authhero 5.8.0 → 5.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/authhero.cjs +3 -3
  2. package/dist/authhero.d.ts +9 -2
  3. package/dist/authhero.mjs +33 -29
  4. package/dist/stats.html +1 -1
  5. package/package.json +3 -3
package/dist/authhero.cjs CHANGED
@@ -1,4 +1,4 @@
1
- "use strict";var kF=Object.create;var rA=Object.defineProperty;var SF=Object.getOwnPropertyDescriptor;var EF=Object.getOwnPropertyNames;var CF=Object.getPrototypeOf,TF=Object.prototype.hasOwnProperty;var xF=(e,t,n,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of EF(t))!TF.call(e,r)&&r!==n&&rA(e,r,{get:()=>t[r],enumerable:!(i=SF(t,r))||i.enumerable});return e};var IF=(e,t,n)=>(n=e!=null?kF(CF(e)):{},xF(t||!e||!e.__esModule?rA(n,"default",{value:e,enumerable:!0}):n,e));Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const s=require("@hono/zod-openapi");var N=class extends Error{res;status;constructor(e=500,t){super(t?.message,{cause:t?.cause}),this.res=t?.res,this.status=e}getResponse(){return this.res?new Response(this.res.body,{status:this.status,headers:this.res.headers}):new Response(this.message,{status:this.status})}};const Ie=e=>typeof e=="string",qc=()=>{let e,t;const n=new Promise((i,r)=>{e=i,t=r});return n.resolve=e,n.reject=t,n},oA=e=>e==null?"":""+e,$F=(e,t,n)=>{e.forEach(i=>{t[i]&&(n[i]=t[i])})},zF=/###/g,sA=e=>e&&e.indexOf("###")>-1?e.replace(zF,"."):e,aA=e=>!e||Ie(e),Ll=(e,t,n)=>{const i=Ie(t)?t.split("."):t;let r=0;for(;r<i.length-1;){if(aA(e))return{};const o=sA(i[r]);!e[o]&&n&&(e[o]=new n),Object.prototype.hasOwnProperty.call(e,o)?e=e[o]:e={},++r}return aA(e)?{}:{obj:e,k:sA(i[r])}},cA=(e,t,n)=>{const{obj:i,k:r}=Ll(e,t,Object);if(i!==void 0||t.length===1){i[r]=n;return}let o=t[t.length-1],a=t.slice(0,t.length-1),c=Ll(e,a,Object);for(;c.obj===void 0&&a.length;)o=`${a[a.length-1]}.${o}`,a=a.slice(0,a.length-1),c=Ll(e,a,Object),c?.obj&&typeof c.obj[`${c.k}.${o}`]<"u"&&(c.obj=void 0);c.obj[`${c.k}.${o}`]=n},NF=(e,t,n,i)=>{const{obj:r,k:o}=Ll(e,t,Object);r[o]=r[o]||[],r[o].push(n)},$p=(e,t)=>{const{obj:n,k:i}=Ll(e,t);if(n&&Object.prototype.hasOwnProperty.call(n,i))return n[i]},PF=(e,t,n)=>{const i=$p(e,n);return i!==void 0?i:$p(t,n)},xC=(e,t,n)=>{for(const i in t)i!=="__proto__"&&i!=="constructor"&&(i in e?Ie(e[i])||e[i]instanceof String||Ie(t[i])||t[i]instanceof String?n&&(e[i]=t[i]):xC(e[i],t[i],n):e[i]=t[i]);return e},Ao=e=>e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&");var FF={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;"};const OF=e=>Ie(e)?e.replace(/[&<>"'\/]/g,t=>FF[t]):e;class RF{constructor(t){this.capacity=t,this.regExpMap=new Map,this.regExpQueue=[]}getRegExp(t){const n=this.regExpMap.get(t);if(n!==void 0)return n;const i=new RegExp(t);return this.regExpQueue.length===this.capacity&&this.regExpMap.delete(this.regExpQueue.shift()),this.regExpMap.set(t,i),this.regExpQueue.push(t),i}}const jF=[" ",",","?","!",";"],DF=new RF(20),LF=(e,t,n)=>{t=t||"",n=n||"";const i=jF.filter(a=>t.indexOf(a)<0&&n.indexOf(a)<0);if(i.length===0)return!0;const r=DF.getRegExp(`(${i.map(a=>a==="?"?"\\?":a).join("|")})`);let o=!r.test(e);if(!o){const a=e.indexOf(n);a>0&&!r.test(e.substring(0,a))&&(o=!0)}return o},Sy=(e,t,n=".")=>{if(!e)return;if(e[t])return Object.prototype.hasOwnProperty.call(e,t)?e[t]:void 0;const i=t.split(n);let r=e;for(let o=0;o<i.length;){if(!r||typeof r!="object")return;let a,c="";for(let l=o;l<i.length;++l)if(l!==o&&(c+=n),c+=i[l],a=r[c],a!==void 0){if(["string","number","boolean"].indexOf(typeof a)>-1&&l<i.length-1)continue;o+=l-o+1;break}r=a}return r},Zl=e=>e?.replace(/_/g,"-"),BF={type:"logger",log(e){this.output("log",e)},warn(e){this.output("warn",e)},error(e){this.output("error",e)},output(e,t){console?.[e]?.apply?.(console,t)}};class zp{constructor(t,n={}){this.init(t,n)}init(t,n={}){this.prefix=n.prefix||"i18next:",this.logger=t||BF,this.options=n,this.debug=n.debug}log(...t){return this.forward(t,"log","",!0)}warn(...t){return this.forward(t,"warn","",!0)}error(...t){return this.forward(t,"error","")}deprecate(...t){return this.forward(t,"warn","WARNING DEPRECATED: ",!0)}forward(t,n,i,r){return r&&!this.debug?null:(Ie(t[0])&&(t[0]=`${i}${this.prefix} ${t[0]}`),this.logger[n](t))}create(t){return new zp(this.logger,{prefix:`${this.prefix}:${t}:`,...this.options})}clone(t){return t=t||this.options,t.prefix=t.prefix||this.prefix,new zp(this.logger,t)}}var Pi=new zp;class bh{constructor(){this.observers={}}on(t,n){return t.split(" ").forEach(i=>{this.observers[i]||(this.observers[i]=new Map);const r=this.observers[i].get(n)||0;this.observers[i].set(n,r+1)}),this}off(t,n){if(this.observers[t]){if(!n){delete this.observers[t];return}this.observers[t].delete(n)}}emit(t,...n){this.observers[t]&&Array.from(this.observers[t].entries()).forEach(([r,o])=>{for(let a=0;a<o;a++)r(...n)}),this.observers["*"]&&Array.from(this.observers["*"].entries()).forEach(([r,o])=>{for(let a=0;a<o;a++)r.apply(r,[t,...n])})}}class lA extends bh{constructor(t,n={ns:["translation"],defaultNS:"translation"}){super(),this.data=t||{},this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.options.ignoreJSONStructure===void 0&&(this.options.ignoreJSONStructure=!0)}addNamespaces(t){this.options.ns.indexOf(t)<0&&this.options.ns.push(t)}removeNamespaces(t){const n=this.options.ns.indexOf(t);n>-1&&this.options.ns.splice(n,1)}getResource(t,n,i,r={}){const o=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,a=r.ignoreJSONStructure!==void 0?r.ignoreJSONStructure:this.options.ignoreJSONStructure;let c;t.indexOf(".")>-1?c=t.split("."):(c=[t,n],i&&(Array.isArray(i)?c.push(...i):Ie(i)&&o?c.push(...i.split(o)):c.push(i)));const l=$p(this.data,c);return!l&&!n&&!i&&t.indexOf(".")>-1&&(t=c[0],n=c[1],i=c.slice(2).join(".")),l||!a||!Ie(i)?l:Sy(this.data?.[t]?.[n],i,o)}addResource(t,n,i,r,o={silent:!1}){const a=o.keySeparator!==void 0?o.keySeparator:this.options.keySeparator;let c=[t,n];i&&(c=c.concat(a?i.split(a):i)),t.indexOf(".")>-1&&(c=t.split("."),r=n,n=c[1]),this.addNamespaces(n),cA(this.data,c,r),o.silent||this.emit("added",t,n,i,r)}addResources(t,n,i,r={silent:!1}){for(const o in i)(Ie(i[o])||Array.isArray(i[o]))&&this.addResource(t,n,o,i[o],{silent:!0});r.silent||this.emit("added",t,n,i)}addResourceBundle(t,n,i,r,o,a={silent:!1,skipCopy:!1}){let c=[t,n];t.indexOf(".")>-1&&(c=t.split("."),r=i,i=n,n=c[1]),this.addNamespaces(n);let l=$p(this.data,c)||{};a.skipCopy||(i=JSON.parse(JSON.stringify(i))),r?xC(l,i,o):l={...l,...i},cA(this.data,c,l),a.silent||this.emit("added",t,n,i)}removeResourceBundle(t,n){this.hasResourceBundle(t,n)&&delete this.data[t][n],this.removeNamespaces(n),this.emit("removed",t,n)}hasResourceBundle(t,n){return this.getResource(t,n)!==void 0}getResourceBundle(t,n){return n||(n=this.options.defaultNS),this.getResource(t,n)}getDataByLanguage(t){return this.data[t]}hasLanguageSomeTranslations(t){const n=this.getDataByLanguage(t);return!!(n&&Object.keys(n)||[]).find(r=>n[r]&&Object.keys(n[r]).length>0)}toJSON(){return this.data}}var IC={processors:{},addPostProcessor(e){this.processors[e.name]=e},handle(e,t,n,i,r){return e.forEach(o=>{t=this.processors[o]?.process(t,n,i,r)??t}),t}};const $C=Symbol("i18next/PATH_KEY");function MF(){const e=[],t=Object.create(null);let n;return t.get=(i,r)=>(n?.revoke?.(),r===$C?e:(e.push(r),n=Proxy.revocable(i,t),n.proxy)),Proxy.revocable(Object.create(null),t).proxy}function Sa(e,t){const{[$C]:n}=e(MF()),i=t?.keySeparator??".",r=t?.nsSeparator??":";if(n.length>1&&r){const o=t?.ns,a=Array.isArray(o)?o:null;if(a&&a.length>1&&a.slice(1).includes(n[0]))return`${n[0]}${r}${n.slice(1).join(i)}`}return n.join(i)}const dA={},sm=e=>!Ie(e)&&typeof e!="boolean"&&typeof e!="number";class Np extends bh{constructor(t,n={}){super(),$F(["resourceStore","languageUtils","pluralResolver","interpolator","backendConnector","i18nFormat","utils"],t,this),this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.logger=Pi.create("translator")}changeLanguage(t){t&&(this.language=t)}exists(t,n={interpolation:{}}){const i={...n};if(t==null)return!1;const r=this.resolve(t,i);if(r?.res===void 0)return!1;const o=sm(r.res);return!(i.returnObjects===!1&&o)}extractFromKey(t,n){let i=n.nsSeparator!==void 0?n.nsSeparator:this.options.nsSeparator;i===void 0&&(i=":");const r=n.keySeparator!==void 0?n.keySeparator:this.options.keySeparator;let o=n.ns||this.options.defaultNS||[];const a=i&&t.indexOf(i)>-1,c=!this.options.userDefinedKeySeparator&&!n.keySeparator&&!this.options.userDefinedNsSeparator&&!n.nsSeparator&&!LF(t,i,r);if(a&&!c){const l=t.match(this.interpolator.nestingRegexp);if(l&&l.length>0)return{key:t,namespaces:Ie(o)?[o]:o};const d=t.split(i);(i!==r||i===r&&this.options.ns.indexOf(d[0])>-1)&&(o=d.shift()),t=d.join(r)}return{key:t,namespaces:Ie(o)?[o]:o}}translate(t,n,i){let r=typeof n=="object"?{...n}:n;if(typeof r!="object"&&this.options.overloadTranslationOptionHandler&&(r=this.options.overloadTranslationOptionHandler(arguments)),typeof r=="object"&&(r={...r}),r||(r={}),t==null)return"";typeof t=="function"&&(t=Sa(t,{...this.options,...r})),Array.isArray(t)||(t=[String(t)]),t=t.map(R=>typeof R=="function"?Sa(R,{...this.options,...r}):String(R));const o=r.returnDetails!==void 0?r.returnDetails:this.options.returnDetails,a=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,{key:c,namespaces:l}=this.extractFromKey(t[t.length-1],r),d=l[l.length-1];let u=r.nsSeparator!==void 0?r.nsSeparator:this.options.nsSeparator;u===void 0&&(u=":");const p=r.lng||this.language,f=r.appendNamespaceToCIMode||this.options.appendNamespaceToCIMode;if(p?.toLowerCase()==="cimode")return f?o?{res:`${d}${u}${c}`,usedKey:c,exactUsedKey:c,usedLng:p,usedNS:d,usedParams:this.getUsedParamsDetails(r)}:`${d}${u}${c}`:o?{res:c,usedKey:c,exactUsedKey:c,usedLng:p,usedNS:d,usedParams:this.getUsedParamsDetails(r)}:c;const h=this.resolve(t,r);let g=h?.res;const m=h?.usedKey||c,_=h?.exactUsedKey||c,w=["[object Number]","[object Function]","[object RegExp]"],y=r.joinArrays!==void 0?r.joinArrays:this.options.joinArrays,v=!this.i18nFormat||this.i18nFormat.handleAsObject,A=r.count!==void 0&&!Ie(r.count),b=Np.hasDefaultValue(r),k=A?this.pluralResolver.getSuffix(p,r.count,r):"",C=r.ordinal&&A?this.pluralResolver.getSuffix(p,r.count,{ordinal:!1}):"",$=A&&!r.ordinal&&r.count===0,z=$&&r[`defaultValue${this.options.pluralSeparator}zero`]||r[`defaultValue${k}`]||r[`defaultValue${C}`]||r.defaultValue;let P=g;v&&!g&&b&&(P=z);const I=sm(P),F=Object.prototype.toString.apply(P);if(v&&P&&I&&w.indexOf(F)<0&&!(Ie(y)&&Array.isArray(P))){if(!r.returnObjects&&!this.options.returnObjects){this.options.returnedObjectHandler||this.logger.warn("accessing an object - but returnObjects options is not enabled!");const R=this.options.returnedObjectHandler?this.options.returnedObjectHandler(m,P,{...r,ns:l}):`key '${c} (${this.language})' returned an object instead of string.`;return o?(h.res=R,h.usedParams=this.getUsedParamsDetails(r),h):R}if(a){const R=Array.isArray(P),O=R?[]:{},j=R?_:m;for(const B in P)if(Object.prototype.hasOwnProperty.call(P,B)){const M=`${j}${a}${B}`;b&&!g?O[B]=this.translate(M,{...r,defaultValue:sm(z)?z[B]:void 0,joinArrays:!1,ns:l}):O[B]=this.translate(M,{...r,joinArrays:!1,ns:l}),O[B]===M&&(O[B]=P[B])}g=O}}else if(v&&Ie(y)&&Array.isArray(g))g=g.join(y),g&&(g=this.extendTranslation(g,t,r,i));else{let R=!1,O=!1;!this.isValidLookup(g)&&b&&(R=!0,g=z),this.isValidLookup(g)||(O=!0,g=c);const B=(r.missingKeyNoValueFallbackToKey||this.options.missingKeyNoValueFallbackToKey)&&O?void 0:g,M=b&&z!==g&&this.options.updateMissing;if(O||R||M){if(this.logger.log(M?"updateKey":"missingKey",p,d,c,M?z:g),a){const Z=this.resolve(c,{...r,keySeparator:!1});Z&&Z.res&&this.logger.warn("Seems the loaded translations were in flat JSON format instead of nested. Either set keySeparator: false on init or make sure your translations are published in nested format.")}let V=[];const W=this.languageUtils.getFallbackCodes(this.options.fallbackLng,r.lng||this.language);if(this.options.saveMissingTo==="fallback"&&W&&W[0])for(let Z=0;Z<W.length;Z++)V.push(W[Z]);else this.options.saveMissingTo==="all"?V=this.languageUtils.toResolveHierarchy(r.lng||this.language):V.push(r.lng||this.language);const ne=(Z,te,K)=>{const ke=b&&K!==g?K:B;this.options.missingKeyHandler?this.options.missingKeyHandler(Z,d,te,ke,M,r):this.backendConnector?.saveMissing&&this.backendConnector.saveMissing(Z,d,te,ke,M,r),this.emit("missingKey",Z,d,te,g)};this.options.saveMissing&&(this.options.saveMissingPlurals&&A?V.forEach(Z=>{const te=this.pluralResolver.getSuffixes(Z,r);$&&r[`defaultValue${this.options.pluralSeparator}zero`]&&te.indexOf(`${this.options.pluralSeparator}zero`)<0&&te.push(`${this.options.pluralSeparator}zero`),te.forEach(K=>{ne([Z],c+K,r[`defaultValue${K}`]||z)})}):ne(V,c,z))}g=this.extendTranslation(g,t,r,h,i),O&&g===c&&this.options.appendNamespaceToMissingKey&&(g=`${d}${u}${c}`),(O||R)&&this.options.parseMissingKeyHandler&&(g=this.options.parseMissingKeyHandler(this.options.appendNamespaceToMissingKey?`${d}${u}${c}`:c,R?g:void 0,r))}return o?(h.res=g,h.usedParams=this.getUsedParamsDetails(r),h):g}extendTranslation(t,n,i,r,o){if(this.i18nFormat?.parse)t=this.i18nFormat.parse(t,{...this.options.interpolation.defaultVariables,...i},i.lng||this.language||r.usedLng,r.usedNS,r.usedKey,{resolved:r});else if(!i.skipInterpolation){i.interpolation&&this.interpolator.init({...i,interpolation:{...this.options.interpolation,...i.interpolation}});const l=Ie(t)&&(i?.interpolation?.skipOnVariables!==void 0?i.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables);let d;if(l){const p=t.match(this.interpolator.nestingRegexp);d=p&&p.length}let u=i.replace&&!Ie(i.replace)?i.replace:i;if(this.options.interpolation.defaultVariables&&(u={...this.options.interpolation.defaultVariables,...u}),t=this.interpolator.interpolate(t,u,i.lng||this.language||r.usedLng,i),l){const p=t.match(this.interpolator.nestingRegexp),f=p&&p.length;d<f&&(i.nest=!1)}!i.lng&&r&&r.res&&(i.lng=this.language||r.usedLng),i.nest!==!1&&(t=this.interpolator.nest(t,(...p)=>o?.[0]===p[0]&&!i.context?(this.logger.warn(`It seems you are nesting recursively key: ${p[0]} in key: ${n[0]}`),null):this.translate(...p,n),i)),i.interpolation&&this.interpolator.reset()}const a=i.postProcess||this.options.postProcess,c=Ie(a)?[a]:a;return t!=null&&c?.length&&i.applyPostProcessor!==!1&&(t=IC.handle(c,t,n,this.options&&this.options.postProcessPassResolved?{i18nResolved:{...r,usedParams:this.getUsedParamsDetails(i)},...i}:i,this)),t}resolve(t,n={}){let i,r,o,a,c;return Ie(t)&&(t=[t]),Array.isArray(t)&&(t=t.map(l=>typeof l=="function"?Sa(l,{...this.options,...n}):l)),t.forEach(l=>{if(this.isValidLookup(i))return;const d=this.extractFromKey(l,n),u=d.key;r=u;let p=d.namespaces;this.options.fallbackNS&&(p=p.concat(this.options.fallbackNS));const f=n.count!==void 0&&!Ie(n.count),h=f&&!n.ordinal&&n.count===0,g=n.context!==void 0&&(Ie(n.context)||typeof n.context=="number")&&n.context!=="",m=n.lngs?n.lngs:this.languageUtils.toResolveHierarchy(n.lng||this.language,n.fallbackLng);p.forEach(_=>{this.isValidLookup(i)||(c=_,!dA[`${m[0]}-${_}`]&&this.utils?.hasLoadedNamespace&&!this.utils?.hasLoadedNamespace(c)&&(dA[`${m[0]}-${_}`]=!0,this.logger.warn(`key "${r}" for languages "${m.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")),m.forEach(w=>{if(this.isValidLookup(i))return;a=w;const y=[u];if(this.i18nFormat?.addLookupKeys)this.i18nFormat.addLookupKeys(y,u,w,_,n);else{let A;f&&(A=this.pluralResolver.getSuffix(w,n.count,n));const b=`${this.options.pluralSeparator}zero`,k=`${this.options.pluralSeparator}ordinal${this.options.pluralSeparator}`;if(f&&(n.ordinal&&A.indexOf(k)===0&&y.push(u+A.replace(k,this.options.pluralSeparator)),y.push(u+A),h&&y.push(u+b)),g){const C=`${u}${this.options.contextSeparator||"_"}${n.context}`;y.push(C),f&&(n.ordinal&&A.indexOf(k)===0&&y.push(C+A.replace(k,this.options.pluralSeparator)),y.push(C+A),h&&y.push(C+b))}}let v;for(;v=y.pop();)this.isValidLookup(i)||(o=v,i=this.getResource(w,_,v,n))}))})}),{res:i,usedKey:r,exactUsedKey:o,usedLng:a,usedNS:c}}isValidLookup(t){return t!==void 0&&!(!this.options.returnNull&&t===null)&&!(!this.options.returnEmptyString&&t==="")}getResource(t,n,i,r={}){return this.i18nFormat?.getResource?this.i18nFormat.getResource(t,n,i,r):this.resourceStore.getResource(t,n,i,r)}getUsedParamsDetails(t={}){const n=["defaultValue","ordinal","context","replace","lng","lngs","fallbackLng","ns","keySeparator","nsSeparator","returnObjects","returnDetails","joinArrays","postProcess","interpolation"],i=t.replace&&!Ie(t.replace);let r=i?t.replace:t;if(i&&typeof t.count<"u"&&(r.count=t.count),this.options.interpolation.defaultVariables&&(r={...this.options.interpolation.defaultVariables,...r}),!i){r={...r};for(const o of n)delete r[o]}return r}static hasDefaultValue(t){const n="defaultValue";for(const i in t)if(Object.prototype.hasOwnProperty.call(t,i)&&n===i.substring(0,n.length)&&t[i]!==void 0)return!0;return!1}}class uA{constructor(t){this.options=t,this.supportedLngs=this.options.supportedLngs||!1,this.logger=Pi.create("languageUtils")}getScriptPartFromCode(t){if(t=Zl(t),!t||t.indexOf("-")<0)return null;const n=t.split("-");return n.length===2||(n.pop(),n[n.length-1].toLowerCase()==="x")?null:this.formatLanguageCode(n.join("-"))}getLanguagePartFromCode(t){if(t=Zl(t),!t||t.indexOf("-")<0)return t;const n=t.split("-");return this.formatLanguageCode(n[0])}formatLanguageCode(t){if(Ie(t)&&t.indexOf("-")>-1){let n;try{n=Intl.getCanonicalLocales(t)[0]}catch{}return n&&this.options.lowerCaseLng&&(n=n.toLowerCase()),n||(this.options.lowerCaseLng?t.toLowerCase():t)}return this.options.cleanCode||this.options.lowerCaseLng?t.toLowerCase():t}isSupportedCode(t){return(this.options.load==="languageOnly"||this.options.nonExplicitSupportedLngs)&&(t=this.getLanguagePartFromCode(t)),!this.supportedLngs||!this.supportedLngs.length||this.supportedLngs.indexOf(t)>-1}getBestMatchFromCodes(t){if(!t)return null;let n;return t.forEach(i=>{if(n)return;const r=this.formatLanguageCode(i);(!this.options.supportedLngs||this.isSupportedCode(r))&&(n=r)}),!n&&this.options.supportedLngs&&t.forEach(i=>{if(n)return;const r=this.getScriptPartFromCode(i);if(this.isSupportedCode(r))return n=r;const o=this.getLanguagePartFromCode(i);if(this.isSupportedCode(o))return n=o;n=this.options.supportedLngs.find(a=>{if(a===o)return a;if(!(a.indexOf("-")<0&&o.indexOf("-")<0)&&(a.indexOf("-")>0&&o.indexOf("-")<0&&a.substring(0,a.indexOf("-"))===o||a.indexOf(o)===0&&o.length>1))return a})}),n||(n=this.getFallbackCodes(this.options.fallbackLng)[0]),n}getFallbackCodes(t,n){if(!t)return[];if(typeof t=="function"&&(t=t(n)),Ie(t)&&(t=[t]),Array.isArray(t))return t;if(!n)return t.default||[];let i=t[n];return i||(i=t[this.getScriptPartFromCode(n)]),i||(i=t[this.formatLanguageCode(n)]),i||(i=t[this.getLanguagePartFromCode(n)]),i||(i=t.default),i||[]}toResolveHierarchy(t,n){const i=this.getFallbackCodes((n===!1?[]:n)||this.options.fallbackLng||[],t),r=[],o=a=>{a&&(this.isSupportedCode(a)?r.push(a):this.logger.warn(`rejecting language code not found in supportedLngs: ${a}`))};return Ie(t)&&(t.indexOf("-")>-1||t.indexOf("_")>-1)?(this.options.load!=="languageOnly"&&o(this.formatLanguageCode(t)),this.options.load!=="languageOnly"&&this.options.load!=="currentOnly"&&o(this.getScriptPartFromCode(t)),this.options.load!=="currentOnly"&&o(this.getLanguagePartFromCode(t))):Ie(t)&&o(this.formatLanguageCode(t)),i.forEach(a=>{r.indexOf(a)<0&&o(this.formatLanguageCode(a))}),r}}const pA={zero:0,one:1,two:2,few:3,many:4,other:5},fA={select:e=>e===1?"one":"other",resolvedOptions:()=>({pluralCategories:["one","other"]})};class UF{constructor(t,n={}){this.languageUtils=t,this.options=n,this.logger=Pi.create("pluralResolver"),this.pluralRulesCache={}}clearCache(){this.pluralRulesCache={}}getRule(t,n={}){const i=Zl(t==="dev"?"en":t),r=n.ordinal?"ordinal":"cardinal",o=JSON.stringify({cleanedCode:i,type:r});if(o in this.pluralRulesCache)return this.pluralRulesCache[o];let a;try{a=new Intl.PluralRules(i,{type:r})}catch{if(typeof Intl>"u")return this.logger.error("No Intl support, please use an Intl polyfill!"),fA;if(!t.match(/-|_/))return fA;const l=this.languageUtils.getLanguagePartFromCode(t);a=this.getRule(l,n)}return this.pluralRulesCache[o]=a,a}needsPlural(t,n={}){let i=this.getRule(t,n);return i||(i=this.getRule("dev",n)),i?.resolvedOptions().pluralCategories.length>1}getPluralFormsOfKey(t,n,i={}){return this.getSuffixes(t,i).map(r=>`${n}${r}`)}getSuffixes(t,n={}){let i=this.getRule(t,n);return i||(i=this.getRule("dev",n)),i?i.resolvedOptions().pluralCategories.sort((r,o)=>pA[r]-pA[o]).map(r=>`${this.options.prepend}${n.ordinal?`ordinal${this.options.prepend}`:""}${r}`):[]}getSuffix(t,n,i={}){const r=this.getRule(t,i);return r?`${this.options.prepend}${i.ordinal?`ordinal${this.options.prepend}`:""}${r.select(n)}`:(this.logger.warn(`no plural rule found for: ${t}`),this.getSuffix("dev",n,i))}}const hA=(e,t,n,i=".",r=!0)=>{let o=PF(e,t,n);return!o&&r&&Ie(n)&&(o=Sy(e,n,i),o===void 0&&(o=Sy(t,n,i))),o},am=e=>e.replace(/\$/g,"$$$$");class gA{constructor(t={}){this.logger=Pi.create("interpolator"),this.options=t,this.format=t?.interpolation?.format||(n=>n),this.init(t)}init(t={}){t.interpolation||(t.interpolation={escapeValue:!0});const{escape:n,escapeValue:i,useRawValueToEscape:r,prefix:o,prefixEscaped:a,suffix:c,suffixEscaped:l,formatSeparator:d,unescapeSuffix:u,unescapePrefix:p,nestingPrefix:f,nestingPrefixEscaped:h,nestingSuffix:g,nestingSuffixEscaped:m,nestingOptionsSeparator:_,maxReplaces:w,alwaysFormat:y}=t.interpolation;this.escape=n!==void 0?n:OF,this.escapeValue=i!==void 0?i:!0,this.useRawValueToEscape=r!==void 0?r:!1,this.prefix=o?Ao(o):a||"{{",this.suffix=c?Ao(c):l||"}}",this.formatSeparator=d||",",this.unescapePrefix=u?"":p||"-",this.unescapeSuffix=this.unescapePrefix?"":u||"",this.nestingPrefix=f?Ao(f):h||Ao("$t("),this.nestingSuffix=g?Ao(g):m||Ao(")"),this.nestingOptionsSeparator=_||",",this.maxReplaces=w||1e3,this.alwaysFormat=y!==void 0?y:!1,this.resetRegExp()}reset(){this.options&&this.init(this.options)}resetRegExp(){const t=(n,i)=>n?.source===i?(n.lastIndex=0,n):new RegExp(i,"g");this.regexp=t(this.regexp,`${this.prefix}(.+?)${this.suffix}`),this.regexpUnescape=t(this.regexpUnescape,`${this.prefix}${this.unescapePrefix}(.+?)${this.unescapeSuffix}${this.suffix}`),this.nestingRegexp=t(this.nestingRegexp,`${this.nestingPrefix}((?:[^()"']+|"[^"]*"|'[^']*'|\\((?:[^()]|"[^"]*"|'[^']*')*\\))*?)${this.nestingSuffix}`)}interpolate(t,n,i,r){let o,a,c;const l=this.options&&this.options.interpolation&&this.options.interpolation.defaultVariables||{},d=h=>{if(h.indexOf(this.formatSeparator)<0){const w=hA(n,l,h,this.options.keySeparator,this.options.ignoreJSONStructure);return this.alwaysFormat?this.format(w,void 0,i,{...r,...n,interpolationkey:h}):w}const g=h.split(this.formatSeparator),m=g.shift().trim(),_=g.join(this.formatSeparator).trim();return this.format(hA(n,l,m,this.options.keySeparator,this.options.ignoreJSONStructure),_,i,{...r,...n,interpolationkey:m})};this.resetRegExp();const u=r?.missingInterpolationHandler||this.options.missingInterpolationHandler,p=r?.interpolation?.skipOnVariables!==void 0?r.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables;return[{regex:this.regexpUnescape,safeValue:h=>am(h)},{regex:this.regexp,safeValue:h=>this.escapeValue?am(this.escape(h)):am(h)}].forEach(h=>{for(c=0;o=h.regex.exec(t);){const g=o[1].trim();if(a=d(g),a===void 0)if(typeof u=="function"){const _=u(t,o,r);a=Ie(_)?_:""}else if(r&&Object.prototype.hasOwnProperty.call(r,g))a="";else if(p){a=o[0];continue}else this.logger.warn(`missed to pass in variable ${g} for interpolating ${t}`),a="";else!Ie(a)&&!this.useRawValueToEscape&&(a=oA(a));const m=h.safeValue(a);if(t=t.replace(o[0],m),p?(h.regex.lastIndex+=a.length,h.regex.lastIndex-=o[0].length):h.regex.lastIndex=0,c++,c>=this.maxReplaces)break}}),t}nest(t,n,i={}){let r,o,a;const c=(l,d)=>{const u=this.nestingOptionsSeparator;if(l.indexOf(u)<0)return l;const p=l.split(new RegExp(`${Ao(u)}[ ]*{`));let f=`{${p[1]}`;l=p[0],f=this.interpolate(f,a);const h=f.match(/'/g),g=f.match(/"/g);((h?.length??0)%2===0&&!g||(g?.length??0)%2!==0)&&(f=f.replace(/'/g,'"'));try{a=JSON.parse(f),d&&(a={...d,...a})}catch(m){return this.logger.warn(`failed parsing options string in nesting for key ${l}`,m),`${l}${u}${f}`}return a.defaultValue&&a.defaultValue.indexOf(this.prefix)>-1&&delete a.defaultValue,l};for(;r=this.nestingRegexp.exec(t);){let l=[];a={...i},a=a.replace&&!Ie(a.replace)?a.replace:a,a.applyPostProcessor=!1,delete a.defaultValue;const d=/{.*}/.test(r[1])?r[1].lastIndexOf("}")+1:r[1].indexOf(this.formatSeparator);if(d!==-1&&(l=r[1].slice(d).split(this.formatSeparator).map(u=>u.trim()).filter(Boolean),r[1]=r[1].slice(0,d)),o=n(c.call(this,r[1].trim(),a),a),o&&r[0]===t&&!Ie(o))return o;Ie(o)||(o=oA(o)),o||(this.logger.warn(`missed to resolve ${r[1]} for nesting ${t}`),o=""),l.length&&(o=l.reduce((u,p)=>this.format(u,p,i.lng,{...i,interpolationkey:r[1].trim()}),o.trim())),t=t.replace(r[0],o),this.regexp.lastIndex=0}return t}}const qF=e=>{let t=e.toLowerCase().trim();const n={};if(e.indexOf("(")>-1){const i=e.split("(");t=i[0].toLowerCase().trim();const r=i[1].substring(0,i[1].length-1);t==="currency"&&r.indexOf(":")<0?n.currency||(n.currency=r.trim()):t==="relativetime"&&r.indexOf(":")<0?n.range||(n.range=r.trim()):r.split(";").forEach(a=>{if(a){const[c,...l]=a.split(":"),d=l.join(":").trim().replace(/^'+|'+$/g,""),u=c.trim();n[u]||(n[u]=d),d==="false"&&(n[u]=!1),d==="true"&&(n[u]=!0),isNaN(d)||(n[u]=parseInt(d,10))}})}return{formatName:t,formatOptions:n}},mA=e=>{const t={};return(n,i,r)=>{let o=r;r&&r.interpolationkey&&r.formatParams&&r.formatParams[r.interpolationkey]&&r[r.interpolationkey]&&(o={...o,[r.interpolationkey]:void 0});const a=i+JSON.stringify(o);let c=t[a];return c||(c=e(Zl(i),r),t[a]=c),c(n)}},HF=e=>(t,n,i)=>e(Zl(n),i)(t);class VF{constructor(t={}){this.logger=Pi.create("formatter"),this.options=t,this.init(t)}init(t,n={interpolation:{}}){this.formatSeparator=n.interpolation.formatSeparator||",";const i=n.cacheInBuiltFormats?mA:HF;this.formats={number:i((r,o)=>{const a=new Intl.NumberFormat(r,{...o});return c=>a.format(c)}),currency:i((r,o)=>{const a=new Intl.NumberFormat(r,{...o,style:"currency"});return c=>a.format(c)}),datetime:i((r,o)=>{const a=new Intl.DateTimeFormat(r,{...o});return c=>a.format(c)}),relativetime:i((r,o)=>{const a=new Intl.RelativeTimeFormat(r,{...o});return c=>a.format(c,o.range||"day")}),list:i((r,o)=>{const a=new Intl.ListFormat(r,{...o});return c=>a.format(c)})}}add(t,n){this.formats[t.toLowerCase().trim()]=n}addCached(t,n){this.formats[t.toLowerCase().trim()]=mA(n)}format(t,n,i,r={}){const o=n.split(this.formatSeparator);if(o.length>1&&o[0].indexOf("(")>1&&o[0].indexOf(")")<0&&o.find(c=>c.indexOf(")")>-1)){const c=o.findIndex(l=>l.indexOf(")")>-1);o[0]=[o[0],...o.splice(1,c)].join(this.formatSeparator)}return o.reduce((c,l)=>{const{formatName:d,formatOptions:u}=qF(l);if(this.formats[d]){let p=c;try{const f=r?.formatParams?.[r.interpolationkey]||{},h=f.locale||f.lng||r.locale||r.lng||i;p=this.formats[d](c,h,{...u,...r,...f})}catch(f){this.logger.warn(f)}return p}else this.logger.warn(`there was no format function for ${d}`);return c},t)}}const KF=(e,t)=>{e.pending[t]!==void 0&&(delete e.pending[t],e.pendingCount--)};class GF extends bh{constructor(t,n,i,r={}){super(),this.backend=t,this.store=n,this.services=i,this.languageUtils=i.languageUtils,this.options=r,this.logger=Pi.create("backendConnector"),this.waitingReads=[],this.maxParallelReads=r.maxParallelReads||10,this.readingCalls=0,this.maxRetries=r.maxRetries>=0?r.maxRetries:5,this.retryTimeout=r.retryTimeout>=1?r.retryTimeout:350,this.state={},this.queue=[],this.backend?.init?.(i,r.backend,r)}queueLoad(t,n,i,r){const o={},a={},c={},l={};return t.forEach(d=>{let u=!0;n.forEach(p=>{const f=`${d}|${p}`;!i.reload&&this.store.hasResourceBundle(d,p)?this.state[f]=2:this.state[f]<0||(this.state[f]===1?a[f]===void 0&&(a[f]=!0):(this.state[f]=1,u=!1,a[f]===void 0&&(a[f]=!0),o[f]===void 0&&(o[f]=!0),l[p]===void 0&&(l[p]=!0)))}),u||(c[d]=!0)}),(Object.keys(o).length||Object.keys(a).length)&&this.queue.push({pending:a,pendingCount:Object.keys(a).length,loaded:{},errors:[],callback:r}),{toLoad:Object.keys(o),pending:Object.keys(a),toLoadLanguages:Object.keys(c),toLoadNamespaces:Object.keys(l)}}loaded(t,n,i){const r=t.split("|"),o=r[0],a=r[1];n&&this.emit("failedLoading",o,a,n),!n&&i&&this.store.addResourceBundle(o,a,i,void 0,void 0,{skipCopy:!0}),this.state[t]=n?-1:2,n&&i&&(this.state[t]=0);const c={};this.queue.forEach(l=>{NF(l.loaded,[o],a),KF(l,t),n&&l.errors.push(n),l.pendingCount===0&&!l.done&&(Object.keys(l.loaded).forEach(d=>{c[d]||(c[d]={});const u=l.loaded[d];u.length&&u.forEach(p=>{c[d][p]===void 0&&(c[d][p]=!0)})}),l.done=!0,l.errors.length?l.callback(l.errors):l.callback())}),this.emit("loaded",c),this.queue=this.queue.filter(l=>!l.done)}read(t,n,i,r=0,o=this.retryTimeout,a){if(!t.length)return a(null,{});if(this.readingCalls>=this.maxParallelReads){this.waitingReads.push({lng:t,ns:n,fcName:i,tried:r,wait:o,callback:a});return}this.readingCalls++;const c=(d,u)=>{if(this.readingCalls--,this.waitingReads.length>0){const p=this.waitingReads.shift();this.read(p.lng,p.ns,p.fcName,p.tried,p.wait,p.callback)}if(d&&u&&r<this.maxRetries){setTimeout(()=>{this.read.call(this,t,n,i,r+1,o*2,a)},o);return}a(d,u)},l=this.backend[i].bind(this.backend);if(l.length===2){try{const d=l(t,n);d&&typeof d.then=="function"?d.then(u=>c(null,u)).catch(c):c(null,d)}catch(d){c(d)}return}return l(t,n,c)}prepareLoading(t,n,i={},r){if(!this.backend)return this.logger.warn("No backend was added via i18next.use. Will not load resources."),r&&r();Ie(t)&&(t=this.languageUtils.toResolveHierarchy(t)),Ie(n)&&(n=[n]);const o=this.queueLoad(t,n,i,r);if(!o.toLoad.length)return o.pending.length||r(),null;o.toLoad.forEach(a=>{this.loadOne(a)})}load(t,n,i){this.prepareLoading(t,n,{},i)}reload(t,n,i){this.prepareLoading(t,n,{reload:!0},i)}loadOne(t,n=""){const i=t.split("|"),r=i[0],o=i[1];this.read(r,o,"read",void 0,void 0,(a,c)=>{a&&this.logger.warn(`${n}loading namespace ${o} for language ${r} failed`,a),!a&&c&&this.logger.log(`${n}loaded namespace ${o} for language ${r}`,c),this.loaded(t,a,c)})}saveMissing(t,n,i,r,o,a={},c=()=>{}){if(this.services?.utils?.hasLoadedNamespace&&!this.services?.utils?.hasLoadedNamespace(n)){this.logger.warn(`did not save key "${i}" as the namespace "${n}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!");return}if(!(i==null||i==="")){if(this.backend?.create){const l={...a,isUpdate:o},d=this.backend.create.bind(this.backend);if(d.length<6)try{let u;d.length===5?u=d(t,n,i,r,l):u=d(t,n,i,r),u&&typeof u.then=="function"?u.then(p=>c(null,p)).catch(c):c(null,u)}catch(u){c(u)}else d(t,n,i,r,c,l)}!t||!t[0]||this.store.addResource(t[0],n,i,r)}}}const cm=()=>({debug:!1,initAsync:!0,ns:["translation"],defaultNS:["translation"],fallbackLng:["dev"],fallbackNS:!1,supportedLngs:!1,nonExplicitSupportedLngs:!1,load:"all",preload:!1,simplifyPluralSuffix:!0,keySeparator:".",nsSeparator:":",pluralSeparator:"_",contextSeparator:"_",partialBundledLanguages:!1,saveMissing:!1,updateMissing:!1,saveMissingTo:"fallback",saveMissingPlurals:!0,missingKeyHandler:!1,missingInterpolationHandler:!1,postProcess:!1,postProcessPassResolved:!1,returnNull:!1,returnEmptyString:!0,returnObjects:!1,joinArrays:!1,returnedObjectHandler:!1,parseMissingKeyHandler:!1,appendNamespaceToMissingKey:!1,appendNamespaceToCIMode:!1,overloadTranslationOptionHandler:e=>{let t={};if(typeof e[1]=="object"&&(t=e[1]),Ie(e[1])&&(t.defaultValue=e[1]),Ie(e[2])&&(t.tDescription=e[2]),typeof e[2]=="object"||typeof e[3]=="object"){const n=e[3]||e[2];Object.keys(n).forEach(i=>{t[i]=n[i]})}return t},interpolation:{escapeValue:!0,format:e=>e,prefix:"{{",suffix:"}}",formatSeparator:",",unescapePrefix:"-",nestingPrefix:"$t(",nestingSuffix:")",nestingOptionsSeparator:",",maxReplaces:1e3,skipOnVariables:!0},cacheInBuiltFormats:!0}),yA=e=>(Ie(e.ns)&&(e.ns=[e.ns]),Ie(e.fallbackLng)&&(e.fallbackLng=[e.fallbackLng]),Ie(e.fallbackNS)&&(e.fallbackNS=[e.fallbackNS]),e.supportedLngs?.indexOf?.("cimode")<0&&(e.supportedLngs=e.supportedLngs.concat(["cimode"])),typeof e.initImmediate=="boolean"&&(e.initAsync=e.initImmediate),e),zu=()=>{},WF=e=>{Object.getOwnPropertyNames(Object.getPrototypeOf(e)).forEach(n=>{typeof e[n]=="function"&&(e[n]=e[n].bind(e))})},zC="__i18next_supportNoticeShown",JF=()=>!!(typeof globalThis<"u"&&globalThis[zC]||typeof process<"u"&&process.env&&process.env.I18NEXT_NO_SUPPORT_NOTICE||typeof process<"u"&&process.env&&process.env.NODE_ENV==="production"),YF=()=>{typeof globalThis<"u"&&(globalThis[zC]=!0)},QF=e=>!!(e?.modules?.backend?.name?.indexOf("Locize")>0||e?.modules?.backend?.constructor?.name?.indexOf("Locize")>0||e?.options?.backend?.backends&&e.options.backend.backends.some(t=>t?.name?.indexOf("Locize")>0||t?.constructor?.name?.indexOf("Locize")>0)||e?.options?.backend?.projectId||e?.options?.backend?.backendOptions&&e.options.backend.backendOptions.some(t=>t?.projectId));class Bl extends bh{constructor(t={},n){if(super(),this.options=yA(t),this.services={},this.logger=Pi,this.modules={external:[]},WF(this),n&&!this.isInitialized&&!t.isClone){if(!this.options.initAsync)return this.init(t,n),this;setTimeout(()=>{this.init(t,n)},0)}}init(t={},n){this.isInitializing=!0,typeof t=="function"&&(n=t,t={}),t.defaultNS==null&&t.ns&&(Ie(t.ns)?t.defaultNS=t.ns:t.ns.indexOf("translation")<0&&(t.defaultNS=t.ns[0]));const i=cm();this.options={...i,...this.options,...yA(t)},this.options.interpolation={...i.interpolation,...this.options.interpolation},t.keySeparator!==void 0&&(this.options.userDefinedKeySeparator=t.keySeparator),t.nsSeparator!==void 0&&(this.options.userDefinedNsSeparator=t.nsSeparator),typeof this.options.overloadTranslationOptionHandler!="function"&&(this.options.overloadTranslationOptionHandler=i.overloadTranslationOptionHandler),this.options.showSupportNotice!==!1&&!QF(this)&&!JF()&&(typeof console<"u"&&typeof console.info<"u"&&console.info("🌐 i18next is made possible by our own product, Locize — consider powering your project with managed localization (AI, CDN, integrations): https://locize.com 💙"),YF());const r=d=>d?typeof d=="function"?new d:d:null;if(!this.options.isClone){this.modules.logger?Pi.init(r(this.modules.logger),this.options):Pi.init(null,this.options);let d;this.modules.formatter?d=this.modules.formatter:d=VF;const u=new uA(this.options);this.store=new lA(this.options.resources,this.options);const p=this.services;p.logger=Pi,p.resourceStore=this.store,p.languageUtils=u,p.pluralResolver=new UF(u,{prepend:this.options.pluralSeparator,simplifyPluralSuffix:this.options.simplifyPluralSuffix}),this.options.interpolation.format&&this.options.interpolation.format!==i.interpolation.format&&this.logger.deprecate("init: you are still using the legacy format function, please use the new approach: https://www.i18next.com/translation-function/formatting"),d&&(!this.options.interpolation.format||this.options.interpolation.format===i.interpolation.format)&&(p.formatter=r(d),p.formatter.init&&p.formatter.init(p,this.options),this.options.interpolation.format=p.formatter.format.bind(p.formatter)),p.interpolator=new gA(this.options),p.utils={hasLoadedNamespace:this.hasLoadedNamespace.bind(this)},p.backendConnector=new GF(r(this.modules.backend),p.resourceStore,p,this.options),p.backendConnector.on("*",(h,...g)=>{this.emit(h,...g)}),this.modules.languageDetector&&(p.languageDetector=r(this.modules.languageDetector),p.languageDetector.init&&p.languageDetector.init(p,this.options.detection,this.options)),this.modules.i18nFormat&&(p.i18nFormat=r(this.modules.i18nFormat),p.i18nFormat.init&&p.i18nFormat.init(this)),this.translator=new Np(this.services,this.options),this.translator.on("*",(h,...g)=>{this.emit(h,...g)}),this.modules.external.forEach(h=>{h.init&&h.init(this)})}if(this.format=this.options.interpolation.format,n||(n=zu),this.options.fallbackLng&&!this.services.languageDetector&&!this.options.lng){const d=this.services.languageUtils.getFallbackCodes(this.options.fallbackLng);d.length>0&&d[0]!=="dev"&&(this.options.lng=d[0])}!this.services.languageDetector&&!this.options.lng&&this.logger.warn("init: no languageDetector is used and no lng is defined"),["getResource","hasResourceBundle","getResourceBundle","getDataByLanguage"].forEach(d=>{this[d]=(...u)=>this.store[d](...u)}),["addResource","addResources","addResourceBundle","removeResourceBundle"].forEach(d=>{this[d]=(...u)=>(this.store[d](...u),this)});const c=qc(),l=()=>{const d=(u,p)=>{this.isInitializing=!1,this.isInitialized&&!this.initializedStoreOnce&&this.logger.warn("init: i18next is already initialized. You should call init just once!"),this.isInitialized=!0,this.options.isClone||this.logger.log("initialized",this.options),this.emit("initialized",this.options),c.resolve(p),n(u,p)};if(this.languages&&!this.isInitialized)return d(null,this.t.bind(this));this.changeLanguage(this.options.lng,d)};return this.options.resources||!this.options.initAsync?l():setTimeout(l,0),c}loadResources(t,n=zu){let i=n;const r=Ie(t)?t:this.language;if(typeof t=="function"&&(i=t),!this.options.resources||this.options.partialBundledLanguages){if(r?.toLowerCase()==="cimode"&&(!this.options.preload||this.options.preload.length===0))return i();const o=[],a=c=>{if(!c||c==="cimode")return;this.services.languageUtils.toResolveHierarchy(c).forEach(d=>{d!=="cimode"&&o.indexOf(d)<0&&o.push(d)})};r?a(r):this.services.languageUtils.getFallbackCodes(this.options.fallbackLng).forEach(l=>a(l)),this.options.preload?.forEach?.(c=>a(c)),this.services.backendConnector.load(o,this.options.ns,c=>{!c&&!this.resolvedLanguage&&this.language&&this.setResolvedLanguage(this.language),i(c)})}else i(null)}reloadResources(t,n,i){const r=qc();return typeof t=="function"&&(i=t,t=void 0),typeof n=="function"&&(i=n,n=void 0),t||(t=this.languages),n||(n=this.options.ns),i||(i=zu),this.services.backendConnector.reload(t,n,o=>{r.resolve(),i(o)}),r}use(t){if(!t)throw new Error("You are passing an undefined module! Please check the object you are passing to i18next.use()");if(!t.type)throw new Error("You are passing a wrong module! Please check the object you are passing to i18next.use()");return t.type==="backend"&&(this.modules.backend=t),(t.type==="logger"||t.log&&t.warn&&t.error)&&(this.modules.logger=t),t.type==="languageDetector"&&(this.modules.languageDetector=t),t.type==="i18nFormat"&&(this.modules.i18nFormat=t),t.type==="postProcessor"&&IC.addPostProcessor(t),t.type==="formatter"&&(this.modules.formatter=t),t.type==="3rdParty"&&this.modules.external.push(t),this}setResolvedLanguage(t){if(!(!t||!this.languages)&&!(["cimode","dev"].indexOf(t)>-1)){for(let n=0;n<this.languages.length;n++){const i=this.languages[n];if(!(["cimode","dev"].indexOf(i)>-1)&&this.store.hasLanguageSomeTranslations(i)){this.resolvedLanguage=i;break}}!this.resolvedLanguage&&this.languages.indexOf(t)<0&&this.store.hasLanguageSomeTranslations(t)&&(this.resolvedLanguage=t,this.languages.unshift(t))}}changeLanguage(t,n){this.isLanguageChangingTo=t;const i=qc();this.emit("languageChanging",t);const r=c=>{this.language=c,this.languages=this.services.languageUtils.toResolveHierarchy(c),this.resolvedLanguage=void 0,this.setResolvedLanguage(c)},o=(c,l)=>{l?this.isLanguageChangingTo===t&&(r(l),this.translator.changeLanguage(l),this.isLanguageChangingTo=void 0,this.emit("languageChanged",l),this.logger.log("languageChanged",l)):this.isLanguageChangingTo=void 0,i.resolve((...d)=>this.t(...d)),n&&n(c,(...d)=>this.t(...d))},a=c=>{!t&&!c&&this.services.languageDetector&&(c=[]);const l=Ie(c)?c:c&&c[0],d=this.store.hasLanguageSomeTranslations(l)?l:this.services.languageUtils.getBestMatchFromCodes(Ie(c)?[c]:c);d&&(this.language||r(d),this.translator.language||this.translator.changeLanguage(d),this.services.languageDetector?.cacheUserLanguage?.(d)),this.loadResources(d,u=>{o(u,d)})};return!t&&this.services.languageDetector&&!this.services.languageDetector.async?a(this.services.languageDetector.detect()):!t&&this.services.languageDetector&&this.services.languageDetector.async?this.services.languageDetector.detect.length===0?this.services.languageDetector.detect().then(a):this.services.languageDetector.detect(a):a(t),i}getFixedT(t,n,i){const r=(o,a,...c)=>{let l;typeof a!="object"?l=this.options.overloadTranslationOptionHandler([o,a].concat(c)):l={...a},l.lng=l.lng||r.lng,l.lngs=l.lngs||r.lngs,l.ns=l.ns||r.ns,l.keyPrefix!==""&&(l.keyPrefix=l.keyPrefix||i||r.keyPrefix);const d={...this.options,...l};typeof l.keyPrefix=="function"&&(l.keyPrefix=Sa(l.keyPrefix,d));const u=this.options.keySeparator||".";let p;return l.keyPrefix&&Array.isArray(o)?p=o.map(f=>(typeof f=="function"&&(f=Sa(f,d)),`${l.keyPrefix}${u}${f}`)):(typeof o=="function"&&(o=Sa(o,d)),p=l.keyPrefix?`${l.keyPrefix}${u}${o}`:o),this.t(p,l)};return Ie(t)?r.lng=t:r.lngs=t,r.ns=n,r.keyPrefix=i,r}t(...t){return this.translator?.translate(...t)}exists(...t){return this.translator?.exists(...t)}setDefaultNamespace(t){this.options.defaultNS=t}hasLoadedNamespace(t,n={}){if(!this.isInitialized)return this.logger.warn("hasLoadedNamespace: i18next was not initialized",this.languages),!1;if(!this.languages||!this.languages.length)return this.logger.warn("hasLoadedNamespace: i18n.languages were undefined or empty",this.languages),!1;const i=n.lng||this.resolvedLanguage||this.languages[0],r=this.options?this.options.fallbackLng:!1,o=this.languages[this.languages.length-1];if(i.toLowerCase()==="cimode")return!0;const a=(c,l)=>{const d=this.services.backendConnector.state[`${c}|${l}`];return d===-1||d===0||d===2};if(n.precheck){const c=n.precheck(this,a);if(c!==void 0)return c}return!!(this.hasResourceBundle(i,t)||!this.services.backendConnector.backend||this.options.resources&&!this.options.partialBundledLanguages||a(i,t)&&(!r||a(o,t)))}loadNamespaces(t,n){const i=qc();return this.options.ns?(Ie(t)&&(t=[t]),t.forEach(r=>{this.options.ns.indexOf(r)<0&&this.options.ns.push(r)}),this.loadResources(r=>{i.resolve(),n&&n(r)}),i):(n&&n(),Promise.resolve())}loadLanguages(t,n){const i=qc();Ie(t)&&(t=[t]);const r=this.options.preload||[],o=t.filter(a=>r.indexOf(a)<0&&this.services.languageUtils.isSupportedCode(a));return o.length?(this.options.preload=r.concat(o),this.loadResources(a=>{i.resolve(),n&&n(a)}),i):(n&&n(),Promise.resolve())}dir(t){if(t||(t=this.resolvedLanguage||(this.languages?.length>0?this.languages[0]:this.language)),!t)return"rtl";try{const r=new Intl.Locale(t);if(r&&r.getTextInfo){const o=r.getTextInfo();if(o&&o.direction)return o.direction}}catch{}const n=["ar","shu","sqr","ssh","xaa","yhd","yud","aao","abh","abv","acm","acq","acw","acx","acy","adf","ads","aeb","aec","afb","ajp","apc","apd","arb","arq","ars","ary","arz","auz","avl","ayh","ayl","ayn","ayp","bbz","pga","he","iw","ps","pbt","pbu","pst","prp","prd","ug","ur","ydd","yds","yih","ji","yi","hbo","men","xmn","fa","jpr","peo","pes","prs","dv","sam","ckb"],i=this.services?.languageUtils||new uA(cm());return t.toLowerCase().indexOf("-latn")>1?"ltr":n.indexOf(i.getLanguagePartFromCode(t))>-1||t.toLowerCase().indexOf("-arab")>1?"rtl":"ltr"}static createInstance(t={},n){const i=new Bl(t,n);return i.createInstance=Bl.createInstance,i}cloneInstance(t={},n=zu){const i=t.forkResourceStore;i&&delete t.forkResourceStore;const r={...this.options,...t,isClone:!0},o=new Bl(r);if((t.debug!==void 0||t.prefix!==void 0)&&(o.logger=o.logger.clone(t)),["store","services","language"].forEach(c=>{o[c]=this[c]}),o.services={...this.services},o.services.utils={hasLoadedNamespace:o.hasLoadedNamespace.bind(o)},i){const c=Object.keys(this.store.data).reduce((l,d)=>(l[d]={...this.store.data[d]},l[d]=Object.keys(l[d]).reduce((u,p)=>(u[p]={...l[d][p]},u),l[d]),l),{});o.store=new lA(c,r),o.services.resourceStore=o.store}if(t.interpolation){const l={...cm().interpolation,...this.options.interpolation,...t.interpolation},d={...r,interpolation:l};o.services.interpolator=new gA(d)}return o.translator=new Np(o.services,r),o.translator.on("*",(c,...l)=>{o.emit(c,...l)}),o.init(r,n),o.translator.options=r,o.translator.backendConnector.services.utils={hasLoadedNamespace:o.hasLoadedNamespace.bind(o)},o}toJSON(){return{options:this.options,store:this.store,language:this.language,languages:this.languages,resolvedLanguage:this.resolvedLanguage}}}const U=Bl.createInstance();U.createInstance;U.dir;U.init;U.loadResources;U.reloadResources;U.use;U.changeLanguage;U.getFixedT;const ee=U.t;U.exists;U.setDefaultNamespace;U.hasLoadedNamespace;U.loadNamespaces;U.loadLanguages;const qn=s.z.object({created_at:s.z.string(),updated_at:s.z.string()}),Yw=s.z.object({id:s.z.string(),version:s.z.string().optional()}),Qw=s.z.object({name:s.z.string(),version:s.z.string()}),Zw=s.z.object({name:s.z.string(),value:s.z.string().optional()}),Xl=s.z.object({name:s.z.string().max(255),code:s.z.string().max(1e5),supported_triggers:s.z.array(Yw).optional(),runtime:s.z.string().max(50).optional(),dependencies:s.z.array(Qw).optional(),secrets:s.z.array(Zw).optional(),is_system:s.z.boolean().optional(),inherit:s.z.boolean().optional()}),ZF=Xl.partial().extend({status:s.z.enum(["draft","built"]).optional(),deployed_at:s.z.string().optional()}),ir=Xl.extend({id:s.z.string(),tenant_id:s.z.string(),status:s.z.enum(["draft","built"]).default("built"),deployed_at:s.z.string().optional(),secrets:s.z.array(s.z.object({name:s.z.string(),value:s.z.string().optional()})).optional(),...qn.shape}),NC=s.z.string(),Xw=s.z.enum(["unspecified","pending","final","partial","canceled","suspended"]),PC=s.z.object({id:s.z.string(),msg:s.z.string(),url:s.z.string().optional()}),ev=s.z.object({action_name:s.z.string(),error:PC.nullable(),started_at:s.z.string(),ended_at:s.z.string()}),FC=s.z.object({level:s.z.enum(["log","info","warn","error","debug"]),message:s.z.string()}),tv=s.z.array(s.z.object({action_name:s.z.string(),lines:s.z.array(FC)})),OC=s.z.object({id:s.z.string(),tenant_id:s.z.string(),trigger_id:NC,status:Xw,results:s.z.array(ev),logs:tv.optional(),created_at:s.z.string(),updated_at:s.z.string()}),XF=OC.omit({tenant_id:!0,created_at:!0,updated_at:!0}),RC=s.z.object({action_id:s.z.string(),code:s.z.string().max(1e5),runtime:s.z.string().max(50).optional(),dependencies:s.z.array(Qw).optional(),secrets:s.z.array(Zw).optional(),supported_triggers:s.z.array(Yw).optional(),deployed:s.z.boolean().default(!0)}),Ah=RC.extend({id:s.z.string(),tenant_id:s.z.string(),number:s.z.number().int(),...qn.shape}),jC=s.z.enum(["user_action","admin_action","system","api"]),DC=s.z.object({type:s.z.enum(["user","admin","system","api_key","client_credentials"]),id:s.z.string().optional(),email:s.z.string().optional(),org_id:s.z.string().optional(),org_name:s.z.string().optional(),scopes:s.z.array(s.z.string()).optional(),client_id:s.z.string().optional()}),LC=s.z.object({type:s.z.string(),id:s.z.string(),before:s.z.record(s.z.unknown()).optional(),after:s.z.record(s.z.unknown()).optional(),diff:s.z.record(s.z.object({old:s.z.unknown(),new:s.z.unknown()})).optional()}),BC=s.z.object({method:s.z.string(),path:s.z.string(),query:s.z.record(s.z.string()).optional(),body:s.z.unknown().optional(),ip:s.z.string(),user_agent:s.z.string().optional(),correlation_id:s.z.string().optional()}),MC=s.z.object({status_code:s.z.number(),body:s.z.unknown().optional()}),UC=s.z.object({country_code:s.z.string(),city_name:s.z.string(),latitude:s.z.string(),longitude:s.z.string(),time_zone:s.z.string(),continent_code:s.z.string()}),qC=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.record(s.z.string()).optional()}),HC=s.z.object({tenant_id:s.z.string(),event_type:s.z.string(),log_type:s.z.string(),description:s.z.string().optional(),category:jC,actor:DC,target:LC,request:BC,response:MC.optional(),connection:s.z.string().optional(),strategy:s.z.string().optional(),strategy_type:s.z.string().optional(),audience:s.z.string().optional(),scope:s.z.string().optional(),location:UC.optional(),auth0_client:qC.optional(),hostname:s.z.string(),is_mobile:s.z.boolean().optional(),timestamp:s.z.string()}),VC=HC.extend({id:s.z.string()}),eO=s.z.enum(["AUTH0","EMAIL","REDIRECT"]),tO=s.z.enum(["CREATE_USER","GET_USER","UPDATE_USER","SEND_REQUEST","SEND_EMAIL"]),nO=s.z.enum(["VERIFY_EMAIL"]),KC=s.z.object({require_mx_record:s.z.boolean().optional(),block_aliases:s.z.boolean().optional(),block_free_emails:s.z.boolean().optional(),block_disposable_emails:s.z.boolean().optional(),blocklist:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional()}),GC=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("AUTH0"),action:s.z.literal("UPDATE_USER"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({connection_id:s.z.string().optional(),user_id:s.z.string(),changes:s.z.record(s.z.string(),s.z.any())})}),WC=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("EMAIL"),action:s.z.literal("VERIFY_EMAIL"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({email:s.z.string(),rules:KC.optional()})}),JC=s.z.enum(["change-email","account","custom"]),YC=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("REDIRECT"),action:s.z.literal("REDIRECT_USER"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({target:JC.openapi({description:"The predefined target to redirect to, or 'custom' for a custom URL"}),custom_url:s.z.string().optional().openapi({description:"Custom URL to redirect to when target is 'custom'"})})}),QC=s.z.union([GC,WC,YC]),Pp=s.z.object({name:s.z.string().min(1).max(150).openapi({description:"The name of the flow"}),actions:s.z.array(QC).optional().default([]).openapi({description:"The list of actions to execute in sequence"})}),ua=Pp.extend({...qn.shape,id:s.z.string().openapi({description:"Unique identifier for the flow",example:"af_12tMpdJ3iek7svMyZkSh5M"})}),iO=s.z.object({page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"The page number where 0 is the first page"}),per_page:s.z.string().min(1).optional().default("10").transform(e=>parseInt(e,10)).openapi({description:"The number of items per page"}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"If the total number of items should be included in the response"}),sort:s.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"A property that should have the format 'string:-1' or 'string:1'"}),q:s.z.string().optional().openapi({description:"A lucene query string used to filter the results"})}),Ct=s.z.object({start:s.z.number(),limit:s.z.number(),length:s.z.number(),total:s.z.number().optional()}),ZC=s.z.object({email:s.z.string().optional(),email_verified:s.z.boolean().optional(),name:s.z.string().optional(),username:s.z.string().optional(),given_name:s.z.string().optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),family_name:s.z.string().optional()}).catchall(s.z.any()),Fp=s.z.object({connection:s.z.string(),user_id:s.z.string(),provider:s.z.string(),isSocial:s.z.boolean(),email:s.z.string().optional(),email_verified:s.z.boolean().optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),username:s.z.string().optional(),access_token:s.z.string().optional(),access_token_secret:s.z.string().optional(),refresh_token:s.z.string().optional(),profileData:ZC.optional()}),XC=s.z.object({formatted:s.z.string().optional(),street_address:s.z.string().optional(),locality:s.z.string().optional(),region:s.z.string().optional(),postal_code:s.z.string().optional(),country:s.z.string().optional()}).optional(),kh=s.z.object({email:s.z.string().optional().transform(e=>e&&e.toLowerCase()),username:s.z.string().refine(e=>!e.includes("@"),{message:'Usernames must not contain "@". Use the email field for email addresses.'}).optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),given_name:s.z.string().optional(),family_name:s.z.string().optional(),nickname:s.z.string().optional(),name:s.z.string().optional(),picture:s.z.string().optional(),locale:s.z.string().optional(),linked_to:s.z.string().optional(),profileData:s.z.string().optional(),user_id:s.z.string().optional(),app_metadata:s.z.any().default({}).optional(),user_metadata:s.z.any().default({}).optional(),middle_name:s.z.string().optional(),preferred_username:s.z.string().optional(),profile:s.z.string().optional(),website:s.z.string().optional(),gender:s.z.string().optional(),birthdate:s.z.string().optional(),zoneinfo:s.z.string().optional(),address:XC}),Op=kh.extend({email_verified:s.z.boolean().default(!1),verify_email:s.z.boolean().optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string().optional(),provider:s.z.string().optional(),connection:s.z.string(),is_social:s.z.boolean().optional(),registration_completed_at:s.z.string().optional(),password:s.z.object({hash:s.z.string(),algorithm:s.z.string()}).optional()}),nv=s.z.object({...Op.omit({password:!0}).shape,...qn.shape,user_id:s.z.string(),provider:s.z.string(),is_social:s.z.boolean(),email:s.z.string().optional(),login_count:s.z.number().default(0),identities:s.z.array(Fp).optional()}),Fn=nv.omit({registration_completed_at:!0}),rO=kh.extend({login_count:s.z.number(),multifactor:s.z.array(s.z.string()).optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string()}).catchall(s.z.any());let oO="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",sO=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=oO[n[e]&63];return t};const Rp=s.z.object({client_id:s.z.string().optional().openapi({description:"ID of this client. Generated server-side if omitted (Auth0 behavior)."}),name:s.z.string().min(1).openapi({description:"Name of this client (min length: 1 character, does not allow < or >)."}),description:s.z.string().max(140).optional().openapi({description:"Free text description of this client (max length: 140 characters)."}),global:s.z.boolean().default(!1).openapi({description:"Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false)."}),client_secret:s.z.string().default(()=>sO()).optional().openapi({description:"Client secret (which you must not make public)."}),app_type:s.z.enum(["native","spa","regular_web","non_interactive","resource_server","express_configuration","rms","box","cloudbees","concur","dropbox","mscrm","echosign","egnyte","newrelic","office365","salesforce","sentry","sharepoint","slack","springcm","zendesk","zoom","sso_integration","oag"]).default("regular_web").optional().openapi({description:"The type of application this client represents"}),logo_uri:s.z.string().url().optional().openapi({description:"URL of the logo to display for this client. Recommended size is 150x150 pixels."}),is_first_party:s.z.boolean().default(!1).openapi({description:"Whether this client a first party client (true) or not (false)."}),oidc_conformant:s.z.boolean().default(!0).openapi({description:"Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false)."}),auth0_conformant:s.z.boolean().default(!0).openapi({description:"Whether this client follows Auth0-compatible behavior (true) or strict OIDC behavior (false). When true, profile/email claims are included in the ID token when scopes are requested. When false, these claims are only available from the userinfo endpoint (strict OIDC 5.4 compliance)."}),callbacks:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication."}),allowed_origins:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs."}),web_origins:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."}),client_aliases:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of audiences/realms for SAML protocol. Used by the wsfed addon."}),allowed_clients:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed."}),connections:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of connection IDs enabled for this client. The order determines the display order on the login page."}),allowed_logout_urls:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."}),session_transfer:s.z.record(s.z.any()).default({}).optional().openapi({description:"Native to Web SSO Configuration"}),oidc_logout:s.z.record(s.z.any()).default({}).optional().openapi({description:"Configuration for OIDC backchannel logout"}),grant_types:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of grant types supported for this application. Can include authorization_code, implicit, refresh_token, client_credentials, password, http://auth0.com/oauth/grant-type/password-realm, http://auth0.com/oauth/grant-type/mfa-oob, http://auth0.com/oauth/grant-type/mfa-otp, http://auth0.com/oauth/grant-type/mfa-recovery-code, urn:openid:params:grant-type:ciba, and urn:ietf:params:oauth:grant-type:device_code."}),jwt_configuration:s.z.record(s.z.any()).default({}).optional().openapi({description:"Configuration related to JWTs for the client."}),signing_keys:s.z.array(s.z.record(s.z.any())).default([]).optional().openapi({description:"Signing certificates associated with this client."}),encryption_key:s.z.record(s.z.any()).default({}).optional().openapi({description:"Encryption used for WsFed responses with this client."}),sso:s.z.boolean().default(!1).openapi({description:"Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false)."}),sso_disabled:s.z.boolean().default(!1).openapi({description:"Whether Single Sign On is disabled for this client. When true, existing SSO sessions will not be reused and users must authenticate every time."}),cross_origin_authentication:s.z.boolean().default(!1).openapi({description:"Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."}),cross_origin_loc:s.z.string().url().optional().openapi({description:"URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page."}),custom_login_page_on:s.z.boolean().default(!1).openapi({description:"Whether a custom login page is to be used (true) or the default provided login page (false)."}),custom_login_page:s.z.string().optional().openapi({description:"The content (HTML, CSS, JS) of the custom login page."}),custom_login_page_preview:s.z.string().optional().openapi({description:"The content (HTML, CSS, JS) of the custom login page. (Used on Previews)"}),form_template:s.z.string().optional().openapi({description:"HTML form template to be used for WS-Federation."}),addons:s.z.record(s.z.any()).default({}).optional().openapi({description:"Addons enabled for this client and their associated configurations."}),token_endpoint_auth_method:s.z.enum(["none","client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"]).default("client_secret_basic").optional().openapi({description:"Defines the requested authentication method for the token endpoint. `none` (public client), `client_secret_post` / `client_secret_basic` (HTTP POST / Basic), `client_secret_jwt` (RFC 7523 HMAC assertion using client_secret), or `private_key_jwt` (RFC 7523 asymmetric assertion verified against the client's `jwks` / `jwks_uri`)."}),client_metadata:s.z.record(s.z.string().max(255)).default({}).optional().openapi({description:'Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/()<>@ [Tab][Space]'}),hide_sign_up_disabled_error:s.z.boolean().default(!1).optional().openapi({description:"Enumeration-safe variant of the connection-level `disable_signup` flag. When a signup is blocked by the password connection and this is true, the identifier screen does not reveal that an email is unknown — it advances to the OTP/password challenge as if the account existed and fails at credential check. Mitigates email enumeration at the cost of UX: users without an account see a generic credential failure instead of an explicit signup-disabled message."}),mobile:s.z.record(s.z.any()).default({}).optional().openapi({description:"Additional configuration for native mobile apps."}),initiate_login_uri:s.z.string().url().optional().openapi({description:"Initiate login uri, must be https"}),native_social_login:s.z.record(s.z.any()).default({}).optional(),refresh_token:s.z.object({rotation_type:s.z.enum(["rotating","non-rotating"]).optional().openapi({description:"Whether refresh tokens for this client are rotated on every exchange (Auth0 'rotating' behavior) or kept stable (legacy non-rotating). Defaults to 'non-rotating' when unset."}),leeway:s.z.number().int().min(0).max(600).optional().openapi({description:"Seconds after a parent token's first rotation during which presenting it again still mints a fresh sibling child instead of triggering reuse-detection. Defaults to 30s when unset."}),expiration_type:s.z.enum(["expiring","non-expiring"]).optional().openapi({description:"Auth0-compatible: whether refresh tokens expire."}),token_lifetime:s.z.number().int().min(0).optional().openapi({description:"Auth0-compatible: refresh-token absolute lifetime in seconds."}),infinite_token_lifetime:s.z.boolean().optional().openapi({description:"Auth0-compatible: when true, refresh tokens have no absolute expiry."}),idle_token_lifetime:s.z.number().int().min(0).optional().openapi({description:"Auth0-compatible: refresh-token idle (sliding) lifetime in seconds."}),infinite_idle_token_lifetime:s.z.boolean().optional().openapi({description:"Auth0-compatible: when true, refresh tokens have no idle expiry."})}).default({}).optional().openapi({description:"Refresh token configuration"}),default_organization:s.z.record(s.z.any()).default({}).optional().openapi({description:"Defines the default Organization ID and flows"}),organization_usage:s.z.enum(["deny","allow","require"]).default("deny").optional().openapi({description:"Defines how to proceed during an authentication transaction with regards an organization. Can be deny (default), allow or require."}),organization_require_behavior:s.z.enum(["no_prompt","pre_login_prompt","post_login_prompt"]).default("no_prompt").optional().openapi({description:"Defines how to proceed during an authentication transaction when client.organization_usage: 'require'. Can be no_prompt (default), pre_login_prompt or post_login_prompt. post_login_prompt requires oidc_conformant: true."}),client_authentication_methods:s.z.record(s.z.any()).default({}).optional().openapi({description:"Defines client authentication methods."}),require_pushed_authorization_requests:s.z.boolean().default(!1).openapi({description:"Makes the use of Pushed Authorization Requests mandatory for this client"}),require_proof_of_possession:s.z.boolean().default(!1).openapi({description:"Makes the use of Proof-of-Possession mandatory for this client"}),signed_request_object:s.z.record(s.z.any()).default({}).optional().openapi({description:"JWT-secured Authorization Requests (JAR) settings."}),compliance_level:s.z.enum(["none","fapi1_adv_pkj_par","fapi1_adv_mtls_par","fapi2_sp_pkj_mtls","fapi2_sp_mtls_mtls"]).optional().openapi({description:"Defines the compliance level for this client, which may restrict it's capabilities"}),par_request_expiry:s.z.number().optional().openapi({description:"Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"}),token_quota:s.z.record(s.z.any()).default({}).optional(),owner_user_id:s.z.string().optional().openapi({description:"User ID of the consenting user when this client was created via IAT-gated Dynamic Client Registration. NULL for clients created via the Management API or open DCR."}),registration_type:s.z.enum(["manual","open_dcr","iat_dcr"]).optional().openapi({description:"Provenance of this client. `manual` = Management API; `open_dcr` = RFC 7591 without IAT; `iat_dcr` = RFC 7591 with an Initial Access Token."}),registration_metadata:s.z.record(s.z.any()).default({}).optional().openapi({description:"Arbitrary metadata captured at Dynamic Client Registration time that isn't a first-class client field (e.g. integration_type, domain). Also stores `iat_constraints` for clients created via IAT so RFC 7592 PUT can enforce field immutability."}),user_linking_mode:s.z.enum(["builtin","off"]).optional().openapi({description:"Per-client override for the built-in email-based user-linking path. `builtin` runs the legacy in-process linking at user creation/email update. `off` disables the legacy path; linking only happens if the tenant has enabled the `account-linking` template hook. When unset, the service-level `userLinkingMode` default applies."})}),qo=s.z.object({created_at:s.z.string(),updated_at:s.z.string(),...Rp.shape,client_id:s.z.string()}),jp=s.z.object({client_id:s.z.string().min(1).openapi({description:"ID of the client."}),audience:s.z.string().min(1).openapi({description:"The audience (API identifier) of this client grant."}),scope:s.z.array(s.z.string()).optional().openapi({description:"Scopes allowed for this client grant."}),organization_usage:s.z.enum(["deny","allow","require"]).optional().openapi({description:"Defines whether organizations can be used with client credentials exchanges for this grant."}),allow_any_organization:s.z.boolean().optional().openapi({description:"If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations."}),is_system:s.z.boolean().optional().openapi({description:"If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."}),subject_type:s.z.enum(["client","user"]).optional().openapi({description:"The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."}),authorization_details_types:s.z.array(s.z.string()).optional().openapi({description:"Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."})}),Ho=s.z.object({id:s.z.string().openapi({description:"ID of the client grant."}),...jp.shape,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),aO=s.z.array(Ho),eT=s.z.enum(["iat","rat"]),tT=s.z.object({id:s.z.string(),token_hash:s.z.string(),type:eT,client_id:s.z.string().optional(),sub:s.z.string().optional(),constraints:s.z.record(s.z.unknown()).optional(),single_use:s.z.boolean().default(!1),expires_at:s.z.string().optional()}),cO=s.z.object({created_at:s.z.string(),used_at:s.z.string().optional(),revoked_at:s.z.string().optional(),...tT.shape}),Ss=s.z.object({x:s.z.number(),y:s.z.number()});var iv=(e=>(e.RICH_TEXT="RICH_TEXT",e.NEXT_BUTTON="NEXT_BUTTON",e.BACK_BUTTON="BACK_BUTTON",e.SUBMIT_BUTTON="SUBMIT_BUTTON",e.DIVIDER="DIVIDER",e.TEXT="TEXT",e.EMAIL="EMAIL",e.PASSWORD="PASSWORD",e.NUMBER="NUMBER",e.PHONE="PHONE",e.DATE="DATE",e.CHECKBOX="CHECKBOX",e.RADIO="RADIO",e.SELECT="SELECT",e.HIDDEN="HIDDEN",e.LEGAL="LEGAL",e))(iv||{}),rv=(e=>(e.BLOCK="BLOCK",e.FIELD="FIELD",e))(rv||{});const Sh=s.z.object({id:s.z.string(),category:s.z.nativeEnum(rv),type:s.z.nativeEnum(iv)}),nT=Sh.extend({category:s.z.literal("BLOCK"),type:s.z.literal("RICH_TEXT"),config:s.z.object({content:s.z.string()}).passthrough()}),iT=Sh.extend({category:s.z.literal("BLOCK"),type:s.z.union([s.z.literal("NEXT_BUTTON"),s.z.literal("BACK_BUTTON"),s.z.literal("SUBMIT_BUTTON")]),config:s.z.object({text:s.z.string()}).passthrough()}),rT=Sh.extend({category:s.z.literal("FIELD"),type:s.z.literal("LEGAL"),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional(),config:s.z.object({text:s.z.string()}).passthrough()}),oT=Sh.extend({category:s.z.literal("FIELD"),type:s.z.union([s.z.literal("TEXT"),s.z.literal("EMAIL"),s.z.literal("PASSWORD"),s.z.literal("NUMBER"),s.z.literal("PHONE"),s.z.literal("DATE"),s.z.literal("CHECKBOX"),s.z.literal("RADIO"),s.z.literal("SELECT"),s.z.literal("HIDDEN")]),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional(),config:s.z.object({label:s.z.string().optional(),placeholder:s.z.string().optional()}).passthrough()}),sT=s.z.object({id:s.z.string(),category:s.z.string(),type:s.z.string()}).passthrough(),aT=s.z.union([nT,iT,rT,oT,sT]);var cT=(e=>(e.STEP="STEP",e.FLOW="FLOW",e.CONDITION="CONDITION",e.ACTION="ACTION",e))(cT||{});const lT=s.z.object({id:s.z.string(),type:s.z.literal("STEP"),coordinates:Ss,alias:s.z.string().optional(),config:s.z.object({components:s.z.array(aT),next_node:s.z.string()}).passthrough()}),dT=s.z.object({id:s.z.string(),type:s.z.literal("FLOW"),coordinates:Ss,alias:s.z.string().optional(),config:s.z.object({flow_id:s.z.string(),next_node:s.z.string()})}),uT=s.z.object({id:s.z.string(),type:s.z.literal("ACTION"),coordinates:Ss,alias:s.z.string().optional(),config:s.z.object({action_type:s.z.enum(["REDIRECT"]).openapi({description:"The type of action to perform"}),target:s.z.enum(["change-email","account","custom"]).openapi({description:"The predefined target to redirect to"}),custom_url:s.z.string().optional().openapi({description:"Custom URL when target is 'custom'"}),next_node:s.z.string().openapi({description:"The next node to navigate to after action (for non-redirect actions)"})}).passthrough()}),pT=s.z.object({id:s.z.string(),type:s.z.string(),coordinates:Ss}).passthrough(),fT=s.z.union([lT,dT,uT,pT]),hT=s.z.object({next_node:s.z.string(),coordinates:Ss}).passthrough(),gT=s.z.object({resume_flow:s.z.boolean().optional(),coordinates:Ss}).passthrough(),mT=s.z.object({id:s.z.string(),name:s.z.string(),languages:s.z.object({primary:s.z.string()}).passthrough(),nodes:s.z.array(fT),start:hT,ending:gT,created_at:s.z.string(),updated_at:s.z.string(),links:s.z.object({sdkSrc:s.z.string().optional(),sdk_src:s.z.string().optional()}).passthrough()}).passthrough(),lO=mT.omit({id:!0,created_at:!0,updated_at:!0});var Tn=(e=>(e.TOKEN="token",e.ID_TOKEN="id_token",e.TOKEN_ID_TOKEN="id_token token",e.CODE="code",e.CODE_ID_TOKEN="code id_token",e.CODE_TOKEN="code token",e.CODE_ID_TOKEN_TOKEN="code id_token token",e))(Tn||{}),mt=(e=>(e.QUERY="query",e.FRAGMENT="fragment",e.FORM_POST="form_post",e.WEB_MESSAGE="web_message",e.SAML_POST="saml_post",e))(mt||{}),Eh=(e=>(e.S256="S256",e.Plain="plain",e))(Eh||{});const _A=s.z.union([s.z.null(),s.z.object({essential:s.z.boolean().optional(),value:s.z.unknown().optional(),values:s.z.array(s.z.unknown()).optional()})]).nullable(),ov=s.z.object({userinfo:s.z.record(s.z.string(),_A).optional(),id_token:s.z.record(s.z.string(),_A).optional()}),ed=s.z.object({client_id:s.z.string(),act_as:s.z.string().optional(),response_type:s.z.nativeEnum(Tn).optional(),response_mode:s.z.nativeEnum(mt).optional(),redirect_uri:s.z.string().optional(),audience:s.z.string().optional(),organization:s.z.string().optional(),state:s.z.string().optional(),nonce:s.z.string().optional(),scope:s.z.string().optional(),prompt:s.z.string().optional(),code_challenge_method:s.z.nativeEnum(Eh).optional(),code_challenge:s.z.string().optional(),username:s.z.string().optional(),ui_locales:s.z.string().optional(),max_age:s.z.number().optional(),acr_values:s.z.string().optional(),claims:ov.optional(),vendor_id:s.z.string().optional()}),dp=s.z.object({colors:s.z.object({primary:s.z.string(),page_background:s.z.union([s.z.string(),s.z.object({type:s.z.string().optional(),start:s.z.string().optional(),end:s.z.string().optional(),angle_deg:s.z.number().optional()})]).optional()}).optional(),logo_url:s.z.string().optional(),favicon_url:s.z.string().optional(),powered_by_logo_url:s.z.string().optional(),font:s.z.object({url:s.z.string()}).optional(),dark_mode:s.z.enum(["dark","light","auto"]).optional()}),yT=s.z.enum(["password_reset","email_verification","otp","mfa_otp","authorization_code","oauth2_state","ticket"]),_T=s.z.object({code_id:s.z.string().openapi({description:"The code that will be used in for instance an email verification flow"}),login_id:s.z.string().openapi({description:"The id of the login session that the code is connected to"}),connection_id:s.z.string().optional().openapi({description:"The connection that the code is connected to"}),code_type:yT,code_verifier:s.z.string().optional().openapi({description:"The code verifier used in PKCE in outbound flows"}),code_challenge:s.z.string().optional().openapi({description:"The code challenge used in PKCE in outbound flows"}),code_challenge_method:s.z.enum(["plain","S256"]).optional().openapi({description:"The code challenge method used in PKCE in outbound flows"}),redirect_uri:s.z.string().optional().openapi({description:"The redirect URI associated with the code"}),otp:s.z.string().optional().openapi({description:"The one-time password value for OTP-based flows"}),nonce:s.z.string().optional().openapi({description:"The nonce value used for security in OIDC flows"}),state:s.z.string().optional().openapi({description:"The state parameter used for CSRF protection in OAuth flows"}),expires_at:s.z.string(),used_at:s.z.string().optional(),user_id:s.z.string().optional()}),dO=s.z.object({..._T.shape,created_at:s.z.string()}),wT=s.z.object({kid:s.z.string().optional(),team_id:s.z.string().optional(),realms:s.z.string().optional(),authentication_method:s.z.string().optional(),client_id:s.z.string().optional(),client_secret:s.z.string().optional(),app_secret:s.z.string().optional(),scope:s.z.string().optional(),authorization_endpoint:s.z.string().optional(),token_endpoint:s.z.string().optional(),userinfo_endpoint:s.z.string().optional(),jwks_uri:s.z.string().optional(),discovery_url:s.z.string().optional(),issuer:s.z.string().optional(),token_endpoint_auth_method:s.z.enum(["client_secret_basic","client_secret_post"]).optional(),provider:s.z.string().optional(),from:s.z.string().optional(),twilio_sid:s.z.string().optional(),twilio_token:s.z.string().optional(),icon_url:s.z.string().optional(),domain_aliases:s.z.array(s.z.string()).optional(),callback_url:s.z.string().url().optional(),passwordPolicy:s.z.enum(["none","low","fair","good","excellent"]).optional(),password_complexity_options:s.z.object({min_length:s.z.number().optional()}).optional(),password_history:s.z.object({enable:s.z.boolean().optional(),size:s.z.number().optional()}).optional(),password_no_personal_info:s.z.object({enable:s.z.boolean().optional()}).optional(),password_dictionary:s.z.object({enable:s.z.boolean().optional(),dictionary:s.z.array(s.z.string()).optional()}).optional(),disable_signup:s.z.boolean().optional(),brute_force_protection:s.z.boolean().optional(),import_mode:s.z.boolean().optional(),configuration:s.z.object({token_endpoint:s.z.string().optional(),userinfo_endpoint:s.z.string().optional(),client_id:s.z.string().optional(),client_secret:s.z.string().optional(),realm:s.z.string().optional()}).optional(),attributes:s.z.object({email:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional(),verification:s.z.object({active:s.z.boolean().optional()}).optional()}).optional(),validation:s.z.object({allowed:s.z.boolean().optional()}).optional(),unique:s.z.boolean().optional(),profile_required:s.z.boolean().optional(),verification_method:s.z.enum(["link","code"]).optional()}).optional(),username:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional()}).optional(),validation:s.z.object({max_length:s.z.number().optional(),min_length:s.z.number().optional(),allowed_types:s.z.object({email:s.z.boolean().optional(),phone_number:s.z.boolean().optional()}).optional()}).optional(),profile_required:s.z.boolean().optional()}).optional(),phone_number:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional()}).optional()}).optional()}).optional(),authentication_methods:s.z.object({password:s.z.object({enabled:s.z.boolean().optional()}).optional(),passkey:s.z.object({enabled:s.z.boolean().optional()}).optional()}).optional(),passkey_options:s.z.object({challenge_ui:s.z.enum(["both","autofill","button"]).optional(),local_enrollment_enabled:s.z.boolean().optional(),progressive_enrollment_enabled:s.z.boolean().optional()}).optional(),requires_username:s.z.boolean().optional(),validation:s.z.object({username:s.z.object({min:s.z.number().optional(),max:s.z.number().optional()}).optional()}).optional(),set_user_root_attributes:s.z.enum(["on_each_login","on_first_login","never_on_login"]).optional()});function Ey(e){if(e!==null){if(Array.isArray(e))return e.filter(t=>t!==null).map(Ey);if(e&&typeof e=="object"){const t={};for(const[n,i]of Object.entries(e))i!==null&&(t[n]=Ey(i));return t}return e}}const Dp=s.z.object({id:s.z.string().optional(),name:s.z.string(),display_name:s.z.string().optional(),strategy:s.z.string(),options:s.z.preprocess(e=>e===null?