{type:O.ERROR_SENDING_MFA_SMS,description:`Failed to send MFA SMS: ${u instanceof Error?u.message:String(u)}`}),u}}async function m1(e,t,n,i){const r=`mfa:${n}`,o=await e.env.data.codes.get(t,r,"mfa_otp");return!o||new Date(o.expires_at)<new Date||o.otp!==i?!1:await e.env.data.codes.consume(t,r)}const xte=20,Cte=new vte;function y1(){const e=new Uint8Array(xte);return crypto.getRandomValues(e),_h.encode(e,{includePadding:!1})}function Ca(e,t,n){const i=_h.decode(n,{strict:!1});return Ate(e,t,i)}async function Bg(e,t){const n=_h.decode(e,{strict:!1});return Cte.verify(t,n)}const lP=Object.freeze(Object.defineProperty({__proto__:null,checkMfaRequired:Ete,createTotpUri:Ca,generateTotpSecret:y1,sendMfaOtp:Dg,verifyMfaOtp:m1,verifyTotpCode:Bg},Symbol.toStringTag,{value:"Module"}));function dP(e){return e&&SK(e)?e:"US"}async function Uc(e){const{branding:t,state:n,errors:i,customText:r,routePrefix:o}=e,a=e.language||"en",{m:c}=Se("mfa-phone","mfa-phone-enrollment",a,r),l=[{id:"phone_number",type:"TEL",category:"FIELD",visible:!0,label:c.placeholder(),config:{placeholder:c.placeholder(),default_country:dP(e.ctx.get("countryCode"))},required:!0,order:0,messages:i?.phone_number?[{text:i.phone_number,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:c.continueButtonText()},order:1}],d=[],u=e.client.tenant;return u.mfa?.factors?.otp===!0&&u.mfa?.factors?.sms===!0&&d.push({id:"back",text:"",linkText:"Try another method",href:`${o}/mfa/login-options?state=${encodeURIComponent(n)}`}),{screen:{name:"mfa-phone-enrollment",action:`${o}/mfa/phone-enrollment?state=${encodeURIComponent(n)}`,method:"POST",title:c.title(),description:c.description(),components:l,...d.length>0&&{links:d}},branding:t}}const Tte={id:"mfa-phone-enrollment",name:"MFA Phone Enrollment",description:"Phone number enrollment screen for SMS MFA",handler:{get:async e=>{const{ctx:t,client:n,state:i}=e,r=await t.env.data.loginSessions.get(n.tenant.id,i);if(r?.user_id&&(await t.env.data.authenticationMethods.list(n.tenant.id,r.user_id)).some(a=>a.confirmed))throw new z(403,{message:"Cannot enroll new MFA factor while existing factors are active"});return Uc(e)},post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=t.phone_number?.trim(),a=e.language||"en",{m:c}=Se("mfa-phone","mfa-phone-enrollment",a,e.customText),l=await n.env.data.loginSessions.get(i.tenant.id,r);if(!l||!l.user_id){const h=c["transaction-not-found"]();return{error:h,screen:await Uc({...e,errors:{phone_number:h}})}}if((await n.env.data.authenticationMethods.list(i.tenant.id,l.user_id)).some(h=>h.confirmed))throw new z(403,{message:"Cannot enroll new MFA factor while existing factors are active"});if(!o){const h=c["no-phone"]();return{error:h,screen:await Uc({...e,errors:{phone_number:h}})}}const u=dP(n.get("countryCode")),p=Pv(o,{defaultCountry:u});if(!p||!p.isValid()){const h=c["invalid-phone"]();return{error:h,screen:await Uc({...e,errors:{phone_number:h}})}}const f=p.number;try{R(n,i.tenant.id,{type:O.MFA_ENROLL_STARTED,description:"MFA phone enrollment started",userId:l.user_id});const h=await n.env.data.authenticationMethods.create(i.tenant.id,{user_id:l.user_id,type:"phone",phone_number:f,confirmed:!1}),g=l.state_data?JSON.parse(l.state_data):{};await n.env.data.loginSessions.update(i.tenant.id,r,{state_data:JSON.stringify({...g,authenticationMethodId:h.id})});try{await Dg(n,i,l,f)}catch(_){throw await n.env.data.authenticationMethods.remove(i.tenant.id,h.id),await n.env.data.loginSessions.update(i.tenant.id,r,{state_data:JSON.stringify(g)}),_}return{redirect:`${e.routePrefix||"/u2"}/mfa/phone-challenge?state=${encodeURIComponent(r)}`}}catch(h){console.error("[mfa-phone-enrollment] Error during phone enrollment:",h),R(n,i.tenant.id,{type:O.MFA_ENROLLMENT_FAILED,description:`MFA phone enrollment failed: ${h instanceof Error?h.message:String(h)}`,userId:l.user_id});const g=c["sms-authenticator-error"]();return{error:g,screen:await Uc({...e,errors:{phone_number:g}})}}}}};async function Zi(e){const{branding:t,state:n,errors:i,messages:r,data:o,customText:a,routePrefix:c}=e,l=e.language||"en",{m:d}=Se("mfa-phone","mfa-phone-challenge",l,a),u=o?.phone;let p="";if(u)if(u.replace(/\D/g,"").length>6){const _=u.slice(0,4),y=u.slice(-2);p=_+"*".repeat(u.length-6)+y}else p=u;const f=p?d.description({phoneNumber:`<strong>${Te(p)}</strong>`}):d.description({phoneNumber:""}),h=[{id:"code",type:"TEXT",category:"FIELD",visible:!0,label:d.codePlaceholder(),config:{placeholder:d.codePlaceholder(),max_length:6},required:!0,order:0,messages:i?.code?[{text:i.code,type:"error"}]:void 0},{id:"submit",type:"NEXT_BUTTON",category:"BLOCK",visible:!0,config:{text:d.continueButtonText()},order:1},{id:"resend",type:"RESEND_BUTTON",category:"BLOCK",visible:!0,config:{text:d.smsButtonText()},order:2}];return{screen:{name:"mfa-phone-challenge",action:`${c}/mfa/phone-challenge?state=${encodeURIComponent(n)}`,method:"POST",title:d.title(),description:f,components:h,messages:r?.map(m=>({text:m.text,type:m.type}))},branding:t}}async function Hu(e,t,n){const i=n.state_data?JSON.parse(n.state_data):{};if(i.authenticationMethodId){const r=await e.env.data.authenticationMethods.get(t,i.authenticationMethodId);if(r?.phone_number)return r.phone_number}if(n.user_id){const o=(await e.env.data.authenticationMethods.list(t,n.user_id)).find(a=>a.type==="phone");if(o?.phone_number)return o.phone_number}}const $te={id:"mfa-phone-challenge",name:"MFA Phone Challenge",description:"Phone code verification screen for MFA",handler:{get:Zi,post:async(e,t)=>{const{ctx:n,client:i,state:r}=e,o=t.code?.trim(),a=e.language||"en",{m:c}=Se("mfa-phone","mfa-phone-challenge",a,e.customText);if(t.action==="resend"){const u=await n.env.data.loginSessions.get(i.tenant.id,r);if(!u||u.state!