{}:Ey(e),wT).default({}),enabled_clients:s.z.array(s.z.string()).default([]).optional(),response_type:s.z.custom().optional(),response_mode:s.z.custom().optional(),is_domain_connection:s.z.boolean().optional(),show_as_button:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional(),is_system:s.z.boolean().optional()}),Hr=s.z.object({id:s.z.string(),created_at:s.z.string().transform(e=>e===null?"":e),updated_at:s.z.string().transform(e=>e===null?"":e)}).extend(Dp.shape),sv=s.z.object({domain:s.z.string(),custom_domain_id:s.z.string().optional(),type:s.z.enum(["auth0_managed_certs","self_managed_certs"]),verification_method:s.z.enum(["txt"]).optional(),tls_policy:s.z.enum(["recommended"]).optional(),custom_client_ip_header:s.z.enum(["true-client-ip","cf-connecting-ip","x-forwarded-for","x-azure-clientip","null"]).optional(),domain_metadata:s.z.record(s.z.string().max(255)).optional()}),vT=s.z.discriminatedUnion("name",[s.z.object({name:s.z.literal("txt"),record:s.z.string(),domain:s.z.string()}),s.z.object({name:s.z.literal("http"),http_body:s.z.string(),http_url:s.z.string()})]),Br=s.z.object({...sv.shape,custom_domain_id:s.z.string(),primary:s.z.boolean(),status:s.z.enum(["disabled","pending","pending_verification","ready"]),origin_domain_name:s.z.string().optional(),verification:s.z.object({methods:s.z.array(vT)}).optional(),tls_policy:s.z.string().optional()}),uO=Br.extend({tenant_id:s.z.string()}),av=s.z.object({id:s.z.string(),order:s.z.number().optional(),visible:s.z.boolean().optional().default(!0)}),fo=av.extend({category:s.z.literal("BLOCK").optional()}),pO=fo.extend({type:s.z.literal("DIVIDER"),config:s.z.object({text:s.z.string().optional()}).optional()}),fO=fo.extend({type:s.z.literal("HTML"),config:s.z.object({content:s.z.string().optional()}).optional()}),hO=fo.extend({type:s.z.literal("IMAGE"),config:s.z.object({src:s.z.string().optional(),alt:s.z.string().optional(),width:s.z.number().optional(),height:s.z.number().optional()}).optional()}),gO=fo.extend({type:s.z.literal("JUMP_BUTTON"),config:s.z.object({text:s.z.string().optional(),target_step:s.z.string().optional()})}),mO=fo.extend({type:s.z.literal("RESEND_BUTTON"),config:s.z.object({text:s.z.string().optional(),resend_action:s.z.string().optional()})}),yO=fo.extend({type:s.z.literal("NEXT_BUTTON"),config:s.z.object({text:s.z.string().optional()})}),_O=fo.extend({type:s.z.literal("PREVIOUS_BUTTON"),config:s.z.object({text:s.z.string().optional()})}),wO=fo.extend({type:s.z.literal("RICH_TEXT"),config:s.z.object({content:s.z.string().optional()}).optional()}),cv=av.extend({category:s.z.literal("WIDGET").optional(),label:s.z.string().min(1).optional(),hint:s.z.string().min(1).max(500).optional(),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional()}),vO=cv.extend({type:s.z.literal("AUTH0_VERIFIABLE_CREDENTIALS"),config:s.z.object({credential_type:s.z.string().optional()})}),bO=cv.extend({type:s.z.literal("GMAPS_ADDRESS"),config:s.z.object({api_key:s.z.string().optional()})}),AO=cv.extend({type:s.z.literal("RECAPTCHA"),config:s.z.object({site_key:s.z.string().optional()})}),qt=av.extend({category:s.z.literal("FIELD").optional(),label:s.z.string().min(1).optional(),hint:s.z.string().min(1).max(500).optional(),messages:s.z.array(s.z.object({id:s.z.number().optional(),text:s.z.string(),type:s.z.enum(["info","error","success","warning"])})).optional(),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional()}),kO=qt.extend({type:s.z.literal("BOOLEAN"),config:s.z.object({default_value:s.z.boolean().optional()}).optional()}),SO=qt.extend({type:s.z.literal("CARDS"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string(),description:s.z.string().optional(),image:s.z.string().optional()})).optional(),multi_select:s.z.boolean().optional()}).optional()}),EO=qt.extend({type:s.z.literal("CHOICE"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string()})).optional(),display:s.z.enum(["radio","checkbox"]).optional(),multiple:s.z.boolean().optional(),default_value:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional()}).optional()}),CO=qt.extend({type:s.z.literal("CUSTOM"),config:s.z.object({component:s.z.string().optional(),props:s.z.record(s.z.any()).optional(),schema:s.z.record(s.z.any()).optional(),code:s.z.string().optional()})}),TO=qt.extend({type:s.z.literal("DATE"),config:s.z.object({format:s.z.string().optional(),min:s.z.string().optional(),max:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),xO=qt.extend({type:s.z.literal("DROPDOWN"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string()})).optional(),placeholder:s.z.string().optional(),searchable:s.z.boolean().optional(),multiple:s.z.boolean().optional(),default_value:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional()}).optional()}),IO=qt.extend({type:s.z.literal("EMAIL"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),$O=qt.extend({type:s.z.literal("FILE"),config:s.z.object({accept:s.z.string().optional(),max_size:s.z.number().optional(),multiple:s.z.boolean().optional()}).optional()}),zO=qt.extend({type:s.z.literal("LEGAL"),config:s.z.object({text:s.z.string(),html:s.z.boolean().optional()}).optional()}),NO=qt.extend({type:s.z.literal("NUMBER"),config:s.z.object({placeholder:s.z.string().optional(),min:s.z.number().optional(),max:s.z.number().optional(),step:s.z.number().optional(),default_value:s.z.string().optional()}).optional()}),PO=qt.extend({type:s.z.literal("PASSWORD"),config:s.z.object({placeholder:s.z.string().optional(),min_length:s.z.number().optional(),show_toggle:s.z.boolean().optional(),forgot_password_link:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),FO=qt.extend({type:s.z.literal("PAYMENT"),config:s.z.object({provider:s.z.string().optional(),currency:s.z.string().optional()}).optional()}),OO=qt.extend({type:s.z.literal("SOCIAL"),config:s.z.object({providers:s.z.array(s.z.string()).optional(),provider_details:s.z.array(s.z.object({name:s.z.string(),strategy:s.z.string().optional(),display_name:s.z.string().optional(),icon_url:s.z.string().optional(),href:s.z.string().optional()})).optional()}).optional()}),RO=qt.extend({type:s.z.literal("TEL"),config:s.z.object({placeholder:s.z.string().optional(),default_country:s.z.string().optional(),default_value:s.z.string().optional(),allow_email:s.z.boolean().optional()}).optional()}),jO=qt.extend({type:s.z.literal("TEXT"),config:s.z.object({placeholder:s.z.string().optional(),multiline:s.z.boolean().optional(),max_length:s.z.number().optional(),default_value:s.z.string().optional()}).optional()}),DO=qt.extend({type:s.z.literal("COUNTRY"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),LO=qt.extend({type:s.z.literal("URL"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),bT=s.z.discriminatedUnion("type",[pO,fO,hO,gO,mO,yO,_O,wO]),AT=s.z.discriminatedUnion("type",[vO,bO,AO]),kT=s.z.discriminatedUnion("type",[kO,SO,EO,DO,CO,TO,xO,IO,$O,zO,NO,PO,FO,OO,RO,jO,LO]),lv=s.z.union([bT,AT,kT]),dv=new Set(["BOOLEAN","CARDS","CHOICE","COUNTRY","DATE","DROPDOWN","EMAIL","LEGAL","NUMBER","PASSWORD","TEL","TEXT","URL"]),BO=s.z.object({id:s.z.string(),type:s.z.literal("submit"),label:s.z.string(),className:s.z.string().optional(),disabled:s.z.boolean().optional().default(!1),order:s.z.number().optional(),visible:s.z.boolean().optional().default(!0),customizations:s.z.record(s.z.string(),s.z.any()).optional()}),td=s.z.object({x:s.z.number(),y:s.z.number()}),MO=s.z.object({id:s.z.string(),type:s.z.literal("FLOW"),coordinates:td,alias:s.z.string().min(1).max(150).optional(),config:s.z.object({flow_id:s.z.string().max(30),next_node:s.z.string().optional()})}),UO=s.z.object({id:s.z.string(),type:s.z.literal("ROUTER"),coordinates:td,alias:s.z.string().min(1).max(150),config:s.z.object({rules:s.z.array(s.z.object({id:s.z.string(),alias:s.z.string().min(1).max(150).optional(),condition:s.z.any(),next_node:s.z.string()})),fallback:s.z.string()})}),qO=s.z.object({id:s.z.string(),type:s.z.literal("STEP"),coordinates:td,alias:s.z.string().min(1).max(150).optional(),config:s.z.object({components:s.z.array(lv),next_node:s.z.string().optional()})}),ST=s.z.discriminatedUnion("type",[MO,UO,qO]),Lp=s.z.object({name:s.z.string().openapi({description:"The name of the form"}),messages:s.z.object({errors:s.z.record(s.z.string(),s.z.any()).optional(),custom:s.z.record(s.z.string(),s.z.any()).optional()}).optional(),languages:s.z.object({primary:s.z.string().optional(),default:s.z.string().optional()}).optional(),translations:s.z.record(s.z.string(),s.z.any()).optional(),nodes:s.z.array(ST).optional(),start:s.z.object({hidden_fields:s.z.array(s.z.object({key:s.z.string(),value:s.z.string()})).optional(),next_node:s.z.string().optional(),coordinates:td.optional()}).optional(),ending:s.z.object({redirection:s.z.object({delay:s.z.number().optional(),target:s.z.string().optional()}).optional(),after_submit:s.z.object({flow_id:s.z.string().optional()}).optional(),coordinates:td.optional(),resume_flow:s.z.boolean().optional()}).optional(),style:s.z.object({css:s.z.string().optional()}).optional(),links:s.z.object({sdkSrc:s.z.string().optional(),sdk_src:s.z.string().optional()}).optional()}).openapi({description:"Schema for flow-based forms (matches Auth0 Forms structure)"}),pa=s.z.object({...qn.shape,...Lp.shape,id:s.z.string()}),ET=s.z.object({id:s.z.number().optional(),text:s.z.string(),type:s.z.enum(["info","error","success","warning"])}),CT=s.z.object({id:s.z.string().optional(),text:s.z.string(),href:s.z.string(),linkText:s.z.string().optional()}),HO=s.z.object({name:s.z.string().optional(),action:s.z.string(),method:s.z.enum(["POST","GET"]),title:s.z.string().optional(),description:s.z.string().optional(),components:s.z.array(lv),messages:s.z.array(ET).optional(),links:s.z.array(CT).optional(),footer:s.z.string().optional()});function VO(e){return e.category==="BLOCK"}function KO(e){return e.category==="WIDGET"}function GO(e){return e.category==="FIELD"}const TT=s.z.enum(["pre-user-registration","post-user-registration","post-user-login","post-user-update","validate-registration-username","pre-user-deletion","post-user-deletion"]),xT=s.z.enum(["pre-user-registration","post-user-registration","post-user-login","validate-registration-username","pre-user-deletion","post-user-deletion"]),IT=s.z.enum(["post-user-login","post-user-registration","post-user-update","credentials-exchange"]),$T=s.z.enum(["post-user-login","credentials-exchange","pre-user-registration","post-user-registration"]),uv=s.z.enum(["ensure-username","set-preferred-username","account-linking"]),WO={"ensure-username":{name:"Ensure Username",description:"Automatically assigns a username to users who sign in without one. Creates a linked username account for social/email users.",trigger_ids:["post-user-login"]},"set-preferred-username":{name:"Set Preferred Username",description:"Sets the preferred_username claim on tokens based on the username from the primary or linked user.",trigger_ids:["credentials-exchange"]},"account-linking":{name:"Account Linking",description:"Links a user to an existing primary account with the same verified email. Idempotent — safe to run on every login, registration, and email update.",trigger_ids:["post-user-login","post-user-registration","post-user-update"]}},ho={enabled:s.z.boolean().default(!1),synchronous:s.z.boolean().default(!1),priority:s.z.number().optional(),hook_id:s.z.string().optional(),metadata:s.z.record(s.z.unknown()).optional()},JO=s.z.object({...ho,trigger_id:TT,url:s.z.string()}),YO=s.z.object({...ho,trigger_id:xT,form_id:s.z.string()}),QO=s.z.object({...ho,trigger_id:IT,template_id:uv}),ZO=s.z.object({...ho,trigger_id:$T,code_id:s.z.string()}),Cy=s.z.union([JO,YO,QO,ZO]),XO=s.z.object({...ho,trigger_id:TT,...qn.shape,hook_id:s.z.string(),url:s.z.string()}),eR=s.z.object({...ho,trigger_id:xT,...qn.shape,hook_id:s.z.string(),form_id:s.z.string()}),tR=s.z.object({...ho,trigger_id:IT,...qn.shape,hook_id:s.z.string(),template_id:uv}),nR=s.z.object({...ho,trigger_id:$T,...qn.shape,hook_id:s.z.string(),code_id:s.z.string()}),fa=s.z.union([XO,eR,tR,nR]),Bp=s.z.object({code:s.z.string().max(1e5),secrets:s.z.record(s.z.string()).optional()}),pv=Bp.extend({id:s.z.string(),tenant_id:s.z.string(),...qn.shape}),zT=s.z.object({name:s.z.string().optional()}),NT=s.z.object({email:s.z.string().optional()}),fv=s.z.object({id:s.z.string().optional(),organization_id:s.z.string().max(50),inviter:zT,invitee:NT,invitation_url:s.z.string().url(),client_id:s.z.string(),connection_id:s.z.string().optional(),app_metadata:s.z.record(s.z.any()).default({}).optional(),user_metadata:s.z.record(s.z.any()).default({}).optional(),ttl_sec:s.z.number().int().max(2592e3).default(604800).optional(),roles:s.z.array(s.z.string()).default([]).optional(),send_invitation_email:s.z.boolean().default(!0).optional()}),Ml=s.z.object({id:s.z.string(),organization_id:s.z.string().max(50),created_at:s.z.string().datetime(),expires_at:s.z.string().datetime(),ticket_id:s.z.string().optional()}).extend(fv.omit({id:!0}).shape),Ch=s.z.object({alg:s.z.enum(["RS256","RS384","RS512","ES256","ES384","ES512","HS256","HS384","HS512"]),kid:s.z.string(),kty:s.z.enum(["RSA","EC","oct"]),use:s.z.enum(["sig","enc"]).optional(),n:s.z.string().optional(),e:s.z.string().optional(),crv:s.z.string().optional(),x:s.z.string().optional(),y:s.z.string().optional(),x5t:s.z.string().optional(),x5c:s.z.array(s.z.string()).optional()}).superRefine((e,t)=>{if(e.kty==="RSA")for(const n of["n","e"])e[n]||t.addIssue({code:s.z.ZodIssueCode.custom,path:[n],message:`RSA JWK is missing required member '${n}'`});else if(e.kty==="EC")for(const n of["crv","x","y"])e[n]||t.addIssue({code:s.z.ZodIssueCode.custom,path:[n],message:`EC JWK is missing required member '${n}'`})}),Mp=s.z.object({keys:s.z.array(Ch)}),Ty=s.z.object({issuer:s.z.string(),authorization_endpoint:s.z.string(),token_endpoint:s.z.string(),userinfo_endpoint:s.z.string(),jwks_uri:s.z.string(),registration_endpoint:s.z.string().optional(),revocation_endpoint:s.z.string(),end_session_endpoint:s.z.string().optional(),scopes_supported:s.z.array(s.z.string()),response_types_supported:s.z.array(s.z.string()),grant_types_supported:s.z.array(s.z.string()).optional(),code_challenge_methods_supported:s.z.array(s.z.string()),response_modes_supported:s.z.array(s.z.string()),subject_types_supported:s.z.array(s.z.string()),id_token_signing_alg_values_supported:s.z.array(s.z.string()),token_endpoint_auth_methods_supported:s.z.array(s.z.string()),claims_supported:s.z.array(s.z.string()),request_uri_parameter_supported:s.z.boolean(),request_parameter_supported:s.z.boolean(),claims_parameter_supported:s.z.boolean().optional(),request_object_signing_alg_values_supported:s.z.array(s.z.string()).optional(),token_endpoint_auth_signing_alg_values_supported:s.z.array(s.z.string())});var be=(e=>(e.PENDING="pending",e.AUTHENTICATED="authenticated",e.AWAITING_EMAIL_VERIFICATION="awaiting_email_verification",e.AWAITING_MFA="awaiting_mfa",e.AWAITING_HOOK="awaiting_hook",e.AWAITING_CONTINUATION="awaiting_continuation",e.COMPLETED="completed",e.FAILED="failed",e.EXPIRED="expired",e))(be||{});const PT=s.z.nativeEnum(be),FT=s.z.object({strategy:s.z.string(),strategy_type:s.z.string()}),OT=s.z.object({csrf_token:s.z.string(),auth0Client:s.z.string().optional(),authParams:ed,expires_at:s.z.string(),deleted_at:s.z.string().optional(),ip:s.z.string().optional(),useragent:s.z.string().optional(),session_id:s.z.string().optional(),authorization_url:s.z.string().optional(),state:PT.optional().default("pending"),state_data:s.z.string().optional(),failure_reason:s.z.string().optional(),user_id:s.z.string().optional(),auth_connection:s.z.string().optional(),auth_strategy:FT.optional(),authenticated_at:s.z.string().optional()}).openapi({description:"This represents a login sesion"}),iR=s.z.object({...OT.shape,id:s.z.string().openapi({description:"This is is used as the state in the universal login"}),created_at:s.z.string(),updated_at:s.z.string()}),T={ACLS_SUMMARY:"acls_summary",ACTIONS_EXECUTION_FAILED:"actions_execution_failed",API_LIMIT:"api_limit",API_LIMIT_WARNING:"api_limit_warning",APPI:"appi",CIBA_EXCHANGE_FAILED:"ciba_exchange_failed",CIBA_EXCHANGE_SUCCEEDED:"ciba_exchange_succeeded",CIBA_START_FAILED:"ciba_start_failed",CIBA_START_SUCCEEDED:"ciba_start_succeeded",CODE_LINK_SENT:"cls",CODE_SENT:"cs",DEPRECATION_NOTICE:"depnote",FAILED_LOGIN:"f",FAILED_BY_CONNECTOR:"fc",FAILED_CHANGE_EMAIL:"fce",FAILED_BY_CORS:"fco",FAILED_CROSS_ORIGIN_AUTHENTICATION:"fcoa",FAILED_CHANGE_PASSWORD:"fcp",FAILED_POST_CHANGE_PASSWORD_HOOK:"fcph",FAILED_CHANGE_PHONE_NUMBER:"fcpn",FAILED_CHANGE_PASSWORD_REQUEST:"fcpr",FAILED_CONNECTOR_PROVISIONING:"fcpro",FAILED_CHANGE_USERNAME:"fcu",FAILED_DELEGATION:"fd",FAILED_DEVICE_ACTIVATION:"fdeac",FAILED_DEVICE_AUTHORIZATION_REQUEST:"fdeaz",USER_CANCELED_DEVICE_CONFIRMATION:"fdecc",FAILED_USER_DELETION:"fdu",FAILED_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN:"feacft",FAILED_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS:"feccft",FAILED_EXCHANGE_CUSTOM_TOKEN:"fecte",FAILED_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN:"fede",FAILED_FEDERATED_LOGOUT:"federated_logout_failed",FAILED_EXCHANGE_NATIVE_SOCIAL_LOGIN:"fens",FAILED_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN:"feoobft",FAILED_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN:"feotpft",FAILED_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN:"fepft",FAILED_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN:"fepotpft",FAILED_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN:"fercft",FAILED_EXCHANGE_ROTATING_REFRESH_TOKEN:"ferrt",FAILED_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN:"fertft",FAILED_HOOK:"fh",FAILED_IMPERSONATION:"fimp",FAILED_INVITE_ACCEPT:"fi",FAILED_LOGOUT:"flo",FLOWS_EXECUTION_COMPLETED:"flows_execution_completed",FLOWS_EXECUTION_FAILED:"flows_execution_failed",FAILED_SENDING_NOTIFICATION:"fn",FORMS_SUBMISSION_FAILED:"forms_submission_failed",FORMS_SUBMISSION_SUCCEEDED:"forms_submission_succeeded",FAILED_LOGIN_INCORRECT_PASSWORD:"fp",FAILED_PUSHED_AUTHORIZATION_REQUEST:"fpar",FAILED_POST_USER_REGISTRATION_HOOK:"fpurh",FAILED_SIGNUP:"fs",FAILED_SILENT_AUTH:"fsa",FAILED_LOGIN_INVALID_EMAIL_USERNAME:"fu",FAILED_USERS_IMPORT:"fui",FAILED_VERIFICATION_EMAIL:"fv",FAILED_VERIFICATION_EMAIL_REQUEST:"fvr",EMAIL_VERIFICATION_CONFIRMED:"gd_auth_email_verification",EMAIL_VERIFICATION_FAILED:"gd_auth_fail_email_verification",MFA_AUTH_FAILED:"gd_auth_failed",MFA_AUTH_REJECTED:"gd_auth_rejected",MFA_AUTH_SUCCESS:"gd_auth_succeed",MFA_ENROLLMENT_COMPLETE:"gd_enrollment_complete",TOO_MANY_MFA_FAILURES:"gd_otp_rate_limit_exceed",MFA_RECOVERY_FAILED:"gd_recovery_failed",MFA_RECOVERY_RATE_LIMIT_EXCEED:"gd_recovery_rate_limit_exceed",MFA_RECOVERY_SUCCESS:"gd_recovery_succeed",MFA_EMAIL_SENT:"gd_send_email",EMAIL_VERIFICATION_SENT:"gd_send_email_verification",EMAIL_VERIFICATION_SEND_FAILURE:"gd_send_email_verification_failure",PUSH_NOTIFICATION_SENT:"gd_send_pn",ERROR_SENDING_MFA_PUSH_NOTIFICATION:"gd_send_pn_failure",MFA_SMS_SENT:"gd_send_sms",ERROR_SENDING_MFA_SMS:"gd_send_sms_failure",MFA_VOICE_CALL_SUCCESS:"gd_send_voice",MFA_VOICE_CALL_FAILED:"gd_send_voice_failure",SECOND_FACTOR_STARTED:"gd_start_auth",MFA_ENROLL_STARTED:"gd_start_enroll",MFA_ENROLLMENT_FAILED:"gd_start_enroll_failed",GUARDIAN_TENANT_UPDATE:"gd_tenant_update",UNENROLL_DEVICE_ACCOUNT:"gd_unenroll",UPDATE_DEVICE_ACCOUNT:"gd_update_device_account",WEBAUTHN_CHALLENGE_FAILED:"gd_webauthn_challenge_failed",WEBAUTHN_ENROLLMENT_FAILED:"gd_webauthn_enrollment_failed",FAILED_KMS_API_OPERATION:"kms_key_management_failure",SUCCESS_KMS_API_OPERATION:"kms_key_management_success",KMS_KEY_STATE_CHANGED:"kms_key_state_changed",TOO_MANY_CALLS_TO_DELEGATION:"limit_delegation",BLOCKED_IP_ADDRESS:"limit_mu",BLOCKED_ACCOUNT_IP:"limit_sul",BLOCKED_ACCOUNT_EMAIL:"limit_wc",INFORMATION:"i",MFA_REQUIRED:"mfar",MANAGEMENT_API_READ_OPERATION:"mgmt_api_read",FAILED_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT:"my_account_authentication_method_failed",SUCCESSFUL_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT:"my_account_authentication_method_succeeded",FAILED_OIDC_BACKCHANNEL_LOGOUT:"oidc_backchannel_logout_failed",SUCCESSFUL_OIDC_BACKCHANNEL_LOGOUT:"oidc_backchannel_logout_succeeded",ORGANIZATION_MEMBER_ADDED:"organization_member_added",PASSKEY_CHALLENGE_FAILED:"passkey_challenge_failed",PASSKEY_CHALLENGE_STARTED:"passkey_challenge_started",PRE_LOGIN_ASSESSMENT:"pla",BREACHED_PASSWORD:"pwd_leak",BREACHED_PASSWORD_ON_RESET:"reset_pwd_leak",SUCCESS_RESOURCE_CLEANUP:"resource_cleanup",RICH_CONSENTS_ACCESS_ERROR:"rich_consents_access_error",SUCCESS_LOGIN:"s",SUCCESS_API_OPERATION:"sapi",FAILED_API_OPERATION:"fapi",SUCCESS_CHANGE_EMAIL:"sce",SUCCESS_CROSS_ORIGIN_AUTHENTICATION:"scoa",SUCCESS_CHANGE_PASSWORD:"scp",SUCCESS_CHANGE_PHONE_NUMBER:"scpn",SUCCESS_CHANGE_PASSWORD_REQUEST:"scpr",SUCCESS_CHANGE_USERNAME:"scu",SUCCESS_CREDENTIAL_VALIDATION:"scv",SUCCESS_DELEGATION:"sd",SUCCESS_USER_DELETION:"sdu",SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN:"seacft",SUCCESS_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS:"seccft",SUCCESS_EXCHANGE_CUSTOM_TOKEN:"secte",SUCCESS_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN:"sede",SUCCESS_EXCHANGE_NATIVE_SOCIAL_LOGIN:"sens",SUCCESS_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN:"seoobft",SUCCESS_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN:"seotpft",SUCCESS_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN:"sepotpft",SUCCESS_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN:"sepft",SUCCESS_EXCHANGE_PASSKEY_OOB_FOR_ACCESS_TOKEN:"sepkoobft",SUCCESS_EXCHANGE_PASSKEY_OTP_FOR_ACCESS_TOKEN:"sepkotpft",SUCCESS_EXCHANGE_PASSKEY_MFA_RECOVERY_FOR_ACCESS_TOKEN:"sepkrcft",SUCCESS_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN:"sercft",SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN:"sertft",SUCCESS_IMPERSONATION:"simp",SUCCESSFULLY_ACCEPTED_USER_INVITE:"si",BREACHED_PASSWORD_ON_SIGNUP:"signup_pwd_leak",SUCCESS_LOGOUT:"slo",SUCCESS_HOOK:"sh",SUCCESS_PASSWORD_MIGRATION:"spm",SUCCESS_REVOCATION:"srrt",SUCCESS_SIGNUP:"ss",FAILED_SS_SSO_OPERATION:"ss_sso_failure",INFORMATION_FROM_SS_SSO_OPERATION:"ss_sso_info",SUCCESS_SS_SSO_OPERATION:"ss_sso_success",SUCCESS_SILENT_AUTH:"ssa",SUCCESSFUL_SCIM_OPERATION:"sscim",SUCCESSFULLY_IMPORTED_USERS:"sui",SUCCESS_VERIFICATION_EMAIL:"sv",SUCCESS_VERIFICATION_EMAIL_REQUEST:"svr",MAX_AMOUNT_OF_AUTHENTICATORS:"too_many_records",USER_LOGIN_BLOCK_RELEASED:"ublkdu",FAILED_UNIVERSAL_LOGOUT:"universal_logout_failed",SUCCESSFUL_UNIVERSAL_LOGOUT:"universal_logout_succeeded",WARNING_DURING_LOGIN:"w",WARNING_SENDING_NOTIFICATION:"wn",WARNING_USER_MANAGEMENT:"wum"},rR=s.z.string().refine(e=>Object.values(T).includes(e),{message:"Invalid log type"}),RT={[T.ACLS_SUMMARY]:"ACLs Summary",[T.ACTIONS_EXECUTION_FAILED]:"Actions Execution Failed",[T.API_LIMIT]:"API Rate Limit Reached",[T.API_LIMIT_WARNING]:"API Rate Limit Warning",[T.APPI]:"API Operation",[T.CIBA_EXCHANGE_FAILED]:"CIBA Exchange Failed",[T.CIBA_EXCHANGE_SUCCEEDED]:"CIBA Exchange Succeeded",[T.CIBA_START_FAILED]:"CIBA Start Failed",[T.CIBA_START_SUCCEEDED]:"CIBA Start Succeeded",[T.CODE_LINK_SENT]:"Code/Link Sent",[T.CODE_SENT]:"Code Sent",[T.DEPRECATION_NOTICE]:"Deprecation Notice",[T.FAILED_LOGIN]:"Failed Login",[T.FAILED_BY_CONNECTOR]:"Failed by Connector",[T.FAILED_CHANGE_EMAIL]:"Failed Change Email",[T.FAILED_BY_CORS]:"Failed by CORS",[T.FAILED_CROSS_ORIGIN_AUTHENTICATION]:"Failed Cross Origin Authentication",[T.FAILED_CHANGE_PASSWORD]:"Failed Change Password",[T.FAILED_POST_CHANGE_PASSWORD_HOOK]:"Failed Post-Change Password Hook",[T.FAILED_CHANGE_PHONE_NUMBER]:"Failed Change Phone Number",[T.FAILED_CHANGE_PASSWORD_REQUEST]:"Failed Change Password Request",[T.FAILED_CONNECTOR_PROVISIONING]:"Failed Connector Provisioning",[T.FAILED_CHANGE_USERNAME]:"Failed Change Username",[T.FAILED_DELEGATION]:"Failed Delegation",[T.FAILED_DEVICE_ACTIVATION]:"Failed Device Activation",[T.FAILED_DEVICE_AUTHORIZATION_REQUEST]:"Failed Device Authorization Request",[T.USER_CANCELED_DEVICE_CONFIRMATION]:"User Canceled Device Confirmation",[T.FAILED_USER_DELETION]:"Failed User Deletion",[T.FAILED_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN]:"Failed Exchange Authorization Code for Access Token",[T.FAILED_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS]:"Failed Exchange Access Token for Client Credentials",[T.FAILED_EXCHANGE_CUSTOM_TOKEN]:"Failed Exchange Custom Token",[T.FAILED_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN]:"Failed Exchange Device Code for Access Token",[T.FAILED_FEDERATED_LOGOUT]:"Failed Federated Logout",[T.FAILED_EXCHANGE_NATIVE_SOCIAL_LOGIN]:"Failed Exchange Native Social Login",[T.FAILED_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN]:"Failed Exchange Password OOB for Access Token",[T.FAILED_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN]:"Failed Exchange Password OTP for Access Token",[T.FAILED_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN]:"Failed Exchange Password for Access Token",[T.FAILED_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN]:"Failed Exchange Passwordless OTP for Access Token",[T.FAILED_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN]:"Failed Exchange Password MFA Recovery for Access Token",[T.FAILED_EXCHANGE_ROTATING_REFRESH_TOKEN]:"Failed Exchange Rotating Refresh Token",[T.FAILED_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN]:"Failed Exchange Refresh Token for Access Token",[T.FAILED_HOOK]:"Failed Hook",[T.FAILED_IMPERSONATION]:"Failed Impersonation",[T.FAILED_INVITE_ACCEPT]:"Failed Invite Accept",[T.FAILED_LOGOUT]:"Failed Logout",[T.FLOWS_EXECUTION_COMPLETED]:"Flows Execution Completed",[T.FLOWS_EXECUTION_FAILED]:"Flows Execution Failed",[T.FAILED_SENDING_NOTIFICATION]:"Failed Sending Notification",[T.FORMS_SUBMISSION_FAILED]:"Forms Submission Failed",[T.FORMS_SUBMISSION_SUCCEEDED]:"Forms Submission Succeeded",[T.FAILED_LOGIN_INCORRECT_PASSWORD]:"Failed Login - Incorrect Password",[T.FAILED_PUSHED_AUTHORIZATION_REQUEST]:"Failed Pushed Authorization Request",[T.FAILED_POST_USER_REGISTRATION_HOOK]:"Failed Post-User Registration Hook",[T.FAILED_SIGNUP]:"Failed Signup",[T.FAILED_SILENT_AUTH]:"Failed Silent Auth",[T.FAILED_LOGIN_INVALID_EMAIL_USERNAME]:"Failed Login - Invalid Email/Username",[T.FAILED_USERS_IMPORT]:"Failed Users Import",[T.FAILED_VERIFICATION_EMAIL]:"Failed Verification Email",[T.FAILED_VERIFICATION_EMAIL_REQUEST]:"Failed Verification Email Request",[T.EMAIL_VERIFICATION_CONFIRMED]:"Email Verification Confirmed",[T.EMAIL_VERIFICATION_FAILED]:"Email Verification Failed",[T.MFA_AUTH_FAILED]:"MFA Auth Failed",[T.MFA_AUTH_REJECTED]:"MFA Auth Rejected",[T.MFA_AUTH_SUCCESS]:"MFA Auth Success",[T.MFA_ENROLLMENT_COMPLETE]:"MFA Enrollment Complete",[T.TOO_MANY_MFA_FAILURES]:"Too Many MFA Failures",[T.MFA_RECOVERY_FAILED]:"MFA Recovery Failed",[T.MFA_RECOVERY_RATE_LIMIT_EXCEED]:"MFA Recovery Rate Limit Exceeded",[T.MFA_RECOVERY_SUCCESS]:"MFA Recovery Success",[T.MFA_EMAIL_SENT]:"MFA Email Sent",[T.EMAIL_VERIFICATION_SENT]:"Email Verification Sent",[T.EMAIL_VERIFICATION_SEND_FAILURE]:"Email Verification Send Failure",[T.PUSH_NOTIFICATION_SENT]:"Push Notification Sent",[T.ERROR_SENDING_MFA_PUSH_NOTIFICATION]:"Error Sending MFA Push Notification",[T.MFA_SMS_SENT]:"MFA SMS Sent",[T.ERROR_SENDING_MFA_SMS]:"Error Sending MFA SMS",[T.MFA_VOICE_CALL_SUCCESS]:"MFA Voice Call Success",[T.MFA_VOICE_CALL_FAILED]:"MFA Voice Call Failed",[T.SECOND_FACTOR_STARTED]:"Second Factor Started",[T.MFA_ENROLL_STARTED]:"MFA Enroll Started",[T.MFA_ENROLLMENT_FAILED]:"MFA Enrollment Failed",[T.GUARDIAN_TENANT_UPDATE]:"Guardian Tenant Update",[T.UNENROLL_DEVICE_ACCOUNT]:"Unenroll Device Account",[T.UPDATE_DEVICE_ACCOUNT]:"Update Device Account",[T.WEBAUTHN_CHALLENGE_FAILED]:"WebAuthn Challenge Failed",[T.WEBAUTHN_ENROLLMENT_FAILED]:"WebAuthn Enrollment Failed",[T.FAILED_KMS_API_OPERATION]:"Failed KMS API Operation",[T.SUCCESS_KMS_API_OPERATION]:"Success KMS API Operation",[T.KMS_KEY_STATE_CHANGED]:"KMS Key State Changed",[T.TOO_MANY_CALLS_TO_DELEGATION]:"Too Many Calls to Delegation",[T.BLOCKED_IP_ADDRESS]:"Blocked IP Address",[T.BLOCKED_ACCOUNT_IP]:"Blocked Account (IP)",[T.BLOCKED_ACCOUNT_EMAIL]:"Blocked Account (Email)",[T.INFORMATION]:"Information",[T.MFA_REQUIRED]:"MFA Required",[T.MANAGEMENT_API_READ_OPERATION]:"Management API Read Operation",[T.FAILED_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT]:"Failed Authentication Method Operation (My Account)",[T.SUCCESSFUL_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT]:"Successful Authentication Method Operation (My Account)",[T.FAILED_OIDC_BACKCHANNEL_LOGOUT]:"Failed OIDC Backchannel Logout",[T.SUCCESSFUL_OIDC_BACKCHANNEL_LOGOUT]:"Successful OIDC Backchannel Logout",[T.ORGANIZATION_MEMBER_ADDED]:"Organization Member Added",[T.PASSKEY_CHALLENGE_FAILED]:"Passkey Challenge Failed",[T.PASSKEY_CHALLENGE_STARTED]:"Passkey Challenge Started",[T.PRE_LOGIN_ASSESSMENT]:"Pre-Login Assessment",[T.BREACHED_PASSWORD]:"Breached Password",[T.BREACHED_PASSWORD_ON_RESET]:"Breached Password on Reset",[T.SUCCESS_RESOURCE_CLEANUP]:"Success Resource Cleanup",[T.RICH_CONSENTS_ACCESS_ERROR]:"Rich Consents Access Error",[T.SUCCESS_LOGIN]:"Success Login",[T.SUCCESS_API_OPERATION]:"Success API Operation",[T.FAILED_API_OPERATION]:"Failed API Operation",[T.SUCCESS_CHANGE_EMAIL]:"Success Change Email",[T.SUCCESS_CROSS_ORIGIN_AUTHENTICATION]:"Success Cross Origin Authentication",[T.SUCCESS_CHANGE_PASSWORD]:"Success Change Password",[T.SUCCESS_CHANGE_PHONE_NUMBER]:"Success Change Phone Number",[T.SUCCESS_CHANGE_PASSWORD_REQUEST]:"Success Change Password Request",[T.SUCCESS_CHANGE_USERNAME]:"Success Change Username",[T.SUCCESS_CREDENTIAL_VALIDATION]:"Success Credential Validation",[T.SUCCESS_DELEGATION]:"Success Delegation",[T.SUCCESS_USER_DELETION]:"Success User Deletion",[T.SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN]:"Success Exchange Authorization Code for Access Token",[T.SUCCESS_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS]:"Success Exchange Access Token for Client Credentials",[T.SUCCESS_EXCHANGE_CUSTOM_TOKEN]:"Success Exchange Custom Token",[T.SUCCESS_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN]:"Success Exchange Device Code for Access Token",[T.SUCCESS_EXCHANGE_NATIVE_SOCIAL_LOGIN]:"Success Exchange Native Social Login",[T.SUCCESS_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN]:"Success Exchange Password OOB for Access Token",[T.SUCCESS_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN]:"Success Exchange Password OTP for Access Token",[T.SUCCESS_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN]:"Success Exchange Passwordless OTP for Access Token",[T.SUCCESS_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN]:"Success Exchange Password for Access Token",[T.SUCCESS_EXCHANGE_PASSKEY_OOB_FOR_ACCESS_TOKEN]:"Success Exchange Passkey OOB for Access Token",[T.SUCCESS_EXCHANGE_PASSKEY_OTP_FOR_ACCESS_TOKEN]:"Success Exchange Passkey OTP for Access Token",[T.SUCCESS_EXCHANGE_PASSKEY_MFA_RECOVERY_FOR_ACCESS_TOKEN]:"Success Exchange Passkey MFA Recovery for Access Token",[T.SUCCESS_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN]:"Success Exchange Password MFA Recovery for Access Token",[T.SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN]:"Success Exchange Refresh Token for Access Token",[T.SUCCESS_IMPERSONATION]:"Success Impersonation",[T.SUCCESSFULLY_ACCEPTED_USER_INVITE]:"Successfully Accepted User Invite",[T.BREACHED_PASSWORD_ON_SIGNUP]:"Breached Password on Signup",[T.SUCCESS_LOGOUT]:"Success Logout",[T.SUCCESS_HOOK]:"Success Hook",[T.SUCCESS_PASSWORD_MIGRATION]:"Success Password Migration",[T.SUCCESS_REVOCATION]:"Success Revocation",[T.SUCCESS_SIGNUP]:"Success Signup",[T.FAILED_SS_SSO_OPERATION]:"Failed SS SSO Operation",[T.INFORMATION_FROM_SS_SSO_OPERATION]:"Information from SS SSO Operation",[T.SUCCESS_SS_SSO_OPERATION]:"Success SS SSO Operation",[T.SUCCESS_SILENT_AUTH]:"Success Silent Auth",[T.SUCCESSFUL_SCIM_OPERATION]:"Successful SCIM Operation",[T.SUCCESSFULLY_IMPORTED_USERS]:"Successfully Imported Users",[T.SUCCESS_VERIFICATION_EMAIL]:"Success Verification Email",[T.SUCCESS_VERIFICATION_EMAIL_REQUEST]:"Success Verification Email Request",[T.MAX_AMOUNT_OF_AUTHENTICATORS]:"Max Amount of Authenticators",[T.USER_LOGIN_BLOCK_RELEASED]:"User Login Block Released",[T.FAILED_UNIVERSAL_LOGOUT]:"Failed Universal Logout",[T.SUCCESSFUL_UNIVERSAL_LOGOUT]:"Successful Universal Logout",[T.WARNING_DURING_LOGIN]:"Warning During Login",[T.WARNING_SENDING_NOTIFICATION]:"Warning Sending Notification",[T.WARNING_USER_MANAGEMENT]:"Warning User Management"},jT=(()=>{const e={};for(const[t,n]of Object.entries(T))t.startsWith("SUCCESS_")||t.startsWith("SUCCESSFUL_")||t.startsWith("SUCCESSFULLY_")||t.endsWith("_SUCCEEDED")||t.endsWith("_COMPLETED")?e[n]="success":t.startsWith("FAILED_")||t.startsWith("ERROR_")||t.startsWith("BREACHED_")||t.startsWith("BLOCKED_")||t==="MFA_AUTH_FAILED"||t==="MFA_AUTH_REJECTED"||t==="MFA_RECOVERY_FAILED"||t==="MFA_ENROLLMENT_FAILED"||t==="EMAIL_VERIFICATION_FAILED"||t==="WEBAUTHN_CHALLENGE_FAILED"||t==="WEBAUTHN_ENROLLMENT_FAILED"||t==="PASSKEY_CHALLENGE_FAILED"||t==="FLOWS_EXECUTION_FAILED"||t==="FORMS_SUBMISSION_FAILED"||t==="CIBA_EXCHANGE_FAILED"||t==="CIBA_START_FAILED"||t==="ACTIONS_EXECUTION_FAILED"||t==="RICH_CONSENTS_ACCESS_ERROR"||t==="USER_CANCELED_DEVICE_CONFIRMATION"||t==="TOO_MANY_MFA_FAILURES"||t==="MFA_RECOVERY_RATE_LIMIT_EXCEED"||t==="API_LIMIT"||t==="MAX_AMOUNT_OF_AUTHENTICATORS"?e[n]="failure":t.startsWith("WARNING_")||t==="API_LIMIT_WARNING"||t==="DEPRECATION_NOTICE"||t==="PRE_LOGIN_ASSESSMENT"?e[n]="warning":t==="CODE_SENT"||t==="CODE_LINK_SENT"||t==="MFA_EMAIL_SENT"||t==="MFA_SMS_SENT"||t==="EMAIL_VERIFICATION_SENT"||t==="PUSH_NOTIFICATION_SENT"?e[n]="code_sent":t==="INFORMATION"||t==="INFORMATION_FROM_SS_SSO_OPERATION"||t==="MANAGEMENT_API_READ_OPERATION"||t==="APPI"||t==="ACLS_SUMMARY"||t==="ORGANIZATION_MEMBER_ADDED"?e[n]="info":e[n]="other";return e})();function oR(e){return RT[e]??e}function sR(e){return jT[e]??"other"}const DT=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.object({node:s.z.string().optional()}).optional()}),LT=s.z.object({country_code:s.z.string().length(2),city_name:s.z.string(),latitude:s.z.string(),longitude:s.z.string(),time_zone:s.z.string(),continent_code:s.z.string()}),BT=s.z.object({type:rR,date:s.z.string(),description:s.z.string().optional(),ip:s.z.string().optional(),user_agent:s.z.string().optional(),details:s.z.any().optional(),isMobile:s.z.boolean(),user_id:s.z.string().optional(),user_name:s.z.string().optional(),connection:s.z.string().optional(),connection_id:s.z.string().optional(),client_id:s.z.string().optional(),client_name:s.z.string().optional(),audience:s.z.string().optional(),scope:s.z.string().optional(),strategy:s.z.string().optional(),strategy_type:s.z.string().optional(),hostname:s.z.string().optional(),auth0_client:DT.optional(),log_id:s.z.string().optional(),location_info:LT.optional()}),Ra=s.z.object({...BT.shape,log_id:s.z.string()}),MT=s.z.enum(["http","eventbridge","eventgrid","splunk","datadog","sumo"]),hv=s.z.enum(["active","paused","suspended"]),UT=s.z.object({type:s.z.string(),name:s.z.string()}),gv=s.z.object({name:s.z.string(),type:MT,status:hv.optional(),sink:s.z.record(s.z.string(),s.z.unknown()),filters:s.z.array(UT).optional(),isPriority:s.z.boolean().optional()}),Xs=gv.extend({id:s.z.string(),status:hv,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),qT=s.z.enum(["auth0","cognito","okta","oidc"]),HT=s.z.object({domain:s.z.string(),client_id:s.z.string(),client_secret:s.z.string(),audience:s.z.string().optional(),scope:s.z.string().optional()}),Up=s.z.object({id:s.z.string().optional(),name:s.z.string(),provider:qT,connection:s.z.string(),enabled:s.z.boolean().default(!0),credentials:HT}),xy=s.z.object({id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}).extend(Up.shape),ha=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),admin_notification_frequency:s.z.array(s.z.string()).optional(),method:s.z.string().optional(),stage:s.z.object({"pre-user-registration":s.z.object({shields:s.z.array(s.z.string()).optional()}).optional(),"pre-change-password":s.z.object({shields:s.z.array(s.z.string()).optional()}).optional()}).optional()}),ga=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional(),mode:s.z.string().optional(),max_attempts:s.z.number().optional()}),ma=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional(),stage:s.z.object({"pre-login":s.z.object({max_attempts:s.z.number().optional(),rate:s.z.number().optional()}).optional(),"pre-user-registration":s.z.object({max_attempts:s.z.number().optional(),rate:s.z.number().optional()}).optional()}).optional()}),VT=s.z.object({breached_password_detection:ha.optional(),brute_force_protection:ga.optional(),suspicious_ip_throttling:ma.optional()}),KT=s.z.object({id:s.z.string().optional(),user_id:s.z.string(),password:s.z.string(),algorithm:s.z.enum(["bcrypt","argon2id"]).default("argon2id"),is_current:s.z.boolean().default(!0)}),aR=KT.extend({id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}),GT=s.z.object({initial_user_agent:s.z.string().describe("First user agent of the device from which this user logged in"),initial_ip:s.z.string().describe("First IP address associated with this session"),initial_asn:s.z.string().describe("First autonomous system number associated with this session"),last_user_agent:s.z.string().describe("Last user agent of the device from which this user logged in"),last_ip:s.z.string().describe("Last IP address from which this user logged in"),last_asn:s.z.string().describe("Last autonomous system number from which this user logged in")}),WT=s.z.object({id:s.z.string(),revoked_at:s.z.string().optional(),used_at:s.z.string().optional(),user_id:s.z.string().describe("The user ID associated with the session"),expires_at:s.z.string().optional(),login_session_id:s.z.string(),idle_expires_at:s.z.string().optional(),device:GT.describe("Metadata related to the device used in the session"),clients:s.z.array(s.z.string()).describe("List of client details for the session")}),Th=s.z.object({created_at:s.z.string(),updated_at:s.z.string(),authenticated_at:s.z.string(),last_interaction_at:s.z.string(),...WT.shape}),Iy=s.z.object({kid:s.z.string().openapi({description:"The key id of the signing key"}),tenant_id:s.z.string().optional().openapi({description:"The tenant the key belongs to. Omitted means the key is shared / control-plane scoped."}),cert:s.z.string().openapi({description:"The public certificate of the signing key"}),fingerprint:s.z.string().openapi({description:"The cert fingerprint"}),thumbprint:s.z.string().openapi({description:"The cert thumbprint"}),pkcs7:s.z.string().optional().openapi({description:"The private key in pkcs7 format"}),current:s.z.boolean().optional().openapi({description:"True if the key is the current key"}),next:s.z.boolean().optional().openapi({description:"True if the key is the next key"}),previous:s.z.boolean().optional().openapi({description:"True if the key is the previous key"}),current_since:s.z.string().optional().openapi({description:"The date and time when the key became the current key"}),current_until:s.z.string().optional().openapi({description:"The date and time when the current key was rotated"}),revoked:s.z.boolean().optional().openapi({description:"True if the key is revoked"}),revoked_at:s.z.string().optional().openapi({description:"The date and time when the key was revoked"}),connection:s.z.string().optional().openapi({description:"The connection identifier associated with the key"}),type:s.z.enum(["jwt_signing","saml_encryption"]).openapi({description:"The type of the signing key"})}),mv=s.z.object({id:s.z.string().optional(),audience:s.z.string(),friendly_name:s.z.string(),picture_url:s.z.string().optional(),support_email:s.z.string().optional(),support_url:s.z.string().optional(),sender_email:s.z.string().email(),sender_name:s.z.string(),session_lifetime:s.z.number().optional(),idle_session_lifetime:s.z.number().optional(),ephemeral_session_lifetime:s.z.number().optional(),idle_ephemeral_session_lifetime:s.z.number().optional(),session_cookie:s.z.object({mode:s.z.enum(["persistent","non-persistent"]).optional()}).optional(),allowed_logout_urls:s.z.array(s.z.string()).optional(),default_redirection_uri:s.z.string().optional(),default_client_id:s.z.string().optional(),enabled_locales:s.z.array(s.z.string()).optional(),default_directory:s.z.string().optional(),error_page:s.z.object({html:s.z.string().optional(),show_log_link:s.z.boolean().optional(),url:s.z.string().optional()}).nullish(),flags:s.z.object({allow_changing_enable_sso:s.z.boolean().optional(),allow_legacy_delegation_grant_types:s.z.boolean().optional(),allow_legacy_ro_grant_types:s.z.boolean().optional(),allow_legacy_tokeninfo_endpoint:s.z.boolean().optional(),change_pwd_flow_v1:s.z.boolean().optional(),custom_domains_provisioning:s.z.boolean().optional(),dashboard_insights_view:s.z.boolean().optional(),dashboard_log_streams_next:s.z.boolean().optional(),disable_clickjack_protection_headers:s.z.boolean().optional(),disable_fields_map_fix:s.z.boolean().optional(),disable_impersonation:s.z.boolean().optional(),disable_management_api_sms_obfuscation:s.z.boolean().optional(),enable_adfs_waad_email_verification:s.z.boolean().optional(),enable_apis_section:s.z.boolean().optional(),enable_client_connections:s.z.boolean().optional(),enable_custom_domain_in_emails:s.z.boolean().optional(),enable_dynamic_client_registration:s.z.boolean().optional(),dcr_require_initial_access_token:s.z.boolean().optional(),dcr_allowed_grant_types:s.z.array(s.z.string()).optional(),allow_http_return_to:s.z.array(s.z.string().refine(e=>{try{const t=new URL(e);return t.protocol==="http:"&&(t.pathname===""||t.pathname==="/")&&!t.search&&!t.hash&&e===t.origin}catch{return!1}},{message:"must be a fully-qualified http origin (scheme + host + port, no path)"})).optional(),enable_idtoken_api2:s.z.boolean().optional(),enable_legacy_logs_search_v2:s.z.boolean().optional(),enable_legacy_profile:s.z.boolean().optional(),enable_pipeline2:s.z.boolean().optional(),enable_public_signup_user_exists_error:s.z.boolean().optional(),enable_sso:s.z.boolean().optional(),enforce_client_authentication_on_passwordless_start:s.z.boolean().optional(),genai_trial:s.z.boolean().optional(),improved_signup_bot_detection_in_classic:s.z.boolean().optional(),mfa_show_factor_list_on_enrollment:s.z.boolean().optional(),no_disclose_enterprise_connections:s.z.boolean().optional(),remove_alg_from_jwks:s.z.boolean().optional(),revoke_refresh_token_grant:s.z.boolean().optional(),trust_azure_adfs_email_verified_connection_property:s.z.boolean().optional(),use_scope_descriptions_for_consent:s.z.boolean().optional(),inherit_global_permissions_in_organizations:s.z.boolean().optional()}).optional(),sandbox_version:s.z.string().optional(),legacy_sandbox_version:s.z.string().optional(),sandbox_versions_available:s.z.array(s.z.string()).optional(),change_password:s.z.object({enabled:s.z.boolean().optional(),html:s.z.string().optional()}).optional(),guardian_mfa_page:s.z.object({enabled:s.z.boolean().optional(),html:s.z.string().optional()}).optional(),device_flow:s.z.object({charset:s.z.enum(["base20","digits"]).optional(),mask:s.z.string().max(20).optional()}).optional(),default_token_quota:s.z.object({clients:s.z.object({client_credentials:s.z.record(s.z.any()).optional()}).optional(),organizations:s.z.object({client_credentials:s.z.record(s.z.any()).optional()}).optional()}).nullish(),default_audience:s.z.string().optional(),default_organization:s.z.string().optional(),sessions:s.z.object({oidc_logout_prompt_enabled:s.z.boolean().optional()}).optional(),oidc_logout:s.z.object({rp_logout_end_session_endpoint_discovery:s.z.boolean().optional()}).optional(),allow_organization_name_in_authentication_api:s.z.boolean().optional(),customize_mfa_in_postlogin_action:s.z.boolean().optional(),acr_values_supported:s.z.array(s.z.string()).optional(),mtls:s.z.object({enable_endpoint_aliases:s.z.boolean().optional()}).nullish(),pushed_authorization_requests_supported:s.z.boolean().optional(),authorization_response_iss_parameter_supported:s.z.boolean().optional(),attack_protection:VT.optional(),mfa:s.z.object({policy:s.z.enum(["never","always"]).default("never").optional(),factors:s.z.object({sms:s.z.boolean().default(!1),otp:s.z.boolean().default(!1),email:s.z.boolean().default(!1),push_notification:s.z.boolean().default(!1),webauthn_roaming:s.z.boolean().default(!1),webauthn_platform:s.z.boolean().default(!1),recovery_code:s.z.boolean().default(!1),duo:s.z.boolean().default(!1)}).optional(),sms_provider:s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"]).optional()}).optional(),twilio:s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}).optional(),phone_message:s.z.object({message:s.z.string().optional()}).optional()}).optional()}),qp=s.z.object({created_at:s.z.string().nullable().transform(e=>e??""),updated_at:s.z.string().nullable().transform(e=>e??""),...mv.shape,id:s.z.string(),is_control_plane:s.z.boolean().optional()});var nn=(e=>(e.RefreshToken="refresh_token",e.AuthorizationCode="authorization_code",e.ClientCredential="client_credentials",e.Passwordless="passwordless",e.Password="password",e.OTP="http://auth0.com/oauth/grant-type/passwordless/otp",e))(nn||{});const yv=s.z.object({access_token:s.z.string(),id_token:s.z.string().optional(),scope:s.z.string().optional(),state:s.z.string().optional(),refresh_token:s.z.string().optional(),token_type:s.z.string(),expires_in:s.z.number()});s.z.object({code:s.z.string(),state:s.z.string().optional()});const JT=s.z.object({button_border_radius:s.z.number(),button_border_weight:s.z.number(),buttons_style:s.z.enum(["pill","rounded","sharp"]),input_border_radius:s.z.number(),input_border_weight:s.z.number(),inputs_style:s.z.enum(["pill","rounded","sharp"]),show_widget_shadow:s.z.boolean(),widget_border_weight:s.z.number(),widget_corner_radius:s.z.number()}),YT=s.z.object({base_focus_color:s.z.string(),base_hover_color:s.z.string(),body_text:s.z.string(),captcha_widget_theme:s.z.enum(["auto","dark","light"]),error:s.z.string(),header:s.z.string(),icons:s.z.string(),input_background:s.z.string(),input_border:s.z.string(),input_filled_text:s.z.string(),input_labels_placeholders:s.z.string(),links_focused_components:s.z.string(),primary_button:s.z.string(),primary_button_label:s.z.string(),secondary_button_border:s.z.string(),secondary_button_label:s.z.string(),success:s.z.string(),widget_background:s.z.string(),widget_border:s.z.string()}),No=s.z.object({bold:s.z.boolean(),size:s.z.number()}),QT=s.z.object({body_text:No,buttons_text:No,font_url:s.z.string(),input_labels:No,links:No,links_style:s.z.enum(["normal","underlined"]),reference_text_size:s.z.number(),subtitle:No,title:No}),ZT=s.z.object({background_color:s.z.string(),background_image_url:s.z.string(),page_layout:s.z.enum(["center","left","right"]),logo_placement:s.z.enum(["widget","chip","none"]).optional()}),XT=s.z.object({header_text_alignment:s.z.enum(["center","left","right"]),logo_height:s.z.number(),logo_position:s.z.enum(["center","left","none","right"]),logo_url:s.z.string(),social_buttons_layout:s.z.enum(["bottom","top"])}),ex=s.z.object({borders:JT,colors:YT,displayName:s.z.string(),fonts:QT,page_background:ZT,widget:XT}),up=ex.extend({themeId:s.z.string()}),Qo=s.z.object({universal_login_experience:s.z.enum(["new","classic"]).default("new"),identifier_first:s.z.boolean().default(!0),password_first:s.z.boolean().default(!1),webauthn_platform_first_factor:s.z.boolean()}),ea=s.z.object({name:s.z.string(),enabled:s.z.boolean().optional().default(!0),default_from_address:s.z.string().optional(),credentials:s.z.record(s.z.string(),s.z.unknown()),settings:s.z.object({}).optional()}),_v=s.z.enum(["verify_email","verify_email_by_code","reset_email","reset_email_by_code","welcome_email","blocked_account","stolen_credentials","enrollment_email","mfa_oob_code","change_password","password_reset","user_invitation"]),Mr=s.z.object({template:_v,body:s.z.string(),from:s.z.string(),subject:s.z.string(),syntax:s.z.literal("liquid").default("liquid"),resultUrl:s.z.string().optional(),urlLifetimeInSeconds:s.z.number().int().nonnegative().optional(),includeEmailInRedirect:s.z.boolean().default(!1),enabled:s.z.boolean().default(!0)}),wv=s.z.object({id:s.z.string(),login_id:s.z.string(),user_id:s.z.string(),client_id:s.z.string(),expires_at:s.z.string().optional(),idle_expires_at:s.z.string().optional(),last_exchanged_at:s.z.string().optional(),device:GT,resource_servers:s.z.array(s.z.object({audience:s.z.string(),scopes:s.z.string()})),rotating:s.z.boolean(),token_lookup:s.z.string().optional(),token_hash:s.z.string().optional(),family_id:s.z.string().optional(),rotated_to:s.z.string().optional(),rotated_at:s.z.string().optional()}),cR=s.z.object({created_at:s.z.string(),revoked_at:s.z.string().optional(),...wv.shape}),lR=s.z.object({to:s.z.string(),message:s.z.string()}),dR=s.z.object({name:s.z.string(),options:s.z.object({})}),tx=s.z.object({value:s.z.string(),description:s.z.string().optional()}),nx=s.z.object({token_dialect:s.z.enum(["access_token","access_token_authz"]).optional(),enforce_policies:s.z.boolean().optional(),allow_skipping_userinfo:s.z.boolean().optional(),skip_userinfo:s.z.boolean().optional(),persist_client_authorization:s.z.boolean().optional(),enable_introspection_endpoint:s.z.boolean().optional(),mtls:s.z.object({bound_access_tokens:s.z.boolean().optional()}).optional()}),Hp=s.z.object({id:s.z.string().optional(),name:s.z.string(),identifier:s.z.string(),scopes:s.z.array(tx).optional(),signing_alg:s.z.string().optional(),signing_secret:s.z.string().optional(),token_lifetime:s.z.number().default(86400),token_lifetime_for_web:s.z.number().default(7200),skip_consent_for_verifiable_first_party_clients:s.z.boolean().optional(),allow_offline_access:s.z.boolean().optional(),verificationKey:s.z.string().optional(),options:nx.optional(),is_system:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional()}),Vo=s.z.object({...Hp.shape,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),uR=s.z.array(Vo),ix=s.z.object({role_id:s.z.string(),resource_server_identifier:s.z.string(),permission_name:s.z.string()}),vv=s.z.object({...ix.shape,created_at:s.z.string()}),rx=s.z.array(vv),ox=s.z.object({user_id:s.z.string(),resource_server_identifier:s.z.string(),permission_name:s.z.string(),organization_id:s.z.string().optional()}),sx=s.z.object({...ox.shape,tenant_id:s.z.string(),created_at:s.z.string().optional()}),pR=s.z.array(sx),ax=s.z.object({user_id:s.z.string(),resource_server_identifier:s.z.string(),resource_server_name:s.z.string(),permission_name:s.z.string(),description:s.z.string().nullable().optional(),created_at:s.z.string().optional(),organization_id:s.z.string().optional()}),cx=s.z.array(ax),lx=s.z.object({user_id:s.z.string(),role_id:s.z.string(),organization_id:s.z.string().optional()}),dx=s.z.object({...lx.shape,tenant_id:s.z.string(),created_at:s.z.string().optional()}),fR=s.z.array(dx),Vp=s.z.object({id:s.z.string().optional().openapi({description:"The unique identifier of the role. If not provided, one will be generated."}),name:s.z.string().min(1).max(50).openapi({description:"The name of the role. Cannot include '<' or '>'"}),description:s.z.string().max(255).optional().openapi({description:"The description of the role"}),is_system:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional().openapi({description:"Metadata associated with the role. Can be used to control sync behavior in multi-tenancy scenarios."})}),Ko=Vp.extend({id:s.z.string().openapi({description:"The unique identifier of the role"}),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),Kp=s.z.array(Ko),ux=s.z.object({logo_url:s.z.string().optional().openapi({description:"URL of the organization's logo"}),colors:s.z.object({primary:s.z.string().optional().openapi({description:"Primary color in hex format (e.g., #FF0000)"}),page_background:s.z.string().optional().openapi({description:"Page background color in hex format (e.g., #FFFFFF)"})}).optional()}).optional(),px=s.z.object({connection_id:s.z.string().openapi({description:"ID of the connection"}),assign_membership_on_login:s.z.boolean().default(!1).openapi({description:"Whether to assign membership to the organization on login"}),show_as_button:s.z.boolean().default(!0).openapi({description:"Whether to show this connection as a button in the login screen"}),is_signup_enabled:s.z.boolean().default(!0).openapi({description:"Whether signup is enabled for this connection"})}),fx=s.z.object({client_credentials:s.z.object({enforce:s.z.boolean().default(!1).openapi({description:"Whether to enforce token quota limits"}),per_day:s.z.number().min(0).default(0).openapi({description:"Maximum tokens per day (0 = unlimited)"}),per_hour:s.z.number().min(0).default(0).openapi({description:"Maximum tokens per hour (0 = unlimited)"})}).optional()}).optional(),Gp=s.z.object({id:s.z.string().optional(),name:s.z.string().min(1).regex(/^[a-z0-9_-]+$/,{message:"Organization name must be lowercase and can only contain letters, numbers, hyphens, and underscores"}).openapi({description:"The name of the organization. Must be lowercase and can only contain letters, numbers, hyphens, and underscores."}),display_name:s.z.string().optional().openapi({description:"The display name of the organization"}),branding:ux,metadata:s.z.record(s.z.any()).default({}).optional().openapi({description:"Custom metadata for the organization"}),enabled_connections:s.z.array(px).default([]).optional().openapi({description:"List of enabled connections for the organization"}),token_quota:fx}),Vr=s.z.object({...Gp.shape,...qn.shape,id:s.z.string(),name:s.z.string().min(1).openapi({description:"The name of the organization"})}),Wp=s.z.object({connection_id:s.z.string().openapi({description:"ID of the tenant-level connection to enable for the org."}),assign_membership_on_login:s.z.boolean().optional().default(!1),show_as_button:s.z.boolean().optional().default(!0),is_signup_enabled:s.z.boolean().optional().default(!0)}),ya=s.z.object({...Wp.shape,connection:s.z.object({name:s.z.string().optional(),strategy:s.z.string().optional()}).optional(),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),hR=s.z.array(ya),hx=s.z.object({user_id:s.z.string().openapi({description:"ID of the user"}),organization_id:s.z.string().openapi({description:"ID of the organization"})}),gR=s.z.object({...hx.shape,...qn.shape,id:s.z.string()}),mR=s.z.object({idle_session_lifetime:s.z.number().default(72),session_lifetime:s.z.number().default(168),session_cookie:s.z.object({mode:s.z.enum(["persistent","non-persistent"]).optional()}).optional(),enable_client_connections:s.z.boolean().optional(),default_redirection_uri:s.z.string().optional(),enabled_locales:s.z.array(s.z.string()).optional(),default_directory:s.z.string().optional(),error_page:s.z.object({html:s.z.string().optional(),show_log_link:s.z.boolean().optional(),url:s.z.string().optional()}).optional(),flags:s.z.object({allow_legacy_delegation_grant_types:s.z.boolean().optional(),allow_legacy_ro_grant_types:s.z.boolean().optional(),allow_legacy_tokeninfo_endpoint:s.z.boolean().optional(),disable_clickjack_protection_headers:s.z.boolean().optional(),enable_apis_section:s.z.boolean().optional(),enable_client_connections:s.z.boolean().optional(),enable_custom_domain_in_emails:s.z.boolean().optional(),enable_dynamic_client_registration:s.z.boolean().optional(),enable_idtoken_api2:s.z.boolean().optional(),enable_legacy_logs_search_v2:s.z.boolean().optional(),enable_legacy_profile:s.z.boolean().optional(),enable_pipeline2:s.z.boolean().optional(),enable_public_signup_user_exists_error:s.z.boolean().optional(),use_scope_descriptions_for_consent:s.z.boolean().optional(),disable_management_api_sms_obfuscation:s.z.boolean().optional(),enable_adfs_waad_email_verification:s.z.boolean().optional(),revoke_refresh_token_grant:s.z.boolean().optional(),dashboard_log_streams_next:s.z.boolean().optional(),dashboard_insights_view:s.z.boolean().optional(),disable_fields_map_fix:s.z.boolean().optional(),mfa_show_factor_list_on_enrollment:s.z.boolean().optional()}).optional(),friendly_name:s.z.string().optional(),picture_url:s.z.string().optional(),support_email:s.z.string().optional(),support_url:s.z.string().optional(),sandbox_version:s.z.string().optional(),sandbox_versions_available:s.z.array(s.z.string()).optional(),change_password:s.z.object({enabled:s.z.boolean(),html:s.z.string()}).optional(),guardian_mfa_page:s.z.object({enabled:s.z.boolean(),html:s.z.string()}).optional(),default_audience:s.z.string().optional(),default_organization:s.z.string().optional(),sessions:s.z.object({oidc_logout_prompt_enabled:s.z.boolean().optional()}).optional(),mfa:s.z.object({policy:s.z.enum(["never","always"]).default("never").optional(),factors:s.z.object({sms:s.z.boolean().default(!1),otp:s.z.boolean().default(!1),email:s.z.boolean().default(!1),push_notification:s.z.boolean().default(!1),webauthn_roaming:s.z.boolean().default(!1),webauthn_platform:s.z.boolean().default(!1),recovery_code:s.z.boolean().default(!1),duo:s.z.boolean().default(!1)}).optional(),sms_provider:s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"]).optional()}).optional(),twilio:s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}).optional(),phone_message:s.z.object({message:s.z.string().optional()}).optional()}).optional()}),gx=s.z.object({date:s.z.string().openapi({description:"Date these events occurred in ISO 8601 format",example:"2025-12-19"}),logins:s.z.number().openapi({description:"Number of logins on this date",example:150}),signups:s.z.number().openapi({description:"Number of signups on this date",example:25}),leaked_passwords:s.z.number().openapi({description:"Number of breached-password detections on this date (subscription required)",example:0}),updated_at:s.z.string().openapi({description:"Date and time this stats entry was last updated in ISO 8601 format",example:"2025-12-19T10:30:00.000Z"}),created_at:s.z.string().openapi({description:"Approximate date and time the first event occurred in ISO 8601 format",example:"2025-12-19T00:00:00.000Z"})}),yR=s.z.number().openapi({description:"Number of active users in the last 30 days",example:1234}),_R=s.z.enum(["active-users","logins","signups","refresh-tokens","sessions"]),wR=s.z.enum(["hour","day","week","month"]),vR=s.z.enum(["time","connection","client_id","user_type","event"]),bR=s.z.enum(["password","social","passwordless","enterprise"]),mx=s.z.object({name:s.z.string(),type:s.z.string()}),yx=s.z.object({elapsed:s.z.number(),rows_read:s.z.number().optional(),bytes_read:s.z.number().optional()}),_x=s.z.object({meta:s.z.array(mx),data:s.z.array(s.z.record(s.z.string(),s.z.any())),rows:s.z.number(),rows_before_limit_at_least:s.z.number().optional(),statistics:yx.optional()}),_a=s.z.enum(["login","login-id","login-password","signup","signup-id","signup-password","reset-password","consent","mfa","mfa-push","mfa-otp","mfa-voice","mfa-phone","mfa-webauthn","mfa-email","mfa-recovery-code","status","device-flow","email-verification","email-otp-challenge","organizations","invitation","common","passkeys","captcha","custom-form","login-passwordless","mfa-login-options"]),Ro=s.z.record(s.z.string(),s.z.record(s.z.string(),s.z.string())).openapi({type:"object",additionalProperties:{type:"object",additionalProperties:{type:"string"}}}),AR=s.z.object({prompt:_a,language:s.z.string(),custom_text:Ro}),Y={EMAIL:"email",SMS:"sms",USERNAME_PASSWORD:"Username-Password-Authentication",GOOGLE_OAUTH2:"google-oauth2",APPLE:"apple",FACEBOOK:"facebook",GITHUB:"github",MICROSOFT:"microsoft",VIPPS:"vipps",OIDC:"oidc",OAUTH2:"oauth2",SAMLP:"samlp",WAAD:"waad",ADFS:"adfs"},Gt={DATABASE:"database",SOCIAL:"social",PASSWORDLESS:"passwordless"},wx=s.z.enum(["phone","totp","email","push","webauthn-roaming","webauthn-platform","passkey"]),vx=s.z.object({user_id:s.z.string(),type:wx,phone_number:s.z.string().optional(),totp_secret:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().int().nonnegative().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),confirmed:s.z.boolean().default(!1)});function bx(e,t){e.type==="phone"&&!e.phone_number&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"phone_number is required when type is 'phone'",path:["phone_number"]}),e.type==="totp"&&!e.totp_secret&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"totp_secret is required when type is 'totp'",path:["totp_secret"]}),["webauthn-roaming","webauthn-platform","passkey"].includes(e.type)&&(e.credential_id||t.addIssue({code:s.z.ZodIssueCode.custom,message:`credential_id is required when type is '${e.type}'`,path:["credential_id"]}),e.public_key||t.addIssue({code:s.z.ZodIssueCode.custom,message:`public_key is required when type is '${e.type}'`,path:["public_key"]}))}const kR=vx.superRefine(bx),SR=s.z.object({...vx.shape,id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}).superRefine(bx);function ER(e){const[t,n]=e.split("|");if(!t||!n)throw new Error(`Invalid user_id: ${e}`);return{connection:t,id:n}}function CR(e){const{primary:t,secondaries:n,syncMethods:i=["create","rawCreate","update","remove","delete","set"]}=e,r={get(o,a){if(typeof a=="symbol")return o[a];const c=o[a];return typeof c!="function"?c:i.includes(a)?async(...l)=>{const d=await c.apply(o,l),u=[];for(const p of n){const f=p.adapter[a];if(typeof f!="function")continue;const h=(async()=>{try{await f.apply(p.adapter,l)}catch(g){try{p.onError?p.onError(g,a,l):console.error(`Passthrough adapter: secondary write failed for ${a}:`,g)}catch(m){console.error(`Passthrough adapter: onError handler threw for ${a}:`,m)}}})();p.blocking&&u.push(h)}return u.length>0&&await Promise.all(u),d}:c.bind(o)}};return new Proxy(t,r)}function TR(e){return e}function Es(e){var t,n,i,r,o,a,c,l,d,u,p,f;const h=e?.options;if(!h)return{usernameIdentifierActive:!1,emailIdentifierActive:!0,usernameMinLength:1,usernameMaxLength:15};const g=h.attributes;if(g){const m=((n=(t=g.username)==null?void 0:t.identifier)==null?void 0:n.active)===!0,_=((r=(i=g.email)==null?void 0:i.identifier)==null?void 0:r.active)!==!1,w=((a=(o=g.username)==null?void 0:o.validation)==null?void 0:a.min_length)??1,y=((l=(c=g.username)==null?void 0:c.validation)==null?void 0:l.max_length)??15;return{usernameIdentifierActive:m,emailIdentifierActive:_,usernameMinLength:w,usernameMaxLength:y}}return{usernameIdentifierActive:h.requires_username===!0,emailIdentifierActive:!0,usernameMinLength:((u=(d=h.validation)==null?void 0:d.username)==null?void 0:u.min)??1,usernameMaxLength:((f=(p=h.validation)==null?void 0:p.username)==null?void 0:f.max)??15}}function Jp(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}var xR={deno:"Deno",bun:"Bun",workerd:"Cloudflare-Workers",node:"Node.js"},bv=()=>{const e=globalThis;if(typeof navigator<"u"&&typeof navigator.userAgent=="string"){for(const[n,i]of Object.entries(xR))if(IR(i))return n}return typeof e?.EdgeRuntime=="string"?"edge-light":e?.fastly!==void 0?"fastly":e?.process?.release?.name==="node"?"node":"other"},IR=e=>navigator.userAgent.startsWith(e);function xh(e,t){if(bv()==="workerd")try{e.executionCtx.waitUntil(t);return}catch{}const n=t.then(()=>{},r=>{console.error("waitUntil promise error:",r)});let i;try{i=e.var?.backgroundPromises}catch{i=void 0}if(!Array.isArray(i)){if(typeof e.set!="function")return;i=[],e.set("backgroundPromises",i)}i.push(n)}async function $R(e){const t=e.var.backgroundPromises;if(!Array.isArray(t)||t.length===0)return;const n=t.splice(0,t.length);await Promise.all(n)}function zR(e){return[...e].reduce((t,[n,i])=>({...t,[n]:i}),{})}const NR=new Set(["password","password_hash","client_secret","signing_keys","credentials","encryption_key","otp_secret"]);function $y(e){if(!e)return;const t={};for(const[n,i]of Object.entries(e))NR.has(n)?t[n]="[REDACTED]":t[n]=i;return t}function Ax(e){return e&&typeof e=="object"&&!Array.isArray(e)?$y(e):e}function PR(e,t){if(!e||!t)return;const n={},i=new Set([...Object.keys(e),...Object.keys(t)]);for(const r of i){const o=e[r],a=t[r];JSON.stringify(o)!==JSON.stringify(a)&&(n[r]={old:o,new:a})}return Object.keys(n).length>0?n:void 0}function FR(e,t){return e.var.user_id||t.actorUserId?"admin_action":t.userId?"user_action":e.var.client_id?"api":"system"}function kx(e,t,n){const i=e.env.outbox?.captureEntityState!==!1,r=i?$y(n.beforeState):void 0,o=i?$y(n.afterState):void 0;return{tenant_id:t,event_type:n.targetType?`${n.targetType}.${OR(e.req.method)}`:n.type,log_type:n.type,description:n.description,category:FR(e,n),actor:{type:e.var.user_id||n.actorUserId?"admin":n.userId?"user":e.var.client_id?"client_credentials":"system",id:e.var.user_id||n.actorUserId||n.userId||void 0,email:e.var.username||void 0,org_id:e.var.organization_id||e.var.user?.org_id||void 0,org_name:e.var.org_name||e.var.user?.org_name||void 0,scopes:e.var.user?.scope?e.var.user.scope.split(" "):void 0,client_id:e.var.client_id||void 0},target:{type:n.targetType||"unknown",id:n.targetId||n.userId||e.var.user_id||"",before:r,after:o,diff:PR(r,o)},request:{method:e.req.method,path:e.req.path,query:e.req.queries()?Object.fromEntries(Object.entries(e.req.queries()).map(([a,c])=>[a,Array.isArray(c)?c.join(","):c])):void 0,body:Ax(n.body||e.var.body||void 0),ip:e.var.ip||"",user_agent:e.var.useragent||void 0},response:n.response?{status_code:n.response.statusCode,body:n.response.body}:void 0,connection:n.connection||e.var.connection||void 0,strategy:n.strategy||void 0,strategy_type:n.strategy_type||void 0,audience:n.audience||void 0,scope:n.scope||void 0,hostname:e.var.host||"",is_mobile:!1,auth0_client:e.var.auth0_client,timestamp:new Date().toISOString()}}function OR(e){switch(e){case"POST":return"created";case"PATCH":case"PUT":return"updated";case"DELETE":return"deleted";default:return"accessed"}}async function D(e,t,n){const i={};if(e.req.raw?.headers){const o=zR(e.req.raw.headers);for(const[a,c]of Object.entries(o))i[a.toLowerCase()]=c}if(e.env.outbox?.enabled&&e.env.data.outbox){const o=kx(e,t,n),a=e.env.data.outbox.create(t,o),c=e.var.outboxEventPromises||[];c.push(a),e.set("outboxEventPromises",c);return}const r=async()=>{let o;if(e.env.data.geo)try{o=await e.env.data.geo.getGeoInfo(i)||void 0}catch(c){console.warn("Failed to get geo information:",c)}const a={type:n.type,description:n.description||"",ip:e.var.ip,user_agent:e.var.useragent||"",auth0_client:e.var.auth0_client,date:new Date().toISOString(),details:n.details||{request:{method:e.req.method,path:e.req.path,qs:e.req.queries(),body:Ax(n.body||e.var.body||"")},...n.response&&{response:n.response}},isMobile:!1,client_id:e.var.client_id,client_name:"",user_id:n.userId||e.var.user_id||"",hostname:e.var.host||"",user_name:e.var.username||"",connection_id:"",connection:n.connection||e.var.connection||"",strategy:n.strategy||"",strategy_type:n.strategy_type||"",audience:n.audience||"",scope:n.scope||"",location_info:o};await e.env.data.logs.create(t,a)};n.waitForCompletion?await r():xh(e,r())}async function Sx(e,t,n,i){if(!e.env.outbox?.enabled||!t.outbox)return;const r=kx(e,n,i);return t.outbox.create(n,r)}const dt=s.z.object({page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),per_page:s.z.string().min(1).optional().default("10").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"Return results inside an object that contains the total result count (true) or as a direct array of results (false, default)."}),from:s.z.string().optional().openapi({description:"Optional Id from which to start selection."}),take:s.z.string().optional().transform(e=>e?parseInt(e,10):void 0).openapi({description:"Number of results per page. Defaults to 50."}),sort:s.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. e.g. created_at:1."}),q:s.z.string().optional().openapi({description:"A lucene query string used to filter the results"}),from_date:s.z.preprocess(e=>typeof e=="string"&&/^\d+$/.test(e)?Number(e):e,s.z.number().int().optional()).openapi({description:"Start of date range as a Unix timestamp in seconds (inclusive). Only applies to log queries."}),to_date:s.z.preprocess(e=>typeof e=="string"&&/^\d+$/.test(e)?Number(e):e,s.z.number().int().optional()).openapi({description:"End of date range as a Unix timestamp in seconds (inclusive). Only applies to log queries."})});function St(e){if(!e)return;const[t,n]=e.split(":"),i=n==="1"?"asc":"desc";if(!(!t||!i))return{sort_by:t,sort_order:i}}const RR=Ct.extend({actions:s.z.array(ir)}),jR={"post-login":"post-user-login"};function DR(e){return jR[e]||e}const LR=s.z.object({versions:s.z.array(Ah)}),BR=Ct.extend({versions:s.z.array(Ah)});function Nu(e,t,n,i){return e.actionVersions.create(t,{action_id:n.id,code:n.code,runtime:n.runtime,secrets:n.secrets,dependencies:n.dependencies,supported_triggers:n.supported_triggers,deployed:i})}const MR=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(ir),RR])}},description:"List of actions"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.actions.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:St(r),q:o}),c=a.actions.map(l=>({...l,secrets:l.secrets?.map(d=>({name:d.name}))}));return i?e.json({...a,actions:c}):e.json(c)}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Xl}}}},security:[{Bearer:["create:actions"]}],responses:{201:{content:{"application/json":{schema:ir}},description:"The created action"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.actions.create(e.var.tenant_id,t);let i=!1;if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(n.id,t.code),i=!0}catch(r){await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to deploy action ${n.id}: ${r instanceof Error?r.message:String(r)}`})}else i=!0;return await Nu(e.env.data,e.var.tenant_id,n,i),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create action",targetType:"action",targetId:n.id}),e.json(n,{status:201})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:ir}},description:"An action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actions.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Action not found"});return e.json({...n,secrets:n.secrets?.map(i=>({name:i.name}))})}).openapi(s.createRoute({tags:["actions"],method:"patch",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:Xl.partial()}}}},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:ir}},description:"The updated action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.actions.update(e.var.tenant_id,t,n))throw new N(404,{message:"Action not found"});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new N(404,{message:"Action not found"});if(n.code!==void 0&&e.env.codeExecutor?.deploy){let o=!1;try{await e.env.codeExecutor.deploy(t,n.code),o=!0}catch(a){await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to deploy action ${t}: ${a instanceof Error?a.message:String(a)}`})}await Nu(e.env.data,e.var.tenant_id,r,o)}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update action",targetType:"action",targetId:t}),e.json({...r,secrets:r.secrets?.map(o=>({name:o.name}))})}).openapi(s.createRoute({tags:["actions"],method:"delete",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["delete:actions"]}],responses:{200:{description:"Action deleted"},404:{description:"Action not found"},409:{description:"Action is bound to a trigger and cannot be deleted"}}}),async e=>{const{id:t}=e.req.valid("param");if((await e.env.data.hooks.list(e.var.tenant_id,{q:`code_id:"${t}"`})).hooks.length>0)throw new N(409,{message:"Action is bound to a trigger. Remove the binding before deleting."});if(!await e.env.data.actions.remove(e.var.tenant_id,t))throw new N(404,{message:"Action not found"});if(await e.env.data.actionVersions.removeForAction(e.var.tenant_id,t),e.env.codeExecutor?.remove)try{await e.env.codeExecutor.remove(t)}catch(r){await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to remove action worker ${t}: ${r instanceof Error?r.message:String(r)}`})}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete action",targetType:"action",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{id}/deploy",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:ir}},description:"The deployed action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actions.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Action not found"});if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,n.code)}catch(i){throw await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to deploy action ${t}: ${i instanceof Error?i.message:String(i)}`}),new N(500,{message:`Deployment failed: ${i instanceof Error?i.message:String(i)}`})}return await e.env.data.actions.update(e.var.tenant_id,t,{status:"built",deployed_at:new Date().toISOString()}),await Nu(e.env.data,e.var.tenant_id,n,!0),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Deploy action",targetType:"action",targetId:t}),e.json({...n,status:"built",secrets:n.secrets?.map(i=>({name:i.name}))})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{actionId}/versions",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string()}),query:dt},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:s.z.union([LR,BR])}},description:"List of action versions"},404:{description:"Action not found"}}}),async e=>{const{actionId:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o}=e.req.valid("query");if(!await e.env.data.actions.get(e.var.tenant_id,t))throw new N(404,{message:"Action not found"});const c=await e.env.data.actionVersions.list(e.var.tenant_id,t,{page:n,per_page:i,include_totals:r,sort:St(o)}),l=c.versions.map(d=>({...d,secrets:d.secrets?.map(u=>({name:u.name}))}));return r?e.json({...c,versions:l}):e.json({versions:l})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{actionId}/versions/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string(),id:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:Ah}},description:"Action version"},404:{description:"Action version not found"}}}),async e=>{const{actionId:t,id:n}=e.req.valid("param"),i=await e.env.data.actionVersions.get(e.var.tenant_id,t,n);if(!i)throw new N(404,{message:"Action version not found"});return e.json({...i,secrets:i.secrets?.map(r=>({name:r.name}))})}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{actionId}/versions/{id}/deploy",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string(),id:s.z.string()})},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:ir}},description:"The action after rollback"},404:{description:"Action version not found"}}}),async e=>{const{actionId:t,id:n}=e.req.valid("param"),i=await e.env.data.actionVersions.get(e.var.tenant_id,t,n);if(!i)throw new N(404,{message:"Action version not found"});if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,i.code)}catch(o){throw await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to roll back action ${t} to version ${n}: ${o instanceof Error?o.message:String(o)}`}),new N(500,{message:`Rollback failed: ${o instanceof Error?o.message:String(o)}`})}await e.env.data.actions.update(e.var.tenant_id,t,{code:i.code,runtime:i.runtime,secrets:i.secrets,dependencies:i.dependencies,supported_triggers:i.supported_triggers,status:"built",deployed_at:new Date().toISOString()});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new N(404,{message:"Action not found"});return await Nu(e.env.data,e.var.tenant_id,r,!0),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:`Roll back action to version ${i.number}`,targetType:"action",targetId:t}),e.json({...r,secrets:r.secrets?.map(o=>({name:o.name}))})}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{id}/test",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object({trigger_id:s.z.string().optional(),event:s.z.record(s.z.unknown()).optional()})}}}},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:s.z.object({success:s.z.boolean(),error:s.z.string().optional(),duration_ms:s.z.number(),api_calls:s.z.array(s.z.object({method:s.z.string(),args:s.z.array(s.z.unknown())})),logs:s.z.array(s.z.object({level:s.z.enum(["log","info","warn","error","debug"]),message:s.z.string()}))})}},description:"Test run result"},404:{description:"Action not found"},503:{description:"Code executor not configured"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.env.codeExecutor;if(!i)throw new N(503,{message:"Code executor not configured"});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new N(404,{message:"Action not found"});const o=n.trigger_id??r.supported_triggers?.[0]?.id??"post-login",a=DR(o),c=r.secrets?.reduce((d,u)=>(u.value!==void 0&&(d[u.name]=u.value),d),{}),l=await i.execute({code:r.code,hookCodeId:r.id,triggerId:a,event:{...n.event??{},secrets:c??{}},timeoutMs:5e3});return e.json({success:l.success,error:l.error,duration_ms:l.durationMs,api_calls:l.apiCalls,logs:l.logs??[]})}),UR=s.z.object({id:s.z.string(),trigger_id:s.z.string(),status:Xw,results:s.z.array(ev),created_at:s.z.string(),updated_at:s.z.string()}),qR=s.z.object({logs:tv}),HR=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:UR}},description:"Action execution"},404:{description:"Execution not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actionExecutions.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Execution not found"});return e.json({id:n.id,trigger_id:n.trigger_id,status:n.status,results:n.results,created_at:n.created_at,updated_at:n.updated_at})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{id}/logs",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:qR}},description:"Captured console output for the execution"},404:{description:"Execution not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actionExecutions.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Execution not found"});return e.json({logs:n.logs??[]})});let VR="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",KR=e=>crypto.getRandomValues(new Uint8Array(e)),GR=(e,t,n)=>{let i=256-256%e.length;if(i===256){let o=e.length-1;return(a=t)=>{if(!a)return"";let c="";for(;;){let l=n(a),d=a;for(;d--;)if(c+=e[l[d]&o],c.length>=a)return c}}}let r=Math.ceil(1.6*256*t/i);return(o=t)=>{if(!o)return"";let a="";for(;;){let c=n(r),l=r;for(;l--;)if(c[l]<i&&(a+=e[c[l]%e.length],a.length>=o))return a}}},Ex=(e,t=21)=>GR(e,t|0,KR),Fe=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=VR[n[e]&63];return t};const WR=17,JR={organization:"org_",connection:"con_",action:"act_",hook:"h_",rule:"rul_",resource_server:"api_",guardian_factor:"gfa_",invite:"inv_",flow:"af_"};function Ih(e){const i=Ex("0123456789abcdefghijklmnopqrstuvwxyz",WR)();return`${JR[e]}${i}`}function YR(){return Ih("organization")}function QR(){return Ih("connection")}function Cx(){return Ih("hook")}function ZR(){return Ih("invite")}const Tx={"post-login":"post-user-login","credentials-exchange":"credentials-exchange","pre-user-registration":"pre-user-registration","post-user-registration":"post-user-registration"},XR=Object.fromEntries(Object.entries(Tx).map(([e,t])=>[t,e]));function wA(e){return Tx[e]||e}function vA(e){return XR[e]||e}const ej=s.z.object({type:s.z.enum(["action_id","action_name"]).optional(),value:s.z.string().optional(),id:s.z.string().optional(),name:s.z.string().optional()}),tj=s.z.object({ref:ej,display_name:s.z.string().optional()}),nj=s.z.object({id:s.z.string(),trigger_id:s.z.string(),display_name:s.z.string(),action:ir,created_at:s.z.string(),updated_at:s.z.string()}),bA=s.z.object({bindings:s.z.array(nj)}),ij=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/{triggerId}/bindings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({triggerId:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:bA}},description:"Trigger bindings"}}}),async e=>{const{triggerId:t}=e.req.valid("param"),n=wA(t),r=(await e.env.data.hooks.list(e.var.tenant_id,{q:`trigger_id:"${n}"`,per_page:100})).hooks.filter(a=>"code_id"in a&&a.code_id).sort((a,c)=>(c.priority||0)-(a.priority||0)),o=[];for(const a of r){const c=a.code_id,l=await e.env.data.actions.get(e.var.tenant_id,c);l&&o.push({id:a.hook_id,trigger_id:vA(a.trigger_id),display_name:l.name,action:{...l,secrets:l.secrets?.map(d=>({name:d.name}))},created_at:a.created_at,updated_at:a.updated_at})}return e.json({bindings:o})}).openapi(s.createRoute({tags:["actions"],method:"patch",path:"/{triggerId}/bindings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({triggerId:s.z.string()}),body:{content:{"application/json":{schema:s.z.object({bindings:s.z.array(tj)})}}}},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:bA}},description:"Updated trigger bindings"}}}),async e=>{const{triggerId:t}=e.req.valid("param"),{bindings:n}=e.req.valid("json"),i=wA(t),r=await e.env.data.hooks.list(e.var.tenant_id,{q:`trigger_id:"${i}"`,per_page:100});for(const a of r.hooks)"code_id"in a&&a.code_id&&await e.env.data.hooks.remove(e.var.tenant_id,a.hook_id);const o=[];for(let a=0;a<n.length;a++){const c=n[a];let l=c.ref.id;if(!l&&c.ref.type==="action_id"&&c.ref.value)l=c.ref.value;else if(!l&&c.ref.type==="action_name"&&c.ref.value){const p=c.ref.value,f=100;let h=0;for(;;){const g=await e.env.data.actions.list(e.var.tenant_id,{page:h,per_page:f,include_totals:!1}),m=g.actions.find(_=>_.name===p);if(m){l=m.id;break}if(g.actions.length<f)break;h++}}if(!l)throw new N(400,{message:`Binding at index ${a} must reference an action via ref.id or ref.value`});const d=await e.env.data.actions.get(e.var.tenant_id,l);if(!d)throw new N(404,{message:`Action ${l} not found`});const u=await e.env.data.hooks.create(e.var.tenant_id,{hook_id:Cx(),trigger_id:i,code_id:l,enabled:!0,synchronous:!0,priority:n.length-a});o.push({id:u.hook_id,trigger_id:vA(u.trigger_id),display_name:c.display_name||d.name,action:{...d,secrets:d.secrets?.map(p=>({name:p.name}))},created_at:u.created_at,updated_at:u.updated_at})}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:`Update trigger bindings for ${t}`,targetType:"action"}),e.json({bindings:o})}),nd={themeId:"default",borders:{button_border_radius:8,button_border_weight:1,buttons_style:"pill",input_border_radius:8,input_border_weight:1,inputs_style:"pill",show_widget_shadow:!0,widget_border_weight:1,widget_corner_radius:16},colors:{base_focus_color:"#7D68F4",base_hover_color:"#A091F2",body_text:"#000000",captcha_widget_theme:"auto",error:"#FC5A5A",header:"#000000",icons:"#666666",input_background:"#FFFFFF",input_border:"#8E8CA0",input_filled_text:"#000000",input_labels_placeholders:"#88869F",links_focused_components:"#7D68F4",primary_button:"#7D68F4",primary_button_label:"#FFFFFF",secondary_button_border:"#8E8CA0",secondary_button_label:"#000000",success:"#36BF76",widget_background:"#FFFFFF",widget_border:"#8E8CA0"},displayName:"Default Theme",fonts:{body_text:{bold:!1,size:100},buttons_text:{bold:!0,size:100},font_url:"https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2",input_labels:{bold:!1,size:100},links:{bold:!0,size:100},links_style:"normal",reference_text_size:16,subtitle:{bold:!1,size:100},title:{bold:!0,size:150}},page_background:{background_color:"#F8F9FB",background_image_url:"",page_layout:"center"},widget:{logo_url:"",header_text_alignment:"center",logo_height:36,logo_position:"center",social_buttons_layout:"bottom"}};function Av(e,t){const n=structuredClone(e);function i(r,o){for(const a in o)o[a]!==void 0&&typeof o[a]=="object"&&!Array.isArray(o[a])&&typeof r[a]=="object"&&r[a]!==null?i(r[a],o[a]):r[a]=o[a];return r}return i(n,t)}const rj=new s.OpenAPIHono().openapi(s.createRoute({tags:["branding"],method:"get",path:"/default",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:branding"]}],responses:{200:{content:{"application/json":{schema:up}},description:"Default theme settings"}}}),async e=>{const t=await e.env.data.themes.get(e.var.tenant_id,"default");return t?e.json(t):e.json(nd)}).openapi(s.createRoute({tags:["branding"],method:"patch",path:"/default",request:{body:{content:{"application/json":{schema:up.deepPartial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:branding"]}],responses:{200:{content:{"application/json":{schema:up}},description:"Updated theme settings"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.themes.get(e.var.tenant_id,"default"),r=Av(n||nd,t);return n?await e.env.data.themes.update(e.var.tenant_id,"default",r):await e.env.data.themes.create(e.var.tenant_id,r,"default"),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Theme",targetType:"theme",targetId:"default",...n?{beforeState:n}:{},afterState:r}),e.json({...r,themeId:"default"})}),AA={colors:{primary:"#7D68F4",page_background:{type:"solid",start:"#F8F9FB",end:"#F8F9FB",angle_deg:0}},logo_url:"https://assets.sesamy.com/static/images/sesamy/logos/sesamy_logo_black.svg",favicon_url:"https://assets.sesamy.com/images/favicon.ico",font:{url:"https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2"}};var oj={Stringify:1},eo=(e,t)=>{const n=new String(e);return n.isEscaped=!0,n.callbacks=t,n},sj=/[&<>'"]/,aj=async(e,t)=>{let n="";t||=[];const i=await Promise.all(e);for(let r=i.length-1;n+=i[r],r--,!(r<0);r--){let o=i[r];typeof o=="object"&&t.push(...o.callbacks||[]);const a=o.isEscaped;if(o=await(typeof o=="object"?o.toString():o),typeof o=="object"&&t.push(...o.callbacks||[]),o.isEscaped??a)n+=o;else{const c=[n];Ea(o,c),n=c[0]}}return eo(n,t)},Ea=(e,t)=>{const n=e.search(sj);if(n===-1){t[0]+=e;return}let i,r,o=0;for(r=n;r<e.length;r++){switch(e.charCodeAt(r)){case 34:i="&quot;";break;case 39:i="&#39;";break;case 38:i="&amp;";break;case 60:i="&lt;";break;case 62:i="&gt;";break;default:continue}t[0]+=e.substring(o,r)+i,o=r+1}t[0]+=e.substring(o,r)},cj=e=>{const t=e.callbacks;if(!t?.length)return e;const n=[e],i={};return t.forEach(r=>r({phase:oj.Stringify,buffer:n,context:i})),n[0]},kv=Symbol("RENDERER"),zy=Symbol("ERROR_HANDLER"),ut=Symbol("STASH"),xx=Symbol("INTERNAL"),lj=Symbol("MEMO"),Yp=Symbol("PERMALINK"),kA=e=>(e[xx]=!0,e),Ix=e=>({value:t,children:n})=>{if(!n)return;const i={children:[{tag:kA(()=>{e.push(t)}),props:{}}]};Array.isArray(n)?i.children.push(...n.flat()):i.children.push(n),i.children.push({tag:kA(()=>{e.pop()}),props:{}});const r={tag:"",props:i,type:""};return r[zy]=o=>{throw e.pop(),o},r},$x=e=>{const t=[e],n=Ix(t);return n.values=t,n.Provider=n,ja.push(n),n},ja=[],zx=e=>{const t=[e],n=(i=>{t.push(i.value);let r;try{r=i.children?(Array.isArray(i.children)?new jx("",{},i.children):i.children).toString():""}catch(o){throw t.pop(),o}return r instanceof Promise?r.finally(()=>t.pop()).then(o=>eo(o,o.callbacks)):(t.pop(),eo(r))});return n.values=t,n.Provider=n,n[kv]=Ix(t),ja.push(n),n},hc=e=>e.values.at(-1),Qp={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},Ny={},jo="data-precedence",Nx=e=>e.rel==="stylesheet"&&"precedence"in e,Px=(e,t)=>e==="link"?t:Qp[e].length>0,Bd=e=>Array.isArray(e)?e:[e],SA=new WeakMap,EA=(e,t,n,i)=>({buffer:r,context:o})=>{if(!r)return;const a=SA.get(o)||{};SA.set(o,a);const c=a[e]||=[];let l=!1;const d=Qp[e],u=Px(e,i!==void 0);if(u){e:for(const[,p]of c)if(!(e==="link"&&!(p.rel==="stylesheet"&&p[jo]!==void 0))){for(const f of d)if((p?.[f]??null)===n?.[f]){l=!0;break e}}}if(l?r[0]=r[0].replaceAll(t,""):u||e==="link"?c.push([t,n,i]):c.unshift([t,n,i]),r[0].indexOf("</head>")!==-1){let p;if(e==="link"||i!==void 0){const f=[];p=c.map(([h,,g],m)=>{if(g===void 0)return[h,Number.MAX_SAFE_INTEGER,m];let _=f.indexOf(g);return _===-1&&(f.push(g),_=f.length-1),[h,_,m]}).sort((h,g)=>h[1]-g[1]||h[2]-g[2]).map(([h])=>h)}else p=c.map(([f])=>f);p.forEach(f=>{r[0]=r[0].replaceAll(f,"")}),r[0]=r[0].replace(/(?=<\/head>)/,p.join(""))}},Md=(e,t,n)=>eo(new di(e,n,Bd(t??[])).toString()),Ud=(e,t,n,i)=>{if("itemProp"in n)return Md(e,t,n);let{precedence:r,blocking:o,...a}=n;r=i?r??"":void 0,i&&(a[jo]=r);const c=new di(e,a,Bd(t||[])).toString();return c instanceof Promise?c.then(l=>eo(c,[...l.callbacks||[],EA(e,l,a,r)])):eo(c,[EA(e,c,a,r)])},dj=({children:e,...t})=>{const n=Sv();if(n){const i=hc(n);if(i==="svg"||i==="head")return new di("title",t,Bd(e??[]))}return Ud("title",e,t,!1)},uj=({children:e,...t})=>{const n=Sv();return["src","async"].some(i=>!t[i])||n&&hc(n)==="head"?Md("script",e,t):Ud("script",e,t,!1)},pj=({children:e,...t})=>["href","precedence"].every(n=>n in t)?(t["data-href"]=t.href,delete t.href,Ud("style",e,t,!0)):Md("style",e,t),fj=({children:e,...t})=>["onLoad","onError"].some(n=>n in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?Md("link",e,t):Ud("link",e,t,Nx(t)),hj=({children:e,...t})=>{const n=Sv();return n&&hc(n)==="head"?Md("meta",e,t):Ud("meta",e,t,!1)},Fx=(e,{children:t,...n})=>new di(e,n,Bd(t??[])),gj=e=>(typeof e.action=="function"&&(e.action=Yp in e.action?e.action[Yp]:void 0),Fx("form",e)),Ox=(e,t)=>(typeof t.formAction=="function"&&(t.formAction=Yp in t.formAction?t.formAction[Yp]:void 0),Fx(e,t)),mj=e=>Ox("input",e),yj=e=>Ox("button",e);const lm=Object.freeze(Object.defineProperty({__proto__:null,button:yj,form:gj,input:mj,link:fj,meta:hj,script:uj,style:pj,title:dj},Symbol.toStringTag,{value:"Module"}));var _j=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),Zp=e=>_j.get(e)||e,wj=/[\s"'<>/=`\\\x00-\x1f\x7f-\x9f]/,dm=new Set,CA=1024,vj=/^[!?]|[\s"'<>/=`\\\x00-\x1f\x7f-\x9f]/,TA=new Set,bj=256,id=(e,t,n)=>{e.size>=t&&e.clear(),e.add(n)},Aj=e=>TA.has(e)?!0:typeof e!="string"?!1:e.length===0?!0:vj.test(e)?!1:(id(TA,bj,e),!0),kj=e=>{if(dm.has(e))return!0;const t=e.length;if(t===0)return!1;for(let n=0;n<t;n++){const i=e.charCodeAt(n);if(!(i>=97&&i<=122||i>=65&&i<=90||i>=48&&i<=57||i===45||i===95||i===46||i===58))return wj.test(e)?!1:(id(dm,CA,e),!0)}return id(dm,CA,e),!0},Sj=/[\s"'():;\\/\[\]{}\x00-\x1f\x7f-\x9f]/,um=new Set,xA=1024,Ej=e=>{if(um.has(e))return!0;const t=e.length;if(t===0)return!1;for(let n=0;n<t;n++){const i=e.charCodeAt(n);if(!(i>=97&&i<=122||i>=65&&i<=90||i>=48&&i<=57||i===45||i===95))return Sj.test(e)?!1:(id(um,xA,e),!0)}return id(um,xA,e),!0},Cj=/[;"'\\/\[\](){}]/,Tj=e=>{if(!Cj.test(e))return!1;let t=0;const n=[];for(let i=0,r=e.length;i<r;i++){const o=e.charCodeAt(i);if(o===92){if(i===r-1)return!0;i++}else if(t!==0){if(o===10||o===12||o===13)return!0;o===t&&(t=0)}else if(o===47&&e.charCodeAt(i+1)===42){const a=e.indexOf("*/",i+2);if(a===-1)return!0;i=a+1}else if(o===34||o===39)t=o;else if(o===40)n.push(41);else if(o===91)n.push(93);else{if(o===123||o===125)return!0;if(o===41||o===93){if(n[n.length-1]!==o)return!0;n.pop()}else if(o===59&&n.length===0)return!0}}return t!==0||n.length!==0},Rx=(e,t)=>{for(const[n,i]of Object.entries(e)){const r=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,a=>`-${a.toLowerCase()}`);if(!Ej(r))continue;if(i==null){t(r,null);continue}let o;if(typeof i=="number")o=r.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${i}`:`${i}px`;else if(typeof i=="string"){if(Tj(i))continue;o=i}else continue;t(r,o)}},rd=void 0,Sv=()=>rd,xj=e=>/[A-Z]/.test(e)&&e.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,Ij=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],$j=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],Ev=(e,t)=>{for(let n=0,i=e.length;n<i;n++){const r=e[n];if(typeof r=="string")Ea(r,t);else{if(typeof r=="boolean"||r===null||r===void 0)continue;r instanceof di?r.toStringToBuffer(t):typeof r=="number"||r.isEscaped?t[0]+=r:r instanceof Promise?t.unshift("",r):Ev(r,t)}}},di=class{tag;props;key;children;isEscaped=!0;localContexts;constructor(e,t,n){if(typeof e!="function"&&!Aj(e))throw new Error(`Invalid JSX tag name: ${e}`);this.tag=e,this.props=t,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){const e=[""];this.localContexts?.forEach(([t,n])=>{t.values.push(n)});try{this.toStringToBuffer(e)}finally{this.localContexts?.forEach(([t])=>{t.values.pop()})}return e.length===1?"callbacks"in e?cj(eo(e[0],e.callbacks)).toString():e[0]:aj(e,e.callbacks)}toStringToBuffer(e){const t=this.tag,n=this.props;let{children:i}=this;e[0]+=`<${t}`;const r=t==="svg"||rd&&hc(rd)==="svg"?o=>xj(Zp(o)):o=>Zp(o);for(let[o,a]of Object.entries(n))if(o=r(o),!!kj(o)&&o!=="children"){if(o==="style"&&typeof a=="object"){let c="";Rx(a,(l,d)=>{d!=null&&(c+=`${c?";":""}${l}:${d}`)}),e[0]+=' style="',Ea(c,e),e[0]+='"'}else if(typeof a=="string")e[0]+=` ${o}="`,Ea(a,e),e[0]+='"';else if(a!=null)if(typeof a=="number"||a.isEscaped)e[0]+=` ${o}="${a}"`;else if(typeof a=="boolean"&&$j.includes(o))a&&(e[0]+=` ${o}=""`);else if(o==="dangerouslySetInnerHTML"){if(i.length>0)throw new Error("Can only set one of `children` or `props.dangerouslySetInnerHTML`.");i=[eo(a.__html)]}else if(a instanceof Promise)e[0]+=` ${o}="`,e.unshift('"',a);else if(typeof a=="function"){if(!o.startsWith("on")&&o!=="ref")throw new Error(`Invalid prop '${o}' of type 'function' supplied to '${t}'.`)}else e[0]+=` ${o}="`,Ea(a.toString(),e),e[0]+='"'}if(Ij.includes(t)&&i.length===0){e[0]+="/>";return}e[0]+=">",Ev(i,e),e[0]+=`</${t}>`}},pm=class extends di{toStringToBuffer(e){const{children:t}=this,n={...this.props};t.length&&(n.children=t.length===1?t[0]:t);const i=this.tag.call(null,n);if(!(typeof i=="boolean"||i==null))if(i instanceof Promise)if(ja.length===0)e.unshift("",i);else{const r=ja.map(o=>[o,o.values.at(-1)]);e.unshift("",i.then(o=>(o instanceof di&&(o.localContexts=r),o)))}else i instanceof di?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?(e[0]+=i,i.callbacks&&(e.callbacks||=[],e.callbacks.push(...i.callbacks))):Ea(i,e)}},jx=class extends di{toStringToBuffer(e){Ev(this.children,e)}},zj=(e,t,...n)=>{t??={},n.length&&(t.children=n.length===1?n[0]:n);const i=t.key;delete t.key;const r=pp(e,t,n);return r.key=i,r},IA=!1,pp=(e,t,n)=>{if(!IA){for(const i in Ny)lm[i][kv]=Ny[i];IA=!0}return typeof e=="function"?new pm(e,t,n):lm[e]?new pm(lm[e],t,n):e==="svg"||e==="head"?(rd||=zx(""),new di(e,t,[new pm(rd,{value:e},n)])):new di(e,t,n)},Da=({children:e})=>new jx("",{children:e},Array.isArray(e)?e:e?[e]:[]),Nj=(e,t,...n)=>{let i;if(n.length>0)i=n;else{const r=e.props.children;i=Array.isArray(r)?r:[r]}return zj(e.tag,{...e.props,...t},...i)};function S(e,t,n){let i;if(!t||!("children"in t))i=pp(e,t,[]);else{const r=t.children;i=Array.isArray(r)?pp(e,t,r):pp(e,t,[r])}return i.key=n,i}function Te(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#x27;")}function Pj(e){return e.replace(/\\/g,"\\\\").replace(/"/g,'\\"').replace(/'/g,"\\'").replace(/\(/g,"\\(").replace(/\)/g,"\\)").replace(/\n/g,"").replace(/\r/g,"").replace(/\t/g,"")}function mn(e){if(!e)return"";try{const t=new URL(e);return["http:","https:","data:"].includes(t.protocol)?Te(e):""}catch{return e.startsWith("/")?Te(e):""}}function gn(e){return e&&/^(#[0-9a-fA-F]{3,8}|rgba?\([^)]+\)|hsla?\([^)]+\)|[a-zA-Z]+)$/.test(e.trim())?e.trim():""}function Fj(e){if(!e)return"#f5f5f5";if(typeof e=="string")return gn(e)||"#f5f5f5";const{type:t,start:n,end:i,angle_deg:r}=e;if(t==="linear-gradient"&&n&&i){const o=gn(n),a=gn(i);if(o&&a)return`linear-gradient(${typeof r=="number"?r:180}deg, ${o}, ${a})`}if(n){const o=gn(n);if(o)return o}return"#f5f5f5"}function Dx(e,t){if(e?.background_image_url){const n=mn(e.background_image_url);if(n)return`${gn(e.background_color)||"#f5f5f5"} url("${Pj(n)}") center / cover no-repeat`}if(e?.background_color){const n=gn(e.background_color);if(n)return n}return Fj(t)}var Oj=(e,t)=>{try{return t(e)}catch{return e.replace(/(?:%[0-9A-Fa-f]{2})+/g,n=>{try{return t(n)}catch{return n}})}},Rj=decodeURIComponent,Lx=/^[\w!#$%&'*.^`|~+-]+$/,jj=/^[ !#-:<-[\]-~]*$/,$A=e=>{let t=0,n=e.length;for(;t<n;){const i=e.charCodeAt(t);if(i!==32&&i!==9)break;t++}for(;n>t;){const i=e.charCodeAt(n-1);if(i!==32&&i!==9)break;n--}return t===0&&n===e.length?e:e.slice(t,n)},Dj=(e,t)=>{if(e.indexOf(t)===-1)return{};const n=e.split(";"),i=Object.create(null);for(const r of n){const o=r.indexOf("=");if(o===-1)continue;const a=$A(r.substring(0,o));if(t!==a||!Lx.test(a)||a in i)continue;let c=$A(r.substring(o+1));if(c.startsWith('"')&&c.endsWith('"')&&(c=c.slice(1,-1)),jj.test(c)){i[a]=c.indexOf("%")!==-1?Oj(c,Rj):c;break}}return i},Lj=(e,t,n={})=>{if(!Lx.test(e))throw new Error("Invalid cookie name");let i=`${e}=${t}`;if(e.startsWith("__Secure-")&&!n.secure)throw new Error("__Secure- Cookie must have Secure attributes");if(e.startsWith("__Host-")){if(!n.secure)throw new Error("__Host- Cookie must have Secure attributes");if(n.path!=="/")throw new Error('__Host- Cookie must have Path attributes with "/"');if(n.domain)throw new Error("__Host- Cookie must not have Domain attributes")}for(const r of["domain","path","sameSite","priority"])if(n[r]&&/[;\r\n]/.test(n[r]))throw new Error(`${r} must not contain ";", "\\r", or "\\n"`);if(n&&typeof n.maxAge=="number"&&n.maxAge>=0){if(n.maxAge>3456e4)throw new Error("Cookies Max-Age SHOULD NOT be greater than 400 days (34560000 seconds) in duration.");i+=`; Max-Age=${n.maxAge|0}`}if(n.domain&&n.prefix!=="host"&&(i+=`; Domain=${n.domain}`),n.path&&(i+=`; Path=${n.path}`),n.expires){if(n.expires.getTime()-Date.now()>3456e7)throw new Error("Cookies Expires SHOULD NOT be greater than 400 days (34560000 seconds) in the future.");i+=`; Expires=${n.expires.toUTCString()}`}if(n.httpOnly&&(i+="; HttpOnly"),n.secure&&(i+="; Secure"),n.sameSite&&(i+=`; SameSite=${n.sameSite.charAt(0).toUpperCase()+n.sameSite.slice(1)}`),n.priority&&(i+=`; Priority=${n.priority.charAt(0).toUpperCase()+n.priority.slice(1)}`),n.partitioned){if(!n.secure)throw new Error("Partitioned Cookie must have Secure attributes");i+="; Partitioned"}return i},fm=(e,t,n)=>(t=encodeURIComponent(t),Lj(e,t,n)),Bj=(e,t,n)=>{const i=e.req.raw.headers.get("Cookie");{if(!i)return;let r=t;return Dj(i,r)[r]}},Mj=(e,t,n)=>{let i;return n?.prefix==="secure"?i=fm("__Secure-"+e,t,{path:"/",...n,secure:!0}):n?.prefix==="host"?i=fm("__Host-"+e,t,{...n,path:"/",secure:!0,domain:void 0}):i=fm(e,t,{path:"/",...n}),i},zA=(e,t,n,i)=>{const r=Mj(t,n,i);e.header("Set-Cookie",r,{append:!0})};const od="mpkbgfx6",Bx={common:{alertListTitle:"Upozornění",backText:"Vrátit se zpět",cancelText:"Zrušit",closeText:"Zavřít",contactSupportText:"Potřebujete pomoc?",continueText:"Pokračovat",copyrightText:"© ${currentYear} ${companyName}",errorText:"Něco se pokazilo. Zkuste to prosím znovu.",hidePasswordText:"Skrýt heslo",loadingText:"Načítání...",orText:"nebo",privacyPolicyText:"Zásady ochrany osobních údajů",showPasswordText:"Zobrazit heslo",termsOfServiceText:"Podmínky služby",termsShortText:"Podmínky",tryAgainText:"Zkusit znovu"}},Mx={consent:{buttonText:"Přijmout",cancelButtonText:"Zamítnout",description:"${clientName} žádá o přístup k vašemu účtu",pageTitle:"Autorizace | ${clientName}",scopesTitle:"Tímto povolíte ${clientName}:",title:"Autorizovat ${clientName}"}},Ux={invitation:{acceptButtonText:"Přijmout pozvánku",description:"${inviterName} vás pozval(a), abyste se připojili k ${organizationName} na ${clientName}",pageTitle:"Pozvánka | ${clientName}",title:"Byli jste pozváni"}},qx={login:{alertListTitle:"Upozornění",buttonText:"Pokračovat",description:"Přihlaste se k ${clientName}.",editEmailText:"Upravit",emailPlaceholder:"E-mailová adresa",enterACodeBtn:"Přihlásit se kódem",federatedConnectionButtonText:"Pokračovat s ${connectionName}",footerLinkText:"Zaregistrujte se",footerText:"Nemáte účet?",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo",invalidEmail:"Neplatný e-mail",invalidIdentifier:"Neplatný e-mail nebo uživatelské jméno",invitationDescription:"Přihlaste se pro přijetí pozvánky od ${inviterName} k připojení k ${companyName} na ${clientName}.",invitationTitle:"Byli jste pozváni!",logoAltText:"${companyName}","no-email":"Zadejte prosím e-mailovou adresu","no-password":"Heslo je povinné",pageTitle:"Přihlášení | ${clientName}",passwordLoginNotAvailable:"Přihlášení heslem není k dispozici",passwordPlaceholder:"Heslo",phonePlaceholder:"Telefonní číslo",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",signupActionLinkText:"${footerLinkText}",signupActionText:"${footerText}",title:"Vítejte",tooManyFailedLogins:"Příliš mnoho neúspěšných pokusů o přihlášení. Zkuste to prosím později.",unverifiedEmail:"Před přihlášením prosím ověřte svou e-mailovou adresu",userAccountDoesNotExist:"Uživatelský účet neexistuje",usernamePlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernameTooLong:"Uživatelské jméno musí mít nejvýše ${max} znaků",usernameTooShort:"Uživatelské jméno musí mít alespoň ${min} znaků",wrongCredentials:"Nesprávné uživatelské jméno nebo heslo",passkeyButtonText:"Přihlásit se pomocí passkey"}},Hx={mfa:{backupCodeText:"Použít záložní kód",description:"Zvolte metodu ověření",pageTitle:"Vícefaktorové ověření | ${clientName}",title:"Ověřte svou identitu"}},Vx={"passkey-enrollment-nudge":{title:"Zabezpečte svůj účet pomocí passkey",description:"Passkey používají biometrii nebo PIN vašeho zařízení k rychlejšímu a bezpečnějšímu přihlášení.",enrollButtonText:"Nastavit passkey",snoozeButtonText:"Možná později",optOutLinkText:"Nezobrazovat znovu",pageTitle:"Nastavení Passkey | ${clientName}"},"passkey-enrollment":{title:"Vytvořte svůj passkey",description:"Postupujte podle pokynů prohlížeče a vytvořte passkey pro tento účet.",errorMessage:"Vytvoření passkey se nezdařilo. Zkuste to prosím znovu.",cancelLinkText:"Prozatím přeskočit",retryButtonText:"Zkusit znovu",enrollmentComplete:"Váš passkey byl úspěšně nastaven. Tuto stránku můžete zavřít.",pageTitle:"Vytvoření Passkey | ${clientName}"},"passkey-challenge":{title:"Přihlásit se pomocí passkey",description:"Postupujte podle pokynů prohlížeče k ověření vaší identity.",errorMessage:"Ověření pomocí passkey selhalo. Zkuste to prosím znovu.",cancelLinkText:"Zpět na přihlášení",retryButtonText:"Zkusit znovu",pageTitle:"Přihlášení pomocí passkey | ${clientName}"}},Kx={organizations:{description:"Vyberte, ke které organizaci se chcete přihlásit",pageTitle:"Výběr organizace | ${clientName}",searchPlaceholder:"Hledat organizace",title:"Vyberte svou organizaci"}},Gx={signup:{buttonText:"Pokračovat",confirmPasswordPlaceholder:"Potvrzení hesla",description:"Zaregistrujte se a pokračujte","email-already-exists":"Tento e-mail je již zaregistrován",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}",hidePasswordText:"Skrýt heslo","invalid-email-format":"Neplatný e-mail",loginActionLinkText:"Přihlásit se",loginActionText:"Už máte účet?","no-email":"Zadejte prosím e-mailovou adresu","no-password":"Heslo je povinné","no-username":"Uživatelské jméno je povinné",pageTitle:"Registrace | ${clientName}",passwordPlaceholder:"Heslo",passwordsDidntMatch:"Hesla se neshodují",phonePlaceholder:"Telefonní číslo",privacyPolicyLinkText:"Zásady ochrany osobních údajů",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",termsOfServiceLinkText:"Podmínky služby",termsText:"Registrací souhlasíte s našimi",title:"Vytvořte svůj účet","username-already-exists":"Toto uživatelské jméno je již obsazeno",usernamePlaceholder:"Uživatelské jméno",verifyEmailText:"Zkontrolujte prosím svůj e-mail pro ověření účtu"}},Wx={status:{continueButtonText:"Pokračovat",errorTitle:"Chyba",pageTitle:"Stav | ${clientName}",successTitle:"Hotovo",title:"Stav"}},Uj={common:Bx,consent:Mx,"device-flow":{"device-flow":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Zadejte kód zobrazený na vašem zařízení","expired-code":"Platnost kódu vypršela","invalid-code":"Zadaný kód je neplatný",pageTitle:"Aktivace zařízení | ${clientName}",title:"Aktivujte své zařízení"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Přihlásit se",codeLabel:"Ověřovací kód",codePlaceholder:"Zadejte kód",defaultDescription:"Zadejte ověřovací kód zaslaný na váš e-mail",description:"Odeslali jsme kód na ${email}","invalid-code":"Neplatný kód",noCode:"Zadejte prosím ověřovací kód",pageTitle:"Zadejte kód | ${clientName}",resendText:"Opětovné odeslání kódu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zkontrolujte svůj e-mail",unexpectedError:"Došlo k neočekávané chybě"}},"email-verification":{"email-verification":{description:"Odeslali jsme e-mail na ${email}",pageTitle:"Ověření e-mailu | ${clientName}",resendText:"Opětovné odeslání kódu",successDescription:"Váš e-mail byl úspěšně ověřen.",successTitle:"E-mail ověřen",title:"Ověření e-mailu"}},invitation:Ux,login:qx,"login-id":{"login-id":{alertListTitle:"Upozornění","auth0-users-validation":"Něco se pokazilo, zkuste to prosím později","authentication-failure":"Omlouváme se, při pokusu o přihlášení se něco pokazilo",buttonText:"Pokračovat","captcha-client-failure":"Nepodařilo se načíst bezpečnostní výzvu. Zkuste to prosím znovu. (Kód chyby: #{errorCode})","captcha-validation-failure":"Omlouváme se, při ověřování captcha došlo k chybě. Zkuste to prosím znovu.",captchaCodePlaceholder:"Zadejte kód zobrazený výše","custom-script-error-code":"Něco se pokazilo, zkuste to prosím později.",description:"Přihlaste se k ${clientName}.",editEmailText:"Upravit",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}",footerLinkText:"Zaregistrujte se",footerText:"Nemáte účet?",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo","invalid-captcha":"Vyřešte úlohu, abyste ověřili, že nejste robot.","invalid-code":"Neplatný kód","invalid-connection":"Neplatné připojení","invalid-email-format":"Neplatný e-mail","invalid-email-phone":"Zadejte platnou e-mailovou adresu nebo telefonní číslo. Telefonní čísla musí obsahovat předvolbu země.","invalid-email-phone-username":"Zadejte platnou e-mailovou adresu, telefonní číslo nebo uživatelské jméno. Telefonní čísla musí obsahovat předvolbu země.","invalid-email-username":"Zadejte platnou e-mailovou adresu nebo uživatelské jméno","invalid-expired-code":"Neplatný nebo vypršelý uživatelský kód","invalid-login-id":"Zadáno neplatné přihlašovací ID","invalid-phone-username":"Zadejte platné telefonní číslo nebo uživatelské jméno. Telefonní čísla musí obsahovat předvolbu země.","invalid-recaptcha":"Zaškrtněte políčko, abyste ověřili, že nejste robot.","invalid-username":"Uživatelské jméno může obsahovat pouze alfanumerické znaky nebo: '${characters}'. Uživatelské jméno musí mít ${min} až ${max} znaků.",invitationDescription:"Přihlaste se pro přijetí pozvánky od ${inviterName} k připojení k ${companyName} na ${clientName}.",invitationTitle:"Byli jste pozváni!","ip-blocked":"Zjistili jsme podezřelé přihlašovací chování a další pokusy budou blokovány. Kontaktujte prosím administrátora.",logoAltText:"${companyName}","no-db-connection":"Neplatné připojení","no-email":"Zadejte prosím e-mailovou adresu","no-email-phone":"Je vyžadována e-mailová adresa nebo telefonní číslo","no-email-phone-username":"Je vyžadováno telefonní číslo, uživatelské jméno nebo e-mailová adresa","no-email-username":"Je vyžadována e-mailová adresa nebo uživatelské jméno","no-password":"Heslo je povinné","no-phone":"Zadejte prosím telefonní číslo","no-phone-username":"Je vyžadováno telefonní číslo nebo uživatelské jméno","no-username":"Uživatelské jméno je povinné",pageTitle:"Přihlášení | ${clientName}","password-breached":"Zjistili jsme potenciální bezpečnostní problém s tímto účtem. Pro ochranu vašeho účtu jsme toto přihlášení zablokovali. Pro pokračování prosím resetujte své heslo.",passwordPlaceholder:"Heslo",phoneOrEmailPlaceholder:"E-mail nebo telefonní číslo",phoneOrUsernameOrEmailPlaceholder:"Telefon, uživatelské jméno nebo e-mail",phoneOrUsernamePlaceholder:"Telefonní číslo nebo uživatelské jméno",phonePlaceholder:"Telefonní číslo","same-user-login":"Příliš mnoho pokusů o přihlášení pro tohoto uživatele. Počkejte prosím a zkuste to znovu později.",selectCountryCode:"Vyberte předvolbu země, aktuálně nastaveno na ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",signupActionLinkText:"${footerLinkText}",signupActionText:"${footerText}",termsAndConditionsTemplate:'Pokračováním souhlasíte s našimi <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Podmínkami a pravidly</a>.',title:"Vítejte","user-blocked":"Váš účet byl zablokován po několika po sobě jdoucích neúspěšných pokusech o přihlášení.",userAccountDoesNotExist:"Uživatelský účet neexistuje",usernameOnlyPlaceholder:"Uživatelské jméno",usernameOrEmailPlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernamePlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernameTooLong:"Uživatelské jméno musí mít nejvýše ${max} znaků",usernameTooShort:"Uživatelské jméno musí mít alespoň ${min} znaků","wrong-credentials":"Nesprávné uživatelské jméno nebo heslo","wrong-email-credentials":"Nesprávný e-mail nebo heslo","wrong-email-phone-credentials":"Nesprávná e-mailová adresa, telefonní číslo nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-email-phone-username-credentials":"Nesprávná e-mailová adresa, telefonní číslo, uživatelské jméno nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-email-username-credentials":"Nesprávná e-mailová adresa, uživatelské jméno nebo heslo","wrong-phone-credentials":"Nesprávné telefonní číslo nebo heslo","wrong-phone-username-credentials":"Nesprávné telefonní číslo, uživatelské jméno nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-username-credentials":"Nesprávné uživatelské jméno nebo heslo",passkeyButtonText:"Přihlásit se pomocí passkey"}},"login-password":{"login-password":{buttonText:"Přihlásit se",description:"Přihlaste se k ${clientName}",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo","no-password":"Heslo je povinné",pageTitle:"Přihlášení | ${clientName}","password-breached":"Zjistili jsme potenciální bezpečnostní problém s tímto účtem. Pro ochranu vašeho účtu jsme toto přihlášení zablokovali. Pro pokračování prosím resetujte své heslo.",passwordPlaceholder:"Heslo",showPasswordText:"Zobrazit heslo",signingInAs:"Přihlášení jako ${email}",title:"Zadejte heslo",unverifiedEmail:"Před přihlášením prosím ověřte svou e-mailovou adresu","user-blocked":"Váš účet byl zablokován po několika po sobě jdoucích neúspěšných pokusech o přihlášení.","wrong-credentials":"Nesprávné heslo"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mailová adresa",authMethodEmailOrPhone:"e-mail nebo telefonní číslo",authMethodPhone:"telefonní číslo",description:"Přihlaste se pomocí ${authMethod}",emailOrPhonePlaceholder:"E-mailová adresa nebo telefonní číslo",emailPlaceholder:"E-mailová adresa",invalidEmail:"Zadejte prosím platnou e-mailovou adresu",invalidIdentifier:"Zadejte prosím platnou e-mailovou adresu nebo telefonní číslo",invalidPhone:"Zadejte prosím platné telefonní číslo s předvolbou země",noEmail:"Zadejte prosím svou e-mailovou adresu",noPhone:"Zadejte prosím své telefonní číslo",phonePlaceholder:"Telefonní číslo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Přihlásit se kódem",userAccountDoesNotExist:"Uživatelský účet neexistuje"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klikněte na odkaz ve svém e-mailu pro přihlášení",description:"Odeslali jsme odkaz na ${username}. Kliknutím na něj se přihlásíte.",resendText:"Odeslat odkaz znovu",spamText:"Nedostali jste e-mail? Zkontrolujte složku nevyžádané pošty.",title:"Zkontrolujte svůj e-mail"}},mfa:Hx,"mfa-email":{"mfa-email":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Odeslali jsme kód na ${email}","invalid-code":"Zadaný kód je neplatný",pageTitle:"Ověření e-mailem | ${clientName}",resendText:"Opětovné odeslání kódu",title:"Zkontrolujte svůj e-mail"}},"mfa-otp":{"mfa-otp":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Zadejte šestimístný kód z vaší ověřovací aplikace","invalid-code":"Zadaný kód je neplatný",pageTitle:"Zadejte kód | ${clientName}",title:"Zadejte svůj kód"},"mfa-totp-enrollment":{title:"Nastavit ověřovací aplikaci",description:"Naskenujte QR kód níže pomocí ověřovací aplikace a poté zadejte šestimístný kód pro ověření",secretLabel:"Nebo zadejte tento kód ručně:",codePlaceholder:"Zadejte kód",continueButtonText:"Ověřit a aktivovat","invalid-code":"Zadaný kód je neplatný. Zkuste to prosím znovu.","transaction-not-found":"Platnost vaší registrace vypršela, budete muset začít znovu.",pageTitle:"Nastavení ověřovací aplikace | ${clientName}",unexpectedError:"Něco se pokazilo. Zkuste to prosím znovu.",enrollmentComplete:"Registrace MFA je dokončena. Tuto stránku můžete zavřít."},"mfa-totp-challenge":{title:"Ověřte svou identitu",description:"Zadejte šestimístný kód z vaší ověřovací aplikace",codePlaceholder:"Zadejte kód",continueButtonText:"Pokračovat","invalid-code":"Zadaný kód je neplatný","transaction-not-found":"Platnost vaší registrace vypršela, budete muset začít znovu.",unexpectedError:"Něco se pokazilo. Zkuste to prosím znovu.",pageTitle:"Ověření identity | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Použijte své telefonní číslo pro přihlášení | ${clientName}",title:"Ověřte svou identitu",description:"Odeslali jsme kód na ${phoneNumber}",continueButtonText:"Pokračovat",changePhoneText:"Zvolte jiné telefonní číslo.",smsButtonText:"Textová zpráva",voiceButtonText:"Hlasový hovor",chooseMessageTypeText:"Jak chcete kód přijmout?",pickAuthenticatorText:"Zkusit jinou metodu",logoAltText:"${companyName}",codePlaceholder:"Zadejte kód","send-sms-failed":"Při odesílání SMS došlo k problému","send-voice-failed":"Při uskutečnění hlasového hovoru došlo k problému","invalid-phone-format":"Telefonní číslo může obsahovat pouze číslice.","invalid-phone":"Zdá se, že vaše telefonní číslo není platné. Zkontrolujte a zkuste to znovu.","too-many-sms":"Překročili jste maximální počet telefonních zpráv za hodinu. Počkejte pár minut a zkuste to znovu.","too-many-voice":"Překročili jste maximální počet hlasových hovorů za hodinu. Počkejte pár minut a zkuste to znovu.","transaction-not-found":"Vaše registrační transakce vypršela, budete muset začít znovu.","no-phone":"Zadejte telefonní číslo",noCode:"Zadejte ověřovací kód",invalidCode:"Zadaný kód je neplatný. Zkuste to znovu.",unexpectedError:"Něco se pokazilo. Zkuste to znovu.",resendSuccess:"Odeslali jsme nový kód na váš telefon",enrollmentComplete:"Registrace MFA je dokončena. Tuto stránku můžete zavřít."},"mfa-phone-enrollment":{pageTitle:"Zadejte své telefonní číslo pro přihlášení pomocí telefonního kódu | ${clientName}",title:"Zabezpečte svůj účet",description:"Zadejte kód země a telefonní číslo, na které můžeme odeslat 6místný kód:",continueButtonText:"Pokračovat",smsButtonText:"Textová zpráva",voiceButtonText:"Hlasový hovor",chooseMessageTypeText:"Jak chcete kód přijmout?",pickAuthenticatorText:"Zkusit jinou metodu",placeholder:"Zadejte své telefonní číslo",logoAltText:"${companyName}",selectCountryCode:"Vyberte kód země, aktuálně nastaveno na ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Při odesílání SMS došlo k problému","send-voice-failed":"Při uskutečnění hlasového hovoru došlo k problému","sms-authenticator-error":"Nepodařilo se odeslat SMS. Zkuste to prosím později.","invalid-phone-format":"Telefonní číslo může obsahovat pouze číslice.","invalid-phone":"Zdá se, že vaše telefonní číslo není platné. Zkontrolujte a zkuste to znovu.","too-many-sms":"Překročili jste maximální počet telefonních zpráv za hodinu. Počkejte pár minut a zkuste to znovu.","too-many-voice":"Překročili jste maximální počet hlasových hovorů za hodinu. Počkejte pár minut a zkuste to znovu.","transaction-not-found":"Vaše registrační transakce vypršela, budete muset začít znovu.","no-phone":"Zadejte telefonní číslo","phone-is-too-short":"Telefonní číslo je příliš krátké","phone-is-too-long":"Telefonní číslo je příliš dlouhé"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Vyberte metodu ověření | ${clientName}",title:"Vyberte způsob ověření",description:"Zvolte, jak chcete ověřit svou identitu",authenticatorAppLabel:"Autentizační aplikace",authenticatorAppDescription:"Použijte autentizační aplikaci k získání ověřovacího kódu",smsLabel:"Textová zpráva",smsDescription:"Nechte si zaslat ověřovací kód na telefon",passkeyLabel:"Passkey",passkeyDescription:"Použijte biometrii zařízení nebo bezpečnostní klíč"}},"mfa-push":{"mfa-push":{description:"Odeslali jsme oznámení na vaše zařízení",pageTitle:"Push oznámení | ${clientName}",resendText:"Odeslat oznámení znovu",title:"Schvalte požadavek",useCodeText:"Zadat kód ručně"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Pokračovat",codePlaceholder:"Záložní kód",description:"Zadejte jeden z vašich záložních kódů","invalid-code":"Zadaný záložní kód je neplatný",pageTitle:"Záložní kód | ${clientName}",title:"Zadejte záložní kód"}},"mfa-voice":{"mfa-voice":{buttonText:"Zavolat mi",codePlaceholder:"Zadejte kód",description:"Zavoláme na ${phoneNumber} s vaším kódem","invalid-code":"Zadaný kód je neplatný",pageTitle:"Hlasový hovor | ${clientName}",title:"Přijmout telefonní hovor"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Zkusit znovu",description:"Vložte svůj bezpečnostní klíč a postupujte podle pokynů",pageTitle:"Bezpečnostní klíč | ${clientName}",title:"Použijte svůj bezpečnostní klíč"}},passkeys:Vx,organizations:Kx,"reset-password":{"reset-password":{backToLoginText:"Zpět na přihlášení",buttonText:"Pokračovat",codeExpired:"Platnost kódu pro obnovení hesla vypršela. Požádejte prosím o nový.",confirmPasswordLabel:"Potvrzení hesla",confirmPasswordPlaceholder:"Potvrzení hesla",description:"Zadejte svůj e-mail pro obnovení hesla",emailPlaceholder:"E-mailová adresa",failed:"Obnovení hesla se nezdařilo. Zkuste to prosím znovu.","invalid-email-format":"Neplatný e-mail","no-email":"Zadejte prosím e-mailovou adresu",pageTitle:"Obnovení hesla | ${clientName}",passwordLabel:"Nové heslo",passwordPlaceholder:"Nové heslo",passwordTooWeak:"Heslo je příliš slabé",passwordsDidntMatch:"Hesla se neshodují",successDescription:"Odkaz na obnovení hesla jsme odeslali na vaši e-mailovou adresu.",successTitle:"Zkontrolujte svůj e-mail",title:"Zapomněli jste heslo?","user-not-found":"Uživatel nenalezen"},"reset-password-code":{backToLoginText:"Zpět na přihlášení",buttonText:"Obnovit heslo",codeLabel:"Kód pro obnovení",codePlaceholder:"Zadejte 6místný kód",confirmPasswordLabel:"Potvrzení hesla",confirmPasswordPlaceholder:"Potvrzení hesla",defaultDescription:"Zadejte kód zaslaný na váš e-mail a zvolte nové heslo",description:"Odeslali jsme kód na ${email}",failed:"Obnovení hesla se nezdařilo. Zkuste to prosím znovu.",invalidCode:"Zadaný kód je neplatný nebo vypršel",noCode:"Zadejte prosím kód pro obnovení",pageTitle:"Zadejte kód pro obnovení | ${clientName}",passwordLabel:"Nové heslo",passwordPlaceholder:"Nové heslo",passwordTooWeak:"Heslo je příliš slabé",passwordsDidntMatch:"Hesla se neshodují",resendFailed:"Nepodařilo se znovu odeslat kód. Zkuste to prosím znovu.",resendSuccess:"Nový kód byl odeslán na váš e-mail",resendText:"Odeslat kód znovu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zadejte kód pro obnovení"}},signup:Gx,"signup-id":{"signup-id":{buttonText:"Pokračovat",description:"Zaregistrujte se a pokračujte","email-already-exists":"Tento e-mail je již zaregistrován",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}","invalid-email-format":"Neplatný e-mail",loginActionLinkText:"Přihlásit se",loginActionText:"Už máte účet?","no-email":"Zadejte prosím e-mailovou adresu",pageTitle:"Registrace | ${clientName}",phonePlaceholder:"Telefonní číslo",separatorText:"nebo",title:"Vytvořte svůj účet",usernamePlaceholder:"Uživatelské jméno"}},"signup-password":{"signup-password":{buttonText:"Pokračovat",description:"Zaregistrujte se a pokračujte",hidePasswordText:"Skrýt heslo","no-password":"Heslo je povinné",pageTitle:"Registrace | ${clientName}","password-policy-not-met":"Heslo nesplňuje požadavky","password-too-weak":"Heslo je příliš slabé",passwordPlaceholder:"Heslo",showPasswordText:"Zobrazit heslo",title:"Vytvořte své heslo"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Pokračovat",codeLabel:"Ověřovací kód",codePlaceholder:"Zadejte kód",defaultDescription:"Zadejte ověřovací kód zaslaný na váš telefon",description:"Odeslali jsme kód na ${username}","invalid-code":"Neplatný kód",noCode:"Zadejte prosím ověřovací kód",pageTitle:"Zadejte kód | ${clientName}",resendText:"Opětovné odeslání kódu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zkontrolujte svůj telefon",unexpectedError:"Došlo k neočekávané chybě"}},status:Wx},qj=Object.freeze(Object.defineProperty({__proto__:null,common:Bx,consent:Mx,default:Uj,invitation:Ux,login:qx,mfa:Hx,organizations:Kx,passkeys:Vx,signup:Gx,status:Wx},Symbol.toStringTag,{value:"Module"})),Jx={common:{alertListTitle:"Advarsler",backText:"Gå tilbage",cancelText:"Gå tilbage",closeText:"Luk",contactSupportText:"Har du brug for hjælp?",continueText:"Fortsæt",copyrightText:"© ${currentYear} ${companyName}",errorText:"Noget gik galt. Prøv venligst igen.",hidePasswordText:"Skjul adgangskode",loadingText:"Indlæser...",orText:"eller",privacyPolicyText:"Privatlivspolitik",showPasswordText:"Vis adgangskode",termsOfServiceText:"Servicevilkår",termsShortText:"Vilkår",tryAgainText:"Prøv igen"}},Yx={consent:{buttonText:"Acceptér",cancelButtonText:"Afvis",description:"${clientName} anmoder om adgang til din konto",pageTitle:"Godkend | ${clientName}",scopesTitle:"Dette vil give ${clientName} tilladelse til at:",title:"Godkend ${clientName}"}},Qx={invitation:{acceptButtonText:"Acceptér invitation",description:"${inviterName} har inviteret dig til at deltage i ${organizationName} på ${clientName}",pageTitle:"Invitation | ${clientName}",title:"Du er blevet inviteret"}},Zx={login:{alertListTitle:"Advarsler",buttonText:"Fortsæt",description:"Log ind på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-mail-adresse",enterACodeBtn:"Log ind med en kode",federatedConnectionButtonText:"Fortsæt med ${connectionName}",footerLinkText:"Tilmeld dig",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode",invalidEmail:"Ugyldig e-mail",invalidIdentifier:"Ugyldig e-mail eller brugernavn",invitationDescription:"Log ind for at acceptere ${inviterName}s invitation til at deltage i ${companyName} på ${clientName}.",invitationTitle:"Du er blevet inviteret!",logoAltText:"${companyName}","no-email":"Indtast venligst en e-mailadresse","no-password":"Adgangskode er påkrævet",pageTitle:"Log ind | ${clientName}",passwordLoginNotAvailable:"Adgangskodegodkendelse er ikke tilgængelig",passwordPlaceholder:"Adgangskode",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",signupActionLinkText:"Tilmeld dig",signupActionText:"Har du ikke en konto?",title:"Velkommen",tooManyFailedLogins:"For mange mislykkede loginforsøg. Prøv venligst igen senere.",unverifiedEmail:"Bekræft venligst din e-mailadresse, før du logger ind",userAccountDoesNotExist:"Brugerkontoen findes ikke",usernamePlaceholder:"Brugernavn eller e-mailadresse",usernameTooLong:"Brugernavnet må højst være ${max} tegn",usernameTooShort:"Brugernavnet skal være mindst ${min} tegn",wrongCredentials:"Forkert brugernavn eller adgangskode",passkeyButtonText:"Log ind med passkey"}},Xx={mfa:{backupCodeText:"Brug backupkode",description:"Vælg en bekræftelsesmetode",pageTitle:"Multifaktorgodkendelse | ${clientName}",title:"Bekræft din identitet"}},eI={"passkey-enrollment-nudge":{title:"Sikr din konto med en adgangsnøgle",description:"Adgangsnøgler bruger din enheds biometri eller PIN til at logge dig ind hurtigere og mere sikkert.",enrollButtonText:"Konfigurer adgangsnøgle",snoozeButtonText:"Måske senere",optOutLinkText:"Vis ikke dette igen",pageTitle:"Konfigurer Adgangsnøgle | ${clientName}"},"passkey-enrollment":{title:"Opret din adgangsnøgle",description:"Følg anvisningerne fra din browser for at oprette en adgangsnøgle til denne konto.",errorMessage:"Oprettelse af adgangsnøgle mislykkedes. Prøv venligst igen.",cancelLinkText:"Spring over for nu",retryButtonText:"Prøv igen",enrollmentComplete:"Din adgangsnøgle er konfigureret. Du kan lukke denne side.",pageTitle:"Opret Adgangsnøgle | ${clientName}"},"passkey-challenge":{title:"Log ind med passkey",description:"Følg anvisningerne fra din browser for at bekræfte din identitet.",errorMessage:"Godkendelse med passkey mislykkedes. Prøv venligst igen.",cancelLinkText:"Tilbage til login",retryButtonText:"Prøv igen",pageTitle:"Log ind med passkey | ${clientName}"}},tI={organizations:{description:"Vælg hvilken organisation du vil logge ind på",pageTitle:"Vælg organisation | ${clientName}",searchPlaceholder:"Søg organisationer",title:"Vælg din organisation"}},nI={signup:{buttonText:"Tilmelding",confirmPasswordPlaceholder:"Bekræft adgangskode",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.","email-already-exists":"E-mailen er allerede optaget",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}",hidePasswordText:"Skjul adgangskode","invalid-email-format":"Ugyldig e-mail",loginActionLinkText:"Log ind",loginActionText:"Har du allerede en konto?","no-email":"Indtast venligst en e-mailadresse","no-password":"Adgangskode er påkrævet","no-username":"Brugernavn er påkrævet",pageTitle:"Tilmeld dig | ${clientName}",passwordPlaceholder:"Adgangskode",passwordsDidntMatch:"Adgangskoderne matcher ikke",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Privatlivspolitik",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",termsOfServiceLinkText:"Servicevilkår",termsText:"Ved at tilmelde dig accepterer du vores",title:"Vælg adgangskode","username-already-exists":"Dette brugernavn er allerede taget",usernamePlaceholder:"Brugernavn",verifyEmailText:"Tjek venligst din e-mail for at bekræfte din konto"}},iI={status:{continueButtonText:"Fortsæt",errorTitle:"Fejl",pageTitle:"Status | ${clientName}",successTitle:"Succes",title:"Status"}},Hj={common:Jx,consent:Yx,"device-flow":{"device-flow":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Indtast koden, der vises på din enhed","expired-code":"Koden er udløbet","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Enhedsaktivering | ${clientName}",title:"Aktivér din enhed"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Log ind",codeLabel:"Bekræftelseskode",codePlaceholder:"Indtast kode",defaultDescription:"Indtast bekræftelseskoden, der blev sendt til din e-mail",description:"Vi sendte en kode til ${email}","invalid-code":"Ugyldig kode",noCode:"Indtast venligst bekræftelseskoden",pageTitle:"Indtast kode | ${clientName}",resendText:"Send koden igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Tjek din e-mail",unexpectedError:"Der opstod en uventet fejl"}},"email-verification":{"email-verification":{description:"Vi sendte en e-mail til ${email}",pageTitle:"Bekræft e-mail | ${clientName}",resendText:"Send koden igen",successDescription:"Din e-mail er blevet bekræftet.",successTitle:"E-mail bekræftet",title:"Bekræft din e-mail"}},invitation:Qx,login:Zx,"login-id":{"login-id":{alertListTitle:"Advarsler","auth0-users-validation":"Noget gik galt, prøv venligst igen senere","authentication-failure":"Vi beklager, noget gik galt under loginforsøget",buttonText:"Fortsæt","captcha-client-failure":"Vi kunne ikke indlæse sikkerhedsudfordringen. Prøv venligst igen. (Fejlkode: #{errorCode})","captcha-validation-failure":"Vi beklager, noget gik galt under validering af captcha-svaret. Prøv venligst igen.",captchaCodePlaceholder:"Indtast koden vist ovenfor","custom-script-error-code":"Noget gik galt, prøv venligst igen senere.",description:"Log ind på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}",footerLinkText:"Tilmeld dig",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode","invalid-captcha":"Løs sikkerhedsspørgsmålet for at bekræfte, at du ikke er en robot.","invalid-code":"Ugyldig kode","invalid-connection":"Ugyldig forbindelse","invalid-email-format":"Ugyldig e-mail","invalid-email-phone":"Indtast en gyldig e-mailadresse eller telefonnummer. Telefonnumre skal inkludere landekoden.","invalid-email-phone-username":"Indtast en gyldig e-mailadresse, telefonnummer eller brugernavn. Telefonnumre skal inkludere landekoden.","invalid-email-username":"Indtast en gyldig e-mailadresse eller brugernavn","invalid-expired-code":"Ugyldig eller udløbet brugerkode","invalid-login-id":"Ugyldigt login-ID indtastet","invalid-phone-username":"Indtast et gyldigt telefonnummer eller brugernavn. Telefonnumre skal inkludere landekoden.","invalid-recaptcha":"Markér afkrydsningsfeltet for at bekræfte, at du ikke er en robot.","invalid-username":"Brugernavnet kan kun indeholde alfanumeriske tegn eller: '${characters}'. Brugernavnet skal være mellem ${min} og ${max} tegn.",invitationDescription:"Log ind for at acceptere ${inviterName}s invitation til at deltage i ${companyName} på ${clientName}.",invitationTitle:"Du er blevet inviteret!","ip-blocked":"Vi har registreret mistænkelig loginadfærd, og yderligere forsøg vil blive blokeret. Kontakt venligst administratoren.",logoAltText:"${companyName}","no-db-connection":"Ugyldig forbindelse","no-email":"Indtast venligst en e-mailadresse","no-email-phone":"E-mailadresse eller telefonnummer er påkrævet","no-email-phone-username":"Telefonnummer, brugernavn eller e-mailadresse er påkrævet","no-email-username":"E-mailadresse eller brugernavn er påkrævet","no-password":"Adgangskode er påkrævet","no-phone":"Indtast venligst et telefonnummer","no-phone-username":"Telefonnummer eller brugernavn er påkrævet","no-username":"Brugernavn er påkrævet",pageTitle:"Log ind | ${clientName}","password-breached":"Vi har registreret et potentielt sikkerhedsproblem med denne konto. For at beskytte din konto har vi forhindret dette login. Nulstil venligst din adgangskode for at fortsætte.",passwordPlaceholder:"Adgangskode",phoneOrEmailPlaceholder:"E-mail eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, brugernavn eller e-mail",phoneOrUsernamePlaceholder:"Telefonnummer eller brugernavn",phonePlaceholder:"Telefonnummer","same-user-login":"For mange loginforsøg for denne bruger. Vent venligst, og prøv igen senere.",selectCountryCode:"Vælg landekode, i øjeblikket sat til ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",signupActionLinkText:"Tilmeld dig",signupActionText:"Har du ikke en konto?",termsAndConditionsTemplate:'Ved at fortsætte accepterer du vores <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Vilkår og betingelser</a>.',title:"Velkommen","user-blocked":"Din konto er blevet blokeret efter flere på hinanden følgende loginforsøg.",userAccountDoesNotExist:"Brugerkontoen findes ikke",usernameOnlyPlaceholder:"Brugernavn",usernameOrEmailPlaceholder:"Brugernavn eller e-mailadresse",usernamePlaceholder:"Brugernavn",usernameTooLong:"Brugernavnet må højst være ${max} tegn",usernameTooShort:"Brugernavnet skal være mindst ${min} tegn","wrong-credentials":"Forkert brugernavn eller adgangskode","wrong-email-credentials":"Forkert e-mail eller adgangskode","wrong-email-phone-credentials":"Forkert e-mailadresse, telefonnummer eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-email-phone-username-credentials":"Forkert e-mailadresse, telefonnummer, brugernavn eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-email-username-credentials":"Forkert e-mailadresse, brugernavn eller adgangskode","wrong-phone-credentials":"Forkert telefonnummer eller adgangskode","wrong-phone-username-credentials":"Forkert telefonnummer, brugernavn eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-username-credentials":"Forkert brugernavn eller adgangskode",passkeyButtonText:"Log ind med passkey"}},"login-password":{"login-password":{buttonText:"Log ind",description:"Indtast din e-mailadresse og adgangskode for at logge ind.",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode","no-password":"Adgangskode er påkrævet",pageTitle:"Log ind | ${clientName}","password-breached":"Vi har registreret et potentielt sikkerhedsproblem med denne konto. For at beskytte din konto har vi forhindret dette login. Nulstil venligst din adgangskode for at fortsætte.",passwordPlaceholder:"Adgangskode",showPasswordText:"Vis adgangskode",signingInAs:"Logger ind som ${email}",title:"Indtast adgangskode",unverifiedEmail:"Bekræft venligst din e-mailadresse, før du logger ind","user-blocked":"Din konto er blevet blokeret efter flere på hinanden følgende loginforsøg.","wrong-credentials":"Forkert adgangskode"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mail",authMethodEmailOrPhone:"e-mail eller telefonnummer",authMethodPhone:"telefonnummer",description:"Log ind med din ${authMethod}",emailOrPhonePlaceholder:"E-mailadresse eller telefonnummer",emailPlaceholder:"E-mail-adresse",invalidEmail:"Indtast venligst en gyldig e-mailadresse",invalidIdentifier:"Indtast venligst en gyldig e-mailadresse eller telefonnummer",invalidPhone:"Indtast venligst et gyldigt telefonnummer med landekode",noEmail:"Indtast venligst din e-mailadresse",noPhone:"Indtast venligst dit telefonnummer",phonePlaceholder:"Telefonnummer",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Log ind med en kode",userAccountDoesNotExist:"Brugerkontoen findes ikke"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klik på linket i din e-mail for at logge ind",description:"Vi sendte et link til ${username}. Klik på det for at logge ind.",resendText:"Send link igen",spamText:"Har du ikke modtaget e-mailen? Tjek din spam-mappe.",title:"Tjek din e-mail"}},mfa:Xx,"mfa-email":{"mfa-email":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Vi sendte en kode til ${email}","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"E-mailbekræftelse | ${clientName}",resendText:"Send kode igen",title:"Tjek din e-mail"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Indtast den 6-cifrede kode fra din autentificeringsapp","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Indtast kode | ${clientName}",title:"Indtast din kode"},"mfa-totp-enrollment":{title:"Opsæt autentificeringsapp",description:"Scan QR-koden nedenfor med din autentificeringsapp, og indtast derefter den 6-cifrede kode for at bekræfte",secretLabel:"Eller indtast denne kode manuelt:",codePlaceholder:"Indtast kode",continueButtonText:"Bekræft og aktiver","invalid-code":"Den indtastede kode er ugyldig. Prøv venligst igen.","transaction-not-found":"Din tilmeldingssession er udløbet. Du skal starte forfra.",pageTitle:"Opsæt autentificeringsapp | ${clientName}",unexpectedError:"Noget gik galt. Prøv venligst igen.",enrollmentComplete:"MFA-tilmeldingen er fuldført. Du kan lukke denne side."},"mfa-totp-challenge":{title:"Bekræft din identitet",description:"Indtast den 6-cifrede kode fra din autentificeringsapp",codePlaceholder:"Indtast kode",continueButtonText:"Fortsæt","invalid-code":"Den indtastede kode er ugyldig","transaction-not-found":"Din session er udløbet. Du skal starte forfra.",unexpectedError:"Noget gik galt. Prøv venligst igen.",pageTitle:"Bekræft identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Brug dit telefonnummer til at logge ind | ${clientName}",title:"Bekræft din identitet",description:"Vi sendte en kode til ${phoneNumber}",continueButtonText:"Fortsæt",changePhoneText:"Vælg et andet telefonnummer.",smsButtonText:"SMS",voiceButtonText:"Taleopkald",chooseMessageTypeText:"Hvordan vil du modtage koden?",pickAuthenticatorText:"Prøv en anden metode",logoAltText:"${companyName}",codePlaceholder:"Indtast kode","send-sms-failed":"Der opstod et problem med at sende SMS'en","send-voice-failed":"Der opstod et problem med at foretage taleopkaldet","invalid-phone-format":"Telefonnummeret kan kun indeholde cifre.","invalid-phone":"Det ser ud til, at dit telefonnummer ikke er gyldigt. Kontrollér og prøv igen.","too-many-sms":"Du har overskredet det maksimale antal telefonbeskeder pr. time. Vent et par minutter og prøv igen.","too-many-voice":"Du har overskredet det maksimale antal telefonopkald pr. time. Vent et par minutter og prøv igen.","transaction-not-found":"Din registreringstransaktion er udløbet, du skal starte forfra.","no-phone":"Indtast et telefonnummer",noCode:"Indtast bekræftelseskoden",invalidCode:"Den indtastede kode er ugyldig. Prøv igen.",unexpectedError:"Noget gik galt. Prøv igen.",resendSuccess:"Vi sendte en ny kode til din telefon",enrollmentComplete:"MFA-tilmeldingen er fuldført. Du kan lukke denne side."},"mfa-phone-enrollment":{pageTitle:"Indtast dit telefonnummer for at logge ind med en telefonkode | ${clientName}",title:"Sikre din konto",description:"Indtast din landekode og telefonnummer, som vi kan sende en 6-cifret kode til:",continueButtonText:"Fortsæt",smsButtonText:"SMS",voiceButtonText:"Taleopkald",chooseMessageTypeText:"Hvordan vil du modtage koden?",pickAuthenticatorText:"Prøv en anden metode",placeholder:"Indtast dit telefonnummer",logoAltText:"${companyName}",selectCountryCode:"Vælg landekode, i øjeblikket sat til ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Der opstod et problem med at sende SMS'en","send-voice-failed":"Der opstod et problem med at foretage taleopkaldet","sms-authenticator-error":"Vi kunne ikke sende SMS'en. Prøv igen senere.","invalid-phone-format":"Telefonnummeret kan kun indeholde cifre.","invalid-phone":"Det ser ud til, at dit telefonnummer ikke er gyldigt. Kontrollér og prøv igen.","too-many-sms":"Du har overskredet det maksimale antal telefonbeskeder pr. time. Vent et par minutter og prøv igen.","too-many-voice":"Du har overskredet det maksimale antal telefonopkald pr. time. Vent et par minutter og prøv igen.","transaction-not-found":"Din registreringstransaktion er udløbet, du skal starte forfra.","no-phone":"Indtast et telefonnummer","phone-is-too-short":"Telefonnummeret er for kort","phone-is-too-long":"Telefonnummeret er for langt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Vælg bekræftelsesmetode | ${clientName}",title:"Vælg din bekræftelsesmetode",description:"Vælg hvordan du vil bekræfte din identitet",authenticatorAppLabel:"Godkendelsesapp",authenticatorAppDescription:"Brug din godkendelsesapp til at få en bekræftelseskode",smsLabel:"Sms-besked",smsDescription:"Få en bekræftelseskode sendt til din telefon",passkeyLabel:"Adgangsnøgle",passkeyDescription:"Brug din enheds biometri eller sikkerhedsnøgle"}},"mfa-push":{"mfa-push":{description:"Vi sendte en notifikation til din enhed",pageTitle:"Push-notifikation | ${clientName}",resendText:"Send notifikation igen",title:"Godkend anmodningen",useCodeText:"Indtast kode manuelt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsæt",codePlaceholder:"Gendannelseskode",description:"Indtast en af dine gendannelseskoder","invalid-code":"Den indtastede gendannelseskode er ugyldig",pageTitle:"Gendannelseskode | ${clientName}",title:"Indtast gendannelseskode"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring til mig",codePlaceholder:"Indtast kode",description:"Vi ringer til ${phoneNumber} med din kode","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Taleopkald | ${clientName}",title:"Modtag et telefonopkald"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Prøv igen",description:"Indsæt din sikkerhedsnøgle og følg instruktionerne",pageTitle:"Sikkerhedsnøgle | ${clientName}",title:"Brug din sikkerhedsnøgle"}},passkeys:eI,organizations:tI,"reset-password":{"reset-password":{backToLoginText:"Gå tilbage",buttonText:"Send e-mail til nulstilling af adgangskode",codeExpired:"Din kode til nulstilling af adgangskode er udløbet. Anmod venligst om en ny.",confirmPasswordLabel:"Bekræft adgangskode",confirmPasswordPlaceholder:"Bekræft adgangskode",description:"Klik på knappen nedenfor, så sender vi instruktioner om, hvordan du nulstiller din adgangskode.",emailPlaceholder:"E-mail-adresse",failed:"Nulstilling af adgangskode mislykkedes. Prøv venligst igen.","invalid-email-format":"Ugyldig e-mail","no-email":"Indtast venligst en e-mailadresse",pageTitle:"Nulstil adgangskode | ${clientName}",passwordLabel:"Ny adgangskode",passwordPlaceholder:"Ny adgangskode",passwordTooWeak:"Adgangskoden er for svag",passwordsDidntMatch:"Adgangskoderne matcher ikke",successDescription:"Vi har sendt et link til nulstilling af adgangskode til din e-mailadresse.",successTitle:"E-mail til nulstilling af adgangskode sendt",title:"Har du glemt din adgangskode?","user-not-found":"Bruger ikke fundet"},"reset-password-code":{backToLoginText:"Tilbage til login",buttonText:"Nulstil adgangskode",codeLabel:"Nulstillingskode",codePlaceholder:"Indtast 6-cifret kode",confirmPasswordLabel:"Bekræft adgangskode",confirmPasswordPlaceholder:"Bekræft adgangskode",defaultDescription:"Indtast koden sendt til din e-mail og vælg en ny adgangskode",description:"Vi sendte en kode til ${email}",failed:"Nulstilling af adgangskode mislykkedes. Prøv venligst igen.",invalidCode:"Den indtastede kode er ugyldig eller udløbet",noCode:"Indtast venligst nulstillingskoden",pageTitle:"Indtast nulstillingskode | ${clientName}",passwordLabel:"Ny adgangskode",passwordPlaceholder:"Ny adgangskode",passwordTooWeak:"Adgangskoden er for svag",passwordsDidntMatch:"Adgangskoderne matcher ikke",resendFailed:"Kunne ikke sende koden igen. Prøv igen.",resendSuccess:"En ny kode er blevet sendt til din e-mail",resendText:"Send kode igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Indtast nulstillingskode"}},signup:nI,"signup-id":{"signup-id":{buttonText:"Fortsæt",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.","email-already-exists":"E-mailen er allerede optaget",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}","invalid-email-format":"Ugyldig e-mail",loginActionLinkText:"Log ind",loginActionText:"Har du allerede en konto?","no-email":"Indtast venligst en e-mailadresse",pageTitle:"Tilmeld dig | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Vælg adgangskode",usernamePlaceholder:"Brugernavn"}},"signup-password":{"signup-password":{buttonText:"Fortsæt",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.",hidePasswordText:"Skjul adgangskode","no-password":"Adgangskode er påkrævet",pageTitle:"Tilmeld dig | ${clientName}","password-policy-not-met":"Adgangskoden opfylder ikke kravene","password-too-weak":"Adgangskoden er for svag",passwordPlaceholder:"Adgangskode",showPasswordText:"Vis adgangskode",title:"Vælg adgangskode"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Log ind",codeLabel:"Bekræftelseskode",codePlaceholder:"Indtast kode",defaultDescription:"Indtast bekræftelseskoden, der blev sendt til din telefon",description:"Vi sendte en kode til ${username}","invalid-code":"Ugyldig kode",noCode:"Indtast venligst bekræftelseskoden",pageTitle:"Indtast kode | ${clientName}",resendText:"Send koden igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Tjek din telefon",unexpectedError:"Der opstod en uventet fejl"}},status:iI},Vj=Object.freeze(Object.defineProperty({__proto__:null,common:Jx,consent:Yx,default:Hj,invitation:Qx,login:Zx,mfa:Xx,organizations:tI,passkeys:eI,signup:nI,status:iI},Symbol.toStringTag,{value:"Module"})),rI={common:{alertListTitle:"Alerts",backText:"Back",cancelText:"Cancel",closeText:"Close",contactSupportText:"Contact Support",continueText:"Continue",copyrightText:"© ${currentYear} ${companyName}",errorText:"An error occurred",hidePasswordText:"Hide password",loadingText:"Loading...",orText:"or",privacyPolicyText:"Privacy Policy",showPasswordText:"Show password",termsOfServiceText:"Terms of Service",termsShortText:"Terms",tryAgainText:"Try again"}},oI={consent:{buttonText:"Accept",cancelButtonText:"Deny",description:"${clientName} is requesting access to your account",pageTitle:"Authorize | ${clientName}",scopesTitle:"This will allow ${clientName} to:",title:"Authorize ${clientName}"}},sI={invitation:{acceptButtonText:"Accept invitation",description:"${inviterName} has invited you to join ${organizationName} on ${clientName}",pageTitle:"Invitation | ${clientName}",title:"You've been invited"}},aI={login:{alertListTitle:"Alerts",buttonText:"Continue",description:"Log in to ${clientName}.",editEmailText:"Edit",emailPlaceholder:"Email address",enterACodeBtn:"Sign in with a code",federatedConnectionButtonText:"Continue with ${connectionName}",footerLinkText:"Sign up",footerText:"Don't have an account?",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password",invalidEmail:"Invalid email",invalidIdentifier:"Invalid email or username",invitationDescription:"Log in to accept ${inviterName}'s invitation to join ${companyName} on ${clientName}.",invitationTitle:"You've Been Invited!",logoAltText:"${companyName}","no-email":"Please enter an email address","no-password":"Password is required",pageTitle:"Log in | ${clientName}",passwordLoginNotAvailable:"Password authentication is not available",passwordPlaceholder:"Password",phonePlaceholder:"Phone number",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",signupActionLinkText:"Sign up",signupActionText:"Don't have an account?",title:"Welcome",tooManyFailedLogins:"Too many failed login attempts. Please try again later.",unverifiedEmail:"Please verify your email address before logging in",userAccountDoesNotExist:"User account does not exist",usernamePlaceholder:"Username or email address",usernameTooLong:"Username must be ${max} characters or less",usernameTooShort:"Username must be at least ${min} characters",passkeyButtonText:"Sign in with a passkey",wrongCredentials:"Wrong username or password"}},cI={mfa:{backupCodeText:"Use backup code",description:"Choose a verification method",pageTitle:"Multi-Factor Authentication | ${clientName}",title:"Verify your identity"}},lI={"passkey-enrollment-nudge":{title:"Secure your account with a passkey",description:"Passkeys use your device's biometrics or PIN to sign you in faster and more securely.",enrollButtonText:"Set up passkey",snoozeButtonText:"Maybe later",optOutLinkText:"Don't show this again",pageTitle:"Set Up Passkey | ${clientName}"},"passkey-enrollment":{title:"Create your passkey",description:"Follow the prompts from your browser to create a passkey for this account.",errorMessage:"Failed to create passkey. Please try again.",cancelLinkText:"Skip for now",retryButtonText:"Try again",enrollmentComplete:"Your passkey has been set up successfully. You can close this page.",pageTitle:"Create Passkey | ${clientName}"},"passkey-challenge":{title:"Sign in with a passkey",description:"Follow the prompts from your browser to verify your identity.",errorMessage:"Passkey authentication failed. Please try again.",cancelLinkText:"Back to login",retryButtonText:"Try again",pageTitle:"Sign In with Passkey | ${clientName}"}},dI={organizations:{description:"Choose which organization to log in to",pageTitle:"Select Organization | ${clientName}",searchPlaceholder:"Search organizations",title:"Select your organization"}},uI={signup:{buttonText:"Continue",confirmPasswordPlaceholder:"Confirm password",description:"Sign up to continue","email-already-exists":"This email is already registered",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}",hidePasswordText:"Hide password","invalid-email-format":"Email is not valid.",loginActionLinkText:"Log in",loginActionText:"Already have an account?","no-email":"Please enter an email address","no-password":"Password is required","no-username":"Username is required",pageTitle:"Sign up | ${clientName}",passwordPlaceholder:"Password",passwordsDidntMatch:"Passwords don't match",phonePlaceholder:"Phone number",privacyPolicyLinkText:"Privacy Policy",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",termsOfServiceLinkText:"Terms of Service",termsText:"By signing up, you agree to our",title:"Create your account","username-already-exists":"This username is already taken",usernamePlaceholder:"Username",verifyEmailText:"Please check your email to verify your account"}},pI={status:{continueButtonText:"Continue",errorTitle:"Error",pageTitle:"Status | ${clientName}",successTitle:"Success",title:"Status"}},Kj={common:rI,consent:oI,"device-flow":{"device-flow":{buttonText:"Continue",codePlaceholder:"Enter code",description:"Enter the code shown on your device","expired-code":"The code has expired","invalid-code":"The code you entered is invalid",pageTitle:"Device Activation | ${clientName}",title:"Activate your device"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Continue",codeLabel:"Verification Code",codePlaceholder:"Enter code",defaultDescription:"Enter the verification code sent to your email",description:"We sent a code to ${email}","invalid-code":"The code you entered is invalid",noCode:"Please enter the verification code",pageTitle:"Enter Code | ${clientName}",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Check your email",unexpectedError:"An unexpected error occurred"}},"email-verification":{"email-verification":{description:"We sent an email to ${email}",pageTitle:"Verify Email | ${clientName}",resendText:"Resend email",successDescription:"Your email has been verified successfully.",successTitle:"Email verified",title:"Verify your email"}},invitation:sI,login:aI,"login-id":{"login-id":{alertListTitle:"Alerts","auth0-users-validation":"Something went wrong, please try again later","authentication-failure":"We are sorry, something went wrong when attempting to log in",buttonText:"Continue","captcha-client-failure":"We couldn't load the security challenge. Please try again. (Error code: #{errorCode})","captcha-validation-failure":"We are sorry, something went wrong while validating the captcha response. Please try again.",captchaCodePlaceholder:"Enter the code shown above","custom-script-error-code":"Something went wrong, please try again later.",description:"Log in to ${clientName}.",editEmailText:"Edit",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}",footerLinkText:"Sign up",footerText:"Don't have an account?",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password","invalid-captcha":"Solve the challenge question to verify you are not a robot.","invalid-code":"The code you entered is invalid","invalid-connection":"Invalid connection","invalid-email-format":"Email is not valid.","invalid-email-phone":"Enter a valid email address or phone number. Phone numbers must include the country code.","invalid-email-phone-username":"Enter a valid email address, phone number or username. Phone numbers must include the country code.","invalid-email-username":"Enter a valid email address or username","invalid-expired-code":"Invalid or expired user code","invalid-login-id":"Invalid Login ID entered","invalid-phone-username":"Enter a valid phone number or username. Phone numbers must include the country code.","invalid-recaptcha":"Select the checkbox to verify you are not a robot.","invalid-username":"Username can only contain alphanumeric characters or: '${characters}'. Username should have between ${min} and ${max} characters.",invitationDescription:"Log in to accept ${inviterName}'s invitation to join ${companyName} on ${clientName}.",invitationTitle:"You've Been Invited!","ip-blocked":"We have detected suspicious login behavior and further attempts will be blocked. Please contact the administrator.",logoAltText:"${companyName}","no-db-connection":"Invalid connection","no-email":"Please enter an email address","no-email-phone":"Email address or phone number is required","no-email-phone-username":"Phone number, username, or email address is required","no-email-username":"Email address or username is required","no-password":"Password is required","no-phone":"Please enter a phone number","no-phone-username":"Phone number or username is required","no-username":"Username is required",pageTitle:"Log in | ${clientName}","password-breached":"We have detected a potential security issue with this account. To protect your account, we have prevented this login. Please reset your password to proceed.",passwordPlaceholder:"Password",phoneOrEmailPlaceholder:"Phone number or Email address",phoneOrUsernameOrEmailPlaceholder:"Phone or Username or Email",phoneOrUsernamePlaceholder:"Phone Number or Username",phonePlaceholder:"Phone number","same-user-login":"Too many login attempts for this user. Please wait, and try again later.",selectCountryCode:"Select country code, currently set to ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",signupActionLinkText:"Sign up",signupActionText:"Don't have an account?",termsAndConditionsTemplate:'By continuing, you agree to our <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Terms and Conditions</a>.',title:"Welcome","user-blocked":"Your account has been blocked after multiple consecutive login attempts.",userAccountDoesNotExist:"User account does not exist",usernameOnlyPlaceholder:"Username",usernameOrEmailPlaceholder:"Username or Email address",usernamePlaceholder:"Username or email address",usernameTooLong:"Username must be ${max} characters or less",usernameTooShort:"Username must be at least ${min} characters","wrong-credentials":"Wrong username or password","wrong-email-credentials":"Wrong email or password","wrong-email-phone-credentials":"Incorrect email address, phone number, or password. Phone numbers must include the country code.","wrong-email-phone-username-credentials":"Incorrect email address, phone number, username, or password. Phone numbers must include the country code.","wrong-email-username-credentials":"Incorrect email address, username, or password","wrong-phone-credentials":"Incorrect phone number or password","wrong-phone-username-credentials":"Incorrect phone number, username or password. Phone numbers must include the country code.",passkeyButtonText:"Sign in with a passkey","wrong-username-credentials":"Incorrect username or password"}},"login-password":{"login-password":{buttonText:"Continue",description:"Log in to ${clientName}",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password","no-password":"Password is required",pageTitle:"Log in | ${clientName}","password-breached":"We have detected a potential security issue with this account. To protect your account, we have prevented this login. Please reset your password to proceed.",passwordPlaceholder:"Password",showPasswordText:"Show password",signingInAs:"Signing in as ${email}",title:"Enter your password",unverifiedEmail:"Please verify your email address before logging in","user-blocked":"Your account has been blocked after multiple consecutive login attempts.","wrong-credentials":"Wrong password"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"email",authMethodEmailOrPhone:"email or phone number",authMethodPhone:"phone number",description:"Sign in using your ${authMethod}",emailOrPhonePlaceholder:"Email address or phone number",emailPlaceholder:"Email address",invalidEmail:"Please enter a valid email address",invalidIdentifier:"Please enter a valid email address or phone number",invalidPhone:"Please enter a valid phone number with country code",noEmail:"Please enter your email address",noPhone:"Please enter your phone number",phonePlaceholder:"Phone number",sessionExpired:"Your session has expired. Please try again.",title:"Sign in with a code",userAccountDoesNotExist:"User account does not exist"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Click the link in your email to sign in",description:"We sent a link to ${username}. Click it to sign in.",resendText:"Resend link",spamText:"Didn't receive the email? Check your spam folder.",title:"Check your email"}},mfa:cI,"mfa-email":{"mfa-email":{buttonText:"Continue",codePlaceholder:"Enter code",description:"We sent a code to ${email}","invalid-code":"The code you entered is invalid",pageTitle:"Email Verification | ${clientName}",resendText:"Resend code",title:"Check your email"}},"mfa-otp":{"mfa-otp":{buttonText:"Continue",codePlaceholder:"Enter code",description:"Enter the 6-digit code from your authenticator app","invalid-code":"The code you entered is invalid",pageTitle:"Enter Code | ${clientName}",title:"Enter your code"},"mfa-totp-enrollment":{title:"Set up authenticator",description:"Scan the QR code below with your authenticator app, then enter the 6-digit code to verify",secretLabel:"Or enter this code manually:",codePlaceholder:"Enter code",continueButtonText:"Verify & Activate","invalid-code":"The code you entered is invalid. Please try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.",unexpectedError:"Something went wrong. Please try again.",pageTitle:"Set up Authenticator | ${clientName}",enrollmentComplete:"MFA enrollment is complete. You can close this page."},"mfa-totp-challenge":{title:"Verify your identity",description:"Enter the 6-digit code from your authenticator app",codePlaceholder:"Enter code",continueButtonText:"Continue","invalid-code":"The code you entered is invalid","transaction-not-found":"Your enrollment transaction expired, you will need to start again.",unexpectedError:"Something went wrong. Please try again.",pageTitle:"Verify Identity | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Use your phone number to log in | ${clientName}",title:"Verify Your Identity",description:"We sent a code to ${phoneNumber}",continueButtonText:"Continue",changePhoneText:"Choose another phone number.",smsButtonText:"Text message",voiceButtonText:"Voice call",chooseMessageTypeText:"How do you want to receive the code?",pickAuthenticatorText:"Try another method",logoAltText:"${companyName}",codePlaceholder:"Enter code","send-sms-failed":"There was a problem sending the SMS","send-voice-failed":"There was a problem making the voice call","invalid-phone-format":"Phone number can only include digits.","invalid-phone":"It seems that your phone number is not valid. Please check and retry.","too-many-sms":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","too-many-voice":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.","no-phone":"Please enter a phone number",noCode:"Please enter the verification code",invalidCode:"The code you entered is invalid. Please try again.",unexpectedError:"Something went wrong. Please try again.",resendSuccess:"We sent a new code to your phone",enrollmentComplete:"MFA enrollment is complete. You can close this page."},"mfa-phone-enrollment":{pageTitle:"Enter your phone number to log in using a phone code | ${clientName}",title:"Secure Your Account",description:"Enter your country code and phone number to which we can send a 6-digit code:",continueButtonText:"Continue",smsButtonText:"Text message",voiceButtonText:"Voice call",chooseMessageTypeText:"How do you want to receive the code?",pickAuthenticatorText:"Try another method",placeholder:"Enter your phone number",logoAltText:"${companyName}",selectCountryCode:"Select country code, currently set to ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"There was a problem sending the SMS","send-voice-failed":"There was a problem making the voice call","sms-authenticator-error":"We couldn't send the SMS. Please try again later.","invalid-phone-format":"Phone number can only include digits.","invalid-phone":"It seems that your phone number is not valid. Please check and retry.","too-many-sms":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","too-many-voice":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.","no-phone":"Please enter a phone number","phone-is-too-short":"Phone number is too short","phone-is-too-long":"Phone number is too long"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Choose Verification Method | ${clientName}",title:"Choose your verification method",description:"Select how you'd like to verify your identity",authenticatorAppLabel:"Authenticator App",authenticatorAppDescription:"Use your authenticator app to get a verification code",smsLabel:"Text Message",smsDescription:"Get a verification code sent to your phone",passkeyLabel:"Passkey",passkeyDescription:"Use your device's biometrics or security key"}},"mfa-push":{"mfa-push":{description:"We sent a notification to your device",pageTitle:"Push Notification | ${clientName}",resendText:"Resend notification",title:"Approve the request",useCodeText:"Enter code manually"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Continue",codePlaceholder:"Recovery code",description:"Enter one of your recovery codes","invalid-code":"The recovery code you entered is invalid",pageTitle:"Recovery Code | ${clientName}",title:"Enter recovery code"}},"mfa-voice":{"mfa-voice":{buttonText:"Call me",codePlaceholder:"Enter code",description:"We will call ${phoneNumber} with your code","invalid-code":"The code you entered is invalid",pageTitle:"Voice Call | ${clientName}",title:"Receive a phone call"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Try again",description:"Insert your security key and follow the instructions",pageTitle:"Security Key | ${clientName}",title:"Use your security key"}},passkeys:lI,organizations:dI,"reset-password":{"reset-password":{backToLoginText:"Back to login",buttonText:"Continue",codeExpired:"Your password reset code has expired. Please request a new one.",confirmPasswordLabel:"Confirm Password",confirmPasswordPlaceholder:"Confirm password",description:"Enter your email to reset your password",emailPlaceholder:"Email address",failed:"Password reset failed. Please try again.","invalid-email-format":"Email is not valid.","no-email":"Please enter an email address",pageTitle:"Reset Password | ${clientName}",passwordLabel:"New Password",passwordPlaceholder:"New password",passwordTooWeak:"Password is too weak",passwordsDidntMatch:"Passwords don't match",successDescription:"We have sent a password reset link to your email address.",successTitle:"Check your email",title:"Forgot your password?","user-not-found":"User not found"},"reset-password-code":{backToLoginText:"Back to login",buttonText:"Reset Password",codeLabel:"Reset Code",codePlaceholder:"Enter 6-digit code",confirmPasswordLabel:"Confirm Password",confirmPasswordPlaceholder:"Confirm password",defaultDescription:"Enter the code sent to your email and choose a new password",description:"We sent a code to ${email}",failed:"Password reset failed. Please try again.",invalidCode:"The code you entered is invalid or has expired",noCode:"Please enter the reset code",pageTitle:"Enter Reset Code | ${clientName}",passwordLabel:"New Password",passwordPlaceholder:"New password",passwordTooWeak:"Password is too weak",passwordsDidntMatch:"Passwords don't match",resendFailed:"Failed to resend the code. Please try again.",resendSuccess:"A new code has been sent to your email",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Enter reset code"}},signup:uI,"signup-id":{"signup-id":{buttonText:"Continue",description:"Sign up to continue","email-already-exists":"This email is already registered",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}","invalid-email-format":"Email is not valid.",loginActionLinkText:"Log in",loginActionText:"Already have an account?","no-email":"Please enter an email address",pageTitle:"Sign up | ${clientName}",phonePlaceholder:"Phone number",separatorText:"Or",title:"Create your account",usernamePlaceholder:"Username"}},"signup-password":{"signup-password":{buttonText:"Continue",description:"Sign up to continue",hidePasswordText:"Hide password","no-password":"Password is required",pageTitle:"Sign up | ${clientName}","password-policy-not-met":"Password does not meet the requirements","password-too-weak":"Password is too weak",passwordPlaceholder:"Password",showPasswordText:"Show password",title:"Create your password"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Continue",codeLabel:"Verification Code",codePlaceholder:"Enter code",defaultDescription:"Enter the verification code sent to your phone",description:"We sent a code to ${username}","invalid-code":"The code you entered is invalid",noCode:"Please enter the verification code",pageTitle:"Enter Code | ${clientName}",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Check your phone",unexpectedError:"An unexpected error occurred"}},status:pI},Gj=Object.freeze(Object.defineProperty({__proto__:null,common:rI,consent:oI,default:Kj,invitation:sI,login:aI,mfa:cI,organizations:dI,passkeys:lI,signup:uI,status:pI},Symbol.toStringTag,{value:"Module"})),fI={common:{alertListTitle:"Ilmoitukset",backText:"Palaa takaisin",cancelText:"Palaa takaisin",closeText:"Sulje",contactSupportText:"Tarvitsetko apua?",continueText:"Jatka",copyrightText:"© ${currentYear} ${companyName}",errorText:"Jokin meni pieleen. Yritä uudelleen.",hidePasswordText:"Piilota salasana",loadingText:"Ladataan...",orText:"tai",privacyPolicyText:"Tietosuojakäytäntö",showPasswordText:"Näytä salasana",termsOfServiceText:"Käyttöehdot",termsShortText:"Ehdot",tryAgainText:"Yritä uudelleen"}},hI={consent:{buttonText:"Hyväksy",cancelButtonText:"Hylkää",description:"${clientName} pyytää pääsyä tilillesi",pageTitle:"Valtuuta | ${clientName}",scopesTitle:"Tämä sallii sovelluksen ${clientName}:",title:"Valtuuta ${clientName}"}},gI={invitation:{acceptButtonText:"Hyväksy kutsu",description:"${inviterName} on kutsunut sinut liittymään organisaatioon ${organizationName} palvelussa ${clientName}",pageTitle:"Kutsu | ${clientName}",title:"Sinut on kutsuttu"}},mI={login:{alertListTitle:"Ilmoitukset",buttonText:"Jatka",description:"Kirjaudu sisään ${clientName}.",editEmailText:"Muokkaa",emailPlaceholder:"Sähköpostiosoite",enterACodeBtn:"Kirjaudu koodilla",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",footerLinkText:"Rekisteröidy",footerText:"Eikö sinulla ole tiliä?",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana",invalidEmail:"Virheellinen sähköpostiosoite",invalidIdentifier:"Virheellinen sähköpostiosoite tai käyttäjänimi",invitationDescription:"Kirjaudu sisään hyväksyäksesi käyttäjän ${inviterName} kutsun liittyä palveluun ${companyName} sovelluksessa ${clientName}.",invitationTitle:"Sinut on kutsuttu!",logoAltText:"${companyName}","no-email":"Sähköpostiosoite vaaditaan","no-password":"Salasana vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}",passwordLoginNotAvailable:"Salasanakirjautuminen ei ole käytettävissä",passwordPlaceholder:"Salasana",phonePlaceholder:"Puhelinnumero",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",signupActionLinkText:"Rekisteröidy",signupActionText:"Eikö sinulla ole tiliä?",title:"Tervetuloa",tooManyFailedLogins:"Liian monta epäonnistunutta kirjautumisyritystä. Yritä myöhemmin uudelleen.",unverifiedEmail:"Vahvista sähköpostiosoitteesi ennen kirjautumista",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa",usernamePlaceholder:"Käyttäjänimi tai sähköpostiosoite",usernameTooLong:"Käyttäjänimen on oltava enintään ${max} merkkiä",usernameTooShort:"Käyttäjänimen on oltava vähintään ${min} merkkiä",wrongCredentials:"Väärä käyttäjänimi tai salasana",passkeyButtonText:"Kirjaudu sisään passkey:llä"}},yI={mfa:{backupCodeText:"Käytä varakoodia",description:"Valitse vahvistusmenetelmä",pageTitle:"Monivaiheinen tunnistautuminen | ${clientName}",title:"Vahvista henkilöllisyytesi"}},_I={"passkey-enrollment-nudge":{title:"Suojaa tilisi tunnistautumisavaimella",description:"Tunnistautumisavaimet käyttävät laitteesi biometriikkaa tai PIN-koodia kirjautuaksesi nopeammin ja turvallisemmin.",enrollButtonText:"Määritä tunnistautumisavain",snoozeButtonText:"Ehkä myöhemmin",optOutLinkText:"Älä näytä tätä uudelleen",pageTitle:"Määritä Tunnistautumisavain | ${clientName}"},"passkey-enrollment":{title:"Luo tunnistautumisavain",description:"Seuraa selaimesi ohjeita luodaksesi tunnistautumisavaimen tälle tilille.",errorMessage:"Tunnistautumisavaimen luominen epäonnistui. Yritä uudelleen.",cancelLinkText:"Ohita toistaiseksi",retryButtonText:"Yritä uudelleen",enrollmentComplete:"Tunnistautumisavaimesi on määritetty onnistuneesti. Voit sulkea tämän sivun.",pageTitle:"Luo Tunnistautumisavain | ${clientName}"},"passkey-challenge":{title:"Kirjaudu sisään passkey:llä",description:"Noudata selaimesi ohjeita henkilöllisyytesi vahvistamiseksi.",errorMessage:"Passkey-todennus epäonnistui. Yritä uudelleen.",cancelLinkText:"Takaisin kirjautumiseen",retryButtonText:"Yritä uudelleen",pageTitle:"Kirjaudu sisään passkey:llä | ${clientName}"}},wI={organizations:{description:"Valitse organisaatio, johon haluat kirjautua",pageTitle:"Valitse organisaatio | ${clientName}",searchPlaceholder:"Hae organisaatioita",title:"Valitse organisaatiosi"}},vI={signup:{buttonText:"Rekisteröityminen",confirmPasswordPlaceholder:"Vahvista salasana",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.","email-already-exists":"Sähköposti on jo varattu",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",hidePasswordText:"Piilota salasana","invalid-email-format":"Virheellinen sähköpostiosoite",loginActionLinkText:"Kirjaudu sisään",loginActionText:"Onko sinulla jo tili?","no-email":"Sähköpostiosoite vaaditaan","no-password":"Salasana vaaditaan","no-username":"Käyttäjänimi vaaditaan",pageTitle:"Rekisteröidy | ${clientName}",passwordPlaceholder:"Salasana",passwordsDidntMatch:"Salasanat eivät täsmää",phonePlaceholder:"Puhelinnumero",privacyPolicyLinkText:"Tietosuojakäytäntö",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",termsOfServiceLinkText:"Käyttöehdot",termsText:"Rekisteröitymällä hyväksyt",title:"Valitse salasana","username-already-exists":"Tämä käyttäjänimi on jo varattu",usernamePlaceholder:"Käyttäjänimi",verifyEmailText:"Tarkista sähköpostisi vahvistaaksesi tilisi"}},bI={status:{continueButtonText:"Jatka",errorTitle:"Virhe",pageTitle:"Tila | ${clientName}",successTitle:"Onnistui",title:"Tila"}},Wj={common:fI,consent:hI,"device-flow":{"device-flow":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Syötä laitteessasi näkyvä koodi","expired-code":"Koodi on vanhentunut","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Laitteen aktivointi | ${clientName}",title:"Aktivoi laitteesi"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Kirjaudu sisään",codeLabel:"Vahvistuskoodi",codePlaceholder:"Syötä koodi",defaultDescription:"Syötä sähköpostiisi lähetetty vahvistuskoodi",description:"Lähetimme koodin osoitteeseen ${email}","invalid-code":"Virheellinen koodi",noCode:"Syötä vahvistuskoodi",pageTitle:"Syötä koodi | ${clientName}",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Tarkista sähköpostisi",unexpectedError:"Odottamaton virhe tapahtui"}},"email-verification":{"email-verification":{description:"Lähetimme sähköpostin osoitteeseen ${email}",pageTitle:"Vahvista sähköposti | ${clientName}",resendText:"Lähetä koodi uudelleen",successDescription:"Sähköpostiosoitteesi on vahvistettu onnistuneesti.",successTitle:"Sähköposti vahvistettu",title:"Vahvista sähköpostiosoitteesi"}},invitation:gI,login:mI,"login-id":{"login-id":{alertListTitle:"Ilmoitukset","auth0-users-validation":"Jokin meni pieleen, yritä myöhemmin uudelleen","authentication-failure":"Valitettavasti jokin meni pieleen kirjautumisyrityksen aikana",buttonText:"Jatka","captcha-client-failure":"Turvatarkistuksen lataaminen epäonnistui. Yritä uudelleen. (Virhekoodi: #{errorCode})","captcha-validation-failure":"Valitettavasti jokin meni pieleen captcha-vastauksen tarkistuksessa. Yritä uudelleen.",captchaCodePlaceholder:"Syötä yllä näkyvä koodi","custom-script-error-code":"Jokin meni pieleen, yritä myöhemmin uudelleen.",description:"Kirjaudu sisään ${clientName}.",editEmailText:"Muokkaa",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",footerLinkText:"Rekisteröidy",footerText:"Eikö sinulla ole tiliä?",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana","invalid-captcha":"Ratkaise haaste varmistaaksesi, ettet ole robotti.","invalid-code":"Virheellinen koodi","invalid-connection":"Virheellinen yhteys","invalid-email-format":"Virheellinen sähköpostiosoite","invalid-email-phone":"Syötä kelvollinen sähköpostiosoite tai puhelinnumero. Puhelinnumeron tulee sisältää maatunnus.","invalid-email-phone-username":"Syötä kelvollinen sähköpostiosoite, puhelinnumero tai käyttäjänimi. Puhelinnumeron tulee sisältää maatunnus.","invalid-email-username":"Syötä kelvollinen sähköpostiosoite tai käyttäjänimi","invalid-expired-code":"Virheellinen tai vanhentunut käyttäjäkoodi","invalid-login-id":"Virheellinen kirjautumistunnus","invalid-phone-username":"Syötä kelvollinen puhelinnumero tai käyttäjänimi. Puhelinnumeron tulee sisältää maatunnus.","invalid-recaptcha":"Valitse valintaruutu varmistaaksesi, ettet ole robotti.","invalid-username":"Käyttäjänimi voi sisältää vain aakkosnumeerisia merkkejä tai: '${characters}'. Käyttäjänimen tulee olla ${min}–${max} merkkiä.",invitationDescription:"Kirjaudu sisään hyväksyäksesi käyttäjän ${inviterName} kutsun liittyä palveluun ${companyName} sovelluksessa ${clientName}.",invitationTitle:"Sinut on kutsuttu!","ip-blocked":"Olemme havainneet epäilyttävää kirjautumiskäyttäytymistä ja lisäyritykset estetään. Ota yhteyttä ylläpitäjään.",logoAltText:"${companyName}","no-db-connection":"Virheellinen yhteys","no-email":"Sähköpostiosoite vaaditaan","no-email-phone":"Sähköpostiosoite tai puhelinnumero vaaditaan","no-email-phone-username":"Puhelinnumero, käyttäjänimi tai sähköpostiosoite vaaditaan","no-email-username":"Sähköpostiosoite tai käyttäjänimi vaaditaan","no-password":"Salasana vaaditaan","no-phone":"Syötä puhelinnumero","no-phone-username":"Puhelinnumero tai käyttäjänimi vaaditaan","no-username":"Käyttäjänimi vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}","password-breached":"Olemme havainneet mahdollisen tietoturvaongelman tässä tilissä. Tilisi suojaamiseksi olemme estäneet tämän kirjautumisen. Vaihda salasanasi jatkaaksesi.",passwordPlaceholder:"Salasana",phoneOrEmailPlaceholder:"Sähköposti tai puhelinnumero",phoneOrUsernameOrEmailPlaceholder:"Puhelin, käyttäjänimi tai sähköposti",phoneOrUsernamePlaceholder:"Puhelinnumero tai käyttäjänimi",phonePlaceholder:"Puhelinnumero","same-user-login":"Liian monta kirjautumisyritystä tälle käyttäjälle. Odota hetki ja yritä myöhemmin uudelleen.",selectCountryCode:"Valitse maakoodi, tällä hetkellä ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",signupActionLinkText:"Rekisteröidy",signupActionText:"Eikö sinulla ole tiliä?",termsAndConditionsTemplate:'Jatkamalla hyväksyt <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Käyttöehdot</a>.',title:"Tervetuloa","user-blocked":"Tilisi on estetty useiden peräkkäisten kirjautumisyritysten jälkeen.",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa",usernameOnlyPlaceholder:"Käyttäjänimi",usernameOrEmailPlaceholder:"Käyttäjänimi tai sähköpostiosoite",usernamePlaceholder:"Käyttäjänimi",usernameTooLong:"Käyttäjänimen on oltava enintään ${max} merkkiä",usernameTooShort:"Käyttäjänimen on oltava vähintään ${min} merkkiä","wrong-credentials":"Väärä käyttäjänimi tai salasana","wrong-email-credentials":"Väärä sähköpostiosoite tai salasana","wrong-email-phone-credentials":"Virheellinen sähköpostiosoite, puhelinnumero tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-email-phone-username-credentials":"Virheellinen sähköpostiosoite, puhelinnumero, käyttäjänimi tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-email-username-credentials":"Virheellinen sähköpostiosoite, käyttäjänimi tai salasana","wrong-phone-credentials":"Virheellinen puhelinnumero tai salasana","wrong-phone-username-credentials":"Virheellinen puhelinnumero, käyttäjänimi tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-username-credentials":"Virheellinen käyttäjänimi tai salasana",passkeyButtonText:"Kirjaudu sisään passkey:llä"}},"login-password":{"login-password":{buttonText:"Kirjaudu sisään",description:"Anna sähköpostiosoitteesi ja salasanasi kirjautuaksesi sisään.",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana","no-password":"Salasana vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}","password-breached":"Olemme havainneet mahdollisen tietoturvaongelman tässä tilissä. Tilisi suojaamiseksi olemme estäneet tämän kirjautumisen. Vaihda salasanasi jatkaaksesi.",passwordPlaceholder:"Salasana",showPasswordText:"Näytä salasana",signingInAs:"Kirjaudutaan käyttäjänä ${email}",title:"Anna salasana",unverifiedEmail:"Vahvista sähköpostiosoitteesi ennen kirjautumista","user-blocked":"Tilisi on estetty useiden peräkkäisten kirjautumisyritysten jälkeen.","wrong-credentials":"Väärä salasana"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"sähköposti",authMethodEmailOrPhone:"sähköposti tai puhelinnumero",authMethodPhone:"puhelinnumero",description:"Kirjaudu sisään käyttämällä ${authMethod}",emailOrPhonePlaceholder:"Sähköpostiosoite tai puhelinnumero",emailPlaceholder:"Sähköpostiosoite",invalidEmail:"Syötä kelvollinen sähköpostiosoite",invalidIdentifier:"Syötä kelvollinen sähköpostiosoite tai puhelinnumero",invalidPhone:"Syötä kelvollinen puhelinnumero maatunnuksella",noEmail:"Syötä sähköpostiosoitteesi",noPhone:"Syötä puhelinnumerosi",phonePlaceholder:"Puhelinnumero",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Kirjaudu koodilla",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Napsauta sähköpostissasi olevaa linkkiä kirjautuaksesi sisään",description:"Lähetimme linkin osoitteeseen ${username}. Napsauta sitä kirjautuaksesi.",resendText:"Lähetä linkki uudelleen",spamText:"Etkö saanut sähköpostia? Tarkista roskapostikansiosi.",title:"Tarkista sähköpostisi"}},mfa:yI,"mfa-email":{"mfa-email":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Lähetimme koodin osoitteeseen ${email}","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Sähköpostivahvistus | ${clientName}",resendText:"Lähetä koodi uudelleen",title:"Tarkista sähköpostisi"}},"mfa-otp":{"mfa-otp":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Syötä 6-numeroinen koodi todentajasovelluksestasi","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Syötä koodi | ${clientName}",title:"Syötä koodisi"},"mfa-totp-enrollment":{title:"Ota todentajasovellus käyttöön",description:"Skannaa alla oleva QR-koodi todentajasovelluksellasi ja syötä sitten 6-numeroinen koodi vahvistaaksesi",secretLabel:"Tai syötä tämä koodi manuaalisesti:",codePlaceholder:"Syötä koodi",continueButtonText:"Vahvista ja aktivoi","invalid-code":"Syöttämäsi koodi on virheellinen. Yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.",pageTitle:"Ota todentaja käyttöön | ${clientName}",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",enrollmentComplete:"MFA-rekisteröinti on valmis. Voit sulkea tämän sivun."},"mfa-totp-challenge":{title:"Vahvista henkilöllisyytesi",description:"Syötä 6-numeroinen koodi todentajasovelluksestasi",codePlaceholder:"Syötä koodi",continueButtonText:"Jatka","invalid-code":"Syöttämäsi koodi on virheellinen","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",pageTitle:"Vahvista henkilöllisyys | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Käytä puhelinnumeroasi kirjautumiseen | ${clientName}",title:"Vahvista henkilöllisyytesi",description:"Lähetimme koodin numeroon ${phoneNumber}",continueButtonText:"Jatka",changePhoneText:"Valitse toinen puhelinnumero.",smsButtonText:"Tekstiviesti",voiceButtonText:"Äänipuhelu",chooseMessageTypeText:"Miten haluat vastaanottaa koodin?",pickAuthenticatorText:"Kokeile toista menetelmää",logoAltText:"${companyName}",codePlaceholder:"Syötä koodi","send-sms-failed":"Tekstiviestin lähettämisessä oli ongelma","send-voice-failed":"Äänipuhelun soittamisessa oli ongelma","invalid-phone-format":"Puhelinnumero voi sisältää vain numeroita.","invalid-phone":"Puhelinnumerosi ei vaikuta olevan kelvollinen. Tarkista ja yritä uudelleen.","too-many-sms":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","too-many-voice":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.","no-phone":"Syötä puhelinnumero",noCode:"Syötä vahvistuskoodi",invalidCode:"Antamasi koodi on virheellinen. Yritä uudelleen.",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",resendSuccess:"Lähetimme uuden koodin puhelimeesi",enrollmentComplete:"MFA-rekisteröinti on valmis. Voit sulkea tämän sivun."