==be.AWAITING_MFA){const h=c["transaction-not-found"]();return{error:h,screen:await Zi({...e,errors:{code:h}})}}const p=await Hu(n,i.tenant.id,u);if(!p)return{screen:await Zi({...e,data:{...e.data,phone:p}})};const f=[];try{await Dg(n,i,u,p),f.push({text:c.resendSuccess(),type:"success"})}catch{f.push({text:c["send-sms-failed"](),type:"error"})}return{screen:await Zi({...e,data:{...e.data,phone:p},messages:f})}}if(!o){const u=c.noCode();return{error:u,screen:await Zi({...e,errors:{code:u}})}}const l=await n.env.data.loginSessions.get(i.tenant.id,r);if(!l||!l.user_id||l.state!==be.AWAITING_MFA){const u=c["transaction-not-found"]();return{error:u,screen:await Zi({...e,errors:{code:u}})}}R(n,i.tenant.id,{type:O.SECOND_FACTOR_STARTED,description:"MFA verification started",userId:l.user_id});let d;try{d=await m1(n,i.tenant.id,l.id,o)}catch(u){R(n,i.tenant.id,{type:O.MFA_AUTH_FAILED,description:`MFA verification error: ${u instanceof Error?u.message:"unknown error"}`,userId:l.user_id});const p=await Hu(n,i.tenant.id,l),f=c.unexpectedError();return{error:f,screen:await Zi({...e,data:{...e.data,phone:p},errors:{code:f}})}}if(!d){R(n,i.tenant.id,{type:O.MFA_AUTH_FAILED,description:"MFA verification failed - invalid code",userId:l.user_id});const u=await Hu(n,i.tenant.id,l),p=c.invalidCode();return{error:p,screen:await Zi({...e,data:{...e.data,phone:u},errors:{code:p}})}}try{const u=l.state_data?JSON.parse(l.state_data):{};if(u.authenticationMethodId){const y=await n.env.data.authenticationMethods.get(i.tenant.id,u.authenticationMethodId);y&&!y.confirmed&&(await n.env.data.authenticationMethods.update(i.tenant.id,y.id,{confirmed:!0}),R(n,i.tenant.id,{type:O.MFA_ENROLLMENT_COMPLETE,description:"MFA phone enrollment completed",userId:l.user_id}))}if(u.guardian_enrollment)return R(n,i.tenant.id,{type:O.MFA_AUTH_SUCCESS,description:"MFA phone verification succeeded (guardian enrollment)",userId:l.user_id}),{screen:{screen:{name:"mfa-phone-challenge",action:"",method:"GET",title:c.title(),description:c.enrollmentComplete(),components:[]},branding:e.branding}};const p=l.state||be.AWAITING_MFA,{state:f}=_i(p,{type:qn.COMPLETE_MFA});R(n,i.tenant.id,{type:O.MFA_AUTH_SUCCESS,description:"MFA verification succeeded",userId:l.user_id}),await n.env.data.loginSessions.update(i.tenant.id,r,{state:f,state_data:JSON.stringify({...u,mfa_verified:!0})});const h=await n.env.data.users.get(i.tenant.id,l.user_id);if(!h)throw new Error("User not found");const g=await nt(n,{authParams:l.authParams,user:h,client:i,loginSession:l,authConnection:l.auth_connection}),m=g.headers.get("location"),_=g.headers.getSetCookie?.()||[];return m?{redirect:m,cookies:_}:{response:g}}catch{const u=await Hu(n,i.tenant.id,l),p=c.unexpectedError();return{error:p,screen:await Zi({...e,data:{...e.data,phone:u},errors:{code:p}})}}}}};var qs={},P0,e4;function Ite(){return e4||(e4=1,P0=function(){return typeof Promise=="function"&&Promise.prototype&&Promise.prototype.then}),P0}var N0={},Pr={},t4;function Ps(){if(t4)return Pr;t4=1;let e;const t=[0,26,44,70,100,134,172,196,242,292,346,404,466,532,581,655,733,815,901,991,1085,1156,1258,1364,1474,1588,1706,1828,1921,2051,2185,2323,2465,2611,2761,2876,3034,3196,3362,3532,3706];return Pr.getSymbolSize=function(i){if(!i)throw new Error('"version" cannot be null or undefined');if(i<1||i>40)throw new Error('"version" should be in range from 1 to 40');return i*4+17},Pr.getSymbolTotalCodewords=function(i){return t[i]},Pr.getBCHDigit=function(n){let i=0;for(;n!==0;)i++,n>>>=1;return i},Pr.setToSJISFunction=function(i){if(typeof i!="function")throw new Error('"toSJISFunc" is not a valid function.');e=i},Pr.isKanjiModeEnabled=function(){return typeof e<"u"},Pr.toSJIS=function(i){return e(i)},Pr}var F0={},n4;function _1(){return n4||(n4=1,(function(e){e.L={bit:1},e.M={bit:0},e.Q={bit:3},e.H={bit:2};function t(n){if(typeof n!