},"mfa-phone-enrollment":{pageTitle:"Syötä puhelinnumerosi kirjautuaksesi puhelinkoodilla | ${clientName}",title:"Suojaa tilisi",description:"Syötä maakoodisi ja puhelinnumero, johon voimme lähettää 6-numeroisen koodin:",continueButtonText:"Jatka",smsButtonText:"Tekstiviesti",voiceButtonText:"Äänipuhelu",chooseMessageTypeText:"Miten haluat vastaanottaa koodin?",pickAuthenticatorText:"Kokeile toista menetelmää",placeholder:"Syötä puhelinnumerosi",logoAltText:"${companyName}",selectCountryCode:"Valitse maakoodi, tällä hetkellä asetettu ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Tekstiviestin lähettämisessä oli ongelma","send-voice-failed":"Äänipuhelun soittamisessa oli ongelma","sms-authenticator-error":"Emme pystyneet lähettämään tekstiviestiä. Yritä myöhemmin uudelleen.","invalid-phone-format":"Puhelinnumero voi sisältää vain numeroita.","invalid-phone":"Puhelinnumerosi ei vaikuta olevan kelvollinen. Tarkista ja yritä uudelleen.","too-many-sms":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","too-many-voice":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.","no-phone":"Syötä puhelinnumero","phone-is-too-short":"Puhelinnumero on liian lyhyt","phone-is-too-long":"Puhelinnumero on liian pitkä"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Valitse vahvistusmenetelmä | ${clientName}",title:"Valitse vahvistusmenetelmä",description:"Valitse, miten haluat vahvistaa henkilöllisyytesi",authenticatorAppLabel:"Todennussovellus",authenticatorAppDescription:"Käytä todennussovellusta vahvistuskoodin saamiseksi",smsLabel:"Tekstiviesti",smsDescription:"Saat vahvistuskoodin puhelimeesi tekstiviestillä",passkeyLabel:"Tunnistautumisavain",passkeyDescription:"Käytä laitteesi biometriikkaa tai suojausavainta"}},"mfa-push":{"mfa-push":{description:"Lähetimme ilmoituksen laitteellesi",pageTitle:"Push-ilmoitus | ${clientName}",resendText:"Lähetä ilmoitus uudelleen",title:"Hyväksy pyyntö",useCodeText:"Syötä koodi manuaalisesti"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Jatka",codePlaceholder:"Palautuskoodi",description:"Syötä yksi palautuskoodeistasi","invalid-code":"Syöttämäsi palautuskoodi on virheellinen",pageTitle:"Palautuskoodi | ${clientName}",title:"Syötä palautuskoodi"}},"mfa-voice":{"mfa-voice":{buttonText:"Soita minulle",codePlaceholder:"Syötä koodi",description:"Soitamme numeroon ${phoneNumber} ja kerromme koodisi","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Äänipuhelu | ${clientName}",title:"Vastaanota puhelu"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Yritä uudelleen",description:"Aseta turva-avaimesi ja seuraa ohjeita",pageTitle:"Turva-avain | ${clientName}",title:"Käytä turva-avaintasi"}},passkeys:_I,organizations:wI,"reset-password":{"reset-password":{backToLoginText:"Palaa takaisin",buttonText:"Lähetä salasanan palautussähköposti",codeExpired:"Salasanan palautuskoodisi on vanhentunut. Pyydä uusi koodi.",confirmPasswordLabel:"Vahvista salasana",confirmPasswordPlaceholder:"Vahvista salasana",description:"Napsauta alla olevaa painiketta, niin lähetämme ohjeet salasanasi palauttamiseen.",emailPlaceholder:"Sähköpostiosoite",failed:"Salasanan vaihto epäonnistui. Yritä uudelleen.","invalid-email-format":"Virheellinen sähköpostiosoite","no-email":"Sähköpostiosoite vaaditaan",pageTitle:"Vaihda salasana | ${clientName}",passwordLabel:"Uusi salasana",passwordPlaceholder:"Uusi salasana",passwordTooWeak:"Salasana on liian heikko",passwordsDidntMatch:"Salasanat eivät täsmää",successDescription:"Olemme lähettäneet salasanan palautuslinkin sähköpostiosoitteeseesi.",successTitle:"Salasanan palautussähköposti lähetetty",title:"Unohditko salasanan?","user-not-found":"Käyttäjää ei löytynyt"},"reset-password-code":{backToLoginText:"Takaisin kirjautumiseen",buttonText:"Vaihda salasana",codeLabel:"Palautuskoodi",codePlaceholder:"Syötä 6-numeroinen koodi",confirmPasswordLabel:"Vahvista salasana",confirmPasswordPlaceholder:"Vahvista salasana",defaultDescription:"Syötä sähköpostiisi lähetetty koodi ja valitse uusi salasana",description:"Lähetimme koodin osoitteeseen ${email}",failed:"Salasanan vaihto epäonnistui. Yritä uudelleen.",invalidCode:"Syöttämäsi koodi on virheellinen tai vanhentunut",noCode:"Syötä palautuskoodi",pageTitle:"Syötä palautuskoodi | ${clientName}",passwordLabel:"Uusi salasana",passwordPlaceholder:"Uusi salasana",passwordTooWeak:"Salasana on liian heikko",passwordsDidntMatch:"Salasanat eivät täsmää",resendFailed:"Koodin uudelleenlähetys epäonnistui. Yritä uudelleen.",resendSuccess:"Uusi koodi on lähetetty sähköpostiisi",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Syötä palautuskoodi"}},signup:vI,"signup-id":{"signup-id":{buttonText:"Jatka",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.","email-already-exists":"Sähköposti on jo varattu",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}","invalid-email-format":"Virheellinen sähköpostiosoite",loginActionLinkText:"Kirjaudu sisään",loginActionText:"Onko sinulla jo tili?","no-email":"Sähköpostiosoite vaaditaan",pageTitle:"Rekisteröidy | ${clientName}",phonePlaceholder:"Puhelinnumero",separatorText:"tai",title:"Valitse salasana",usernamePlaceholder:"Käyttäjänimi"}},"signup-password":{"signup-password":{buttonText:"Jatka",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.",hidePasswordText:"Piilota salasana","no-password":"Salasana vaaditaan",pageTitle:"Rekisteröidy | ${clientName}","password-policy-not-met":"Salasana ei täytä vaatimuksia","password-too-weak":"Salasana on liian heikko",passwordPlaceholder:"Salasana",showPasswordText:"Näytä salasana",title:"Valitse salasana"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Jatka",codeLabel:"Vahvistuskoodi",codePlaceholder:"Syötä koodi",defaultDescription:"Syötä puhelimeesi lähetetty vahvistuskoodi",description:"Lähetimme koodin käyttäjälle ${username}","invalid-code":"Virheellinen koodi",noCode:"Syötä vahvistuskoodi",pageTitle:"Syötä koodi | ${clientName}",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Tarkista puhelimesi",unexpectedError:"Odottamaton virhe tapahtui"}},status:bI},Jj=Object.freeze(Object.defineProperty({__proto__:null,common:fI,consent:hI,default:Wj,invitation:gI,login:mI,mfa:yI,organizations:wI,passkeys:_I,signup:vI,status:bI},Symbol.toStringTag,{value:"Module"})),AI={common:{alertListTitle:"Avvisi",backText:"Torna indietro",cancelText:"Annulla",closeText:"Chiudi",contactSupportText:"Contatta l'assistenza",continueText:"Continua",copyrightText:"© ${currentYear} ${companyName}",errorText:"Si è verificato un errore",hidePasswordText:"Nascondi password",loadingText:"Caricamento...",orText:"o",privacyPolicyText:"Informativa sulla privacy",showPasswordText:"Mostra password",termsOfServiceText:"Termini di servizio",termsShortText:"Termini",tryAgainText:"Riprova"}},kI={consent:{buttonText:"Accetta",cancelButtonText:"Rifiuta",description:"${clientName} richiede l'accesso al tuo account",pageTitle:"Autorizza | ${clientName}",scopesTitle:"Questo permetterà a ${clientName} di:",title:"Autorizza ${clientName}"}},SI={invitation:{acceptButtonText:"Accetta invito",description:"${inviterName} ti ha invitato a unirti a ${organizationName} su ${clientName}",pageTitle:"Invito | ${clientName}",title:"Sei stato invitato"}},EI={login:{alertListTitle:"Avvisi",buttonText:"Continua",description:"Accedi a ${clientName}.",editEmailText:"Modifica",emailPlaceholder:"Indirizzo e-mail",enterACodeBtn:"Accedi con un codice",federatedConnectionButtonText:"Continua con ${connectionName}",footerLinkText:"Iscriviti",footerText:"Non hai un account?",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password",invalidEmail:"Email non valida",invalidIdentifier:"Email o nome utente non valido",invitationDescription:"Accedi per accettare l'invito di ${inviterName} a unirti a ${companyName} su ${clientName}.",invitationTitle:"Sei stato invitato!",logoAltText:"${companyName}","no-email":"Inserisci un indirizzo email","no-password":"La password è obbligatoria",pageTitle:"Accedi | ${clientName}",passwordLoginNotAvailable:"L'autenticazione con password non è disponibile",passwordPlaceholder:"Password",phonePlaceholder:"Numero di telefono",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",signupActionLinkText:"Iscriviti",signupActionText:"Non hai un account?",title:"Benvenuto",tooManyFailedLogins:"Troppi tentativi di accesso falliti. Riprova più tardi.",unverifiedEmail:"Verifica il tuo indirizzo email prima di accedere",userAccountDoesNotExist:"L'account utente non esiste",usernamePlaceholder:"Nome utente o indirizzo email",usernameTooLong:"Il nome utente deve avere al massimo ${max} caratteri",usernameTooShort:"Il nome utente deve avere almeno ${min} caratteri",wrongCredentials:"Nome utente o password errati",passkeyButtonText:"Accedi con una passkey"}},CI={mfa:{backupCodeText:"Usa codice di backup",description:"Scegli un metodo di verifica",pageTitle:"Autenticazione a più fattori | ${clientName}",title:"Verifica la tua identità"}},TI={"passkey-enrollment-nudge":{title:"Proteggi il tuo account con una passkey",description:"Le passkey utilizzano la biometria o il PIN del tuo dispositivo per accedere più velocemente e in modo più sicuro.",enrollButtonText:"Configura passkey",snoozeButtonText:"Forse più tardi",optOutLinkText:"Non mostrare più",pageTitle:"Configura Passkey | ${clientName}"},"passkey-enrollment":{title:"Crea la tua passkey",description:"Segui le istruzioni del browser per creare una passkey per questo account.",errorMessage:"Creazione della passkey non riuscita. Riprova.",cancelLinkText:"Salta per ora",retryButtonText:"Riprova",enrollmentComplete:"La tua passkey è stata configurata con successo. Puoi chiudere questa pagina.",pageTitle:"Crea Passkey | ${clientName}"},"passkey-challenge":{title:"Accedi con passkey",description:"Segui le istruzioni del browser per verificare la tua identità.",errorMessage:"Autenticazione con passkey non riuscita. Riprova.",cancelLinkText:"Torna al login",retryButtonText:"Riprova",pageTitle:"Accedi con passkey | ${clientName}"}},xI={organizations:{description:"Scegli a quale organizzazione accedere",pageTitle:"Seleziona organizzazione | ${clientName}",searchPlaceholder:"Cerca organizzazioni",title:"Seleziona la tua organizzazione"}},II={signup:{buttonText:"Iscriviti",confirmPasswordPlaceholder:"Conferma password",description:"Registrati per continuare","email-already-exists":"Questa email è già registrata",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}",hidePasswordText:"Nascondi password","invalid-email-format":"Email non valida",loginActionLinkText:"Accedi",loginActionText:"Hai già un account?","no-email":"Inserisci un indirizzo email","no-password":"La password è obbligatoria","no-username":"Il nome utente è obbligatorio",pageTitle:"Registrati | ${clientName}",passwordPlaceholder:"Password",passwordsDidntMatch:"Le password non corrispondono",phonePlaceholder:"Numero di telefono",privacyPolicyLinkText:"Informativa sulla privacy",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",termsOfServiceLinkText:"Termini di servizio",termsText:"Registrandoti, accetti i nostri",title:"Crea il tuo account","username-already-exists":"Questo nome utente è già in uso",usernamePlaceholder:"Nome utente",verifyEmailText:"Controlla la tua email per verificare il tuo account"}},$I={status:{continueButtonText:"Continua",errorTitle:"Errore",pageTitle:"Stato | ${clientName}",successTitle:"Operazione riuscita",title:"Stato"}},Yj={common:AI,consent:kI,"device-flow":{"device-flow":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Inserisci il codice mostrato sul tuo dispositivo","expired-code":"Il codice è scaduto","invalid-code":"Il codice inserito non è valido",pageTitle:"Attivazione dispositivo | ${clientName}",title:"Attiva il tuo dispositivo"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Continua",codeLabel:"Codice di verifica",codePlaceholder:"Inserisci il codice",defaultDescription:"Inserisci il codice di verifica inviato alla tua email",description:"Abbiamo inviato un codice a ${email}","invalid-code":"Codice non valido",noCode:"Inserisci il codice di verifica",pageTitle:"Inserisci il codice | ${clientName}",resendText:"Reinvio del codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Controlla la tua email",unexpectedError:"Si è verificato un errore imprevisto"}},"email-verification":{"email-verification":{description:"Abbiamo inviato un'email a ${email}",pageTitle:"Verifica email | ${clientName}",resendText:"Reinvia email",successDescription:"La tua email è stata verificata con successo.",successTitle:"Email verificata",title:"Verificare l'e-mail"}},invitation:SI,login:EI,"login-id":{"login-id":{alertListTitle:"Avvisi","auth0-users-validation":"Qualcosa è andato storto, riprova più tardi","authentication-failure":"Siamo spiacenti, si è verificato un errore durante il tentativo di accesso",buttonText:"Continua","captcha-client-failure":"Non è stato possibile caricare la verifica di sicurezza. Riprova. (Codice errore: #{errorCode})","captcha-validation-failure":"Siamo spiacenti, si è verificato un errore durante la convalida della risposta captcha. Riprova.",captchaCodePlaceholder:"Inserisci il codice mostrato sopra","custom-script-error-code":"Qualcosa è andato storto, riprova più tardi.",description:"Accedi a ${clientName}.",editEmailText:"Modifica",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}",footerLinkText:"Iscriviti",footerText:"Non hai un account?",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password","invalid-captcha":"Risolvi la domanda di verifica per confermare che non sei un robot.","invalid-code":"Codice non valido","invalid-connection":"Connessione non valida","invalid-email-format":"Email non valida","invalid-email-phone":"Inserisci un indirizzo email o un numero di telefono valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-email-phone-username":"Inserisci un indirizzo email, un numero di telefono o un nome utente valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-email-username":"Inserisci un indirizzo email o un nome utente valido","invalid-expired-code":"Codice utente non valido o scaduto","invalid-login-id":"ID di accesso non valido","invalid-phone-username":"Inserisci un numero di telefono o un nome utente valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-recaptcha":"Seleziona la casella per confermare che non sei un robot.","invalid-username":"Il nome utente può contenere solo caratteri alfanumerici o: '${characters}'. Il nome utente deve avere tra ${min} e ${max} caratteri.",invitationDescription:"Accedi per accettare l'invito di ${inviterName} a unirti a ${companyName} su ${clientName}.",invitationTitle:"Sei stato invitato!","ip-blocked":"Abbiamo rilevato un comportamento di accesso sospetto e ulteriori tentativi saranno bloccati. Contatta l'amministratore.",logoAltText:"${companyName}","no-db-connection":"Connessione non valida","no-email":"Inserisci un indirizzo email","no-email-phone":"È richiesto un indirizzo email o un numero di telefono","no-email-phone-username":"È richiesto un numero di telefono, un nome utente o un indirizzo email","no-email-username":"È richiesto un indirizzo email o un nome utente","no-password":"La password è obbligatoria","no-phone":"Inserisci un numero di telefono","no-phone-username":"È richiesto un numero di telefono o un nome utente","no-username":"Il nome utente è obbligatorio",pageTitle:"Accedi | ${clientName}","password-breached":"Abbiamo rilevato un potenziale problema di sicurezza con questo account. Per proteggere il tuo account, abbiamo impedito questo accesso. Reimposta la password per procedere.",passwordPlaceholder:"Password",phoneOrEmailPlaceholder:"Indirizzo e-mail o numero di telefono",phoneOrUsernameOrEmailPlaceholder:"Telefono, nome utente o email",phoneOrUsernamePlaceholder:"Numero di telefono o nome utente",phonePlaceholder:"Numero di telefono","same-user-login":"Troppi tentativi di accesso per questo utente. Attendi e riprova più tardi.",selectCountryCode:"Seleziona prefisso paese, attualmente impostato su ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",signupActionLinkText:"Iscriviti",signupActionText:"Non hai un account?",termsAndConditionsTemplate:'Continuando, accetti i nostri <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Termini e condizioni</a>.',title:"Benvenuto","user-blocked":"Il tuo account è stato bloccato dopo diversi tentativi di accesso consecutivi.",userAccountDoesNotExist:"L'account utente non esiste",usernameOnlyPlaceholder:"Nome utente",usernameOrEmailPlaceholder:"Nome utente o indirizzo email",usernamePlaceholder:"Nome utente",usernameTooLong:"Il nome utente deve avere al massimo ${max} caratteri",usernameTooShort:"Il nome utente deve avere almeno ${min} caratteri","wrong-credentials":"Nome utente o password errati","wrong-email-credentials":"Email o password errati","wrong-email-phone-credentials":"Indirizzo email, numero di telefono o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-email-phone-username-credentials":"Indirizzo email, numero di telefono, nome utente o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-email-username-credentials":"Indirizzo email, nome utente o password errati","wrong-phone-credentials":"Numero di telefono o password errati","wrong-phone-username-credentials":"Numero di telefono, nome utente o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-username-credentials":"Nome utente o password errati",passkeyButtonText:"Accedi con una passkey"}},"login-password":{"login-password":{buttonText:"Accedi",description:"Accedi a ${clientName}",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password","no-password":"La password è obbligatoria",pageTitle:"Accedi | ${clientName}","password-breached":"Abbiamo rilevato un potenziale problema di sicurezza con questo account. Per proteggere il tuo account, abbiamo impedito questo accesso. Reimposta la password per procedere.",passwordPlaceholder:"Password",showPasswordText:"Mostra password",signingInAs:"Accesso come ${email}",title:"Inserire la password",unverifiedEmail:"Verifica il tuo indirizzo email prima di accedere","user-blocked":"Il tuo account è stato bloccato dopo diversi tentativi di accesso consecutivi.","wrong-credentials":"Password errata"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"email",authMethodEmailOrPhone:"email o numero di telefono",authMethodPhone:"numero di telefono",description:"Accedi usando il tuo ${authMethod}",emailOrPhonePlaceholder:"Indirizzo email o numero di telefono",emailPlaceholder:"Indirizzo e-mail",invalidEmail:"Inserisci un indirizzo email valido",invalidIdentifier:"Inserisci un indirizzo email o un numero di telefono valido",invalidPhone:"Inserisci un numero di telefono valido con il prefisso internazionale",noEmail:"Inserisci il tuo indirizzo email",noPhone:"Inserisci il tuo numero di telefono",phonePlaceholder:"Numero di telefono",sessionExpired:"La sessione è scaduta. Riprova.",title:"Accedi con un codice",userAccountDoesNotExist:"L'account utente non esiste"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Clicca il link nella tua email per accedere",description:"Abbiamo inviato un link a ${username}. Cliccalo per accedere.",resendText:"Reinvia link",spamText:"Non hai ricevuto l'email? Controlla la cartella spam.",title:"Controlla la tua email"}},mfa:CI,"mfa-email":{"mfa-email":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Abbiamo inviato un codice a ${email}","invalid-code":"Il codice inserito non è valido",pageTitle:"Verifica email | ${clientName}",resendText:"Reinvia codice",title:"Controlla la tua email"}},"mfa-otp":{"mfa-otp":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Inserisci il codice a 6 cifre dalla tua app di autenticazione","invalid-code":"Il codice inserito non è valido",pageTitle:"Inserisci il codice | ${clientName}",title:"Inserisci il tuo codice"},"mfa-totp-enrollment":{title:"Configura l'autenticatore",description:"Scansiona il codice QR qui sotto con la tua app di autenticazione, poi inserisci il codice a 6 cifre per verificare",secretLabel:"Oppure inserisci questo codice manualmente:",codePlaceholder:"Inserisci il codice",continueButtonText:"Verifica e attiva","invalid-code":"Il codice inserito non è valido. Riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.",pageTitle:"Configura autenticatore | ${clientName}",unexpectedError:"Qualcosa è andato storto. Riprova.",enrollmentComplete:"La registrazione MFA è completata. Puoi chiudere questa pagina."},"mfa-totp-challenge":{title:"Verifica la tua identità",description:"Inserisci il codice a 6 cifre dalla tua app di autenticazione",codePlaceholder:"Inserisci il codice",continueButtonText:"Continua","invalid-code":"Il codice inserito non è valido","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.",unexpectedError:"Qualcosa è andato storto. Riprova.",pageTitle:"Verifica identità | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Usa il tuo numero di telefono per accedere | ${clientName}",title:"Verifica la tua identità",description:"Abbiamo inviato un codice a ${phoneNumber}",continueButtonText:"Continua",changePhoneText:"Scegli un altro numero di telefono.",smsButtonText:"Messaggio di testo",voiceButtonText:"Chiamata vocale",chooseMessageTypeText:"Come vuoi ricevere il codice?",pickAuthenticatorText:"Prova un altro metodo",logoAltText:"${companyName}",codePlaceholder:"Inserisci il codice","send-sms-failed":"Si è verificato un problema nell'invio dell'SMS","send-voice-failed":"Si è verificato un problema nell'effettuare la chiamata vocale","invalid-phone-format":"Il numero di telefono può contenere solo cifre.","invalid-phone":"Sembra che il tuo numero di telefono non sia valido. Controlla e riprova.","too-many-sms":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","too-many-voice":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.","no-phone":"Inserisci un numero di telefono",noCode:"Inserisci il codice di verifica",invalidCode:"Il codice inserito non è valido. Riprova.",unexpectedError:"Qualcosa è andato storto. Riprova.",resendSuccess:"Abbiamo inviato un nuovo codice al tuo telefono",enrollmentComplete:"La registrazione MFA è completata. Puoi chiudere questa pagina."},"mfa-phone-enrollment":{pageTitle:"Inserisci il tuo numero di telefono per accedere con un codice telefonico | ${clientName}",title:"Proteggi il tuo account",description:"Inserisci il prefisso del paese e il numero di telefono a cui possiamo inviare un codice a 6 cifre:",continueButtonText:"Continua",smsButtonText:"Messaggio di testo",voiceButtonText:"Chiamata vocale",chooseMessageTypeText:"Come vuoi ricevere il codice?",pickAuthenticatorText:"Prova un altro metodo",placeholder:"Inserisci il tuo numero di telefono",logoAltText:"${companyName}",selectCountryCode:"Seleziona prefisso paese, attualmente impostato su ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Si è verificato un problema nell'invio dell'SMS","send-voice-failed":"Si è verificato un problema nell'effettuare la chiamata vocale","sms-authenticator-error":"Non siamo riusciti a inviare l'SMS. Riprova più tardi.","invalid-phone-format":"Il numero di telefono può contenere solo cifre.","invalid-phone":"Sembra che il tuo numero di telefono non sia valido. Controlla e riprova.","too-many-sms":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","too-many-voice":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.","no-phone":"Inserisci un numero di telefono","phone-is-too-short":"Il numero di telefono è troppo corto","phone-is-too-long":"Il numero di telefono è troppo lungo"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Scegli il metodo di verifica | ${clientName}",title:"Scegli il metodo di verifica",description:"Seleziona come vuoi verificare la tua identità",authenticatorAppLabel:"App di autenticazione",authenticatorAppDescription:"Usa la tua app di autenticazione per ottenere un codice di verifica",smsLabel:"Messaggio di testo",smsDescription:"Ricevi un codice di verifica inviato al tuo telefono",passkeyLabel:"Passkey",passkeyDescription:"Usa la biometria del tuo dispositivo o una chiave di sicurezza"}},"mfa-push":{"mfa-push":{description:"Abbiamo inviato una notifica al tuo dispositivo",pageTitle:"Notifica push | ${clientName}",resendText:"Reinvia notifica",title:"Approva la richiesta",useCodeText:"Inserisci il codice manualmente"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Continua",codePlaceholder:"Codice di recupero",description:"Inserisci uno dei tuoi codici di recupero","invalid-code":"Il codice di recupero inserito non è valido",pageTitle:"Codice di recupero | ${clientName}",title:"Inserisci il codice di recupero"}},"mfa-voice":{"mfa-voice":{buttonText:"Chiamami",codePlaceholder:"Inserisci il codice",description:"Chiameremo ${phoneNumber} con il tuo codice","invalid-code":"Il codice inserito non è valido",pageTitle:"Chiamata vocale | ${clientName}",title:"Ricevi una telefonata"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Riprova",description:"Inserisci la tua chiave di sicurezza e segui le istruzioni",pageTitle:"Chiave di sicurezza | ${clientName}",title:"Usa la tua chiave di sicurezza"}},passkeys:TI,organizations:xI,"reset-password":{"reset-password":{backToLoginText:"Torna al login",buttonText:"Continua",codeExpired:"Il codice di reimpostazione della password è scaduto. Richiedine uno nuovo.",confirmPasswordLabel:"Conferma password",confirmPasswordPlaceholder:"Conferma password",description:"Inserisci la tua email per reimpostare la password",emailPlaceholder:"Indirizzo e-mail",failed:"Reimpostazione della password non riuscita. Riprova.","invalid-email-format":"Email non valida","no-email":"Inserisci un indirizzo email",pageTitle:"Reimposta password | ${clientName}",passwordLabel:"Nuova password",passwordPlaceholder:"Nuova password",passwordTooWeak:"La password è troppo debole",passwordsDidntMatch:"Le password non corrispondono",successDescription:"Abbiamo inviato un link per reimpostare la password al tuo indirizzo email.",successTitle:"Controlla la tua email",title:"Hai dimenticato la password?","user-not-found":"Utente non trovato"},"reset-password-code":{backToLoginText:"Torna al login",buttonText:"Reimposta password",codeLabel:"Codice di reimpostazione",codePlaceholder:"Inserisci il codice a 6 cifre",confirmPasswordLabel:"Conferma password",confirmPasswordPlaceholder:"Conferma password",defaultDescription:"Inserisci il codice inviato alla tua email e scegli una nuova password",description:"Abbiamo inviato un codice a ${email}",failed:"Reimpostazione della password non riuscita. Riprova.",invalidCode:"Il codice inserito non è valido o è scaduto",noCode:"Inserisci il codice di reimpostazione",pageTitle:"Inserisci il codice di reimpostazione | ${clientName}",passwordLabel:"Nuova password",passwordPlaceholder:"Nuova password",passwordTooWeak:"La password è troppo debole",passwordsDidntMatch:"Le password non corrispondono",resendFailed:"Impossibile reinviare il codice. Riprova.",resendSuccess:"Un nuovo codice è stato inviato alla tua email",resendText:"Reinvia codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Inserisci il codice di reimpostazione"}},signup:II,"signup-id":{"signup-id":{buttonText:"Continua",description:"Registrati per continuare","email-already-exists":"Questa email è già registrata",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}","invalid-email-format":"Email non valida",loginActionLinkText:"Accedi",loginActionText:"Hai già un account?","no-email":"Inserisci un indirizzo email",pageTitle:"Registrati | ${clientName}",phonePlaceholder:"Numero di telefono",separatorText:"o",title:"Crea il tuo account",usernamePlaceholder:"Nome utente"}},"signup-password":{"signup-password":{buttonText:"Continua",description:"Registrati per continuare",hidePasswordText:"Nascondi password","no-password":"La password è obbligatoria",pageTitle:"Registrati | ${clientName}","password-policy-not-met":"La password non soddisfa i requisiti","password-too-weak":"La password è troppo debole",passwordPlaceholder:"Password",showPasswordText:"Mostra password",title:"Crea la tua password"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Continua",codeLabel:"Codice di verifica",codePlaceholder:"Inserisci il codice",defaultDescription:"Inserisci il codice di verifica inviato al tuo telefono",description:"Abbiamo inviato un codice a ${username}","invalid-code":"Codice non valido",noCode:"Inserisci il codice di verifica",pageTitle:"Inserisci il codice | ${clientName}",resendText:"Reinvia codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Controlla il tuo telefono",unexpectedError:"Si è verificato un errore imprevisto"}},status:$I},Qj=Object.freeze(Object.defineProperty({__proto__:null,common:AI,consent:kI,default:Yj,invitation:SI,login:EI,mfa:CI,organizations:xI,passkeys:TI,signup:II,status:$I},Symbol.toStringTag,{value:"Module"})),zI={common:{alertListTitle:"Varsler",backText:"Gå tilbake",cancelText:"Avbryt",closeText:"Lukk",contactSupportText:"Kontakt kundestøtte",continueText:"Fortsett",copyrightText:"© ${currentYear} ${companyName}",errorText:"Det oppstod en feil",hidePasswordText:"Skjul passord",loadingText:"Laster...",orText:"eller",privacyPolicyText:"Personvernerklæring",showPasswordText:"Vis passord",termsOfServiceText:"Vilkår for bruk",termsShortText:"Vilkår",tryAgainText:"Prøv igjen"}},NI={consent:{buttonText:"Godta",cancelButtonText:"Avslå",description:"${clientName} ber om tilgang til kontoen din",pageTitle:"Godkjenn | ${clientName}",scopesTitle:"Dette vil gi ${clientName} tillatelse til å:",title:"Godkjenn ${clientName}"}},PI={invitation:{acceptButtonText:"Godta invitasjon",description:"${inviterName} har invitert deg til å bli med i ${organizationName} på ${clientName}",pageTitle:"Invitasjon | ${clientName}",title:"Du har blitt invitert"}},FI={login:{alertListTitle:"Varsler",buttonText:"Fortsett",description:"Logg inn på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-postadresse",enterACodeBtn:"Logg inn med en kode",federatedConnectionButtonText:"Fortsett med ${connectionName}",footerLinkText:"Registrer deg",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord",invalidEmail:"Ugyldig e-postadresse",invalidIdentifier:"Ugyldig e-postadresse eller brukernavn",invitationDescription:"Logg inn for å godta ${inviterName} sin invitasjon til å bli med i ${companyName} på ${clientName}.",invitationTitle:"Du har blitt invitert!",logoAltText:"${companyName}","no-email":"Vennligst oppgi en e-postadresse","no-password":"Passord er påkrevd",pageTitle:"Logg inn | ${clientName}",passwordLoginNotAvailable:"Passordautentisering er ikke tilgjengelig",passwordPlaceholder:"Passord",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",signupActionLinkText:"Registrer deg",signupActionText:"Har du ikke en konto?",title:"Velkommen",tooManyFailedLogins:"For mange mislykkede innloggingsforsøk. Vennligst prøv igjen senere.",unverifiedEmail:"Vennligst bekreft e-postadressen din før du logger inn",userAccountDoesNotExist:"Brukerkontoen finnes ikke",usernamePlaceholder:"Brukernavn eller e-postadresse",usernameTooLong:"Brukernavnet må være ${max} tegn eller færre",usernameTooShort:"Brukernavnet må være minst ${min} tegn",wrongCredentials:"Feil brukernavn eller passord",passkeyButtonText:"Logg inn med passkey"}},OI={mfa:{backupCodeText:"Bruk reservekode",description:"Velg en bekreftelsesmetode",pageTitle:"Flerfaktorautentisering | ${clientName}",title:"Bekreft identiteten din"}},RI={"passkey-enrollment-nudge":{title:"Sikre kontoen din med en passnøkkel",description:"Passnøkler bruker enhetens biometri eller PIN-kode for å logge deg inn raskere og sikrere.",enrollButtonText:"Sett opp passnøkkel",snoozeButtonText:"Kanskje senere",optOutLinkText:"Ikke vis dette igjen",pageTitle:"Sett Opp Passnøkkel | ${clientName}"},"passkey-enrollment":{title:"Opprett passnøkkelen din",description:"Følg instruksjonene fra nettleseren for å opprette en passnøkkel for denne kontoen.",errorMessage:"Kunne ikke opprette passnøkkel. Vennligst prøv igjen.",cancelLinkText:"Hopp over for nå",retryButtonText:"Prøv igjen",enrollmentComplete:"Passnøkkelen din er konfigurert. Du kan lukke denne siden.",pageTitle:"Opprett Passnøkkel | ${clientName}"},"passkey-challenge":{title:"Logg inn med passkey",description:"Følg instruksjonene fra nettleseren for å bekrefte identiteten din.",errorMessage:"Autentisering med passkey mislyktes. Vennligst prøv igjen.",cancelLinkText:"Tilbake til innlogging",retryButtonText:"Prøv igjen",pageTitle:"Logg inn med passkey | ${clientName}"}},jI={organizations:{description:"Velg hvilken organisasjon du vil logge inn på",pageTitle:"Velg organisasjon | ${clientName}",searchPlaceholder:"Søk etter organisasjoner",title:"Velg din organisasjon"}},DI={signup:{buttonText:"Registrer deg",confirmPasswordPlaceholder:"Bekreft passord",description:"Registrer deg for å fortsette","email-already-exists":"E-postadressen er allerede registrert",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}",hidePasswordText:"Skjul passord","invalid-email-format":"Ugyldig e-postadresse",loginActionLinkText:"Logg inn",loginActionText:"Har du allerede en konto?","no-email":"Vennligst oppgi en e-postadresse","no-password":"Passord er påkrevd","no-username":"Brukernavn er påkrevd",pageTitle:"Registrer deg | ${clientName}",passwordPlaceholder:"Passord",passwordsDidntMatch:"Passordene samsvarer ikke",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Personvernerklæring",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",termsOfServiceLinkText:"Vilkår for bruk",termsText:"Ved å registrere deg godtar du våre",title:"Opprett kontoen din","username-already-exists":"Dette brukernavnet er allerede tatt",usernamePlaceholder:"Brukernavn",verifyEmailText:"Sjekk e-posten din for å bekrefte kontoen"}},LI={status:{continueButtonText:"Fortsett",errorTitle:"Feil",pageTitle:"Status | ${clientName}",successTitle:"Vellykket",title:"Status"}},Zj={common:zI,consent:NI,"device-flow":{"device-flow":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Skriv inn koden som vises på enheten din","expired-code":"Koden har utløpt","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Enhetsaktivering | ${clientName}",title:"Aktiver enheten din"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Fortsett",codeLabel:"Bekreftelseskode",codePlaceholder:"Skriv inn kode",defaultDescription:"Skriv inn bekreftelseskoden som ble sendt til e-posten din",description:"Vi sendte en kode til ${email}","invalid-code":"Ugyldig kode",noCode:"Vennligst skriv inn bekreftelseskoden",pageTitle:"Skriv inn kode | ${clientName}",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Sjekk e-posten din",unexpectedError:"En uventet feil oppstod"}},"email-verification":{"email-verification":{description:"Vi sendte en e-post til ${email}",pageTitle:"Bekreft e-post | ${clientName}",resendText:"Send e-post på nytt",successDescription:"E-postadressen din er bekreftet.",successTitle:"E-post bekreftet",title:"Bekreft e-posten din"}},invitation:PI,login:FI,"login-id":{"login-id":{alertListTitle:"Varsler","auth0-users-validation":"Noe gikk galt, vennligst prøv igjen senere","authentication-failure":"Beklager, noe gikk galt under innloggingsforsøket",buttonText:"Fortsett","captcha-client-failure":"Vi kunne ikke laste sikkerhetsutfordringen. Vennligst prøv igjen. (Feilkode: #{errorCode})","captcha-validation-failure":"Beklager, noe gikk galt under validering av captcha-svaret. Vennligst prøv igjen.",captchaCodePlaceholder:"Skriv inn koden som vises ovenfor","custom-script-error-code":"Noe gikk galt, vennligst prøv igjen senere.",description:"Logg inn på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}",footerLinkText:"Registrer deg",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord","invalid-captcha":"Løs utfordringen for å bekrefte at du ikke er en robot.","invalid-code":"Ugyldig kode","invalid-connection":"Ugyldig tilkobling","invalid-email-format":"Ugyldig e-postadresse","invalid-email-phone":"Skriv inn en gyldig e-postadresse eller telefonnummer. Telefonnumre må inkludere landskode.","invalid-email-phone-username":"Skriv inn en gyldig e-postadresse, telefonnummer eller brukernavn. Telefonnumre må inkludere landskode.","invalid-email-username":"Skriv inn en gyldig e-postadresse eller brukernavn","invalid-expired-code":"Ugyldig eller utløpt brukerkode","invalid-login-id":"Ugyldig innloggings-ID","invalid-phone-username":"Skriv inn et gyldig telefonnummer eller brukernavn. Telefonnumre må inkludere landskode.","invalid-recaptcha":"Kryss av i boksen for å bekrefte at du ikke er en robot.","invalid-username":"Brukernavnet kan bare inneholde alfanumeriske tegn eller: '${characters}'. Brukernavnet må ha mellom ${min} og ${max} tegn.",invitationDescription:"Logg inn for å godta ${inviterName} sin invitasjon til å bli med i ${companyName} på ${clientName}.",invitationTitle:"Du har blitt invitert!","ip-blocked":"Vi har oppdaget mistenkelig innloggingsaktivitet, og videre forsøk vil bli blokkert. Vennligst kontakt administratoren.",logoAltText:"${companyName}","no-db-connection":"Ugyldig tilkobling","no-email":"Vennligst oppgi en e-postadresse","no-email-phone":"E-postadresse eller telefonnummer er påkrevd","no-email-phone-username":"Telefonnummer, brukernavn eller e-postadresse er påkrevd","no-email-username":"E-postadresse eller brukernavn er påkrevd","no-password":"Passord er påkrevd","no-phone":"Vennligst oppgi et telefonnummer","no-phone-username":"Telefonnummer eller brukernavn er påkrevd","no-username":"Brukernavn er påkrevd",pageTitle:"Logg inn | ${clientName}","password-breached":"Vi har oppdaget et potensielt sikkerhetsproblem med denne kontoen. For å beskytte kontoen din har vi forhindret denne innloggingen. Vennligst tilbakestill passordet ditt for å fortsette.",passwordPlaceholder:"Passord",phoneOrEmailPlaceholder:"E-post eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, brukernavn eller e-post",phoneOrUsernamePlaceholder:"Telefonnummer eller brukernavn",phonePlaceholder:"Telefonnummer","same-user-login":"For mange innloggingsforsøk for denne brukeren. Vennligst vent og prøv igjen senere.",selectCountryCode:"Velg landskode, for øyeblikket satt til ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",signupActionLinkText:"Registrer deg",signupActionText:"Har du ikke en konto?",termsAndConditionsTemplate:'Ved å fortsette godtar du våre <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">vilkår</a>.',title:"Velkommen","user-blocked":"Kontoen din har blitt blokkert etter flere påfølgende innloggingsforsøk.",userAccountDoesNotExist:"Brukerkontoen finnes ikke",usernameOnlyPlaceholder:"Brukernavn",usernameOrEmailPlaceholder:"Brukernavn eller e-postadresse",usernamePlaceholder:"Brukernavn eller e-postadresse",usernameTooLong:"Brukernavnet må være ${max} tegn eller færre",usernameTooShort:"Brukernavnet må være minst ${min} tegn","wrong-credentials":"Feil brukernavn eller passord","wrong-email-credentials":"Feil e-postadresse eller passord","wrong-email-phone-credentials":"Feil e-postadresse, telefonnummer eller passord. Telefonnumre må inkludere landskode.","wrong-email-phone-username-credentials":"Feil e-postadresse, telefonnummer, brukernavn eller passord. Telefonnumre må inkludere landskode.","wrong-email-username-credentials":"Feil e-postadresse, brukernavn eller passord","wrong-phone-credentials":"Feil telefonnummer eller passord","wrong-phone-username-credentials":"Feil telefonnummer, brukernavn eller passord. Telefonnumre må inkludere landskode.","wrong-username-credentials":"Feil brukernavn eller passord",passkeyButtonText:"Logg inn med passkey"}},"login-password":{"login-password":{buttonText:"Logg inn",description:"Logg inn på ${clientName}",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord","no-password":"Passord er påkrevd",pageTitle:"Logg inn | ${clientName}","password-breached":"Vi har oppdaget et potensielt sikkerhetsproblem med denne kontoen. For å beskytte kontoen din har vi forhindret denne innloggingen. Vennligst tilbakestill passordet ditt for å fortsette.",passwordPlaceholder:"Passord",showPasswordText:"Vis passord",signingInAs:"Logger inn som ${email}",title:"Oppgi passord",unverifiedEmail:"Vennligst bekreft e-postadressen din før du logger inn","user-blocked":"Kontoen din har blitt blokkert etter flere påfølgende innloggingsforsøk.","wrong-credentials":"Feil passord"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-post",authMethodEmailOrPhone:"e-post eller telefonnummer",authMethodPhone:"telefonnummer",description:"Logg inn med din ${authMethod}",emailOrPhonePlaceholder:"E-postadresse eller telefonnummer",emailPlaceholder:"E-postadresse",invalidEmail:"Vennligst oppgi en gyldig e-postadresse",invalidIdentifier:"Vennligst oppgi en gyldig e-postadresse eller telefonnummer",invalidPhone:"Vennligst oppgi et gyldig telefonnummer med landskode",noEmail:"Vennligst oppgi e-postadressen din",noPhone:"Vennligst oppgi telefonnummeret ditt",phonePlaceholder:"Telefonnummer",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Logg inn med en kode",userAccountDoesNotExist:"Brukerkontoen finnes ikke"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klikk på lenken i e-posten for å logge inn",description:"Vi sendte en lenke til ${username}. Klikk på den for å logge inn.",resendText:"Send lenke på nytt",spamText:"Fikk du ikke e-posten? Sjekk søppelpostmappen.",title:"Sjekk e-posten din"}},mfa:OI,"mfa-email":{"mfa-email":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Vi sendte en kode til ${email}","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"E-postbekreftelse | ${clientName}",resendText:"Send kode på nytt",title:"Sjekk e-posten din"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Skriv inn den 6-sifrede koden fra autentiseringsappen din","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Skriv inn kode | ${clientName}",title:"Skriv inn koden din"},"mfa-totp-enrollment":{title:"Sett opp autentisering",description:"Skann QR-koden nedenfor med autentiseringsappen din, og skriv deretter inn den 6-sifrede koden for å verifisere",secretLabel:"Eller skriv inn denne koden manuelt:",codePlaceholder:"Skriv inn kode",continueButtonText:"Bekreft og aktiver","invalid-code":"Koden du skrev inn er ugyldig. Vennligst prøv igjen.","transaction-not-found":"Registreringsøkten din har utløpt, du må starte på nytt.",pageTitle:"Sett opp autentisering | ${clientName}",unexpectedError:"Noe gikk galt. Vennligst prøv igjen.",enrollmentComplete:"MFA-registreringen er fullført. Du kan lukke denne siden."},"mfa-totp-challenge":{title:"Bekreft identiteten din",description:"Skriv inn den 6-sifrede koden fra autentiseringsappen din",codePlaceholder:"Skriv inn kode",continueButtonText:"Fortsett","invalid-code":"Koden du skrev inn er ugyldig","transaction-not-found":"Registreringsøkten din har utløpt, du må starte på nytt.",unexpectedError:"Noe gikk galt. Vennligst prøv igjen.",pageTitle:"Bekreft identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Bruk telefonnummeret ditt for å logge inn | ${clientName}",title:"Bekreft identiteten din",description:"Vi sendte en kode til ${phoneNumber}",continueButtonText:"Fortsett",changePhoneText:"Velg et annet telefonnummer.",smsButtonText:"Tekstmelding",voiceButtonText:"Taleanrop",chooseMessageTypeText:"Hvordan vil du motta koden?",pickAuthenticatorText:"Prøv en annen metode",logoAltText:"${companyName}",codePlaceholder:"Skriv inn kode","send-sms-failed":"Det oppstod et problem med å sende SMS-en","send-voice-failed":"Det oppstod et problem med å ringe taleanropet","invalid-phone-format":"Telefonnummeret kan bare inneholde sifre.","invalid-phone":"Det ser ut som telefonnummeret ditt ikke er gyldig. Sjekk og prøv igjen.","too-many-sms":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","too-many-voice":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","transaction-not-found":"Registreringstransaksjonen din har utløpt, du må starte på nytt.","no-phone":"Skriv inn et telefonnummer",noCode:"Vennligst skriv inn bekreftelseskoden",invalidCode:"Koden du skrev inn er ugyldig. Prøv igjen.",unexpectedError:"Noe gikk galt. Prøv igjen.",resendSuccess:"Vi sendte en ny kode til telefonen din",enrollmentComplete:"MFA-registreringen er fullført. Du kan lukke denne siden."},"mfa-phone-enrollment":{pageTitle:"Skriv inn telefonnummeret ditt for å logge inn med en telefonkode | ${clientName}",title:"Sikre kontoen din",description:"Skriv inn landskoden og telefonnummeret vi kan sende en 6-sifret kode til:",continueButtonText:"Fortsett",smsButtonText:"Tekstmelding",voiceButtonText:"Taleanrop",chooseMessageTypeText:"Hvordan vil du motta koden?",pickAuthenticatorText:"Prøv en annen metode",placeholder:"Skriv inn telefonnummeret ditt",logoAltText:"${companyName}",selectCountryCode:"Velg landskode, for øyeblikket satt til ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Det oppstod et problem med å sende SMS-en","send-voice-failed":"Det oppstod et problem med å ringe taleanropet","sms-authenticator-error":"Vi kunne ikke sende SMS-en. Prøv igjen senere.","invalid-phone-format":"Telefonnummeret kan bare inneholde sifre.","invalid-phone":"Det ser ut som telefonnummeret ditt ikke er gyldig. Sjekk og prøv igjen.","too-many-sms":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","too-many-voice":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","transaction-not-found":"Registreringstransaksjonen din har utløpt, du må starte på nytt.","no-phone":"Skriv inn et telefonnummer","phone-is-too-short":"Telefonnummeret er for kort","phone-is-too-long":"Telefonnummeret er for langt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Velg bekreftelsesmetode | ${clientName}",title:"Velg bekreftelsesmetode",description:"Velg hvordan du vil bekrefte identiteten din",authenticatorAppLabel:"Autentiseringsapp",authenticatorAppDescription:"Bruk autentiseringsappen din for å få en bekreftelseskode",smsLabel:"Tekstmelding",smsDescription:"Få en bekreftelseskode sendt til telefonen din",passkeyLabel:"Passnøkkel",passkeyDescription:"Bruk enhetens biometri eller sikkerhetsnøkkel"}},"mfa-push":{"mfa-push":{description:"Vi sendte en varsling til enheten din",pageTitle:"Push-varsling | ${clientName}",resendText:"Send varsling på nytt",title:"Godkjenn forespørselen",useCodeText:"Skriv inn kode manuelt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsett",codePlaceholder:"Gjenopprettingskode",description:"Skriv inn en av gjenopprettingskodene dine","invalid-code":"Gjenopprettingskoden du skrev inn er ugyldig",pageTitle:"Gjenopprettingskode | ${clientName}",title:"Skriv inn gjenopprettingskode"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring meg",codePlaceholder:"Skriv inn kode",description:"Vi ringer ${phoneNumber} med koden din","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Taleanrop | ${clientName}",title:"Motta en telefonsamtale"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Prøv igjen",description:"Sett inn sikkerhetsnøkkelen din og følg instruksjonene",pageTitle:"Sikkerhetsnøkkel | ${clientName}",title:"Bruk sikkerhetsnøkkelen din"}},passkeys:RI,organizations:jI,"reset-password":{"reset-password":{backToLoginText:"Tilbake til innlogging",buttonText:"Fortsett",codeExpired:"Koden for tilbakestilling av passord har utløpt. Vennligst be om en ny.",confirmPasswordLabel:"Bekreft passord",confirmPasswordPlaceholder:"Bekreft passord",description:"Oppgi e-postadressen din for å tilbakestille passordet",emailPlaceholder:"E-postadresse",failed:"Tilbakestilling av passord mislyktes. Vennligst prøv igjen.","invalid-email-format":"Ugyldig e-postadresse","no-email":"Vennligst oppgi en e-postadresse",pageTitle:"Tilbakestill passord | ${clientName}",passwordLabel:"Nytt passord",passwordPlaceholder:"Nytt passord",passwordTooWeak:"Passordet er for svakt",passwordsDidntMatch:"Passordene samsvarer ikke",successDescription:"Vi har sendt en lenke for tilbakestilling av passord til e-postadressen din.",successTitle:"Sjekk e-posten din",title:"Har du glemt passordet?","user-not-found":"Brukeren ble ikke funnet"},"reset-password-code":{backToLoginText:"Tilbake til innlogging",buttonText:"Tilbakestill passord",codeLabel:"Tilbakestillingskode",codePlaceholder:"Skriv inn 6-sifret kode",confirmPasswordLabel:"Bekreft passord",confirmPasswordPlaceholder:"Bekreft passord",defaultDescription:"Skriv inn koden som ble sendt til e-posten din og velg et nytt passord",description:"Vi sendte en kode til ${email}",failed:"Tilbakestilling av passord mislyktes. Vennligst prøv igjen.",invalidCode:"Koden du skrev inn er ugyldig eller har utløpt",noCode:"Vennligst skriv inn tilbakestillingskoden",pageTitle:"Skriv inn tilbakestillingskode | ${clientName}",passwordLabel:"Nytt passord",passwordPlaceholder:"Nytt passord",passwordTooWeak:"Passordet er for svakt",passwordsDidntMatch:"Passordene samsvarer ikke",resendFailed:"Kunne ikke sende koden på nytt. Vennligst prøv igjen.",resendSuccess:"En ny kode har blitt sendt til e-posten din",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Skriv inn tilbakestillingskode"}},signup:DI,"signup-id":{"signup-id":{buttonText:"Fortsett",description:"Registrer deg for å fortsette","email-already-exists":"E-postadressen er allerede registrert",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}","invalid-email-format":"Ugyldig e-postadresse",loginActionLinkText:"Logg inn",loginActionText:"Har du allerede en konto?","no-email":"Vennligst oppgi en e-postadresse",pageTitle:"Registrer deg | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Opprett kontoen din",usernamePlaceholder:"Brukernavn"}},"signup-password":{"signup-password":{buttonText:"Fortsett",description:"Opprett et passord for å fortsette",hidePasswordText:"Skjul passord","no-password":"Passord er påkrevd",pageTitle:"Registrer deg | ${clientName}","password-policy-not-met":"Passordet oppfyller ikke kravene","password-too-weak":"Passordet er for svakt",passwordPlaceholder:"Passord",showPasswordText:"Vis passord",title:"Opprett passordet ditt"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Fortsett",codeLabel:"Bekreftelseskode",codePlaceholder:"Skriv inn kode",defaultDescription:"Skriv inn bekreftelseskoden som ble sendt til telefonen din",description:"Vi sendte en kode til ${username}","invalid-code":"Ugyldig kode",noCode:"Vennligst skriv inn bekreftelseskoden",pageTitle:"Skriv inn kode | ${clientName}",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Sjekk telefonen din",unexpectedError:"En uventet feil oppstod"}},status:LI},Xj=Object.freeze(Object.defineProperty({__proto__:null,common:zI,consent:NI,default:Zj,invitation:PI,login:FI,mfa:OI,organizations:jI,passkeys:RI,signup:DI,status:LI},Symbol.toStringTag,{value:"Module"})),BI={common:{alertListTitle:"Powiadomienia",backText:"Wróć",cancelText:"Anuluj",closeText:"Zamknij",contactSupportText:"Potrzebujesz pomocy?",continueText:"Kontynuuj",copyrightText:"© ${currentYear} ${companyName}",errorText:"Coś poszło nie tak. Spróbuj ponownie.",hidePasswordText:"Ukryj hasło",loadingText:"Ładowanie...",orText:"lub",privacyPolicyText:"Polityka prywatności",showPasswordText:"Pokaż hasło",termsOfServiceText:"Regulamin",termsShortText:"Zasady",tryAgainText:"Spróbuj ponownie"}},MI={consent:{buttonText:"Zaakceptuj",cancelButtonText:"Odmów",description:"${clientName} prosi o dostęp do Twojego konta",pageTitle:"Autoryzacja | ${clientName}",scopesTitle:"Umożliwi to ${clientName}:",title:"Autoryzuj ${clientName}"}},UI={invitation:{acceptButtonText:"Przyjmij zaproszenie",description:"${inviterName} zaprosił Cię do dołączenia do ${organizationName} w ${clientName}",pageTitle:"Zaproszenie | ${clientName}",title:"Otrzymałeś zaproszenie"}},qI={login:{alertListTitle:"Powiadomienia",buttonText:"Kontynuuj",description:"Zaloguj się do ${clientName}.",editEmailText:"Edytuj",emailPlaceholder:"Adres e-mail",enterACodeBtn:"Zaloguj się kodem",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",footerLinkText:"Zarejestruj się",footerText:"Nie masz konta?",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło",invalidEmail:"Nieprawidłowy adres e-mail",invalidIdentifier:"Nieprawidłowy adres e-mail lub nazwa użytkownika",invitationDescription:"Zaloguj się, aby przyjąć zaproszenie od ${inviterName} do dołączenia do ${companyName} w ${clientName}.",invitationTitle:"Otrzymałeś zaproszenie!",logoAltText:"${companyName}","no-email":"Wprowadź adres e-mail","no-password":"Hasło jest wymagane",pageTitle:"Logowanie | ${clientName}",passwordLoginNotAvailable:"Logowanie hasłem jest niedostępne",passwordPlaceholder:"Hasło",phonePlaceholder:"Numer telefonu",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",signupActionLinkText:"Zarejestruj się",signupActionText:"Nie masz konta?",title:"Witamy",tooManyFailedLogins:"Zbyt wiele nieudanych prób logowania. Spróbuj ponownie później.",unverifiedEmail:"Zweryfikuj swój adres e-mail przed zalogowaniem",userAccountDoesNotExist:"Konto użytkownika nie istnieje",usernamePlaceholder:"Nazwa użytkownika lub adres e-mail",usernameTooLong:"Nazwa użytkownika musi mieć maksymalnie ${max} znaków",usernameTooShort:"Nazwa użytkownika musi mieć co najmniej ${min} znaków",wrongCredentials:"Nieprawidłowa nazwa użytkownika lub hasło",passkeyButtonText:"Zaloguj się za pomocą passkey"}},HI={mfa:{backupCodeText:"Użyj kodu zapasowego",description:"Wybierz metodę weryfikacji",pageTitle:"Uwierzytelnianie wieloskładnikowe | ${clientName}",title:"Zweryfikuj swoją tożsamość"}},VI={"passkey-enrollment-nudge":{title:"Zabezpiecz swoje konto kluczem dostępu",description:"Klucze dostępu wykorzystują biometrię lub PIN urządzenia, aby logować się szybciej i bezpieczniej.",enrollButtonText:"Skonfiguruj klucz dostępu",snoozeButtonText:"Może później",optOutLinkText:"Nie pokazuj ponownie",pageTitle:"Konfiguracja Klucza Dostępu | ${clientName}"},"passkey-enrollment":{title:"Utwórz klucz dostępu",description:"Postępuj zgodnie z instrukcjami przeglądarki, aby utworzyć klucz dostępu dla tego konta.",errorMessage:"Nie udało się utworzyć klucza dostępu. Spróbuj ponownie.",cancelLinkText:"Pomiń na razie",retryButtonText:"Spróbuj ponownie",enrollmentComplete:"Twój klucz dostępu został pomyślnie skonfigurowany. Możesz zamknąć tę stronę.",pageTitle:"Tworzenie Klucza Dostępu | ${clientName}"},"passkey-challenge":{title:"Zaloguj się za pomocą passkey",description:"Postępuj zgodnie z instrukcjami przeglądarki, aby zweryfikować swoją tożsamość.",errorMessage:"Uwierzytelnianie za pomocą passkey nie powiodło się. Spróbuj ponownie.",cancelLinkText:"Powrót do logowania",retryButtonText:"Spróbuj ponownie",pageTitle:"Logowanie za pomocą passkey | ${clientName}"}},KI={organizations:{description:"Wybierz organizację, do której chcesz się zalogować",pageTitle:"Wybierz organizację | ${clientName}",searchPlaceholder:"Szukaj organizacji",title:"Wybierz swoją organizację"}},GI={signup:{buttonText:"Zarejestruj się",confirmPasswordPlaceholder:"Potwierdź hasło",description:"Zarejestruj się, aby kontynuować","email-already-exists":"Ten adres e-mail jest już zarejestrowany",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",hidePasswordText:"Ukryj hasło","invalid-email-format":"Nieprawidłowy adres e-mail",loginActionLinkText:"Zaloguj się",loginActionText:"Masz już konto?","no-email":"Wprowadź adres e-mail","no-password":"Hasło jest wymagane","no-username":"Nazwa użytkownika jest wymagana",pageTitle:"Rejestracja | ${clientName}",passwordPlaceholder:"Hasło",passwordsDidntMatch:"Hasła nie są zgodne",phonePlaceholder:"Numer telefonu",privacyPolicyLinkText:"Polityka prywatności",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",termsOfServiceLinkText:"Regulamin",termsText:"Rejestrując się, akceptujesz nasz",title:"Utwórz konto","username-already-exists":"Ta nazwa użytkownika jest już zajęta",usernamePlaceholder:"Nazwa użytkownika",verifyEmailText:"Sprawdź swoją pocztę, aby zweryfikować konto"}},WI={status:{continueButtonText:"Kontynuuj",errorTitle:"Błąd",pageTitle:"Status | ${clientName}",successTitle:"Sukces",title:"Status"}},e9={common:BI,consent:MI,"device-flow":{"device-flow":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wprowadź kod wyświetlony na Twoim urządzeniu","expired-code":"Kod wygasł","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Aktywacja urządzenia | ${clientName}",title:"Aktywuj swoje urządzenie"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Kontynuuj",codeLabel:"Kod weryfikacyjny",codePlaceholder:"Wprowadź kod",defaultDescription:"Wprowadź kod weryfikacyjny wysłany na Twój adres e-mail",description:"Wysłaliśmy kod na ${email}","invalid-code":"Nieprawidłowy kod",noCode:"Wprowadź kod weryfikacyjny",pageTitle:"Wprowadź kod | ${clientName}",resendText:"Wyślij ponownie kod",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Sprawdź swoją pocztę",unexpectedError:"Wystąpił nieoczekiwany błąd"}},"email-verification":{"email-verification":{description:"Wysłaliśmy wiadomość na ${email}",pageTitle:"Weryfikacja e-mail | ${clientName}",resendText:"Wyślij ponownie e-mail",successDescription:"Twój adres e-mail został pomyślnie zweryfikowany.",successTitle:"E-mail zweryfikowany",title:"Zweryfikuj swój adres e-mail"}},invitation:UI,login:qI,"login-id":{"login-id":{alertListTitle:"Powiadomienia","auth0-users-validation":"Coś poszło nie tak, spróbuj ponownie później","authentication-failure":"Przepraszamy, wystąpił błąd podczas logowania",buttonText:"Kontynuuj","captcha-client-failure":"Nie udało się załadować weryfikacji bezpieczeństwa. Spróbuj ponownie. (Kod błędu: #{errorCode})","captcha-validation-failure":"Przepraszamy, wystąpił błąd podczas weryfikacji captcha. Spróbuj ponownie.",captchaCodePlaceholder:"Wprowadź kod widoczny powyżej","custom-script-error-code":"Coś poszło nie tak, spróbuj ponownie później.",description:"Zaloguj się do ${clientName}.",editEmailText:"Edytuj",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",footerLinkText:"Zarejestruj się",footerText:"Nie masz konta?",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło","invalid-captcha":"Rozwiąż zadanie, aby potwierdzić, że nie jesteś robotem.","invalid-code":"Nieprawidłowy kod","invalid-connection":"Nieprawidłowe połączenie","invalid-email-format":"Nieprawidłowy adres e-mail","invalid-email-phone":"Wprowadź prawidłowy adres e-mail lub numer telefonu. Numery telefonów muszą zawierać kod kraju.","invalid-email-phone-username":"Wprowadź prawidłowy adres e-mail, numer telefonu lub nazwę użytkownika. Numery telefonów muszą zawierać kod kraju.","invalid-email-username":"Wprowadź prawidłowy adres e-mail lub nazwę użytkownika","invalid-expired-code":"Nieprawidłowy lub wygasły kod użytkownika","invalid-login-id":"Wprowadzono nieprawidłowy identyfikator logowania","invalid-phone-username":"Wprowadź prawidłowy numer telefonu lub nazwę użytkownika. Numery telefonów muszą zawierać kod kraju.","invalid-recaptcha":"Zaznacz pole wyboru, aby potwierdzić, że nie jesteś robotem.","invalid-username":"Nazwa użytkownika może zawierać tylko znaki alfanumeryczne lub: '${characters}'. Nazwa użytkownika powinna mieć od ${min} do ${max} znaków.",invitationDescription:"Zaloguj się, aby przyjąć zaproszenie od ${inviterName} do dołączenia do ${companyName} w ${clientName}.",invitationTitle:"Otrzymałeś zaproszenie!","ip-blocked":"Wykryliśmy podejrzaną aktywność logowania i dalsze próby zostaną zablokowane. Skontaktuj się z administratorem.",logoAltText:"${companyName}","no-db-connection":"Nieprawidłowe połączenie","no-email":"Wprowadź adres e-mail","no-email-phone":"Adres e-mail lub numer telefonu jest wymagany","no-email-phone-username":"Numer telefonu, nazwa użytkownika lub adres e-mail jest wymagany","no-email-username":"Adres e-mail lub nazwa użytkownika jest wymagany","no-password":"Hasło jest wymagane","no-phone":"Wprowadź numer telefonu","no-phone-username":"Numer telefonu lub nazwa użytkownika jest wymagany","no-username":"Nazwa użytkownika jest wymagana",pageTitle:"Logowanie | ${clientName}","password-breached":"Wykryliśmy potencjalny problem z bezpieczeństwem tego konta. Aby chronić Twoje konto, zablokowano to logowanie. Zresetuj hasło, aby kontynuować.",passwordPlaceholder:"Hasło",phoneOrEmailPlaceholder:"E-mail lub numer telefonu",phoneOrUsernameOrEmailPlaceholder:"Telefon, nazwa użytkownika lub e-mail",phoneOrUsernamePlaceholder:"Numer telefonu lub nazwa użytkownika",phonePlaceholder:"Numer telefonu","same-user-login":"Zbyt wiele prób logowania dla tego użytkownika. Poczekaj chwilę i spróbuj ponownie.",selectCountryCode:"Wybierz kod kraju, aktualnie ustawiony na ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",signupActionLinkText:"Zarejestruj się",signupActionText:"Nie masz konta?",termsAndConditionsTemplate:'Kontynuując, akceptujesz nasze <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Zasady i warunki</a>.',title:"Witamy","user-blocked":"Twoje konto zostało zablokowane po wielu kolejnych nieudanych próbach logowania.",userAccountDoesNotExist:"Konto użytkownika nie istnieje",usernameOnlyPlaceholder:"Nazwa użytkownika",usernameOrEmailPlaceholder:"Nazwa użytkownika lub adres e-mail",usernamePlaceholder:"Nazwa użytkownika",usernameTooLong:"Nazwa użytkownika musi mieć maksymalnie ${max} znaków",usernameTooShort:"Nazwa użytkownika musi mieć co najmniej ${min} znaków","wrong-credentials":"Nieprawidłowa nazwa użytkownika lub hasło","wrong-email-credentials":"Nieprawidłowy adres e-mail lub hasło","wrong-email-phone-credentials":"Nieprawidłowy adres e-mail, numer telefonu lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-email-phone-username-credentials":"Nieprawidłowy adres e-mail, numer telefonu, nazwa użytkownika lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-email-username-credentials":"Nieprawidłowy adres e-mail, nazwa użytkownika lub hasło","wrong-phone-credentials":"Nieprawidłowy numer telefonu lub hasło","wrong-phone-username-credentials":"Nieprawidłowy numer telefonu, nazwa użytkownika lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-username-credentials":"Nieprawidłowa nazwa użytkownika lub hasło",passkeyButtonText:"Zaloguj się za pomocą passkey"}},"login-password":{"login-password":{buttonText:"Zaloguj się",description:"Zaloguj się do ${clientName}",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło","no-password":"Hasło jest wymagane",pageTitle:"Logowanie | ${clientName}","password-breached":"Wykryliśmy potencjalny problem z bezpieczeństwem tego konta. Aby chronić Twoje konto, zablokowano to logowanie. Zresetuj hasło, aby kontynuować.",passwordPlaceholder:"Hasło",showPasswordText:"Pokaż hasło",signingInAs:"Logujesz się jako ${email}",title:"Wprowadź hasło",unverifiedEmail:"Zweryfikuj swój adres e-mail przed zalogowaniem","user-blocked":"Twoje konto zostało zablokowane po wielu kolejnych nieudanych próbach logowania.","wrong-credentials":"Nieprawidłowe hasło"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mail",authMethodEmailOrPhone:"e-mail lub numer telefonu",authMethodPhone:"numer telefonu",description:"Zaloguj się za pomocą swojego ${authMethod}",emailOrPhonePlaceholder:"Adres e-mail lub numer telefonu",emailPlaceholder:"Adres e-mail",invalidEmail:"Wprowadź prawidłowy adres e-mail",invalidIdentifier:"Wprowadź prawidłowy adres e-mail lub numer telefonu",invalidPhone:"Wprowadź prawidłowy numer telefonu z kodem kraju",noEmail:"Wprowadź swój adres e-mail",noPhone:"Wprowadź swój numer telefonu",phonePlaceholder:"Numer telefonu",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Zaloguj się kodem",userAccountDoesNotExist:"Konto użytkownika nie istnieje"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Kliknij link w wiadomości e-mail, aby się zalogować",description:"Wysłaliśmy link na ${username}. Kliknij go, aby się zalogować.",resendText:"Wyślij ponownie link",spamText:"Nie otrzymałeś wiadomości? Sprawdź folder spam.",title:"Sprawdź swoją pocztę"}},mfa:HI,"mfa-email":{"mfa-email":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wysłaliśmy kod na ${email}","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Weryfikacja e-mail | ${clientName}",resendText:"Wyślij ponownie kod",title:"Sprawdź swoją pocztę"}},"mfa-otp":{"mfa-otp":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wprowadź 6-cyfrowy kod z aplikacji uwierzytelniającej","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Wprowadź kod | ${clientName}",title:"Wprowadź swój kod"},"mfa-totp-enrollment":{title:"Skonfiguruj aplikację uwierzytelniającą",description:"Zeskanuj poniższy kod QR za pomocą aplikacji uwierzytelniającej, a następnie wprowadź 6-cyfrowy kod w celu weryfikacji",secretLabel:"Lub wprowadź ten kod ręcznie:",codePlaceholder:"Wprowadź kod",continueButtonText:"Zweryfikuj i aktywuj","invalid-code":"Wprowadzony kod jest nieprawidłowy. Spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.",pageTitle:"Konfiguracja uwierzytelniania | ${clientName}",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",enrollmentComplete:"Rejestracja MFA została zakończona. Możesz zamknąć tę stronę."},"mfa-totp-challenge":{title:"Zweryfikuj swoją tożsamość",description:"Wprowadź 6-cyfrowy kod z aplikacji uwierzytelniającej",codePlaceholder:"Wprowadź kod",continueButtonText:"Kontynuuj","invalid-code":"Wprowadzony kod jest nieprawidłowy","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",pageTitle:"Weryfikacja tożsamości | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Użyj swojego numeru telefonu, aby się zalogować | ${clientName}",title:"Zweryfikuj swoją tożsamość",description:"Wysłaliśmy kod na ${phoneNumber}",continueButtonText:"Kontynuuj",changePhoneText:"Wybierz inny numer telefonu.",smsButtonText:"Wiadomość tekstowa",voiceButtonText:"Połączenie głosowe",chooseMessageTypeText:"Jak chcesz otrzymać kod?",pickAuthenticatorText:"Wypróbuj inną metodę",logoAltText:"${companyName}",codePlaceholder:"Wpisz kod","send-sms-failed":"Wystąpił problem z wysłaniem SMS-a","send-voice-failed":"Wystąpił problem z wykonaniem połączenia głosowego","invalid-phone-format":"Numer telefonu może zawierać tylko cyfry.","invalid-phone":"Wygląda na to, że Twój numer telefonu jest nieprawidłowy. Sprawdź i spróbuj ponownie.","too-many-sms":"Przekroczono maksymalną liczbę wiadomości telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","too-many-voice":"Przekroczono maksymalną liczbę połączeń telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.","no-phone":"Wpisz numer telefonu",noCode:"Wprowadź kod weryfikacyjny",invalidCode:"Wprowadzony kod jest nieprawidłowy. Spróbuj ponownie.",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",resendSuccess:"Wysłaliśmy nowy kod na Twój telefon",enrollmentComplete:"Rejestracja MFA została zakończona. Możesz zamknąć tę stronę."},"mfa-phone-enrollment":{pageTitle:"Wpisz swój numer telefonu, aby zalogować się kodem telefonicznym | ${clientName}",title:"Zabezpiecz swoje konto",description:"Wpisz kod kraju i numer telefonu, na który możemy wysłać 6-cyfrowy kod:",continueButtonText:"Kontynuuj",smsButtonText:"Wiadomość tekstowa",voiceButtonText:"Połączenie głosowe",chooseMessageTypeText:"Jak chcesz otrzymać kod?",pickAuthenticatorText:"Wypróbuj inną metodę",placeholder:"Wpisz swój numer telefonu",logoAltText:"${companyName}",selectCountryCode:"Wybierz kod kraju, aktualnie ustawiony na ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Wystąpił problem z wysłaniem SMS-a","send-voice-failed":"Wystąpił problem z wykonaniem połączenia głosowego","sms-authenticator-error":"Nie udało się wysłać SMS-a. Spróbuj ponownie później.","invalid-phone-format":"Numer telefonu może zawierać tylko cyfry.","invalid-phone":"Wygląda na to, że Twój numer telefonu jest nieprawidłowy. Sprawdź i spróbuj ponownie.","too-many-sms":"Przekroczono maksymalną liczbę wiadomości telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","too-many-voice":"Przekroczono maksymalną liczbę połączeń telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.","no-phone":"Wpisz numer telefonu","phone-is-too-short":"Numer telefonu jest za krótki","phone-is-too-long":"Numer telefonu jest za długi"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Wybierz metodę weryfikacji | ${clientName}",title:"Wybierz metodę weryfikacji",description:"Wybierz, w jaki sposób chcesz zweryfikować swoją tożsamość",authenticatorAppLabel:"Aplikacja uwierzytelniająca",authenticatorAppDescription:"Użyj aplikacji uwierzytelniającej, aby uzyskać kod weryfikacyjny",smsLabel:"Wiadomość tekstowa",smsDescription:"Otrzymaj kod weryfikacyjny wysłany na swój telefon",passkeyLabel:"Klucz dostępu",passkeyDescription:"Użyj biometrii urządzenia lub klucza bezpieczeństwa"}},"mfa-push":{"mfa-push":{description:"Wysłaliśmy powiadomienie na Twoje urządzenie",pageTitle:"Powiadomienie push | ${clientName}",resendText:"Wyślij ponownie powiadomienie",title:"Zatwierdź żądanie",useCodeText:"Wprowadź kod ręcznie"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Kontynuuj",codePlaceholder:"Kod odzyskiwania",description:"Wprowadź jeden z kodów odzyskiwania","invalid-code":"Wprowadzony kod odzyskiwania jest nieprawidłowy",pageTitle:"Kod odzyskiwania | ${clientName}",title:"Wprowadź kod odzyskiwania"}},"mfa-voice":{"mfa-voice":{buttonText:"Zadzwoń do mnie",codePlaceholder:"Wprowadź kod",description:"Zadzwonimy na ${phoneNumber} z Twoim kodem","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Połączenie głosowe | ${clientName}",title:"Odbierz połączenie telefoniczne"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Spróbuj ponownie",description:"Włóż klucz bezpieczeństwa i postępuj zgodnie z instrukcjami",pageTitle:"Klucz bezpieczeństwa | ${clientName}",title:"Użyj klucza bezpieczeństwa"}},passkeys:VI,organizations:KI,"reset-password":{"reset-password":{backToLoginText:"Wróć do logowania",buttonText:"Kontynuuj",codeExpired:"Kod resetu hasła wygasł. Poproś o nowy.",confirmPasswordLabel:"Potwierdź hasło",confirmPasswordPlaceholder:"Potwierdź hasło",description:"Wprowadź swój adres e-mail, aby zresetować hasło",emailPlaceholder:"Adres e-mail",failed:"Reset hasła nie powiódł się. Spróbuj ponownie.","invalid-email-format":"Nieprawidłowy adres e-mail","no-email":"Wprowadź adres e-mail",pageTitle:"Resetowanie hasła | ${clientName}",passwordLabel:"Nowe hasło",passwordPlaceholder:"Nowe hasło",passwordTooWeak:"Hasło jest zbyt słabe",passwordsDidntMatch:"Hasła nie są zgodne",successDescription:"Wysłaliśmy link do resetowania hasła na Twój adres e-mail.",successTitle:"Sprawdź swoją pocztę",title:"Zapomniałeś hasła?","user-not-found":"Nie znaleziono użytkownika"},"reset-password-code":{backToLoginText:"Wróć do logowania",buttonText:"Zresetuj hasło",codeLabel:"Kod resetowania",codePlaceholder:"Wprowadź 6-cyfrowy kod",confirmPasswordLabel:"Potwierdź hasło",confirmPasswordPlaceholder:"Potwierdź hasło",defaultDescription:"Wprowadź kod wysłany na Twój e-mail i wybierz nowe hasło",description:"Wysłaliśmy kod na ${email}",failed:"Reset hasła nie powiódł się. Spróbuj ponownie.",invalidCode:"Wprowadzony kod jest nieprawidłowy lub wygasł",noCode:"Wprowadź kod resetowania",pageTitle:"Wprowadź kod resetowania | ${clientName}",passwordLabel:"Nowe hasło",passwordPlaceholder:"Nowe hasło",passwordTooWeak:"Hasło jest zbyt słabe",passwordsDidntMatch:"Hasła nie są zgodne",resendFailed:"Nie udało się ponownie wysłać kodu. Spróbuj ponownie.",resendSuccess:"Nowy kod został wysłany na Twój e-mail",resendText:"Wyślij kod ponownie",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Wprowadź kod resetowania"}},signup:GI,"signup-id":{"signup-id":{buttonText:"Kontynuuj",description:"Zarejestruj się, aby kontynuować","email-already-exists":"Ten adres e-mail jest już zarejestrowany",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}","invalid-email-format":"Nieprawidłowy adres e-mail",loginActionLinkText:"Zaloguj się",loginActionText:"Masz już konto?","no-email":"Wprowadź adres e-mail",pageTitle:"Rejestracja | ${clientName}",phonePlaceholder:"Numer telefonu",separatorText:"lub",title:"Utwórz konto",usernamePlaceholder:"Nazwa użytkownika"}},"signup-password":{"signup-password":{buttonText:"Kontynuuj",description:"Utwórz swoje hasło",hidePasswordText:"Ukryj hasło","no-password":"Hasło jest wymagane",pageTitle:"Rejestracja | ${clientName}","password-policy-not-met":"Hasło nie spełnia wymagań","password-too-weak":"Hasło jest zbyt słabe",passwordPlaceholder:"Hasło",showPasswordText:"Pokaż hasło",title:"Utwórz hasło"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Kontynuuj",codeLabel:"Kod weryfikacyjny",codePlaceholder:"Wprowadź kod",defaultDescription:"Wprowadź kod weryfikacyjny wysłany na Twój telefon",description:"Wysłaliśmy kod na ${username}","invalid-code":"Nieprawidłowy kod",noCode:"Wprowadź kod weryfikacyjny",pageTitle:"Wprowadź kod | ${clientName}",resendText:"Wyślij ponownie kod",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Sprawdź swój telefon",unexpectedError:"Wystąpił nieoczekiwany błąd"}},status:WI},t9=Object.freeze(Object.defineProperty({__proto__:null,common:BI,consent:MI,default:e9,invitation:UI,login:qI,mfa:HI,organizations:KI,passkeys:VI,signup:GI,status:WI},Symbol.toStringTag,{value:"Module"})),JI={common:{alertListTitle:"Meddelanden",backText:"Gå tillbaka",cancelText:"Gå tillbaka",closeText:"Stäng",contactSupportText:"Behöver du hjälp?",continueText:"Fortsätt",copyrightText:"© ${currentYear} ${companyName}",errorText:"Något gick fel. Vänligen försök igen.",hidePasswordText:"Dölj lösenord",loadingText:"Laddar...",orText:"eller",privacyPolicyText:"Integritetspolicy",showPasswordText:"Visa lösenord",termsOfServiceText:"Användarvillkor",termsShortText:"Villkor",tryAgainText:"Försök igen"}},YI={consent:{buttonText:"Godkänn",cancelButtonText:"Neka",description:"${clientName} begär åtkomst till ditt konto",pageTitle:"Auktorisera | ${clientName}",scopesTitle:"Detta ger ${clientName} tillåtelse att:",title:"Auktorisera ${clientName}"}},QI={invitation:{acceptButtonText:"Acceptera inbjudan",description:"${inviterName} har bjudit in dig att gå med i ${organizationName} på ${clientName}",pageTitle:"Inbjudan | ${clientName}",title:"Du har blivit inbjuden"}},ZI={login:{alertListTitle:"Meddelanden",buttonText:"Fortsätt",description:"Logga in på ${clientName}.",editEmailText:"Redigera",emailPlaceholder:"E-postadress",enterACodeBtn:"Logga in med en kod",federatedConnectionButtonText:"Fortsätt med ${connectionName}",footerLinkText:"Registrera dig",footerText:"Har du inget konto?",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord",invalidEmail:"Ogiltig e-postadress",invalidIdentifier:"Ogiltig e-postadress eller användarnamn",invitationDescription:"Logga in för att acceptera ${inviterName}s inbjudan att gå med i ${companyName} på ${clientName}.",invitationTitle:"Du har blivit inbjuden!",logoAltText:"${companyName}","no-email":"Vänligen ange en e-postadress","no-password":"Lösenord krävs",pageTitle:"Logga in | ${clientName}",passwordLoginNotAvailable:"Lösenordsinloggning är inte tillgänglig",passwordPlaceholder:"Lösenord",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",signupActionLinkText:"Registrera dig",signupActionText:"Har du inget konto?",title:"Välkommen",tooManyFailedLogins:"För många misslyckade inloggningsförsök. Försök igen senare.",unverifiedEmail:"Verifiera din e-postadress innan du loggar in",userAccountDoesNotExist:"Användarkontot finns inte",usernamePlaceholder:"Användarnamn eller e-postadress",usernameTooLong:"Användarnamnet får vara högst ${max} tecken",usernameTooShort:"Användarnamnet måste vara minst ${min} tecken",wrongCredentials:"Fel användarnamn eller lösenord",passkeyButtonText:"Logga in med passkey"}},XI={mfa:{backupCodeText:"Använd reservkod",description:"Välj en verifieringsmetod",pageTitle:"Multifaktorautentisering | ${clientName}",title:"Verifiera din identitet"}},e$={"passkey-enrollment-nudge":{title:"Skydda ditt konto med en nyckel",description:"Nycklar använder enhetens biometri eller PIN-kod för att logga in snabbare och säkrare.",enrollButtonText:"Konfigurera nyckel",snoozeButtonText:"Kanske senare",optOutLinkText:"Visa inte detta igen",pageTitle:"Konfigurera Nyckel | ${clientName}"},"passkey-enrollment":{title:"Skapa din nyckel",description:"Följ anvisningarna från din webbläsare för att skapa en nyckel för detta konto.",errorMessage:"Det gick inte att skapa nyckeln. Försök igen.",cancelLinkText:"Hoppa över för nu",retryButtonText:"Försök igen",enrollmentComplete:"Din nyckel har konfigurerats. Du kan stänga denna sida.",pageTitle:"Skapa Nyckel | ${clientName}"},"passkey-challenge":{title:"Logga in med passkey",description:"Följ instruktionerna från din webbläsare för att verifiera din identitet.",errorMessage:"Autentisering med passkey misslyckades. Försök igen.",cancelLinkText:"Tillbaka till inloggning",retryButtonText:"Försök igen",pageTitle:"Logga in med passkey | ${clientName}"}},t$={organizations:{description:"Välj vilken organisation du vill logga in på",pageTitle:"Välj organisation | ${clientName}",searchPlaceholder:"Sök organisationer",title:"Välj din organisation"}},n$={signup:{buttonText:"Registrera dig",confirmPasswordPlaceholder:"Bekräfta lösenord",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.","email-already-exists":"E-postadressen är redan upptagen",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}",hidePasswordText:"Dölj lösenord","invalid-email-format":"Ogiltig e-postadress",loginActionLinkText:"Logga in",loginActionText:"Har du redan ett konto?","no-email":"Vänligen ange en e-postadress","no-password":"Lösenord krävs","no-username":"Användarnamn krävs",pageTitle:"Registrera dig | ${clientName}",passwordPlaceholder:"Lösenord",passwordsDidntMatch:"Lösenorden matchar inte",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Integritetspolicy",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",termsOfServiceLinkText:"Användarvillkor",termsText:"Genom att registrera dig godkänner du våra",title:"Välj lösenord","username-already-exists":"Användarnamnet är redan taget",usernamePlaceholder:"Användarnamn",verifyEmailText:"Kontrollera din e-post för att verifiera ditt konto"}},i$={status:{continueButtonText:"Fortsätt",errorTitle:"Fel",pageTitle:"Status | ${clientName}",successTitle:"Klart",title:"Status"}},n9={common:JI,consent:YI,"device-flow":{"device-flow":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Ange koden som visas på din enhet","expired-code":"Koden har gått ut","invalid-code":"Koden du angav är ogiltig",pageTitle:"Enhetsaktivering | ${clientName}",title:"Aktivera din enhet"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Logga in",codeLabel:"Verifieringskod",codePlaceholder:"Ange kod",defaultDescription:"Ange verifieringskoden som skickades till din e-post",description:"Vi skickade en kod till ${email}","invalid-code":"Ogiltig kod",noCode:"Ange verifieringskoden",pageTitle:"Ange kod | ${clientName}",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Kolla din e-post",unexpectedError:"Ett oväntat fel uppstod"}},"email-verification":{"email-verification":{description:"Vi skickade ett e-postmeddelande till ${email}",pageTitle:"Verifiera e-post | ${clientName}",resendText:"Skicka koden igen",successDescription:"Din e-postadress har verifierats.",successTitle:"E-post verifierad",title:"Ange engångskod"}},invitation:QI,login:ZI,"login-id":{"login-id":{alertListTitle:"Meddelanden","auth0-users-validation":"Något gick fel, försök igen senare","authentication-failure":"Vi beklagar, något gick fel vid inloggningsförsöket",buttonText:"Fortsätt","captcha-client-failure":"Vi kunde inte ladda säkerhetsutmaningen. Försök igen. (Felkod: #{errorCode})","captcha-validation-failure":"Vi beklagar, något gick fel vid validering av captcha-svaret. Försök igen.",captchaCodePlaceholder:"Ange koden som visas ovan","custom-script-error-code":"Något gick fel, försök igen senare.",description:"Logga in på ${clientName}.",editEmailText:"Redigera",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}",footerLinkText:"Registrera dig",footerText:"Har du inget konto?",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord","invalid-captcha":"Lös utmaningen för att verifiera att du inte är en robot.","invalid-code":"Ogiltig kod","invalid-connection":"Ogiltig anslutning","invalid-email-format":"Ogiltig e-postadress","invalid-email-phone":"Ange en giltig e-postadress eller telefonnummer. Telefonnummer måste innehålla landskod.","invalid-email-phone-username":"Ange en giltig e-postadress, telefonnummer eller användarnamn. Telefonnummer måste innehålla landskod.","invalid-email-username":"Ange en giltig e-postadress eller användarnamn","invalid-expired-code":"Ogiltig eller utgången användarkod","invalid-login-id":"Ogiltigt inloggnings-ID angivet","invalid-phone-username":"Ange ett giltigt telefonnummer eller användarnamn. Telefonnummer måste innehålla landskod.","invalid-recaptcha":"Markera kryssrutan för att verifiera att du inte är en robot.","invalid-username":"Användarnamn kan bara innehålla alfanumeriska tecken eller: '${characters}'. Användarnamn ska vara mellan ${min} och ${max} tecken.",invitationDescription:"Logga in för att acceptera ${inviterName}s inbjudan att gå med i ${companyName} på ${clientName}.",invitationTitle:"Du har blivit inbjuden!","ip-blocked":"Vi har upptäckt misstänkt inloggningsaktivitet och ytterligare försök kommer att blockeras. Kontakta administratören.",logoAltText:"${companyName}","no-db-connection":"Ogiltig anslutning","no-email":"Vänligen ange en e-postadress","no-email-phone":"E-postadress eller telefonnummer krävs","no-email-phone-username":"Telefonnummer, användarnamn eller e-postadress krävs","no-email-username":"E-postadress eller användarnamn krävs","no-password":"Lösenord krävs","no-phone":"Ange ett telefonnummer","no-phone-username":"Telefonnummer eller användarnamn krävs","no-username":"Användarnamn krävs",pageTitle:"Logga in | ${clientName}","password-breached":"Vi har upptäckt ett potentiellt säkerhetsproblem med detta konto. För att skydda ditt konto har vi förhindrat denna inloggning. Återställ ditt lösenord för att fortsätta.",passwordPlaceholder:"Lösenord",phoneOrEmailPlaceholder:"E-post eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, användarnamn eller e-post",phoneOrUsernamePlaceholder:"Telefonnummer eller användarnamn",phonePlaceholder:"Telefonnummer","same-user-login":"För många inloggningsförsök för denna användare. Vänta en stund och försök igen.",selectCountryCode:"Välj landskod, för närvarande inställd på ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",signupActionLinkText:"Registrera dig",signupActionText:"Har du inget konto?",termsAndConditionsTemplate:'Genom att fortsätta godkänner du våra <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Villkor</a>.',title:"Välkommen","user-blocked":"Ditt konto har blockerats efter flera misslyckade inloggningsförsök i rad.",userAccountDoesNotExist:"Användarkontot finns inte",usernameOnlyPlaceholder:"Användarnamn",usernameOrEmailPlaceholder:"Användarnamn eller e-postadress",usernamePlaceholder:"Användarnamn",usernameTooLong:"Användarnamnet får vara högst ${max} tecken",usernameTooShort:"Användarnamnet måste vara minst ${min} tecken","wrong-credentials":"Fel användarnamn eller lösenord","wrong-email-credentials":"Fel e-postadress eller lösenord","wrong-email-phone-credentials":"Fel e-postadress, telefonnummer eller lösenord. Telefonnummer måste innehålla landskod.","wrong-email-phone-username-credentials":"Fel e-postadress, telefonnummer, användarnamn eller lösenord. Telefonnummer måste innehålla landskod.","wrong-email-username-credentials":"Fel e-postadress, användarnamn eller lösenord","wrong-phone-credentials":"Fel telefonnummer eller lösenord","wrong-phone-username-credentials":"Fel telefonnummer, användarnamn eller lösenord. Telefonnummer måste innehålla landskod.","wrong-username-credentials":"Fel användarnamn eller lösenord",passkeyButtonText:"Logga in med passkey"}},"login-password":{"login-password":{buttonText:"Logga in",description:"Ange din e-postadress och ditt lösenord för att logga in.",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord","no-password":"Lösenord krävs",pageTitle:"Logga in | ${clientName}","password-breached":"Vi har upptäckt ett potentiellt säkerhetsproblem med detta konto. För att skydda ditt konto har vi förhindrat denna inloggning. Återställ ditt lösenord för att fortsätta.",passwordPlaceholder:"Lösenord",showPasswordText:"Visa lösenord",signingInAs:"Loggar in som ${email}",title:"Ange lösenord",unverifiedEmail:"Verifiera din e-postadress innan du loggar in","user-blocked":"Ditt konto har blockerats efter flera misslyckade inloggningsförsök i rad.","wrong-credentials":"Fel lösenord"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-post",authMethodEmailOrPhone:"e-post eller telefonnummer",authMethodPhone:"telefonnummer",description:"Logga in med din ${authMethod}",emailOrPhonePlaceholder:"E-postadress eller telefonnummer",emailPlaceholder:"E-postadress",invalidEmail:"Ange en giltig e-postadress",invalidIdentifier:"Ange en giltig e-postadress eller telefonnummer",invalidPhone:"Ange ett giltigt telefonnummer med landskod",noEmail:"Ange din e-postadress",noPhone:"Ange ditt telefonnummer",phonePlaceholder:"Telefonnummer",sessionExpired:"Din session har gått ut. Försök igen.",title:"Logga in med en kod",userAccountDoesNotExist:"Användarkontot finns inte"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klicka på länken i ditt e-postmeddelande för att logga in",description:"Vi skickade en länk till ${username}. Klicka på den för att logga in.",resendText:"Skicka länken igen",spamText:"Fick du inte e-postmeddelandet? Kolla din skräppost.",title:"Kolla din e-post"}},mfa:XI,"mfa-email":{"mfa-email":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Vi skickade en kod till ${email}","invalid-code":"Koden du angav är ogiltig",pageTitle:"E-postverifiering | ${clientName}",resendText:"Skicka koden igen",title:"Kolla din e-post"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Ange den 6-siffriga koden från din autentiseringsapp","invalid-code":"Koden du angav är ogiltig",pageTitle:"Ange kod | ${clientName}",title:"Ange din kod"},"mfa-totp-enrollment":{title:"Konfigurera autentiseringsapp",description:"Skanna QR-koden nedan med din autentiseringsapp och ange sedan den 6-siffriga koden för att verifiera",secretLabel:"Eller ange denna kod manuellt:",codePlaceholder:"Ange kod",continueButtonText:"Verifiera och aktivera","invalid-code":"Koden du angav är ogiltig. Försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.",pageTitle:"Konfigurera autentiseringsapp | ${clientName}",unexpectedError:"Något gick fel. Försök igen.",enrollmentComplete:"MFA-registreringen är klar. Du kan stänga denna sida."},"mfa-totp-challenge":{title:"Verifiera din identitet",description:"Ange den 6-siffriga koden från din autentiseringsapp",codePlaceholder:"Ange kod",continueButtonText:"Fortsätt","invalid-code":"Koden du angav är ogiltig","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.",unexpectedError:"Något gick fel. Försök igen.",pageTitle:"Verifiera identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Använd ditt telefonnummer för att logga in | ${clientName}",title:"Verifiera din identitet",description:"Vi skickade en kod till ${phoneNumber}",continueButtonText:"Fortsätt",changePhoneText:"Välj ett annat telefonnummer.",smsButtonText:"SMS",voiceButtonText:"Röstsamtal",chooseMessageTypeText:"Hur vill du ta emot koden?",pickAuthenticatorText:"Prova en annan metod",logoAltText:"${companyName}",codePlaceholder:"Ange kod","send-sms-failed":"Det gick inte att skicka SMS:et","send-voice-failed":"Det gick inte att ringa röstsamtalet","invalid-phone-format":"Telefonnumret kan bara innehålla siffror.","invalid-phone":"Det verkar som att ditt telefonnummer inte är giltigt. Kontrollera och försök igen.","too-many-sms":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","too-many-voice":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.","no-phone":"Ange ett telefonnummer",noCode:"Ange verifieringskoden",invalidCode:"Koden du angav är ogiltig. Försök igen.",unexpectedError:"Något gick fel. Försök igen.",resendSuccess:"Vi skickade en ny kod till din telefon",enrollmentComplete:"MFA-registreringen är klar. Du kan stänga denna sida."},"mfa-phone-enrollment":{pageTitle:"Ange ditt telefonnummer för att logga in med en telefonkod | ${clientName}",title:"Säkra ditt konto",description:"Ange din landskod och telefonnummer som vi kan skicka en 6-siffrig kod till:",continueButtonText:"Fortsätt",smsButtonText:"SMS",voiceButtonText:"Röstsamtal",chooseMessageTypeText:"Hur vill du ta emot koden?",pickAuthenticatorText:"Prova en annan metod",placeholder:"Ange ditt telefonnummer",logoAltText:"${companyName}",selectCountryCode:"Välj landskod, för närvarande inställd på ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Det gick inte att skicka SMS:et","send-voice-failed":"Det gick inte att ringa röstsamtalet","sms-authenticator-error":"Vi kunde inte skicka SMS:et. Försök igen senare.","invalid-phone-format":"Telefonnumret kan bara innehålla siffror.","invalid-phone":"Det verkar som att ditt telefonnummer inte är giltigt. Kontrollera och försök igen.","too-many-sms":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","too-many-voice":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.","no-phone":"Ange ett telefonnummer","phone-is-too-short":"Telefonnumret är för kort","phone-is-too-long":"Telefonnumret är för långt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Välj verifieringsmetod | ${clientName}",title:"Välj din verifieringsmetod",description:"Välj hur du vill verifiera din identitet",authenticatorAppLabel:"Autentiseringsapp",authenticatorAppDescription:"Använd din autentiseringsapp för att få en verifieringskod",smsLabel:"Sms",smsDescription:"Få en verifieringskod skickad till din telefon",passkeyLabel:"Lösenordsnyckel",passkeyDescription:"Använd din enhets biometri eller säkerhetsnyckel"}},"mfa-push":{"mfa-push":{description:"Vi skickade en notis till din enhet",pageTitle:"Push-notis | ${clientName}",resendText:"Skicka notisen igen",title:"Godkänn förfrågan",useCodeText:"Ange kod manuellt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsätt",codePlaceholder:"Återställningskod",description:"Ange en av dina återställningskoder","invalid-code":"Återställningskoden du angav är ogiltig",pageTitle:"Återställningskod | ${clientName}",title:"Ange återställningskod"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring mig",codePlaceholder:"Ange kod",description:"Vi ringer ${phoneNumber} med din kod","invalid-code":"Koden du angav är ogiltig",pageTitle:"Röstsamtal | ${clientName}",title:"Ta emot ett telefonsamtal"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Försök igen",description:"Sätt in din säkerhetsnyckel och följ instruktionerna",pageTitle:"Säkerhetsnyckel | ${clientName}",title:"Använd din säkerhetsnyckel"}},passkeys:e$,organizations:t$,"reset-password":{"reset-password":{backToLoginText:"Gå tillbaka",buttonText:"Skicka",codeExpired:"Din kod för lösenordsåterställning har gått ut. Begär en ny.",confirmPasswordLabel:"Bekräfta lösenord",confirmPasswordPlaceholder:"Bekräfta lösenord",description:"Klicka på knappen nedan så skickar vi instruktioner om hur du återställer ditt lösenord.",emailPlaceholder:"E-postadress",failed:"Lösenordsåterställningen misslyckades. Försök igen.","invalid-email-format":"Ogiltig e-postadress","no-email":"Vänligen ange en e-postadress",pageTitle:"Återställ lösenord | ${clientName}",passwordLabel:"Nytt lösenord",passwordPlaceholder:"Nytt lösenord",passwordTooWeak:"Lösenordet är för svagt",passwordsDidntMatch:"Lösenorden matchar inte",successDescription:"Vi har skickat en länk för lösenordsåterställning till din e-postadress.",successTitle:"Vi har skickat ett e-postmeddelande med instruktioner om hur du återställer ditt lösenord till den e-postadress du angav.",title:"Har du glömt lösenordet?","user-not-found":"Användaren hittades inte"},"reset-password-code":{backToLoginText:"Tillbaka till inloggning",buttonText:"Återställ lösenord",codeLabel:"Återställningskod",codePlaceholder:"Ange 6-siffrig kod",confirmPasswordLabel:"Bekräfta lösenord",confirmPasswordPlaceholder:"Bekräfta lösenord",defaultDescription:"Ange koden som skickades till din e-post och välj ett nytt lösenord",description:"Vi skickade en kod till ${email}",failed:"Lösenordsåterställningen misslyckades. Försök igen.",invalidCode:"Koden du angav är ogiltig eller har gått ut",noCode:"Vänligen ange återställningskoden",pageTitle:"Ange återställningskod | ${clientName}",passwordLabel:"Nytt lösenord",passwordPlaceholder:"Nytt lösenord",passwordTooWeak:"Lösenordet är för svagt",passwordsDidntMatch:"Lösenorden matchar inte",resendFailed:"Kunde inte skicka koden igen. Försök igen.",resendSuccess:"En ny kod har skickats till din e-post",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Ange återställningskod"}},signup:n$,"signup-id":{"signup-id":{buttonText:"Fortsätt",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.","email-already-exists":"E-postadressen är redan upptagen",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}","invalid-email-format":"Ogiltig e-postadress",loginActionLinkText:"Logga in",loginActionText:"Har du redan ett konto?","no-email":"Vänligen ange en e-postadress",pageTitle:"Registrera dig | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Välj lösenord",usernamePlaceholder:"Användarnamn"}},"signup-password":{"signup-password":{buttonText:"Fortsätt",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.",hidePasswordText:"Dölj lösenord","no-password":"Lösenord krävs",pageTitle:"Registrera dig | ${clientName}","password-policy-not-met":"Lösenordet uppfyller inte kraven","password-too-weak":"Lösenordet är för svagt",passwordPlaceholder:"Lösenord",showPasswordText:"Visa lösenord",title:"Välj lösenord"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Fortsätt",codeLabel:"Verifieringskod",codePlaceholder:"Ange kod",defaultDescription:"Ange verifieringskoden som skickades till din telefon",description:"Vi skickade en kod till ${username}","invalid-code":"Ogiltig kod",noCode:"Ange verifieringskoden",pageTitle:"Ange kod | ${clientName}",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Kolla din telefon",unexpectedError:"Ett oväntat fel uppstod"}},status:i$},i9=Object.freeze(Object.defineProperty({__proto__:null,common:JI,consent:YI,default:n9,invitation:QI,login:ZI,mfa:XI,organizations:t$,passkeys:e$,signup:n$,status:i$},Symbol.toStringTag,{value:"Module"})),r$=["cs","da","en","fi","it","nb","pl","sv"],Xp="en",r9={cs:"Čeština",da:"Dansk",en:"English",fi:"Suomi",it:"Italiano",nb:"Norsk",pl:"Polski",sv:"Svenska"},o9=r9;function s9(e){return o9[e]??e}const a9=Object.assign({"../../locales/cs.json":qj,"../../locales/da.json":Vj,"../../locales/en.json":Gj,"../../locales/fi.json":Jj,"../../locales/it.json":Qj,"../../locales/nb.json":Xj,"../../locales/pl.json":t9,"../../locales/sv.json":i9}),sd={};for(const[e,t]of Object.entries(a9)){const n=e.match(/\/(\w+)\.json$/)?.[1];n&&(sd[n]=t.default||t)}const o$={},NA=sd[Xp];if(NA)for(const[e,t]of Object.entries(NA))for(const[n,i]of Object.entries(t)){const r={};for(const o of Object.keys(i))r[o]=s.z.string();o$[`${e}.${n}`]=s.z.object(r)}function c9(e,t){if(!t)return e;let n=e;for(const[i,r]of Object.entries(t))if(r!==void 0){const o=i.replace(/[.*+?^${}()|[\]\\]/g,"\\$&");n=n.replace(new RegExp(`\\$\\{${o}\\}`,"g"),String(r)).replace(new RegExp(`#\\{${o}\\}`,"g"),String(r)).replace(new RegExp(`\\{${o}\\}`,"g"),String(r))}return n}function l9(e){const t=e.split("-")[0]?.toLowerCase()||Xp;return r$.includes(t)?t:Xp}function Ee(e,t,n,i){const r=l9(n),o=sd[Xp]?.[e]?.[t]??{},a=sd[r]?.[e]?.[t]??{},c={...o,...a},l=i?.[t]??{},d={...c,...l},u=o$[`${e}.${t}`];if(u){const h=u.safeParse(d);h.success||console.warn(`[i18n] Missing translations for ${e}.${t} (${r}):`,h.error.issues.map(g=>g.path.join(".")).join(", "))}const p={};for(const[h,g]of Object.entries(d))p[h]=m=>c9(g,m);return{m:new Proxy(p,{get:(h,g)=>h[g]??(()=>g)}),locale:r}}function d9(e){const t=e?.language?.split("-")[0]?.toLowerCase(),n=[];for(const[i,r]of Object.entries(sd))if(!(t&&i!==t))for(const[o,a]of Object.entries(r))e?.prompt&&o!==e.prompt||n.push({prompt:o,language:i,custom_text:a});return n}function gc(e,t){const n=Bj(e,"ah-dark-mode");if(n==="dark"||n==="light"||n==="auto")return n;const i=t?.dark_mode;return i==="dark"||i==="light"||i==="auto"?i:"auto"}const ef={"--ah-color-text":"#f9fafb","--ah-color-text-muted":"#9ca3af","--ah-color-text-label":"#d1d5db","--ah-color-header":"#f9fafb","--ah-color-bg":"#1f2937","--ah-color-bg-hover":"#374151","--ah-color-bg-muted":"#374151","--ah-color-bg-disabled":"#4b5563","--ah-color-input-bg":"#374151","--ah-color-border":"#4b5563","--ah-color-border-hover":"#6b7280","--ah-color-border-muted":"#374151","--ah-color-error-bg":"rgba(220,38,38,0.2)","--ah-color-success-bg":"rgba(22,163,74,0.2)","--ah-color-link":"#60a5fa"};function s$(e){const t=e.replace("#",""),n=parseInt(t,16);return[n>>16&255,n>>8&255,n&255]}function PA(e){const[t,n,i]=s$(e).map(r=>{const o=r/255;return o<=.04045?o/12.92:Math.pow((o+.055)/1.055,2.4)});return .2126*t+.7152*n+.0722*i}function Fi(e,t){const n=PA(e),i=PA(t);return(Math.max(n,i)+.05)/(Math.min(n,i)+.05)}function a$(e,t){const[n,i,r]=s$(e),o=a=>Math.min(255,Math.round(a+(255-a)*t)).toString(16).padStart(2,"0");return`#${o(n)}${o(i)}${o(r)}`}function FA(e,t){const n={...ef};if(t){const r=ef["--ah-color-bg"];if(Fi(t,r)<3){let d=t;for(let u=1;u<=10&&(d=a$(t,u*.1),!(Fi(d,r)>=3));u++);n["--ah-color-primary"]=d,n["--ah-color-primary-hover"]=d}const o=1.35,a=n["--ah-color-primary"]||t,c=Fi(a,"#ffffff"),l=Fi(a,"#000000");n["--ah-color-text-on-primary"]=l>c*o?"#000000":"#ffffff"}const i=Object.entries(n).map(([r,o])=>`${r}: ${o} !important`).join("; ");return`${e} { ${i}; }`}const u9="(function(btn){var h=document.documentElement;var cur=h.classList.contains('ah-dark-mode')?'dark':h.classList.contains('ah-light-mode')?'light':'auto';var next=cur==='auto'?'dark':cur==='dark'?'light':'auto';h.classList.remove('ah-dark-mode','ah-light-mode');if(next==='dark'){h.classList.add('ah-dark-mode');h.setAttribute('data-mode','dark')}else if(next==='light'){h.classList.add('ah-light-mode');h.setAttribute('data-mode','light')}else{h.removeAttribute('data-mode')}btn.querySelector('.icon-sun').style.display=next==='light'?'block':'none';btn.querySelector('.icon-moon').style.display=next==='dark'?'block':'none';btn.querySelector('.icon-auto').style.display=next==='auto'?'block':'none';document.cookie='ah-dark-mode='+next+';path=/;max-age=31536000;SameSite=Lax';if(window.__ahDarkMode){window.__ahDarkMode(next)}})(this)",p9="var p=new URLSearchParams(window.location.search);p.set('ui_locales',this.value);window.location.search=p.toString()";function c$({logoUrl:e,clientName:t}){const n=e?mn(e):null;return S("div",{class:"ah-chip ah-chip-logo","data-ah-slot":"top-left",children:n?S("img",{src:n,alt:t}):S("span",{class:"ah-logo-text",children:t})})}function l$({darkMode:e}){return S("button",{type:"button","aria-label":"Toggle dark mode",onclick:u9,children:[S("svg",{class:"icon-auto",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="auto"?void 0:"display:none",children:[S("circle",{cx:"12",cy:"12",r:"9"}),S("path",{d:"M12 3a9 9 0 0 1 0 18",fill:"currentColor"})]}),S("svg",{class:"icon-sun",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="light"?void 0:"display:none",children:[S("circle",{cx:"12",cy:"12",r:"5"}),S("line",{x1:"12",y1:"1",x2:"12",y2:"3"}),S("line",{x1:"12",y1:"21",x2:"12",y2:"23"}),S("line",{x1:"4.22",y1:"4.22",x2:"5.64",y2:"5.64"}),S("line",{x1:"18.36",y1:"18.36",x2:"19.78",y2:"19.78"}),S("line",{x1:"1",y1:"12",x2:"3",y2:"12"}),S("line",{x1:"21",y1:"12",x2:"23",y2:"12"})]}),S("svg",{class:"icon-moon",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="dark"?void 0:"display:none",children:S("path",{d:"M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"})})]})}function d$({language:e,availableLanguages:t}){return!t||t.length<2?null:S("div",{class:"ah-lang",children:[S("svg",{width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",children:[S("circle",{cx:"12",cy:"12",r:"10"}),S("path",{d:"M2 12h20"}),S("path",{d:"M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"})]}),S("select",{"aria-label":"Language",onchange:p9,children:t.map(n=>S("option",{value:n,selected:n===e,children:s9(n)}))})]})}function u$({darkMode:e,language:t,availableLanguages:n}){return S("div",{class:"ah-chip ah-chip-settings","data-ah-slot":"top-right",children:[S(l$,{darkMode:e}),n&&S(d$,{language:t,availableLanguages:n})]})}function p$({url:e,href:t,alt:n,height:i}){const r=mn(e),o=t?mn(t):null;if(!r)return null;const a=S("img",{src:r,alt:n||"",height:i||18});return S("div",{class:"ah-chip ah-chip-trust","data-ah-slot":"bottom-left",children:o?S("a",{href:o,target:"_blank",rel:"noopener noreferrer",children:a}):a})}function f$({termsAndConditionsUrl:e,language:t}){if(!e)return null;const{m:n}=Ee("common","common",t||"en");return S("div",{class:"ah-chip-legal","data-ah-slot":"bottom-right",children:S("a",{href:e,target:"_blank",rel:"noopener noreferrer",children:n.termsShortText()})})}function h$(e,t){const n=[],i=gn(e?.colors?.primary);i&&n.push(`--ah-color-primary: ${i}`);const r=gn(t?.colors?.primary_button)||i;if(r){const a=Fi(r,"#ffffff"),l=Fi(r,"#000000")>a*1.35?"#000000":"#ffffff";n.push(`--ah-color-text-on-primary: ${l}`)}return n.length>0?n.join("; ")+"; width: clamp(320px, 100%, 400px);":"width: clamp(320px, 100%, 400px);"}function f9(e){const{primaryColor:t,themePrimary:n,widgetBackground:i}=e;return`