="string")throw new Error("Param is not a string");switch(n.toLowerCase()){case"l":case"low":return e.L;case"m":case"medium":return e.M;case"q":case"quartile":return e.Q;case"h":case"high":return e.H;default:throw new Error("Unknown EC Level: "+n)}}e.isValid=function(i){return i&&typeof i.bit<"u"&&i.bit>=0&&i.bit<4},e.from=function(i,r){if(e.isValid(i))return i;try{return t(i)}catch{return r}}})(F0)),F0}var O0,i4;function zte(){if(i4)return O0;i4=1;function e(){this.buffer=[],this.length=0}return e.prototype={get:function(t){const n=Math.floor(t/8);return(this.buffer[n]>>>7-t%8&1)===1},put:function(t,n){for(let i=0;i<n;i++)this.putBit((t>>>n-i-1&1)===1)},getLengthInBits:function(){return this.length},putBit:function(t){const n=Math.floor(this.length/8);this.buffer.length<=n&&this.buffer.push(0),t&&(this.buffer[n]|=128>>>this.length%8),this.length++}},O0=e,O0}var j0,r4;function Pte(){if(r4)return j0;r4=1;function e(t){if(!t||t<1)throw new Error("BitMatrix size must be defined and greater than 0");this.size=t,this.data=new Uint8Array(t*t),this.reservedBit=new Uint8Array(t*t)}return e.prototype.set=function(t,n,i,r){const o=t*this.size+n;this.data[o]=i,r&&(this.reservedBit[o]=!0)},e.prototype.get=function(t,n){return this.data[t*this.size+n]},e.prototype.xor=function(t,n,i){this.data[t*this.size+n]^=i},e.prototype.isReserved=function(t,n){return this.reservedBit[t*this.size+n]},j0=e,j0}var R0={},o4;function Nte(){return o4||(o4=1,(function(e){const t=Ps().getSymbolSize;e.getRowColCoords=function(i){if(i===1)return[];const r=Math.floor(i/7)+2,o=t(i),a=o===145?26:Math.ceil((o-13)/(2*r-2))*2,c=[o-7];for(let l=1;l<r-1;l++)c[l]=c[l-1]-a;return c.push(6),c.reverse()},e.getPositions=function(i){const r=[],o=e.getRowColCoords(i),a=o.length;for(let c=0;c<a;c++)for(let l=0;l<a;l++)c===0&&l===0||c===0&&l===a-1||c===a-1&&l===0||r.push([o[c],o[l]]);return r}})(R0)),R0}var D0={},s4;function Fte(){if(s4)return D0;s4=1;const e=Ps().getSymbolSize,t=7;return D0.getPositions=function(i){const r=e(i);return[[0,0],[r-t,0],[0,r-t]]},D0}var B0={},a4;function Ote(){return a4||(a4=1,(function(e){e.Patterns={PATTERN000:0,PATTERN001:1,PATTERN010:2,PATTERN011:3,PATTERN100:4,PATTERN101:5,PATTERN110:6,PATTERN111:7};const t={N1:3,N2:3,N3:40,N4:10};e.isValid=function(r){return r!=null&&r!==""&&!isNaN(r)&&r>=0&&r<=7},e.from=function(r){return e.isValid(r)?parseInt(r,10):void 0},e.getPenaltyN1=function(r){const o=r.size;let a=0,c=0,l=0,d=null,u=null;for(let p=0;p<o;p++){c=l=0,d=u=null;for(let f=0;f<o;f++){let h=r.get(p,f);h===d?c++:(c>=5&&(a+=t.N1+(c-5)),d=h,c=1),h=r.get(f,p),h===u?l++:(l>=5&&(a+=t.N1+(l-5)),u=h,l=1)}c>=5&&(a+=t.N1+(c-5)),l>=5&&(a+=t.N1+(l-5))}return a},e.getPenaltyN2=function(r){const o=r.size;let a=0;for(let c=0;c<o-1;c++)for(let l=0;l<o-1;l++){const d=r.get(c,l)+r.get(c,l+1)+r.get(c+1,l)+r.get(c+1,l+1);(d===4||d===0)&&a++}return a*t.N2},e.getPenaltyN3=function(r){const o=r.size;let a=0,c=0,l=0;for(let d=0;d<o;d++){c=l=0;for(let u=0;u<o;u++)c=c<<1&2047|r.get(d,u),u>=10&&(c===1488||c===93)&&a++,l=l<<1&2047|r.get(u,d),u>=10&&(l===1488||l===93)&&a++}return a*t.N3},e.getPenaltyN4=function(r){let o=0;const a=r.data.length;for(let l=0;l<a;l++)o+=r.data[l];return Math.abs(Math.ceil(o*100/a/5)-10)*t.N4};function n(i,r,o){switch(i){case e.Patterns.PATTERN000:return(r+o)%2===0;case e.Patterns.PATTERN001:return r%2===0;case e.Patterns.PATTERN010:return o%3===0;case e.Patterns.PATTERN011:return(r+o)%3===0;case e.Patterns.PATTERN100:return(Math.floor(r/2)+Math.floor(o/3))%2===0;case e.Patterns.PATTERN101:return r*o%2+r*o%3===0;case e.Patterns.PATTERN110:return(r*o%2+r*o%3)%2===0;case e.Patterns.PATTERN111:return(r*o%3+(r+o)%2)%2===0;default:throw new Error("bad maskPattern:"+i)}}e.applyMask=function(r,o){const a=o.size;for(let c=0;c<a;c++)for(let l=0;l<a;l++)o.isReserved(l,c)||o.xor(l,c,n(r,l,c))},e.getBestMask=function(r,o){const a=Object.keys(e.Patterns).length;let c=0,l=1/0;for(let d=0;d<a;d++){o(d),e.applyMask(d,r);const u=e.getPenaltyN1(r)+e.getPenaltyN2(r)+e.getPenaltyN3(r)+e.getPenaltyN4(r);e.applyMask(d,r),u<l&&(l=u,c=d)}return c}})(B0)),B0}var Vu={},c4;function uP(){if(c4)return Vu;c4=1;const e=_1(),t=[1,1,1,1,1,1,1,1,1,1,2,2,1,2,2,4,1,2,4,4,2,4,4,4,2,4,6,5,2,4,6,6,2,5,8,8,4,5,8,8,4,5,8,11,4,8,10,11,4,9,12,16,4,9,16,16,6,10,12,18,6,10,17,16,6,11,16,19,6,13,18,21,7,14,21,25,8,16,20,25,8,17,23,25,9,17,23,34,9,18,25,30,10,20,27,32,12,21,29,35,12,23,34,37,12,25,34,40,13,26,35,42,14,28,38,45,15,29,40,48,16,31,43,51,17,33,45,54,18,35,48,57,19,37,51,60,19,38,53,63,20,40,56,66,21,43,59,70,22,45,62,74,24,47,65,77,25,49,68,81],n=[7,10,13,17,10,16,22,28,15,26,36,44,20,36,52,64,26,48,72,88,36,64,96,112,40,72,108,130,48,88,132,156,60,110,160,192,72,130,192,224,80,150,224,264,96,176,260,308,104,198,288,352,120,216,320,384,132,240,360,432,144,280,408,480,168,308,448,532,180,338,504,588,196,364,546,650,224,416,600,700,224,442,644,750,252,476,690,816,270,504,750,900,300,560,810,960,312,588,870,1050,336,644,952,1110,360,700,1020,1200,390,728,1050,1260,420,784,1140,1350,450,812,1200,1440,480,868,1290,1530,510,924,1350,1620,540,980,1440,1710,570,1036,1530,1800,570,1064,1590,1890,600,1120,1680,1980,630,1204,1770,2100,660,1260,1860,2220,720,1316,1950,2310,750,1372,2040,2430];return Vu.getBlocksCount=function(r,o){switch(o){case e.L:return t[(r-1)*4+0];case e.M:return t[(r-1)*4+1];case e.Q:return t[(r-1)*4+2];case e.H:return t[(r-1)*4+3];default:return}},Vu.getTotalCodewordsCount=function(r,o){switch(o){case e.L:return n[(r-1)*4+0];case e.M:return n[(r-1)*4+1];case e.Q:return n[(r-1)*4+2];case e.H:return n[(r-1)*4+3];default:return}},Vu}var L0={},qc={},l4;function jte(){if(l4)return qc;l4=1;const e=new Uint8Array(512),t=new Uint8Array(256);return(function(){let i=1;for(let r=0;r<255;r++)e[r]=i,t[i]=r,i<<=1,i&256&&(i^=285);for(let r=255;r<512;r++)e[r]=e[r-255]})(),qc.log=function(i){if(i<1)throw new Error("log("+i+")");return t[i]},qc.exp=function(i){return e[i]},qc.mul=function(i,r){return i===0||r===0?0:e[t[i]+t[r]]},qc}var d4;function Rte(){return d4||(d4=1,(function(e){const t=jte();e.mul=function(i,r){const o=new Uint8Array(i.length+r.length-1);for(let a=0;a<i.length;a++)for(let c=0;c<r.length;c++)o[a+c]^=t.mul(i[a],r[c]);return o},e.mod=function(i,r){let o=new Uint8Array(i);for(;o.length-r.length>=0;){const a=o[0];for(let l=0;l<r.length;l++)o[l]^=t.mul(r[l],a);let c=0;for(;c<o.length&&o[c]===0;)c++;o=o.slice(c)}return o},e.generateECPolynomial=function(i){let r=new Uint8Array([1]);for(let o=0;o<i;o++)r=e.mul(r,new Uint8Array([1,t.exp(o)]));return r}})(L0)),L0}var M0,u4;function Dte(){if(u4)return M0;u4=1;const e=Rte();function t(n){this.genPoly=void 0,this.degree=n,this.degree&&this.initialize(this.degree)}return t.prototype.initialize=function(i){this.degree=i,this.genPoly=e.generateECPolynomial(this.degree)},t.prototype.encode=function(i){if(!this.genPoly)throw new Error("Encoder not initialized");const r=new Uint8Array(i.length+this.degree);r.set(i);const o=e.mod(r,this.genPoly),a=this.degree-o.length;if(a>0){const c=new Uint8Array(this.degree);return c.set(o,a),c}return o},M0=t,M0}var U0={},q0={},H0={},p4;function pP(){return p4||(p4=1,H0.isValid=function(t){return!isNaN(t)&&t>=1&&t<=40}),H0}var xi={},f4;function fP(){if(f4)return xi;f4=1;const e="[0-9]+",t="[A-Z $%*+\\-./:]+";let n="(?:[u3000-u303F]|[u3040-u309F]|[u30A0-u30FF]|[uFF00-uFFEF]|[u4E00-u9FAF]|[u2605-u2606]|[u2190-u2195]|u203B|[u2010u2015u2018u2019u2025u2026u201Cu201Du2225u2260]|[u0391-u0451]|[u00A7u00A8u00B1u00B4u00D7u00F7])+";n=n.replace(/u/g,"\\u");const i="(?:(?![A-Z0-9 $%*+\\-./:]|"+n+`)(?:.|[\r
831
831
  ]))+`;xi.KANJI=new RegExp(n,"g"),xi.BYTE_KANJI=new RegExp("[^A-Z0-9 $%*+\\-./:]+","g"),xi.BYTE=new RegExp(i,"g"),xi.NUMERIC=new RegExp(e,"g"),xi.ALPHANUMERIC=new RegExp(t,"g");const r=new RegExp("^"+n+"$"),o=new RegExp("^"+e+"$"),a=new RegExp("^[A-Z0-9 $%*+\\-./:]+$");return xi.testKanji=function(l){return r.test(l)},xi.testNumeric=function(l){return o.test(l)},xi.testAlphanumeric=function(l){return a.test(l)},xi}var h4;function Ns(){return h4||(h4=1,(function(e){const t=pP(),n=fP();e.NUMERIC={id:"Numeric",bit:1,ccBits:[10,12,14]},e.ALPHANUMERIC={id:"Alphanumeric",bit:2,ccBits:[9,11,13]},e.BYTE={id:"Byte",bit:4,ccBits:[8,16,16]},e.KANJI={id:"Kanji",bit:8,ccBits:[8,10,12]},e.MIXED={bit:-1},e.getCharCountIndicator=function(o,a){if(!o.ccBits)throw new Error("Invalid mode: "+o);if(!t.isValid(a))throw new Error("Invalid version: "+a);return a>=1&&a<10?o.ccBits[0]:a<27?o.ccBits[1]:o.ccBits[2]},e.getBestModeForData=function(o){return n.testNumeric(o)?e.NUMERIC:n.testAlphanumeric(o)?e.ALPHANUMERIC:n.testKanji(o)?e.KANJI:e.BYTE},e.toString=function(o){if(o&&o.id)return o.id;throw new Error("Invalid mode")},e.isValid=function(o){return o&&o.bit&&o.ccBits};function i(r){if(typeof r!="string")throw new Error("Param is not a string");switch(r.toLowerCase()){case"numeric":return e.NUMERIC;case"alphanumeric":return e.ALPHANUMERIC;case"kanji":return e.KANJI;case"byte":return e.BYTE;default:throw new Error("Unknown mode: "+r)}}e.from=function(o,a){if(e.isValid(o))return o;try{return i(o)}catch{return a}}})(q0)),q0}var g4;function Bte(){return g4||(g4=1,(function(e){const t=Ps(),n=uP(),i=_1(),r=Ns(),o=pP(),a=7973,c=t.getBCHDigit(a);function l(f,h,g){for(let m=1;m<=40;m++)if(h<=e.getCapacity(m,g,f))return m}function d(f,h){return r.getCharCountIndicator(f,h)+4}function u(f,h){let g=0;return f.forEach(function(m){const _=d(m.mode,h);g+=_+m.getBitsLength()}),g}function p(f,h){for(let g=1;g<=40;g++)if(u(f,g)<=e.getCapacity(g,h,r.MIXED))return g}e.from=function(h,g){return o.isValid(h)?parseInt(h,10):g},e.getCapacity=function(h,g,m){if(!o.isValid(h))throw new Error("Invalid QR Code version");typeof m>"u"&&(m=r.BYTE);const _=t.getSymbolTotalCodewords(h),y=n.getTotalCodewordsCount(h,g),w=(_-y)*8;if(m===r.MIXED)return w;const b=w-d(m,h);switch(m){case r.NUMERIC:return Math.floor(b/10*3);case r.ALPHANUMERIC:return Math.floor(b/11*2);case r.KANJI:return Math.floor(b/13);case r.BYTE:default:return Math.floor(b/8)}},e.getBestVersionForData=function(h,g){let m;const _=i.from(g,i.M);if(Array.isArray(h)){if(h.length>1)return p(h,_);if(h.length===0)return 1;m=h[0]}else m=h;return l(m.mode,m.getLength(),_)},e.getEncodedBits=function(h){if(!o.isValid(h)||h<7)throw new Error("Invalid QR Code version");let g=h<<12;for(;t.getBCHDigit(g)-c>=0;)g^=a<<t.getBCHDigit(g)-c;return h<<12|g}})(U0)),U0}var V0={},m4;function Lte(){if(m4)return V0;m4=1;const e=Ps(),t=1335,n=21522,i=e.getBCHDigit(t);return V0.getEncodedBits=function(o,a){const c=o.bit<<3|a;let l=c<<10;for(;e.getBCHDigit(l)-i>=0;)l^=t<<e.getBCHDigit(l)-i;return(c<<10|l)^n},V0}var K0={},G0,y4;function Mte(){if(y4)return G0;y4=1;const e=Ns();function t(n){this.mode=e.NUMERIC,this.data=n.toString()}return t.getBitsLength=function(i){return 10*Math.floor(i/3)+(i%3?i%3*3+1:0)},t.prototype.getLength=function(){return this.data.length},t.prototype.getBitsLength=function(){return t.getBitsLength(this.data.length)},t.prototype.write=function(i){let