1
+ "use strict";var kF=Object.create;var rA=Object.defineProperty;var SF=Object.getOwnPropertyDescriptor;var EF=Object.getOwnPropertyNames;var CF=Object.getPrototypeOf,TF=Object.prototype.hasOwnProperty;var xF=(e,t,n,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of EF(t))!TF.call(e,r)&&r!==n&&rA(e,r,{get:()=>t[r],enumerable:!(i=SF(t,r))||i.enumerable});return e};var IF=(e,t,n)=>(n=e!=null?kF(CF(e)):{},xF(t||!e||!e.__esModule?rA(n,"default",{value:e,enumerable:!0}):n,e));Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const s=require("@hono/zod-openapi");var N=class extends Error{res;status;constructor(e=500,t){super(t?.message,{cause:t?.cause}),this.res=t?.res,this.status=e}getResponse(){return this.res?new Response(this.res.body,{status:this.status,headers:this.res.headers}):new Response(this.message,{status:this.status})}};const Ie=e=>typeof e=="string",qc=()=>{let e,t;const n=new Promise((i,r)=>{e=i,t=r});return n.resolve=e,n.reject=t,n},oA=e=>e==null?"":""+e,$F=(e,t,n)=>{e.forEach(i=>{t[i]&&(n[i]=t[i])})},zF=/###/g,sA=e=>e&&e.indexOf("###")>-1?e.replace(zF,"."):e,aA=e=>!e||Ie(e),Ll=(e,t,n)=>{const i=Ie(t)?t.split("."):t;let r=0;for(;r<i.length-1;){if(aA(e))return{};const o=sA(i[r]);!e[o]&&n&&(e[o]=new n),Object.prototype.hasOwnProperty.call(e,o)?e=e[o]:e={},++r}return aA(e)?{}:{obj:e,k:sA(i[r])}},cA=(e,t,n)=>{const{obj:i,k:r}=Ll(e,t,Object);if(i!==void 0||t.length===1){i[r]=n;return}let o=t[t.length-1],a=t.slice(0,t.length-1),c=Ll(e,a,Object);for(;c.obj===void 0&&a.length;)o=`${a[a.length-1]}.${o}`,a=a.slice(0,a.length-1),c=Ll(e,a,Object),c?.obj&&typeof c.obj[`${c.k}.${o}`]<"u"&&(c.obj=void 0);c.obj[`${c.k}.${o}`]=n},NF=(e,t,n,i)=>{const{obj:r,k:o}=Ll(e,t,Object);r[o]=r[o]||[],r[o].push(n)},$p=(e,t)=>{const{obj:n,k:i}=Ll(e,t);if(n&&Object.prototype.hasOwnProperty.call(n,i))return n[i]},PF=(e,t,n)=>{const i=$p(e,n);return i!==void 0?i:$p(t,n)},xC=(e,t,n)=>{for(const i in t)i!=="__proto__"&&i!=="constructor"&&(i in e?Ie(e[i])||e[i]instanceof String||Ie(t[i])||t[i]instanceof String?n&&(e[i]=t[i]):xC(e[i],t[i],n):e[i]=t[i]);return e},Ao=e=>e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&");var FF={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;"};const OF=e=>Ie(e)?e.replace(/[&<>"'\/]/g,t=>FF[t]):e;class RF{constructor(t){this.capacity=t,this.regExpMap=new Map,this.regExpQueue=[]}getRegExp(t){const n=this.regExpMap.get(t);if(n!==void 0)return n;const i=new RegExp(t);return this.regExpQueue.length===this.capacity&&this.regExpMap.delete(this.regExpQueue.shift()),this.regExpMap.set(t,i),this.regExpQueue.push(t),i}}const jF=[" ",",","?","!",";"],DF=new RF(20),LF=(e,t,n)=>{t=t||"",n=n||"";const i=jF.filter(a=>t.indexOf(a)<0&&n.indexOf(a)<0);if(i.length===0)return!0;const r=DF.getRegExp(`(${i.map(a=>a==="?"?"\\?":a).join("|")})`);let o=!r.test(e);if(!o){const a=e.indexOf(n);a>0&&!r.test(e.substring(0,a))&&(o=!0)}return o},Sy=(e,t,n=".")=>{if(!e)return;if(e[t])return Object.prototype.hasOwnProperty.call(e,t)?e[t]:void 0;const i=t.split(n);let r=e;for(let o=0;o<i.length;){if(!r||typeof r!="object")return;let a,c="";for(let l=o;l<i.length;++l)if(l!==o&&(c+=n),c+=i[l],a=r[c],a!==void 0){if(["string","number","boolean"].indexOf(typeof a)>-1&&l<i.length-1)continue;o+=l-o+1;break}r=a}return r},Zl=e=>e?.replace(/_/g,"-"),BF={type:"logger",log(e){this.output("log",e)},warn(e){this.output("warn",e)},error(e){this.output("error",e)},output(e,t){console?.[e]?.apply?.(console,t)}};class zp{constructor(t,n={}){this.init(t,n)}init(t,n={}){this.prefix=n.prefix||"i18next:",this.logger=t||BF,this.options=n,this.debug=n.debug}log(...t){return this.forward(t,"log","",!0)}warn(...t){return this.forward(t,"warn","",!0)}error(...t){return this.forward(t,"error","")}deprecate(...t){return this.forward(t,"warn","WARNING DEPRECATED: ",!0)}forward(t,n,i,r){return r&&!this.debug?null:(Ie(t[0])&&(t[0]=`${i}${this.prefix} ${t[0]}`),this.logger[n](t))}create(t){return new zp(this.logger,{prefix:`${this.prefix}:${t}:`,...this.options})}clone(t){return t=t||this.options,t.prefix=t.prefix||this.prefix,new zp(this.logger,t)}}var Pi=new zp;class bh{constructor(){this.observers={}}on(t,n){return t.split(" ").forEach(i=>{this.observers[i]||(this.observers[i]=new Map);const r=this.observers[i].get(n)||0;this.observers[i].set(n,r+1)}),this}off(t,n){if(this.observers[t]){if(!n){delete this.observers[t];return}this.observers[t].delete(n)}}emit(t,...n){this.observers[t]&&Array.from(this.observers[t].entries()).forEach(([r,o])=>{for(let a=0;a<o;a++)r(...n)}),this.observers["*"]&&Array.from(this.observers["*"].entries()).forEach(([r,o])=>{for(let a=0;a<o;a++)r.apply(r,[t,...n])})}}class lA extends bh{constructor(t,n={ns:["translation"],defaultNS:"translation"}){super(),this.data=t||{},this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.options.ignoreJSONStructure===void 0&&(this.options.ignoreJSONStructure=!0)}addNamespaces(t){this.options.ns.indexOf(t)<0&&this.options.ns.push(t)}removeNamespaces(t){const n=this.options.ns.indexOf(t);n>-1&&this.options.ns.splice(n,1)}getResource(t,n,i,r={}){const o=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,a=r.ignoreJSONStructure!==void 0?r.ignoreJSONStructure:this.options.ignoreJSONStructure;let c;t.indexOf(".")>-1?c=t.split("."):(c=[t,n],i&&(Array.isArray(i)?c.push(...i):Ie(i)&&o?c.push(...i.split(o)):c.push(i)));const l=$p(this.data,c);return!l&&!n&&!i&&t.indexOf(".")>-1&&(t=c[0],n=c[1],i=c.slice(2).join(".")),l||!a||!Ie(i)?l:Sy(this.data?.[t]?.[n],i,o)}addResource(t,n,i,r,o={silent:!1}){const a=o.keySeparator!==void 0?o.keySeparator:this.options.keySeparator;let c=[t,n];i&&(c=c.concat(a?i.split(a):i)),t.indexOf(".")>-1&&(c=t.split("."),r=n,n=c[1]),this.addNamespaces(n),cA(this.data,c,r),o.silent||this.emit("added",t,n,i,r)}addResources(t,n,i,r={silent:!1}){for(const o in i)(Ie(i[o])||Array.isArray(i[o]))&&this.addResource(t,n,o,i[o],{silent:!0});r.silent||this.emit("added",t,n,i)}addResourceBundle(t,n,i,r,o,a={silent:!1,skipCopy:!1}){let c=[t,n];t.indexOf(".")>-1&&(c=t.split("."),r=i,i=n,n=c[1]),this.addNamespaces(n);let l=$p(this.data,c)||{};a.skipCopy||(i=JSON.parse(JSON.stringify(i))),r?xC(l,i,o):l={...l,...i},cA(this.data,c,l),a.silent||this.emit("added",t,n,i)}removeResourceBundle(t,n){this.hasResourceBundle(t,n)&&delete this.data[t][n],this.removeNamespaces(n),this.emit("removed",t,n)}hasResourceBundle(t,n){return this.getResource(t,n)!==void 0}getResourceBundle(t,n){return n||(n=this.options.defaultNS),this.getResource(t,n)}getDataByLanguage(t){return this.data[t]}hasLanguageSomeTranslations(t){const n=this.getDataByLanguage(t);return!!(n&&Object.keys(n)||[]).find(r=>n[r]&&Object.keys(n[r]).length>0)}toJSON(){return this.data}}var IC={processors:{},addPostProcessor(e){this.processors[e.name]=e},handle(e,t,n,i,r){return e.forEach(o=>{t=this.processors[o]?.process(t,n,i,r)??t}),t}};const $C=Symbol("i18next/PATH_KEY");function MF(){const e=[],t=Object.create(null);let n;return t.get=(i,r)=>(n?.revoke?.(),r===$C?e:(e.push(r),n=Proxy.revocable(i,t),n.proxy)),Proxy.revocable(Object.create(null),t).proxy}function Sa(e,t){const{[$C]:n}=e(MF()),i=t?.keySeparator??".",r=t?.nsSeparator??":";if(n.length>1&&r){const o=t?.ns,a=Array.isArray(o)?o:null;if(a&&a.length>1&&a.slice(1).includes(n[0]))return`${n[0]}${r}${n.slice(1).join(i)}`}return n.join(i)}const dA={},sm=e=>!Ie(e)&&typeof e!="boolean"&&typeof e!="number";class Np extends bh{constructor(t,n={}){super(),$F(["resourceStore","languageUtils","pluralResolver","interpolator","backendConnector","i18nFormat","utils"],t,this),this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.logger=Pi.create("translator")}changeLanguage(t){t&&(this.language=t)}exists(t,n={interpolation:{}}){const i={...n};if(t==null)return!1;const r=this.resolve(t,i);if(r?.res===void 0)return!1;const o=sm(r.res);return!(i.returnObjects===!1&&o)}extractFromKey(t,n){let i=n.nsSeparator!==void 0?n.nsSeparator:this.options.nsSeparator;i===void 0&&(i=":");const r=n.keySeparator!==void 0?n.keySeparator:this.options.keySeparator;let o=n.ns||this.options.defaultNS||[];const a=i&&t.indexOf(i)>-1,c=!this.options.userDefinedKeySeparator&&!n.keySeparator&&!this.options.userDefinedNsSeparator&&!n.nsSeparator&&!LF(t,i,r);if(a&&!c){const l=t.match(this.interpolator.nestingRegexp);if(l&&l.length>0)return{key:t,namespaces:Ie(o)?[o]:o};const d=t.split(i);(i!==r||i===r&&this.options.ns.indexOf(d[0])>-1)&&(o=d.shift()),t=d.join(r)}return{key:t,namespaces:Ie(o)?[o]:o}}translate(t,n,i){let r=typeof n=="object"?{...n}:n;if(typeof r!="object"&&this.options.overloadTranslationOptionHandler&&(r=this.options.overloadTranslationOptionHandler(arguments)),typeof r=="object"&&(r={...r}),r||(r={}),t==null)return"";typeof t=="function"&&(t=Sa(t,{...this.options,...r})),Array.isArray(t)||(t=[String(t)]),t=t.map(R=>typeof R=="function"?Sa(R,{...this.options,...r}):String(R));const o=r.returnDetails!==void 0?r.returnDetails:this.options.returnDetails,a=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,{key:c,namespaces:l}=this.extractFromKey(t[t.length-1],r),d=l[l.length-1];let u=r.nsSeparator!==void 0?r.nsSeparator:this.options.nsSeparator;u===void 0&&(u=":");const p=r.lng||this.language,f=r.appendNamespaceToCIMode||this.options.appendNamespaceToCIMode;if(p?.toLowerCase()==="cimode")return f?o?{res:`${d}${u}${c}`,usedKey:c,exactUsedKey:c,usedLng:p,usedNS:d,usedParams:this.getUsedParamsDetails(r)}:`${d}${u}${c}`:o?{res:c,usedKey:c,exactUsedKey:c,usedLng:p,usedNS:d,usedParams:this.getUsedParamsDetails(r)}:c;const h=this.resolve(t,r);let g=h?.res;const m=h?.usedKey||c,_=h?.exactUsedKey||c,w=["[object Number]","[object Function]","[object RegExp]"],y=r.joinArrays!==void 0?r.joinArrays:this.options.joinArrays,v=!this.i18nFormat||this.i18nFormat.handleAsObject,A=r.count!==void 0&&!Ie(r.count),b=Np.hasDefaultValue(r),k=A?this.pluralResolver.getSuffix(p,r.count,r):"",C=r.ordinal&&A?this.pluralResolver.getSuffix(p,r.count,{ordinal:!1}):"",$=A&&!r.ordinal&&r.count===0,z=$&&r[`defaultValue${this.options.pluralSeparator}zero`]||r[`defaultValue${k}`]||r[`defaultValue${C}`]||r.defaultValue;let P=g;v&&!g&&b&&(P=z);const I=sm(P),F=Object.prototype.toString.apply(P);if(v&&P&&I&&w.indexOf(F)<0&&!(Ie(y)&&Array.isArray(P))){if(!r.returnObjects&&!this.options.returnObjects){this.options.returnedObjectHandler||this.logger.warn("accessing an object - but returnObjects options is not enabled!");const R=this.options.returnedObjectHandler?this.options.returnedObjectHandler(m,P,{...r,ns:l}):`key '${c} (${this.language})' returned an object instead of string.`;return o?(h.res=R,h.usedParams=this.getUsedParamsDetails(r),h):R}if(a){const R=Array.isArray(P),O=R?[]:{},j=R?_:m;for(const B in P)if(Object.prototype.hasOwnProperty.call(P,B)){const M=`${j}${a}${B}`;b&&!g?O[B]=this.translate(M,{...r,defaultValue:sm(z)?z[B]:void 0,joinArrays:!1,ns:l}):O[B]=this.translate(M,{...r,joinArrays:!1,ns:l}),O[B]===M&&(O[B]=P[B])}g=O}}else if(v&&Ie(y)&&Array.isArray(g))g=g.join(y),g&&(g=this.extendTranslation(g,t,r,i));else{let R=!1,O=!1;!this.isValidLookup(g)&&b&&(R=!0,g=z),this.isValidLookup(g)||(O=!0,g=c);const B=(r.missingKeyNoValueFallbackToKey||this.options.missingKeyNoValueFallbackToKey)&&O?void 0:g,M=b&&z!==g&&this.options.updateMissing;if(O||R||M){if(this.logger.log(M?"updateKey":"missingKey",p,d,c,M?z:g),a){const Z=this.resolve(c,{...r,keySeparator:!1});Z&&Z.res&&this.logger.warn("Seems the loaded translations were in flat JSON format instead of nested. Either set keySeparator: false on init or make sure your translations are published in nested format.")}let V=[];const W=this.languageUtils.getFallbackCodes(this.options.fallbackLng,r.lng||this.language);if(this.options.saveMissingTo==="fallback"&&W&&W[0])for(let Z=0;Z<W.length;Z++)V.push(W[Z]);else this.options.saveMissingTo==="all"?V=this.languageUtils.toResolveHierarchy(r.lng||this.language):V.push(r.lng||this.language);const ne=(Z,te,K)=>{const ke=b&&K!==g?K:B;this.options.missingKeyHandler?this.options.missingKeyHandler(Z,d,te,ke,M,r):this.backendConnector?.saveMissing&&this.backendConnector.saveMissing(Z,d,te,ke,M,r),this.emit("missingKey",Z,d,te,g)};this.options.saveMissing&&(this.options.saveMissingPlurals&&A?V.forEach(Z=>{const te=this.pluralResolver.getSuffixes(Z,r);$&&r[`defaultValue${this.options.pluralSeparator}zero`]&&te.indexOf(`${this.options.pluralSeparator}zero`)<0&&te.push(`${this.options.pluralSeparator}zero`),te.forEach(K=>{ne([Z],c+K,r[`defaultValue${K}`]||z)})}):ne(V,c,z))}g=this.extendTranslation(g,t,r,h,i),O&&g===c&&this.options.appendNamespaceToMissingKey&&(g=`${d}${u}${c}`),(O||R)&&this.options.parseMissingKeyHandler&&(g=this.options.parseMissingKeyHandler(this.options.appendNamespaceToMissingKey?`${d}${u}${c}`:c,R?g:void 0,r))}return o?(h.res=g,h.usedParams=this.getUsedParamsDetails(r),h):g}extendTranslation(t,n,i,r,o){if(this.i18nFormat?.parse)t=this.i18nFormat.parse(t,{...this.options.interpolation.defaultVariables,...i},i.lng||this.language||r.usedLng,r.usedNS,r.usedKey,{resolved:r});else if(!i.skipInterpolation){i.interpolation&&this.interpolator.init({...i,interpolation:{...this.options.interpolation,...i.interpolation}});const l=Ie(t)&&(i?.interpolation?.skipOnVariables!==void 0?i.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables);let d;if(l){const p=t.match(this.interpolator.nestingRegexp);d=p&&p.length}let u=i.replace&&!Ie(i.replace)?i.replace:i;if(this.options.interpolation.defaultVariables&&(u={...this.options.interpolation.defaultVariables,...u}),t=this.interpolator.interpolate(t,u,i.lng||this.language||r.usedLng,i),l){const p=t.match(this.interpolator.nestingRegexp),f=p&&p.length;d<f&&(i.nest=!1)}!i.lng&&r&&r.res&&(i.lng=this.language||r.usedLng),i.nest!==!1&&(t=this.interpolator.nest(t,(...p)=>o?.[0]===p[0]&&!i.context?(this.logger.warn(`It seems you are nesting recursively key: ${p[0]} in key: ${n[0]}`),null):this.translate(...p,n),i)),i.interpolation&&this.interpolator.reset()}const a=i.postProcess||this.options.postProcess,c=Ie(a)?[a]:a;return t!=null&&c?.length&&i.applyPostProcessor!==!1&&(t=IC.handle(c,t,n,this.options&&this.options.postProcessPassResolved?{i18nResolved:{...r,usedParams:this.getUsedParamsDetails(i)},...i}:i,this)),t}resolve(t,n={}){let i,r,o,a,c;return Ie(t)&&(t=[t]),Array.isArray(t)&&(t=t.map(l=>typeof l=="function"?Sa(l,{...this.options,...n}):l)),t.forEach(l=>{if(this.isValidLookup(i))return;const d=this.extractFromKey(l,n),u=d.key;r=u;let p=d.namespaces;this.options.fallbackNS&&(p=p.concat(this.options.fallbackNS));const f=n.count!==void 0&&!Ie(n.count),h=f&&!n.ordinal&&n.count===0,g=n.context!==void 0&&(Ie(n.context)||typeof n.context=="number")&&n.context!=="",m=n.lngs?n.lngs:this.languageUtils.toResolveHierarchy(n.lng||this.language,n.fallbackLng);p.forEach(_=>{this.isValidLookup(i)||(c=_,!dA[`${m[0]}-${_}`]&&this.utils?.hasLoadedNamespace&&!this.utils?.hasLoadedNamespace(c)&&(dA[`${m[0]}-${_}`]=!0,this.logger.warn(`key "${r}" for languages "${m.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")),m.forEach(w=>{if(this.isValidLookup(i))return;a=w;const y=[u];if(this.i18nFormat?.addLookupKeys)this.i18nFormat.addLookupKeys(y,u,w,_,n);else{let A;f&&(A=this.pluralResolver.getSuffix(w,n.count,n));const b=`${this.options.pluralSeparator}zero`,k=`${this.options.pluralSeparator}ordinal${this.options.pluralSeparator}`;if(f&&(n.ordinal&&A.indexOf(k)===0&&y.push(u+A.replace(k,this.options.pluralSeparator)),y.push(u+A),h&&y.push(u+b)),g){const C=`${u}${this.options.contextSeparator||"_"}${n.context}`;y.push(C),f&&(n.ordinal&&A.indexOf(k)===0&&y.push(C+A.replace(k,this.options.pluralSeparator)),y.push(C+A),h&&y.push(C+b))}}let v;for(;v=y.pop();)this.isValidLookup(i)||(o=v,i=this.getResource(w,_,v,n))}))})}),{res:i,usedKey:r,exactUsedKey:o,usedLng:a,usedNS:c}}isValidLookup(t){return t!==void 0&&!(!this.options.returnNull&&t===null)&&!(!this.options.returnEmptyString&&t==="")}getResource(t,n,i,r={}){return this.i18nFormat?.getResource?this.i18nFormat.getResource(t,n,i,r):this.resourceStore.getResource(t,n,i,r)}getUsedParamsDetails(t={}){const n=["defaultValue","ordinal","context","replace","lng","lngs","fallbackLng","ns","keySeparator","nsSeparator","returnObjects","returnDetails","joinArrays","postProcess","interpolation"],i=t.replace&&!Ie(t.replace);let r=i?t.replace:t;if(i&&typeof t.count<"u"&&(r.count=t.count),this.options.interpolation.defaultVariables&&(r={...this.options.interpolation.defaultVariables,...r}),!i){r={...r};for(const o of n)delete r[o]}return r}static hasDefaultValue(t){const n="defaultValue";for(const i in t)if(Object.prototype.hasOwnProperty.call(t,i)&&n===i.substring(0,n.length)&&t[i]!==void 0)return!0;return!1}}class uA{constructor(t){this.options=t,this.supportedLngs=this.options.supportedLngs||!1,this.logger=Pi.create("languageUtils")}getScriptPartFromCode(t){if(t=Zl(t),!t||t.indexOf("-")<0)return null;const n=t.split("-");return n.length===2||(n.pop(),n[n.length-1].toLowerCase()==="x")?null:this.formatLanguageCode(n.join("-"))}getLanguagePartFromCode(t){if(t=Zl(t),!t||t.indexOf("-")<0)return t;const n=t.split("-");return this.formatLanguageCode(n[0])}formatLanguageCode(t){if(Ie(t)&&t.indexOf("-")>-1){let n;try{n=Intl.getCanonicalLocales(t)[0]}catch{}return n&&this.options.lowerCaseLng&&(n=n.toLowerCase()),n||(this.options.lowerCaseLng?t.toLowerCase():t)}return this.options.cleanCode||this.options.lowerCaseLng?t.toLowerCase():t}isSupportedCode(t){return(this.options.load==="languageOnly"||this.options.nonExplicitSupportedLngs)&&(t=this.getLanguagePartFromCode(t)),!this.supportedLngs||!this.supportedLngs.length||this.supportedLngs.indexOf(t)>-1}getBestMatchFromCodes(t){if(!t)return null;let n;return t.forEach(i=>{if(n)return;const r=this.formatLanguageCode(i);(!this.options.supportedLngs||this.isSupportedCode(r))&&(n=r)}),!n&&this.options.supportedLngs&&t.forEach(i=>{if(n)return;const r=this.getScriptPartFromCode(i);if(this.isSupportedCode(r))return n=r;const o=this.getLanguagePartFromCode(i);if(this.isSupportedCode(o))return n=o;n=this.options.supportedLngs.find(a=>{if(a===o)return a;if(!(a.indexOf("-")<0&&o.indexOf("-")<0)&&(a.indexOf("-")>0&&o.indexOf("-")<0&&a.substring(0,a.indexOf("-"))===o||a.indexOf(o)===0&&o.length>1))return a})}),n||(n=this.getFallbackCodes(this.options.fallbackLng)[0]),n}getFallbackCodes(t,n){if(!t)return[];if(typeof t=="function"&&(t=t(n)),Ie(t)&&(t=[t]),Array.isArray(t))return t;if(!n)return t.default||[];let i=t[n];return i||(i=t[this.getScriptPartFromCode(n)]),i||(i=t[this.formatLanguageCode(n)]),i||(i=t[this.getLanguagePartFromCode(n)]),i||(i=t.default),i||[]}toResolveHierarchy(t,n){const i=this.getFallbackCodes((n===!1?[]:n)||this.options.fallbackLng||[],t),r=[],o=a=>{a&&(this.isSupportedCode(a)?r.push(a):this.logger.warn(`rejecting language code not found in supportedLngs: ${a}`))};return Ie(t)&&(t.indexOf("-")>-1||t.indexOf("_")>-1)?(this.options.load!=="languageOnly"&&o(this.formatLanguageCode(t)),this.options.load!=="languageOnly"&&this.options.load!=="currentOnly"&&o(this.getScriptPartFromCode(t)),this.options.load!=="currentOnly"&&o(this.getLanguagePartFromCode(t))):Ie(t)&&o(this.formatLanguageCode(t)),i.forEach(a=>{r.indexOf(a)<0&&o(this.formatLanguageCode(a))}),r}}const pA={zero:0,one:1,two:2,few:3,many:4,other:5},fA={select:e=>e===1?"one":"other",resolvedOptions:()=>({pluralCategories:["one","other"]})};class UF{constructor(t,n={}){this.languageUtils=t,this.options=n,this.logger=Pi.create("pluralResolver"),this.pluralRulesCache={}}clearCache(){this.pluralRulesCache={}}getRule(t,n={}){const i=Zl(t==="dev"?"en":t),r=n.ordinal?"ordinal":"cardinal",o=JSON.stringify({cleanedCode:i,type:r});if(o in this.pluralRulesCache)return this.pluralRulesCache[o];let a;try{a=new Intl.PluralRules(i,{type:r})}catch{if(typeof Intl>"u")return this.logger.error("No Intl support, please use an Intl polyfill!"),fA;if(!t.match(/-|_/))return fA;const l=this.languageUtils.getLanguagePartFromCode(t);a=this.getRule(l,n)}return this.pluralRulesCache[o]=a,a}needsPlural(t,n={}){let i=this.getRule(t,n);return i||(i=this.getRule("dev",n)),i?.resolvedOptions().pluralCategories.length>1}getPluralFormsOfKey(t,n,i={}){return this.getSuffixes(t,i).map(r=>`${n}${r}`)}getSuffixes(t,n={}){let i=this.getRule(t,n);return i||(i=this.getRule("dev",n)),i?i.resolvedOptions().pluralCategories.sort((r,o)=>pA[r]-pA[o]).map(r=>`${this.options.prepend}${n.ordinal?`ordinal${this.options.prepend}`:""}${r}`):[]}getSuffix(t,n,i={}){const r=this.getRule(t,i);return r?`${this.options.prepend}${i.ordinal?`ordinal${this.options.prepend}`:""}${r.select(n)}`:(this.logger.warn(`no plural rule found for: ${t}`),this.getSuffix("dev",n,i))}}const hA=(e,t,n,i=".",r=!0)=>{let o=PF(e,t,n);return!o&&r&&Ie(n)&&(o=Sy(e,n,i),o===void 0&&(o=Sy(t,n,i))),o},am=e=>e.replace(/\$/g,"$$$$");class gA{constructor(t={}){this.logger=Pi.create("interpolator"),this.options=t,this.format=t?.interpolation?.format||(n=>n),this.init(t)}init(t={}){t.interpolation||(t.interpolation={escapeValue:!0});const{escape:n,escapeValue:i,useRawValueToEscape:r,prefix:o,prefixEscaped:a,suffix:c,suffixEscaped:l,formatSeparator:d,unescapeSuffix:u,unescapePrefix:p,nestingPrefix:f,nestingPrefixEscaped:h,nestingSuffix:g,nestingSuffixEscaped:m,nestingOptionsSeparator:_,maxReplaces:w,alwaysFormat:y}=t.interpolation;this.escape=n!==void 0?n:OF,this.escapeValue=i!==void 0?i:!0,this.useRawValueToEscape=r!==void 0?r:!1,this.prefix=o?Ao(o):a||"{{",this.suffix=c?Ao(c):l||"}}",this.formatSeparator=d||",",this.unescapePrefix=u?"":p||"-",this.unescapeSuffix=this.unescapePrefix?"":u||"",this.nestingPrefix=f?Ao(f):h||Ao("$t("),this.nestingSuffix=g?Ao(g):m||Ao(")"),this.nestingOptionsSeparator=_||",",this.maxReplaces=w||1e3,this.alwaysFormat=y!==void 0?y:!1,this.resetRegExp()}reset(){this.options&&this.init(this.options)}resetRegExp(){const t=(n,i)=>n?.source===i?(n.lastIndex=0,n):new RegExp(i,"g");this.regexp=t(this.regexp,`${this.prefix}(.+?)${this.suffix}`),this.regexpUnescape=t(this.regexpUnescape,`${this.prefix}${this.unescapePrefix}(.+?)${this.unescapeSuffix}${this.suffix}`),this.nestingRegexp=t(this.nestingRegexp,`${this.nestingPrefix}((?:[^()"']+|"[^"]*"|'[^']*'|\\((?:[^()]|"[^"]*"|'[^']*')*\\))*?)${this.nestingSuffix}`)}interpolate(t,n,i,r){let o,a,c;const l=this.options&&this.options.interpolation&&this.options.interpolation.defaultVariables||{},d=h=>{if(h.indexOf(this.formatSeparator)<0){const w=hA(n,l,h,this.options.keySeparator,this.options.ignoreJSONStructure);return this.alwaysFormat?this.format(w,void 0,i,{...r,...n,interpolationkey:h}):w}const g=h.split(this.formatSeparator),m=g.shift().trim(),_=g.join(this.formatSeparator).trim();return this.format(hA(n,l,m,this.options.keySeparator,this.options.ignoreJSONStructure),_,i,{...r,...n,interpolationkey:m})};this.resetRegExp();const u=r?.missingInterpolationHandler||this.options.missingInterpolationHandler,p=r?.interpolation?.skipOnVariables!==void 0?r.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables;return[{regex:this.regexpUnescape,safeValue:h=>am(h)},{regex:this.regexp,safeValue:h=>this.escapeValue?am(this.escape(h)):am(h)}].forEach(h=>{for(c=0;o=h.regex.exec(t);){const g=o[1].trim();if(a=d(g),a===void 0)if(typeof u=="function"){const _=u(t,o,r);a=Ie(_)?_:""}else if(r&&Object.prototype.hasOwnProperty.call(r,g))a="";else if(p){a=o[0];continue}else this.logger.warn(`missed to pass in variable ${g} for interpolating ${t}`),a="";else!Ie(a)&&!this.useRawValueToEscape&&(a=oA(a));const m=h.safeValue(a);if(t=t.replace(o[0],m),p?(h.regex.lastIndex+=a.length,h.regex.lastIndex-=o[0].length):h.regex.lastIndex=0,c++,c>=this.maxReplaces)break}}),t}nest(t,n,i={}){let r,o,a;const c=(l,d)=>{const u=this.nestingOptionsSeparator;if(l.indexOf(u)<0)return l;const p=l.split(new RegExp(`${Ao(u)}[ ]*{`));let f=`{${p[1]}`;l=p[0],f=this.interpolate(f,a);const h=f.match(/'/g),g=f.match(/"/g);((h?.length??0)%2===0&&!g||(g?.length??0)%2!==0)&&(f=f.replace(/'/g,'"'));try{a=JSON.parse(f),d&&(a={...d,...a})}catch(m){return this.logger.warn(`failed parsing options string in nesting for key ${l}`,m),`${l}${u}${f}`}return a.defaultValue&&a.defaultValue.indexOf(this.prefix)>-1&&delete a.defaultValue,l};for(;r=this.nestingRegexp.exec(t);){let l=[];a={...i},a=a.replace&&!Ie(a.replace)?a.replace:a,a.applyPostProcessor=!1,delete a.defaultValue;const d=/{.*}/.test(r[1])?r[1].lastIndexOf("}")+1:r[1].indexOf(this.formatSeparator);if(d!==-1&&(l=r[1].slice(d).split(this.formatSeparator).map(u=>u.trim()).filter(Boolean),r[1]=r[1].slice(0,d)),o=n(c.call(this,r[1].trim(),a),a),o&&r[0]===t&&!Ie(o))return o;Ie(o)||(o=oA(o)),o||(this.logger.warn(`missed to resolve ${r[1]} for nesting ${t}`),o=""),l.length&&(o=l.reduce((u,p)=>this.format(u,p,i.lng,{...i,interpolationkey:r[1].trim()}),o.trim())),t=t.replace(r[0],o),this.regexp.lastIndex=0}return t}}const qF=e=>{let t=e.toLowerCase().trim();const n={};if(e.indexOf("(")>-1){const i=e.split("(");t=i[0].toLowerCase().trim();const r=i[1].substring(0,i[1].length-1);t==="currency"&&r.indexOf(":")<0?n.currency||(n.currency=r.trim()):t==="relativetime"&&r.indexOf(":")<0?n.range||(n.range=r.trim()):r.split(";").forEach(a=>{if(a){const[c,...l]=a.split(":"),d=l.join(":").trim().replace(/^'+|'+$/g,""),u=c.trim();n[u]||(n[u]=d),d==="false"&&(n[u]=!1),d==="true"&&(n[u]=!0),isNaN(d)||(n[u]=parseInt(d,10))}})}return{formatName:t,formatOptions:n}},mA=e=>{const t={};return(n,i,r)=>{let o=r;r&&r.interpolationkey&&r.formatParams&&r.formatParams[r.interpolationkey]&&r[r.interpolationkey]&&(o={...o,[r.interpolationkey]:void 0});const a=i+JSON.stringify(o);let c=t[a];return c||(c=e(Zl(i),r),t[a]=c),c(n)}},HF=e=>(t,n,i)=>e(Zl(n),i)(t);class VF{constructor(t={}){this.logger=Pi.create("formatter"),this.options=t,this.init(t)}init(t,n={interpolation:{}}){this.formatSeparator=n.interpolation.formatSeparator||",";const i=n.cacheInBuiltFormats?mA:HF;this.formats={number:i((r,o)=>{const a=new Intl.NumberFormat(r,{...o});return c=>a.format(c)}),currency:i((r,o)=>{const a=new Intl.NumberFormat(r,{...o,style:"currency"});return c=>a.format(c)}),datetime:i((r,o)=>{const a=new Intl.DateTimeFormat(r,{...o});return c=>a.format(c)}),relativetime:i((r,o)=>{const a=new Intl.RelativeTimeFormat(r,{...o});return c=>a.format(c,o.range||"day")}),list:i((r,o)=>{const a=new Intl.ListFormat(r,{...o});return c=>a.format(c)})}}add(t,n){this.formats[t.toLowerCase().trim()]=n}addCached(t,n){this.formats[t.toLowerCase().trim()]=mA(n)}format(t,n,i,r={}){const o=n.split(this.formatSeparator);if(o.length>1&&o[0].indexOf("(")>1&&o[0].indexOf(")")<0&&o.find(c=>c.indexOf(")")>-1)){const c=o.findIndex(l=>l.indexOf(")")>-1);o[0]=[o[0],...o.splice(1,c)].join(this.formatSeparator)}return o.reduce((c,l)=>{const{formatName:d,formatOptions:u}=qF(l);if(this.formats[d]){let p=c;try{const f=r?.formatParams?.[r.interpolationkey]||{},h=f.locale||f.lng||r.locale||r.lng||i;p=this.formats[d](c,h,{...u,...r,...f})}catch(f){this.logger.warn(f)}return p}else this.logger.warn(`there was no format function for ${d}`);return c},t)}}const KF=(e,t)=>{e.pending[t]!==void 0&&(delete e.pending[t],e.pendingCount--)};class GF extends bh{constructor(t,n,i,r={}){super(),this.backend=t,this.store=n,this.services=i,this.languageUtils=i.languageUtils,this.options=r,this.logger=Pi.create("backendConnector"),this.waitingReads=[],this.maxParallelReads=r.maxParallelReads||10,this.readingCalls=0,this.maxRetries=r.maxRetries>=0?r.maxRetries:5,this.retryTimeout=r.retryTimeout>=1?r.retryTimeout:350,this.state={},this.queue=[],this.backend?.init?.(i,r.backend,r)}queueLoad(t,n,i,r){const o={},a={},c={},l={};return t.forEach(d=>{let u=!0;n.forEach(p=>{const f=`${d}|${p}`;!i.reload&&this.store.hasResourceBundle(d,p)?this.state[f]=2:this.state[f]<0||(this.state[f]===1?a[f]===void 0&&(a[f]=!0):(this.state[f]=1,u=!1,a[f]===void 0&&(a[f]=!0),o[f]===void 0&&(o[f]=!0),l[p]===void 0&&(l[p]=!0)))}),u||(c[d]=!0)}),(Object.keys(o).length||Object.keys(a).length)&&this.queue.push({pending:a,pendingCount:Object.keys(a).length,loaded:{},errors:[],callback:r}),{toLoad:Object.keys(o),pending:Object.keys(a),toLoadLanguages:Object.keys(c),toLoadNamespaces:Object.keys(l)}}loaded(t,n,i){const r=t.split("|"),o=r[0],a=r[1];n&&this.emit("failedLoading",o,a,n),!n&&i&&this.store.addResourceBundle(o,a,i,void 0,void 0,{skipCopy:!0}),this.state[t]=n?-1:2,n&&i&&(this.state[t]=0);const c={};this.queue.forEach(l=>{NF(l.loaded,[o],a),KF(l,t),n&&l.errors.push(n),l.pendingCount===0&&!l.done&&(Object.keys(l.loaded).forEach(d=>{c[d]||(c[d]={});const u=l.loaded[d];u.length&&u.forEach(p=>{c[d][p]===void 0&&(c[d][p]=!0)})}),l.done=!0,l.errors.length?l.callback(l.errors):l.callback())}),this.emit("loaded",c),this.queue=this.queue.filter(l=>!l.done)}read(t,n,i,r=0,o=this.retryTimeout,a){if(!t.length)return a(null,{});if(this.readingCalls>=this.maxParallelReads){this.waitingReads.push({lng:t,ns:n,fcName:i,tried:r,wait:o,callback:a});return}this.readingCalls++;const c=(d,u)=>{if(this.readingCalls--,this.waitingReads.length>0){const p=this.waitingReads.shift();this.read(p.lng,p.ns,p.fcName,p.tried,p.wait,p.callback)}if(d&&u&&r<this.maxRetries){setTimeout(()=>{this.read.call(this,t,n,i,r+1,o*2,a)},o);return}a(d,u)},l=this.backend[i].bind(this.backend);if(l.length===2){try{const d=l(t,n);d&&typeof d.then=="function"?d.then(u=>c(null,u)).catch(c):c(null,d)}catch(d){c(d)}return}return l(t,n,c)}prepareLoading(t,n,i={},r){if(!this.backend)return this.logger.warn("No backend was added via i18next.use. Will not load resources."),r&&r();Ie(t)&&(t=this.languageUtils.toResolveHierarchy(t)),Ie(n)&&(n=[n]);const o=this.queueLoad(t,n,i,r);if(!o.toLoad.length)return o.pending.length||r(),null;o.toLoad.forEach(a=>{this.loadOne(a)})}load(t,n,i){this.prepareLoading(t,n,{},i)}reload(t,n,i){this.prepareLoading(t,n,{reload:!0},i)}loadOne(t,n=""){const i=t.split("|"),r=i[0],o=i[1];this.read(r,o,"read",void 0,void 0,(a,c)=>{a&&this.logger.warn(`${n}loading namespace ${o} for language ${r} failed`,a),!a&&c&&this.logger.log(`${n}loaded namespace ${o} for language ${r}`,c),this.loaded(t,a,c)})}saveMissing(t,n,i,r,o,a={},c=()=>{}){if(this.services?.utils?.hasLoadedNamespace&&!this.services?.utils?.hasLoadedNamespace(n)){this.logger.warn(`did not save key "${i}" as the namespace "${n}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!");return}if(!(i==null||i==="")){if(this.backend?.create){const l={...a,isUpdate:o},d=this.backend.create.bind(this.backend);if(d.length<6)try{let u;d.length===5?u=d(t,n,i,r,l):u=d(t,n,i,r),u&&typeof u.then=="function"?u.then(p=>c(null,p)).catch(c):c(null,u)}catch(u){c(u)}else d(t,n,i,r,c,l)}!t||!t[0]||this.store.addResource(t[0],n,i,r)}}}const cm=()=>({debug:!1,initAsync:!0,ns:["translation"],defaultNS:["translation"],fallbackLng:["dev"],fallbackNS:!1,supportedLngs:!1,nonExplicitSupportedLngs:!1,load:"all",preload:!1,simplifyPluralSuffix:!0,keySeparator:".",nsSeparator:":",pluralSeparator:"_",contextSeparator:"_",partialBundledLanguages:!1,saveMissing:!1,updateMissing:!1,saveMissingTo:"fallback",saveMissingPlurals:!0,missingKeyHandler:!1,missingInterpolationHandler:!1,postProcess:!1,postProcessPassResolved:!1,returnNull:!1,returnEmptyString:!0,returnObjects:!1,joinArrays:!1,returnedObjectHandler:!1,parseMissingKeyHandler:!1,appendNamespaceToMissingKey:!1,appendNamespaceToCIMode:!1,overloadTranslationOptionHandler:e=>{let t={};if(typeof e[1]=="object"&&(t=e[1]),Ie(e[1])&&(t.defaultValue=e[1]),Ie(e[2])&&(t.tDescription=e[2]),typeof e[2]=="object"||typeof e[3]=="object"){const n=e[3]||e[2];Object.keys(n).forEach(i=>{t[i]=n[i]})}return t},interpolation:{escapeValue:!0,format:e=>e,prefix:"{{",suffix:"}}",formatSeparator:",",unescapePrefix:"-",nestingPrefix:"$t(",nestingSuffix:")",nestingOptionsSeparator:",",maxReplaces:1e3,skipOnVariables:!0},cacheInBuiltFormats:!0}),yA=e=>(Ie(e.ns)&&(e.ns=[e.ns]),Ie(e.fallbackLng)&&(e.fallbackLng=[e.fallbackLng]),Ie(e.fallbackNS)&&(e.fallbackNS=[e.fallbackNS]),e.supportedLngs?.indexOf?.("cimode")<0&&(e.supportedLngs=e.supportedLngs.concat(["cimode"])),typeof e.initImmediate=="boolean"&&(e.initAsync=e.initImmediate),e),zu=()=>{},WF=e=>{Object.getOwnPropertyNames(Object.getPrototypeOf(e)).forEach(n=>{typeof e[n]=="function"&&(e[n]=e[n].bind(e))})},zC="__i18next_supportNoticeShown",JF=()=>!!(typeof globalThis<"u"&&globalThis[zC]||typeof process<"u"&&process.env&&process.env.I18NEXT_NO_SUPPORT_NOTICE||typeof process<"u"&&process.env&&process.env.NODE_ENV==="production"),YF=()=>{typeof globalThis<"u"&&(globalThis[zC]=!0)},QF=e=>!!(e?.modules?.backend?.name?.indexOf("Locize")>0||e?.modules?.backend?.constructor?.name?.indexOf("Locize")>0||e?.options?.backend?.backends&&e.options.backend.backends.some(t=>t?.name?.indexOf("Locize")>0||t?.constructor?.name?.indexOf("Locize")>0)||e?.options?.backend?.projectId||e?.options?.backend?.backendOptions&&e.options.backend.backendOptions.some(t=>t?.projectId));class Bl extends bh{constructor(t={},n){if(super(),this.options=yA(t),this.services={},this.logger=Pi,this.modules={external:[]},WF(this),n&&!this.isInitialized&&!t.isClone){if(!this.options.initAsync)return this.init(t,n),this;setTimeout(()=>{this.init(t,n)},0)}}init(t={},n){this.isInitializing=!0,typeof t=="function"&&(n=t,t={}),t.defaultNS==null&&t.ns&&(Ie(t.ns)?t.defaultNS=t.ns:t.ns.indexOf("translation")<0&&(t.defaultNS=t.ns[0]));const i=cm();this.options={...i,...this.options,...yA(t)},this.options.interpolation={...i.interpolation,...this.options.interpolation},t.keySeparator!==void 0&&(this.options.userDefinedKeySeparator=t.keySeparator),t.nsSeparator!==void 0&&(this.options.userDefinedNsSeparator=t.nsSeparator),typeof this.options.overloadTranslationOptionHandler!="function"&&(this.options.overloadTranslationOptionHandler=i.overloadTranslationOptionHandler),this.options.showSupportNotice!==!1&&!QF(this)&&!JF()&&(typeof console<"u"&&typeof console.info<"u"&&console.info("🌐 i18next is made possible by our own product, Locize — consider powering your project with managed localization (AI, CDN, integrations): https://locize.com 💙"),YF());const r=d=>d?typeof d=="function"?new d:d:null;if(!this.options.isClone){this.modules.logger?Pi.init(r(this.modules.logger),this.options):Pi.init(null,this.options);let d;this.modules.formatter?d=this.modules.formatter:d=VF;const u=new uA(this.options);this.store=new lA(this.options.resources,this.options);const p=this.services;p.logger=Pi,p.resourceStore=this.store,p.languageUtils=u,p.pluralResolver=new UF(u,{prepend:this.options.pluralSeparator,simplifyPluralSuffix:this.options.simplifyPluralSuffix}),this.options.interpolation.format&&this.options.interpolation.format!==i.interpolation.format&&this.logger.deprecate("init: you are still using the legacy format function, please use the new approach: https://www.i18next.com/translation-function/formatting"),d&&(!this.options.interpolation.format||this.options.interpolation.format===i.interpolation.format)&&(p.formatter=r(d),p.formatter.init&&p.formatter.init(p,this.options),this.options.interpolation.format=p.formatter.format.bind(p.formatter)),p.interpolator=new gA(this.options),p.utils={hasLoadedNamespace:this.hasLoadedNamespace.bind(this)},p.backendConnector=new GF(r(this.modules.backend),p.resourceStore,p,this.options),p.backendConnector.on("*",(h,...g)=>{this.emit(h,...g)}),this.modules.languageDetector&&(p.languageDetector=r(this.modules.languageDetector),p.languageDetector.init&&p.languageDetector.init(p,this.options.detection,this.options)),this.modules.i18nFormat&&(p.i18nFormat=r(this.modules.i18nFormat),p.i18nFormat.init&&p.i18nFormat.init(this)),this.translator=new Np(this.services,this.options),this.translator.on("*",(h,...g)=>{this.emit(h,...g)}),this.modules.external.forEach(h=>{h.init&&h.init(this)})}if(this.format=this.options.interpolation.format,n||(n=zu),this.options.fallbackLng&&!this.services.languageDetector&&!this.options.lng){const d=this.services.languageUtils.getFallbackCodes(this.options.fallbackLng);d.length>0&&d[0]!=="dev"&&(this.options.lng=d[0])}!this.services.languageDetector&&!this.options.lng&&this.logger.warn("init: no languageDetector is used and no lng is defined"),["getResource","hasResourceBundle","getResourceBundle","getDataByLanguage"].forEach(d=>{this[d]=(...u)=>this.store[d](...u)}),["addResource","addResources","addResourceBundle","removeResourceBundle"].forEach(d=>{this[d]=(...u)=>(this.store[d](...u),this)});const c=qc(),l=()=>{const d=(u,p)=>{this.isInitializing=!1,this.isInitialized&&!this.initializedStoreOnce&&this.logger.warn("init: i18next is already initialized. You should call init just once!"),this.isInitialized=!0,this.options.isClone||this.logger.log("initialized",this.options),this.emit("initialized",this.options),c.resolve(p),n(u,p)};if(this.languages&&!this.isInitialized)return d(null,this.t.bind(this));this.changeLanguage(this.options.lng,d)};return this.options.resources||!this.options.initAsync?l():setTimeout(l,0),c}loadResources(t,n=zu){let i=n;const r=Ie(t)?t:this.language;if(typeof t=="function"&&(i=t),!this.options.resources||this.options.partialBundledLanguages){if(r?.toLowerCase()==="cimode"&&(!this.options.preload||this.options.preload.length===0))return i();const o=[],a=c=>{if(!c||c==="cimode")return;this.services.languageUtils.toResolveHierarchy(c).forEach(d=>{d!=="cimode"&&o.indexOf(d)<0&&o.push(d)})};r?a(r):this.services.languageUtils.getFallbackCodes(this.options.fallbackLng).forEach(l=>a(l)),this.options.preload?.forEach?.(c=>a(c)),this.services.backendConnector.load(o,this.options.ns,c=>{!c&&!this.resolvedLanguage&&this.language&&this.setResolvedLanguage(this.language),i(c)})}else i(null)}reloadResources(t,n,i){const r=qc();return typeof t=="function"&&(i=t,t=void 0),typeof n=="function"&&(i=n,n=void 0),t||(t=this.languages),n||(n=this.options.ns),i||(i=zu),this.services.backendConnector.reload(t,n,o=>{r.resolve(),i(o)}),r}use(t){if(!t)throw new Error("You are passing an undefined module! Please check the object you are passing to i18next.use()");if(!t.type)throw new Error("You are passing a wrong module! Please check the object you are passing to i18next.use()");return t.type==="backend"&&(this.modules.backend=t),(t.type==="logger"||t.log&&t.warn&&t.error)&&(this.modules.logger=t),t.type==="languageDetector"&&(this.modules.languageDetector=t),t.type==="i18nFormat"&&(this.modules.i18nFormat=t),t.type==="postProcessor"&&IC.addPostProcessor(t),t.type==="formatter"&&(this.modules.formatter=t),t.type==="3rdParty"&&this.modules.external.push(t),this}setResolvedLanguage(t){if(!(!t||!this.languages)&&!(["cimode","dev"].indexOf(t)>-1)){for(let n=0;n<this.languages.length;n++){const i=this.languages[n];if(!(["cimode","dev"].indexOf(i)>-1)&&this.store.hasLanguageSomeTranslations(i)){this.resolvedLanguage=i;break}}!this.resolvedLanguage&&this.languages.indexOf(t)<0&&this.store.hasLanguageSomeTranslations(t)&&(this.resolvedLanguage=t,this.languages.unshift(t))}}changeLanguage(t,n){this.isLanguageChangingTo=t;const i=qc();this.emit("languageChanging",t);const r=c=>{this.language=c,this.languages=this.services.languageUtils.toResolveHierarchy(c),this.resolvedLanguage=void 0,this.setResolvedLanguage(c)},o=(c,l)=>{l?this.isLanguageChangingTo===t&&(r(l),this.translator.changeLanguage(l),this.isLanguageChangingTo=void 0,this.emit("languageChanged",l),this.logger.log("languageChanged",l)):this.isLanguageChangingTo=void 0,i.resolve((...d)=>this.t(...d)),n&&n(c,(...d)=>this.t(...d))},a=c=>{!t&&!c&&this.services.languageDetector&&(c=[]);const l=Ie(c)?c:c&&c[0],d=this.store.hasLanguageSomeTranslations(l)?l:this.services.languageUtils.getBestMatchFromCodes(Ie(c)?[c]:c);d&&(this.language||r(d),this.translator.language||this.translator.changeLanguage(d),this.services.languageDetector?.cacheUserLanguage?.(d)),this.loadResources(d,u=>{o(u,d)})};return!t&&this.services.languageDetector&&!this.services.languageDetector.async?a(this.services.languageDetector.detect()):!t&&this.services.languageDetector&&this.services.languageDetector.async?this.services.languageDetector.detect.length===0?this.services.languageDetector.detect().then(a):this.services.languageDetector.detect(a):a(t),i}getFixedT(t,n,i){const r=(o,a,...c)=>{let l;typeof a!="object"?l=this.options.overloadTranslationOptionHandler([o,a].concat(c)):l={...a},l.lng=l.lng||r.lng,l.lngs=l.lngs||r.lngs,l.ns=l.ns||r.ns,l.keyPrefix!==""&&(l.keyPrefix=l.keyPrefix||i||r.keyPrefix);const d={...this.options,...l};typeof l.keyPrefix=="function"&&(l.keyPrefix=Sa(l.keyPrefix,d));const u=this.options.keySeparator||".";let p;return l.keyPrefix&&Array.isArray(o)?p=o.map(f=>(typeof f=="function"&&(f=Sa(f,d)),`${l.keyPrefix}${u}${f}`)):(typeof o=="function"&&(o=Sa(o,d)),p=l.keyPrefix?`${l.keyPrefix}${u}${o}`:o),this.t(p,l)};return Ie(t)?r.lng=t:r.lngs=t,r.ns=n,r.keyPrefix=i,r}t(...t){return this.translator?.translate(...t)}exists(...t){return this.translator?.exists(...t)}setDefaultNamespace(t){this.options.defaultNS=t}hasLoadedNamespace(t,n={}){if(!this.isInitialized)return this.logger.warn("hasLoadedNamespace: i18next was not initialized",this.languages),!1;if(!this.languages||!this.languages.length)return this.logger.warn("hasLoadedNamespace: i18n.languages were undefined or empty",this.languages),!1;const i=n.lng||this.resolvedLanguage||this.languages[0],r=this.options?this.options.fallbackLng:!1,o=this.languages[this.languages.length-1];if(i.toLowerCase()==="cimode")return!0;const a=(c,l)=>{const d=this.services.backendConnector.state[`${c}|${l}`];return d===-1||d===0||d===2};if(n.precheck){const c=n.precheck(this,a);if(c!==void 0)return c}return!!(this.hasResourceBundle(i,t)||!this.services.backendConnector.backend||this.options.resources&&!this.options.partialBundledLanguages||a(i,t)&&(!r||a(o,t)))}loadNamespaces(t,n){const i=qc();return this.options.ns?(Ie(t)&&(t=[t]),t.forEach(r=>{this.options.ns.indexOf(r)<0&&this.options.ns.push(r)}),this.loadResources(r=>{i.resolve(),n&&n(r)}),i):(n&&n(),Promise.resolve())}loadLanguages(t,n){const i=qc();Ie(t)&&(t=[t]);const r=this.options.preload||[],o=t.filter(a=>r.indexOf(a)<0&&this.services.languageUtils.isSupportedCode(a));return o.length?(this.options.preload=r.concat(o),this.loadResources(a=>{i.resolve(),n&&n(a)}),i):(n&&n(),Promise.resolve())}dir(t){if(t||(t=this.resolvedLanguage||(this.languages?.length>0?this.languages[0]:this.language)),!t)return"rtl";try{const r=new Intl.Locale(t);if(r&&r.getTextInfo){const o=r.getTextInfo();if(o&&o.direction)return o.direction}}catch{}const n=["ar","shu","sqr","ssh","xaa","yhd","yud","aao","abh","abv","acm","acq","acw","acx","acy","adf","ads","aeb","aec","afb","ajp","apc","apd","arb","arq","ars","ary","arz","auz","avl","ayh","ayl","ayn","ayp","bbz","pga","he","iw","ps","pbt","pbu","pst","prp","prd","ug","ur","ydd","yds","yih","ji","yi","hbo","men","xmn","fa","jpr","peo","pes","prs","dv","sam","ckb"],i=this.services?.languageUtils||new uA(cm());return t.toLowerCase().indexOf("-latn")>1?"ltr":n.indexOf(i.getLanguagePartFromCode(t))>-1||t.toLowerCase().indexOf("-arab")>1?"rtl":"ltr"}static createInstance(t={},n){const i=new Bl(t,n);return i.createInstance=Bl.createInstance,i}cloneInstance(t={},n=zu){const i=t.forkResourceStore;i&&delete t.forkResourceStore;const r={...this.options,...t,isClone:!0},o=new Bl(r);if((t.debug!==void 0||t.prefix!==void 0)&&(o.logger=o.logger.clone(t)),["store","services","language"].forEach(c=>{o[c]=this[c]}),o.services={...this.services},o.services.utils={hasLoadedNamespace:o.hasLoadedNamespace.bind(o)},i){const c=Object.keys(this.store.data).reduce((l,d)=>(l[d]={...this.store.data[d]},l[d]=Object.keys(l[d]).reduce((u,p)=>(u[p]={...l[d][p]},u),l[d]),l),{});o.store=new lA(c,r),o.services.resourceStore=o.store}if(t.interpolation){const l={...cm().interpolation,...this.options.interpolation,...t.interpolation},d={...r,interpolation:l};o.services.interpolator=new gA(d)}return o.translator=new Np(o.services,r),o.translator.on("*",(c,...l)=>{o.emit(c,...l)}),o.init(r,n),o.translator.options=r,o.translator.backendConnector.services.utils={hasLoadedNamespace:o.hasLoadedNamespace.bind(o)},o}toJSON(){return{options:this.options,store:this.store,language:this.language,languages:this.languages,resolvedLanguage:this.resolvedLanguage}}}const U=Bl.createInstance();U.createInstance;U.dir;U.init;U.loadResources;U.reloadResources;U.use;U.changeLanguage;U.getFixedT;const ee=U.t;U.exists;U.setDefaultNamespace;U.hasLoadedNamespace;U.loadNamespaces;U.loadLanguages;const qn=s.z.object({created_at:s.z.string(),updated_at:s.z.string()}),Yw=s.z.object({id:s.z.string(),version:s.z.string().optional()}),Qw=s.z.object({name:s.z.string(),version:s.z.string()}),Zw=s.z.object({name:s.z.string(),value:s.z.string().optional()}),Xl=s.z.object({name:s.z.string().max(255),code:s.z.string().max(1e5),supported_triggers:s.z.array(Yw).optional(),runtime:s.z.string().max(50).optional(),dependencies:s.z.array(Qw).optional(),secrets:s.z.array(Zw).optional(),is_system:s.z.boolean().optional(),inherit:s.z.boolean().optional()}),ZF=Xl.partial().extend({status:s.z.enum(["draft","built"]).optional(),deployed_at:s.z.string().optional()}),ir=Xl.extend({id:s.z.string(),tenant_id:s.z.string(),status:s.z.enum(["draft","built"]).default("built"),deployed_at:s.z.string().optional(),secrets:s.z.array(s.z.object({name:s.z.string(),value:s.z.string().optional()})).optional(),...qn.shape}),NC=s.z.string(),Xw=s.z.enum(["unspecified","pending","final","partial","canceled","suspended"]),PC=s.z.object({id:s.z.string(),msg:s.z.string(),url:s.z.string().optional()}),ev=s.z.object({action_name:s.z.string(),error:PC.nullable(),started_at:s.z.string(),ended_at:s.z.string()}),FC=s.z.object({level:s.z.enum(["log","info","warn","error","debug"]),message:s.z.string()}),tv=s.z.array(s.z.object({action_name:s.z.string(),lines:s.z.array(FC)})),OC=s.z.object({id:s.z.string(),tenant_id:s.z.string(),trigger_id:NC,status:Xw,results:s.z.array(ev),logs:tv.optional(),created_at:s.z.string(),updated_at:s.z.string()}),XF=OC.omit({tenant_id:!0,created_at:!0,updated_at:!0}),RC=s.z.object({action_id:s.z.string(),code:s.z.string().max(1e5),runtime:s.z.string().max(50).optional(),dependencies:s.z.array(Qw).optional(),secrets:s.z.array(Zw).optional(),supported_triggers:s.z.array(Yw).optional(),deployed:s.z.boolean().default(!0)}),Ah=RC.extend({id:s.z.string(),tenant_id:s.z.string(),number:s.z.number().int(),...qn.shape}),jC=s.z.enum(["user_action","admin_action","system","api"]),DC=s.z.object({type:s.z.enum(["user","admin","system","api_key","client_credentials"]),id:s.z.string().optional(),email:s.z.string().optional(),org_id:s.z.string().optional(),org_name:s.z.string().optional(),scopes:s.z.array(s.z.string()).optional(),client_id:s.z.string().optional()}),LC=s.z.object({type:s.z.string(),id:s.z.string(),before:s.z.record(s.z.unknown()).optional(),after:s.z.record(s.z.unknown()).optional(),diff:s.z.record(s.z.object({old:s.z.unknown(),new:s.z.unknown()})).optional()}),BC=s.z.object({method:s.z.string(),path:s.z.string(),query:s.z.record(s.z.string()).optional(),body:s.z.unknown().optional(),ip:s.z.string(),user_agent:s.z.string().optional(),correlation_id:s.z.string().optional()}),MC=s.z.object({status_code:s.z.number(),body:s.z.unknown().optional()}),UC=s.z.object({country_code:s.z.string(),city_name:s.z.string(),latitude:s.z.string(),longitude:s.z.string(),time_zone:s.z.string(),continent_code:s.z.string()}),qC=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.record(s.z.string()).optional()}),HC=s.z.object({tenant_id:s.z.string(),event_type:s.z.string(),log_type:s.z.string(),description:s.z.string().optional(),category:jC,actor:DC,target:LC,request:BC,response:MC.optional(),connection:s.z.string().optional(),strategy:s.z.string().optional(),strategy_type:s.z.string().optional(),audience:s.z.string().optional(),scope:s.z.string().optional(),location:UC.optional(),auth0_client:qC.optional(),hostname:s.z.string(),is_mobile:s.z.boolean().optional(),timestamp:s.z.string()}),VC=HC.extend({id:s.z.string()}),eO=s.z.enum(["AUTH0","EMAIL","REDIRECT"]),tO=s.z.enum(["CREATE_USER","GET_USER","UPDATE_USER","SEND_REQUEST","SEND_EMAIL"]),nO=s.z.enum(["VERIFY_EMAIL"]),KC=s.z.object({require_mx_record:s.z.boolean().optional(),block_aliases:s.z.boolean().optional(),block_free_emails:s.z.boolean().optional(),block_disposable_emails:s.z.boolean().optional(),blocklist:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional()}),GC=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("AUTH0"),action:s.z.literal("UPDATE_USER"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({connection_id:s.z.string().optional(),user_id:s.z.string(),changes:s.z.record(s.z.string(),s.z.any())})}),WC=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("EMAIL"),action:s.z.literal("VERIFY_EMAIL"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({email:s.z.string(),rules:KC.optional()})}),JC=s.z.enum(["change-email","account","custom"]),YC=s.z.object({id:s.z.string(),alias:s.z.string().max(100).optional(),type:s.z.literal("REDIRECT"),action:s.z.literal("REDIRECT_USER"),allow_failure:s.z.boolean().optional(),mask_output:s.z.boolean().optional(),params:s.z.object({target:JC.openapi({description:"The predefined target to redirect to, or 'custom' for a custom URL"}),custom_url:s.z.string().optional().openapi({description:"Custom URL to redirect to when target is 'custom'"})})}),QC=s.z.union([GC,WC,YC]),Pp=s.z.object({name:s.z.string().min(1).max(150).openapi({description:"The name of the flow"}),actions:s.z.array(QC).optional().default([]).openapi({description:"The list of actions to execute in sequence"})}),ua=Pp.extend({...qn.shape,id:s.z.string().openapi({description:"Unique identifier for the flow",example:"af_12tMpdJ3iek7svMyZkSh5M"})}),iO=s.z.object({page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"The page number where 0 is the first page"}),per_page:s.z.string().min(1).optional().default("10").transform(e=>parseInt(e,10)).openapi({description:"The number of items per page"}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"If the total number of items should be included in the response"}),sort:s.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"A property that should have the format 'string:-1' or 'string:1'"}),q:s.z.string().optional().openapi({description:"A lucene query string used to filter the results"})}),Ct=s.z.object({start:s.z.number(),limit:s.z.number(),length:s.z.number(),total:s.z.number().optional()}),ZC=s.z.object({email:s.z.string().optional(),email_verified:s.z.boolean().optional(),name:s.z.string().optional(),username:s.z.string().optional(),given_name:s.z.string().optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),family_name:s.z.string().optional()}).catchall(s.z.any()),Fp=s.z.object({connection:s.z.string(),user_id:s.z.string(),provider:s.z.string(),isSocial:s.z.boolean(),email:s.z.string().optional(),email_verified:s.z.boolean().optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),username:s.z.string().optional(),access_token:s.z.string().optional(),access_token_secret:s.z.string().optional(),refresh_token:s.z.string().optional(),profileData:ZC.optional()}),XC=s.z.object({formatted:s.z.string().optional(),street_address:s.z.string().optional(),locality:s.z.string().optional(),region:s.z.string().optional(),postal_code:s.z.string().optional(),country:s.z.string().optional()}).optional(),kh=s.z.object({email:s.z.string().optional().transform(e=>e&&e.toLowerCase()),username:s.z.string().refine(e=>!e.includes("@"),{message:'Usernames must not contain "@". Use the email field for email addresses.'}).optional(),phone_number:s.z.string().optional(),phone_verified:s.z.boolean().optional(),given_name:s.z.string().optional(),family_name:s.z.string().optional(),nickname:s.z.string().optional(),name:s.z.string().optional(),picture:s.z.string().optional(),locale:s.z.string().optional(),linked_to:s.z.string().optional(),profileData:s.z.string().optional(),user_id:s.z.string().optional(),app_metadata:s.z.any().default({}).optional(),user_metadata:s.z.any().default({}).optional(),middle_name:s.z.string().optional(),preferred_username:s.z.string().optional(),profile:s.z.string().optional(),website:s.z.string().optional(),gender:s.z.string().optional(),birthdate:s.z.string().optional(),zoneinfo:s.z.string().optional(),address:XC}),Op=kh.extend({email_verified:s.z.boolean().default(!1),verify_email:s.z.boolean().optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string().optional(),provider:s.z.string().optional(),connection:s.z.string(),is_social:s.z.boolean().optional(),registration_completed_at:s.z.string().optional(),password:s.z.object({hash:s.z.string(),algorithm:s.z.string()}).optional()}),nv=s.z.object({...Op.omit({password:!0}).shape,...qn.shape,user_id:s.z.string(),provider:s.z.string(),is_social:s.z.boolean(),email:s.z.string().optional(),login_count:s.z.number().default(0),identities:s.z.array(Fp).optional()}),Fn=nv.omit({registration_completed_at:!0}),rO=kh.extend({login_count:s.z.number(),multifactor:s.z.array(s.z.string()).optional(),last_ip:s.z.string().optional(),last_login:s.z.string().optional(),user_id:s.z.string()}).catchall(s.z.any());let oO="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",sO=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=oO[n[e]&63];return t};const Rp=s.z.object({client_id:s.z.string().optional().openapi({description:"ID of this client. Generated server-side if omitted (Auth0 behavior)."}),name:s.z.string().min(1).openapi({description:"Name of this client (min length: 1 character, does not allow < or >)."}),description:s.z.string().max(140).optional().openapi({description:"Free text description of this client (max length: 140 characters)."}),global:s.z.boolean().default(!1).openapi({description:"Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false)."}),client_secret:s.z.string().default(()=>sO()).optional().openapi({description:"Client secret (which you must not make public)."}),app_type:s.z.enum(["native","spa","regular_web","non_interactive","resource_server","express_configuration","rms","box","cloudbees","concur","dropbox","mscrm","echosign","egnyte","newrelic","office365","salesforce","sentry","sharepoint","slack","springcm","zendesk","zoom","sso_integration","oag"]).default("regular_web").optional().openapi({description:"The type of application this client represents"}),logo_uri:s.z.string().url().optional().openapi({description:"URL of the logo to display for this client. Recommended size is 150x150 pixels."}),is_first_party:s.z.boolean().default(!1).openapi({description:"Whether this client a first party client (true) or not (false)."}),oidc_conformant:s.z.boolean().default(!0).openapi({description:"Whether this client conforms to strict OIDC specifications (true) or uses legacy features (false)."}),auth0_conformant:s.z.boolean().default(!0).openapi({description:"Whether this client follows Auth0-compatible behavior (true) or strict OIDC behavior (false). When true, profile/email claims are included in the ID token when scopes are requested. When false, these claims are only available from the userinfo endpoint (strict OIDC 5.4 compliance)."}),callbacks:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication."}),allowed_origins:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs."}),web_origins:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."}),client_aliases:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of audiences/realms for SAML protocol. Used by the wsfed addon."}),allowed_clients:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed."}),connections:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of connection IDs enabled for this client. The order determines the display order on the login page."}),allowed_logout_urls:s.z.array(s.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."}),session_transfer:s.z.record(s.z.any()).default({}).optional().openapi({description:"Native to Web SSO Configuration"}),oidc_logout:s.z.record(s.z.any()).default({}).optional().openapi({description:"Configuration for OIDC backchannel logout"}),grant_types:s.z.array(s.z.string()).default([]).optional().openapi({description:"List of grant types supported for this application. Can include authorization_code, implicit, refresh_token, client_credentials, password, http://auth0.com/oauth/grant-type/password-realm, http://auth0.com/oauth/grant-type/mfa-oob, http://auth0.com/oauth/grant-type/mfa-otp, http://auth0.com/oauth/grant-type/mfa-recovery-code, urn:openid:params:grant-type:ciba, and urn:ietf:params:oauth:grant-type:device_code."}),jwt_configuration:s.z.record(s.z.any()).default({}).optional().openapi({description:"Configuration related to JWTs for the client."}),signing_keys:s.z.array(s.z.record(s.z.any())).default([]).optional().openapi({description:"Signing certificates associated with this client."}),encryption_key:s.z.record(s.z.any()).default({}).optional().openapi({description:"Encryption used for WsFed responses with this client."}),sso:s.z.boolean().default(!1).openapi({description:"Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false)."}),sso_disabled:s.z.boolean().default(!1).openapi({description:"Whether Single Sign On is disabled for this client. When true, existing SSO sessions will not be reused and users must authenticate every time."}),cross_origin_authentication:s.z.boolean().default(!1).openapi({description:"Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false)."}),cross_origin_loc:s.z.string().url().optional().openapi({description:"URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page."}),custom_login_page_on:s.z.boolean().default(!1).openapi({description:"Whether a custom login page is to be used (true) or the default provided login page (false)."}),custom_login_page:s.z.string().optional().openapi({description:"The content (HTML, CSS, JS) of the custom login page."}),custom_login_page_preview:s.z.string().optional().openapi({description:"The content (HTML, CSS, JS) of the custom login page. (Used on Previews)"}),form_template:s.z.string().optional().openapi({description:"HTML form template to be used for WS-Federation."}),addons:s.z.record(s.z.any()).default({}).optional().openapi({description:"Addons enabled for this client and their associated configurations."}),token_endpoint_auth_method:s.z.enum(["none","client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt"]).default("client_secret_basic").optional().openapi({description:"Defines the requested authentication method for the token endpoint. `none` (public client), `client_secret_post` / `client_secret_basic` (HTTP POST / Basic), `client_secret_jwt` (RFC 7523 HMAC assertion using client_secret), or `private_key_jwt` (RFC 7523 asymmetric assertion verified against the client's `jwks` / `jwks_uri`)."}),client_metadata:s.z.record(s.z.string().max(255)).default({}).optional().openapi({description:'Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/()<>@ [Tab][Space]'}),hide_sign_up_disabled_error:s.z.boolean().default(!1).optional().openapi({description:"Enumeration-safe variant of the connection-level `disable_signup` flag. When a signup is blocked by the password connection and this is true, the identifier screen does not reveal that an email is unknown — it advances to the OTP/password challenge as if the account existed and fails at credential check. Mitigates email enumeration at the cost of UX: users without an account see a generic credential failure instead of an explicit signup-disabled message."}),mobile:s.z.record(s.z.any()).default({}).optional().openapi({description:"Additional configuration for native mobile apps."}),initiate_login_uri:s.z.string().url().optional().openapi({description:"Initiate login uri, must be https"}),native_social_login:s.z.record(s.z.any()).default({}).optional(),refresh_token:s.z.object({rotation_type:s.z.enum(["rotating","non-rotating"]).optional().openapi({description:"Whether refresh tokens for this client are rotated on every exchange (Auth0 'rotating' behavior) or kept stable (legacy non-rotating). Defaults to 'non-rotating' when unset."}),leeway:s.z.number().int().min(0).max(600).optional().openapi({description:"Seconds after a parent token's first rotation during which presenting it again still mints a fresh sibling child instead of triggering reuse-detection. Defaults to 30s when unset."}),expiration_type:s.z.enum(["expiring","non-expiring"]).optional().openapi({description:"Auth0-compatible: whether refresh tokens expire."}),token_lifetime:s.z.number().int().min(0).optional().openapi({description:"Auth0-compatible: refresh-token absolute lifetime in seconds."}),infinite_token_lifetime:s.z.boolean().optional().openapi({description:"Auth0-compatible: when true, refresh tokens have no absolute expiry."}),idle_token_lifetime:s.z.number().int().min(0).optional().openapi({description:"Auth0-compatible: refresh-token idle (sliding) lifetime in seconds."}),infinite_idle_token_lifetime:s.z.boolean().optional().openapi({description:"Auth0-compatible: when true, refresh tokens have no idle expiry."})}).default({}).optional().openapi({description:"Refresh token configuration"}),default_organization:s.z.record(s.z.any()).default({}).optional().openapi({description:"Defines the default Organization ID and flows"}),organization_usage:s.z.enum(["deny","allow","require"]).default("deny").optional().openapi({description:"Defines how to proceed during an authentication transaction with regards an organization. Can be deny (default), allow or require."}),organization_require_behavior:s.z.enum(["no_prompt","pre_login_prompt","post_login_prompt"]).default("no_prompt").optional().openapi({description:"Defines how to proceed during an authentication transaction when client.organization_usage: 'require'. Can be no_prompt (default), pre_login_prompt or post_login_prompt. post_login_prompt requires oidc_conformant: true."}),client_authentication_methods:s.z.record(s.z.any()).default({}).optional().openapi({description:"Defines client authentication methods."}),require_pushed_authorization_requests:s.z.boolean().default(!1).openapi({description:"Makes the use of Pushed Authorization Requests mandatory for this client"}),require_proof_of_possession:s.z.boolean().default(!1).openapi({description:"Makes the use of Proof-of-Possession mandatory for this client"}),signed_request_object:s.z.record(s.z.any()).default({}).optional().openapi({description:"JWT-secured Authorization Requests (JAR) settings."}),compliance_level:s.z.enum(["none","fapi1_adv_pkj_par","fapi1_adv_mtls_par","fapi2_sp_pkj_mtls","fapi2_sp_mtls_mtls"]).optional().openapi({description:"Defines the compliance level for this client, which may restrict it's capabilities"}),par_request_expiry:s.z.number().optional().openapi({description:"Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"}),token_quota:s.z.record(s.z.any()).default({}).optional(),owner_user_id:s.z.string().optional().openapi({description:"User ID of the consenting user when this client was created via IAT-gated Dynamic Client Registration. NULL for clients created via the Management API or open DCR."}),registration_type:s.z.enum(["manual","open_dcr","iat_dcr"]).optional().openapi({description:"Provenance of this client. `manual` = Management API; `open_dcr` = RFC 7591 without IAT; `iat_dcr` = RFC 7591 with an Initial Access Token."}),registration_metadata:s.z.record(s.z.any()).default({}).optional().openapi({description:"Arbitrary metadata captured at Dynamic Client Registration time that isn't a first-class client field (e.g. integration_type, domain). Also stores `iat_constraints` for clients created via IAT so RFC 7592 PUT can enforce field immutability."}),user_linking_mode:s.z.enum(["builtin","off"]).optional().openapi({description:"Per-client override for the built-in email-based user-linking path. `builtin` runs the legacy in-process linking at user creation/email update. `off` disables the legacy path; linking only happens if the tenant has enabled the `account-linking` template hook. When unset, the service-level `userLinkingMode` default applies."})}),qo=s.z.object({created_at:s.z.string(),updated_at:s.z.string(),...Rp.shape,client_id:s.z.string()}),jp=s.z.object({client_id:s.z.string().min(1).openapi({description:"ID of the client."}),audience:s.z.string().min(1).openapi({description:"The audience (API identifier) of this client grant."}),scope:s.z.array(s.z.string()).optional().openapi({description:"Scopes allowed for this client grant."}),organization_usage:s.z.enum(["deny","allow","require"]).optional().openapi({description:"Defines whether organizations can be used with client credentials exchanges for this grant."}),allow_any_organization:s.z.boolean().optional().openapi({description:"If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations."}),is_system:s.z.boolean().optional().openapi({description:"If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."}),subject_type:s.z.enum(["client","user"]).optional().openapi({description:"The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."}),authorization_details_types:s.z.array(s.z.string()).optional().openapi({description:"Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."})}),Ho=s.z.object({id:s.z.string().openapi({description:"ID of the client grant."}),...jp.shape,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),aO=s.z.array(Ho),eT=s.z.enum(["iat","rat"]),tT=s.z.object({id:s.z.string(),token_hash:s.z.string(),type:eT,client_id:s.z.string().optional(),sub:s.z.string().optional(),constraints:s.z.record(s.z.unknown()).optional(),single_use:s.z.boolean().default(!1),expires_at:s.z.string().optional()}),cO=s.z.object({created_at:s.z.string(),used_at:s.z.string().optional(),revoked_at:s.z.string().optional(),...tT.shape}),Ss=s.z.object({x:s.z.number(),y:s.z.number()});var iv=(e=>(e.RICH_TEXT="RICH_TEXT",e.NEXT_BUTTON="NEXT_BUTTON",e.BACK_BUTTON="BACK_BUTTON",e.SUBMIT_BUTTON="SUBMIT_BUTTON",e.DIVIDER="DIVIDER",e.TEXT="TEXT",e.EMAIL="EMAIL",e.PASSWORD="PASSWORD",e.NUMBER="NUMBER",e.PHONE="PHONE",e.DATE="DATE",e.CHECKBOX="CHECKBOX",e.RADIO="RADIO",e.SELECT="SELECT",e.HIDDEN="HIDDEN",e.LEGAL="LEGAL",e))(iv||{}),rv=(e=>(e.BLOCK="BLOCK",e.FIELD="FIELD",e))(rv||{});const Sh=s.z.object({id:s.z.string(),category:s.z.nativeEnum(rv),type:s.z.nativeEnum(iv)}),nT=Sh.extend({category:s.z.literal("BLOCK"),type:s.z.literal("RICH_TEXT"),config:s.z.object({content:s.z.string()}).passthrough()}),iT=Sh.extend({category:s.z.literal("BLOCK"),type:s.z.union([s.z.literal("NEXT_BUTTON"),s.z.literal("BACK_BUTTON"),s.z.literal("SUBMIT_BUTTON")]),config:s.z.object({text:s.z.string()}).passthrough()}),rT=Sh.extend({category:s.z.literal("FIELD"),type:s.z.literal("LEGAL"),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional(),config:s.z.object({text:s.z.string()}).passthrough()}),oT=Sh.extend({category:s.z.literal("FIELD"),type:s.z.union([s.z.literal("TEXT"),s.z.literal("EMAIL"),s.z.literal("PASSWORD"),s.z.literal("NUMBER"),s.z.literal("PHONE"),s.z.literal("DATE"),s.z.literal("CHECKBOX"),s.z.literal("RADIO"),s.z.literal("SELECT"),s.z.literal("HIDDEN")]),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional(),config:s.z.object({label:s.z.string().optional(),placeholder:s.z.string().optional()}).passthrough()}),sT=s.z.object({id:s.z.string(),category:s.z.string(),type:s.z.string()}).passthrough(),aT=s.z.union([nT,iT,rT,oT,sT]);var cT=(e=>(e.STEP="STEP",e.FLOW="FLOW",e.CONDITION="CONDITION",e.ACTION="ACTION",e))(cT||{});const lT=s.z.object({id:s.z.string(),type:s.z.literal("STEP"),coordinates:Ss,alias:s.z.string().optional(),config:s.z.object({components:s.z.array(aT),next_node:s.z.string()}).passthrough()}),dT=s.z.object({id:s.z.string(),type:s.z.literal("FLOW"),coordinates:Ss,alias:s.z.string().optional(),config:s.z.object({flow_id:s.z.string(),next_node:s.z.string()})}),uT=s.z.object({id:s.z.string(),type:s.z.literal("ACTION"),coordinates:Ss,alias:s.z.string().optional(),config:s.z.object({action_type:s.z.enum(["REDIRECT"]).openapi({description:"The type of action to perform"}),target:s.z.enum(["change-email","account","custom"]).openapi({description:"The predefined target to redirect to"}),custom_url:s.z.string().optional().openapi({description:"Custom URL when target is 'custom'"}),next_node:s.z.string().openapi({description:"The next node to navigate to after action (for non-redirect actions)"})}).passthrough()}),pT=s.z.object({id:s.z.string(),type:s.z.string(),coordinates:Ss}).passthrough(),fT=s.z.union([lT,dT,uT,pT]),hT=s.z.object({next_node:s.z.string(),coordinates:Ss}).passthrough(),gT=s.z.object({resume_flow:s.z.boolean().optional(),coordinates:Ss}).passthrough(),mT=s.z.object({id:s.z.string(),name:s.z.string(),languages:s.z.object({primary:s.z.string()}).passthrough(),nodes:s.z.array(fT),start:hT,ending:gT,created_at:s.z.string(),updated_at:s.z.string(),links:s.z.object({sdkSrc:s.z.string().optional(),sdk_src:s.z.string().optional()}).passthrough()}).passthrough(),lO=mT.omit({id:!0,created_at:!0,updated_at:!0});var Tn=(e=>(e.TOKEN="token",e.ID_TOKEN="id_token",e.TOKEN_ID_TOKEN="id_token token",e.CODE="code",e.CODE_ID_TOKEN="code id_token",e.CODE_TOKEN="code token",e.CODE_ID_TOKEN_TOKEN="code id_token token",e))(Tn||{}),mt=(e=>(e.QUERY="query",e.FRAGMENT="fragment",e.FORM_POST="form_post",e.WEB_MESSAGE="web_message",e.SAML_POST="saml_post",e))(mt||{}),Eh=(e=>(e.S256="S256",e.Plain="plain",e))(Eh||{});const _A=s.z.union([s.z.null(),s.z.object({essential:s.z.boolean().optional(),value:s.z.unknown().optional(),values:s.z.array(s.z.unknown()).optional()})]).nullable(),ov=s.z.object({userinfo:s.z.record(s.z.string(),_A).optional(),id_token:s.z.record(s.z.string(),_A).optional()}),ed=s.z.object({client_id:s.z.string(),act_as:s.z.string().optional(),response_type:s.z.nativeEnum(Tn).optional(),response_mode:s.z.nativeEnum(mt).optional(),redirect_uri:s.z.string().optional(),audience:s.z.string().optional(),organization:s.z.string().optional(),state:s.z.string().optional(),nonce:s.z.string().optional(),scope:s.z.string().optional(),prompt:s.z.string().optional(),code_challenge_method:s.z.nativeEnum(Eh).optional(),code_challenge:s.z.string().optional(),username:s.z.string().optional(),ui_locales:s.z.string().optional(),max_age:s.z.number().optional(),acr_values:s.z.string().optional(),claims:ov.optional(),vendor_id:s.z.string().optional()}),dp=s.z.object({colors:s.z.object({primary:s.z.string(),page_background:s.z.union([s.z.string(),s.z.object({type:s.z.string().optional(),start:s.z.string().optional(),end:s.z.string().optional(),angle_deg:s.z.number().optional()})]).optional()}).optional(),logo_url:s.z.string().optional(),favicon_url:s.z.string().optional(),powered_by_logo_url:s.z.string().optional(),font:s.z.object({url:s.z.string()}).optional(),dark_mode:s.z.enum(["dark","light","auto"]).optional()}),yT=s.z.enum(["password_reset","email_verification","otp","mfa_otp","authorization_code","oauth2_state","ticket"]),_T=s.z.object({code_id:s.z.string().openapi({description:"The code that will be used in for instance an email verification flow"}),login_id:s.z.string().openapi({description:"The id of the login session that the code is connected to"}),connection_id:s.z.string().optional().openapi({description:"The connection that the code is connected to"}),code_type:yT,code_verifier:s.z.string().optional().openapi({description:"The code verifier used in PKCE in outbound flows"}),code_challenge:s.z.string().optional().openapi({description:"The code challenge used in PKCE in outbound flows"}),code_challenge_method:s.z.enum(["plain","S256"]).optional().openapi({description:"The code challenge method used in PKCE in outbound flows"}),redirect_uri:s.z.string().optional().openapi({description:"The redirect URI associated with the code"}),otp:s.z.string().optional().openapi({description:"The one-time password value for OTP-based flows"}),nonce:s.z.string().optional().openapi({description:"The nonce value used for security in OIDC flows"}),state:s.z.string().optional().openapi({description:"The state parameter used for CSRF protection in OAuth flows"}),expires_at:s.z.string(),used_at:s.z.string().optional(),user_id:s.z.string().optional()}),dO=s.z.object({..._T.shape,created_at:s.z.string()}),wT=s.z.object({kid:s.z.string().optional(),team_id:s.z.string().optional(),realms:s.z.string().optional(),authentication_method:s.z.string().optional(),client_id:s.z.string().optional(),client_secret:s.z.string().optional(),app_secret:s.z.string().optional(),scope:s.z.string().optional(),authorization_endpoint:s.z.string().optional(),token_endpoint:s.z.string().optional(),userinfo_endpoint:s.z.string().optional(),jwks_uri:s.z.string().optional(),discovery_url:s.z.string().optional(),issuer:s.z.string().optional(),token_endpoint_auth_method:s.z.enum(["client_secret_basic","client_secret_post"]).optional(),provider:s.z.string().optional(),from:s.z.string().optional(),twilio_sid:s.z.string().optional(),twilio_token:s.z.string().optional(),icon_url:s.z.string().optional(),domain_aliases:s.z.array(s.z.string()).optional(),callback_url:s.z.string().url().optional(),passwordPolicy:s.z.enum(["none","low","fair","good","excellent"]).optional(),password_complexity_options:s.z.object({min_length:s.z.number().optional()}).optional(),password_history:s.z.object({enable:s.z.boolean().optional(),size:s.z.number().optional()}).optional(),password_no_personal_info:s.z.object({enable:s.z.boolean().optional()}).optional(),password_dictionary:s.z.object({enable:s.z.boolean().optional(),dictionary:s.z.array(s.z.string()).optional()}).optional(),disable_signup:s.z.boolean().optional(),brute_force_protection:s.z.boolean().optional(),import_mode:s.z.boolean().optional(),configuration:s.z.object({token_endpoint:s.z.string().optional(),userinfo_endpoint:s.z.string().optional(),client_id:s.z.string().optional(),client_secret:s.z.string().optional(),realm:s.z.string().optional()}).optional(),attributes:s.z.object({email:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional(),verification:s.z.object({active:s.z.boolean().optional()}).optional()}).optional(),validation:s.z.object({allowed:s.z.boolean().optional()}).optional(),unique:s.z.boolean().optional(),profile_required:s.z.boolean().optional(),verification_method:s.z.enum(["link","code"]).optional()}).optional(),username:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional()}).optional(),validation:s.z.object({max_length:s.z.number().optional(),min_length:s.z.number().optional(),allowed_types:s.z.object({email:s.z.boolean().optional(),phone_number:s.z.boolean().optional()}).optional()}).optional(),profile_required:s.z.boolean().optional()}).optional(),phone_number:s.z.object({identifier:s.z.object({active:s.z.boolean().optional()}).optional(),signup:s.z.object({status:s.z.enum(["required","optional","disabled"]).optional()}).optional()}).optional()}).optional(),authentication_methods:s.z.object({password:s.z.object({enabled:s.z.boolean().optional()}).optional(),passkey:s.z.object({enabled:s.z.boolean().optional()}).optional()}).optional(),passkey_options:s.z.object({challenge_ui:s.z.enum(["both","autofill","button"]).optional(),local_enrollment_enabled:s.z.boolean().optional(),progressive_enrollment_enabled:s.z.boolean().optional()}).optional(),requires_username:s.z.boolean().optional(),validation:s.z.object({username:s.z.object({min:s.z.number().optional(),max:s.z.number().optional()}).optional()}).optional(),set_user_root_attributes:s.z.enum(["on_each_login","on_first_login","never_on_login"]).optional()});function Ey(e){if(e!==null){if(Array.isArray(e))return e.filter(t=>t!==null).map(Ey);if(e&&typeof e=="object"){const t={};for(const[n,i]of Object.entries(e))i!==null&&(t[n]=Ey(i));return t}return e}}const Dp=s.z.object({id:s.z.string().optional(),name:s.z.string(),display_name:s.z.string().optional(),strategy:s.z.string(),options:s.z.preprocess(e=>e===null?{}:Ey(e),wT).default({}),enabled_clients:s.z.array(s.z.string()).default([]).optional(),response_type:s.z.custom().optional(),response_mode:s.z.custom().optional(),is_domain_connection:s.z.boolean().optional(),show_as_button:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional(),is_system:s.z.boolean().optional()}),Hr=s.z.object({id:s.z.string(),created_at:s.z.string().transform(e=>e===null?"":e),updated_at:s.z.string().transform(e=>e===null?"":e)}).extend(Dp.shape),sv=s.z.object({domain:s.z.string(),custom_domain_id:s.z.string().optional(),type:s.z.enum(["auth0_managed_certs","self_managed_certs"]),verification_method:s.z.enum(["txt"]).optional(),tls_policy:s.z.enum(["recommended"]).optional(),custom_client_ip_header:s.z.enum(["true-client-ip","cf-connecting-ip","x-forwarded-for","x-azure-clientip","null"]).optional(),domain_metadata:s.z.record(s.z.string().max(255)).optional()}),vT=s.z.discriminatedUnion("name",[s.z.object({name:s.z.literal("txt"),record:s.z.string(),domain:s.z.string()}),s.z.object({name:s.z.literal("http"),http_body:s.z.string(),http_url:s.z.string()})]),Br=s.z.object({...sv.shape,custom_domain_id:s.z.string(),primary:s.z.boolean(),status:s.z.enum(["disabled","pending","pending_verification","ready"]),origin_domain_name:s.z.string().optional(),verification:s.z.object({methods:s.z.array(vT)}).optional(),tls_policy:s.z.string().optional()}),uO=Br.extend({tenant_id:s.z.string()}),av=s.z.object({id:s.z.string(),order:s.z.number().optional(),visible:s.z.boolean().optional().default(!0)}),fo=av.extend({category:s.z.literal("BLOCK").optional()}),pO=fo.extend({type:s.z.literal("DIVIDER"),config:s.z.object({text:s.z.string().optional()}).optional()}),fO=fo.extend({type:s.z.literal("HTML"),config:s.z.object({content:s.z.string().optional()}).optional()}),hO=fo.extend({type:s.z.literal("IMAGE"),config:s.z.object({src:s.z.string().optional(),alt:s.z.string().optional(),width:s.z.number().optional(),height:s.z.number().optional()}).optional()}),gO=fo.extend({type:s.z.literal("JUMP_BUTTON"),config:s.z.object({text:s.z.string().optional(),target_step:s.z.string().optional()})}),mO=fo.extend({type:s.z.literal("RESEND_BUTTON"),config:s.z.object({text:s.z.string().optional(),resend_action:s.z.string().optional()})}),yO=fo.extend({type:s.z.literal("NEXT_BUTTON"),config:s.z.object({text:s.z.string().optional()})}),_O=fo.extend({type:s.z.literal("PREVIOUS_BUTTON"),config:s.z.object({text:s.z.string().optional()})}),wO=fo.extend({type:s.z.literal("RICH_TEXT"),config:s.z.object({content:s.z.string().optional()}).optional()}),cv=av.extend({category:s.z.literal("WIDGET").optional(),label:s.z.string().min(1).optional(),hint:s.z.string().min(1).max(500).optional(),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional()}),vO=cv.extend({type:s.z.literal("AUTH0_VERIFIABLE_CREDENTIALS"),config:s.z.object({credential_type:s.z.string().optional()})}),bO=cv.extend({type:s.z.literal("GMAPS_ADDRESS"),config:s.z.object({api_key:s.z.string().optional()})}),AO=cv.extend({type:s.z.literal("RECAPTCHA"),config:s.z.object({site_key:s.z.string().optional()})}),qt=av.extend({category:s.z.literal("FIELD").optional(),label:s.z.string().min(1).optional(),hint:s.z.string().min(1).max(500).optional(),messages:s.z.array(s.z.object({id:s.z.number().optional(),text:s.z.string(),type:s.z.enum(["info","error","success","warning"])})).optional(),required:s.z.boolean().optional(),sensitive:s.z.boolean().optional()}),kO=qt.extend({type:s.z.literal("BOOLEAN"),config:s.z.object({default_value:s.z.boolean().optional()}).optional()}),SO=qt.extend({type:s.z.literal("CARDS"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string(),description:s.z.string().optional(),image:s.z.string().optional()})).optional(),multi_select:s.z.boolean().optional()}).optional()}),EO=qt.extend({type:s.z.literal("CHOICE"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string()})).optional(),display:s.z.enum(["radio","checkbox"]).optional(),multiple:s.z.boolean().optional(),default_value:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional()}).optional()}),CO=qt.extend({type:s.z.literal("CUSTOM"),config:s.z.object({component:s.z.string().optional(),props:s.z.record(s.z.any()).optional(),schema:s.z.record(s.z.any()).optional(),code:s.z.string().optional()})}),TO=qt.extend({type:s.z.literal("DATE"),config:s.z.object({format:s.z.string().optional(),min:s.z.string().optional(),max:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),xO=qt.extend({type:s.z.literal("DROPDOWN"),config:s.z.object({options:s.z.array(s.z.object({value:s.z.string(),label:s.z.string()})).optional(),placeholder:s.z.string().optional(),searchable:s.z.boolean().optional(),multiple:s.z.boolean().optional(),default_value:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional()}).optional()}),IO=qt.extend({type:s.z.literal("EMAIL"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),$O=qt.extend({type:s.z.literal("FILE"),config:s.z.object({accept:s.z.string().optional(),max_size:s.z.number().optional(),multiple:s.z.boolean().optional()}).optional()}),zO=qt.extend({type:s.z.literal("LEGAL"),config:s.z.object({text:s.z.string(),html:s.z.boolean().optional()}).optional()}),NO=qt.extend({type:s.z.literal("NUMBER"),config:s.z.object({placeholder:s.z.string().optional(),min:s.z.number().optional(),max:s.z.number().optional(),step:s.z.number().optional(),default_value:s.z.string().optional()}).optional()}),PO=qt.extend({type:s.z.literal("PASSWORD"),config:s.z.object({placeholder:s.z.string().optional(),min_length:s.z.number().optional(),show_toggle:s.z.boolean().optional(),forgot_password_link:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),FO=qt.extend({type:s.z.literal("PAYMENT"),config:s.z.object({provider:s.z.string().optional(),currency:s.z.string().optional()}).optional()}),OO=qt.extend({type:s.z.literal("SOCIAL"),config:s.z.object({providers:s.z.array(s.z.string()).optional(),provider_details:s.z.array(s.z.object({name:s.z.string(),strategy:s.z.string().optional(),display_name:s.z.string().optional(),icon_url:s.z.string().optional(),href:s.z.string().optional()})).optional()}).optional()}),RO=qt.extend({type:s.z.literal("TEL"),config:s.z.object({placeholder:s.z.string().optional(),default_country:s.z.string().optional(),default_value:s.z.string().optional(),allow_email:s.z.boolean().optional()}).optional()}),jO=qt.extend({type:s.z.literal("TEXT"),config:s.z.object({placeholder:s.z.string().optional(),multiline:s.z.boolean().optional(),max_length:s.z.number().optional(),default_value:s.z.string().optional()}).optional()}),DO=qt.extend({type:s.z.literal("COUNTRY"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),LO=qt.extend({type:s.z.literal("URL"),config:s.z.object({placeholder:s.z.string().optional(),default_value:s.z.string().optional()}).optional()}),bT=s.z.discriminatedUnion("type",[pO,fO,hO,gO,mO,yO,_O,wO]),AT=s.z.discriminatedUnion("type",[vO,bO,AO]),kT=s.z.discriminatedUnion("type",[kO,SO,EO,DO,CO,TO,xO,IO,$O,zO,NO,PO,FO,OO,RO,jO,LO]),lv=s.z.union([bT,AT,kT]),dv=new Set(["BOOLEAN","CARDS","CHOICE","COUNTRY","DATE","DROPDOWN","EMAIL","LEGAL","NUMBER","PASSWORD","TEL","TEXT","URL"]),BO=s.z.object({id:s.z.string(),type:s.z.literal("submit"),label:s.z.string(),className:s.z.string().optional(),disabled:s.z.boolean().optional().default(!1),order:s.z.number().optional(),visible:s.z.boolean().optional().default(!0),customizations:s.z.record(s.z.string(),s.z.any()).optional()}),td=s.z.object({x:s.z.number(),y:s.z.number()}),MO=s.z.object({id:s.z.string(),type:s.z.literal("FLOW"),coordinates:td,alias:s.z.string().min(1).max(150).optional(),config:s.z.object({flow_id:s.z.string().max(30),next_node:s.z.string().optional()})}),UO=s.z.object({id:s.z.string(),type:s.z.literal("ROUTER"),coordinates:td,alias:s.z.string().min(1).max(150),config:s.z.object({rules:s.z.array(s.z.object({id:s.z.string(),alias:s.z.string().min(1).max(150).optional(),condition:s.z.any(),next_node:s.z.string()})),fallback:s.z.string()})}),qO=s.z.object({id:s.z.string(),type:s.z.literal("STEP"),coordinates:td,alias:s.z.string().min(1).max(150).optional(),config:s.z.object({components:s.z.array(lv),next_node:s.z.string().optional()})}),ST=s.z.discriminatedUnion("type",[MO,UO,qO]),Lp=s.z.object({name:s.z.string().openapi({description:"The name of the form"}),messages:s.z.object({errors:s.z.record(s.z.string(),s.z.any()).optional(),custom:s.z.record(s.z.string(),s.z.any()).optional()}).optional(),languages:s.z.object({primary:s.z.string().optional(),default:s.z.string().optional()}).optional(),translations:s.z.record(s.z.string(),s.z.any()).optional(),nodes:s.z.array(ST).optional(),start:s.z.object({hidden_fields:s.z.array(s.z.object({key:s.z.string(),value:s.z.string()})).optional(),next_node:s.z.string().optional(),coordinates:td.optional()}).optional(),ending:s.z.object({redirection:s.z.object({delay:s.z.number().optional(),target:s.z.string().optional()}).optional(),after_submit:s.z.object({flow_id:s.z.string().optional()}).optional(),coordinates:td.optional(),resume_flow:s.z.boolean().optional()}).optional(),style:s.z.object({css:s.z.string().optional()}).optional(),links:s.z.object({sdkSrc:s.z.string().optional(),sdk_src:s.z.string().optional()}).optional()}).openapi({description:"Schema for flow-based forms (matches Auth0 Forms structure)"}),pa=s.z.object({...qn.shape,...Lp.shape,id:s.z.string()}),ET=s.z.object({id:s.z.number().optional(),text:s.z.string(),type:s.z.enum(["info","error","success","warning"])}),CT=s.z.object({id:s.z.string().optional(),text:s.z.string(),href:s.z.string(),linkText:s.z.string().optional()}),HO=s.z.object({name:s.z.string().optional(),action:s.z.string(),method:s.z.enum(["POST","GET"]),title:s.z.string().optional(),description:s.z.string().optional(),components:s.z.array(lv),messages:s.z.array(ET).optional(),links:s.z.array(CT).optional(),footer:s.z.string().optional()});function VO(e){return e.category==="BLOCK"}function KO(e){return e.category==="WIDGET"}function GO(e){return e.category==="FIELD"}const TT=s.z.enum(["pre-user-registration","post-user-registration","post-user-login","post-user-update","validate-registration-username","pre-user-deletion","post-user-deletion"]),xT=s.z.enum(["pre-user-registration","post-user-registration","post-user-login","validate-registration-username","pre-user-deletion","post-user-deletion"]),IT=s.z.enum(["post-user-login","post-user-registration","post-user-update","credentials-exchange"]),$T=s.z.enum(["post-user-login","credentials-exchange","pre-user-registration","post-user-registration"]),uv=s.z.enum(["ensure-username","set-preferred-username","account-linking"]),WO={"ensure-username":{name:"Ensure Username",description:"Automatically assigns a username to users who sign in without one. Creates a linked username account for social/email users.",trigger_ids:["post-user-login"]},"set-preferred-username":{name:"Set Preferred Username",description:"Sets the preferred_username claim on tokens based on the username from the primary or linked user.",trigger_ids:["credentials-exchange"]},"account-linking":{name:"Account Linking",description:"Links a user to an existing primary account with the same verified email. Idempotent — safe to run on every login, registration, and email update.",trigger_ids:["post-user-login","post-user-registration","post-user-update"]}},ho={enabled:s.z.boolean().default(!1),synchronous:s.z.boolean().default(!1),priority:s.z.number().optional(),hook_id:s.z.string().optional(),metadata:s.z.record(s.z.unknown()).optional()},JO=s.z.object({...ho,trigger_id:TT,url:s.z.string()}),YO=s.z.object({...ho,trigger_id:xT,form_id:s.z.string()}),QO=s.z.object({...ho,trigger_id:IT,template_id:uv}),ZO=s.z.object({...ho,trigger_id:$T,code_id:s.z.string()}),Cy=s.z.union([JO,YO,QO,ZO]),XO=s.z.object({...ho,trigger_id:TT,...qn.shape,hook_id:s.z.string(),url:s.z.string()}),eR=s.z.object({...ho,trigger_id:xT,...qn.shape,hook_id:s.z.string(),form_id:s.z.string()}),tR=s.z.object({...ho,trigger_id:IT,...qn.shape,hook_id:s.z.string(),template_id:uv}),nR=s.z.object({...ho,trigger_id:$T,...qn.shape,hook_id:s.z.string(),code_id:s.z.string()}),fa=s.z.union([XO,eR,tR,nR]),Bp=s.z.object({code:s.z.string().max(1e5),secrets:s.z.record(s.z.string()).optional()}),pv=Bp.extend({id:s.z.string(),tenant_id:s.z.string(),...qn.shape}),zT=s.z.object({name:s.z.string().optional()}),NT=s.z.object({email:s.z.string().optional()}),fv=s.z.object({id:s.z.string().optional(),organization_id:s.z.string().max(50),inviter:zT,invitee:NT,invitation_url:s.z.string().url(),client_id:s.z.string(),connection_id:s.z.string().optional(),app_metadata:s.z.record(s.z.any()).default({}).optional(),user_metadata:s.z.record(s.z.any()).default({}).optional(),ttl_sec:s.z.number().int().max(2592e3).default(604800).optional(),roles:s.z.array(s.z.string()).default([]).optional(),send_invitation_email:s.z.boolean().default(!0).optional()}),Ml=s.z.object({id:s.z.string(),organization_id:s.z.string().max(50),created_at:s.z.string().datetime(),expires_at:s.z.string().datetime(),ticket_id:s.z.string().optional()}).extend(fv.omit({id:!0}).shape),Ch=s.z.object({alg:s.z.enum(["RS256","RS384","RS512","ES256","ES384","ES512","HS256","HS384","HS512"]),kid:s.z.string(),kty:s.z.enum(["RSA","EC","oct"]),use:s.z.enum(["sig","enc"]).optional(),n:s.z.string().optional(),e:s.z.string().optional(),crv:s.z.string().optional(),x:s.z.string().optional(),y:s.z.string().optional(),x5t:s.z.string().optional(),x5c:s.z.array(s.z.string()).optional()}).superRefine((e,t)=>{if(e.kty==="RSA")for(const n of["n","e"])e[n]||t.addIssue({code:s.z.ZodIssueCode.custom,path:[n],message:`RSA JWK is missing required member '${n}'`});else if(e.kty==="EC")for(const n of["crv","x","y"])e[n]||t.addIssue({code:s.z.ZodIssueCode.custom,path:[n],message:`EC JWK is missing required member '${n}'`})}),Mp=s.z.object({keys:s.z.array(Ch)}),Ty=s.z.object({issuer:s.z.string(),authorization_endpoint:s.z.string(),token_endpoint:s.z.string(),userinfo_endpoint:s.z.string(),jwks_uri:s.z.string(),registration_endpoint:s.z.string().optional(),revocation_endpoint:s.z.string(),end_session_endpoint:s.z.string().optional(),scopes_supported:s.z.array(s.z.string()),response_types_supported:s.z.array(s.z.string()),grant_types_supported:s.z.array(s.z.string()).optional(),code_challenge_methods_supported:s.z.array(s.z.string()),response_modes_supported:s.z.array(s.z.string()),subject_types_supported:s.z.array(s.z.string()),id_token_signing_alg_values_supported:s.z.array(s.z.string()),token_endpoint_auth_methods_supported:s.z.array(s.z.string()),claims_supported:s.z.array(s.z.string()),request_uri_parameter_supported:s.z.boolean(),request_parameter_supported:s.z.boolean(),claims_parameter_supported:s.z.boolean().optional(),request_object_signing_alg_values_supported:s.z.array(s.z.string()).optional(),token_endpoint_auth_signing_alg_values_supported:s.z.array(s.z.string())});var be=(e=>(e.PENDING="pending",e.AUTHENTICATED="authenticated",e.AWAITING_EMAIL_VERIFICATION="awaiting_email_verification",e.AWAITING_MFA="awaiting_mfa",e.AWAITING_HOOK="awaiting_hook",e.AWAITING_CONTINUATION="awaiting_continuation",e.COMPLETED="completed",e.FAILED="failed",e.EXPIRED="expired",e))(be||{});const PT=s.z.nativeEnum(be),FT=s.z.object({strategy:s.z.string(),strategy_type:s.z.string()}),OT=s.z.object({csrf_token:s.z.string(),auth0Client:s.z.string().optional(),authParams:ed,expires_at:s.z.string(),deleted_at:s.z.string().optional(),ip:s.z.string().optional(),useragent:s.z.string().optional(),session_id:s.z.string().optional(),authorization_url:s.z.string().optional(),state:PT.optional().default("pending"),state_data:s.z.string().optional(),failure_reason:s.z.string().optional(),user_id:s.z.string().optional(),auth_connection:s.z.string().optional(),auth_strategy:FT.optional(),authenticated_at:s.z.string().optional()}).openapi({description:"This represents a login sesion"}),iR=s.z.object({...OT.shape,id:s.z.string().openapi({description:"This is is used as the state in the universal login"}),created_at:s.z.string(),updated_at:s.z.string()}),T={ACLS_SUMMARY:"acls_summary",ACTIONS_EXECUTION_FAILED:"actions_execution_failed",API_LIMIT:"api_limit",API_LIMIT_WARNING:"api_limit_warning",APPI:"appi",CIBA_EXCHANGE_FAILED:"ciba_exchange_failed",CIBA_EXCHANGE_SUCCEEDED:"ciba_exchange_succeeded",CIBA_START_FAILED:"ciba_start_failed",CIBA_START_SUCCEEDED:"ciba_start_succeeded",CODE_LINK_SENT:"cls",CODE_SENT:"cs",DEPRECATION_NOTICE:"depnote",FAILED_LOGIN:"f",FAILED_BY_CONNECTOR:"fc",FAILED_CHANGE_EMAIL:"fce",FAILED_BY_CORS:"fco",FAILED_CROSS_ORIGIN_AUTHENTICATION:"fcoa",FAILED_CHANGE_PASSWORD:"fcp",FAILED_POST_CHANGE_PASSWORD_HOOK:"fcph",FAILED_CHANGE_PHONE_NUMBER:"fcpn",FAILED_CHANGE_PASSWORD_REQUEST:"fcpr",FAILED_CONNECTOR_PROVISIONING:"fcpro",FAILED_CHANGE_USERNAME:"fcu",FAILED_DELEGATION:"fd",FAILED_DEVICE_ACTIVATION:"fdeac",FAILED_DEVICE_AUTHORIZATION_REQUEST:"fdeaz",USER_CANCELED_DEVICE_CONFIRMATION:"fdecc",FAILED_USER_DELETION:"fdu",FAILED_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN:"feacft",FAILED_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS:"feccft",FAILED_EXCHANGE_CUSTOM_TOKEN:"fecte",FAILED_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN:"fede",FAILED_FEDERATED_LOGOUT:"federated_logout_failed",FAILED_EXCHANGE_NATIVE_SOCIAL_LOGIN:"fens",FAILED_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN:"feoobft",FAILED_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN:"feotpft",FAILED_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN:"fepft",FAILED_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN:"fepotpft",FAILED_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN:"fercft",FAILED_EXCHANGE_ROTATING_REFRESH_TOKEN:"ferrt",FAILED_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN:"fertft",FAILED_HOOK:"fh",FAILED_IMPERSONATION:"fimp",FAILED_INVITE_ACCEPT:"fi",FAILED_LOGOUT:"flo",FLOWS_EXECUTION_COMPLETED:"flows_execution_completed",FLOWS_EXECUTION_FAILED:"flows_execution_failed",FAILED_SENDING_NOTIFICATION:"fn",FORMS_SUBMISSION_FAILED:"forms_submission_failed",FORMS_SUBMISSION_SUCCEEDED:"forms_submission_succeeded",FAILED_LOGIN_INCORRECT_PASSWORD:"fp",FAILED_PUSHED_AUTHORIZATION_REQUEST:"fpar",FAILED_POST_USER_REGISTRATION_HOOK:"fpurh",FAILED_SIGNUP:"fs",FAILED_SILENT_AUTH:"fsa",FAILED_LOGIN_INVALID_EMAIL_USERNAME:"fu",FAILED_USERS_IMPORT:"fui",FAILED_VERIFICATION_EMAIL:"fv",FAILED_VERIFICATION_EMAIL_REQUEST:"fvr",EMAIL_VERIFICATION_CONFIRMED:"gd_auth_email_verification",EMAIL_VERIFICATION_FAILED:"gd_auth_fail_email_verification",MFA_AUTH_FAILED:"gd_auth_failed",MFA_AUTH_REJECTED:"gd_auth_rejected",MFA_AUTH_SUCCESS:"gd_auth_succeed",MFA_ENROLLMENT_COMPLETE:"gd_enrollment_complete",TOO_MANY_MFA_FAILURES:"gd_otp_rate_limit_exceed",MFA_RECOVERY_FAILED:"gd_recovery_failed",MFA_RECOVERY_RATE_LIMIT_EXCEED:"gd_recovery_rate_limit_exceed",MFA_RECOVERY_SUCCESS:"gd_recovery_succeed",MFA_EMAIL_SENT:"gd_send_email",EMAIL_VERIFICATION_SENT:"gd_send_email_verification",EMAIL_VERIFICATION_SEND_FAILURE:"gd_send_email_verification_failure",PUSH_NOTIFICATION_SENT:"gd_send_pn",ERROR_SENDING_MFA_PUSH_NOTIFICATION:"gd_send_pn_failure",MFA_SMS_SENT:"gd_send_sms",ERROR_SENDING_MFA_SMS:"gd_send_sms_failure",MFA_VOICE_CALL_SUCCESS:"gd_send_voice",MFA_VOICE_CALL_FAILED:"gd_send_voice_failure",SECOND_FACTOR_STARTED:"gd_start_auth",MFA_ENROLL_STARTED:"gd_start_enroll",MFA_ENROLLMENT_FAILED:"gd_start_enroll_failed",GUARDIAN_TENANT_UPDATE:"gd_tenant_update",UNENROLL_DEVICE_ACCOUNT:"gd_unenroll",UPDATE_DEVICE_ACCOUNT:"gd_update_device_account",WEBAUTHN_CHALLENGE_FAILED:"gd_webauthn_challenge_failed",WEBAUTHN_ENROLLMENT_FAILED:"gd_webauthn_enrollment_failed",FAILED_KMS_API_OPERATION:"kms_key_management_failure",SUCCESS_KMS_API_OPERATION:"kms_key_management_success",KMS_KEY_STATE_CHANGED:"kms_key_state_changed",TOO_MANY_CALLS_TO_DELEGATION:"limit_delegation",BLOCKED_IP_ADDRESS:"limit_mu",BLOCKED_ACCOUNT_IP:"limit_sul",BLOCKED_ACCOUNT_EMAIL:"limit_wc",INFORMATION:"i",MFA_REQUIRED:"mfar",MANAGEMENT_API_READ_OPERATION:"mgmt_api_read",FAILED_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT:"my_account_authentication_method_failed",SUCCESSFUL_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT:"my_account_authentication_method_succeeded",FAILED_OIDC_BACKCHANNEL_LOGOUT:"oidc_backchannel_logout_failed",SUCCESSFUL_OIDC_BACKCHANNEL_LOGOUT:"oidc_backchannel_logout_succeeded",ORGANIZATION_MEMBER_ADDED:"organization_member_added",PASSKEY_CHALLENGE_FAILED:"passkey_challenge_failed",PASSKEY_CHALLENGE_STARTED:"passkey_challenge_started",PRE_LOGIN_ASSESSMENT:"pla",BREACHED_PASSWORD:"pwd_leak",BREACHED_PASSWORD_ON_RESET:"reset_pwd_leak",SUCCESS_RESOURCE_CLEANUP:"resource_cleanup",RICH_CONSENTS_ACCESS_ERROR:"rich_consents_access_error",SUCCESS_LOGIN:"s",SUCCESS_API_OPERATION:"sapi",FAILED_API_OPERATION:"fapi",SUCCESS_CHANGE_EMAIL:"sce",SUCCESS_CROSS_ORIGIN_AUTHENTICATION:"scoa",SUCCESS_CHANGE_PASSWORD:"scp",SUCCESS_CHANGE_PHONE_NUMBER:"scpn",SUCCESS_CHANGE_PASSWORD_REQUEST:"scpr",SUCCESS_CHANGE_USERNAME:"scu",SUCCESS_CREDENTIAL_VALIDATION:"scv",SUCCESS_DELEGATION:"sd",SUCCESS_USER_DELETION:"sdu",SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN:"seacft",SUCCESS_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS:"seccft",SUCCESS_EXCHANGE_CUSTOM_TOKEN:"secte",SUCCESS_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN:"sede",SUCCESS_EXCHANGE_NATIVE_SOCIAL_LOGIN:"sens",SUCCESS_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN:"seoobft",SUCCESS_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN:"seotpft",SUCCESS_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN:"sepotpft",SUCCESS_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN:"sepft",SUCCESS_EXCHANGE_PASSKEY_OOB_FOR_ACCESS_TOKEN:"sepkoobft",SUCCESS_EXCHANGE_PASSKEY_OTP_FOR_ACCESS_TOKEN:"sepkotpft",SUCCESS_EXCHANGE_PASSKEY_MFA_RECOVERY_FOR_ACCESS_TOKEN:"sepkrcft",SUCCESS_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN:"sercft",SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN:"sertft",SUCCESS_IMPERSONATION:"simp",SUCCESSFULLY_ACCEPTED_USER_INVITE:"si",BREACHED_PASSWORD_ON_SIGNUP:"signup_pwd_leak",SUCCESS_LOGOUT:"slo",SUCCESS_HOOK:"sh",SUCCESS_PASSWORD_MIGRATION:"spm",SUCCESS_REVOCATION:"srrt",SUCCESS_SIGNUP:"ss",FAILED_SS_SSO_OPERATION:"ss_sso_failure",INFORMATION_FROM_SS_SSO_OPERATION:"ss_sso_info",SUCCESS_SS_SSO_OPERATION:"ss_sso_success",SUCCESS_SILENT_AUTH:"ssa",SUCCESSFUL_SCIM_OPERATION:"sscim",SUCCESSFULLY_IMPORTED_USERS:"sui",SUCCESS_VERIFICATION_EMAIL:"sv",SUCCESS_VERIFICATION_EMAIL_REQUEST:"svr",MAX_AMOUNT_OF_AUTHENTICATORS:"too_many_records",USER_LOGIN_BLOCK_RELEASED:"ublkdu",FAILED_UNIVERSAL_LOGOUT:"universal_logout_failed",SUCCESSFUL_UNIVERSAL_LOGOUT:"universal_logout_succeeded",WARNING_DURING_LOGIN:"w",WARNING_SENDING_NOTIFICATION:"wn",WARNING_USER_MANAGEMENT:"wum"},rR=s.z.string().refine(e=>Object.values(T).includes(e),{message:"Invalid log type"}),RT={[T.ACLS_SUMMARY]:"ACLs Summary",[T.ACTIONS_EXECUTION_FAILED]:"Actions Execution Failed",[T.API_LIMIT]:"API Rate Limit Reached",[T.API_LIMIT_WARNING]:"API Rate Limit Warning",[T.APPI]:"API Operation",[T.CIBA_EXCHANGE_FAILED]:"CIBA Exchange Failed",[T.CIBA_EXCHANGE_SUCCEEDED]:"CIBA Exchange Succeeded",[T.CIBA_START_FAILED]:"CIBA Start Failed",[T.CIBA_START_SUCCEEDED]:"CIBA Start Succeeded",[T.CODE_LINK_SENT]:"Code/Link Sent",[T.CODE_SENT]:"Code Sent",[T.DEPRECATION_NOTICE]:"Deprecation Notice",[T.FAILED_LOGIN]:"Failed Login",[T.FAILED_BY_CONNECTOR]:"Failed by Connector",[T.FAILED_CHANGE_EMAIL]:"Failed Change Email",[T.FAILED_BY_CORS]:"Failed by CORS",[T.FAILED_CROSS_ORIGIN_AUTHENTICATION]:"Failed Cross Origin Authentication",[T.FAILED_CHANGE_PASSWORD]:"Failed Change Password",[T.FAILED_POST_CHANGE_PASSWORD_HOOK]:"Failed Post-Change Password Hook",[T.FAILED_CHANGE_PHONE_NUMBER]:"Failed Change Phone Number",[T.FAILED_CHANGE_PASSWORD_REQUEST]:"Failed Change Password Request",[T.FAILED_CONNECTOR_PROVISIONING]:"Failed Connector Provisioning",[T.FAILED_CHANGE_USERNAME]:"Failed Change Username",[T.FAILED_DELEGATION]:"Failed Delegation",[T.FAILED_DEVICE_ACTIVATION]:"Failed Device Activation",[T.FAILED_DEVICE_AUTHORIZATION_REQUEST]:"Failed Device Authorization Request",[T.USER_CANCELED_DEVICE_CONFIRMATION]:"User Canceled Device Confirmation",[T.FAILED_USER_DELETION]:"Failed User Deletion",[T.FAILED_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN]:"Failed Exchange Authorization Code for Access Token",[T.FAILED_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS]:"Failed Exchange Access Token for Client Credentials",[T.FAILED_EXCHANGE_CUSTOM_TOKEN]:"Failed Exchange Custom Token",[T.FAILED_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN]:"Failed Exchange Device Code for Access Token",[T.FAILED_FEDERATED_LOGOUT]:"Failed Federated Logout",[T.FAILED_EXCHANGE_NATIVE_SOCIAL_LOGIN]:"Failed Exchange Native Social Login",[T.FAILED_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN]:"Failed Exchange Password OOB for Access Token",[T.FAILED_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN]:"Failed Exchange Password OTP for Access Token",[T.FAILED_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN]:"Failed Exchange Password for Access Token",[T.FAILED_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN]:"Failed Exchange Passwordless OTP for Access Token",[T.FAILED_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN]:"Failed Exchange Password MFA Recovery for Access Token",[T.FAILED_EXCHANGE_ROTATING_REFRESH_TOKEN]:"Failed Exchange Rotating Refresh Token",[T.FAILED_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN]:"Failed Exchange Refresh Token for Access Token",[T.FAILED_HOOK]:"Failed Hook",[T.FAILED_IMPERSONATION]:"Failed Impersonation",[T.FAILED_INVITE_ACCEPT]:"Failed Invite Accept",[T.FAILED_LOGOUT]:"Failed Logout",[T.FLOWS_EXECUTION_COMPLETED]:"Flows Execution Completed",[T.FLOWS_EXECUTION_FAILED]:"Flows Execution Failed",[T.FAILED_SENDING_NOTIFICATION]:"Failed Sending Notification",[T.FORMS_SUBMISSION_FAILED]:"Forms Submission Failed",[T.FORMS_SUBMISSION_SUCCEEDED]:"Forms Submission Succeeded",[T.FAILED_LOGIN_INCORRECT_PASSWORD]:"Failed Login - Incorrect Password",[T.FAILED_PUSHED_AUTHORIZATION_REQUEST]:"Failed Pushed Authorization Request",[T.FAILED_POST_USER_REGISTRATION_HOOK]:"Failed Post-User Registration Hook",[T.FAILED_SIGNUP]:"Failed Signup",[T.FAILED_SILENT_AUTH]:"Failed Silent Auth",[T.FAILED_LOGIN_INVALID_EMAIL_USERNAME]:"Failed Login - Invalid Email/Username",[T.FAILED_USERS_IMPORT]:"Failed Users Import",[T.FAILED_VERIFICATION_EMAIL]:"Failed Verification Email",[T.FAILED_VERIFICATION_EMAIL_REQUEST]:"Failed Verification Email Request",[T.EMAIL_VERIFICATION_CONFIRMED]:"Email Verification Confirmed",[T.EMAIL_VERIFICATION_FAILED]:"Email Verification Failed",[T.MFA_AUTH_FAILED]:"MFA Auth Failed",[T.MFA_AUTH_REJECTED]:"MFA Auth Rejected",[T.MFA_AUTH_SUCCESS]:"MFA Auth Success",[T.MFA_ENROLLMENT_COMPLETE]:"MFA Enrollment Complete",[T.TOO_MANY_MFA_FAILURES]:"Too Many MFA Failures",[T.MFA_RECOVERY_FAILED]:"MFA Recovery Failed",[T.MFA_RECOVERY_RATE_LIMIT_EXCEED]:"MFA Recovery Rate Limit Exceeded",[T.MFA_RECOVERY_SUCCESS]:"MFA Recovery Success",[T.MFA_EMAIL_SENT]:"MFA Email Sent",[T.EMAIL_VERIFICATION_SENT]:"Email Verification Sent",[T.EMAIL_VERIFICATION_SEND_FAILURE]:"Email Verification Send Failure",[T.PUSH_NOTIFICATION_SENT]:"Push Notification Sent",[T.ERROR_SENDING_MFA_PUSH_NOTIFICATION]:"Error Sending MFA Push Notification",[T.MFA_SMS_SENT]:"MFA SMS Sent",[T.ERROR_SENDING_MFA_SMS]:"Error Sending MFA SMS",[T.MFA_VOICE_CALL_SUCCESS]:"MFA Voice Call Success",[T.MFA_VOICE_CALL_FAILED]:"MFA Voice Call Failed",[T.SECOND_FACTOR_STARTED]:"Second Factor Started",[T.MFA_ENROLL_STARTED]:"MFA Enroll Started",[T.MFA_ENROLLMENT_FAILED]:"MFA Enrollment Failed",[T.GUARDIAN_TENANT_UPDATE]:"Guardian Tenant Update",[T.UNENROLL_DEVICE_ACCOUNT]:"Unenroll Device Account",[T.UPDATE_DEVICE_ACCOUNT]:"Update Device Account",[T.WEBAUTHN_CHALLENGE_FAILED]:"WebAuthn Challenge Failed",[T.WEBAUTHN_ENROLLMENT_FAILED]:"WebAuthn Enrollment Failed",[T.FAILED_KMS_API_OPERATION]:"Failed KMS API Operation",[T.SUCCESS_KMS_API_OPERATION]:"Success KMS API Operation",[T.KMS_KEY_STATE_CHANGED]:"KMS Key State Changed",[T.TOO_MANY_CALLS_TO_DELEGATION]:"Too Many Calls to Delegation",[T.BLOCKED_IP_ADDRESS]:"Blocked IP Address",[T.BLOCKED_ACCOUNT_IP]:"Blocked Account (IP)",[T.BLOCKED_ACCOUNT_EMAIL]:"Blocked Account (Email)",[T.INFORMATION]:"Information",[T.MFA_REQUIRED]:"MFA Required",[T.MANAGEMENT_API_READ_OPERATION]:"Management API Read Operation",[T.FAILED_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT]:"Failed Authentication Method Operation (My Account)",[T.SUCCESSFUL_AUTHENTICATION_METHOD_OPERATION_MY_ACCOUNT]:"Successful Authentication Method Operation (My Account)",[T.FAILED_OIDC_BACKCHANNEL_LOGOUT]:"Failed OIDC Backchannel Logout",[T.SUCCESSFUL_OIDC_BACKCHANNEL_LOGOUT]:"Successful OIDC Backchannel Logout",[T.ORGANIZATION_MEMBER_ADDED]:"Organization Member Added",[T.PASSKEY_CHALLENGE_FAILED]:"Passkey Challenge Failed",[T.PASSKEY_CHALLENGE_STARTED]:"Passkey Challenge Started",[T.PRE_LOGIN_ASSESSMENT]:"Pre-Login Assessment",[T.BREACHED_PASSWORD]:"Breached Password",[T.BREACHED_PASSWORD_ON_RESET]:"Breached Password on Reset",[T.SUCCESS_RESOURCE_CLEANUP]:"Success Resource Cleanup",[T.RICH_CONSENTS_ACCESS_ERROR]:"Rich Consents Access Error",[T.SUCCESS_LOGIN]:"Success Login",[T.SUCCESS_API_OPERATION]:"Success API Operation",[T.FAILED_API_OPERATION]:"Failed API Operation",[T.SUCCESS_CHANGE_EMAIL]:"Success Change Email",[T.SUCCESS_CROSS_ORIGIN_AUTHENTICATION]:"Success Cross Origin Authentication",[T.SUCCESS_CHANGE_PASSWORD]:"Success Change Password",[T.SUCCESS_CHANGE_PHONE_NUMBER]:"Success Change Phone Number",[T.SUCCESS_CHANGE_PASSWORD_REQUEST]:"Success Change Password Request",[T.SUCCESS_CHANGE_USERNAME]:"Success Change Username",[T.SUCCESS_CREDENTIAL_VALIDATION]:"Success Credential Validation",[T.SUCCESS_DELEGATION]:"Success Delegation",[T.SUCCESS_USER_DELETION]:"Success User Deletion",[T.SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN]:"Success Exchange Authorization Code for Access Token",[T.SUCCESS_EXCHANGE_ACCESS_TOKEN_FOR_CLIENT_CREDENTIALS]:"Success Exchange Access Token for Client Credentials",[T.SUCCESS_EXCHANGE_CUSTOM_TOKEN]:"Success Exchange Custom Token",[T.SUCCESS_EXCHANGE_DEVICE_CODE_FOR_ACCESS_TOKEN]:"Success Exchange Device Code for Access Token",[T.SUCCESS_EXCHANGE_NATIVE_SOCIAL_LOGIN]:"Success Exchange Native Social Login",[T.SUCCESS_EXCHANGE_PASSWORD_OOB_FOR_ACCESS_TOKEN]:"Success Exchange Password OOB for Access Token",[T.SUCCESS_EXCHANGE_PASSWORD_OTP_FOR_ACCESS_TOKEN]:"Success Exchange Password OTP for Access Token",[T.SUCCESS_EXCHANGE_PASSWORDLESS_OTP_FOR_ACCESS_TOKEN]:"Success Exchange Passwordless OTP for Access Token",[T.SUCCESS_EXCHANGE_PASSWORD_FOR_ACCESS_TOKEN]:"Success Exchange Password for Access Token",[T.SUCCESS_EXCHANGE_PASSKEY_OOB_FOR_ACCESS_TOKEN]:"Success Exchange Passkey OOB for Access Token",[T.SUCCESS_EXCHANGE_PASSKEY_OTP_FOR_ACCESS_TOKEN]:"Success Exchange Passkey OTP for Access Token",[T.SUCCESS_EXCHANGE_PASSKEY_MFA_RECOVERY_FOR_ACCESS_TOKEN]:"Success Exchange Passkey MFA Recovery for Access Token",[T.SUCCESS_EXCHANGE_PASSWORD_MFA_RECOVERY_FOR_ACCESS_TOKEN]:"Success Exchange Password MFA Recovery for Access Token",[T.SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN]:"Success Exchange Refresh Token for Access Token",[T.SUCCESS_IMPERSONATION]:"Success Impersonation",[T.SUCCESSFULLY_ACCEPTED_USER_INVITE]:"Successfully Accepted User Invite",[T.BREACHED_PASSWORD_ON_SIGNUP]:"Breached Password on Signup",[T.SUCCESS_LOGOUT]:"Success Logout",[T.SUCCESS_HOOK]:"Success Hook",[T.SUCCESS_PASSWORD_MIGRATION]:"Success Password Migration",[T.SUCCESS_REVOCATION]:"Success Revocation",[T.SUCCESS_SIGNUP]:"Success Signup",[T.FAILED_SS_SSO_OPERATION]:"Failed SS SSO Operation",[T.INFORMATION_FROM_SS_SSO_OPERATION]:"Information from SS SSO Operation",[T.SUCCESS_SS_SSO_OPERATION]:"Success SS SSO Operation",[T.SUCCESS_SILENT_AUTH]:"Success Silent Auth",[T.SUCCESSFUL_SCIM_OPERATION]:"Successful SCIM Operation",[T.SUCCESSFULLY_IMPORTED_USERS]:"Successfully Imported Users",[T.SUCCESS_VERIFICATION_EMAIL]:"Success Verification Email",[T.SUCCESS_VERIFICATION_EMAIL_REQUEST]:"Success Verification Email Request",[T.MAX_AMOUNT_OF_AUTHENTICATORS]:"Max Amount of Authenticators",[T.USER_LOGIN_BLOCK_RELEASED]:"User Login Block Released",[T.FAILED_UNIVERSAL_LOGOUT]:"Failed Universal Logout",[T.SUCCESSFUL_UNIVERSAL_LOGOUT]:"Successful Universal Logout",[T.WARNING_DURING_LOGIN]:"Warning During Login",[T.WARNING_SENDING_NOTIFICATION]:"Warning Sending Notification",[T.WARNING_USER_MANAGEMENT]:"Warning User Management"},jT=(()=>{const e={};for(const[t,n]of Object.entries(T))t.startsWith("SUCCESS_")||t.startsWith("SUCCESSFUL_")||t.startsWith("SUCCESSFULLY_")||t.endsWith("_SUCCEEDED")||t.endsWith("_COMPLETED")?e[n]="success":t.startsWith("FAILED_")||t.startsWith("ERROR_")||t.startsWith("BREACHED_")||t.startsWith("BLOCKED_")||t==="MFA_AUTH_FAILED"||t==="MFA_AUTH_REJECTED"||t==="MFA_RECOVERY_FAILED"||t==="MFA_ENROLLMENT_FAILED"||t==="EMAIL_VERIFICATION_FAILED"||t==="WEBAUTHN_CHALLENGE_FAILED"||t==="WEBAUTHN_ENROLLMENT_FAILED"||t==="PASSKEY_CHALLENGE_FAILED"||t==="FLOWS_EXECUTION_FAILED"||t==="FORMS_SUBMISSION_FAILED"||t==="CIBA_EXCHANGE_FAILED"||t==="CIBA_START_FAILED"||t==="ACTIONS_EXECUTION_FAILED"||t==="RICH_CONSENTS_ACCESS_ERROR"||t==="USER_CANCELED_DEVICE_CONFIRMATION"||t==="TOO_MANY_MFA_FAILURES"||t==="MFA_RECOVERY_RATE_LIMIT_EXCEED"||t==="API_LIMIT"||t==="MAX_AMOUNT_OF_AUTHENTICATORS"?e[n]="failure":t.startsWith("WARNING_")||t==="API_LIMIT_WARNING"||t==="DEPRECATION_NOTICE"||t==="PRE_LOGIN_ASSESSMENT"?e[n]="warning":t==="CODE_SENT"||t==="CODE_LINK_SENT"||t==="MFA_EMAIL_SENT"||t==="MFA_SMS_SENT"||t==="EMAIL_VERIFICATION_SENT"||t==="PUSH_NOTIFICATION_SENT"?e[n]="code_sent":t==="INFORMATION"||t==="INFORMATION_FROM_SS_SSO_OPERATION"||t==="MANAGEMENT_API_READ_OPERATION"||t==="APPI"||t==="ACLS_SUMMARY"||t==="ORGANIZATION_MEMBER_ADDED"?e[n]="info":e[n]="other";return e})();function oR(e){return RT[e]??e}function sR(e){return jT[e]??"other"}const DT=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.object({node:s.z.string().optional()}).optional()}),LT=s.z.object({country_code:s.z.string().length(2),city_name:s.z.string(),latitude:s.z.string(),longitude:s.z.string(),time_zone:s.z.string(),continent_code:s.z.string()}),BT=s.z.object({type:rR,date:s.z.string(),description:s.z.string().optional(),ip:s.z.string().optional(),user_agent:s.z.string().optional(),details:s.z.any().optional(),isMobile:s.z.boolean(),user_id:s.z.string().optional(),user_name:s.z.string().optional(),connection:s.z.string().optional(),connection_id:s.z.string().optional(),client_id:s.z.string().optional(),client_name:s.z.string().optional(),audience:s.z.string().optional(),scope:s.z.string().optional(),strategy:s.z.string().optional(),strategy_type:s.z.string().optional(),hostname:s.z.string().optional(),auth0_client:DT.optional(),log_id:s.z.string().optional(),location_info:LT.optional()}),Ra=s.z.object({...BT.shape,log_id:s.z.string()}),MT=s.z.enum(["http","eventbridge","eventgrid","splunk","datadog","sumo"]),hv=s.z.enum(["active","paused","suspended"]),UT=s.z.object({type:s.z.string(),name:s.z.string()}),gv=s.z.object({name:s.z.string(),type:MT,status:hv.optional(),sink:s.z.record(s.z.string(),s.z.unknown()),filters:s.z.array(UT).optional(),isPriority:s.z.boolean().optional()}),Xs=gv.extend({id:s.z.string(),status:hv,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),qT=s.z.enum(["auth0","cognito","okta","oidc"]),HT=s.z.object({domain:s.z.string(),client_id:s.z.string(),client_secret:s.z.string(),audience:s.z.string().optional(),scope:s.z.string().optional()}),Up=s.z.object({id:s.z.string().optional(),name:s.z.string(),provider:qT,connection:s.z.string(),enabled:s.z.boolean().default(!0),credentials:HT}),xy=s.z.object({id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}).extend(Up.shape),ha=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),admin_notification_frequency:s.z.array(s.z.string()).optional(),method:s.z.string().optional(),stage:s.z.object({"pre-user-registration":s.z.object({shields:s.z.array(s.z.string()).optional()}).optional(),"pre-change-password":s.z.object({shields:s.z.array(s.z.string()).optional()}).optional()}).optional()}),ga=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional(),mode:s.z.string().optional(),max_attempts:s.z.number().optional()}),ma=s.z.object({enabled:s.z.boolean().optional(),shields:s.z.array(s.z.string()).optional(),allowlist:s.z.array(s.z.string()).optional(),stage:s.z.object({"pre-login":s.z.object({max_attempts:s.z.number().optional(),rate:s.z.number().optional()}).optional(),"pre-user-registration":s.z.object({max_attempts:s.z.number().optional(),rate:s.z.number().optional()}).optional()}).optional()}),VT=s.z.object({breached_password_detection:ha.optional(),brute_force_protection:ga.optional(),suspicious_ip_throttling:ma.optional()}),KT=s.z.object({id:s.z.string().optional(),user_id:s.z.string(),password:s.z.string(),algorithm:s.z.enum(["bcrypt","argon2id"]).default("argon2id"),is_current:s.z.boolean().default(!0)}),aR=KT.extend({id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}),GT=s.z.object({initial_user_agent:s.z.string().describe("First user agent of the device from which this user logged in"),initial_ip:s.z.string().describe("First IP address associated with this session"),initial_asn:s.z.string().describe("First autonomous system number associated with this session"),last_user_agent:s.z.string().describe("Last user agent of the device from which this user logged in"),last_ip:s.z.string().describe("Last IP address from which this user logged in"),last_asn:s.z.string().describe("Last autonomous system number from which this user logged in")}),WT=s.z.object({id:s.z.string(),revoked_at:s.z.string().optional(),used_at:s.z.string().optional(),user_id:s.z.string().describe("The user ID associated with the session"),expires_at:s.z.string().optional(),login_session_id:s.z.string(),idle_expires_at:s.z.string().optional(),device:GT.describe("Metadata related to the device used in the session"),clients:s.z.array(s.z.string()).describe("List of client details for the session")}),Th=s.z.object({created_at:s.z.string(),updated_at:s.z.string(),authenticated_at:s.z.string(),last_interaction_at:s.z.string(),...WT.shape}),Iy=s.z.object({kid:s.z.string().openapi({description:"The key id of the signing key"}),tenant_id:s.z.string().optional().openapi({description:"The tenant the key belongs to. Omitted means the key is shared / control-plane scoped."}),cert:s.z.string().openapi({description:"The public certificate of the signing key"}),fingerprint:s.z.string().openapi({description:"The cert fingerprint"}),thumbprint:s.z.string().openapi({description:"The cert thumbprint"}),pkcs7:s.z.string().optional().openapi({description:"The private key in pkcs7 format"}),current:s.z.boolean().optional().openapi({description:"True if the key is the current key"}),next:s.z.boolean().optional().openapi({description:"True if the key is the next key"}),previous:s.z.boolean().optional().openapi({description:"True if the key is the previous key"}),current_since:s.z.string().optional().openapi({description:"The date and time when the key became the current key"}),current_until:s.z.string().optional().openapi({description:"The date and time when the current key was rotated"}),revoked:s.z.boolean().optional().openapi({description:"True if the key is revoked"}),revoked_at:s.z.string().optional().openapi({description:"The date and time when the key was revoked"}),connection:s.z.string().optional().openapi({description:"The connection identifier associated with the key"}),type:s.z.enum(["jwt_signing","saml_encryption"]).openapi({description:"The type of the signing key"})}),mv=s.z.object({id:s.z.string().optional(),audience:s.z.string(),friendly_name:s.z.string(),picture_url:s.z.string().optional(),support_email:s.z.string().optional(),support_url:s.z.string().optional(),sender_email:s.z.string().email(),sender_name:s.z.string(),session_lifetime:s.z.number().optional(),idle_session_lifetime:s.z.number().optional(),ephemeral_session_lifetime:s.z.number().optional(),idle_ephemeral_session_lifetime:s.z.number().optional(),session_cookie:s.z.object({mode:s.z.enum(["persistent","non-persistent"]).optional()}).optional(),allowed_logout_urls:s.z.array(s.z.string()).optional(),default_redirection_uri:s.z.string().optional(),default_client_id:s.z.string().optional(),enabled_locales:s.z.array(s.z.string()).optional(),default_directory:s.z.string().optional(),error_page:s.z.object({html:s.z.string().optional(),show_log_link:s.z.boolean().optional(),url:s.z.string().optional()}).nullish(),flags:s.z.object({allow_changing_enable_sso:s.z.boolean().optional(),allow_legacy_delegation_grant_types:s.z.boolean().optional(),allow_legacy_ro_grant_types:s.z.boolean().optional(),allow_legacy_tokeninfo_endpoint:s.z.boolean().optional(),change_pwd_flow_v1:s.z.boolean().optional(),custom_domains_provisioning:s.z.boolean().optional(),dashboard_insights_view:s.z.boolean().optional(),dashboard_log_streams_next:s.z.boolean().optional(),disable_clickjack_protection_headers:s.z.boolean().optional(),disable_fields_map_fix:s.z.boolean().optional(),disable_impersonation:s.z.boolean().optional(),disable_management_api_sms_obfuscation:s.z.boolean().optional(),enable_adfs_waad_email_verification:s.z.boolean().optional(),enable_apis_section:s.z.boolean().optional(),enable_client_connections:s.z.boolean().optional(),enable_custom_domain_in_emails:s.z.boolean().optional(),enable_dynamic_client_registration:s.z.boolean().optional(),dcr_require_initial_access_token:s.z.boolean().optional(),dcr_allowed_grant_types:s.z.array(s.z.string()).optional(),allow_http_return_to:s.z.array(s.z.string().refine(e=>{try{const t=new URL(e);return t.protocol==="http:"&&(t.pathname===""||t.pathname==="/")&&!t.search&&!t.hash&&e===t.origin}catch{return!1}},{message:"must be a fully-qualified http origin (scheme + host + port, no path)"})).optional(),enable_idtoken_api2:s.z.boolean().optional(),enable_legacy_logs_search_v2:s.z.boolean().optional(),enable_legacy_profile:s.z.boolean().optional(),enable_pipeline2:s.z.boolean().optional(),enable_public_signup_user_exists_error:s.z.boolean().optional(),enable_sso:s.z.boolean().optional(),enforce_client_authentication_on_passwordless_start:s.z.boolean().optional(),genai_trial:s.z.boolean().optional(),improved_signup_bot_detection_in_classic:s.z.boolean().optional(),mfa_show_factor_list_on_enrollment:s.z.boolean().optional(),no_disclose_enterprise_connections:s.z.boolean().optional(),remove_alg_from_jwks:s.z.boolean().optional(),revoke_refresh_token_grant:s.z.boolean().optional(),trust_azure_adfs_email_verified_connection_property:s.z.boolean().optional(),use_scope_descriptions_for_consent:s.z.boolean().optional(),inherit_global_permissions_in_organizations:s.z.boolean().optional()}).optional(),sandbox_version:s.z.string().optional(),legacy_sandbox_version:s.z.string().optional(),sandbox_versions_available:s.z.array(s.z.string()).optional(),change_password:s.z.object({enabled:s.z.boolean().optional(),html:s.z.string().optional()}).optional(),guardian_mfa_page:s.z.object({enabled:s.z.boolean().optional(),html:s.z.string().optional()}).optional(),device_flow:s.z.object({charset:s.z.enum(["base20","digits"]).optional(),mask:s.z.string().max(20).optional()}).optional(),default_token_quota:s.z.object({clients:s.z.object({client_credentials:s.z.record(s.z.any()).optional()}).optional(),organizations:s.z.object({client_credentials:s.z.record(s.z.any()).optional()}).optional()}).nullish(),default_audience:s.z.string().optional(),default_organization:s.z.string().optional(),sessions:s.z.object({oidc_logout_prompt_enabled:s.z.boolean().optional()}).optional(),oidc_logout:s.z.object({rp_logout_end_session_endpoint_discovery:s.z.boolean().optional()}).optional(),allow_organization_name_in_authentication_api:s.z.boolean().optional(),customize_mfa_in_postlogin_action:s.z.boolean().optional(),acr_values_supported:s.z.array(s.z.string()).optional(),mtls:s.z.object({enable_endpoint_aliases:s.z.boolean().optional()}).nullish(),pushed_authorization_requests_supported:s.z.boolean().optional(),authorization_response_iss_parameter_supported:s.z.boolean().optional(),attack_protection:VT.optional(),mfa:s.z.object({policy:s.z.enum(["never","always"]).default("never").optional(),factors:s.z.object({sms:s.z.boolean().default(!1),otp:s.z.boolean().default(!1),email:s.z.boolean().default(!1),push_notification:s.z.boolean().default(!1),webauthn_roaming:s.z.boolean().default(!1),webauthn_platform:s.z.boolean().default(!1),recovery_code:s.z.boolean().default(!1),duo:s.z.boolean().default(!1)}).optional(),sms_provider:s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"]).optional()}).optional(),twilio:s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}).optional(),phone_message:s.z.object({message:s.z.string().optional()}).optional()}).optional()}),qp=s.z.object({created_at:s.z.string().nullable().transform(e=>e??""),updated_at:s.z.string().nullable().transform(e=>e??""),...mv.shape,id:s.z.string(),is_control_plane:s.z.boolean().optional()});var nn=(e=>(e.RefreshToken="refresh_token",e.AuthorizationCode="authorization_code",e.ClientCredential="client_credentials",e.Passwordless="passwordless",e.Password="password",e.OTP="http://auth0.com/oauth/grant-type/passwordless/otp",e))(nn||{});const yv=s.z.object({access_token:s.z.string(),id_token:s.z.string().optional(),scope:s.z.string().optional(),state:s.z.string().optional(),refresh_token:s.z.string().optional(),token_type:s.z.string(),expires_in:s.z.number()});s.z.object({code:s.z.string(),state:s.z.string().optional()});const JT=s.z.object({button_border_radius:s.z.number(),button_border_weight:s.z.number(),buttons_style:s.z.enum(["pill","rounded","sharp"]),input_border_radius:s.z.number(),input_border_weight:s.z.number(),inputs_style:s.z.enum(["pill","rounded","sharp"]),show_widget_shadow:s.z.boolean(),widget_border_weight:s.z.number(),widget_corner_radius:s.z.number()}),YT=s.z.object({base_focus_color:s.z.string(),base_hover_color:s.z.string(),body_text:s.z.string(),captcha_widget_theme:s.z.enum(["auto","dark","light"]),error:s.z.string(),header:s.z.string(),icons:s.z.string(),input_background:s.z.string(),input_border:s.z.string(),input_filled_text:s.z.string(),input_labels_placeholders:s.z.string(),links_focused_components:s.z.string(),primary_button:s.z.string(),primary_button_label:s.z.string(),secondary_button_border:s.z.string(),secondary_button_label:s.z.string(),success:s.z.string(),widget_background:s.z.string(),widget_border:s.z.string()}),No=s.z.object({bold:s.z.boolean(),size:s.z.number()}),QT=s.z.object({body_text:No,buttons_text:No,font_url:s.z.string(),input_labels:No,links:No,links_style:s.z.enum(["normal","underlined"]),reference_text_size:s.z.number(),subtitle:No,title:No}),ZT=s.z.object({background_color:s.z.string(),background_image_url:s.z.string(),page_layout:s.z.enum(["center","left","right"]),logo_placement:s.z.enum(["widget","chip","none"]).optional()}),XT=s.z.object({header_text_alignment:s.z.enum(["center","left","right"]),logo_height:s.z.number(),logo_position:s.z.enum(["center","left","none","right"]),logo_url:s.z.string(),social_buttons_layout:s.z.enum(["bottom","top"])}),ex=s.z.object({borders:JT,colors:YT,displayName:s.z.string(),fonts:QT,page_background:ZT,widget:XT}),up=ex.extend({themeId:s.z.string()}),Qo=s.z.object({universal_login_experience:s.z.enum(["new","classic"]).default("new"),identifier_first:s.z.boolean().default(!0),password_first:s.z.boolean().default(!1),webauthn_platform_first_factor:s.z.boolean()}),ea=s.z.object({name:s.z.string(),enabled:s.z.boolean().optional().default(!0),default_from_address:s.z.string().optional(),credentials:s.z.record(s.z.string(),s.z.unknown()),settings:s.z.object({}).optional()}),_v=s.z.enum(["verify_email","verify_email_by_code","reset_email","reset_email_by_code","welcome_email","blocked_account","stolen_credentials","enrollment_email","mfa_oob_code","change_password","password_reset","user_invitation"]),Mr=s.z.object({template:_v,body:s.z.string(),from:s.z.string(),subject:s.z.string(),syntax:s.z.literal("liquid").default("liquid"),resultUrl:s.z.string().optional(),urlLifetimeInSeconds:s.z.number().int().nonnegative().optional(),includeEmailInRedirect:s.z.boolean().default(!1),enabled:s.z.boolean().default(!0)}),wv=s.z.object({id:s.z.string(),login_id:s.z.string(),user_id:s.z.string(),client_id:s.z.string(),expires_at:s.z.string().optional(),idle_expires_at:s.z.string().optional(),last_exchanged_at:s.z.string().optional(),device:GT,resource_servers:s.z.array(s.z.object({audience:s.z.string(),scopes:s.z.string()})),rotating:s.z.boolean(),token_lookup:s.z.string().optional(),token_hash:s.z.string().optional(),family_id:s.z.string().optional(),rotated_to:s.z.string().optional(),rotated_at:s.z.string().optional()}),cR=s.z.object({created_at:s.z.string(),revoked_at:s.z.string().optional(),...wv.shape}),lR=s.z.object({to:s.z.string(),message:s.z.string()}),dR=s.z.object({name:s.z.string(),options:s.z.object({})}),tx=s.z.object({value:s.z.string(),description:s.z.string().optional()}),nx=s.z.object({token_dialect:s.z.enum(["access_token","access_token_authz"]).optional(),enforce_policies:s.z.boolean().optional(),allow_skipping_userinfo:s.z.boolean().optional(),skip_userinfo:s.z.boolean().optional(),persist_client_authorization:s.z.boolean().optional(),enable_introspection_endpoint:s.z.boolean().optional(),mtls:s.z.object({bound_access_tokens:s.z.boolean().optional()}).optional()}),Hp=s.z.object({id:s.z.string().optional(),name:s.z.string(),identifier:s.z.string(),scopes:s.z.array(tx).optional(),signing_alg:s.z.string().optional(),signing_secret:s.z.string().optional(),token_lifetime:s.z.number().default(86400),token_lifetime_for_web:s.z.number().default(7200),skip_consent_for_verifiable_first_party_clients:s.z.boolean().optional(),allow_offline_access:s.z.boolean().optional(),verificationKey:s.z.string().optional(),options:nx.optional(),is_system:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional()}),Vo=s.z.object({...Hp.shape,created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),uR=s.z.array(Vo),ix=s.z.object({role_id:s.z.string(),resource_server_identifier:s.z.string(),permission_name:s.z.string()}),vv=s.z.object({...ix.shape,created_at:s.z.string()}),rx=s.z.array(vv),ox=s.z.object({user_id:s.z.string(),resource_server_identifier:s.z.string(),permission_name:s.z.string(),organization_id:s.z.string().optional()}),sx=s.z.object({...ox.shape,tenant_id:s.z.string(),created_at:s.z.string().optional()}),pR=s.z.array(sx),ax=s.z.object({user_id:s.z.string(),resource_server_identifier:s.z.string(),resource_server_name:s.z.string(),permission_name:s.z.string(),description:s.z.string().nullable().optional(),created_at:s.z.string().optional(),organization_id:s.z.string().optional()}),cx=s.z.array(ax),lx=s.z.object({user_id:s.z.string(),role_id:s.z.string(),organization_id:s.z.string().optional()}),dx=s.z.object({...lx.shape,tenant_id:s.z.string(),created_at:s.z.string().optional()}),fR=s.z.array(dx),Vp=s.z.object({id:s.z.string().optional().openapi({description:"The unique identifier of the role. If not provided, one will be generated."}),name:s.z.string().min(1).max(50).openapi({description:"The name of the role. Cannot include '<' or '>'"}),description:s.z.string().max(255).optional().openapi({description:"The description of the role"}),is_system:s.z.boolean().optional(),metadata:s.z.record(s.z.any()).optional().openapi({description:"Metadata associated with the role. Can be used to control sync behavior in multi-tenancy scenarios."})}),Ko=Vp.extend({id:s.z.string().openapi({description:"The unique identifier of the role"}),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),Kp=s.z.array(Ko),ux=s.z.object({logo_url:s.z.string().optional().openapi({description:"URL of the organization's logo"}),colors:s.z.object({primary:s.z.string().optional().openapi({description:"Primary color in hex format (e.g., #FF0000)"}),page_background:s.z.string().optional().openapi({description:"Page background color in hex format (e.g., #FFFFFF)"})}).optional()}).optional(),px=s.z.object({connection_id:s.z.string().openapi({description:"ID of the connection"}),assign_membership_on_login:s.z.boolean().default(!1).openapi({description:"Whether to assign membership to the organization on login"}),show_as_button:s.z.boolean().default(!0).openapi({description:"Whether to show this connection as a button in the login screen"}),is_signup_enabled:s.z.boolean().default(!0).openapi({description:"Whether signup is enabled for this connection"})}),fx=s.z.object({client_credentials:s.z.object({enforce:s.z.boolean().default(!1).openapi({description:"Whether to enforce token quota limits"}),per_day:s.z.number().min(0).default(0).openapi({description:"Maximum tokens per day (0 = unlimited)"}),per_hour:s.z.number().min(0).default(0).openapi({description:"Maximum tokens per hour (0 = unlimited)"})}).optional()}).optional(),Gp=s.z.object({id:s.z.string().optional(),name:s.z.string().min(1).regex(/^[a-z0-9_-]+$/,{message:"Organization name must be lowercase and can only contain letters, numbers, hyphens, and underscores"}).openapi({description:"The name of the organization. Must be lowercase and can only contain letters, numbers, hyphens, and underscores."}),display_name:s.z.string().optional().openapi({description:"The display name of the organization"}),branding:ux,metadata:s.z.record(s.z.any()).default({}).optional().openapi({description:"Custom metadata for the organization"}),enabled_connections:s.z.array(px).default([]).optional().openapi({description:"List of enabled connections for the organization"}),token_quota:fx}),Vr=s.z.object({...Gp.shape,...qn.shape,id:s.z.string(),name:s.z.string().min(1).openapi({description:"The name of the organization"})}),Wp=s.z.object({connection_id:s.z.string().openapi({description:"ID of the tenant-level connection to enable for the org."}),assign_membership_on_login:s.z.boolean().optional().default(!1),show_as_button:s.z.boolean().optional().default(!0),is_signup_enabled:s.z.boolean().optional().default(!0)}),ya=s.z.object({...Wp.shape,connection:s.z.object({name:s.z.string().optional(),strategy:s.z.string().optional()}).optional(),created_at:s.z.string().optional(),updated_at:s.z.string().optional()}),hR=s.z.array(ya),hx=s.z.object({user_id:s.z.string().openapi({description:"ID of the user"}),organization_id:s.z.string().openapi({description:"ID of the organization"})}),gR=s.z.object({...hx.shape,...qn.shape,id:s.z.string()}),mR=s.z.object({idle_session_lifetime:s.z.number().default(72),session_lifetime:s.z.number().default(168),session_cookie:s.z.object({mode:s.z.enum(["persistent","non-persistent"]).optional()}).optional(),enable_client_connections:s.z.boolean().optional(),default_redirection_uri:s.z.string().optional(),enabled_locales:s.z.array(s.z.string()).optional(),default_directory:s.z.string().optional(),error_page:s.z.object({html:s.z.string().optional(),show_log_link:s.z.boolean().optional(),url:s.z.string().optional()}).optional(),flags:s.z.object({allow_legacy_delegation_grant_types:s.z.boolean().optional(),allow_legacy_ro_grant_types:s.z.boolean().optional(),allow_legacy_tokeninfo_endpoint:s.z.boolean().optional(),disable_clickjack_protection_headers:s.z.boolean().optional(),enable_apis_section:s.z.boolean().optional(),enable_client_connections:s.z.boolean().optional(),enable_custom_domain_in_emails:s.z.boolean().optional(),enable_dynamic_client_registration:s.z.boolean().optional(),enable_idtoken_api2:s.z.boolean().optional(),enable_legacy_logs_search_v2:s.z.boolean().optional(),enable_legacy_profile:s.z.boolean().optional(),enable_pipeline2:s.z.boolean().optional(),enable_public_signup_user_exists_error:s.z.boolean().optional(),use_scope_descriptions_for_consent:s.z.boolean().optional(),disable_management_api_sms_obfuscation:s.z.boolean().optional(),enable_adfs_waad_email_verification:s.z.boolean().optional(),revoke_refresh_token_grant:s.z.boolean().optional(),dashboard_log_streams_next:s.z.boolean().optional(),dashboard_insights_view:s.z.boolean().optional(),disable_fields_map_fix:s.z.boolean().optional(),mfa_show_factor_list_on_enrollment:s.z.boolean().optional()}).optional(),friendly_name:s.z.string().optional(),picture_url:s.z.string().optional(),support_email:s.z.string().optional(),support_url:s.z.string().optional(),sandbox_version:s.z.string().optional(),sandbox_versions_available:s.z.array(s.z.string()).optional(),change_password:s.z.object({enabled:s.z.boolean(),html:s.z.string()}).optional(),guardian_mfa_page:s.z.object({enabled:s.z.boolean(),html:s.z.string()}).optional(),default_audience:s.z.string().optional(),default_organization:s.z.string().optional(),sessions:s.z.object({oidc_logout_prompt_enabled:s.z.boolean().optional()}).optional(),mfa:s.z.object({policy:s.z.enum(["never","always"]).default("never").optional(),factors:s.z.object({sms:s.z.boolean().default(!1),otp:s.z.boolean().default(!1),email:s.z.boolean().default(!1),push_notification:s.z.boolean().default(!1),webauthn_roaming:s.z.boolean().default(!1),webauthn_platform:s.z.boolean().default(!1),recovery_code:s.z.boolean().default(!1),duo:s.z.boolean().default(!1)}).optional(),sms_provider:s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"]).optional()}).optional(),twilio:s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}).optional(),phone_message:s.z.object({message:s.z.string().optional()}).optional()}).optional()}),gx=s.z.object({date:s.z.string().openapi({description:"Date these events occurred in ISO 8601 format",example:"2025-12-19"}),logins:s.z.number().openapi({description:"Number of logins on this date",example:150}),signups:s.z.number().openapi({description:"Number of signups on this date",example:25}),leaked_passwords:s.z.number().openapi({description:"Number of breached-password detections on this date (subscription required)",example:0}),updated_at:s.z.string().openapi({description:"Date and time this stats entry was last updated in ISO 8601 format",example:"2025-12-19T10:30:00.000Z"}),created_at:s.z.string().openapi({description:"Approximate date and time the first event occurred in ISO 8601 format",example:"2025-12-19T00:00:00.000Z"})}),yR=s.z.number().openapi({description:"Number of active users in the last 30 days",example:1234}),_R=s.z.enum(["active-users","logins","signups","refresh-tokens","sessions"]),wR=s.z.enum(["hour","day","week","month"]),vR=s.z.enum(["time","connection","client_id","user_type","event"]),bR=s.z.enum(["password","social","passwordless","enterprise"]),mx=s.z.object({name:s.z.string(),type:s.z.string()}),yx=s.z.object({elapsed:s.z.number(),rows_read:s.z.number().optional(),bytes_read:s.z.number().optional()}),_x=s.z.object({meta:s.z.array(mx),data:s.z.array(s.z.record(s.z.string(),s.z.any())),rows:s.z.number(),rows_before_limit_at_least:s.z.number().optional(),statistics:yx.optional()}),_a=s.z.enum(["login","login-id","login-password","signup","signup-id","signup-password","reset-password","consent","mfa","mfa-push","mfa-otp","mfa-voice","mfa-phone","mfa-webauthn","mfa-email","mfa-recovery-code","status","device-flow","email-verification","email-otp-challenge","organizations","invitation","common","passkeys","captcha","custom-form","login-passwordless","mfa-login-options"]),Ro=s.z.record(s.z.string(),s.z.record(s.z.string(),s.z.string())).openapi({type:"object",additionalProperties:{type:"object",additionalProperties:{type:"string"}}}),AR=s.z.object({prompt:_a,language:s.z.string(),custom_text:Ro}),Y={EMAIL:"email",SMS:"sms",USERNAME_PASSWORD:"Username-Password-Authentication",GOOGLE_OAUTH2:"google-oauth2",APPLE:"apple",FACEBOOK:"facebook",GITHUB:"github",MICROSOFT:"microsoft",VIPPS:"vipps",OIDC:"oidc",OAUTH2:"oauth2",SAMLP:"samlp",WAAD:"waad",ADFS:"adfs"},Gt={DATABASE:"database",SOCIAL:"social",PASSWORDLESS:"passwordless"},wx=s.z.enum(["phone","totp","email","push","webauthn-roaming","webauthn-platform","passkey"]),vx=s.z.object({user_id:s.z.string(),type:wx,phone_number:s.z.string().optional(),totp_secret:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().int().nonnegative().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),confirmed:s.z.boolean().default(!1)});function bx(e,t){e.type==="phone"&&!e.phone_number&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"phone_number is required when type is 'phone'",path:["phone_number"]}),e.type==="totp"&&!e.totp_secret&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"totp_secret is required when type is 'totp'",path:["totp_secret"]}),["webauthn-roaming","webauthn-platform","passkey"].includes(e.type)&&(e.credential_id||t.addIssue({code:s.z.ZodIssueCode.custom,message:`credential_id is required when type is '${e.type}'`,path:["credential_id"]}),e.public_key||t.addIssue({code:s.z.ZodIssueCode.custom,message:`public_key is required when type is '${e.type}'`,path:["public_key"]}))}const kR=vx.superRefine(bx),SR=s.z.object({...vx.shape,id:s.z.string(),created_at:s.z.string(),updated_at:s.z.string()}).superRefine(bx);function ER(e){const[t,n]=e.split("|");if(!t||!n)throw new Error(`Invalid user_id: ${e}`);return{connection:t,id:n}}function CR(e){const{primary:t,secondaries:n,syncMethods:i=["create","rawCreate","update","remove","delete","set"]}=e,r={get(o,a){if(typeof a=="symbol")return o[a];const c=o[a];return typeof c!="function"?c:i.includes(a)?async(...l)=>{const d=await c.apply(o,l),u=[];for(const p of n){const f=p.adapter[a];if(typeof f!="function")continue;const h=(async()=>{try{await f.apply(p.adapter,l)}catch(g){try{p.onError?p.onError(g,a,l):console.error(`Passthrough adapter: secondary write failed for ${a}:`,g)}catch(m){console.error(`Passthrough adapter: onError handler threw for ${a}:`,m)}}})();p.blocking&&u.push(h)}return u.length>0&&await Promise.all(u),d}:c.bind(o)}};return new Proxy(t,r)}function TR(e){return e}function Es(e){var t,n,i,r,o,a,c,l,d,u,p,f;const h=e?.options;if(!h)return{usernameIdentifierActive:!1,emailIdentifierActive:!0,usernameMinLength:1,usernameMaxLength:15};const g=h.attributes;if(g){const m=((n=(t=g.username)==null?void 0:t.identifier)==null?void 0:n.active)===!0,_=((r=(i=g.email)==null?void 0:i.identifier)==null?void 0:r.active)!==!1,w=((a=(o=g.username)==null?void 0:o.validation)==null?void 0:a.min_length)??1,y=((l=(c=g.username)==null?void 0:c.validation)==null?void 0:l.max_length)??15;return{usernameIdentifierActive:m,emailIdentifierActive:_,usernameMinLength:w,usernameMaxLength:y}}return{usernameIdentifierActive:h.requires_username===!0,emailIdentifierActive:!0,usernameMinLength:((u=(d=h.validation)==null?void 0:d.username)==null?void 0:u.min)??1,usernameMaxLength:((f=(p=h.validation)==null?void 0:p.username)==null?void 0:f.max)??15}}function Jp(e){return typeof e=="object"&&e!==null&&!Array.isArray(e)}var xR={deno:"Deno",bun:"Bun",workerd:"Cloudflare-Workers",node:"Node.js"},bv=()=>{const e=globalThis;if(typeof navigator<"u"&&typeof navigator.userAgent=="string"){for(const[n,i]of Object.entries(xR))if(IR(i))return n}return typeof e?.EdgeRuntime=="string"?"edge-light":e?.fastly!==void 0?"fastly":e?.process?.release?.name==="node"?"node":"other"},IR=e=>navigator.userAgent.startsWith(e);function xh(e,t){if(bv()==="workerd")try{e.executionCtx.waitUntil(t);return}catch{}const n=t.then(()=>{},r=>{console.error("waitUntil promise error:",r)});let i;try{i=e.var?.backgroundPromises}catch{i=void 0}if(!Array.isArray(i)){if(typeof e.set!="function")return;i=[],e.set("backgroundPromises",i)}i.push(n)}async function $R(e){const t=e.var.backgroundPromises;if(!Array.isArray(t)||t.length===0)return;const n=t.splice(0,t.length);await Promise.all(n)}function zR(e){return[...e].reduce((t,[n,i])=>({...t,[n]:i}),{})}const NR=new Set(["password","password_hash","client_secret","signing_keys","credentials","encryption_key","otp_secret"]);function $y(e){if(!e)return;const t={};for(const[n,i]of Object.entries(e))NR.has(n)?t[n]="[REDACTED]":t[n]=i;return t}function Ax(e){return e&&typeof e=="object"&&!Array.isArray(e)?$y(e):e}function PR(e,t){if(!e||!t)return;const n={},i=new Set([...Object.keys(e),...Object.keys(t)]);for(const r of i){const o=e[r],a=t[r];JSON.stringify(o)!==JSON.stringify(a)&&(n[r]={old:o,new:a})}return Object.keys(n).length>0?n:void 0}function FR(e,t){return e.var.user_id||t.actorUserId?"admin_action":t.userId?"user_action":e.var.client_id?"api":"system"}function kx(e,t,n){const i=e.env.outbox?.captureEntityState!==!1,r=i?$y(n.beforeState):void 0,o=i?$y(n.afterState):void 0;return{tenant_id:t,event_type:n.targetType?`${n.targetType}.${OR(e.req.method)}`:n.type,log_type:n.type,description:n.description,category:FR(e,n),actor:{type:e.var.user_id||n.actorUserId?"admin":n.userId?"user":e.var.client_id?"client_credentials":"system",id:e.var.user_id||n.actorUserId||n.userId||void 0,email:e.var.username||void 0,org_id:e.var.organization_id||e.var.user?.org_id||void 0,org_name:e.var.org_name||e.var.user?.org_name||void 0,scopes:e.var.user?.scope?e.var.user.scope.split(" "):void 0,client_id:e.var.client_id||void 0},target:{type:n.targetType||"unknown",id:n.targetId||n.userId||e.var.user_id||"",before:r,after:o,diff:PR(r,o)},request:{method:e.req.method,path:e.req.path,query:e.req.queries()?Object.fromEntries(Object.entries(e.req.queries()).map(([a,c])=>[a,Array.isArray(c)?c.join(","):c])):void 0,body:Ax(n.body||e.var.body||void 0),ip:e.var.ip||"",user_agent:e.var.useragent||void 0},response:n.response?{status_code:n.response.statusCode,body:n.response.body}:void 0,connection:n.connection||e.var.connection||void 0,strategy:n.strategy||void 0,strategy_type:n.strategy_type||void 0,audience:n.audience||void 0,scope:n.scope||void 0,hostname:e.var.host||"",is_mobile:!1,auth0_client:e.var.auth0_client,timestamp:new Date().toISOString()}}function OR(e){switch(e){case"POST":return"created";case"PATCH":case"PUT":return"updated";case"DELETE":return"deleted";default:return"accessed"}}async function D(e,t,n){const i={};if(e.req.raw?.headers){const o=zR(e.req.raw.headers);for(const[a,c]of Object.entries(o))i[a.toLowerCase()]=c}if(e.env.outbox?.enabled&&e.env.data.outbox){const o=kx(e,t,n),a=e.env.data.outbox.create(t,o),c=e.var.outboxEventPromises||[];c.push(a),e.set("outboxEventPromises",c);return}const r=async()=>{let o;if(e.env.data.geo)try{o=await e.env.data.geo.getGeoInfo(i)||void 0}catch(c){console.warn("Failed to get geo information:",c)}const a={type:n.type,description:n.description||"",ip:e.var.ip,user_agent:e.var.useragent||"",auth0_client:e.var.auth0_client,date:new Date().toISOString(),details:n.details||{request:{method:e.req.method,path:e.req.path,qs:e.req.queries(),body:Ax(n.body||e.var.body||"")},...n.response&&{response:n.response}},isMobile:!1,client_id:e.var.client_id,client_name:"",user_id:n.userId||e.var.user_id||"",hostname:e.var.host||"",user_name:e.var.username||"",connection_id:"",connection:n.connection||e.var.connection||"",strategy:n.strategy||"",strategy_type:n.strategy_type||"",audience:n.audience||"",scope:n.scope||"",location_info:o};await e.env.data.logs.create(t,a)};n.waitForCompletion?await r():xh(e,r())}async function Sx(e,t,n,i){if(!e.env.outbox?.enabled||!t.outbox)return;const r=kx(e,n,i);return t.outbox.create(n,r)}const dt=s.z.object({page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),per_page:s.z.string().min(1).optional().default("10").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"Return results inside an object that contains the total result count (true) or as a direct array of results (false, default)."}),from:s.z.string().optional().openapi({description:"Optional Id from which to start selection."}),take:s.z.string().optional().transform(e=>e?parseInt(e,10):void 0).openapi({description:"Number of results per page. Defaults to 50."}),sort:s.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. e.g. created_at:1."}),q:s.z.string().optional().openapi({description:"A lucene query string used to filter the results"}),from_date:s.z.preprocess(e=>typeof e=="string"&&/^\d+$/.test(e)?Number(e):e,s.z.number().int().optional()).openapi({description:"Start of date range as a Unix timestamp in seconds (inclusive). Only applies to log queries."}),to_date:s.z.preprocess(e=>typeof e=="string"&&/^\d+$/.test(e)?Number(e):e,s.z.number().int().optional()).openapi({description:"End of date range as a Unix timestamp in seconds (inclusive). Only applies to log queries."})});function St(e){if(!e)return;const[t,n]=e.split(":"),i=n==="1"?"asc":"desc";if(!(!t||!i))return{sort_by:t,sort_order:i}}const RR=Ct.extend({actions:s.z.array(ir)}),jR={"post-login":"post-user-login"};function DR(e){return jR[e]||e}const LR=s.z.object({versions:s.z.array(Ah)}),BR=Ct.extend({versions:s.z.array(Ah)});function Nu(e,t,n,i){return e.actionVersions.create(t,{action_id:n.id,code:n.code,runtime:n.runtime,secrets:n.secrets,dependencies:n.dependencies,supported_triggers:n.supported_triggers,deployed:i})}const MR=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(ir),RR])}},description:"List of actions"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.actions.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:St(r),q:o}),c=a.actions.map(l=>({...l,secrets:l.secrets?.map(d=>({name:d.name}))}));return i?e.json({...a,actions:c}):e.json(c)}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Xl}}}},security:[{Bearer:["create:actions"]}],responses:{201:{content:{"application/json":{schema:ir}},description:"The created action"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.actions.create(e.var.tenant_id,t);let i=!1;if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(n.id,t.code),i=!0}catch(r){await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to deploy action ${n.id}: ${r instanceof Error?r.message:String(r)}`})}else i=!0;return await Nu(e.env.data,e.var.tenant_id,n,i),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create action",targetType:"action",targetId:n.id}),e.json(n,{status:201})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:ir}},description:"An action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actions.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Action not found"});return e.json({...n,secrets:n.secrets?.map(i=>({name:i.name}))})}).openapi(s.createRoute({tags:["actions"],method:"patch",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:Xl.partial()}}}},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:ir}},description:"The updated action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.actions.update(e.var.tenant_id,t,n))throw new N(404,{message:"Action not found"});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new N(404,{message:"Action not found"});if(n.code!==void 0&&e.env.codeExecutor?.deploy){let o=!1;try{await e.env.codeExecutor.deploy(t,n.code),o=!0}catch(a){await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to deploy action ${t}: ${a instanceof Error?a.message:String(a)}`})}await Nu(e.env.data,e.var.tenant_id,r,o)}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update action",targetType:"action",targetId:t}),e.json({...r,secrets:r.secrets?.map(o=>({name:o.name}))})}).openapi(s.createRoute({tags:["actions"],method:"delete",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["delete:actions"]}],responses:{200:{description:"Action deleted"},404:{description:"Action not found"},409:{description:"Action is bound to a trigger and cannot be deleted"}}}),async e=>{const{id:t}=e.req.valid("param");if((await e.env.data.hooks.list(e.var.tenant_id,{q:`code_id:"${t}"`})).hooks.length>0)throw new N(409,{message:"Action is bound to a trigger. Remove the binding before deleting."});if(!await e.env.data.actions.remove(e.var.tenant_id,t))throw new N(404,{message:"Action not found"});if(await e.env.data.actionVersions.removeForAction(e.var.tenant_id,t),e.env.codeExecutor?.remove)try{await e.env.codeExecutor.remove(t)}catch(r){await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to remove action worker ${t}: ${r instanceof Error?r.message:String(r)}`})}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete action",targetType:"action",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{id}/deploy",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:ir}},description:"The deployed action"},404:{description:"Action not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actions.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Action not found"});if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,n.code)}catch(i){throw await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to deploy action ${t}: ${i instanceof Error?i.message:String(i)}`}),new N(500,{message:`Deployment failed: ${i instanceof Error?i.message:String(i)}`})}return await e.env.data.actions.update(e.var.tenant_id,t,{status:"built",deployed_at:new Date().toISOString()}),await Nu(e.env.data,e.var.tenant_id,n,!0),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Deploy action",targetType:"action",targetId:t}),e.json({...n,status:"built",secrets:n.secrets?.map(i=>({name:i.name}))})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{actionId}/versions",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string()}),query:dt},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:s.z.union([LR,BR])}},description:"List of action versions"},404:{description:"Action not found"}}}),async e=>{const{actionId:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o}=e.req.valid("query");if(!await e.env.data.actions.get(e.var.tenant_id,t))throw new N(404,{message:"Action not found"});const c=await e.env.data.actionVersions.list(e.var.tenant_id,t,{page:n,per_page:i,include_totals:r,sort:St(o)}),l=c.versions.map(d=>({...d,secrets:d.secrets?.map(u=>({name:u.name}))}));return r?e.json({...c,versions:l}):e.json({versions:l})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{actionId}/versions/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string(),id:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:Ah}},description:"Action version"},404:{description:"Action version not found"}}}),async e=>{const{actionId:t,id:n}=e.req.valid("param"),i=await e.env.data.actionVersions.get(e.var.tenant_id,t,n);if(!i)throw new N(404,{message:"Action version not found"});return e.json({...i,secrets:i.secrets?.map(r=>({name:r.name}))})}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{actionId}/versions/{id}/deploy",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({actionId:s.z.string(),id:s.z.string()})},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:ir}},description:"The action after rollback"},404:{description:"Action version not found"}}}),async e=>{const{actionId:t,id:n}=e.req.valid("param"),i=await e.env.data.actionVersions.get(e.var.tenant_id,t,n);if(!i)throw new N(404,{message:"Action version not found"});if(e.env.codeExecutor?.deploy)try{await e.env.codeExecutor.deploy(t,i.code)}catch(o){throw await D(e,e.var.tenant_id,{type:T.FAILED_HOOK,description:`Failed to roll back action ${t} to version ${n}: ${o instanceof Error?o.message:String(o)}`}),new N(500,{message:`Rollback failed: ${o instanceof Error?o.message:String(o)}`})}await e.env.data.actions.update(e.var.tenant_id,t,{code:i.code,runtime:i.runtime,secrets:i.secrets,dependencies:i.dependencies,supported_triggers:i.supported_triggers,status:"built",deployed_at:new Date().toISOString()});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new N(404,{message:"Action not found"});return await Nu(e.env.data,e.var.tenant_id,r,!0),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:`Roll back action to version ${i.number}`,targetType:"action",targetId:t}),e.json({...r,secrets:r.secrets?.map(o=>({name:o.name}))})}).openapi(s.createRoute({tags:["actions"],method:"post",path:"/{id}/test",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object({trigger_id:s.z.string().optional(),event:s.z.record(s.z.unknown()).optional()})}}}},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:s.z.object({success:s.z.boolean(),error:s.z.string().optional(),duration_ms:s.z.number(),api_calls:s.z.array(s.z.object({method:s.z.string(),args:s.z.array(s.z.unknown())})),logs:s.z.array(s.z.object({level:s.z.enum(["log","info","warn","error","debug"]),message:s.z.string()}))})}},description:"Test run result"},404:{description:"Action not found"},503:{description:"Code executor not configured"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.env.codeExecutor;if(!i)throw new N(503,{message:"Code executor not configured"});const r=await e.env.data.actions.get(e.var.tenant_id,t);if(!r)throw new N(404,{message:"Action not found"});const o=n.trigger_id??r.supported_triggers?.[0]?.id??"post-login",a=DR(o),c=r.secrets?.reduce((d,u)=>(u.value!==void 0&&(d[u.name]=u.value),d),{}),l=await i.execute({code:r.code,hookCodeId:r.id,triggerId:a,event:{...n.event??{},secrets:c??{}},timeoutMs:5e3});return e.json({success:l.success,error:l.error,duration_ms:l.durationMs,api_calls:l.apiCalls,logs:l.logs??[]})}),UR=s.z.object({id:s.z.string(),trigger_id:s.z.string(),status:Xw,results:s.z.array(ev),created_at:s.z.string(),updated_at:s.z.string()}),qR=s.z.object({logs:tv}),HR=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/{id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:UR}},description:"Action execution"},404:{description:"Execution not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actionExecutions.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Execution not found"});return e.json({id:n.id,trigger_id:n.trigger_id,status:n.status,results:n.results,created_at:n.created_at,updated_at:n.updated_at})}).openapi(s.createRoute({tags:["actions"],method:"get",path:"/{id}/logs",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({id:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:qR}},description:"Captured console output for the execution"},404:{description:"Execution not found"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.actionExecutions.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Execution not found"});return e.json({logs:n.logs??[]})});let VR="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict",KR=e=>crypto.getRandomValues(new Uint8Array(e)),GR=(e,t,n)=>{let i=256-256%e.length;if(i===256){let o=e.length-1;return(a=t)=>{if(!a)return"";let c="";for(;;){let l=n(a),d=a;for(;d--;)if(c+=e[l[d]&o],c.length>=a)return c}}}let r=Math.ceil(1.6*256*t/i);return(o=t)=>{if(!o)return"";let a="";for(;;){let c=n(r),l=r;for(;l--;)if(c[l]<i&&(a+=e[c[l]%e.length],a.length>=o))return a}}},Ex=(e,t=21)=>GR(e,t|0,KR),Fe=(e=21)=>{let t="",n=crypto.getRandomValues(new Uint8Array(e|=0));for(;e--;)t+=VR[n[e]&63];return t};const WR=17,JR={organization:"org_",connection:"con_",action:"act_",hook:"h_",rule:"rul_",resource_server:"api_",guardian_factor:"gfa_",invite:"inv_",flow:"af_"};function Ih(e){const i=Ex("0123456789abcdefghijklmnopqrstuvwxyz",WR)();return`${JR[e]}${i}`}function YR(){return Ih("organization")}function QR(){return Ih("connection")}function Cx(){return Ih("hook")}function ZR(){return Ih("invite")}const Tx={"post-login":"post-user-login","credentials-exchange":"credentials-exchange","pre-user-registration":"pre-user-registration","post-user-registration":"post-user-registration"},XR=Object.fromEntries(Object.entries(Tx).map(([e,t])=>[t,e]));function wA(e){return Tx[e]||e}function vA(e){return XR[e]||e}const ej=s.z.object({type:s.z.enum(["action_id","action_name"]).optional(),value:s.z.string().optional(),id:s.z.string().optional(),name:s.z.string().optional()}),tj=s.z.object({ref:ej,display_name:s.z.string().optional()}),nj=s.z.object({id:s.z.string(),trigger_id:s.z.string(),display_name:s.z.string(),action:ir,created_at:s.z.string(),updated_at:s.z.string()}),bA=s.z.object({bindings:s.z.array(nj)}),ij=new s.OpenAPIHono().openapi(s.createRoute({tags:["actions"],method:"get",path:"/{triggerId}/bindings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({triggerId:s.z.string()})},security:[{Bearer:["read:actions"]}],responses:{200:{content:{"application/json":{schema:bA}},description:"Trigger bindings"}}}),async e=>{const{triggerId:t}=e.req.valid("param"),n=wA(t),r=(await e.env.data.hooks.list(e.var.tenant_id,{q:`trigger_id:"${n}"`,per_page:100})).hooks.filter(a=>"code_id"in a&&a.code_id).sort((a,c)=>(c.priority||0)-(a.priority||0)),o=[];for(const a of r){const c=a.code_id,l=await e.env.data.actions.get(e.var.tenant_id,c);l&&o.push({id:a.hook_id,trigger_id:vA(a.trigger_id),display_name:l.name,action:{...l,secrets:l.secrets?.map(d=>({name:d.name}))},created_at:a.created_at,updated_at:a.updated_at})}return e.json({bindings:o})}).openapi(s.createRoute({tags:["actions"],method:"patch",path:"/{triggerId}/bindings",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({triggerId:s.z.string()}),body:{content:{"application/json":{schema:s.z.object({bindings:s.z.array(tj)})}}}},security:[{Bearer:["update:actions"]}],responses:{200:{content:{"application/json":{schema:bA}},description:"Updated trigger bindings"}}}),async e=>{const{triggerId:t}=e.req.valid("param"),{bindings:n}=e.req.valid("json"),i=wA(t),r=await e.env.data.hooks.list(e.var.tenant_id,{q:`trigger_id:"${i}"`,per_page:100});for(const a of r.hooks)"code_id"in a&&a.code_id&&await e.env.data.hooks.remove(e.var.tenant_id,a.hook_id);const o=[];for(let a=0;a<n.length;a++){const c=n[a];let l=c.ref.id;if(!l&&c.ref.type==="action_id"&&c.ref.value)l=c.ref.value;else if(!l&&c.ref.type==="action_name"&&c.ref.value){const p=c.ref.value,f=100;let h=0;for(;;){const g=await e.env.data.actions.list(e.var.tenant_id,{page:h,per_page:f,include_totals:!1}),m=g.actions.find(_=>_.name===p);if(m){l=m.id;break}if(g.actions.length<f)break;h++}}if(!l)throw new N(400,{message:`Binding at index ${a} must reference an action via ref.id or ref.value`});const d=await e.env.data.actions.get(e.var.tenant_id,l);if(!d)throw new N(404,{message:`Action ${l} not found`});const u=await e.env.data.hooks.create(e.var.tenant_id,{hook_id:Cx(),trigger_id:i,code_id:l,enabled:!0,synchronous:!0,priority:n.length-a});o.push({id:u.hook_id,trigger_id:vA(u.trigger_id),display_name:c.display_name||d.name,action:{...d,secrets:d.secrets?.map(p=>({name:p.name}))},created_at:u.created_at,updated_at:u.updated_at})}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:`Update trigger bindings for ${t}`,targetType:"action"}),e.json({bindings:o})}),nd={themeId:"default",borders:{button_border_radius:8,button_border_weight:1,buttons_style:"pill",input_border_radius:8,input_border_weight:1,inputs_style:"pill",show_widget_shadow:!0,widget_border_weight:1,widget_corner_radius:16},colors:{base_focus_color:"#7D68F4",base_hover_color:"#A091F2",body_text:"#000000",captcha_widget_theme:"auto",error:"#FC5A5A",header:"#000000",icons:"#666666",input_background:"#FFFFFF",input_border:"#8E8CA0",input_filled_text:"#000000",input_labels_placeholders:"#88869F",links_focused_components:"#7D68F4",primary_button:"#7D68F4",primary_button_label:"#FFFFFF",secondary_button_border:"#8E8CA0",secondary_button_label:"#000000",success:"#36BF76",widget_background:"#FFFFFF",widget_border:"#8E8CA0"},displayName:"Default Theme",fonts:{body_text:{bold:!1,size:100},buttons_text:{bold:!0,size:100},font_url:"https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2",input_labels:{bold:!1,size:100},links:{bold:!0,size:100},links_style:"normal",reference_text_size:16,subtitle:{bold:!1,size:100},title:{bold:!0,size:150}},page_background:{background_color:"#F8F9FB",background_image_url:"",page_layout:"center"},widget:{logo_url:"",header_text_alignment:"center",logo_height:36,logo_position:"center",social_buttons_layout:"bottom"}};function Av(e,t){const n=structuredClone(e);function i(r,o){for(const a in o)o[a]!==void 0&&typeof o[a]=="object"&&!Array.isArray(o[a])&&typeof r[a]=="object"&&r[a]!==null?i(r[a],o[a]):r[a]=o[a];return r}return i(n,t)}const rj=new s.OpenAPIHono().openapi(s.createRoute({tags:["branding"],method:"get",path:"/default",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:branding"]}],responses:{200:{content:{"application/json":{schema:up}},description:"Default theme settings"}}}),async e=>{const t=await e.env.data.themes.get(e.var.tenant_id,"default");return t?e.json(t):e.json(nd)}).openapi(s.createRoute({tags:["branding"],method:"patch",path:"/default",request:{body:{content:{"application/json":{schema:up.deepPartial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:branding"]}],responses:{200:{content:{"application/json":{schema:up}},description:"Updated theme settings"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.themes.get(e.var.tenant_id,"default"),r=Av(n||nd,t);return n?await e.env.data.themes.update(e.var.tenant_id,"default",r):await e.env.data.themes.create(e.var.tenant_id,r,"default"),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Theme",targetType:"theme",targetId:"default",...n?{beforeState:n}:{},afterState:r}),e.json({...r,themeId:"default"})}),AA={colors:{primary:"#7D68F4",page_background:{type:"solid",start:"#F8F9FB",end:"#F8F9FB",angle_deg:0}},logo_url:"https://assets.sesamy.com/static/images/sesamy/logos/sesamy_logo_black.svg",favicon_url:"https://assets.sesamy.com/images/favicon.ico",font:{url:"https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2"}};var oj={Stringify:1},eo=(e,t)=>{const n=new String(e);return n.isEscaped=!0,n.callbacks=t,n},sj=/[&<>'"]/,aj=async(e,t)=>{let n="";t||=[];const i=await Promise.all(e);for(let r=i.length-1;n+=i[r],r--,!(r<0);r--){let o=i[r];typeof o=="object"&&t.push(...o.callbacks||[]);const a=o.isEscaped;if(o=await(typeof o=="object"?o.toString():o),typeof o=="object"&&t.push(...o.callbacks||[]),o.isEscaped??a)n+=o;else{const c=[n];Ea(o,c),n=c[0]}}return eo(n,t)},Ea=(e,t)=>{const n=e.search(sj);if(n===-1){t[0]+=e;return}let i,r,o=0;for(r=n;r<e.length;r++){switch(e.charCodeAt(r)){case 34:i="&quot;";break;case 39:i="&#39;";break;case 38:i="&amp;";break;case 60:i="&lt;";break;case 62:i="&gt;";break;default:continue}t[0]+=e.substring(o,r)+i,o=r+1}t[0]+=e.substring(o,r)},cj=e=>{const t=e.callbacks;if(!t?.length)return e;const n=[e],i={};return t.forEach(r=>r({phase:oj.Stringify,buffer:n,context:i})),n[0]},kv=Symbol("RENDERER"),zy=Symbol("ERROR_HANDLER"),ut=Symbol("STASH"),xx=Symbol("INTERNAL"),lj=Symbol("MEMO"),Yp=Symbol("PERMALINK"),kA=e=>(e[xx]=!0,e),Ix=e=>({value:t,children:n})=>{if(!n)return;const i={children:[{tag:kA(()=>{e.push(t)}),props:{}}]};Array.isArray(n)?i.children.push(...n.flat()):i.children.push(n),i.children.push({tag:kA(()=>{e.pop()}),props:{}});const r={tag:"",props:i,type:""};return r[zy]=o=>{throw e.pop(),o},r},$x=e=>{const t=[e],n=Ix(t);return n.values=t,n.Provider=n,ja.push(n),n},ja=[],zx=e=>{const t=[e],n=(i=>{t.push(i.value);let r;try{r=i.children?(Array.isArray(i.children)?new jx("",{},i.children):i.children).toString():""}catch(o){throw t.pop(),o}return r instanceof Promise?r.finally(()=>t.pop()).then(o=>eo(o,o.callbacks)):(t.pop(),eo(r))});return n.values=t,n.Provider=n,n[kv]=Ix(t),ja.push(n),n},hc=e=>e.values.at(-1),Qp={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},Ny={},jo="data-precedence",Nx=e=>e.rel==="stylesheet"&&"precedence"in e,Px=(e,t)=>e==="link"?t:Qp[e].length>0,Bd=e=>Array.isArray(e)?e:[e],SA=new WeakMap,EA=(e,t,n,i)=>({buffer:r,context:o})=>{if(!r)return;const a=SA.get(o)||{};SA.set(o,a);const c=a[e]||=[];let l=!1;const d=Qp[e],u=Px(e,i!==void 0);if(u){e:for(const[,p]of c)if(!(e==="link"&&!(p.rel==="stylesheet"&&p[jo]!==void 0))){for(const f of d)if((p?.[f]??null)===n?.[f]){l=!0;break e}}}if(l?r[0]=r[0].replaceAll(t,""):u||e==="link"?c.push([t,n,i]):c.unshift([t,n,i]),r[0].indexOf("</head>")!==-1){let p;if(e==="link"||i!==void 0){const f=[];p=c.map(([h,,g],m)=>{if(g===void 0)return[h,Number.MAX_SAFE_INTEGER,m];let _=f.indexOf(g);return _===-1&&(f.push(g),_=f.length-1),[h,_,m]}).sort((h,g)=>h[1]-g[1]||h[2]-g[2]).map(([h])=>h)}else p=c.map(([f])=>f);p.forEach(f=>{r[0]=r[0].replaceAll(f,"")}),r[0]=r[0].replace(/(?=<\/head>)/,p.join(""))}},Md=(e,t,n)=>eo(new di(e,n,Bd(t??[])).toString()),Ud=(e,t,n,i)=>{if("itemProp"in n)return Md(e,t,n);let{precedence:r,blocking:o,...a}=n;r=i?r??"":void 0,i&&(a[jo]=r);const c=new di(e,a,Bd(t||[])).toString();return c instanceof Promise?c.then(l=>eo(c,[...l.callbacks||[],EA(e,l,a,r)])):eo(c,[EA(e,c,a,r)])},dj=({children:e,...t})=>{const n=Sv();if(n){const i=hc(n);if(i==="svg"||i==="head")return new di("title",t,Bd(e??[]))}return Ud("title",e,t,!1)},uj=({children:e,...t})=>{const n=Sv();return["src","async"].some(i=>!t[i])||n&&hc(n)==="head"?Md("script",e,t):Ud("script",e,t,!1)},pj=({children:e,...t})=>["href","precedence"].every(n=>n in t)?(t["data-href"]=t.href,delete t.href,Ud("style",e,t,!0)):Md("style",e,t),fj=({children:e,...t})=>["onLoad","onError"].some(n=>n in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?Md("link",e,t):Ud("link",e,t,Nx(t)),hj=({children:e,...t})=>{const n=Sv();return n&&hc(n)==="head"?Md("meta",e,t):Ud("meta",e,t,!1)},Fx=(e,{children:t,...n})=>new di(e,n,Bd(t??[])),gj=e=>(typeof e.action=="function"&&(e.action=Yp in e.action?e.action[Yp]:void 0),Fx("form",e)),Ox=(e,t)=>(typeof t.formAction=="function"&&(t.formAction=Yp in t.formAction?t.formAction[Yp]:void 0),Fx(e,t)),mj=e=>Ox("input",e),yj=e=>Ox("button",e);const lm=Object.freeze(Object.defineProperty({__proto__:null,button:yj,form:gj,input:mj,link:fj,meta:hj,script:uj,style:pj,title:dj},Symbol.toStringTag,{value:"Module"}));var _j=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),Zp=e=>_j.get(e)||e,wj=/[\s"'<>/=`\\\x00-\x1f\x7f-\x9f]/,dm=new Set,CA=1024,vj=/^[!?]|[\s"'<>/=`\\\x00-\x1f\x7f-\x9f]/,TA=new Set,bj=256,id=(e,t,n)=>{e.size>=t&&e.clear(),e.add(n)},Aj=e=>TA.has(e)?!0:typeof e!="string"?!1:e.length===0?!0:vj.test(e)?!1:(id(TA,bj,e),!0),kj=e=>{if(dm.has(e))return!0;const t=e.length;if(t===0)return!1;for(let n=0;n<t;n++){const i=e.charCodeAt(n);if(!(i>=97&&i<=122||i>=65&&i<=90||i>=48&&i<=57||i===45||i===95||i===46||i===58))return wj.test(e)?!1:(id(dm,CA,e),!0)}return id(dm,CA,e),!0},Sj=/[\s"'():;\\/\[\]{}\x00-\x1f\x7f-\x9f]/,um=new Set,xA=1024,Ej=e=>{if(um.has(e))return!0;const t=e.length;if(t===0)return!1;for(let n=0;n<t;n++){const i=e.charCodeAt(n);if(!(i>=97&&i<=122||i>=65&&i<=90||i>=48&&i<=57||i===45||i===95))return Sj.test(e)?!1:(id(um,xA,e),!0)}return id(um,xA,e),!0},Cj=/[;"'\\/\[\](){}]/,Tj=e=>{if(!Cj.test(e))return!1;let t=0;const n=[];for(let i=0,r=e.length;i<r;i++){const o=e.charCodeAt(i);if(o===92){if(i===r-1)return!0;i++}else if(t!==0){if(o===10||o===12||o===13)return!0;o===t&&(t=0)}else if(o===47&&e.charCodeAt(i+1)===42){const a=e.indexOf("*/",i+2);if(a===-1)return!0;i=a+1}else if(o===34||o===39)t=o;else if(o===40)n.push(41);else if(o===91)n.push(93);else{if(o===123||o===125)return!0;if(o===41||o===93){if(n[n.length-1]!==o)return!0;n.pop()}else if(o===59&&n.length===0)return!0}}return t!==0||n.length!==0},Rx=(e,t)=>{for(const[n,i]of Object.entries(e)){const r=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,a=>`-${a.toLowerCase()}`);if(!Ej(r))continue;if(i==null){t(r,null);continue}let o;if(typeof i=="number")o=r.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${i}`:`${i}px`;else if(typeof i=="string"){if(Tj(i))continue;o=i}else continue;t(r,o)}},rd=void 0,Sv=()=>rd,xj=e=>/[A-Z]/.test(e)&&e.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,Ij=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],$j=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],Ev=(e,t)=>{for(let n=0,i=e.length;n<i;n++){const r=e[n];if(typeof r=="string")Ea(r,t);else{if(typeof r=="boolean"||r===null||r===void 0)continue;r instanceof di?r.toStringToBuffer(t):typeof r=="number"||r.isEscaped?t[0]+=r:r instanceof Promise?t.unshift("",r):Ev(r,t)}}},di=class{tag;props;key;children;isEscaped=!0;localContexts;constructor(e,t,n){if(typeof e!="function"&&!Aj(e))throw new Error(`Invalid JSX tag name: ${e}`);this.tag=e,this.props=t,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){const e=[""];this.localContexts?.forEach(([t,n])=>{t.values.push(n)});try{this.toStringToBuffer(e)}finally{this.localContexts?.forEach(([t])=>{t.values.pop()})}return e.length===1?"callbacks"in e?cj(eo(e[0],e.callbacks)).toString():e[0]:aj(e,e.callbacks)}toStringToBuffer(e){const t=this.tag,n=this.props;let{children:i}=this;e[0]+=`<${t}`;const r=t==="svg"||rd&&hc(rd)==="svg"?o=>xj(Zp(o)):o=>Zp(o);for(let[o,a]of Object.entries(n))if(o=r(o),!!kj(o)&&o!=="children"){if(o==="style"&&typeof a=="object"){let c="";Rx(a,(l,d)=>{d!=null&&(c+=`${c?";":""}${l}:${d}`)}),e[0]+=' style="',Ea(c,e),e[0]+='"'}else if(typeof a=="string")e[0]+=` ${o}="`,Ea(a,e),e[0]+='"';else if(a!=null)if(typeof a=="number"||a.isEscaped)e[0]+=` ${o}="${a}"`;else if(typeof a=="boolean"&&$j.includes(o))a&&(e[0]+=` ${o}=""`);else if(o==="dangerouslySetInnerHTML"){if(i.length>0)throw new Error("Can only set one of `children` or `props.dangerouslySetInnerHTML`.");i=[eo(a.__html)]}else if(a instanceof Promise)e[0]+=` ${o}="`,e.unshift('"',a);else if(typeof a=="function"){if(!o.startsWith("on")&&o!=="ref")throw new Error(`Invalid prop '${o}' of type 'function' supplied to '${t}'.`)}else e[0]+=` ${o}="`,Ea(a.toString(),e),e[0]+='"'}if(Ij.includes(t)&&i.length===0){e[0]+="/>";return}e[0]+=">",Ev(i,e),e[0]+=`</${t}>`}},pm=class extends di{toStringToBuffer(e){const{children:t}=this,n={...this.props};t.length&&(n.children=t.length===1?t[0]:t);const i=this.tag.call(null,n);if(!(typeof i=="boolean"||i==null))if(i instanceof Promise)if(ja.length===0)e.unshift("",i);else{const r=ja.map(o=>[o,o.values.at(-1)]);e.unshift("",i.then(o=>(o instanceof di&&(o.localContexts=r),o)))}else i instanceof di?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?(e[0]+=i,i.callbacks&&(e.callbacks||=[],e.callbacks.push(...i.callbacks))):Ea(i,e)}},jx=class extends di{toStringToBuffer(e){Ev(this.children,e)}},zj=(e,t,...n)=>{t??={},n.length&&(t.children=n.length===1?n[0]:n);const i=t.key;delete t.key;const r=pp(e,t,n);return r.key=i,r},IA=!1,pp=(e,t,n)=>{if(!IA){for(const i in Ny)lm[i][kv]=Ny[i];IA=!0}return typeof e=="function"?new pm(e,t,n):lm[e]?new pm(lm[e],t,n):e==="svg"||e==="head"?(rd||=zx(""),new di(e,t,[new pm(rd,{value:e},n)])):new di(e,t,n)},Da=({children:e})=>new jx("",{children:e},Array.isArray(e)?e:e?[e]:[]),Nj=(e,t,...n)=>{let i;if(n.length>0)i=n;else{const r=e.props.children;i=Array.isArray(r)?r:[r]}return zj(e.tag,{...e.props,...t},...i)};function S(e,t,n){let i;if(!t||!("children"in t))i=pp(e,t,[]);else{const r=t.children;i=Array.isArray(r)?pp(e,t,r):pp(e,t,[r])}return i.key=n,i}function Te(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#x27;")}function Pj(e){return e.replace(/\\/g,"\\\\").replace(/"/g,'\\"').replace(/'/g,"\\'").replace(/\(/g,"\\(").replace(/\)/g,"\\)").replace(/\n/g,"").replace(/\r/g,"").replace(/\t/g,"")}function mn(e){if(!e)return"";try{const t=new URL(e);return["http:","https:","data:"].includes(t.protocol)?Te(e):""}catch{return e.startsWith("/")?Te(e):""}}function gn(e){return e&&/^(#[0-9a-fA-F]{3,8}|rgba?\([^)]+\)|hsla?\([^)]+\)|[a-zA-Z]+)$/.test(e.trim())?e.trim():""}function Fj(e){if(!e)return"#f5f5f5";if(typeof e=="string")return gn(e)||"#f5f5f5";const{type:t,start:n,end:i,angle_deg:r}=e;if(t==="linear-gradient"&&n&&i){const o=gn(n),a=gn(i);if(o&&a)return`linear-gradient(${typeof r=="number"?r:180}deg, ${o}, ${a})`}if(n){const o=gn(n);if(o)return o}return"#f5f5f5"}function Dx(e,t){if(e?.background_image_url){const n=mn(e.background_image_url);if(n)return`${gn(e.background_color)||"#f5f5f5"} url("${Pj(n)}") center / cover no-repeat`}if(e?.background_color){const n=gn(e.background_color);if(n)return n}return Fj(t)}var Oj=(e,t)=>{try{return t(e)}catch{return e.replace(/(?:%[0-9A-Fa-f]{2})+/g,n=>{try{return t(n)}catch{return n}})}},Rj=decodeURIComponent,Lx=/^[\w!#$%&'*.^`|~+-]+$/,jj=/^[ !#-:<-[\]-~]*$/,$A=e=>{let t=0,n=e.length;for(;t<n;){const i=e.charCodeAt(t);if(i!==32&&i!==9)break;t++}for(;n>t;){const i=e.charCodeAt(n-1);if(i!==32&&i!==9)break;n--}return t===0&&n===e.length?e:e.slice(t,n)},Dj=(e,t)=>{if(e.indexOf(t)===-1)return{};const n=e.split(";"),i=Object.create(null);for(const r of n){const o=r.indexOf("=");if(o===-1)continue;const a=$A(r.substring(0,o));if(t!==a||!Lx.test(a)||a in i)continue;let c=$A(r.substring(o+1));if(c.startsWith('"')&&c.endsWith('"')&&(c=c.slice(1,-1)),jj.test(c)){i[a]=c.indexOf("%")!==-1?Oj(c,Rj):c;break}}return i},Lj=(e,t,n={})=>{if(!Lx.test(e))throw new Error("Invalid cookie name");let i=`${e}=${t}`;if(e.startsWith("__Secure-")&&!n.secure)throw new Error("__Secure- Cookie must have Secure attributes");if(e.startsWith("__Host-")){if(!n.secure)throw new Error("__Host- Cookie must have Secure attributes");if(n.path!=="/")throw new Error('__Host- Cookie must have Path attributes with "/"');if(n.domain)throw new Error("__Host- Cookie must not have Domain attributes")}for(const r of["domain","path","sameSite","priority"])if(n[r]&&/[;\r\n]/.test(n[r]))throw new Error(`${r} must not contain ";", "\\r", or "\\n"`);if(n&&typeof n.maxAge=="number"&&n.maxAge>=0){if(n.maxAge>3456e4)throw new Error("Cookies Max-Age SHOULD NOT be greater than 400 days (34560000 seconds) in duration.");i+=`; Max-Age=${n.maxAge|0}`}if(n.domain&&n.prefix!