r,o,a;for(r=0;r+3<=this.data.length;r+=3)o=this.data.substr(r,3),a=parseInt(o,10),i.put(a,10);const c=this.data.length-r;c>0&&(o=this.data.substr(r),a=parseInt(o,10),i.put(a,c*3+1))},G0=t,G0}var W0,_4;function Ute(){if(_4)return W0;_4=1;const e=Ns(),t=["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z"," ","$","%","*","+","-",".","/",":"];function n(i){this.mode=e.ALPHANUMERIC,this.data=i}return n.getBitsLength=function(r){return 11*Math.floor(r/2)+6*(r%2)},n.prototype.getLength=function(){return this.data.length},n.prototype.getBitsLength=function(){return n.getBitsLength(this.data.length)},n.prototype.write=function(r){let o;for(o=0;o+2<=this.data.length;o+=2){let a=t.indexOf(this.data[o])*45;a+=t.indexOf(this.data[o+1]),r.put(a,11)}this.data.length%2&&r.put(t.indexOf(this.data[o]),6)},W0=n,W0}var J0,w4;function qte(){if(w4)return J0;w4=1;const e=Ns();function t(n){this.mode=e.BYTE,typeof n=="string"?this.data=new TextEncoder().encode(n):this.data=new Uint8Array(n)}return t.getBitsLength=function(i){return i*8},t.prototype.getLength=function(){return this.data.length},t.prototype.getBitsLength=function(){return t.getBitsLength(this.data.length)},t.prototype.write=function(n){for(let i=0,r=this.data.length;i<r;i++)n.put(this.data[i],8)},J0=t,J0}var Y0,b4;function Hte(){if(b4)return Y0;b4=1;const e=Ns(),t=Ps();function n(i){this.mode=e.KANJI,this.data=i}return n.getBitsLength=function(r){return r*13},n.prototype.getLength=function(){return this.data.length},n.prototype.getBitsLength=function(){return n.getBitsLength(this.data.length)},n.prototype.write=function(i){let r;for(r=0;r<this.data.length;r++){let o=t.toSJIS(this.data[r]);if(o>=33088&&o<=40956)o-=33088;else if(o>=57408&&o<=60351)o-=49472;else throw new Error("Invalid SJIS character: "+this.data[r]+`
832
832
  Make sure your charset is UTF-8`);o=(o>>>8&255)*192+(o&255),i.put(o,13)}},Y0=n,Y0}var Q0={exports:{}},v4;function Vte(){return v4||(v4=1,(function(e){var t={single_source_shortest_paths:function(n,i,r){var o={},a={};a[i]=0;var c=t.PriorityQueue.make();c.push(i,0);for(var l,d,u,p,f,h,g,m,_;!c.empty();){l=c.pop(),d=l.value,p=l.cost,f=n[d]||{};for(u in f)f.hasOwnProperty(u)&&(h=f[u],g=p+h,m=a[u],_=typeof a[u]>"u",(_||m>g)&&(a[u]=g,c.push(u,g),o[u]=d))}if(typeof r<"u"&&typeof a[r]>"u"){var y=["Could not find a path from ",i," to ",r,"."].join("");throw new Error(y)}return o},extract_shortest_path_from_predecessor_list:function(n,i){for(var r=[],o=i;o;)r.push(o),n[o],o=n[o];return r.reverse(),r},find_path:function(n,i,r){var o=t.single_source_shortest_paths(n,i,r);return t.extract_shortest_path_from_predecessor_list(o,r)},PriorityQueue:{make:function(n){var i=t.PriorityQueue,r={},o;n=n||{};for(o in i)i.hasOwnProperty(o)&&(r[o]=i[o]);return r.queue=[],r.sorter=n.sorter||i.default_sorter,r},default_sorter:function(n,i){return n.cost-i.cost},push:function(n,i){var r={value:n,cost:i};this.queue.push(r),this.queue.sort(this.sorter)},pop:function(){return this.queue.shift()},empty:function(){return this.queue.length===0}}};e.exports=t})(Q0)),Q0.exports}var A4;function Kte(){return A4||(A4=1,(function(e){const t=Ns(),n=Mte(),i=Ute(),r=qte(),o=Hte(),a=fP(),c=Ps(),l=Vte();function d(y){return unescape(encodeURIComponent(y)).length}function u(y,w,b){const A=[];let v;for(;(v=y.exec(b))!==null;)A.push({data:v[0],index:v.index,mode:w,length:v[0].length});return A}function p(y){const w=u(a.NUMERIC,t.NUMERIC,y),b=u(a.ALPHANUMERIC,t.ALPHANUMERIC,y);let A,v;return c.isKanjiModeEnabled()?(A=u(a.BYTE,t.BYTE,y),v=u(a.KANJI,t.KANJI,y)):(A=u(a.BYTE_KANJI,t.BYTE,y),v=[]),w.concat(b,A,v).sort(function(x,T){return x.index-T.index}).map(function(x){return{data:x.data,mode:x.mode,length:x.length}})}function f(y,w){switch(w){case t.NUMERIC:return n.getBitsLength(y);case t.ALPHANUMERIC:return i.getBitsLength(y);case t.KANJI:return o.getBitsLength(y);case t.BYTE:return r.getBitsLength(y)}}function h(y){return y.reduce(function(w,b){const A=w.length-1>=0?w[w.length-1]:null;return A&&A.mode===b.mode?(w[w.length-1].data+=b.data,w):(w.push(b),w)},[])}function g(y){const w=[];for(let b=0;b<y.length;b++){const A=y[b];switch(A.mode){case t.NUMERIC:w.push([A,{data:A.data,mode:t.ALPHANUMERIC,length:A.length},{data:A.data,mode:t.BYTE,length:A.length}]);break;case t.ALPHANUMERIC:w.push([A,{data:A.data,mode:t.BYTE,length:A.length}]);break;case t.KANJI:w.push([A,{data:A.data,mode:t.BYTE,length:d(A.data)}]);break;case t.BYTE:w.push([{data:A.data,mode:t.BYTE,length:d(A.data)}])}}return w}function m(y,w){const b={},A={start:{}};let v=["start"];for(let k=0;k<y.length;k++){const x=y[k],T=[];for(let I=0;I<x.length;I++){const F=x[I],$=""+k+I;T.push($),b[$]={node:F,lastCount:0},A[$]={};for(let P=0;P<v.length;P++){const N=v[P];b[N]&&b[N].node.mode===F.mode?(A[N][$]=f(b[N].lastCount+F.length,F.mode)-f(b[N].lastCount,F.mode),b[N].lastCount+=F.length):(b[N]&&(b[N].lastCount=F.length),A[N][$]=f(F.length,F.mode)+4+t.getCharCountIndicator(F.mode,w))}}v=T}for(let k=0;k<v.length;k++)A[v[k]].end=0;return{map:A,table:b}}function _(y,w){let b;const A=t.getBestModeForData(y);if(b=t.from(w,A),b!==t.BYTE&&b.bit<A.bit)throw new Error('"'+y+'" cannot be encoded with mode '+t.toString(b)+`.
833
833
  Suggested mode is: `+t.toString(A));switch(b===t.KANJI&&!c.isKanjiModeEnabled()&&(b=t.BYTE),b){case t.NUMERIC:return new n(y);case t.ALPHANUMERIC:return new i(y);case t.KANJI:return new o(y);case t.BYTE:return new r(y)}}e.fromArray=function(w){return w.reduce(function(b,A){return typeof A=="string"?b.push(_(A,null)):A.data&&b.push(_(A.data,A.mode)),b},[])},e.fromString=function(w,b){const A=p(w,c.isKanjiModeEnabled()),v=g(A),k=m(v,b),x=l.find_path(k.map,"start","end"),T=[];for(let I=1;I<x.length-1;I++)T.push(k.table[x[I]].node);return e.fromArray(h(T))},e.rawSplit=function(w){return e.fromArray(p(w,c.isKanjiModeEnabled()))}})(K0)),K0}var k4;function Gte(){if(k4)return N0;k4=1;const e=Ps(),t=_1(),n=zte(),i=Pte(),r=Nte(),o=Fte(),a=Ote(),c=uP(),l=Dte(),d=Bte(),u=Lte(),p=Ns(),f=Kte();function h(k,x){const T=k.size,I=o.getPositions(x);for(let F=0;F<I.length;F++){const $=I[F][0],P=I[F][1];for(let N=-1;N<=7;N++)if(!($+N<=-1||T<=$+N))for(let D=-1;D<=7;D++)P+D<=-1||T<=P+D||(N>=0&&N<=6&&(D===0||D===6)||D>=0&&D<=6&&(N===0||N===6)||N>=2&&N<=4&&D>=2&&D<=4?k.set($+N,P+D,!0,!0):k.set($+N,P+D,!1,!0))}}function g(k){const x=k.size;for(let T=8;T<x-8;T++){const I=T%2===0;k.set(T,6,I,!0),k.set(6,T,I,!0)}}function m(k,x){const T=r.getPositions(x);for(let I=0;I<T.length;I++){const F=T[I][0],$=T[I][1];for(let P=-2;P<=2;P++)for(let N=-2;N<=2;N++)P===-2||P===2||N===-2||N===2||P===0&&N===0?k.set(F+P,$+N,!0,!0):k.set(F+P,$+N,!1,!0)}}function _(k,x){const T=k.size,I=d.getEncodedBits(x);let F,$,P;for(let N=0;N<18;N++)F=Math.floor(N/3),$=N%3+T-8-3,P=(I>>N&1)===1,k.set(F,$,P,!0),k.set($,F,P,!0)}function y(k,x,T){const I=k.size,F=u.getEncodedBits(x,T);let $,P;for($=0;$<15;$++)P=(F>>$&1)===1,$<6?k.set($,8,P,!0):$<8?k.set($+1,8,P,!0):k.set(I-15+$,8,P,!0),$<8?k.set(8,I-$-1,P,!0):$<9?k.set(8,15-$-1+1,P,!0):k.set(8,15-$-1,P,!0);k.set(I-8,8,1,!0)}function w(k,x){const T=k.size;let I=-1,F=T-1,$=7,P=0;for(let N=T-1;N>0;N-=2)for(N===6&&N--;;){for(let D=0;D<2;D++)if(!k.isReserved(F,N-D)){let B=!1;P<x.length&&(B=(x[P]>>>$&1)===1),k.set(F,N-D,B),$--,$===-1&&(P++,$=7)}if(F+=I,F<0||T<=F){F-=I,I=-I;break}}}function b(k,x,T){const I=new n;T.forEach(function(D){I.put(D.mode.bit,4),I.put(D.getLength(),p.getCharCountIndicator(D.mode,k)),D.write(I)});const F=e.getSymbolTotalCodewords(k),$=c.getTotalCodewordsCount(k,x),P=(F-$)*8;for(I.getLengthInBits()+4<=P&&I.put(0,4);I.getLengthInBits()%8!==0;)I.putBit(0);const N=(P-I.getLengthInBits())/8;for(let D=0;D<N;D++)I.put(D%2?17:236,8);return A(I,k,x)}function A(k,x,T){const I=e.getSymbolTotalCodewords(x),F=c.getTotalCodewordsCount(x,T),$=I-F,P=c.getBlocksCount(x,T),N=I%P,D=P-N,B=Math.floor(I/P),V=Math.floor($/P),Z=V+1,te=B-V,Q=new l(te);let ie=0;const me=new Array(P),Ae=new Array(P);let G=0;const Ne=new Uint8Array(k.buffer);for(let lt=0;lt<P;lt++){const on=lt<D?V:Z;me[lt]=Ne.slice(ie,ie+on),Ae[lt]=Q.encode(me[lt]),ie+=on,G=Math.max(G,on)}const xe=new Uint8Array(I);let re=0,$e,rt;for($e=0;$e<G;$e++)for(rt=0;rt<P;rt++)$e<me[rt].length&&(xe[re++]=me[rt][$e]);for($e=0;$e<te;$e++)for(rt=0;rt<P;rt++)xe[re++]=Ae[rt][$e];return xe}function v(k,x,T,I){let F;if(Array.isArray(k))F=f.fromArray(k);else if(typeof k=="string"){let B=x;if(!B){const V=f.rawSplit(k);B=d.getBestVersionForData(V,T)}F=f.fromString(k,B||40)}else throw new Error("Invalid data");const $=d.getBestVersionForData(F,T);if(!$)throw new Error("The amount of data is too big to be stored in a QR Code");if(!x)x=$;else if(x<$)throw new Error(`
@@ -1114,5 +1114,5 @@ export default {
1114
1114
  }
1115
1115
  },
1116
1116
  };
1117
- `}class l4e{loader;compatibilityDate;constructor(t){this.loader=t.loader,this.compatibilityDate=t.compatibilityDate||"2025-01-01"}async execute(t){const n=Date.now();if(t.timeoutMs!==void 0||t.cpuLimitMs!==void 0)throw new Error("Cloudflare executor does not support timeoutMs/cpuLimitMs");try{const i=c4e(t.code),r={compatibilityDate:this.compatibilityDate,mainModule:"hook.js",modules:{"hook.js":i},globalOutbound:null},o=t.hookCodeId?`${t.hookCodeId}-${await a4e(t.code)}`:null;return await(await(o?this.loader.get(o,async()=>r):this.loader.load(r)).getEntrypoint().fetch(new Request("https://hook/execute",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({event:t.event,triggerId:t.triggerId})}))).json()}catch(i){return{success:!1,error:i instanceof Error?i.message:String(i),durationMs:Date.now()-n,apiCalls:[]}}}}L.init({supportedLngs:["en","it","nb","sv","pl","cs","fi","da"],fallbackLng:"en",resources:{en:{translation:Cae},it:{translation:Rde},nb:{translation:Gfe},sv:{translation:i0e},pl:{translation:fwe},cs:{translation:k1e},fi:{translation:Nke},da:{translation:qEe}}});function d4e(e){const t=new s.OpenAPIHono;t.onError((l,d)=>l instanceof z?l.getResponse():(console.error(l),d.json({message:"Internal Server Error"},500))),t.use("*",Sc(e));const n=gre(e);t.route("/setup",n),t.get("/",async l=>{const{tenants:d}=await l.env.data.tenants.list();return d.length===0?l.redirect("/setup"):l.json({name:"authhero"})}),t.get("/robots.txt",l=>l.text(`User-agent: *
1117
+ `}class l4e{loader;compatibilityDate;constructor(t){this.loader=t.loader,this.compatibilityDate=t.compatibilityDate||"2025-01-01"}async execute(t){const n=Date.now();try{const i=c4e(t.code),r={compatibilityDate:this.compatibilityDate,mainModule:"hook.js",modules:{"hook.js":i},globalOutbound:null},o=t.hookCodeId?`${t.hookCodeId}-${await a4e(t.code)}`:null;return await(await(o?this.loader.get(o,async()=>r):this.loader.load(r)).getEntrypoint().fetch(new Request("https://hook/execute",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({event:t.event,triggerId:t.triggerId})}))).json()}catch(i){return{success:!1,error:i instanceof Error?i.message:String(i),durationMs:Date.now()-n,apiCalls:[]}}}}L.init({supportedLngs:["en","it","nb","sv","pl","cs","fi","da"],fallbackLng:"en",resources:{en:{translation:Cae},it:{translation:Rde},nb:{translation:Gfe},sv:{translation:i0e},pl:{translation:fwe},cs:{translation:k1e},fi:{translation:Nke},da:{translation:qEe}}});function d4e(e){const t=new s.OpenAPIHono;t.onError((l,d)=>l instanceof z?l.getResponse():(console.error(l),d.json({message:"Internal Server Error"},500))),t.use("*",Sc(e));const n=gre(e);t.route("/setup",n),t.get("/",async l=>{const{tenants:d}=await l.env.data.tenants.list();return d.length===0?l.redirect("/setup"):l.json({name:"authhero"})}),t.get("/robots.txt",l=>l.text(`User-agent: *
1118
1118
  Disallow: /`,200,{"content-type":"text/plain; charset=utf-8"}));const i=qq(e);t.route("/api/v2",i);const r=bX(e);t.route("/u",r);const o=qne(e);t.route("/u2",o);const a=hre(e);t.route("/samlp",a);const c=xQ(e);if(t.route("/",c),(e.adminHandler||e.adminIndexHtml)&&(e.adminHandler&&(t.get("/admin/assets/*",e.adminHandler),t.get("/admin/manifest.json",e.adminHandler),t.get("/admin/favicon.ico",e.adminHandler)),e.adminIndexHtml)){const l=e.adminIndexHtml;t.get("/admin/*",d=>d.html(l)),t.get("/admin",d=>d.html(l))}return{app:t,managementApp:i,oauthApp:c,samlApp:a,universalApp:r,u2App:o,createX509Certificate:Ef}}exports.AppLogo=Gv;exports.Auth0ActionEnum=MN;exports.Auth0Client=Lx;exports.AuthLayout=VEe;exports.AuthorizationResponseMode=vt;exports.AuthorizationResponseType=Sn;exports.Button=_t;exports.ButtonUI=tN;exports.CardContent=XP;exports.CardDescription=ZP;exports.CardFooter=KEe;exports.CardHeader=YP;exports.CardTitle=QP;exports.CardUI=JP;exports.CloudflareCodeExecutor=l4e;exports.CodeChallengeMethod=lh;exports.ComponentCategory=Pw;exports.ComponentType=zw;exports.EmailActionEnum=UN;exports.EmailValidatedPage=p8;exports.EnterCodePage=hw;exports.EnterPasswordPage=dp;exports.ErrorMessage=Vn;exports.FORM_FIELD_TYPES=Rw;exports.FlowActionTypeEnum=LN;exports.Footer=Gz;exports.ForgotPasswordPage=c8;exports.ForgotPasswordSentPage=l8;exports.FormComponent=Ui;exports.GoBack=Ln;exports.GoogleLogo=WEe;exports.GrantType=Zt;exports.HttpSamlSigner=X5;exports.Icon=yt;exports.IdentifierForm=GEe;exports.IdentifierPage=wl;exports.InputUI=eN;exports.InvalidSession=u8;exports.LabelUI=nN;exports.Layout=wt;exports.LocalCodeExecutor=r4e;exports.LocationInfo=Mx;exports.LogTypes=O;exports.LoginSessionState=be;exports.LogsDestination=xs;exports.MANAGEMENT_API_AUDIENCE=VB;exports.MANAGEMENT_API_SCOPES=xl;exports.MailgunEmailService=QEe;exports.Message=ji;exports.NodeType=px;exports.PreSignUpConfirmationPage=f8;exports.PreSignUpPage=d8;exports.RedirectTargetEnum=X4;exports.RegistrationFinalizerDestination=$c;exports.ResetPasswordPage=ra;exports.SignUpPage=$o;exports.SocialButton=Yz;exports.Spinner=Jz;exports.Strategy=W;exports.StrategyType=Ht;exports.Trans=vd;exports.USERNAME_PASSWORD_PROVIDER=cd;exports.UnverifiedEmailPage=a8;exports.UserNotFoundPage=JEe;exports.VippsLogo=YEe;exports.WebhookDestination=Tc;exports.actionDependencySchema=Tw;exports.actionInsertSchema=Bl;exports.actionNodeSchema=gx;exports.actionSchema=Xi;exports.actionSecretSchema=$w;exports.actionTriggerSchema=Cw;exports.actionUpdateSchema=BN;exports.actionVersionInsertSchema=L4;exports.actionVersionSchema=sh;exports.activeUsersResponseSchema=tF;exports.actorSchema=U4;exports.addEntityHooks=j6;exports.addressSchema=ix;exports.attackProtectionSchema=Vx;exports.auditCategorySchema=M4;exports.auditEventInsertSchema=W4;exports.auditEventSchema=J4;exports.auth0ClientSchema=G4;exports.auth0FlowInsertSchema=JN;exports.auth0FlowSchema=bx;exports.auth0QuerySchema=qN;exports.auth0UpdateUserActionSchema=Q4;exports.auth0UserResponseSchema=zn;exports.authParamsSchema=Ll;exports.authenticationMethodInsertSchema=iF;exports.authenticationMethodSchema=rF;exports.authenticationMethodTypeSchema=mC;exports.baseUserSchema=ah;exports.blockComponentSchema=Ex;exports.bordersSchema=Jx;exports.brandingSchema=Ju;exports.breachedPasswordDetectionSchema=ca;exports.bruteForceProtectionSchema=la;exports.buttonComponentSchema=ax;exports.cleanupOutbox=oN;exports.cleanupSessions=rN;exports.cleanupUserSessions=ZEe;exports.clientGrantInsertSchema=vp;exports.clientGrantListSchema=GN;exports.clientGrantSchema=Bo;exports.clientInfoMiddleware=xc;exports.clientInsertSchema=bp;exports.clientRegistrationTokenInsertSchema=ox;exports.clientRegistrationTokenSchema=WN;exports.clientRegistrationTokenTypeSchema=rx;exports.clientSchema=Do;exports.codeInsertSchema=Ax;exports.codeSchema=YN;exports.codeTypeSchema=vx;exports.colorsSchema=Yx;exports.componentMessageSchema=$x;exports.componentSchema=ux;exports.connectionInsertSchema=Ap;exports.connectionOptionsSchema=kx;exports.connectionSchema=Dr;exports.coordinatesSchema=ws;exports.createAuthMiddleware=pg;exports.createDefaultDestinations=sN;exports.createInMemoryCache=Cc;exports.createPassthroughAdapter=sF;exports.createWriteOnlyAdapter=aF;exports.customDomainInsertSchema=Nw;exports.customDomainSchema=Fr;exports.customDomainWithTenantIdSchema=QN;exports.customTextEntrySchema=nF;exports.customTextSchema=zo;exports.dailyStatsSchema=gC;exports.deepMergePatch=Jw;exports.drainOutbox=H6;exports.emailProviderSchema=Ws;exports.emailTemplateNameSchema=Vw;exports.emailTemplateSchema=Or;exports.emailVerificationRulesSchema=Y4;exports.emailVerifyActionSchema=Z4;exports.endingSchema=wx;exports.fetchAll=AP;exports.fieldComponentSchema=Cx;exports.flowActionStepSchema=tx;exports.flowInsertSchema=yp;exports.flowSchema=oa;exports.flowsFieldComponentSchema=lx;exports.flowsFlowNodeSchema=hx;exports.flowsStepNodeSchema=fx;exports.fontDetailsSchema=Co;exports.fontsSchema=Qx;exports.formControlSchema=x9;exports.formInsertSchema=kp;exports.formNodeComponentDefinition=jw;exports.formNodeSchema=Tx;exports.formSchema=sa;exports.genericComponentSchema=dx;exports.genericNodeSchema=mx;exports.getConnectionIdentifierConfig=bs;exports.hookCodeInsertSchema=Sp;exports.hookCodeSchema=Bw;exports.hookInsertSchema=ay;exports.hookSchema=aa;exports.hookTemplateId=Dw;exports.hookTemplates=F9;exports.identitySchema=_p;exports.init=d4e;exports.injectTailwindCSS=CZ;exports.inviteInsertSchema=Lw;exports.inviteSchema=$l;exports.inviteeSchema=jx;exports.inviterSchema=Ox;exports.isBlockComponent=z9;exports.isFieldComponent=N9;exports.isPlainObject=Pp;exports.isWidgetComponent=P9;exports.jwksKeySchema=Ep;exports.jwksSchema=dh;exports.legalComponentSchema=cx;exports.locationInfoSchema=K4;exports.logInsertSchema=Ux;exports.logSchema=$a;exports.logStreamFilterSchema=Hx;exports.logStreamInsertSchema=Uw;exports.logStreamSchema=Gs;exports.logStreamStatusSchema=Mw;exports.logStreamTypeSchema=qx;exports.loginSessionAuthStrategySchema=Dx;exports.loginSessionInsertSchema=Bx;exports.loginSessionSchema=q9;exports.loginSessionStateSchema=Rx;exports.mailgunCredentialsSchema=iN;exports.nodeSchema=yx;exports.openIDConfigurationSchema=cy;exports.organizationBrandingSchema=uC;exports.organizationConnectionInsertSchema=zp;exports.organizationConnectionListSchema=Z9;exports.organizationConnectionSchema=ua;exports.organizationEnabledConnectionSchema=pC;exports.organizationInsertSchema=Ip;exports.organizationSchema=Br;exports.organizationTokenQuotaSchema=fC;exports.pageBackgroundSchema=Zx;exports.parseUserId=oF;exports.passwordInsertSchema=Kx;exports.passwordSchema=V9;exports.preDefinedHooks=KL;exports.profileDataSchema=nx;exports.promptScreenSchema=pa;exports.promptSettingSchema=Ko;exports.redirectActionSchema=ex;exports.refreshTokenInsertSchema=Kw;exports.refreshTokenSchema=K9;exports.requestContextSchema=H4;exports.resourceServerInsertSchema=Cp;exports.resourceServerListSchema=J9;exports.resourceServerOptionsSchema=nC;exports.resourceServerSchema=Lo;exports.resourceServerScopeSchema=tC;exports.responseContextSchema=V4;exports.richTextComponentSchema=sx;exports.roleInsertSchema=Tp;exports.roleListSchema=$p;exports.rolePermissionInsertSchema=iC;exports.rolePermissionListSchema=rC;exports.rolePermissionSchema=Gw;exports.roleSchema=Mo;exports.runOutboxRelay=XEe;exports.screenLinkSchema=Ix;exports.seed=WP;exports.sessionInsertSchema=Wx;exports.sessionSchema=uh;exports.signingKeySchema=ly;exports.smsProviderSchema=W9;exports.smsSendParamsSchema=G9;exports.startSchema=_x;exports.suspiciousIpThrottlingSchema=da;exports.tailwindCss=Yv;exports.targetSchema=q4;exports.tenantInsertSchema=qw;exports.tenantMiddleware=Ec;exports.tenantSchema=xp;exports.tenantSettingsSchema=eF;exports.themeInsertSchema=eC;exports.themeSchema=Yu;exports.tokenResponseSchema=Hw;exports.totalsSchema=Et;exports.uiScreenSchema=I9;exports.userInsertSchema=wp;exports.userOrganizationInsertSchema=hC;exports.userOrganizationSchema=X9;exports.userPermissionInsertSchema=oC;exports.userPermissionListSchema=Y9;exports.userPermissionSchema=sC;exports.userPermissionWithDetailsListSchema=cC;exports.userPermissionWithDetailsSchema=aC;exports.userResponseSchema=HN;exports.userRoleInsertSchema=lC;exports.userRoleListSchema=Q9;exports.userRoleSchema=dC;exports.userSchema=Iw;exports.verificationMethodsSchema=Sx;exports.waitUntil=ph;exports.widgetComponentSchema=xx;exports.widgetSchema=Xx;