=="host"&&(i+=`; Domain=${n.domain}`),n.path&&(i+=`; Path=${n.path}`),n.expires){if(n.expires.getTime()-Date.now()>3456e7)throw new Error("Cookies Expires SHOULD NOT be greater than 400 days (34560000 seconds) in the future.");i+=`; Expires=${n.expires.toUTCString()}`}if(n.httpOnly&&(i+="; HttpOnly"),n.secure&&(i+="; Secure"),n.sameSite&&(i+=`; SameSite=${n.sameSite.charAt(0).toUpperCase()+n.sameSite.slice(1)}`),n.priority&&(i+=`; Priority=${n.priority.charAt(0).toUpperCase()+n.priority.slice(1)}`),n.partitioned){if(!n.secure)throw new Error("Partitioned Cookie must have Secure attributes");i+="; Partitioned"}return i},fm=(e,t,n)=>(t=encodeURIComponent(t),Lj(e,t,n)),Bj=(e,t,n)=>{const i=e.req.raw.headers.get("Cookie");{if(!i)return;let r=t;return Dj(i,r)[r]}},Mj=(e,t,n)=>{let i;return n?.prefix==="secure"?i=fm("__Secure-"+e,t,{path:"/",...n,secure:!0}):n?.prefix==="host"?i=fm("__Host-"+e,t,{...n,path:"/",secure:!0,domain:void 0}):i=fm(e,t,{path:"/",...n}),i},zA=(e,t,n,i)=>{const r=Mj(t,n,i);e.header("Set-Cookie",r,{append:!0})};const od="mpkxkgol",Bx={common:{alertListTitle:"Upozornění",backText:"Vrátit se zpět",cancelText:"Zrušit",closeText:"Zavřít",contactSupportText:"Potřebujete pomoc?",continueText:"Pokračovat",copyrightText:"© ${currentYear} ${companyName}",errorText:"Něco se pokazilo. Zkuste to prosím znovu.",hidePasswordText:"Skrýt heslo",loadingText:"Načítání...",orText:"nebo",privacyPolicyText:"Zásady ochrany osobních údajů",showPasswordText:"Zobrazit heslo",termsOfServiceText:"Podmínky služby",termsShortText:"Podmínky",tryAgainText:"Zkusit znovu"}},Mx={consent:{buttonText:"Přijmout",cancelButtonText:"Zamítnout",description:"${clientName} žádá o přístup k vašemu účtu",pageTitle:"Autorizace | ${clientName}",scopesTitle:"Tímto povolíte ${clientName}:",title:"Autorizovat ${clientName}"}},Ux={invitation:{acceptButtonText:"Přijmout pozvánku",description:"${inviterName} vás pozval(a), abyste se připojili k ${organizationName} na ${clientName}",pageTitle:"Pozvánka | ${clientName}",title:"Byli jste pozváni"}},qx={login:{alertListTitle:"Upozornění",buttonText:"Pokračovat",description:"Přihlaste se k ${clientName}.",editEmailText:"Upravit",emailPlaceholder:"E-mailová adresa",enterACodeBtn:"Přihlásit se kódem",federatedConnectionButtonText:"Pokračovat s ${connectionName}",footerLinkText:"Zaregistrujte se",footerText:"Nemáte účet?",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo",invalidEmail:"Neplatný e-mail",invalidIdentifier:"Neplatný e-mail nebo uživatelské jméno",invitationDescription:"Přihlaste se pro přijetí pozvánky od ${inviterName} k připojení k ${companyName} na ${clientName}.",invitationTitle:"Byli jste pozváni!",logoAltText:"${companyName}","no-email":"Zadejte prosím e-mailovou adresu","no-password":"Heslo je povinné",pageTitle:"Přihlášení | ${clientName}",passwordLoginNotAvailable:"Přihlášení heslem není k dispozici",passwordPlaceholder:"Heslo",phonePlaceholder:"Telefonní číslo",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",signupActionLinkText:"${footerLinkText}",signupActionText:"${footerText}",title:"Vítejte",tooManyFailedLogins:"Příliš mnoho neúspěšných pokusů o přihlášení. Zkuste to prosím později.",unverifiedEmail:"Před přihlášením prosím ověřte svou e-mailovou adresu",userAccountDoesNotExist:"Uživatelský účet neexistuje",usernamePlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernameTooLong:"Uživatelské jméno musí mít nejvýše ${max} znaků",usernameTooShort:"Uživatelské jméno musí mít alespoň ${min} znaků",wrongCredentials:"Nesprávné uživatelské jméno nebo heslo",passkeyButtonText:"Přihlásit se pomocí passkey"}},Hx={mfa:{backupCodeText:"Použít záložní kód",description:"Zvolte metodu ověření",pageTitle:"Vícefaktorové ověření | ${clientName}",title:"Ověřte svou identitu"}},Vx={"passkey-enrollment-nudge":{title:"Zabezpečte svůj účet pomocí passkey",description:"Passkey používají biometrii nebo PIN vašeho zařízení k rychlejšímu a bezpečnějšímu přihlášení.",enrollButtonText:"Nastavit passkey",snoozeButtonText:"Možná později",optOutLinkText:"Nezobrazovat znovu",pageTitle:"Nastavení Passkey | ${clientName}"},"passkey-enrollment":{title:"Vytvořte svůj passkey",description:"Postupujte podle pokynů prohlížeče a vytvořte passkey pro tento účet.",errorMessage:"Vytvoření passkey se nezdařilo. Zkuste to prosím znovu.",cancelLinkText:"Prozatím přeskočit",retryButtonText:"Zkusit znovu",enrollmentComplete:"Váš passkey byl úspěšně nastaven. Tuto stránku můžete zavřít.",pageTitle:"Vytvoření Passkey | ${clientName}"},"passkey-challenge":{title:"Přihlásit se pomocí passkey",description:"Postupujte podle pokynů prohlížeče k ověření vaší identity.",errorMessage:"Ověření pomocí passkey selhalo. Zkuste to prosím znovu.",cancelLinkText:"Zpět na přihlášení",retryButtonText:"Zkusit znovu",pageTitle:"Přihlášení pomocí passkey | ${clientName}"}},Kx={organizations:{description:"Vyberte, ke které organizaci se chcete přihlásit",pageTitle:"Výběr organizace | ${clientName}",searchPlaceholder:"Hledat organizace",title:"Vyberte svou organizaci"}},Gx={signup:{buttonText:"Pokračovat",confirmPasswordPlaceholder:"Potvrzení hesla",description:"Zaregistrujte se a pokračujte","email-already-exists":"Tento e-mail je již zaregistrován",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}",hidePasswordText:"Skrýt heslo","invalid-email-format":"Neplatný e-mail",loginActionLinkText:"Přihlásit se",loginActionText:"Už máte účet?","no-email":"Zadejte prosím e-mailovou adresu","no-password":"Heslo je povinné","no-username":"Uživatelské jméno je povinné",pageTitle:"Registrace | ${clientName}",passwordPlaceholder:"Heslo",passwordsDidntMatch:"Hesla se neshodují",phonePlaceholder:"Telefonní číslo",privacyPolicyLinkText:"Zásady ochrany osobních údajů",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",termsOfServiceLinkText:"Podmínky služby",termsText:"Registrací souhlasíte s našimi",title:"Vytvořte svůj účet","username-already-exists":"Toto uživatelské jméno je již obsazeno",usernamePlaceholder:"Uživatelské jméno",verifyEmailText:"Zkontrolujte prosím svůj e-mail pro ověření účtu"}},Wx={status:{continueButtonText:"Pokračovat",errorTitle:"Chyba",pageTitle:"Stav | ${clientName}",successTitle:"Hotovo",title:"Stav"}},Uj={common:Bx,consent:Mx,"device-flow":{"device-flow":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Zadejte kód zobrazený na vašem zařízení","expired-code":"Platnost kódu vypršela","invalid-code":"Zadaný kód je neplatný",pageTitle:"Aktivace zařízení | ${clientName}",title:"Aktivujte své zařízení"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Přihlásit se",codeLabel:"Ověřovací kód",codePlaceholder:"Zadejte kód",defaultDescription:"Zadejte ověřovací kód zaslaný na váš e-mail",description:"Odeslali jsme kód na ${email}","invalid-code":"Neplatný kód",noCode:"Zadejte prosím ověřovací kód",pageTitle:"Zadejte kód | ${clientName}",resendText:"Opětovné odeslání kódu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zkontrolujte svůj e-mail",unexpectedError:"Došlo k neočekávané chybě"}},"email-verification":{"email-verification":{description:"Odeslali jsme e-mail na ${email}",pageTitle:"Ověření e-mailu | ${clientName}",resendText:"Opětovné odeslání kódu",successDescription:"Váš e-mail byl úspěšně ověřen.",successTitle:"E-mail ověřen",title:"Ověření e-mailu"}},invitation:Ux,login:qx,"login-id":{"login-id":{alertListTitle:"Upozornění","auth0-users-validation":"Něco se pokazilo, zkuste to prosím později","authentication-failure":"Omlouváme se, při pokusu o přihlášení se něco pokazilo",buttonText:"Pokračovat","captcha-client-failure":"Nepodařilo se načíst bezpečnostní výzvu. Zkuste to prosím znovu. (Kód chyby: #{errorCode})","captcha-validation-failure":"Omlouváme se, při ověřování captcha došlo k chybě. Zkuste to prosím znovu.",captchaCodePlaceholder:"Zadejte kód zobrazený výše","custom-script-error-code":"Něco se pokazilo, zkuste to prosím později.",description:"Přihlaste se k ${clientName}.",editEmailText:"Upravit",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}",footerLinkText:"Zaregistrujte se",footerText:"Nemáte účet?",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo","invalid-captcha":"Vyřešte úlohu, abyste ověřili, že nejste robot.","invalid-code":"Neplatný kód","invalid-connection":"Neplatné připojení","invalid-email-format":"Neplatný e-mail","invalid-email-phone":"Zadejte platnou e-mailovou adresu nebo telefonní číslo. Telefonní čísla musí obsahovat předvolbu země.","invalid-email-phone-username":"Zadejte platnou e-mailovou adresu, telefonní číslo nebo uživatelské jméno. Telefonní čísla musí obsahovat předvolbu země.","invalid-email-username":"Zadejte platnou e-mailovou adresu nebo uživatelské jméno","invalid-expired-code":"Neplatný nebo vypršelý uživatelský kód","invalid-login-id":"Zadáno neplatné přihlašovací ID","invalid-phone-username":"Zadejte platné telefonní číslo nebo uživatelské jméno. Telefonní čísla musí obsahovat předvolbu země.","invalid-recaptcha":"Zaškrtněte políčko, abyste ověřili, že nejste robot.","invalid-username":"Uživatelské jméno může obsahovat pouze alfanumerické znaky nebo: '${characters}'. Uživatelské jméno musí mít ${min} až ${max} znaků.",invitationDescription:"Přihlaste se pro přijetí pozvánky od ${inviterName} k připojení k ${companyName} na ${clientName}.",invitationTitle:"Byli jste pozváni!","ip-blocked":"Zjistili jsme podezřelé přihlašovací chování a další pokusy budou blokovány. Kontaktujte prosím administrátora.",logoAltText:"${companyName}","no-db-connection":"Neplatné připojení","no-email":"Zadejte prosím e-mailovou adresu","no-email-phone":"Je vyžadována e-mailová adresa nebo telefonní číslo","no-email-phone-username":"Je vyžadováno telefonní číslo, uživatelské jméno nebo e-mailová adresa","no-email-username":"Je vyžadována e-mailová adresa nebo uživatelské jméno","no-password":"Heslo je povinné","no-phone":"Zadejte prosím telefonní číslo","no-phone-username":"Je vyžadováno telefonní číslo nebo uživatelské jméno","no-username":"Uživatelské jméno je povinné",pageTitle:"Přihlášení | ${clientName}","password-breached":"Zjistili jsme potenciální bezpečnostní problém s tímto účtem. Pro ochranu vašeho účtu jsme toto přihlášení zablokovali. Pro pokračování prosím resetujte své heslo.",passwordPlaceholder:"Heslo",phoneOrEmailPlaceholder:"E-mail nebo telefonní číslo",phoneOrUsernameOrEmailPlaceholder:"Telefon, uživatelské jméno nebo e-mail",phoneOrUsernamePlaceholder:"Telefonní číslo nebo uživatelské jméno",phonePlaceholder:"Telefonní číslo","same-user-login":"Příliš mnoho pokusů o přihlášení pro tohoto uživatele. Počkejte prosím a zkuste to znovu později.",selectCountryCode:"Vyberte předvolbu země, aktuálně nastaveno na ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"nebo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",showPasswordText:"Zobrazit heslo",signupActionLinkText:"${footerLinkText}",signupActionText:"${footerText}",termsAndConditionsTemplate:'Pokračováním souhlasíte s našimi <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Podmínkami a pravidly</a>.',title:"Vítejte","user-blocked":"Váš účet byl zablokován po několika po sobě jdoucích neúspěšných pokusech o přihlášení.",userAccountDoesNotExist:"Uživatelský účet neexistuje",usernameOnlyPlaceholder:"Uživatelské jméno",usernameOrEmailPlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernamePlaceholder:"Uživatelské jméno nebo e-mailová adresa",usernameTooLong:"Uživatelské jméno musí mít nejvýše ${max} znaků",usernameTooShort:"Uživatelské jméno musí mít alespoň ${min} znaků","wrong-credentials":"Nesprávné uživatelské jméno nebo heslo","wrong-email-credentials":"Nesprávný e-mail nebo heslo","wrong-email-phone-credentials":"Nesprávná e-mailová adresa, telefonní číslo nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-email-phone-username-credentials":"Nesprávná e-mailová adresa, telefonní číslo, uživatelské jméno nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-email-username-credentials":"Nesprávná e-mailová adresa, uživatelské jméno nebo heslo","wrong-phone-credentials":"Nesprávné telefonní číslo nebo heslo","wrong-phone-username-credentials":"Nesprávné telefonní číslo, uživatelské jméno nebo heslo. Telefonní čísla musí obsahovat předvolbu země.","wrong-username-credentials":"Nesprávné uživatelské jméno nebo heslo",passkeyButtonText:"Přihlásit se pomocí passkey"}},"login-password":{"login-password":{buttonText:"Přihlásit se",description:"Přihlaste se k ${clientName}",forgotPasswordText:"Zapomněli jste heslo?",hidePasswordText:"Skrýt heslo","no-password":"Heslo je povinné",pageTitle:"Přihlášení | ${clientName}","password-breached":"Zjistili jsme potenciální bezpečnostní problém s tímto účtem. Pro ochranu vašeho účtu jsme toto přihlášení zablokovali. Pro pokračování prosím resetujte své heslo.",passwordPlaceholder:"Heslo",showPasswordText:"Zobrazit heslo",signingInAs:"Přihlášení jako ${email}",title:"Zadejte heslo",unverifiedEmail:"Před přihlášením prosím ověřte svou e-mailovou adresu","user-blocked":"Váš účet byl zablokován po několika po sobě jdoucích neúspěšných pokusech o přihlášení.","wrong-credentials":"Nesprávné heslo"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mailová adresa",authMethodEmailOrPhone:"e-mail nebo telefonní číslo",authMethodPhone:"telefonní číslo",description:"Přihlaste se pomocí ${authMethod}",emailOrPhonePlaceholder:"E-mailová adresa nebo telefonní číslo",emailPlaceholder:"E-mailová adresa",invalidEmail:"Zadejte prosím platnou e-mailovou adresu",invalidIdentifier:"Zadejte prosím platnou e-mailovou adresu nebo telefonní číslo",invalidPhone:"Zadejte prosím platné telefonní číslo s předvolbou země",noEmail:"Zadejte prosím svou e-mailovou adresu",noPhone:"Zadejte prosím své telefonní číslo",phonePlaceholder:"Telefonní číslo",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Přihlásit se kódem",userAccountDoesNotExist:"Uživatelský účet neexistuje"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klikněte na odkaz ve svém e-mailu pro přihlášení",description:"Odeslali jsme odkaz na ${username}. Kliknutím na něj se přihlásíte.",resendText:"Odeslat odkaz znovu",spamText:"Nedostali jste e-mail? Zkontrolujte složku nevyžádané pošty.",title:"Zkontrolujte svůj e-mail"}},mfa:Hx,"mfa-email":{"mfa-email":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Odeslali jsme kód na ${email}","invalid-code":"Zadaný kód je neplatný",pageTitle:"Ověření e-mailem | ${clientName}",resendText:"Opětovné odeslání kódu",title:"Zkontrolujte svůj e-mail"}},"mfa-otp":{"mfa-otp":{buttonText:"Pokračovat",codePlaceholder:"Zadejte kód",description:"Zadejte šestimístný kód z vaší ověřovací aplikace","invalid-code":"Zadaný kód je neplatný",pageTitle:"Zadejte kód | ${clientName}",title:"Zadejte svůj kód"},"mfa-totp-enrollment":{title:"Nastavit ověřovací aplikaci",description:"Naskenujte QR kód níže pomocí ověřovací aplikace a poté zadejte šestimístný kód pro ověření",secretLabel:"Nebo zadejte tento kód ručně:",codePlaceholder:"Zadejte kód",continueButtonText:"Ověřit a aktivovat","invalid-code":"Zadaný kód je neplatný. Zkuste to prosím znovu.","transaction-not-found":"Platnost vaší registrace vypršela, budete muset začít znovu.",pageTitle:"Nastavení ověřovací aplikace | ${clientName}",unexpectedError:"Něco se pokazilo. Zkuste to prosím znovu.",enrollmentComplete:"Registrace MFA je dokončena. Tuto stránku můžete zavřít."},"mfa-totp-challenge":{title:"Ověřte svou identitu",description:"Zadejte šestimístný kód z vaší ověřovací aplikace",codePlaceholder:"Zadejte kód",continueButtonText:"Pokračovat","invalid-code":"Zadaný kód je neplatný","transaction-not-found":"Platnost vaší registrace vypršela, budete muset začít znovu.",unexpectedError:"Něco se pokazilo. Zkuste to prosím znovu.",pageTitle:"Ověření identity | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Použijte své telefonní číslo pro přihlášení | ${clientName}",title:"Ověřte svou identitu",description:"Odeslali jsme kód na ${phoneNumber}",continueButtonText:"Pokračovat",changePhoneText:"Zvolte jiné telefonní číslo.",smsButtonText:"Textová zpráva",voiceButtonText:"Hlasový hovor",chooseMessageTypeText:"Jak chcete kód přijmout?",pickAuthenticatorText:"Zkusit jinou metodu",logoAltText:"${companyName}",codePlaceholder:"Zadejte kód","send-sms-failed":"Při odesílání SMS došlo k problému","send-voice-failed":"Při uskutečnění hlasového hovoru došlo k problému","invalid-phone-format":"Telefonní číslo může obsahovat pouze číslice.","invalid-phone":"Zdá se, že vaše telefonní číslo není platné. Zkontrolujte a zkuste to znovu.","too-many-sms":"Překročili jste maximální počet telefonních zpráv za hodinu. Počkejte pár minut a zkuste to znovu.","too-many-voice":"Překročili jste maximální počet hlasových hovorů za hodinu. Počkejte pár minut a zkuste to znovu.","transaction-not-found":"Vaše registrační transakce vypršela, budete muset začít znovu.","no-phone":"Zadejte telefonní číslo",noCode:"Zadejte ověřovací kód",invalidCode:"Zadaný kód je neplatný. Zkuste to znovu.",unexpectedError:"Něco se pokazilo. Zkuste to znovu.",resendSuccess:"Odeslali jsme nový kód na váš telefon",enrollmentComplete:"Registrace MFA je dokončena. Tuto stránku můžete zavřít."},"mfa-phone-enrollment":{pageTitle:"Zadejte své telefonní číslo pro přihlášení pomocí telefonního kódu | ${clientName}",title:"Zabezpečte svůj účet",description:"Zadejte kód země a telefonní číslo, na které můžeme odeslat 6místný kód:",continueButtonText:"Pokračovat",smsButtonText:"Textová zpráva",voiceButtonText:"Hlasový hovor",chooseMessageTypeText:"Jak chcete kód přijmout?",pickAuthenticatorText:"Zkusit jinou metodu",placeholder:"Zadejte své telefonní číslo",logoAltText:"${companyName}",selectCountryCode:"Vyberte kód země, aktuálně nastaveno na ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Při odesílání SMS došlo k problému","send-voice-failed":"Při uskutečnění hlasového hovoru došlo k problému","sms-authenticator-error":"Nepodařilo se odeslat SMS. Zkuste to prosím později.","invalid-phone-format":"Telefonní číslo může obsahovat pouze číslice.","invalid-phone":"Zdá se, že vaše telefonní číslo není platné. Zkontrolujte a zkuste to znovu.","too-many-sms":"Překročili jste maximální počet telefonních zpráv za hodinu. Počkejte pár minut a zkuste to znovu.","too-many-voice":"Překročili jste maximální počet hlasových hovorů za hodinu. Počkejte pár minut a zkuste to znovu.","transaction-not-found":"Vaše registrační transakce vypršela, budete muset začít znovu.","no-phone":"Zadejte telefonní číslo","phone-is-too-short":"Telefonní číslo je příliš krátké","phone-is-too-long":"Telefonní číslo je příliš dlouhé"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Vyberte metodu ověření | ${clientName}",title:"Vyberte způsob ověření",description:"Zvolte, jak chcete ověřit svou identitu",authenticatorAppLabel:"Autentizační aplikace",authenticatorAppDescription:"Použijte autentizační aplikaci k získání ověřovacího kódu",smsLabel:"Textová zpráva",smsDescription:"Nechte si zaslat ověřovací kód na telefon",passkeyLabel:"Passkey",passkeyDescription:"Použijte biometrii zařízení nebo bezpečnostní klíč"}},"mfa-push":{"mfa-push":{description:"Odeslali jsme oznámení na vaše zařízení",pageTitle:"Push oznámení | ${clientName}",resendText:"Odeslat oznámení znovu",title:"Schvalte požadavek",useCodeText:"Zadat kód ručně"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Pokračovat",codePlaceholder:"Záložní kód",description:"Zadejte jeden z vašich záložních kódů","invalid-code":"Zadaný záložní kód je neplatný",pageTitle:"Záložní kód | ${clientName}",title:"Zadejte záložní kód"}},"mfa-voice":{"mfa-voice":{buttonText:"Zavolat mi",codePlaceholder:"Zadejte kód",description:"Zavoláme na ${phoneNumber} s vaším kódem","invalid-code":"Zadaný kód je neplatný",pageTitle:"Hlasový hovor | ${clientName}",title:"Přijmout telefonní hovor"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Zkusit znovu",description:"Vložte svůj bezpečnostní klíč a postupujte podle pokynů",pageTitle:"Bezpečnostní klíč | ${clientName}",title:"Použijte svůj bezpečnostní klíč"}},passkeys:Vx,organizations:Kx,"reset-password":{"reset-password":{backToLoginText:"Zpět na přihlášení",buttonText:"Pokračovat",codeExpired:"Platnost kódu pro obnovení hesla vypršela. Požádejte prosím o nový.",confirmPasswordLabel:"Potvrzení hesla",confirmPasswordPlaceholder:"Potvrzení hesla",description:"Zadejte svůj e-mail pro obnovení hesla",emailPlaceholder:"E-mailová adresa",failed:"Obnovení hesla se nezdařilo. Zkuste to prosím znovu.","invalid-email-format":"Neplatný e-mail","no-email":"Zadejte prosím e-mailovou adresu",pageTitle:"Obnovení hesla | ${clientName}",passwordLabel:"Nové heslo",passwordPlaceholder:"Nové heslo",passwordTooWeak:"Heslo je příliš slabé",passwordsDidntMatch:"Hesla se neshodují",successDescription:"Odkaz na obnovení hesla jsme odeslali na vaši e-mailovou adresu.",successTitle:"Zkontrolujte svůj e-mail",title:"Zapomněli jste heslo?","user-not-found":"Uživatel nenalezen"},"reset-password-code":{backToLoginText:"Zpět na přihlášení",buttonText:"Obnovit heslo",codeLabel:"Kód pro obnovení",codePlaceholder:"Zadejte 6místný kód",confirmPasswordLabel:"Potvrzení hesla",confirmPasswordPlaceholder:"Potvrzení hesla",defaultDescription:"Zadejte kód zaslaný na váš e-mail a zvolte nové heslo",description:"Odeslali jsme kód na ${email}",failed:"Obnovení hesla se nezdařilo. Zkuste to prosím znovu.",invalidCode:"Zadaný kód je neplatný nebo vypršel",noCode:"Zadejte prosím kód pro obnovení",pageTitle:"Zadejte kód pro obnovení | ${clientName}",passwordLabel:"Nové heslo",passwordPlaceholder:"Nové heslo",passwordTooWeak:"Heslo je příliš slabé",passwordsDidntMatch:"Hesla se neshodují",resendFailed:"Nepodařilo se znovu odeslat kód. Zkuste to prosím znovu.",resendSuccess:"Nový kód byl odeslán na váš e-mail",resendText:"Odeslat kód znovu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zadejte kód pro obnovení"}},signup:Gx,"signup-id":{"signup-id":{buttonText:"Pokračovat",description:"Zaregistrujte se a pokračujte","email-already-exists":"Tento e-mail je již zaregistrován",emailPlaceholder:"E-mailová adresa",federatedConnectionButtonText:"Pokračovat s ${connectionName}","invalid-email-format":"Neplatný e-mail",loginActionLinkText:"Přihlásit se",loginActionText:"Už máte účet?","no-email":"Zadejte prosím e-mailovou adresu",pageTitle:"Registrace | ${clientName}",phonePlaceholder:"Telefonní číslo",separatorText:"nebo",title:"Vytvořte svůj účet",usernamePlaceholder:"Uživatelské jméno"}},"signup-password":{"signup-password":{buttonText:"Pokračovat",description:"Zaregistrujte se a pokračujte",hidePasswordText:"Skrýt heslo","no-password":"Heslo je povinné",pageTitle:"Registrace | ${clientName}","password-policy-not-met":"Heslo nesplňuje požadavky","password-too-weak":"Heslo je příliš slabé",passwordPlaceholder:"Heslo",showPasswordText:"Zobrazit heslo",title:"Vytvořte své heslo"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Pokračovat",codeLabel:"Ověřovací kód",codePlaceholder:"Zadejte kód",defaultDescription:"Zadejte ověřovací kód zaslaný na váš telefon",description:"Odeslali jsme kód na ${username}","invalid-code":"Neplatný kód",noCode:"Zadejte prosím ověřovací kód",pageTitle:"Zadejte kód | ${clientName}",resendText:"Opětovné odeslání kódu",sessionExpired:"Platnost vaší relace vypršela. Zkuste to prosím znovu.",title:"Zkontrolujte svůj telefon",unexpectedError:"Došlo k neočekávané chybě"}},status:Wx},qj=Object.freeze(Object.defineProperty({__proto__:null,common:Bx,consent:Mx,default:Uj,invitation:Ux,login:qx,mfa:Hx,organizations:Kx,passkeys:Vx,signup:Gx,status:Wx},Symbol.toStringTag,{value:"Module"})),Jx={common:{alertListTitle:"Advarsler",backText:"Gå tilbage",cancelText:"Gå tilbage",closeText:"Luk",contactSupportText:"Har du brug for hjælp?",continueText:"Fortsæt",copyrightText:"© ${currentYear} ${companyName}",errorText:"Noget gik galt. Prøv venligst igen.",hidePasswordText:"Skjul adgangskode",loadingText:"Indlæser...",orText:"eller",privacyPolicyText:"Privatlivspolitik",showPasswordText:"Vis adgangskode",termsOfServiceText:"Servicevilkår",termsShortText:"Vilkår",tryAgainText:"Prøv igen"}},Yx={consent:{buttonText:"Acceptér",cancelButtonText:"Afvis",description:"${clientName} anmoder om adgang til din konto",pageTitle:"Godkend | ${clientName}",scopesTitle:"Dette vil give ${clientName} tilladelse til at:",title:"Godkend ${clientName}"}},Qx={invitation:{acceptButtonText:"Acceptér invitation",description:"${inviterName} har inviteret dig til at deltage i ${organizationName} på ${clientName}",pageTitle:"Invitation | ${clientName}",title:"Du er blevet inviteret"}},Zx={login:{alertListTitle:"Advarsler",buttonText:"Fortsæt",description:"Log ind på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-mail-adresse",enterACodeBtn:"Log ind med en kode",federatedConnectionButtonText:"Fortsæt med ${connectionName}",footerLinkText:"Tilmeld dig",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode",invalidEmail:"Ugyldig e-mail",invalidIdentifier:"Ugyldig e-mail eller brugernavn",invitationDescription:"Log ind for at acceptere ${inviterName}s invitation til at deltage i ${companyName} på ${clientName}.",invitationTitle:"Du er blevet inviteret!",logoAltText:"${companyName}","no-email":"Indtast venligst en e-mailadresse","no-password":"Adgangskode er påkrævet",pageTitle:"Log ind | ${clientName}",passwordLoginNotAvailable:"Adgangskodegodkendelse er ikke tilgængelig",passwordPlaceholder:"Adgangskode",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",signupActionLinkText:"Tilmeld dig",signupActionText:"Har du ikke en konto?",title:"Velkommen",tooManyFailedLogins:"For mange mislykkede loginforsøg. Prøv venligst igen senere.",unverifiedEmail:"Bekræft venligst din e-mailadresse, før du logger ind",userAccountDoesNotExist:"Brugerkontoen findes ikke",usernamePlaceholder:"Brugernavn eller e-mailadresse",usernameTooLong:"Brugernavnet må højst være ${max} tegn",usernameTooShort:"Brugernavnet skal være mindst ${min} tegn",wrongCredentials:"Forkert brugernavn eller adgangskode",passkeyButtonText:"Log ind med passkey"}},Xx={mfa:{backupCodeText:"Brug backupkode",description:"Vælg en bekræftelsesmetode",pageTitle:"Multifaktorgodkendelse | ${clientName}",title:"Bekræft din identitet"}},eI={"passkey-enrollment-nudge":{title:"Sikr din konto med en adgangsnøgle",description:"Adgangsnøgler bruger din enheds biometri eller PIN til at logge dig ind hurtigere og mere sikkert.",enrollButtonText:"Konfigurer adgangsnøgle",snoozeButtonText:"Måske senere",optOutLinkText:"Vis ikke dette igen",pageTitle:"Konfigurer Adgangsnøgle | ${clientName}"},"passkey-enrollment":{title:"Opret din adgangsnøgle",description:"Følg anvisningerne fra din browser for at oprette en adgangsnøgle til denne konto.",errorMessage:"Oprettelse af adgangsnøgle mislykkedes. Prøv venligst igen.",cancelLinkText:"Spring over for nu",retryButtonText:"Prøv igen",enrollmentComplete:"Din adgangsnøgle er konfigureret. Du kan lukke denne side.",pageTitle:"Opret Adgangsnøgle | ${clientName}"},"passkey-challenge":{title:"Log ind med passkey",description:"Følg anvisningerne fra din browser for at bekræfte din identitet.",errorMessage:"Godkendelse med passkey mislykkedes. Prøv venligst igen.",cancelLinkText:"Tilbage til login",retryButtonText:"Prøv igen",pageTitle:"Log ind med passkey | ${clientName}"}},tI={organizations:{description:"Vælg hvilken organisation du vil logge ind på",pageTitle:"Vælg organisation | ${clientName}",searchPlaceholder:"Søg organisationer",title:"Vælg din organisation"}},nI={signup:{buttonText:"Tilmelding",confirmPasswordPlaceholder:"Bekræft adgangskode",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.","email-already-exists":"E-mailen er allerede optaget",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}",hidePasswordText:"Skjul adgangskode","invalid-email-format":"Ugyldig e-mail",loginActionLinkText:"Log ind",loginActionText:"Har du allerede en konto?","no-email":"Indtast venligst en e-mailadresse","no-password":"Adgangskode er påkrævet","no-username":"Brugernavn er påkrævet",pageTitle:"Tilmeld dig | ${clientName}",passwordPlaceholder:"Adgangskode",passwordsDidntMatch:"Adgangskoderne matcher ikke",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Privatlivspolitik",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",termsOfServiceLinkText:"Servicevilkår",termsText:"Ved at tilmelde dig accepterer du vores",title:"Vælg adgangskode","username-already-exists":"Dette brugernavn er allerede taget",usernamePlaceholder:"Brugernavn",verifyEmailText:"Tjek venligst din e-mail for at bekræfte din konto"}},iI={status:{continueButtonText:"Fortsæt",errorTitle:"Fejl",pageTitle:"Status | ${clientName}",successTitle:"Succes",title:"Status"}},Hj={common:Jx,consent:Yx,"device-flow":{"device-flow":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Indtast koden, der vises på din enhed","expired-code":"Koden er udløbet","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Enhedsaktivering | ${clientName}",title:"Aktivér din enhed"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Log ind",codeLabel:"Bekræftelseskode",codePlaceholder:"Indtast kode",defaultDescription:"Indtast bekræftelseskoden, der blev sendt til din e-mail",description:"Vi sendte en kode til ${email}","invalid-code":"Ugyldig kode",noCode:"Indtast venligst bekræftelseskoden",pageTitle:"Indtast kode | ${clientName}",resendText:"Send koden igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Tjek din e-mail",unexpectedError:"Der opstod en uventet fejl"}},"email-verification":{"email-verification":{description:"Vi sendte en e-mail til ${email}",pageTitle:"Bekræft e-mail | ${clientName}",resendText:"Send koden igen",successDescription:"Din e-mail er blevet bekræftet.",successTitle:"E-mail bekræftet",title:"Bekræft din e-mail"}},invitation:Qx,login:Zx,"login-id":{"login-id":{alertListTitle:"Advarsler","auth0-users-validation":"Noget gik galt, prøv venligst igen senere","authentication-failure":"Vi beklager, noget gik galt under loginforsøget",buttonText:"Fortsæt","captcha-client-failure":"Vi kunne ikke indlæse sikkerhedsudfordringen. Prøv venligst igen. (Fejlkode: #{errorCode})","captcha-validation-failure":"Vi beklager, noget gik galt under validering af captcha-svaret. Prøv venligst igen.",captchaCodePlaceholder:"Indtast koden vist ovenfor","custom-script-error-code":"Noget gik galt, prøv venligst igen senere.",description:"Log ind på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}",footerLinkText:"Tilmeld dig",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode","invalid-captcha":"Løs sikkerhedsspørgsmålet for at bekræfte, at du ikke er en robot.","invalid-code":"Ugyldig kode","invalid-connection":"Ugyldig forbindelse","invalid-email-format":"Ugyldig e-mail","invalid-email-phone":"Indtast en gyldig e-mailadresse eller telefonnummer. Telefonnumre skal inkludere landekoden.","invalid-email-phone-username":"Indtast en gyldig e-mailadresse, telefonnummer eller brugernavn. Telefonnumre skal inkludere landekoden.","invalid-email-username":"Indtast en gyldig e-mailadresse eller brugernavn","invalid-expired-code":"Ugyldig eller udløbet brugerkode","invalid-login-id":"Ugyldigt login-ID indtastet","invalid-phone-username":"Indtast et gyldigt telefonnummer eller brugernavn. Telefonnumre skal inkludere landekoden.","invalid-recaptcha":"Markér afkrydsningsfeltet for at bekræfte, at du ikke er en robot.","invalid-username":"Brugernavnet kan kun indeholde alfanumeriske tegn eller: '${characters}'. Brugernavnet skal være mellem ${min} og ${max} tegn.",invitationDescription:"Log ind for at acceptere ${inviterName}s invitation til at deltage i ${companyName} på ${clientName}.",invitationTitle:"Du er blevet inviteret!","ip-blocked":"Vi har registreret mistænkelig loginadfærd, og yderligere forsøg vil blive blokeret. Kontakt venligst administratoren.",logoAltText:"${companyName}","no-db-connection":"Ugyldig forbindelse","no-email":"Indtast venligst en e-mailadresse","no-email-phone":"E-mailadresse eller telefonnummer er påkrævet","no-email-phone-username":"Telefonnummer, brugernavn eller e-mailadresse er påkrævet","no-email-username":"E-mailadresse eller brugernavn er påkrævet","no-password":"Adgangskode er påkrævet","no-phone":"Indtast venligst et telefonnummer","no-phone-username":"Telefonnummer eller brugernavn er påkrævet","no-username":"Brugernavn er påkrævet",pageTitle:"Log ind | ${clientName}","password-breached":"Vi har registreret et potentielt sikkerhedsproblem med denne konto. For at beskytte din konto har vi forhindret dette login. Nulstil venligst din adgangskode for at fortsætte.",passwordPlaceholder:"Adgangskode",phoneOrEmailPlaceholder:"E-mail eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, brugernavn eller e-mail",phoneOrUsernamePlaceholder:"Telefonnummer eller brugernavn",phonePlaceholder:"Telefonnummer","same-user-login":"For mange loginforsøg for denne bruger. Vent venligst, og prøv igen senere.",selectCountryCode:"Vælg landekode, i øjeblikket sat til ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Din session er udløbet. Prøv venligst igen.",showPasswordText:"Vis adgangskode",signupActionLinkText:"Tilmeld dig",signupActionText:"Har du ikke en konto?",termsAndConditionsTemplate:'Ved at fortsætte accepterer du vores <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Vilkår og betingelser</a>.',title:"Velkommen","user-blocked":"Din konto er blevet blokeret efter flere på hinanden følgende loginforsøg.",userAccountDoesNotExist:"Brugerkontoen findes ikke",usernameOnlyPlaceholder:"Brugernavn",usernameOrEmailPlaceholder:"Brugernavn eller e-mailadresse",usernamePlaceholder:"Brugernavn",usernameTooLong:"Brugernavnet må højst være ${max} tegn",usernameTooShort:"Brugernavnet skal være mindst ${min} tegn","wrong-credentials":"Forkert brugernavn eller adgangskode","wrong-email-credentials":"Forkert e-mail eller adgangskode","wrong-email-phone-credentials":"Forkert e-mailadresse, telefonnummer eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-email-phone-username-credentials":"Forkert e-mailadresse, telefonnummer, brugernavn eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-email-username-credentials":"Forkert e-mailadresse, brugernavn eller adgangskode","wrong-phone-credentials":"Forkert telefonnummer eller adgangskode","wrong-phone-username-credentials":"Forkert telefonnummer, brugernavn eller adgangskode. Telefonnumre skal inkludere landekoden.","wrong-username-credentials":"Forkert brugernavn eller adgangskode",passkeyButtonText:"Log ind med passkey"}},"login-password":{"login-password":{buttonText:"Log ind",description:"Indtast din e-mailadresse og adgangskode for at logge ind.",forgotPasswordText:"Har du glemt din adgangskode?",hidePasswordText:"Skjul adgangskode","no-password":"Adgangskode er påkrævet",pageTitle:"Log ind | ${clientName}","password-breached":"Vi har registreret et potentielt sikkerhedsproblem med denne konto. For at beskytte din konto har vi forhindret dette login. Nulstil venligst din adgangskode for at fortsætte.",passwordPlaceholder:"Adgangskode",showPasswordText:"Vis adgangskode",signingInAs:"Logger ind som ${email}",title:"Indtast adgangskode",unverifiedEmail:"Bekræft venligst din e-mailadresse, før du logger ind","user-blocked":"Din konto er blevet blokeret efter flere på hinanden følgende loginforsøg.","wrong-credentials":"Forkert adgangskode"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mail",authMethodEmailOrPhone:"e-mail eller telefonnummer",authMethodPhone:"telefonnummer",description:"Log ind med din ${authMethod}",emailOrPhonePlaceholder:"E-mailadresse eller telefonnummer",emailPlaceholder:"E-mail-adresse",invalidEmail:"Indtast venligst en gyldig e-mailadresse",invalidIdentifier:"Indtast venligst en gyldig e-mailadresse eller telefonnummer",invalidPhone:"Indtast venligst et gyldigt telefonnummer med landekode",noEmail:"Indtast venligst din e-mailadresse",noPhone:"Indtast venligst dit telefonnummer",phonePlaceholder:"Telefonnummer",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Log ind med en kode",userAccountDoesNotExist:"Brugerkontoen findes ikke"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klik på linket i din e-mail for at logge ind",description:"Vi sendte et link til ${username}. Klik på det for at logge ind.",resendText:"Send link igen",spamText:"Har du ikke modtaget e-mailen? Tjek din spam-mappe.",title:"Tjek din e-mail"}},mfa:Xx,"mfa-email":{"mfa-email":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Vi sendte en kode til ${email}","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"E-mailbekræftelse | ${clientName}",resendText:"Send kode igen",title:"Tjek din e-mail"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsæt",codePlaceholder:"Indtast kode",description:"Indtast den 6-cifrede kode fra din autentificeringsapp","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Indtast kode | ${clientName}",title:"Indtast din kode"},"mfa-totp-enrollment":{title:"Opsæt autentificeringsapp",description:"Scan QR-koden nedenfor med din autentificeringsapp, og indtast derefter den 6-cifrede kode for at bekræfte",secretLabel:"Eller indtast denne kode manuelt:",codePlaceholder:"Indtast kode",continueButtonText:"Bekræft og aktiver","invalid-code":"Den indtastede kode er ugyldig. Prøv venligst igen.","transaction-not-found":"Din tilmeldingssession er udløbet. Du skal starte forfra.",pageTitle:"Opsæt autentificeringsapp | ${clientName}",unexpectedError:"Noget gik galt. Prøv venligst igen.",enrollmentComplete:"MFA-tilmeldingen er fuldført. Du kan lukke denne side."},"mfa-totp-challenge":{title:"Bekræft din identitet",description:"Indtast den 6-cifrede kode fra din autentificeringsapp",codePlaceholder:"Indtast kode",continueButtonText:"Fortsæt","invalid-code":"Den indtastede kode er ugyldig","transaction-not-found":"Din session er udløbet. Du skal starte forfra.",unexpectedError:"Noget gik galt. Prøv venligst igen.",pageTitle:"Bekræft identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Brug dit telefonnummer til at logge ind | ${clientName}",title:"Bekræft din identitet",description:"Vi sendte en kode til ${phoneNumber}",continueButtonText:"Fortsæt",changePhoneText:"Vælg et andet telefonnummer.",smsButtonText:"SMS",voiceButtonText:"Taleopkald",chooseMessageTypeText:"Hvordan vil du modtage koden?",pickAuthenticatorText:"Prøv en anden metode",logoAltText:"${companyName}",codePlaceholder:"Indtast kode","send-sms-failed":"Der opstod et problem med at sende SMS'en","send-voice-failed":"Der opstod et problem med at foretage taleopkaldet","invalid-phone-format":"Telefonnummeret kan kun indeholde cifre.","invalid-phone":"Det ser ud til, at dit telefonnummer ikke er gyldigt. Kontrollér og prøv igen.","too-many-sms":"Du har overskredet det maksimale antal telefonbeskeder pr. time. Vent et par minutter og prøv igen.","too-many-voice":"Du har overskredet det maksimale antal telefonopkald pr. time. Vent et par minutter og prøv igen.","transaction-not-found":"Din registreringstransaktion er udløbet, du skal starte forfra.","no-phone":"Indtast et telefonnummer",noCode:"Indtast bekræftelseskoden",invalidCode:"Den indtastede kode er ugyldig. Prøv igen.",unexpectedError:"Noget gik galt. Prøv igen.",resendSuccess:"Vi sendte en ny kode til din telefon",enrollmentComplete:"MFA-tilmeldingen er fuldført. Du kan lukke denne side."},"mfa-phone-enrollment":{pageTitle:"Indtast dit telefonnummer for at logge ind med en telefonkode | ${clientName}",title:"Sikre din konto",description:"Indtast din landekode og telefonnummer, som vi kan sende en 6-cifret kode til:",continueButtonText:"Fortsæt",smsButtonText:"SMS",voiceButtonText:"Taleopkald",chooseMessageTypeText:"Hvordan vil du modtage koden?",pickAuthenticatorText:"Prøv en anden metode",placeholder:"Indtast dit telefonnummer",logoAltText:"${companyName}",selectCountryCode:"Vælg landekode, i øjeblikket sat til ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Der opstod et problem med at sende SMS'en","send-voice-failed":"Der opstod et problem med at foretage taleopkaldet","sms-authenticator-error":"Vi kunne ikke sende SMS'en. Prøv igen senere.","invalid-phone-format":"Telefonnummeret kan kun indeholde cifre.","invalid-phone":"Det ser ud til, at dit telefonnummer ikke er gyldigt. Kontrollér og prøv igen.","too-many-sms":"Du har overskredet det maksimale antal telefonbeskeder pr. time. Vent et par minutter og prøv igen.","too-many-voice":"Du har overskredet det maksimale antal telefonopkald pr. time. Vent et par minutter og prøv igen.","transaction-not-found":"Din registreringstransaktion er udløbet, du skal starte forfra.","no-phone":"Indtast et telefonnummer","phone-is-too-short":"Telefonnummeret er for kort","phone-is-too-long":"Telefonnummeret er for langt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Vælg bekræftelsesmetode | ${clientName}",title:"Vælg din bekræftelsesmetode",description:"Vælg hvordan du vil bekræfte din identitet",authenticatorAppLabel:"Godkendelsesapp",authenticatorAppDescription:"Brug din godkendelsesapp til at få en bekræftelseskode",smsLabel:"Sms-besked",smsDescription:"Få en bekræftelseskode sendt til din telefon",passkeyLabel:"Adgangsnøgle",passkeyDescription:"Brug din enheds biometri eller sikkerhedsnøgle"}},"mfa-push":{"mfa-push":{description:"Vi sendte en notifikation til din enhed",pageTitle:"Push-notifikation | ${clientName}",resendText:"Send notifikation igen",title:"Godkend anmodningen",useCodeText:"Indtast kode manuelt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsæt",codePlaceholder:"Gendannelseskode",description:"Indtast en af dine gendannelseskoder","invalid-code":"Den indtastede gendannelseskode er ugyldig",pageTitle:"Gendannelseskode | ${clientName}",title:"Indtast gendannelseskode"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring til mig",codePlaceholder:"Indtast kode",description:"Vi ringer til ${phoneNumber} med din kode","invalid-code":"Den indtastede kode er ugyldig",pageTitle:"Taleopkald | ${clientName}",title:"Modtag et telefonopkald"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Prøv igen",description:"Indsæt din sikkerhedsnøgle og følg instruktionerne",pageTitle:"Sikkerhedsnøgle | ${clientName}",title:"Brug din sikkerhedsnøgle"}},passkeys:eI,organizations:tI,"reset-password":{"reset-password":{backToLoginText:"Gå tilbage",buttonText:"Send e-mail til nulstilling af adgangskode",codeExpired:"Din kode til nulstilling af adgangskode er udløbet. Anmod venligst om en ny.",confirmPasswordLabel:"Bekræft adgangskode",confirmPasswordPlaceholder:"Bekræft adgangskode",description:"Klik på knappen nedenfor, så sender vi instruktioner om, hvordan du nulstiller din adgangskode.",emailPlaceholder:"E-mail-adresse",failed:"Nulstilling af adgangskode mislykkedes. Prøv venligst igen.","invalid-email-format":"Ugyldig e-mail","no-email":"Indtast venligst en e-mailadresse",pageTitle:"Nulstil adgangskode | ${clientName}",passwordLabel:"Ny adgangskode",passwordPlaceholder:"Ny adgangskode",passwordTooWeak:"Adgangskoden er for svag",passwordsDidntMatch:"Adgangskoderne matcher ikke",successDescription:"Vi har sendt et link til nulstilling af adgangskode til din e-mailadresse.",successTitle:"E-mail til nulstilling af adgangskode sendt",title:"Har du glemt din adgangskode?","user-not-found":"Bruger ikke fundet"},"reset-password-code":{backToLoginText:"Tilbage til login",buttonText:"Nulstil adgangskode",codeLabel:"Nulstillingskode",codePlaceholder:"Indtast 6-cifret kode",confirmPasswordLabel:"Bekræft adgangskode",confirmPasswordPlaceholder:"Bekræft adgangskode",defaultDescription:"Indtast koden sendt til din e-mail og vælg en ny adgangskode",description:"Vi sendte en kode til ${email}",failed:"Nulstilling af adgangskode mislykkedes. Prøv venligst igen.",invalidCode:"Den indtastede kode er ugyldig eller udløbet",noCode:"Indtast venligst nulstillingskoden",pageTitle:"Indtast nulstillingskode | ${clientName}",passwordLabel:"Ny adgangskode",passwordPlaceholder:"Ny adgangskode",passwordTooWeak:"Adgangskoden er for svag",passwordsDidntMatch:"Adgangskoderne matcher ikke",resendFailed:"Kunne ikke sende koden igen. Prøv igen.",resendSuccess:"En ny kode er blevet sendt til din e-mail",resendText:"Send kode igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Indtast nulstillingskode"}},signup:nI,"signup-id":{"signup-id":{buttonText:"Fortsæt",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.","email-already-exists":"E-mailen er allerede optaget",emailPlaceholder:"E-mail-adresse",federatedConnectionButtonText:"Fortsæt med ${connectionName}","invalid-email-format":"Ugyldig e-mail",loginActionLinkText:"Log ind",loginActionText:"Har du allerede en konto?","no-email":"Indtast venligst en e-mailadresse",pageTitle:"Tilmeld dig | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Vælg adgangskode",usernamePlaceholder:"Brugernavn"}},"signup-password":{"signup-password":{buttonText:"Fortsæt",description:"Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.",hidePasswordText:"Skjul adgangskode","no-password":"Adgangskode er påkrævet",pageTitle:"Tilmeld dig | ${clientName}","password-policy-not-met":"Adgangskoden opfylder ikke kravene","password-too-weak":"Adgangskoden er for svag",passwordPlaceholder:"Adgangskode",showPasswordText:"Vis adgangskode",title:"Vælg adgangskode"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Log ind",codeLabel:"Bekræftelseskode",codePlaceholder:"Indtast kode",defaultDescription:"Indtast bekræftelseskoden, der blev sendt til din telefon",description:"Vi sendte en kode til ${username}","invalid-code":"Ugyldig kode",noCode:"Indtast venligst bekræftelseskoden",pageTitle:"Indtast kode | ${clientName}",resendText:"Send koden igen",sessionExpired:"Din session er udløbet. Prøv venligst igen.",title:"Tjek din telefon",unexpectedError:"Der opstod en uventet fejl"}},status:iI},Vj=Object.freeze(Object.defineProperty({__proto__:null,common:Jx,consent:Yx,default:Hj,invitation:Qx,login:Zx,mfa:Xx,organizations:tI,passkeys:eI,signup:nI,status:iI},Symbol.toStringTag,{value:"Module"})),rI={common:{alertListTitle:"Alerts",backText:"Back",cancelText:"Cancel",closeText:"Close",contactSupportText:"Contact Support",continueText:"Continue",copyrightText:"© ${currentYear} ${companyName}",errorText:"An error occurred",hidePasswordText:"Hide password",loadingText:"Loading...",orText:"or",privacyPolicyText:"Privacy Policy",showPasswordText:"Show password",termsOfServiceText:"Terms of Service",termsShortText:"Terms",tryAgainText:"Try again"}},oI={consent:{buttonText:"Accept",cancelButtonText:"Deny",description:"${clientName} is requesting access to your account",pageTitle:"Authorize | ${clientName}",scopesTitle:"This will allow ${clientName} to:",title:"Authorize ${clientName}"}},sI={invitation:{acceptButtonText:"Accept invitation",description:"${inviterName} has invited you to join ${organizationName} on ${clientName}",pageTitle:"Invitation | ${clientName}",title:"You've been invited"}},aI={login:{alertListTitle:"Alerts",buttonText:"Continue",description:"Log in to ${clientName}.",editEmailText:"Edit",emailPlaceholder:"Email address",enterACodeBtn:"Sign in with a code",federatedConnectionButtonText:"Continue with ${connectionName}",footerLinkText:"Sign up",footerText:"Don't have an account?",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password",invalidEmail:"Invalid email",invalidIdentifier:"Invalid email or username",invitationDescription:"Log in to accept ${inviterName}'s invitation to join ${companyName} on ${clientName}.",invitationTitle:"You've Been Invited!",logoAltText:"${companyName}","no-email":"Please enter an email address","no-password":"Password is required",pageTitle:"Log in | ${clientName}",passwordLoginNotAvailable:"Password authentication is not available",passwordPlaceholder:"Password",phonePlaceholder:"Phone number",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",signupActionLinkText:"Sign up",signupActionText:"Don't have an account?",title:"Welcome",tooManyFailedLogins:"Too many failed login attempts. Please try again later.",unverifiedEmail:"Please verify your email address before logging in",userAccountDoesNotExist:"User account does not exist",usernamePlaceholder:"Username or email address",usernameTooLong:"Username must be ${max} characters or less",usernameTooShort:"Username must be at least ${min} characters",passkeyButtonText:"Sign in with a passkey",wrongCredentials:"Wrong username or password"}},cI={mfa:{backupCodeText:"Use backup code",description:"Choose a verification method",pageTitle:"Multi-Factor Authentication | ${clientName}",title:"Verify your identity"}},lI={"passkey-enrollment-nudge":{title:"Secure your account with a passkey",description:"Passkeys use your device's biometrics or PIN to sign you in faster and more securely.",enrollButtonText:"Set up passkey",snoozeButtonText:"Maybe later",optOutLinkText:"Don't show this again",pageTitle:"Set Up Passkey | ${clientName}"},"passkey-enrollment":{title:"Create your passkey",description:"Follow the prompts from your browser to create a passkey for this account.",errorMessage:"Failed to create passkey. Please try again.",cancelLinkText:"Skip for now",retryButtonText:"Try again",enrollmentComplete:"Your passkey has been set up successfully. You can close this page.",pageTitle:"Create Passkey | ${clientName}"},"passkey-challenge":{title:"Sign in with a passkey",description:"Follow the prompts from your browser to verify your identity.",errorMessage:"Passkey authentication failed. Please try again.",cancelLinkText:"Back to login",retryButtonText:"Try again",pageTitle:"Sign In with Passkey | ${clientName}"}},dI={organizations:{description:"Choose which organization to log in to",pageTitle:"Select Organization | ${clientName}",searchPlaceholder:"Search organizations",title:"Select your organization"}},uI={signup:{buttonText:"Continue",confirmPasswordPlaceholder:"Confirm password",description:"Sign up to continue","email-already-exists":"This email is already registered",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}",hidePasswordText:"Hide password","invalid-email-format":"Email is not valid.",loginActionLinkText:"Log in",loginActionText:"Already have an account?","no-email":"Please enter an email address","no-password":"Password is required","no-username":"Username is required",pageTitle:"Sign up | ${clientName}",passwordPlaceholder:"Password",passwordsDidntMatch:"Passwords don't match",phonePlaceholder:"Phone number",privacyPolicyLinkText:"Privacy Policy",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",termsOfServiceLinkText:"Terms of Service",termsText:"By signing up, you agree to our",title:"Create your account","username-already-exists":"This username is already taken",usernamePlaceholder:"Username",verifyEmailText:"Please check your email to verify your account"}},pI={status:{continueButtonText:"Continue",errorTitle:"Error",pageTitle:"Status | ${clientName}",successTitle:"Success",title:"Status"}},Kj={common:rI,consent:oI,"device-flow":{"device-flow":{buttonText:"Continue",codePlaceholder:"Enter code",description:"Enter the code shown on your device","expired-code":"The code has expired","invalid-code":"The code you entered is invalid",pageTitle:"Device Activation | ${clientName}",title:"Activate your device"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Continue",codeLabel:"Verification Code",codePlaceholder:"Enter code",defaultDescription:"Enter the verification code sent to your email",description:"We sent a code to ${email}","invalid-code":"The code you entered is invalid",noCode:"Please enter the verification code",pageTitle:"Enter Code | ${clientName}",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Check your email",unexpectedError:"An unexpected error occurred"}},"email-verification":{"email-verification":{description:"We sent an email to ${email}",pageTitle:"Verify Email | ${clientName}",resendText:"Resend email",successDescription:"Your email has been verified successfully.",successTitle:"Email verified",title:"Verify your email"}},invitation:sI,login:aI,"login-id":{"login-id":{alertListTitle:"Alerts","auth0-users-validation":"Something went wrong, please try again later","authentication-failure":"We are sorry, something went wrong when attempting to log in",buttonText:"Continue","captcha-client-failure":"We couldn't load the security challenge. Please try again. (Error code: #{errorCode})","captcha-validation-failure":"We are sorry, something went wrong while validating the captcha response. Please try again.",captchaCodePlaceholder:"Enter the code shown above","custom-script-error-code":"Something went wrong, please try again later.",description:"Log in to ${clientName}.",editEmailText:"Edit",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}",footerLinkText:"Sign up",footerText:"Don't have an account?",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password","invalid-captcha":"Solve the challenge question to verify you are not a robot.","invalid-code":"The code you entered is invalid","invalid-connection":"Invalid connection","invalid-email-format":"Email is not valid.","invalid-email-phone":"Enter a valid email address or phone number. Phone numbers must include the country code.","invalid-email-phone-username":"Enter a valid email address, phone number or username. Phone numbers must include the country code.","invalid-email-username":"Enter a valid email address or username","invalid-expired-code":"Invalid or expired user code","invalid-login-id":"Invalid Login ID entered","invalid-phone-username":"Enter a valid phone number or username. Phone numbers must include the country code.","invalid-recaptcha":"Select the checkbox to verify you are not a robot.","invalid-username":"Username can only contain alphanumeric characters or: '${characters}'. Username should have between ${min} and ${max} characters.",invitationDescription:"Log in to accept ${inviterName}'s invitation to join ${companyName} on ${clientName}.",invitationTitle:"You've Been Invited!","ip-blocked":"We have detected suspicious login behavior and further attempts will be blocked. Please contact the administrator.",logoAltText:"${companyName}","no-db-connection":"Invalid connection","no-email":"Please enter an email address","no-email-phone":"Email address or phone number is required","no-email-phone-username":"Phone number, username, or email address is required","no-email-username":"Email address or username is required","no-password":"Password is required","no-phone":"Please enter a phone number","no-phone-username":"Phone number or username is required","no-username":"Username is required",pageTitle:"Log in | ${clientName}","password-breached":"We have detected a potential security issue with this account. To protect your account, we have prevented this login. Please reset your password to proceed.",passwordPlaceholder:"Password",phoneOrEmailPlaceholder:"Phone number or Email address",phoneOrUsernameOrEmailPlaceholder:"Phone or Username or Email",phoneOrUsernamePlaceholder:"Phone Number or Username",phonePlaceholder:"Phone number","same-user-login":"Too many login attempts for this user. Please wait, and try again later.",selectCountryCode:"Select country code, currently set to ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"Or",sessionExpired:"Your session has expired. Please try again.",showPasswordText:"Show password",signupActionLinkText:"Sign up",signupActionText:"Don't have an account?",termsAndConditionsTemplate:'By continuing, you agree to our <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Terms and Conditions</a>.',title:"Welcome","user-blocked":"Your account has been blocked after multiple consecutive login attempts.",userAccountDoesNotExist:"User account does not exist",usernameOnlyPlaceholder:"Username",usernameOrEmailPlaceholder:"Username or Email address",usernamePlaceholder:"Username or email address",usernameTooLong:"Username must be ${max} characters or less",usernameTooShort:"Username must be at least ${min} characters","wrong-credentials":"Wrong username or password","wrong-email-credentials":"Wrong email or password","wrong-email-phone-credentials":"Incorrect email address, phone number, or password. Phone numbers must include the country code.","wrong-email-phone-username-credentials":"Incorrect email address, phone number, username, or password. Phone numbers must include the country code.","wrong-email-username-credentials":"Incorrect email address, username, or password","wrong-phone-credentials":"Incorrect phone number or password","wrong-phone-username-credentials":"Incorrect phone number, username or password. Phone numbers must include the country code.",passkeyButtonText:"Sign in with a passkey","wrong-username-credentials":"Incorrect username or password"}},"login-password":{"login-password":{buttonText:"Continue",description:"Log in to ${clientName}",forgotPasswordText:"Forgot password?",hidePasswordText:"Hide password","no-password":"Password is required",pageTitle:"Log in | ${clientName}","password-breached":"We have detected a potential security issue with this account. To protect your account, we have prevented this login. Please reset your password to proceed.",passwordPlaceholder:"Password",showPasswordText:"Show password",signingInAs:"Signing in as ${email}",title:"Enter your password",unverifiedEmail:"Please verify your email address before logging in","user-blocked":"Your account has been blocked after multiple consecutive login attempts.","wrong-credentials":"Wrong password"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"email",authMethodEmailOrPhone:"email or phone number",authMethodPhone:"phone number",description:"Sign in using your ${authMethod}",emailOrPhonePlaceholder:"Email address or phone number",emailPlaceholder:"Email address",invalidEmail:"Please enter a valid email address",invalidIdentifier:"Please enter a valid email address or phone number",invalidPhone:"Please enter a valid phone number with country code",noEmail:"Please enter your email address",noPhone:"Please enter your phone number",phonePlaceholder:"Phone number",sessionExpired:"Your session has expired. Please try again.",title:"Sign in with a code",userAccountDoesNotExist:"User account does not exist"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Click the link in your email to sign in",description:"We sent a link to ${username}. Click it to sign in.",resendText:"Resend link",spamText:"Didn't receive the email? Check your spam folder.",title:"Check your email"}},mfa:cI,"mfa-email":{"mfa-email":{buttonText:"Continue",codePlaceholder:"Enter code",description:"We sent a code to ${email}","invalid-code":"The code you entered is invalid",pageTitle:"Email Verification | ${clientName}",resendText:"Resend code",title:"Check your email"}},"mfa-otp":{"mfa-otp":{buttonText:"Continue",codePlaceholder:"Enter code",description:"Enter the 6-digit code from your authenticator app","invalid-code":"The code you entered is invalid",pageTitle:"Enter Code | ${clientName}",title:"Enter your code"},"mfa-totp-enrollment":{title:"Set up authenticator",description:"Scan the QR code below with your authenticator app, then enter the 6-digit code to verify",secretLabel:"Or enter this code manually:",codePlaceholder:"Enter code",continueButtonText:"Verify & Activate","invalid-code":"The code you entered is invalid. Please try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.",unexpectedError:"Something went wrong. Please try again.",pageTitle:"Set up Authenticator | ${clientName}",enrollmentComplete:"MFA enrollment is complete. You can close this page."},"mfa-totp-challenge":{title:"Verify your identity",description:"Enter the 6-digit code from your authenticator app",codePlaceholder:"Enter code",continueButtonText:"Continue","invalid-code":"The code you entered is invalid","transaction-not-found":"Your enrollment transaction expired, you will need to start again.",unexpectedError:"Something went wrong. Please try again.",pageTitle:"Verify Identity | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Use your phone number to log in | ${clientName}",title:"Verify Your Identity",description:"We sent a code to ${phoneNumber}",continueButtonText:"Continue",changePhoneText:"Choose another phone number.",smsButtonText:"Text message",voiceButtonText:"Voice call",chooseMessageTypeText:"How do you want to receive the code?",pickAuthenticatorText:"Try another method",logoAltText:"${companyName}",codePlaceholder:"Enter code","send-sms-failed":"There was a problem sending the SMS","send-voice-failed":"There was a problem making the voice call","invalid-phone-format":"Phone number can only include digits.","invalid-phone":"It seems that your phone number is not valid. Please check and retry.","too-many-sms":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","too-many-voice":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.","no-phone":"Please enter a phone number",noCode:"Please enter the verification code",invalidCode:"The code you entered is invalid. Please try again.",unexpectedError:"Something went wrong. Please try again.",resendSuccess:"We sent a new code to your phone",enrollmentComplete:"MFA enrollment is complete. You can close this page."},"mfa-phone-enrollment":{pageTitle:"Enter your phone number to log in using a phone code | ${clientName}",title:"Secure Your Account",description:"Enter your country code and phone number to which we can send a 6-digit code:",continueButtonText:"Continue",smsButtonText:"Text message",voiceButtonText:"Voice call",chooseMessageTypeText:"How do you want to receive the code?",pickAuthenticatorText:"Try another method",placeholder:"Enter your phone number",logoAltText:"${companyName}",selectCountryCode:"Select country code, currently set to ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"There was a problem sending the SMS","send-voice-failed":"There was a problem making the voice call","sms-authenticator-error":"We couldn't send the SMS. Please try again later.","invalid-phone-format":"Phone number can only include digits.","invalid-phone":"It seems that your phone number is not valid. Please check and retry.","too-many-sms":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","too-many-voice":"You have exceeded the maximum number of phone messages per hour. Wait a few minutes and try again.","transaction-not-found":"Your enrollment transaction expired, you will need to start again.","no-phone":"Please enter a phone number","phone-is-too-short":"Phone number is too short","phone-is-too-long":"Phone number is too long"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Choose Verification Method | ${clientName}",title:"Choose your verification method",description:"Select how you'd like to verify your identity",authenticatorAppLabel:"Authenticator App",authenticatorAppDescription:"Use your authenticator app to get a verification code",smsLabel:"Text Message",smsDescription:"Get a verification code sent to your phone",passkeyLabel:"Passkey",passkeyDescription:"Use your device's biometrics or security key"}},"mfa-push":{"mfa-push":{description:"We sent a notification to your device",pageTitle:"Push Notification | ${clientName}",resendText:"Resend notification",title:"Approve the request",useCodeText:"Enter code manually"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Continue",codePlaceholder:"Recovery code",description:"Enter one of your recovery codes","invalid-code":"The recovery code you entered is invalid",pageTitle:"Recovery Code | ${clientName}",title:"Enter recovery code"}},"mfa-voice":{"mfa-voice":{buttonText:"Call me",codePlaceholder:"Enter code",description:"We will call ${phoneNumber} with your code","invalid-code":"The code you entered is invalid",pageTitle:"Voice Call | ${clientName}",title:"Receive a phone call"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Try again",description:"Insert your security key and follow the instructions",pageTitle:"Security Key | ${clientName}",title:"Use your security key"}},passkeys:lI,organizations:dI,"reset-password":{"reset-password":{backToLoginText:"Back to login",buttonText:"Continue",codeExpired:"Your password reset code has expired. Please request a new one.",confirmPasswordLabel:"Confirm Password",confirmPasswordPlaceholder:"Confirm password",description:"Enter your email to reset your password",emailPlaceholder:"Email address",failed:"Password reset failed. Please try again.","invalid-email-format":"Email is not valid.","no-email":"Please enter an email address",pageTitle:"Reset Password | ${clientName}",passwordLabel:"New Password",passwordPlaceholder:"New password",passwordTooWeak:"Password is too weak",passwordsDidntMatch:"Passwords don't match",successDescription:"We have sent a password reset link to your email address.",successTitle:"Check your email",title:"Forgot your password?","user-not-found":"User not found"},"reset-password-code":{backToLoginText:"Back to login",buttonText:"Reset Password",codeLabel:"Reset Code",codePlaceholder:"Enter 6-digit code",confirmPasswordLabel:"Confirm Password",confirmPasswordPlaceholder:"Confirm password",defaultDescription:"Enter the code sent to your email and choose a new password",description:"We sent a code to ${email}",failed:"Password reset failed. Please try again.",invalidCode:"The code you entered is invalid or has expired",noCode:"Please enter the reset code",pageTitle:"Enter Reset Code | ${clientName}",passwordLabel:"New Password",passwordPlaceholder:"New password",passwordTooWeak:"Password is too weak",passwordsDidntMatch:"Passwords don't match",resendFailed:"Failed to resend the code. Please try again.",resendSuccess:"A new code has been sent to your email",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Enter reset code"}},signup:uI,"signup-id":{"signup-id":{buttonText:"Continue",description:"Sign up to continue","email-already-exists":"This email is already registered",emailPlaceholder:"Email address",federatedConnectionButtonText:"Continue with ${connectionName}","invalid-email-format":"Email is not valid.",loginActionLinkText:"Log in",loginActionText:"Already have an account?","no-email":"Please enter an email address",pageTitle:"Sign up | ${clientName}",phonePlaceholder:"Phone number",separatorText:"Or",title:"Create your account",usernamePlaceholder:"Username"}},"signup-password":{"signup-password":{buttonText:"Continue",description:"Sign up to continue",hidePasswordText:"Hide password","no-password":"Password is required",pageTitle:"Sign up | ${clientName}","password-policy-not-met":"Password does not meet the requirements","password-too-weak":"Password is too weak",passwordPlaceholder:"Password",showPasswordText:"Show password",title:"Create your password"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Continue",codeLabel:"Verification Code",codePlaceholder:"Enter code",defaultDescription:"Enter the verification code sent to your phone",description:"We sent a code to ${username}","invalid-code":"The code you entered is invalid",noCode:"Please enter the verification code",pageTitle:"Enter Code | ${clientName}",resendText:"Resend code",sessionExpired:"Your session has expired. Please try again.",title:"Check your phone",unexpectedError:"An unexpected error occurred"}},status:pI},Gj=Object.freeze(Object.defineProperty({__proto__:null,common:rI,consent:oI,default:Kj,invitation:sI,login:aI,mfa:cI,organizations:dI,passkeys:lI,signup:uI,status:pI},Symbol.toStringTag,{value:"Module"})),fI={common:{alertListTitle:"Ilmoitukset",backText:"Palaa takaisin",cancelText:"Palaa takaisin",closeText:"Sulje",contactSupportText:"Tarvitsetko apua?",continueText:"Jatka",copyrightText:"© ${currentYear} ${companyName}",errorText:"Jokin meni pieleen. Yritä uudelleen.",hidePasswordText:"Piilota salasana",loadingText:"Ladataan...",orText:"tai",privacyPolicyText:"Tietosuojakäytäntö",showPasswordText:"Näytä salasana",termsOfServiceText:"Käyttöehdot",termsShortText:"Ehdot",tryAgainText:"Yritä uudelleen"}},hI={consent:{buttonText:"Hyväksy",cancelButtonText:"Hylkää",description:"${clientName} pyytää pääsyä tilillesi",pageTitle:"Valtuuta | ${clientName}",scopesTitle:"Tämä sallii sovelluksen ${clientName}:",title:"Valtuuta ${clientName}"}},gI={invitation:{acceptButtonText:"Hyväksy kutsu",description:"${inviterName} on kutsunut sinut liittymään organisaatioon ${organizationName} palvelussa ${clientName}",pageTitle:"Kutsu | ${clientName}",title:"Sinut on kutsuttu"}},mI={login:{alertListTitle:"Ilmoitukset",buttonText:"Jatka",description:"Kirjaudu sisään ${clientName}.",editEmailText:"Muokkaa",emailPlaceholder:"Sähköpostiosoite",enterACodeBtn:"Kirjaudu koodilla",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",footerLinkText:"Rekisteröidy",footerText:"Eikö sinulla ole tiliä?",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana",invalidEmail:"Virheellinen sähköpostiosoite",invalidIdentifier:"Virheellinen sähköpostiosoite tai käyttäjänimi",invitationDescription:"Kirjaudu sisään hyväksyäksesi käyttäjän ${inviterName} kutsun liittyä palveluun ${companyName} sovelluksessa ${clientName}.",invitationTitle:"Sinut on kutsuttu!",logoAltText:"${companyName}","no-email":"Sähköpostiosoite vaaditaan","no-password":"Salasana vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}",passwordLoginNotAvailable:"Salasanakirjautuminen ei ole käytettävissä",passwordPlaceholder:"Salasana",phonePlaceholder:"Puhelinnumero",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",signupActionLinkText:"Rekisteröidy",signupActionText:"Eikö sinulla ole tiliä?",title:"Tervetuloa",tooManyFailedLogins:"Liian monta epäonnistunutta kirjautumisyritystä. Yritä myöhemmin uudelleen.",unverifiedEmail:"Vahvista sähköpostiosoitteesi ennen kirjautumista",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa",usernamePlaceholder:"Käyttäjänimi tai sähköpostiosoite",usernameTooLong:"Käyttäjänimen on oltava enintään ${max} merkkiä",usernameTooShort:"Käyttäjänimen on oltava vähintään ${min} merkkiä",wrongCredentials:"Väärä käyttäjänimi tai salasana",passkeyButtonText:"Kirjaudu sisään passkey:llä"}},yI={mfa:{backupCodeText:"Käytä varakoodia",description:"Valitse vahvistusmenetelmä",pageTitle:"Monivaiheinen tunnistautuminen | ${clientName}",title:"Vahvista henkilöllisyytesi"}},_I={"passkey-enrollment-nudge":{title:"Suojaa tilisi tunnistautumisavaimella",description:"Tunnistautumisavaimet käyttävät laitteesi biometriikkaa tai PIN-koodia kirjautuaksesi nopeammin ja turvallisemmin.",enrollButtonText:"Määritä tunnistautumisavain",snoozeButtonText:"Ehkä myöhemmin",optOutLinkText:"Älä näytä tätä uudelleen",pageTitle:"Määritä Tunnistautumisavain | ${clientName}"},"passkey-enrollment":{title:"Luo tunnistautumisavain",description:"Seuraa selaimesi ohjeita luodaksesi tunnistautumisavaimen tälle tilille.",errorMessage:"Tunnistautumisavaimen luominen epäonnistui. Yritä uudelleen.",cancelLinkText:"Ohita toistaiseksi",retryButtonText:"Yritä uudelleen",enrollmentComplete:"Tunnistautumisavaimesi on määritetty onnistuneesti. Voit sulkea tämän sivun.",pageTitle:"Luo Tunnistautumisavain | ${clientName}"},"passkey-challenge":{title:"Kirjaudu sisään passkey:llä",description:"Noudata selaimesi ohjeita henkilöllisyytesi vahvistamiseksi.",errorMessage:"Passkey-todennus epäonnistui. Yritä uudelleen.",cancelLinkText:"Takaisin kirjautumiseen",retryButtonText:"Yritä uudelleen",pageTitle:"Kirjaudu sisään passkey:llä | ${clientName}"}},wI={organizations:{description:"Valitse organisaatio, johon haluat kirjautua",pageTitle:"Valitse organisaatio | ${clientName}",searchPlaceholder:"Hae organisaatioita",title:"Valitse organisaatiosi"}},vI={signup:{buttonText:"Rekisteröityminen",confirmPasswordPlaceholder:"Vahvista salasana",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.","email-already-exists":"Sähköposti on jo varattu",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",hidePasswordText:"Piilota salasana","invalid-email-format":"Virheellinen sähköpostiosoite",loginActionLinkText:"Kirjaudu sisään",loginActionText:"Onko sinulla jo tili?","no-email":"Sähköpostiosoite vaaditaan","no-password":"Salasana vaaditaan","no-username":"Käyttäjänimi vaaditaan",pageTitle:"Rekisteröidy | ${clientName}",passwordPlaceholder:"Salasana",passwordsDidntMatch:"Salasanat eivät täsmää",phonePlaceholder:"Puhelinnumero",privacyPolicyLinkText:"Tietosuojakäytäntö",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",termsOfServiceLinkText:"Käyttöehdot",termsText:"Rekisteröitymällä hyväksyt",title:"Valitse salasana","username-already-exists":"Tämä käyttäjänimi on jo varattu",usernamePlaceholder:"Käyttäjänimi",verifyEmailText:"Tarkista sähköpostisi vahvistaaksesi tilisi"}},bI={status:{continueButtonText:"Jatka",errorTitle:"Virhe",pageTitle:"Tila | ${clientName}",successTitle:"Onnistui",title:"Tila"}},Wj={common:fI,consent:hI,"device-flow":{"device-flow":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Syötä laitteessasi näkyvä koodi","expired-code":"Koodi on vanhentunut","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Laitteen aktivointi | ${clientName}",title:"Aktivoi laitteesi"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Kirjaudu sisään",codeLabel:"Vahvistuskoodi",codePlaceholder:"Syötä koodi",defaultDescription:"Syötä sähköpostiisi lähetetty vahvistuskoodi",description:"Lähetimme koodin osoitteeseen ${email}","invalid-code":"Virheellinen koodi",noCode:"Syötä vahvistuskoodi",pageTitle:"Syötä koodi | ${clientName}",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Tarkista sähköpostisi",unexpectedError:"Odottamaton virhe tapahtui"}},"email-verification":{"email-verification":{description:"Lähetimme sähköpostin osoitteeseen ${email}",pageTitle:"Vahvista sähköposti | ${clientName}",resendText:"Lähetä koodi uudelleen",successDescription:"Sähköpostiosoitteesi on vahvistettu onnistuneesti.",successTitle:"Sähköposti vahvistettu",title:"Vahvista sähköpostiosoitteesi"}},invitation:gI,login:mI,"login-id":{"login-id":{alertListTitle:"Ilmoitukset","auth0-users-validation":"Jokin meni pieleen, yritä myöhemmin uudelleen","authentication-failure":"Valitettavasti jokin meni pieleen kirjautumisyrityksen aikana",buttonText:"Jatka","captcha-client-failure":"Turvatarkistuksen lataaminen epäonnistui. Yritä uudelleen. (Virhekoodi: #{errorCode})","captcha-validation-failure":"Valitettavasti jokin meni pieleen captcha-vastauksen tarkistuksessa. Yritä uudelleen.",captchaCodePlaceholder:"Syötä yllä näkyvä koodi","custom-script-error-code":"Jokin meni pieleen, yritä myöhemmin uudelleen.",description:"Kirjaudu sisään ${clientName}.",editEmailText:"Muokkaa",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}",footerLinkText:"Rekisteröidy",footerText:"Eikö sinulla ole tiliä?",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana","invalid-captcha":"Ratkaise haaste varmistaaksesi, ettet ole robotti.","invalid-code":"Virheellinen koodi","invalid-connection":"Virheellinen yhteys","invalid-email-format":"Virheellinen sähköpostiosoite","invalid-email-phone":"Syötä kelvollinen sähköpostiosoite tai puhelinnumero. Puhelinnumeron tulee sisältää maatunnus.","invalid-email-phone-username":"Syötä kelvollinen sähköpostiosoite, puhelinnumero tai käyttäjänimi. Puhelinnumeron tulee sisältää maatunnus.","invalid-email-username":"Syötä kelvollinen sähköpostiosoite tai käyttäjänimi","invalid-expired-code":"Virheellinen tai vanhentunut käyttäjäkoodi","invalid-login-id":"Virheellinen kirjautumistunnus","invalid-phone-username":"Syötä kelvollinen puhelinnumero tai käyttäjänimi. Puhelinnumeron tulee sisältää maatunnus.","invalid-recaptcha":"Valitse valintaruutu varmistaaksesi, ettet ole robotti.","invalid-username":"Käyttäjänimi voi sisältää vain aakkosnumeerisia merkkejä tai: '${characters}'. Käyttäjänimen tulee olla ${min}–${max} merkkiä.",invitationDescription:"Kirjaudu sisään hyväksyäksesi käyttäjän ${inviterName} kutsun liittyä palveluun ${companyName} sovelluksessa ${clientName}.",invitationTitle:"Sinut on kutsuttu!","ip-blocked":"Olemme havainneet epäilyttävää kirjautumiskäyttäytymistä ja lisäyritykset estetään. Ota yhteyttä ylläpitäjään.",logoAltText:"${companyName}","no-db-connection":"Virheellinen yhteys","no-email":"Sähköpostiosoite vaaditaan","no-email-phone":"Sähköpostiosoite tai puhelinnumero vaaditaan","no-email-phone-username":"Puhelinnumero, käyttäjänimi tai sähköpostiosoite vaaditaan","no-email-username":"Sähköpostiosoite tai käyttäjänimi vaaditaan","no-password":"Salasana vaaditaan","no-phone":"Syötä puhelinnumero","no-phone-username":"Puhelinnumero tai käyttäjänimi vaaditaan","no-username":"Käyttäjänimi vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}","password-breached":"Olemme havainneet mahdollisen tietoturvaongelman tässä tilissä. Tilisi suojaamiseksi olemme estäneet tämän kirjautumisen. Vaihda salasanasi jatkaaksesi.",passwordPlaceholder:"Salasana",phoneOrEmailPlaceholder:"Sähköposti tai puhelinnumero",phoneOrUsernameOrEmailPlaceholder:"Puhelin, käyttäjänimi tai sähköposti",phoneOrUsernamePlaceholder:"Puhelinnumero tai käyttäjänimi",phonePlaceholder:"Puhelinnumero","same-user-login":"Liian monta kirjautumisyritystä tälle käyttäjälle. Odota hetki ja yritä myöhemmin uudelleen.",selectCountryCode:"Valitse maakoodi, tällä hetkellä ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"tai",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",showPasswordText:"Näytä salasana",signupActionLinkText:"Rekisteröidy",signupActionText:"Eikö sinulla ole tiliä?",termsAndConditionsTemplate:'Jatkamalla hyväksyt <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Käyttöehdot</a>.',title:"Tervetuloa","user-blocked":"Tilisi on estetty useiden peräkkäisten kirjautumisyritysten jälkeen.",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa",usernameOnlyPlaceholder:"Käyttäjänimi",usernameOrEmailPlaceholder:"Käyttäjänimi tai sähköpostiosoite",usernamePlaceholder:"Käyttäjänimi",usernameTooLong:"Käyttäjänimen on oltava enintään ${max} merkkiä",usernameTooShort:"Käyttäjänimen on oltava vähintään ${min} merkkiä","wrong-credentials":"Väärä käyttäjänimi tai salasana","wrong-email-credentials":"Väärä sähköpostiosoite tai salasana","wrong-email-phone-credentials":"Virheellinen sähköpostiosoite, puhelinnumero tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-email-phone-username-credentials":"Virheellinen sähköpostiosoite, puhelinnumero, käyttäjänimi tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-email-username-credentials":"Virheellinen sähköpostiosoite, käyttäjänimi tai salasana","wrong-phone-credentials":"Virheellinen puhelinnumero tai salasana","wrong-phone-username-credentials":"Virheellinen puhelinnumero, käyttäjänimi tai salasana. Puhelinnumeron tulee sisältää maatunnus.","wrong-username-credentials":"Virheellinen käyttäjänimi tai salasana",passkeyButtonText:"Kirjaudu sisään passkey:llä"}},"login-password":{"login-password":{buttonText:"Kirjaudu sisään",description:"Anna sähköpostiosoitteesi ja salasanasi kirjautuaksesi sisään.",forgotPasswordText:"Unohditko salasanan?",hidePasswordText:"Piilota salasana","no-password":"Salasana vaaditaan",pageTitle:"Kirjaudu sisään | ${clientName}","password-breached":"Olemme havainneet mahdollisen tietoturvaongelman tässä tilissä. Tilisi suojaamiseksi olemme estäneet tämän kirjautumisen. Vaihda salasanasi jatkaaksesi.",passwordPlaceholder:"Salasana",showPasswordText:"Näytä salasana",signingInAs:"Kirjaudutaan käyttäjänä ${email}",title:"Anna salasana",unverifiedEmail:"Vahvista sähköpostiosoitteesi ennen kirjautumista","user-blocked":"Tilisi on estetty useiden peräkkäisten kirjautumisyritysten jälkeen.","wrong-credentials":"Väärä salasana"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"sähköposti",authMethodEmailOrPhone:"sähköposti tai puhelinnumero",authMethodPhone:"puhelinnumero",description:"Kirjaudu sisään käyttämällä ${authMethod}",emailOrPhonePlaceholder:"Sähköpostiosoite tai puhelinnumero",emailPlaceholder:"Sähköpostiosoite",invalidEmail:"Syötä kelvollinen sähköpostiosoite",invalidIdentifier:"Syötä kelvollinen sähköpostiosoite tai puhelinnumero",invalidPhone:"Syötä kelvollinen puhelinnumero maatunnuksella",noEmail:"Syötä sähköpostiosoitteesi",noPhone:"Syötä puhelinnumerosi",phonePlaceholder:"Puhelinnumero",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Kirjaudu koodilla",userAccountDoesNotExist:"Käyttäjätiliä ei ole olemassa"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Napsauta sähköpostissasi olevaa linkkiä kirjautuaksesi sisään",description:"Lähetimme linkin osoitteeseen ${username}. Napsauta sitä kirjautuaksesi.",resendText:"Lähetä linkki uudelleen",spamText:"Etkö saanut sähköpostia? Tarkista roskapostikansiosi.",title:"Tarkista sähköpostisi"}},mfa:yI,"mfa-email":{"mfa-email":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Lähetimme koodin osoitteeseen ${email}","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Sähköpostivahvistus | ${clientName}",resendText:"Lähetä koodi uudelleen",title:"Tarkista sähköpostisi"}},"mfa-otp":{"mfa-otp":{buttonText:"Jatka",codePlaceholder:"Syötä koodi",description:"Syötä 6-numeroinen koodi todentajasovelluksestasi","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Syötä koodi | ${clientName}",title:"Syötä koodisi"},"mfa-totp-enrollment":{title:"Ota todentajasovellus käyttöön",description:"Skannaa alla oleva QR-koodi todentajasovelluksellasi ja syötä sitten 6-numeroinen koodi vahvistaaksesi",secretLabel:"Tai syötä tämä koodi manuaalisesti:",codePlaceholder:"Syötä koodi",continueButtonText:"Vahvista ja aktivoi","invalid-code":"Syöttämäsi koodi on virheellinen. Yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.",pageTitle:"Ota todentaja käyttöön | ${clientName}",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",enrollmentComplete:"MFA-rekisteröinti on valmis. Voit sulkea tämän sivun."},"mfa-totp-challenge":{title:"Vahvista henkilöllisyytesi",description:"Syötä 6-numeroinen koodi todentajasovelluksestasi",codePlaceholder:"Syötä koodi",continueButtonText:"Jatka","invalid-code":"Syöttämäsi koodi on virheellinen","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",pageTitle:"Vahvista henkilöllisyys | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Käytä puhelinnumeroasi kirjautumiseen | ${clientName}",title:"Vahvista henkilöllisyytesi",description:"Lähetimme koodin numeroon ${phoneNumber}",continueButtonText:"Jatka",changePhoneText:"Valitse toinen puhelinnumero.",smsButtonText:"Tekstiviesti",voiceButtonText:"Äänipuhelu",chooseMessageTypeText:"Miten haluat vastaanottaa koodin?",pickAuthenticatorText:"Kokeile toista menetelmää",logoAltText:"${companyName}",codePlaceholder:"Syötä koodi","send-sms-failed":"Tekstiviestin lähettämisessä oli ongelma","send-voice-failed":"Äänipuhelun soittamisessa oli ongelma","invalid-phone-format":"Puhelinnumero voi sisältää vain numeroita.","invalid-phone":"Puhelinnumerosi ei vaikuta olevan kelvollinen. Tarkista ja yritä uudelleen.","too-many-sms":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","too-many-voice":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.","no-phone":"Syötä puhelinnumero",noCode:"Syötä vahvistuskoodi",invalidCode:"Antamasi koodi on virheellinen. Yritä uudelleen.",unexpectedError:"Jokin meni pieleen. Yritä uudelleen.",resendSuccess:"Lähetimme uuden koodin puhelimeesi",enrollmentComplete:"MFA-rekisteröinti on valmis. Voit sulkea tämän sivun."},"mfa-phone-enrollment":{pageTitle:"Syötä puhelinnumerosi kirjautuaksesi puhelinkoodilla | ${clientName}",title:"Suojaa tilisi",description:"Syötä maakoodisi ja puhelinnumero, johon voimme lähettää 6-numeroisen koodin:",continueButtonText:"Jatka",smsButtonText:"Tekstiviesti",voiceButtonText:"Äänipuhelu",chooseMessageTypeText:"Miten haluat vastaanottaa koodin?",pickAuthenticatorText:"Kokeile toista menetelmää",placeholder:"Syötä puhelinnumerosi",logoAltText:"${companyName}",selectCountryCode:"Valitse maakoodi, tällä hetkellä asetettu ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Tekstiviestin lähettämisessä oli ongelma","send-voice-failed":"Äänipuhelun soittamisessa oli ongelma","sms-authenticator-error":"Emme pystyneet lähettämään tekstiviestiä. Yritä myöhemmin uudelleen.","invalid-phone-format":"Puhelinnumero voi sisältää vain numeroita.","invalid-phone":"Puhelinnumerosi ei vaikuta olevan kelvollinen. Tarkista ja yritä uudelleen.","too-many-sms":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","too-many-voice":"Olet ylittänyt tunnin enimmäismäärän puhelinviestejä. Odota muutama minuutti ja yritä uudelleen.","transaction-not-found":"Rekisteröintitapahtumasi on vanhentunut, sinun täytyy aloittaa alusta.","no-phone":"Syötä puhelinnumero","phone-is-too-short":"Puhelinnumero on liian lyhyt","phone-is-too-long":"Puhelinnumero on liian pitkä"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Valitse vahvistusmenetelmä | ${clientName}",title:"Valitse vahvistusmenetelmä",description:"Valitse, miten haluat vahvistaa henkilöllisyytesi",authenticatorAppLabel:"Todennussovellus",authenticatorAppDescription:"Käytä todennussovellusta vahvistuskoodin saamiseksi",smsLabel:"Tekstiviesti",smsDescription:"Saat vahvistuskoodin puhelimeesi tekstiviestillä",passkeyLabel:"Tunnistautumisavain",passkeyDescription:"Käytä laitteesi biometriikkaa tai suojausavainta"}},"mfa-push":{"mfa-push":{description:"Lähetimme ilmoituksen laitteellesi",pageTitle:"Push-ilmoitus | ${clientName}",resendText:"Lähetä ilmoitus uudelleen",title:"Hyväksy pyyntö",useCodeText:"Syötä koodi manuaalisesti"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Jatka",codePlaceholder:"Palautuskoodi",description:"Syötä yksi palautuskoodeistasi","invalid-code":"Syöttämäsi palautuskoodi on virheellinen",pageTitle:"Palautuskoodi | ${clientName}",title:"Syötä palautuskoodi"}},"mfa-voice":{"mfa-voice":{buttonText:"Soita minulle",codePlaceholder:"Syötä koodi",description:"Soitamme numeroon ${phoneNumber} ja kerromme koodisi","invalid-code":"Syöttämäsi koodi on virheellinen",pageTitle:"Äänipuhelu | ${clientName}",title:"Vastaanota puhelu"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Yritä uudelleen",description:"Aseta turva-avaimesi ja seuraa ohjeita",pageTitle:"Turva-avain | ${clientName}",title:"Käytä turva-avaintasi"}},passkeys:_I,organizations:wI,"reset-password":{"reset-password":{backToLoginText:"Palaa takaisin",buttonText:"Lähetä salasanan palautussähköposti",codeExpired:"Salasanan palautuskoodisi on vanhentunut. Pyydä uusi koodi.",confirmPasswordLabel:"Vahvista salasana",confirmPasswordPlaceholder:"Vahvista salasana",description:"Napsauta alla olevaa painiketta, niin lähetämme ohjeet salasanasi palauttamiseen.",emailPlaceholder:"Sähköpostiosoite",failed:"Salasanan vaihto epäonnistui. Yritä uudelleen.","invalid-email-format":"Virheellinen sähköpostiosoite","no-email":"Sähköpostiosoite vaaditaan",pageTitle:"Vaihda salasana | ${clientName}",passwordLabel:"Uusi salasana",passwordPlaceholder:"Uusi salasana",passwordTooWeak:"Salasana on liian heikko",passwordsDidntMatch:"Salasanat eivät täsmää",successDescription:"Olemme lähettäneet salasanan palautuslinkin sähköpostiosoitteeseesi.",successTitle:"Salasanan palautussähköposti lähetetty",title:"Unohditko salasanan?","user-not-found":"Käyttäjää ei löytynyt"},"reset-password-code":{backToLoginText:"Takaisin kirjautumiseen",buttonText:"Vaihda salasana",codeLabel:"Palautuskoodi",codePlaceholder:"Syötä 6-numeroinen koodi",confirmPasswordLabel:"Vahvista salasana",confirmPasswordPlaceholder:"Vahvista salasana",defaultDescription:"Syötä sähköpostiisi lähetetty koodi ja valitse uusi salasana",description:"Lähetimme koodin osoitteeseen ${email}",failed:"Salasanan vaihto epäonnistui. Yritä uudelleen.",invalidCode:"Syöttämäsi koodi on virheellinen tai vanhentunut",noCode:"Syötä palautuskoodi",pageTitle:"Syötä palautuskoodi | ${clientName}",passwordLabel:"Uusi salasana",passwordPlaceholder:"Uusi salasana",passwordTooWeak:"Salasana on liian heikko",passwordsDidntMatch:"Salasanat eivät täsmää",resendFailed:"Koodin uudelleenlähetys epäonnistui. Yritä uudelleen.",resendSuccess:"Uusi koodi on lähetetty sähköpostiisi",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Syötä palautuskoodi"}},signup:vI,"signup-id":{"signup-id":{buttonText:"Jatka",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.","email-already-exists":"Sähköposti on jo varattu",emailPlaceholder:"Sähköpostiosoite",federatedConnectionButtonText:"Jatka palvelulla ${connectionName}","invalid-email-format":"Virheellinen sähköpostiosoite",loginActionLinkText:"Kirjaudu sisään",loginActionText:"Onko sinulla jo tili?","no-email":"Sähköpostiosoite vaaditaan",pageTitle:"Rekisteröidy | ${clientName}",phonePlaceholder:"Puhelinnumero",separatorText:"tai",title:"Valitse salasana",usernamePlaceholder:"Käyttäjänimi"}},"signup-password":{"signup-password":{buttonText:"Jatka",description:"Valitse salasana, jossa on isoja ja pieniä kirjaimia, numeroita ja symboleja.",hidePasswordText:"Piilota salasana","no-password":"Salasana vaaditaan",pageTitle:"Rekisteröidy | ${clientName}","password-policy-not-met":"Salasana ei täytä vaatimuksia","password-too-weak":"Salasana on liian heikko",passwordPlaceholder:"Salasana",showPasswordText:"Näytä salasana",title:"Valitse salasana"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Jatka",codeLabel:"Vahvistuskoodi",codePlaceholder:"Syötä koodi",defaultDescription:"Syötä puhelimeesi lähetetty vahvistuskoodi",description:"Lähetimme koodin käyttäjälle ${username}","invalid-code":"Virheellinen koodi",noCode:"Syötä vahvistuskoodi",pageTitle:"Syötä koodi | ${clientName}",resendText:"Lähetä koodi uudelleen",sessionExpired:"Istuntosi on vanhentunut. Yritä uudelleen.",title:"Tarkista puhelimesi",unexpectedError:"Odottamaton virhe tapahtui"}},status:bI},Jj=Object.freeze(Object.defineProperty({__proto__:null,common:fI,consent:hI,default:Wj,invitation:gI,login:mI,mfa:yI,organizations:wI,passkeys:_I,signup:vI,status:bI},Symbol.toStringTag,{value:"Module"})),AI={common:{alertListTitle:"Avvisi",backText:"Torna indietro",cancelText:"Annulla",closeText:"Chiudi",contactSupportText:"Contatta l'assistenza",continueText:"Continua",copyrightText:"© ${currentYear} ${companyName}",errorText:"Si è verificato un errore",hidePasswordText:"Nascondi password",loadingText:"Caricamento...",orText:"o",privacyPolicyText:"Informativa sulla privacy",showPasswordText:"Mostra password",termsOfServiceText:"Termini di servizio",termsShortText:"Termini",tryAgainText:"Riprova"}},kI={consent:{buttonText:"Accetta",cancelButtonText:"Rifiuta",description:"${clientName} richiede l'accesso al tuo account",pageTitle:"Autorizza | ${clientName}",scopesTitle:"Questo permetterà a ${clientName} di:",title:"Autorizza ${clientName}"}},SI={invitation:{acceptButtonText:"Accetta invito",description:"${inviterName} ti ha invitato a unirti a ${organizationName} su ${clientName}",pageTitle:"Invito | ${clientName}",title:"Sei stato invitato"}},EI={login:{alertListTitle:"Avvisi",buttonText:"Continua",description:"Accedi a ${clientName}.",editEmailText:"Modifica",emailPlaceholder:"Indirizzo e-mail",enterACodeBtn:"Accedi con un codice",federatedConnectionButtonText:"Continua con ${connectionName}",footerLinkText:"Iscriviti",footerText:"Non hai un account?",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password",invalidEmail:"Email non valida",invalidIdentifier:"Email o nome utente non valido",invitationDescription:"Accedi per accettare l'invito di ${inviterName} a unirti a ${companyName} su ${clientName}.",invitationTitle:"Sei stato invitato!",logoAltText:"${companyName}","no-email":"Inserisci un indirizzo email","no-password":"La password è obbligatoria",pageTitle:"Accedi | ${clientName}",passwordLoginNotAvailable:"L'autenticazione con password non è disponibile",passwordPlaceholder:"Password",phonePlaceholder:"Numero di telefono",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",signupActionLinkText:"Iscriviti",signupActionText:"Non hai un account?",title:"Benvenuto",tooManyFailedLogins:"Troppi tentativi di accesso falliti. Riprova più tardi.",unverifiedEmail:"Verifica il tuo indirizzo email prima di accedere",userAccountDoesNotExist:"L'account utente non esiste",usernamePlaceholder:"Nome utente o indirizzo email",usernameTooLong:"Il nome utente deve avere al massimo ${max} caratteri",usernameTooShort:"Il nome utente deve avere almeno ${min} caratteri",wrongCredentials:"Nome utente o password errati",passkeyButtonText:"Accedi con una passkey"}},CI={mfa:{backupCodeText:"Usa codice di backup",description:"Scegli un metodo di verifica",pageTitle:"Autenticazione a più fattori | ${clientName}",title:"Verifica la tua identità"}},TI={"passkey-enrollment-nudge":{title:"Proteggi il tuo account con una passkey",description:"Le passkey utilizzano la biometria o il PIN del tuo dispositivo per accedere più velocemente e in modo più sicuro.",enrollButtonText:"Configura passkey",snoozeButtonText:"Forse più tardi",optOutLinkText:"Non mostrare più",pageTitle:"Configura Passkey | ${clientName}"},"passkey-enrollment":{title:"Crea la tua passkey",description:"Segui le istruzioni del browser per creare una passkey per questo account.",errorMessage:"Creazione della passkey non riuscita. Riprova.",cancelLinkText:"Salta per ora",retryButtonText:"Riprova",enrollmentComplete:"La tua passkey è stata configurata con successo. Puoi chiudere questa pagina.",pageTitle:"Crea Passkey | ${clientName}"},"passkey-challenge":{title:"Accedi con passkey",description:"Segui le istruzioni del browser per verificare la tua identità.",errorMessage:"Autenticazione con passkey non riuscita. Riprova.",cancelLinkText:"Torna al login",retryButtonText:"Riprova",pageTitle:"Accedi con passkey | ${clientName}"}},xI={organizations:{description:"Scegli a quale organizzazione accedere",pageTitle:"Seleziona organizzazione | ${clientName}",searchPlaceholder:"Cerca organizzazioni",title:"Seleziona la tua organizzazione"}},II={signup:{buttonText:"Iscriviti",confirmPasswordPlaceholder:"Conferma password",description:"Registrati per continuare","email-already-exists":"Questa email è già registrata",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}",hidePasswordText:"Nascondi password","invalid-email-format":"Email non valida",loginActionLinkText:"Accedi",loginActionText:"Hai già un account?","no-email":"Inserisci un indirizzo email","no-password":"La password è obbligatoria","no-username":"Il nome utente è obbligatorio",pageTitle:"Registrati | ${clientName}",passwordPlaceholder:"Password",passwordsDidntMatch:"Le password non corrispondono",phonePlaceholder:"Numero di telefono",privacyPolicyLinkText:"Informativa sulla privacy",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",termsOfServiceLinkText:"Termini di servizio",termsText:"Registrandoti, accetti i nostri",title:"Crea il tuo account","username-already-exists":"Questo nome utente è già in uso",usernamePlaceholder:"Nome utente",verifyEmailText:"Controlla la tua email per verificare il tuo account"}},$I={status:{continueButtonText:"Continua",errorTitle:"Errore",pageTitle:"Stato | ${clientName}",successTitle:"Operazione riuscita",title:"Stato"}},Yj={common:AI,consent:kI,"device-flow":{"device-flow":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Inserisci il codice mostrato sul tuo dispositivo","expired-code":"Il codice è scaduto","invalid-code":"Il codice inserito non è valido",pageTitle:"Attivazione dispositivo | ${clientName}",title:"Attiva il tuo dispositivo"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Continua",codeLabel:"Codice di verifica",codePlaceholder:"Inserisci il codice",defaultDescription:"Inserisci il codice di verifica inviato alla tua email",description:"Abbiamo inviato un codice a ${email}","invalid-code":"Codice non valido",noCode:"Inserisci il codice di verifica",pageTitle:"Inserisci il codice | ${clientName}",resendText:"Reinvio del codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Controlla la tua email",unexpectedError:"Si è verificato un errore imprevisto"}},"email-verification":{"email-verification":{description:"Abbiamo inviato un'email a ${email}",pageTitle:"Verifica email | ${clientName}",resendText:"Reinvia email",successDescription:"La tua email è stata verificata con successo.",successTitle:"Email verificata",title:"Verificare l'e-mail"}},invitation:SI,login:EI,"login-id":{"login-id":{alertListTitle:"Avvisi","auth0-users-validation":"Qualcosa è andato storto, riprova più tardi","authentication-failure":"Siamo spiacenti, si è verificato un errore durante il tentativo di accesso",buttonText:"Continua","captcha-client-failure":"Non è stato possibile caricare la verifica di sicurezza. Riprova. (Codice errore: #{errorCode})","captcha-validation-failure":"Siamo spiacenti, si è verificato un errore durante la convalida della risposta captcha. Riprova.",captchaCodePlaceholder:"Inserisci il codice mostrato sopra","custom-script-error-code":"Qualcosa è andato storto, riprova più tardi.",description:"Accedi a ${clientName}.",editEmailText:"Modifica",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}",footerLinkText:"Iscriviti",footerText:"Non hai un account?",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password","invalid-captcha":"Risolvi la domanda di verifica per confermare che non sei un robot.","invalid-code":"Codice non valido","invalid-connection":"Connessione non valida","invalid-email-format":"Email non valida","invalid-email-phone":"Inserisci un indirizzo email o un numero di telefono valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-email-phone-username":"Inserisci un indirizzo email, un numero di telefono o un nome utente valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-email-username":"Inserisci un indirizzo email o un nome utente valido","invalid-expired-code":"Codice utente non valido o scaduto","invalid-login-id":"ID di accesso non valido","invalid-phone-username":"Inserisci un numero di telefono o un nome utente valido. I numeri di telefono devono includere il prefisso internazionale.","invalid-recaptcha":"Seleziona la casella per confermare che non sei un robot.","invalid-username":"Il nome utente può contenere solo caratteri alfanumerici o: '${characters}'. Il nome utente deve avere tra ${min} e ${max} caratteri.",invitationDescription:"Accedi per accettare l'invito di ${inviterName} a unirti a ${companyName} su ${clientName}.",invitationTitle:"Sei stato invitato!","ip-blocked":"Abbiamo rilevato un comportamento di accesso sospetto e ulteriori tentativi saranno bloccati. Contatta l'amministratore.",logoAltText:"${companyName}","no-db-connection":"Connessione non valida","no-email":"Inserisci un indirizzo email","no-email-phone":"È richiesto un indirizzo email o un numero di telefono","no-email-phone-username":"È richiesto un numero di telefono, un nome utente o un indirizzo email","no-email-username":"È richiesto un indirizzo email o un nome utente","no-password":"La password è obbligatoria","no-phone":"Inserisci un numero di telefono","no-phone-username":"È richiesto un numero di telefono o un nome utente","no-username":"Il nome utente è obbligatorio",pageTitle:"Accedi | ${clientName}","password-breached":"Abbiamo rilevato un potenziale problema di sicurezza con questo account. Per proteggere il tuo account, abbiamo impedito questo accesso. Reimposta la password per procedere.",passwordPlaceholder:"Password",phoneOrEmailPlaceholder:"Indirizzo e-mail o numero di telefono",phoneOrUsernameOrEmailPlaceholder:"Telefono, nome utente o email",phoneOrUsernamePlaceholder:"Numero di telefono o nome utente",phonePlaceholder:"Numero di telefono","same-user-login":"Troppi tentativi di accesso per questo utente. Attendi e riprova più tardi.",selectCountryCode:"Seleziona prefisso paese, attualmente impostato su ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"o",sessionExpired:"La sessione è scaduta. Riprova.",showPasswordText:"Mostra password",signupActionLinkText:"Iscriviti",signupActionText:"Non hai un account?",termsAndConditionsTemplate:'Continuando, accetti i nostri <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Termini e condizioni</a>.',title:"Benvenuto","user-blocked":"Il tuo account è stato bloccato dopo diversi tentativi di accesso consecutivi.",userAccountDoesNotExist:"L'account utente non esiste",usernameOnlyPlaceholder:"Nome utente",usernameOrEmailPlaceholder:"Nome utente o indirizzo email",usernamePlaceholder:"Nome utente",usernameTooLong:"Il nome utente deve avere al massimo ${max} caratteri",usernameTooShort:"Il nome utente deve avere almeno ${min} caratteri","wrong-credentials":"Nome utente o password errati","wrong-email-credentials":"Email o password errati","wrong-email-phone-credentials":"Indirizzo email, numero di telefono o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-email-phone-username-credentials":"Indirizzo email, numero di telefono, nome utente o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-email-username-credentials":"Indirizzo email, nome utente o password errati","wrong-phone-credentials":"Numero di telefono o password errati","wrong-phone-username-credentials":"Numero di telefono, nome utente o password errati. I numeri di telefono devono includere il prefisso internazionale.","wrong-username-credentials":"Nome utente o password errati",passkeyButtonText:"Accedi con una passkey"}},"login-password":{"login-password":{buttonText:"Accedi",description:"Accedi a ${clientName}",forgotPasswordText:"Hai dimenticato la password?",hidePasswordText:"Nascondi password","no-password":"La password è obbligatoria",pageTitle:"Accedi | ${clientName}","password-breached":"Abbiamo rilevato un potenziale problema di sicurezza con questo account. Per proteggere il tuo account, abbiamo impedito questo accesso. Reimposta la password per procedere.",passwordPlaceholder:"Password",showPasswordText:"Mostra password",signingInAs:"Accesso come ${email}",title:"Inserire la password",unverifiedEmail:"Verifica il tuo indirizzo email prima di accedere","user-blocked":"Il tuo account è stato bloccato dopo diversi tentativi di accesso consecutivi.","wrong-credentials":"Password errata"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"email",authMethodEmailOrPhone:"email o numero di telefono",authMethodPhone:"numero di telefono",description:"Accedi usando il tuo ${authMethod}",emailOrPhonePlaceholder:"Indirizzo email o numero di telefono",emailPlaceholder:"Indirizzo e-mail",invalidEmail:"Inserisci un indirizzo email valido",invalidIdentifier:"Inserisci un indirizzo email o un numero di telefono valido",invalidPhone:"Inserisci un numero di telefono valido con il prefisso internazionale",noEmail:"Inserisci il tuo indirizzo email",noPhone:"Inserisci il tuo numero di telefono",phonePlaceholder:"Numero di telefono",sessionExpired:"La sessione è scaduta. Riprova.",title:"Accedi con un codice",userAccountDoesNotExist:"L'account utente non esiste"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Clicca il link nella tua email per accedere",description:"Abbiamo inviato un link a ${username}. Cliccalo per accedere.",resendText:"Reinvia link",spamText:"Non hai ricevuto l'email? Controlla la cartella spam.",title:"Controlla la tua email"}},mfa:CI,"mfa-email":{"mfa-email":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Abbiamo inviato un codice a ${email}","invalid-code":"Il codice inserito non è valido",pageTitle:"Verifica email | ${clientName}",resendText:"Reinvia codice",title:"Controlla la tua email"}},"mfa-otp":{"mfa-otp":{buttonText:"Continua",codePlaceholder:"Inserisci il codice",description:"Inserisci il codice a 6 cifre dalla tua app di autenticazione","invalid-code":"Il codice inserito non è valido",pageTitle:"Inserisci il codice | ${clientName}",title:"Inserisci il tuo codice"},"mfa-totp-enrollment":{title:"Configura l'autenticatore",description:"Scansiona il codice QR qui sotto con la tua app di autenticazione, poi inserisci il codice a 6 cifre per verificare",secretLabel:"Oppure inserisci questo codice manualmente:",codePlaceholder:"Inserisci il codice",continueButtonText:"Verifica e attiva","invalid-code":"Il codice inserito non è valido. Riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.",pageTitle:"Configura autenticatore | ${clientName}",unexpectedError:"Qualcosa è andato storto. Riprova.",enrollmentComplete:"La registrazione MFA è completata. Puoi chiudere questa pagina."},"mfa-totp-challenge":{title:"Verifica la tua identità",description:"Inserisci il codice a 6 cifre dalla tua app di autenticazione",codePlaceholder:"Inserisci il codice",continueButtonText:"Continua","invalid-code":"Il codice inserito non è valido","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.",unexpectedError:"Qualcosa è andato storto. Riprova.",pageTitle:"Verifica identità | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Usa il tuo numero di telefono per accedere | ${clientName}",title:"Verifica la tua identità",description:"Abbiamo inviato un codice a ${phoneNumber}",continueButtonText:"Continua",changePhoneText:"Scegli un altro numero di telefono.",smsButtonText:"Messaggio di testo",voiceButtonText:"Chiamata vocale",chooseMessageTypeText:"Come vuoi ricevere il codice?",pickAuthenticatorText:"Prova un altro metodo",logoAltText:"${companyName}",codePlaceholder:"Inserisci il codice","send-sms-failed":"Si è verificato un problema nell'invio dell'SMS","send-voice-failed":"Si è verificato un problema nell'effettuare la chiamata vocale","invalid-phone-format":"Il numero di telefono può contenere solo cifre.","invalid-phone":"Sembra che il tuo numero di telefono non sia valido. Controlla e riprova.","too-many-sms":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","too-many-voice":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.","no-phone":"Inserisci un numero di telefono",noCode:"Inserisci il codice di verifica",invalidCode:"Il codice inserito non è valido. Riprova.",unexpectedError:"Qualcosa è andato storto. Riprova.",resendSuccess:"Abbiamo inviato un nuovo codice al tuo telefono",enrollmentComplete:"La registrazione MFA è completata. Puoi chiudere questa pagina."},"mfa-phone-enrollment":{pageTitle:"Inserisci il tuo numero di telefono per accedere con un codice telefonico | ${clientName}",title:"Proteggi il tuo account",description:"Inserisci il prefisso del paese e il numero di telefono a cui possiamo inviare un codice a 6 cifre:",continueButtonText:"Continua",smsButtonText:"Messaggio di testo",voiceButtonText:"Chiamata vocale",chooseMessageTypeText:"Come vuoi ricevere il codice?",pickAuthenticatorText:"Prova un altro metodo",placeholder:"Inserisci il tuo numero di telefono",logoAltText:"${companyName}",selectCountryCode:"Seleziona prefisso paese, attualmente impostato su ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Si è verificato un problema nell'invio dell'SMS","send-voice-failed":"Si è verificato un problema nell'effettuare la chiamata vocale","sms-authenticator-error":"Non siamo riusciti a inviare l'SMS. Riprova più tardi.","invalid-phone-format":"Il numero di telefono può contenere solo cifre.","invalid-phone":"Sembra che il tuo numero di telefono non sia valido. Controlla e riprova.","too-many-sms":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","too-many-voice":"Hai superato il numero massimo di messaggi telefonici all'ora. Attendi qualche minuto e riprova.","transaction-not-found":"La tua transazione di registrazione è scaduta, dovrai ricominciare.","no-phone":"Inserisci un numero di telefono","phone-is-too-short":"Il numero di telefono è troppo corto","phone-is-too-long":"Il numero di telefono è troppo lungo"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Scegli il metodo di verifica | ${clientName}",title:"Scegli il metodo di verifica",description:"Seleziona come vuoi verificare la tua identità",authenticatorAppLabel:"App di autenticazione",authenticatorAppDescription:"Usa la tua app di autenticazione per ottenere un codice di verifica",smsLabel:"Messaggio di testo",smsDescription:"Ricevi un codice di verifica inviato al tuo telefono",passkeyLabel:"Passkey",passkeyDescription:"Usa la biometria del tuo dispositivo o una chiave di sicurezza"}},"mfa-push":{"mfa-push":{description:"Abbiamo inviato una notifica al tuo dispositivo",pageTitle:"Notifica push | ${clientName}",resendText:"Reinvia notifica",title:"Approva la richiesta",useCodeText:"Inserisci il codice manualmente"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Continua",codePlaceholder:"Codice di recupero",description:"Inserisci uno dei tuoi codici di recupero","invalid-code":"Il codice di recupero inserito non è valido",pageTitle:"Codice di recupero | ${clientName}",title:"Inserisci il codice di recupero"}},"mfa-voice":{"mfa-voice":{buttonText:"Chiamami",codePlaceholder:"Inserisci il codice",description:"Chiameremo ${phoneNumber} con il tuo codice","invalid-code":"Il codice inserito non è valido",pageTitle:"Chiamata vocale | ${clientName}",title:"Ricevi una telefonata"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Riprova",description:"Inserisci la tua chiave di sicurezza e segui le istruzioni",pageTitle:"Chiave di sicurezza | ${clientName}",title:"Usa la tua chiave di sicurezza"}},passkeys:TI,organizations:xI,"reset-password":{"reset-password":{backToLoginText:"Torna al login",buttonText:"Continua",codeExpired:"Il codice di reimpostazione della password è scaduto. Richiedine uno nuovo.",confirmPasswordLabel:"Conferma password",confirmPasswordPlaceholder:"Conferma password",description:"Inserisci la tua email per reimpostare la password",emailPlaceholder:"Indirizzo e-mail",failed:"Reimpostazione della password non riuscita. Riprova.","invalid-email-format":"Email non valida","no-email":"Inserisci un indirizzo email",pageTitle:"Reimposta password | ${clientName}",passwordLabel:"Nuova password",passwordPlaceholder:"Nuova password",passwordTooWeak:"La password è troppo debole",passwordsDidntMatch:"Le password non corrispondono",successDescription:"Abbiamo inviato un link per reimpostare la password al tuo indirizzo email.",successTitle:"Controlla la tua email",title:"Hai dimenticato la password?","user-not-found":"Utente non trovato"},"reset-password-code":{backToLoginText:"Torna al login",buttonText:"Reimposta password",codeLabel:"Codice di reimpostazione",codePlaceholder:"Inserisci il codice a 6 cifre",confirmPasswordLabel:"Conferma password",confirmPasswordPlaceholder:"Conferma password",defaultDescription:"Inserisci il codice inviato alla tua email e scegli una nuova password",description:"Abbiamo inviato un codice a ${email}",failed:"Reimpostazione della password non riuscita. Riprova.",invalidCode:"Il codice inserito non è valido o è scaduto",noCode:"Inserisci il codice di reimpostazione",pageTitle:"Inserisci il codice di reimpostazione | ${clientName}",passwordLabel:"Nuova password",passwordPlaceholder:"Nuova password",passwordTooWeak:"La password è troppo debole",passwordsDidntMatch:"Le password non corrispondono",resendFailed:"Impossibile reinviare il codice. Riprova.",resendSuccess:"Un nuovo codice è stato inviato alla tua email",resendText:"Reinvia codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Inserisci il codice di reimpostazione"}},signup:II,"signup-id":{"signup-id":{buttonText:"Continua",description:"Registrati per continuare","email-already-exists":"Questa email è già registrata",emailPlaceholder:"Indirizzo e-mail",federatedConnectionButtonText:"Continua con ${connectionName}","invalid-email-format":"Email non valida",loginActionLinkText:"Accedi",loginActionText:"Hai già un account?","no-email":"Inserisci un indirizzo email",pageTitle:"Registrati | ${clientName}",phonePlaceholder:"Numero di telefono",separatorText:"o",title:"Crea il tuo account",usernamePlaceholder:"Nome utente"}},"signup-password":{"signup-password":{buttonText:"Continua",description:"Registrati per continuare",hidePasswordText:"Nascondi password","no-password":"La password è obbligatoria",pageTitle:"Registrati | ${clientName}","password-policy-not-met":"La password non soddisfa i requisiti","password-too-weak":"La password è troppo debole",passwordPlaceholder:"Password",showPasswordText:"Mostra password",title:"Crea la tua password"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Continua",codeLabel:"Codice di verifica",codePlaceholder:"Inserisci il codice",defaultDescription:"Inserisci il codice di verifica inviato al tuo telefono",description:"Abbiamo inviato un codice a ${username}","invalid-code":"Codice non valido",noCode:"Inserisci il codice di verifica",pageTitle:"Inserisci il codice | ${clientName}",resendText:"Reinvia codice",sessionExpired:"La sessione è scaduta. Riprova.",title:"Controlla il tuo telefono",unexpectedError:"Si è verificato un errore imprevisto"}},status:$I},Qj=Object.freeze(Object.defineProperty({__proto__:null,common:AI,consent:kI,default:Yj,invitation:SI,login:EI,mfa:CI,organizations:xI,passkeys:TI,signup:II,status:$I},Symbol.toStringTag,{value:"Module"})),zI={common:{alertListTitle:"Varsler",backText:"Gå tilbake",cancelText:"Avbryt",closeText:"Lukk",contactSupportText:"Kontakt kundestøtte",continueText:"Fortsett",copyrightText:"© ${currentYear} ${companyName}",errorText:"Det oppstod en feil",hidePasswordText:"Skjul passord",loadingText:"Laster...",orText:"eller",privacyPolicyText:"Personvernerklæring",showPasswordText:"Vis passord",termsOfServiceText:"Vilkår for bruk",termsShortText:"Vilkår",tryAgainText:"Prøv igjen"}},NI={consent:{buttonText:"Godta",cancelButtonText:"Avslå",description:"${clientName} ber om tilgang til kontoen din",pageTitle:"Godkjenn | ${clientName}",scopesTitle:"Dette vil gi ${clientName} tillatelse til å:",title:"Godkjenn ${clientName}"}},PI={invitation:{acceptButtonText:"Godta invitasjon",description:"${inviterName} har invitert deg til å bli med i ${organizationName} på ${clientName}",pageTitle:"Invitasjon | ${clientName}",title:"Du har blitt invitert"}},FI={login:{alertListTitle:"Varsler",buttonText:"Fortsett",description:"Logg inn på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-postadresse",enterACodeBtn:"Logg inn med en kode",federatedConnectionButtonText:"Fortsett med ${connectionName}",footerLinkText:"Registrer deg",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord",invalidEmail:"Ugyldig e-postadresse",invalidIdentifier:"Ugyldig e-postadresse eller brukernavn",invitationDescription:"Logg inn for å godta ${inviterName} sin invitasjon til å bli med i ${companyName} på ${clientName}.",invitationTitle:"Du har blitt invitert!",logoAltText:"${companyName}","no-email":"Vennligst oppgi en e-postadresse","no-password":"Passord er påkrevd",pageTitle:"Logg inn | ${clientName}",passwordLoginNotAvailable:"Passordautentisering er ikke tilgjengelig",passwordPlaceholder:"Passord",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",signupActionLinkText:"Registrer deg",signupActionText:"Har du ikke en konto?",title:"Velkommen",tooManyFailedLogins:"For mange mislykkede innloggingsforsøk. Vennligst prøv igjen senere.",unverifiedEmail:"Vennligst bekreft e-postadressen din før du logger inn",userAccountDoesNotExist:"Brukerkontoen finnes ikke",usernamePlaceholder:"Brukernavn eller e-postadresse",usernameTooLong:"Brukernavnet må være ${max} tegn eller færre",usernameTooShort:"Brukernavnet må være minst ${min} tegn",wrongCredentials:"Feil brukernavn eller passord",passkeyButtonText:"Logg inn med passkey"}},OI={mfa:{backupCodeText:"Bruk reservekode",description:"Velg en bekreftelsesmetode",pageTitle:"Flerfaktorautentisering | ${clientName}",title:"Bekreft identiteten din"}},RI={"passkey-enrollment-nudge":{title:"Sikre kontoen din med en passnøkkel",description:"Passnøkler bruker enhetens biometri eller PIN-kode for å logge deg inn raskere og sikrere.",enrollButtonText:"Sett opp passnøkkel",snoozeButtonText:"Kanskje senere",optOutLinkText:"Ikke vis dette igjen",pageTitle:"Sett Opp Passnøkkel | ${clientName}"},"passkey-enrollment":{title:"Opprett passnøkkelen din",description:"Følg instruksjonene fra nettleseren for å opprette en passnøkkel for denne kontoen.",errorMessage:"Kunne ikke opprette passnøkkel. Vennligst prøv igjen.",cancelLinkText:"Hopp over for nå",retryButtonText:"Prøv igjen",enrollmentComplete:"Passnøkkelen din er konfigurert. Du kan lukke denne siden.",pageTitle:"Opprett Passnøkkel | ${clientName}"},"passkey-challenge":{title:"Logg inn med passkey",description:"Følg instruksjonene fra nettleseren for å bekrefte identiteten din.",errorMessage:"Autentisering med passkey mislyktes. Vennligst prøv igjen.",cancelLinkText:"Tilbake til innlogging",retryButtonText:"Prøv igjen",pageTitle:"Logg inn med passkey | ${clientName}"}},jI={organizations:{description:"Velg hvilken organisasjon du vil logge inn på",pageTitle:"Velg organisasjon | ${clientName}",searchPlaceholder:"Søk etter organisasjoner",title:"Velg din organisasjon"}},DI={signup:{buttonText:"Registrer deg",confirmPasswordPlaceholder:"Bekreft passord",description:"Registrer deg for å fortsette","email-already-exists":"E-postadressen er allerede registrert",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}",hidePasswordText:"Skjul passord","invalid-email-format":"Ugyldig e-postadresse",loginActionLinkText:"Logg inn",loginActionText:"Har du allerede en konto?","no-email":"Vennligst oppgi en e-postadresse","no-password":"Passord er påkrevd","no-username":"Brukernavn er påkrevd",pageTitle:"Registrer deg | ${clientName}",passwordPlaceholder:"Passord",passwordsDidntMatch:"Passordene samsvarer ikke",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Personvernerklæring",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",termsOfServiceLinkText:"Vilkår for bruk",termsText:"Ved å registrere deg godtar du våre",title:"Opprett kontoen din","username-already-exists":"Dette brukernavnet er allerede tatt",usernamePlaceholder:"Brukernavn",verifyEmailText:"Sjekk e-posten din for å bekrefte kontoen"}},LI={status:{continueButtonText:"Fortsett",errorTitle:"Feil",pageTitle:"Status | ${clientName}",successTitle:"Vellykket",title:"Status"}},Zj={common:zI,consent:NI,"device-flow":{"device-flow":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Skriv inn koden som vises på enheten din","expired-code":"Koden har utløpt","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Enhetsaktivering | ${clientName}",title:"Aktiver enheten din"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Fortsett",codeLabel:"Bekreftelseskode",codePlaceholder:"Skriv inn kode",defaultDescription:"Skriv inn bekreftelseskoden som ble sendt til e-posten din",description:"Vi sendte en kode til ${email}","invalid-code":"Ugyldig kode",noCode:"Vennligst skriv inn bekreftelseskoden",pageTitle:"Skriv inn kode | ${clientName}",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Sjekk e-posten din",unexpectedError:"En uventet feil oppstod"}},"email-verification":{"email-verification":{description:"Vi sendte en e-post til ${email}",pageTitle:"Bekreft e-post | ${clientName}",resendText:"Send e-post på nytt",successDescription:"E-postadressen din er bekreftet.",successTitle:"E-post bekreftet",title:"Bekreft e-posten din"}},invitation:PI,login:FI,"login-id":{"login-id":{alertListTitle:"Varsler","auth0-users-validation":"Noe gikk galt, vennligst prøv igjen senere","authentication-failure":"Beklager, noe gikk galt under innloggingsforsøket",buttonText:"Fortsett","captcha-client-failure":"Vi kunne ikke laste sikkerhetsutfordringen. Vennligst prøv igjen. (Feilkode: #{errorCode})","captcha-validation-failure":"Beklager, noe gikk galt under validering av captcha-svaret. Vennligst prøv igjen.",captchaCodePlaceholder:"Skriv inn koden som vises ovenfor","custom-script-error-code":"Noe gikk galt, vennligst prøv igjen senere.",description:"Logg inn på ${clientName}.",editEmailText:"Rediger",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}",footerLinkText:"Registrer deg",footerText:"Har du ikke en konto?",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord","invalid-captcha":"Løs utfordringen for å bekrefte at du ikke er en robot.","invalid-code":"Ugyldig kode","invalid-connection":"Ugyldig tilkobling","invalid-email-format":"Ugyldig e-postadresse","invalid-email-phone":"Skriv inn en gyldig e-postadresse eller telefonnummer. Telefonnumre må inkludere landskode.","invalid-email-phone-username":"Skriv inn en gyldig e-postadresse, telefonnummer eller brukernavn. Telefonnumre må inkludere landskode.","invalid-email-username":"Skriv inn en gyldig e-postadresse eller brukernavn","invalid-expired-code":"Ugyldig eller utløpt brukerkode","invalid-login-id":"Ugyldig innloggings-ID","invalid-phone-username":"Skriv inn et gyldig telefonnummer eller brukernavn. Telefonnumre må inkludere landskode.","invalid-recaptcha":"Kryss av i boksen for å bekrefte at du ikke er en robot.","invalid-username":"Brukernavnet kan bare inneholde alfanumeriske tegn eller: '${characters}'. Brukernavnet må ha mellom ${min} og ${max} tegn.",invitationDescription:"Logg inn for å godta ${inviterName} sin invitasjon til å bli med i ${companyName} på ${clientName}.",invitationTitle:"Du har blitt invitert!","ip-blocked":"Vi har oppdaget mistenkelig innloggingsaktivitet, og videre forsøk vil bli blokkert. Vennligst kontakt administratoren.",logoAltText:"${companyName}","no-db-connection":"Ugyldig tilkobling","no-email":"Vennligst oppgi en e-postadresse","no-email-phone":"E-postadresse eller telefonnummer er påkrevd","no-email-phone-username":"Telefonnummer, brukernavn eller e-postadresse er påkrevd","no-email-username":"E-postadresse eller brukernavn er påkrevd","no-password":"Passord er påkrevd","no-phone":"Vennligst oppgi et telefonnummer","no-phone-username":"Telefonnummer eller brukernavn er påkrevd","no-username":"Brukernavn er påkrevd",pageTitle:"Logg inn | ${clientName}","password-breached":"Vi har oppdaget et potensielt sikkerhetsproblem med denne kontoen. For å beskytte kontoen din har vi forhindret denne innloggingen. Vennligst tilbakestill passordet ditt for å fortsette.",passwordPlaceholder:"Passord",phoneOrEmailPlaceholder:"E-post eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, brukernavn eller e-post",phoneOrUsernamePlaceholder:"Telefonnummer eller brukernavn",phonePlaceholder:"Telefonnummer","same-user-login":"For mange innloggingsforsøk for denne brukeren. Vennligst vent og prøv igjen senere.",selectCountryCode:"Velg landskode, for øyeblikket satt til ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",showPasswordText:"Vis passord",signupActionLinkText:"Registrer deg",signupActionText:"Har du ikke en konto?",termsAndConditionsTemplate:'Ved å fortsette godtar du våre <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">vilkår</a>.',title:"Velkommen","user-blocked":"Kontoen din har blitt blokkert etter flere påfølgende innloggingsforsøk.",userAccountDoesNotExist:"Brukerkontoen finnes ikke",usernameOnlyPlaceholder:"Brukernavn",usernameOrEmailPlaceholder:"Brukernavn eller e-postadresse",usernamePlaceholder:"Brukernavn eller e-postadresse",usernameTooLong:"Brukernavnet må være ${max} tegn eller færre",usernameTooShort:"Brukernavnet må være minst ${min} tegn","wrong-credentials":"Feil brukernavn eller passord","wrong-email-credentials":"Feil e-postadresse eller passord","wrong-email-phone-credentials":"Feil e-postadresse, telefonnummer eller passord. Telefonnumre må inkludere landskode.","wrong-email-phone-username-credentials":"Feil e-postadresse, telefonnummer, brukernavn eller passord. Telefonnumre må inkludere landskode.","wrong-email-username-credentials":"Feil e-postadresse, brukernavn eller passord","wrong-phone-credentials":"Feil telefonnummer eller passord","wrong-phone-username-credentials":"Feil telefonnummer, brukernavn eller passord. Telefonnumre må inkludere landskode.","wrong-username-credentials":"Feil brukernavn eller passord",passkeyButtonText:"Logg inn med passkey"}},"login-password":{"login-password":{buttonText:"Logg inn",description:"Logg inn på ${clientName}",forgotPasswordText:"Har du glemt passordet?",hidePasswordText:"Skjul passord","no-password":"Passord er påkrevd",pageTitle:"Logg inn | ${clientName}","password-breached":"Vi har oppdaget et potensielt sikkerhetsproblem med denne kontoen. For å beskytte kontoen din har vi forhindret denne innloggingen. Vennligst tilbakestill passordet ditt for å fortsette.",passwordPlaceholder:"Passord",showPasswordText:"Vis passord",signingInAs:"Logger inn som ${email}",title:"Oppgi passord",unverifiedEmail:"Vennligst bekreft e-postadressen din før du logger inn","user-blocked":"Kontoen din har blitt blokkert etter flere påfølgende innloggingsforsøk.","wrong-credentials":"Feil passord"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-post",authMethodEmailOrPhone:"e-post eller telefonnummer",authMethodPhone:"telefonnummer",description:"Logg inn med din ${authMethod}",emailOrPhonePlaceholder:"E-postadresse eller telefonnummer",emailPlaceholder:"E-postadresse",invalidEmail:"Vennligst oppgi en gyldig e-postadresse",invalidIdentifier:"Vennligst oppgi en gyldig e-postadresse eller telefonnummer",invalidPhone:"Vennligst oppgi et gyldig telefonnummer med landskode",noEmail:"Vennligst oppgi e-postadressen din",noPhone:"Vennligst oppgi telefonnummeret ditt",phonePlaceholder:"Telefonnummer",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Logg inn med en kode",userAccountDoesNotExist:"Brukerkontoen finnes ikke"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klikk på lenken i e-posten for å logge inn",description:"Vi sendte en lenke til ${username}. Klikk på den for å logge inn.",resendText:"Send lenke på nytt",spamText:"Fikk du ikke e-posten? Sjekk søppelpostmappen.",title:"Sjekk e-posten din"}},mfa:OI,"mfa-email":{"mfa-email":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Vi sendte en kode til ${email}","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"E-postbekreftelse | ${clientName}",resendText:"Send kode på nytt",title:"Sjekk e-posten din"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsett",codePlaceholder:"Skriv inn kode",description:"Skriv inn den 6-sifrede koden fra autentiseringsappen din","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Skriv inn kode | ${clientName}",title:"Skriv inn koden din"},"mfa-totp-enrollment":{title:"Sett opp autentisering",description:"Skann QR-koden nedenfor med autentiseringsappen din, og skriv deretter inn den 6-sifrede koden for å verifisere",secretLabel:"Eller skriv inn denne koden manuelt:",codePlaceholder:"Skriv inn kode",continueButtonText:"Bekreft og aktiver","invalid-code":"Koden du skrev inn er ugyldig. Vennligst prøv igjen.","transaction-not-found":"Registreringsøkten din har utløpt, du må starte på nytt.",pageTitle:"Sett opp autentisering | ${clientName}",unexpectedError:"Noe gikk galt. Vennligst prøv igjen.",enrollmentComplete:"MFA-registreringen er fullført. Du kan lukke denne siden."},"mfa-totp-challenge":{title:"Bekreft identiteten din",description:"Skriv inn den 6-sifrede koden fra autentiseringsappen din",codePlaceholder:"Skriv inn kode",continueButtonText:"Fortsett","invalid-code":"Koden du skrev inn er ugyldig","transaction-not-found":"Registreringsøkten din har utløpt, du må starte på nytt.",unexpectedError:"Noe gikk galt. Vennligst prøv igjen.",pageTitle:"Bekreft identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Bruk telefonnummeret ditt for å logge inn | ${clientName}",title:"Bekreft identiteten din",description:"Vi sendte en kode til ${phoneNumber}",continueButtonText:"Fortsett",changePhoneText:"Velg et annet telefonnummer.",smsButtonText:"Tekstmelding",voiceButtonText:"Taleanrop",chooseMessageTypeText:"Hvordan vil du motta koden?",pickAuthenticatorText:"Prøv en annen metode",logoAltText:"${companyName}",codePlaceholder:"Skriv inn kode","send-sms-failed":"Det oppstod et problem med å sende SMS-en","send-voice-failed":"Det oppstod et problem med å ringe taleanropet","invalid-phone-format":"Telefonnummeret kan bare inneholde sifre.","invalid-phone":"Det ser ut som telefonnummeret ditt ikke er gyldig. Sjekk og prøv igjen.","too-many-sms":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","too-many-voice":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","transaction-not-found":"Registreringstransaksjonen din har utløpt, du må starte på nytt.","no-phone":"Skriv inn et telefonnummer",noCode:"Vennligst skriv inn bekreftelseskoden",invalidCode:"Koden du skrev inn er ugyldig. Prøv igjen.",unexpectedError:"Noe gikk galt. Prøv igjen.",resendSuccess:"Vi sendte en ny kode til telefonen din",enrollmentComplete:"MFA-registreringen er fullført. Du kan lukke denne siden."},"mfa-phone-enrollment":{pageTitle:"Skriv inn telefonnummeret ditt for å logge inn med en telefonkode | ${clientName}",title:"Sikre kontoen din",description:"Skriv inn landskoden og telefonnummeret vi kan sende en 6-sifret kode til:",continueButtonText:"Fortsett",smsButtonText:"Tekstmelding",voiceButtonText:"Taleanrop",chooseMessageTypeText:"Hvordan vil du motta koden?",pickAuthenticatorText:"Prøv en annen metode",placeholder:"Skriv inn telefonnummeret ditt",logoAltText:"${companyName}",selectCountryCode:"Velg landskode, for øyeblikket satt til ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Det oppstod et problem med å sende SMS-en","send-voice-failed":"Det oppstod et problem med å ringe taleanropet","sms-authenticator-error":"Vi kunne ikke sende SMS-en. Prøv igjen senere.","invalid-phone-format":"Telefonnummeret kan bare inneholde sifre.","invalid-phone":"Det ser ut som telefonnummeret ditt ikke er gyldig. Sjekk og prøv igjen.","too-many-sms":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","too-many-voice":"Du har overskredet maksimalt antall telefonmeldinger per time. Vent noen minutter og prøv igjen.","transaction-not-found":"Registreringstransaksjonen din har utløpt, du må starte på nytt.","no-phone":"Skriv inn et telefonnummer","phone-is-too-short":"Telefonnummeret er for kort","phone-is-too-long":"Telefonnummeret er for langt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Velg bekreftelsesmetode | ${clientName}",title:"Velg bekreftelsesmetode",description:"Velg hvordan du vil bekrefte identiteten din",authenticatorAppLabel:"Autentiseringsapp",authenticatorAppDescription:"Bruk autentiseringsappen din for å få en bekreftelseskode",smsLabel:"Tekstmelding",smsDescription:"Få en bekreftelseskode sendt til telefonen din",passkeyLabel:"Passnøkkel",passkeyDescription:"Bruk enhetens biometri eller sikkerhetsnøkkel"}},"mfa-push":{"mfa-push":{description:"Vi sendte en varsling til enheten din",pageTitle:"Push-varsling | ${clientName}",resendText:"Send varsling på nytt",title:"Godkjenn forespørselen",useCodeText:"Skriv inn kode manuelt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsett",codePlaceholder:"Gjenopprettingskode",description:"Skriv inn en av gjenopprettingskodene dine","invalid-code":"Gjenopprettingskoden du skrev inn er ugyldig",pageTitle:"Gjenopprettingskode | ${clientName}",title:"Skriv inn gjenopprettingskode"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring meg",codePlaceholder:"Skriv inn kode",description:"Vi ringer ${phoneNumber} med koden din","invalid-code":"Koden du skrev inn er ugyldig",pageTitle:"Taleanrop | ${clientName}",title:"Motta en telefonsamtale"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Prøv igjen",description:"Sett inn sikkerhetsnøkkelen din og følg instruksjonene",pageTitle:"Sikkerhetsnøkkel | ${clientName}",title:"Bruk sikkerhetsnøkkelen din"}},passkeys:RI,organizations:jI,"reset-password":{"reset-password":{backToLoginText:"Tilbake til innlogging",buttonText:"Fortsett",codeExpired:"Koden for tilbakestilling av passord har utløpt. Vennligst be om en ny.",confirmPasswordLabel:"Bekreft passord",confirmPasswordPlaceholder:"Bekreft passord",description:"Oppgi e-postadressen din for å tilbakestille passordet",emailPlaceholder:"E-postadresse",failed:"Tilbakestilling av passord mislyktes. Vennligst prøv igjen.","invalid-email-format":"Ugyldig e-postadresse","no-email":"Vennligst oppgi en e-postadresse",pageTitle:"Tilbakestill passord | ${clientName}",passwordLabel:"Nytt passord",passwordPlaceholder:"Nytt passord",passwordTooWeak:"Passordet er for svakt",passwordsDidntMatch:"Passordene samsvarer ikke",successDescription:"Vi har sendt en lenke for tilbakestilling av passord til e-postadressen din.",successTitle:"Sjekk e-posten din",title:"Har du glemt passordet?","user-not-found":"Brukeren ble ikke funnet"},"reset-password-code":{backToLoginText:"Tilbake til innlogging",buttonText:"Tilbakestill passord",codeLabel:"Tilbakestillingskode",codePlaceholder:"Skriv inn 6-sifret kode",confirmPasswordLabel:"Bekreft passord",confirmPasswordPlaceholder:"Bekreft passord",defaultDescription:"Skriv inn koden som ble sendt til e-posten din og velg et nytt passord",description:"Vi sendte en kode til ${email}",failed:"Tilbakestilling av passord mislyktes. Vennligst prøv igjen.",invalidCode:"Koden du skrev inn er ugyldig eller har utløpt",noCode:"Vennligst skriv inn tilbakestillingskoden",pageTitle:"Skriv inn tilbakestillingskode | ${clientName}",passwordLabel:"Nytt passord",passwordPlaceholder:"Nytt passord",passwordTooWeak:"Passordet er for svakt",passwordsDidntMatch:"Passordene samsvarer ikke",resendFailed:"Kunne ikke sende koden på nytt. Vennligst prøv igjen.",resendSuccess:"En ny kode har blitt sendt til e-posten din",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Skriv inn tilbakestillingskode"}},signup:DI,"signup-id":{"signup-id":{buttonText:"Fortsett",description:"Registrer deg for å fortsette","email-already-exists":"E-postadressen er allerede registrert",emailPlaceholder:"E-postadresse",federatedConnectionButtonText:"Fortsett med ${connectionName}","invalid-email-format":"Ugyldig e-postadresse",loginActionLinkText:"Logg inn",loginActionText:"Har du allerede en konto?","no-email":"Vennligst oppgi en e-postadresse",pageTitle:"Registrer deg | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Opprett kontoen din",usernamePlaceholder:"Brukernavn"}},"signup-password":{"signup-password":{buttonText:"Fortsett",description:"Opprett et passord for å fortsette",hidePasswordText:"Skjul passord","no-password":"Passord er påkrevd",pageTitle:"Registrer deg | ${clientName}","password-policy-not-met":"Passordet oppfyller ikke kravene","password-too-weak":"Passordet er for svakt",passwordPlaceholder:"Passord",showPasswordText:"Vis passord",title:"Opprett passordet ditt"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Fortsett",codeLabel:"Bekreftelseskode",codePlaceholder:"Skriv inn kode",defaultDescription:"Skriv inn bekreftelseskoden som ble sendt til telefonen din",description:"Vi sendte en kode til ${username}","invalid-code":"Ugyldig kode",noCode:"Vennligst skriv inn bekreftelseskoden",pageTitle:"Skriv inn kode | ${clientName}",resendText:"Send kode på nytt",sessionExpired:"Økten din har utløpt. Vennligst prøv igjen.",title:"Sjekk telefonen din",unexpectedError:"En uventet feil oppstod"}},status:LI},Xj=Object.freeze(Object.defineProperty({__proto__:null,common:zI,consent:NI,default:Zj,invitation:PI,login:FI,mfa:OI,organizations:jI,passkeys:RI,signup:DI,status:LI},Symbol.toStringTag,{value:"Module"})),BI={common:{alertListTitle:"Powiadomienia",backText:"Wróć",cancelText:"Anuluj",closeText:"Zamknij",contactSupportText:"Potrzebujesz pomocy?",continueText:"Kontynuuj",copyrightText:"© ${currentYear} ${companyName}",errorText:"Coś poszło nie tak. Spróbuj ponownie.",hidePasswordText:"Ukryj hasło",loadingText:"Ładowanie...",orText:"lub",privacyPolicyText:"Polityka prywatności",showPasswordText:"Pokaż hasło",termsOfServiceText:"Regulamin",termsShortText:"Zasady",tryAgainText:"Spróbuj ponownie"}},MI={consent:{buttonText:"Zaakceptuj",cancelButtonText:"Odmów",description:"${clientName} prosi o dostęp do Twojego konta",pageTitle:"Autoryzacja | ${clientName}",scopesTitle:"Umożliwi to ${clientName}:",title:"Autoryzuj ${clientName}"}},UI={invitation:{acceptButtonText:"Przyjmij zaproszenie",description:"${inviterName} zaprosił Cię do dołączenia do ${organizationName} w ${clientName}",pageTitle:"Zaproszenie | ${clientName}",title:"Otrzymałeś zaproszenie"}},qI={login:{alertListTitle:"Powiadomienia",buttonText:"Kontynuuj",description:"Zaloguj się do ${clientName}.",editEmailText:"Edytuj",emailPlaceholder:"Adres e-mail",enterACodeBtn:"Zaloguj się kodem",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",footerLinkText:"Zarejestruj się",footerText:"Nie masz konta?",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło",invalidEmail:"Nieprawidłowy adres e-mail",invalidIdentifier:"Nieprawidłowy adres e-mail lub nazwa użytkownika",invitationDescription:"Zaloguj się, aby przyjąć zaproszenie od ${inviterName} do dołączenia do ${companyName} w ${clientName}.",invitationTitle:"Otrzymałeś zaproszenie!",logoAltText:"${companyName}","no-email":"Wprowadź adres e-mail","no-password":"Hasło jest wymagane",pageTitle:"Logowanie | ${clientName}",passwordLoginNotAvailable:"Logowanie hasłem jest niedostępne",passwordPlaceholder:"Hasło",phonePlaceholder:"Numer telefonu",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",signupActionLinkText:"Zarejestruj się",signupActionText:"Nie masz konta?",title:"Witamy",tooManyFailedLogins:"Zbyt wiele nieudanych prób logowania. Spróbuj ponownie później.",unverifiedEmail:"Zweryfikuj swój adres e-mail przed zalogowaniem",userAccountDoesNotExist:"Konto użytkownika nie istnieje",usernamePlaceholder:"Nazwa użytkownika lub adres e-mail",usernameTooLong:"Nazwa użytkownika musi mieć maksymalnie ${max} znaków",usernameTooShort:"Nazwa użytkownika musi mieć co najmniej ${min} znaków",wrongCredentials:"Nieprawidłowa nazwa użytkownika lub hasło",passkeyButtonText:"Zaloguj się za pomocą passkey"}},HI={mfa:{backupCodeText:"Użyj kodu zapasowego",description:"Wybierz metodę weryfikacji",pageTitle:"Uwierzytelnianie wieloskładnikowe | ${clientName}",title:"Zweryfikuj swoją tożsamość"}},VI={"passkey-enrollment-nudge":{title:"Zabezpiecz swoje konto kluczem dostępu",description:"Klucze dostępu wykorzystują biometrię lub PIN urządzenia, aby logować się szybciej i bezpieczniej.",enrollButtonText:"Skonfiguruj klucz dostępu",snoozeButtonText:"Może później",optOutLinkText:"Nie pokazuj ponownie",pageTitle:"Konfiguracja Klucza Dostępu | ${clientName}"},"passkey-enrollment":{title:"Utwórz klucz dostępu",description:"Postępuj zgodnie z instrukcjami przeglądarki, aby utworzyć klucz dostępu dla tego konta.",errorMessage:"Nie udało się utworzyć klucza dostępu. Spróbuj ponownie.",cancelLinkText:"Pomiń na razie",retryButtonText:"Spróbuj ponownie",enrollmentComplete:"Twój klucz dostępu został pomyślnie skonfigurowany. Możesz zamknąć tę stronę.",pageTitle:"Tworzenie Klucza Dostępu | ${clientName}"},"passkey-challenge":{title:"Zaloguj się za pomocą passkey",description:"Postępuj zgodnie z instrukcjami przeglądarki, aby zweryfikować swoją tożsamość.",errorMessage:"Uwierzytelnianie za pomocą passkey nie powiodło się. Spróbuj ponownie.",cancelLinkText:"Powrót do logowania",retryButtonText:"Spróbuj ponownie",pageTitle:"Logowanie za pomocą passkey | ${clientName}"}},KI={organizations:{description:"Wybierz organizację, do której chcesz się zalogować",pageTitle:"Wybierz organizację | ${clientName}",searchPlaceholder:"Szukaj organizacji",title:"Wybierz swoją organizację"}},GI={signup:{buttonText:"Zarejestruj się",confirmPasswordPlaceholder:"Potwierdź hasło",description:"Zarejestruj się, aby kontynuować","email-already-exists":"Ten adres e-mail jest już zarejestrowany",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",hidePasswordText:"Ukryj hasło","invalid-email-format":"Nieprawidłowy adres e-mail",loginActionLinkText:"Zaloguj się",loginActionText:"Masz już konto?","no-email":"Wprowadź adres e-mail","no-password":"Hasło jest wymagane","no-username":"Nazwa użytkownika jest wymagana",pageTitle:"Rejestracja | ${clientName}",passwordPlaceholder:"Hasło",passwordsDidntMatch:"Hasła nie są zgodne",phonePlaceholder:"Numer telefonu",privacyPolicyLinkText:"Polityka prywatności",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",termsOfServiceLinkText:"Regulamin",termsText:"Rejestrując się, akceptujesz nasz",title:"Utwórz konto","username-already-exists":"Ta nazwa użytkownika jest już zajęta",usernamePlaceholder:"Nazwa użytkownika",verifyEmailText:"Sprawdź swoją pocztę, aby zweryfikować konto"}},WI={status:{continueButtonText:"Kontynuuj",errorTitle:"Błąd",pageTitle:"Status | ${clientName}",successTitle:"Sukces",title:"Status"}},e9={common:BI,consent:MI,"device-flow":{"device-flow":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wprowadź kod wyświetlony na Twoim urządzeniu","expired-code":"Kod wygasł","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Aktywacja urządzenia | ${clientName}",title:"Aktywuj swoje urządzenie"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Kontynuuj",codeLabel:"Kod weryfikacyjny",codePlaceholder:"Wprowadź kod",defaultDescription:"Wprowadź kod weryfikacyjny wysłany na Twój adres e-mail",description:"Wysłaliśmy kod na ${email}","invalid-code":"Nieprawidłowy kod",noCode:"Wprowadź kod weryfikacyjny",pageTitle:"Wprowadź kod | ${clientName}",resendText:"Wyślij ponownie kod",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Sprawdź swoją pocztę",unexpectedError:"Wystąpił nieoczekiwany błąd"}},"email-verification":{"email-verification":{description:"Wysłaliśmy wiadomość na ${email}",pageTitle:"Weryfikacja e-mail | ${clientName}",resendText:"Wyślij ponownie e-mail",successDescription:"Twój adres e-mail został pomyślnie zweryfikowany.",successTitle:"E-mail zweryfikowany",title:"Zweryfikuj swój adres e-mail"}},invitation:UI,login:qI,"login-id":{"login-id":{alertListTitle:"Powiadomienia","auth0-users-validation":"Coś poszło nie tak, spróbuj ponownie później","authentication-failure":"Przepraszamy, wystąpił błąd podczas logowania",buttonText:"Kontynuuj","captcha-client-failure":"Nie udało się załadować weryfikacji bezpieczeństwa. Spróbuj ponownie. (Kod błędu: #{errorCode})","captcha-validation-failure":"Przepraszamy, wystąpił błąd podczas weryfikacji captcha. Spróbuj ponownie.",captchaCodePlaceholder:"Wprowadź kod widoczny powyżej","custom-script-error-code":"Coś poszło nie tak, spróbuj ponownie później.",description:"Zaloguj się do ${clientName}.",editEmailText:"Edytuj",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}",footerLinkText:"Zarejestruj się",footerText:"Nie masz konta?",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło","invalid-captcha":"Rozwiąż zadanie, aby potwierdzić, że nie jesteś robotem.","invalid-code":"Nieprawidłowy kod","invalid-connection":"Nieprawidłowe połączenie","invalid-email-format":"Nieprawidłowy adres e-mail","invalid-email-phone":"Wprowadź prawidłowy adres e-mail lub numer telefonu. Numery telefonów muszą zawierać kod kraju.","invalid-email-phone-username":"Wprowadź prawidłowy adres e-mail, numer telefonu lub nazwę użytkownika. Numery telefonów muszą zawierać kod kraju.","invalid-email-username":"Wprowadź prawidłowy adres e-mail lub nazwę użytkownika","invalid-expired-code":"Nieprawidłowy lub wygasły kod użytkownika","invalid-login-id":"Wprowadzono nieprawidłowy identyfikator logowania","invalid-phone-username":"Wprowadź prawidłowy numer telefonu lub nazwę użytkownika. Numery telefonów muszą zawierać kod kraju.","invalid-recaptcha":"Zaznacz pole wyboru, aby potwierdzić, że nie jesteś robotem.","invalid-username":"Nazwa użytkownika może zawierać tylko znaki alfanumeryczne lub: '${characters}'. Nazwa użytkownika powinna mieć od ${min} do ${max} znaków.",invitationDescription:"Zaloguj się, aby przyjąć zaproszenie od ${inviterName} do dołączenia do ${companyName} w ${clientName}.",invitationTitle:"Otrzymałeś zaproszenie!","ip-blocked":"Wykryliśmy podejrzaną aktywność logowania i dalsze próby zostaną zablokowane. Skontaktuj się z administratorem.",logoAltText:"${companyName}","no-db-connection":"Nieprawidłowe połączenie","no-email":"Wprowadź adres e-mail","no-email-phone":"Adres e-mail lub numer telefonu jest wymagany","no-email-phone-username":"Numer telefonu, nazwa użytkownika lub adres e-mail jest wymagany","no-email-username":"Adres e-mail lub nazwa użytkownika jest wymagany","no-password":"Hasło jest wymagane","no-phone":"Wprowadź numer telefonu","no-phone-username":"Numer telefonu lub nazwa użytkownika jest wymagany","no-username":"Nazwa użytkownika jest wymagana",pageTitle:"Logowanie | ${clientName}","password-breached":"Wykryliśmy potencjalny problem z bezpieczeństwem tego konta. Aby chronić Twoje konto, zablokowano to logowanie. Zresetuj hasło, aby kontynuować.",passwordPlaceholder:"Hasło",phoneOrEmailPlaceholder:"E-mail lub numer telefonu",phoneOrUsernameOrEmailPlaceholder:"Telefon, nazwa użytkownika lub e-mail",phoneOrUsernamePlaceholder:"Numer telefonu lub nazwa użytkownika",phonePlaceholder:"Numer telefonu","same-user-login":"Zbyt wiele prób logowania dla tego użytkownika. Poczekaj chwilę i spróbuj ponownie.",selectCountryCode:"Wybierz kod kraju, aktualnie ustawiony na ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"lub",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",showPasswordText:"Pokaż hasło",signupActionLinkText:"Zarejestruj się",signupActionText:"Nie masz konta?",termsAndConditionsTemplate:'Kontynuując, akceptujesz nasze <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Zasady i warunki</a>.',title:"Witamy","user-blocked":"Twoje konto zostało zablokowane po wielu kolejnych nieudanych próbach logowania.",userAccountDoesNotExist:"Konto użytkownika nie istnieje",usernameOnlyPlaceholder:"Nazwa użytkownika",usernameOrEmailPlaceholder:"Nazwa użytkownika lub adres e-mail",usernamePlaceholder:"Nazwa użytkownika",usernameTooLong:"Nazwa użytkownika musi mieć maksymalnie ${max} znaków",usernameTooShort:"Nazwa użytkownika musi mieć co najmniej ${min} znaków","wrong-credentials":"Nieprawidłowa nazwa użytkownika lub hasło","wrong-email-credentials":"Nieprawidłowy adres e-mail lub hasło","wrong-email-phone-credentials":"Nieprawidłowy adres e-mail, numer telefonu lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-email-phone-username-credentials":"Nieprawidłowy adres e-mail, numer telefonu, nazwa użytkownika lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-email-username-credentials":"Nieprawidłowy adres e-mail, nazwa użytkownika lub hasło","wrong-phone-credentials":"Nieprawidłowy numer telefonu lub hasło","wrong-phone-username-credentials":"Nieprawidłowy numer telefonu, nazwa użytkownika lub hasło. Numery telefonów muszą zawierać kod kraju.","wrong-username-credentials":"Nieprawidłowa nazwa użytkownika lub hasło",passkeyButtonText:"Zaloguj się za pomocą passkey"}},"login-password":{"login-password":{buttonText:"Zaloguj się",description:"Zaloguj się do ${clientName}",forgotPasswordText:"Zapomniałeś hasła?",hidePasswordText:"Ukryj hasło","no-password":"Hasło jest wymagane",pageTitle:"Logowanie | ${clientName}","password-breached":"Wykryliśmy potencjalny problem z bezpieczeństwem tego konta. Aby chronić Twoje konto, zablokowano to logowanie. Zresetuj hasło, aby kontynuować.",passwordPlaceholder:"Hasło",showPasswordText:"Pokaż hasło",signingInAs:"Logujesz się jako ${email}",title:"Wprowadź hasło",unverifiedEmail:"Zweryfikuj swój adres e-mail przed zalogowaniem","user-blocked":"Twoje konto zostało zablokowane po wielu kolejnych nieudanych próbach logowania.","wrong-credentials":"Nieprawidłowe hasło"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-mail",authMethodEmailOrPhone:"e-mail lub numer telefonu",authMethodPhone:"numer telefonu",description:"Zaloguj się za pomocą swojego ${authMethod}",emailOrPhonePlaceholder:"Adres e-mail lub numer telefonu",emailPlaceholder:"Adres e-mail",invalidEmail:"Wprowadź prawidłowy adres e-mail",invalidIdentifier:"Wprowadź prawidłowy adres e-mail lub numer telefonu",invalidPhone:"Wprowadź prawidłowy numer telefonu z kodem kraju",noEmail:"Wprowadź swój adres e-mail",noPhone:"Wprowadź swój numer telefonu",phonePlaceholder:"Numer telefonu",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Zaloguj się kodem",userAccountDoesNotExist:"Konto użytkownika nie istnieje"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Kliknij link w wiadomości e-mail, aby się zalogować",description:"Wysłaliśmy link na ${username}. Kliknij go, aby się zalogować.",resendText:"Wyślij ponownie link",spamText:"Nie otrzymałeś wiadomości? Sprawdź folder spam.",title:"Sprawdź swoją pocztę"}},mfa:HI,"mfa-email":{"mfa-email":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wysłaliśmy kod na ${email}","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Weryfikacja e-mail | ${clientName}",resendText:"Wyślij ponownie kod",title:"Sprawdź swoją pocztę"}},"mfa-otp":{"mfa-otp":{buttonText:"Kontynuuj",codePlaceholder:"Wprowadź kod",description:"Wprowadź 6-cyfrowy kod z aplikacji uwierzytelniającej","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Wprowadź kod | ${clientName}",title:"Wprowadź swój kod"},"mfa-totp-enrollment":{title:"Skonfiguruj aplikację uwierzytelniającą",description:"Zeskanuj poniższy kod QR za pomocą aplikacji uwierzytelniającej, a następnie wprowadź 6-cyfrowy kod w celu weryfikacji",secretLabel:"Lub wprowadź ten kod ręcznie:",codePlaceholder:"Wprowadź kod",continueButtonText:"Zweryfikuj i aktywuj","invalid-code":"Wprowadzony kod jest nieprawidłowy. Spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.",pageTitle:"Konfiguracja uwierzytelniania | ${clientName}",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",enrollmentComplete:"Rejestracja MFA została zakończona. Możesz zamknąć tę stronę."},"mfa-totp-challenge":{title:"Zweryfikuj swoją tożsamość",description:"Wprowadź 6-cyfrowy kod z aplikacji uwierzytelniającej",codePlaceholder:"Wprowadź kod",continueButtonText:"Kontynuuj","invalid-code":"Wprowadzony kod jest nieprawidłowy","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",pageTitle:"Weryfikacja tożsamości | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Użyj swojego numeru telefonu, aby się zalogować | ${clientName}",title:"Zweryfikuj swoją tożsamość",description:"Wysłaliśmy kod na ${phoneNumber}",continueButtonText:"Kontynuuj",changePhoneText:"Wybierz inny numer telefonu.",smsButtonText:"Wiadomość tekstowa",voiceButtonText:"Połączenie głosowe",chooseMessageTypeText:"Jak chcesz otrzymać kod?",pickAuthenticatorText:"Wypróbuj inną metodę",logoAltText:"${companyName}",codePlaceholder:"Wpisz kod","send-sms-failed":"Wystąpił problem z wysłaniem SMS-a","send-voice-failed":"Wystąpił problem z wykonaniem połączenia głosowego","invalid-phone-format":"Numer telefonu może zawierać tylko cyfry.","invalid-phone":"Wygląda na to, że Twój numer telefonu jest nieprawidłowy. Sprawdź i spróbuj ponownie.","too-many-sms":"Przekroczono maksymalną liczbę wiadomości telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","too-many-voice":"Przekroczono maksymalną liczbę połączeń telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.","no-phone":"Wpisz numer telefonu",noCode:"Wprowadź kod weryfikacyjny",invalidCode:"Wprowadzony kod jest nieprawidłowy. Spróbuj ponownie.",unexpectedError:"Coś poszło nie tak. Spróbuj ponownie.",resendSuccess:"Wysłaliśmy nowy kod na Twój telefon",enrollmentComplete:"Rejestracja MFA została zakończona. Możesz zamknąć tę stronę."},"mfa-phone-enrollment":{pageTitle:"Wpisz swój numer telefonu, aby zalogować się kodem telefonicznym | ${clientName}",title:"Zabezpiecz swoje konto",description:"Wpisz kod kraju i numer telefonu, na który możemy wysłać 6-cyfrowy kod:",continueButtonText:"Kontynuuj",smsButtonText:"Wiadomość tekstowa",voiceButtonText:"Połączenie głosowe",chooseMessageTypeText:"Jak chcesz otrzymać kod?",pickAuthenticatorText:"Wypróbuj inną metodę",placeholder:"Wpisz swój numer telefonu",logoAltText:"${companyName}",selectCountryCode:"Wybierz kod kraju, aktualnie ustawiony na ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Wystąpił problem z wysłaniem SMS-a","send-voice-failed":"Wystąpił problem z wykonaniem połączenia głosowego","sms-authenticator-error":"Nie udało się wysłać SMS-a. Spróbuj ponownie później.","invalid-phone-format":"Numer telefonu może zawierać tylko cyfry.","invalid-phone":"Wygląda na to, że Twój numer telefonu jest nieprawidłowy. Sprawdź i spróbuj ponownie.","too-many-sms":"Przekroczono maksymalną liczbę wiadomości telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","too-many-voice":"Przekroczono maksymalną liczbę połączeń telefonicznych na godzinę. Poczekaj kilka minut i spróbuj ponownie.","transaction-not-found":"Twoja transakcja rejestracji wygasła, musisz zacząć od nowa.","no-phone":"Wpisz numer telefonu","phone-is-too-short":"Numer telefonu jest za krótki","phone-is-too-long":"Numer telefonu jest za długi"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Wybierz metodę weryfikacji | ${clientName}",title:"Wybierz metodę weryfikacji",description:"Wybierz, w jaki sposób chcesz zweryfikować swoją tożsamość",authenticatorAppLabel:"Aplikacja uwierzytelniająca",authenticatorAppDescription:"Użyj aplikacji uwierzytelniającej, aby uzyskać kod weryfikacyjny",smsLabel:"Wiadomość tekstowa",smsDescription:"Otrzymaj kod weryfikacyjny wysłany na swój telefon",passkeyLabel:"Klucz dostępu",passkeyDescription:"Użyj biometrii urządzenia lub klucza bezpieczeństwa"}},"mfa-push":{"mfa-push":{description:"Wysłaliśmy powiadomienie na Twoje urządzenie",pageTitle:"Powiadomienie push | ${clientName}",resendText:"Wyślij ponownie powiadomienie",title:"Zatwierdź żądanie",useCodeText:"Wprowadź kod ręcznie"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Kontynuuj",codePlaceholder:"Kod odzyskiwania",description:"Wprowadź jeden z kodów odzyskiwania","invalid-code":"Wprowadzony kod odzyskiwania jest nieprawidłowy",pageTitle:"Kod odzyskiwania | ${clientName}",title:"Wprowadź kod odzyskiwania"}},"mfa-voice":{"mfa-voice":{buttonText:"Zadzwoń do mnie",codePlaceholder:"Wprowadź kod",description:"Zadzwonimy na ${phoneNumber} z Twoim kodem","invalid-code":"Wprowadzony kod jest nieprawidłowy",pageTitle:"Połączenie głosowe | ${clientName}",title:"Odbierz połączenie telefoniczne"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Spróbuj ponownie",description:"Włóż klucz bezpieczeństwa i postępuj zgodnie z instrukcjami",pageTitle:"Klucz bezpieczeństwa | ${clientName}",title:"Użyj klucza bezpieczeństwa"}},passkeys:VI,organizations:KI,"reset-password":{"reset-password":{backToLoginText:"Wróć do logowania",buttonText:"Kontynuuj",codeExpired:"Kod resetu hasła wygasł. Poproś o nowy.",confirmPasswordLabel:"Potwierdź hasło",confirmPasswordPlaceholder:"Potwierdź hasło",description:"Wprowadź swój adres e-mail, aby zresetować hasło",emailPlaceholder:"Adres e-mail",failed:"Reset hasła nie powiódł się. Spróbuj ponownie.","invalid-email-format":"Nieprawidłowy adres e-mail","no-email":"Wprowadź adres e-mail",pageTitle:"Resetowanie hasła | ${clientName}",passwordLabel:"Nowe hasło",passwordPlaceholder:"Nowe hasło",passwordTooWeak:"Hasło jest zbyt słabe",passwordsDidntMatch:"Hasła nie są zgodne",successDescription:"Wysłaliśmy link do resetowania hasła na Twój adres e-mail.",successTitle:"Sprawdź swoją pocztę",title:"Zapomniałeś hasła?","user-not-found":"Nie znaleziono użytkownika"},"reset-password-code":{backToLoginText:"Wróć do logowania",buttonText:"Zresetuj hasło",codeLabel:"Kod resetowania",codePlaceholder:"Wprowadź 6-cyfrowy kod",confirmPasswordLabel:"Potwierdź hasło",confirmPasswordPlaceholder:"Potwierdź hasło",defaultDescription:"Wprowadź kod wysłany na Twój e-mail i wybierz nowe hasło",description:"Wysłaliśmy kod na ${email}",failed:"Reset hasła nie powiódł się. Spróbuj ponownie.",invalidCode:"Wprowadzony kod jest nieprawidłowy lub wygasł",noCode:"Wprowadź kod resetowania",pageTitle:"Wprowadź kod resetowania | ${clientName}",passwordLabel:"Nowe hasło",passwordPlaceholder:"Nowe hasło",passwordTooWeak:"Hasło jest zbyt słabe",passwordsDidntMatch:"Hasła nie są zgodne",resendFailed:"Nie udało się ponownie wysłać kodu. Spróbuj ponownie.",resendSuccess:"Nowy kod został wysłany na Twój e-mail",resendText:"Wyślij kod ponownie",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Wprowadź kod resetowania"}},signup:GI,"signup-id":{"signup-id":{buttonText:"Kontynuuj",description:"Zarejestruj się, aby kontynuować","email-already-exists":"Ten adres e-mail jest już zarejestrowany",emailPlaceholder:"Adres e-mail",federatedConnectionButtonText:"Kontynuuj z ${connectionName}","invalid-email-format":"Nieprawidłowy adres e-mail",loginActionLinkText:"Zaloguj się",loginActionText:"Masz już konto?","no-email":"Wprowadź adres e-mail",pageTitle:"Rejestracja | ${clientName}",phonePlaceholder:"Numer telefonu",separatorText:"lub",title:"Utwórz konto",usernamePlaceholder:"Nazwa użytkownika"}},"signup-password":{"signup-password":{buttonText:"Kontynuuj",description:"Utwórz swoje hasło",hidePasswordText:"Ukryj hasło","no-password":"Hasło jest wymagane",pageTitle:"Rejestracja | ${clientName}","password-policy-not-met":"Hasło nie spełnia wymagań","password-too-weak":"Hasło jest zbyt słabe",passwordPlaceholder:"Hasło",showPasswordText:"Pokaż hasło",title:"Utwórz hasło"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Kontynuuj",codeLabel:"Kod weryfikacyjny",codePlaceholder:"Wprowadź kod",defaultDescription:"Wprowadź kod weryfikacyjny wysłany na Twój telefon",description:"Wysłaliśmy kod na ${username}","invalid-code":"Nieprawidłowy kod",noCode:"Wprowadź kod weryfikacyjny",pageTitle:"Wprowadź kod | ${clientName}",resendText:"Wyślij ponownie kod",sessionExpired:"Twoja sesja wygasła. Spróbuj ponownie.",title:"Sprawdź swój telefon",unexpectedError:"Wystąpił nieoczekiwany błąd"}},status:WI},t9=Object.freeze(Object.defineProperty({__proto__:null,common:BI,consent:MI,default:e9,invitation:UI,login:qI,mfa:HI,organizations:KI,passkeys:VI,signup:GI,status:WI},Symbol.toStringTag,{value:"Module"})),JI={common:{alertListTitle:"Meddelanden",backText:"Gå tillbaka",cancelText:"Gå tillbaka",closeText:"Stäng",contactSupportText:"Behöver du hjälp?",continueText:"Fortsätt",copyrightText:"© ${currentYear} ${companyName}",errorText:"Något gick fel. Vänligen försök igen.",hidePasswordText:"Dölj lösenord",loadingText:"Laddar...",orText:"eller",privacyPolicyText:"Integritetspolicy",showPasswordText:"Visa lösenord",termsOfServiceText:"Användarvillkor",termsShortText:"Villkor",tryAgainText:"Försök igen"}},YI={consent:{buttonText:"Godkänn",cancelButtonText:"Neka",description:"${clientName} begär åtkomst till ditt konto",pageTitle:"Auktorisera | ${clientName}",scopesTitle:"Detta ger ${clientName} tillåtelse att:",title:"Auktorisera ${clientName}"}},QI={invitation:{acceptButtonText:"Acceptera inbjudan",description:"${inviterName} har bjudit in dig att gå med i ${organizationName} på ${clientName}",pageTitle:"Inbjudan | ${clientName}",title:"Du har blivit inbjuden"}},ZI={login:{alertListTitle:"Meddelanden",buttonText:"Fortsätt",description:"Logga in på ${clientName}.",editEmailText:"Redigera",emailPlaceholder:"E-postadress",enterACodeBtn:"Logga in med en kod",federatedConnectionButtonText:"Fortsätt med ${connectionName}",footerLinkText:"Registrera dig",footerText:"Har du inget konto?",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord",invalidEmail:"Ogiltig e-postadress",invalidIdentifier:"Ogiltig e-postadress eller användarnamn",invitationDescription:"Logga in för att acceptera ${inviterName}s inbjudan att gå med i ${companyName} på ${clientName}.",invitationTitle:"Du har blivit inbjuden!",logoAltText:"${companyName}","no-email":"Vänligen ange en e-postadress","no-password":"Lösenord krävs",pageTitle:"Logga in | ${clientName}",passwordLoginNotAvailable:"Lösenordsinloggning är inte tillgänglig",passwordPlaceholder:"Lösenord",phonePlaceholder:"Telefonnummer",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",signupActionLinkText:"Registrera dig",signupActionText:"Har du inget konto?",title:"Välkommen",tooManyFailedLogins:"För många misslyckade inloggningsförsök. Försök igen senare.",unverifiedEmail:"Verifiera din e-postadress innan du loggar in",userAccountDoesNotExist:"Användarkontot finns inte",usernamePlaceholder:"Användarnamn eller e-postadress",usernameTooLong:"Användarnamnet får vara högst ${max} tecken",usernameTooShort:"Användarnamnet måste vara minst ${min} tecken",wrongCredentials:"Fel användarnamn eller lösenord",passkeyButtonText:"Logga in med passkey"}},XI={mfa:{backupCodeText:"Använd reservkod",description:"Välj en verifieringsmetod",pageTitle:"Multifaktorautentisering | ${clientName}",title:"Verifiera din identitet"}},e$={"passkey-enrollment-nudge":{title:"Skydda ditt konto med en nyckel",description:"Nycklar använder enhetens biometri eller PIN-kod för att logga in snabbare och säkrare.",enrollButtonText:"Konfigurera nyckel",snoozeButtonText:"Kanske senare",optOutLinkText:"Visa inte detta igen",pageTitle:"Konfigurera Nyckel | ${clientName}"},"passkey-enrollment":{title:"Skapa din nyckel",description:"Följ anvisningarna från din webbläsare för att skapa en nyckel för detta konto.",errorMessage:"Det gick inte att skapa nyckeln. Försök igen.",cancelLinkText:"Hoppa över för nu",retryButtonText:"Försök igen",enrollmentComplete:"Din nyckel har konfigurerats. Du kan stänga denna sida.",pageTitle:"Skapa Nyckel | ${clientName}"},"passkey-challenge":{title:"Logga in med passkey",description:"Följ instruktionerna från din webbläsare för att verifiera din identitet.",errorMessage:"Autentisering med passkey misslyckades. Försök igen.",cancelLinkText:"Tillbaka till inloggning",retryButtonText:"Försök igen",pageTitle:"Logga in med passkey | ${clientName}"}},t$={organizations:{description:"Välj vilken organisation du vill logga in på",pageTitle:"Välj organisation | ${clientName}",searchPlaceholder:"Sök organisationer",title:"Välj din organisation"}},n$={signup:{buttonText:"Registrera dig",confirmPasswordPlaceholder:"Bekräfta lösenord",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.","email-already-exists":"E-postadressen är redan upptagen",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}",hidePasswordText:"Dölj lösenord","invalid-email-format":"Ogiltig e-postadress",loginActionLinkText:"Logga in",loginActionText:"Har du redan ett konto?","no-email":"Vänligen ange en e-postadress","no-password":"Lösenord krävs","no-username":"Användarnamn krävs",pageTitle:"Registrera dig | ${clientName}",passwordPlaceholder:"Lösenord",passwordsDidntMatch:"Lösenorden matchar inte",phonePlaceholder:"Telefonnummer",privacyPolicyLinkText:"Integritetspolicy",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",termsOfServiceLinkText:"Användarvillkor",termsText:"Genom att registrera dig godkänner du våra",title:"Välj lösenord","username-already-exists":"Användarnamnet är redan taget",usernamePlaceholder:"Användarnamn",verifyEmailText:"Kontrollera din e-post för att verifiera ditt konto"}},i$={status:{continueButtonText:"Fortsätt",errorTitle:"Fel",pageTitle:"Status | ${clientName}",successTitle:"Klart",title:"Status"}},n9={common:JI,consent:YI,"device-flow":{"device-flow":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Ange koden som visas på din enhet","expired-code":"Koden har gått ut","invalid-code":"Koden du angav är ogiltig",pageTitle:"Enhetsaktivering | ${clientName}",title:"Aktivera din enhet"}},"email-otp-challenge":{"email-otp-challenge":{buttonText:"Logga in",codeLabel:"Verifieringskod",codePlaceholder:"Ange kod",defaultDescription:"Ange verifieringskoden som skickades till din e-post",description:"Vi skickade en kod till ${email}","invalid-code":"Ogiltig kod",noCode:"Ange verifieringskoden",pageTitle:"Ange kod | ${clientName}",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Kolla din e-post",unexpectedError:"Ett oväntat fel uppstod"}},"email-verification":{"email-verification":{description:"Vi skickade ett e-postmeddelande till ${email}",pageTitle:"Verifiera e-post | ${clientName}",resendText:"Skicka koden igen",successDescription:"Din e-postadress har verifierats.",successTitle:"E-post verifierad",title:"Ange engångskod"}},invitation:QI,login:ZI,"login-id":{"login-id":{alertListTitle:"Meddelanden","auth0-users-validation":"Något gick fel, försök igen senare","authentication-failure":"Vi beklagar, något gick fel vid inloggningsförsöket",buttonText:"Fortsätt","captcha-client-failure":"Vi kunde inte ladda säkerhetsutmaningen. Försök igen. (Felkod: #{errorCode})","captcha-validation-failure":"Vi beklagar, något gick fel vid validering av captcha-svaret. Försök igen.",captchaCodePlaceholder:"Ange koden som visas ovan","custom-script-error-code":"Något gick fel, försök igen senare.",description:"Logga in på ${clientName}.",editEmailText:"Redigera",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}",footerLinkText:"Registrera dig",footerText:"Har du inget konto?",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord","invalid-captcha":"Lös utmaningen för att verifiera att du inte är en robot.","invalid-code":"Ogiltig kod","invalid-connection":"Ogiltig anslutning","invalid-email-format":"Ogiltig e-postadress","invalid-email-phone":"Ange en giltig e-postadress eller telefonnummer. Telefonnummer måste innehålla landskod.","invalid-email-phone-username":"Ange en giltig e-postadress, telefonnummer eller användarnamn. Telefonnummer måste innehålla landskod.","invalid-email-username":"Ange en giltig e-postadress eller användarnamn","invalid-expired-code":"Ogiltig eller utgången användarkod","invalid-login-id":"Ogiltigt inloggnings-ID angivet","invalid-phone-username":"Ange ett giltigt telefonnummer eller användarnamn. Telefonnummer måste innehålla landskod.","invalid-recaptcha":"Markera kryssrutan för att verifiera att du inte är en robot.","invalid-username":"Användarnamn kan bara innehålla alfanumeriska tecken eller: '${characters}'. Användarnamn ska vara mellan ${min} och ${max} tecken.",invitationDescription:"Logga in för att acceptera ${inviterName}s inbjudan att gå med i ${companyName} på ${clientName}.",invitationTitle:"Du har blivit inbjuden!","ip-blocked":"Vi har upptäckt misstänkt inloggningsaktivitet och ytterligare försök kommer att blockeras. Kontakta administratören.",logoAltText:"${companyName}","no-db-connection":"Ogiltig anslutning","no-email":"Vänligen ange en e-postadress","no-email-phone":"E-postadress eller telefonnummer krävs","no-email-phone-username":"Telefonnummer, användarnamn eller e-postadress krävs","no-email-username":"E-postadress eller användarnamn krävs","no-password":"Lösenord krävs","no-phone":"Ange ett telefonnummer","no-phone-username":"Telefonnummer eller användarnamn krävs","no-username":"Användarnamn krävs",pageTitle:"Logga in | ${clientName}","password-breached":"Vi har upptäckt ett potentiellt säkerhetsproblem med detta konto. För att skydda ditt konto har vi förhindrat denna inloggning. Återställ ditt lösenord för att fortsätta.",passwordPlaceholder:"Lösenord",phoneOrEmailPlaceholder:"E-post eller telefonnummer",phoneOrUsernameOrEmailPlaceholder:"Telefon, användarnamn eller e-post",phoneOrUsernamePlaceholder:"Telefonnummer eller användarnamn",phonePlaceholder:"Telefonnummer","same-user-login":"För många inloggningsförsök för denna användare. Vänta en stund och försök igen.",selectCountryCode:"Välj landskod, för närvarande inställd på ${countryName}, ${countryCode}, +${countryPrefix}",separatorText:"eller",sessionExpired:"Din session har gått ut. Försök igen.",showPasswordText:"Visa lösenord",signupActionLinkText:"Registrera dig",signupActionText:"Har du inget konto?",termsAndConditionsTemplate:'Genom att fortsätta godkänner du våra <a href="${termsAndConditionsUrl}" target="_blank" rel="noopener noreferrer">Villkor</a>.',title:"Välkommen","user-blocked":"Ditt konto har blockerats efter flera misslyckade inloggningsförsök i rad.",userAccountDoesNotExist:"Användarkontot finns inte",usernameOnlyPlaceholder:"Användarnamn",usernameOrEmailPlaceholder:"Användarnamn eller e-postadress",usernamePlaceholder:"Användarnamn",usernameTooLong:"Användarnamnet får vara högst ${max} tecken",usernameTooShort:"Användarnamnet måste vara minst ${min} tecken","wrong-credentials":"Fel användarnamn eller lösenord","wrong-email-credentials":"Fel e-postadress eller lösenord","wrong-email-phone-credentials":"Fel e-postadress, telefonnummer eller lösenord. Telefonnummer måste innehålla landskod.","wrong-email-phone-username-credentials":"Fel e-postadress, telefonnummer, användarnamn eller lösenord. Telefonnummer måste innehålla landskod.","wrong-email-username-credentials":"Fel e-postadress, användarnamn eller lösenord","wrong-phone-credentials":"Fel telefonnummer eller lösenord","wrong-phone-username-credentials":"Fel telefonnummer, användarnamn eller lösenord. Telefonnummer måste innehålla landskod.","wrong-username-credentials":"Fel användarnamn eller lösenord",passkeyButtonText:"Logga in med passkey"}},"login-password":{"login-password":{buttonText:"Logga in",description:"Ange din e-postadress och ditt lösenord för att logga in.",forgotPasswordText:"Har du glömt lösenordet?",hidePasswordText:"Dölj lösenord","no-password":"Lösenord krävs",pageTitle:"Logga in | ${clientName}","password-breached":"Vi har upptäckt ett potentiellt säkerhetsproblem med detta konto. För att skydda ditt konto har vi förhindrat denna inloggning. Återställ ditt lösenord för att fortsätta.",passwordPlaceholder:"Lösenord",showPasswordText:"Visa lösenord",signingInAs:"Loggar in som ${email}",title:"Ange lösenord",unverifiedEmail:"Verifiera din e-postadress innan du loggar in","user-blocked":"Ditt konto har blockerats efter flera misslyckade inloggningsförsök i rad.","wrong-credentials":"Fel lösenord"}},"login-passwordless":{"login-passwordless":{authMethodEmail:"e-post",authMethodEmailOrPhone:"e-post eller telefonnummer",authMethodPhone:"telefonnummer",description:"Logga in med din ${authMethod}",emailOrPhonePlaceholder:"E-postadress eller telefonnummer",emailPlaceholder:"E-postadress",invalidEmail:"Ange en giltig e-postadress",invalidIdentifier:"Ange en giltig e-postadress eller telefonnummer",invalidPhone:"Ange ett giltigt telefonnummer med landskod",noEmail:"Ange din e-postadress",noPhone:"Ange ditt telefonnummer",phonePlaceholder:"Telefonnummer",sessionExpired:"Din session har gått ut. Försök igen.",title:"Logga in med en kod",userAccountDoesNotExist:"Användarkontot finns inte"}},"magic-link-sent":{"magic-link-sent":{defaultDescription:"Klicka på länken i ditt e-postmeddelande för att logga in",description:"Vi skickade en länk till ${username}. Klicka på den för att logga in.",resendText:"Skicka länken igen",spamText:"Fick du inte e-postmeddelandet? Kolla din skräppost.",title:"Kolla din e-post"}},mfa:XI,"mfa-email":{"mfa-email":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Vi skickade en kod till ${email}","invalid-code":"Koden du angav är ogiltig",pageTitle:"E-postverifiering | ${clientName}",resendText:"Skicka koden igen",title:"Kolla din e-post"}},"mfa-otp":{"mfa-otp":{buttonText:"Fortsätt",codePlaceholder:"Ange kod",description:"Ange den 6-siffriga koden från din autentiseringsapp","invalid-code":"Koden du angav är ogiltig",pageTitle:"Ange kod | ${clientName}",title:"Ange din kod"},"mfa-totp-enrollment":{title:"Konfigurera autentiseringsapp",description:"Skanna QR-koden nedan med din autentiseringsapp och ange sedan den 6-siffriga koden för att verifiera",secretLabel:"Eller ange denna kod manuellt:",codePlaceholder:"Ange kod",continueButtonText:"Verifiera och aktivera","invalid-code":"Koden du angav är ogiltig. Försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.",pageTitle:"Konfigurera autentiseringsapp | ${clientName}",unexpectedError:"Något gick fel. Försök igen.",enrollmentComplete:"MFA-registreringen är klar. Du kan stänga denna sida."},"mfa-totp-challenge":{title:"Verifiera din identitet",description:"Ange den 6-siffriga koden från din autentiseringsapp",codePlaceholder:"Ange kod",continueButtonText:"Fortsätt","invalid-code":"Koden du angav är ogiltig","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.",unexpectedError:"Något gick fel. Försök igen.",pageTitle:"Verifiera identitet | ${clientName}"}},"mfa-phone":{"mfa-phone-challenge":{pageTitle:"Använd ditt telefonnummer för att logga in | ${clientName}",title:"Verifiera din identitet",description:"Vi skickade en kod till ${phoneNumber}",continueButtonText:"Fortsätt",changePhoneText:"Välj ett annat telefonnummer.",smsButtonText:"SMS",voiceButtonText:"Röstsamtal",chooseMessageTypeText:"Hur vill du ta emot koden?",pickAuthenticatorText:"Prova en annan metod",logoAltText:"${companyName}",codePlaceholder:"Ange kod","send-sms-failed":"Det gick inte att skicka SMS:et","send-voice-failed":"Det gick inte att ringa röstsamtalet","invalid-phone-format":"Telefonnumret kan bara innehålla siffror.","invalid-phone":"Det verkar som att ditt telefonnummer inte är giltigt. Kontrollera och försök igen.","too-many-sms":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","too-many-voice":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.","no-phone":"Ange ett telefonnummer",noCode:"Ange verifieringskoden",invalidCode:"Koden du angav är ogiltig. Försök igen.",unexpectedError:"Något gick fel. Försök igen.",resendSuccess:"Vi skickade en ny kod till din telefon",enrollmentComplete:"MFA-registreringen är klar. Du kan stänga denna sida."},"mfa-phone-enrollment":{pageTitle:"Ange ditt telefonnummer för att logga in med en telefonkod | ${clientName}",title:"Säkra ditt konto",description:"Ange din landskod och telefonnummer som vi kan skicka en 6-siffrig kod till:",continueButtonText:"Fortsätt",smsButtonText:"SMS",voiceButtonText:"Röstsamtal",chooseMessageTypeText:"Hur vill du ta emot koden?",pickAuthenticatorText:"Prova en annan metod",placeholder:"Ange ditt telefonnummer",logoAltText:"${companyName}",selectCountryCode:"Välj landskod, för närvarande inställd på ${countryName}, ${countryCode}, +${countryPrefix}","send-sms-failed":"Det gick inte att skicka SMS:et","send-voice-failed":"Det gick inte att ringa röstsamtalet","sms-authenticator-error":"Vi kunde inte skicka SMS:et. Försök igen senare.","invalid-phone-format":"Telefonnumret kan bara innehålla siffror.","invalid-phone":"Det verkar som att ditt telefonnummer inte är giltigt. Kontrollera och försök igen.","too-many-sms":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","too-many-voice":"Du har överskridit det maximala antalet telefonmeddelanden per timme. Vänta några minuter och försök igen.","transaction-not-found":"Din registreringstransaktion har gått ut, du behöver börja om.","no-phone":"Ange ett telefonnummer","phone-is-too-short":"Telefonnumret är för kort","phone-is-too-long":"Telefonnumret är för långt"}},"mfa-login-options":{"mfa-login-options":{pageTitle:"Välj verifieringsmetod | ${clientName}",title:"Välj din verifieringsmetod",description:"Välj hur du vill verifiera din identitet",authenticatorAppLabel:"Autentiseringsapp",authenticatorAppDescription:"Använd din autentiseringsapp för att få en verifieringskod",smsLabel:"Sms",smsDescription:"Få en verifieringskod skickad till din telefon",passkeyLabel:"Lösenordsnyckel",passkeyDescription:"Använd din enhets biometri eller säkerhetsnyckel"}},"mfa-push":{"mfa-push":{description:"Vi skickade en notis till din enhet",pageTitle:"Push-notis | ${clientName}",resendText:"Skicka notisen igen",title:"Godkänn förfrågan",useCodeText:"Ange kod manuellt"}},"mfa-recovery-code":{"mfa-recovery-code":{buttonText:"Fortsätt",codePlaceholder:"Återställningskod",description:"Ange en av dina återställningskoder","invalid-code":"Återställningskoden du angav är ogiltig",pageTitle:"Återställningskod | ${clientName}",title:"Ange återställningskod"}},"mfa-voice":{"mfa-voice":{buttonText:"Ring mig",codePlaceholder:"Ange kod",description:"Vi ringer ${phoneNumber} med din kod","invalid-code":"Koden du angav är ogiltig",pageTitle:"Röstsamtal | ${clientName}",title:"Ta emot ett telefonsamtal"}},"mfa-webauthn":{"mfa-webauthn":{buttonText:"Försök igen",description:"Sätt in din säkerhetsnyckel och följ instruktionerna",pageTitle:"Säkerhetsnyckel | ${clientName}",title:"Använd din säkerhetsnyckel"}},passkeys:e$,organizations:t$,"reset-password":{"reset-password":{backToLoginText:"Gå tillbaka",buttonText:"Skicka",codeExpired:"Din kod för lösenordsåterställning har gått ut. Begär en ny.",confirmPasswordLabel:"Bekräfta lösenord",confirmPasswordPlaceholder:"Bekräfta lösenord",description:"Klicka på knappen nedan så skickar vi instruktioner om hur du återställer ditt lösenord.",emailPlaceholder:"E-postadress",failed:"Lösenordsåterställningen misslyckades. Försök igen.","invalid-email-format":"Ogiltig e-postadress","no-email":"Vänligen ange en e-postadress",pageTitle:"Återställ lösenord | ${clientName}",passwordLabel:"Nytt lösenord",passwordPlaceholder:"Nytt lösenord",passwordTooWeak:"Lösenordet är för svagt",passwordsDidntMatch:"Lösenorden matchar inte",successDescription:"Vi har skickat en länk för lösenordsåterställning till din e-postadress.",successTitle:"Vi har skickat ett e-postmeddelande med instruktioner om hur du återställer ditt lösenord till den e-postadress du angav.",title:"Har du glömt lösenordet?","user-not-found":"Användaren hittades inte"},"reset-password-code":{backToLoginText:"Tillbaka till inloggning",buttonText:"Återställ lösenord",codeLabel:"Återställningskod",codePlaceholder:"Ange 6-siffrig kod",confirmPasswordLabel:"Bekräfta lösenord",confirmPasswordPlaceholder:"Bekräfta lösenord",defaultDescription:"Ange koden som skickades till din e-post och välj ett nytt lösenord",description:"Vi skickade en kod till ${email}",failed:"Lösenordsåterställningen misslyckades. Försök igen.",invalidCode:"Koden du angav är ogiltig eller har gått ut",noCode:"Vänligen ange återställningskoden",pageTitle:"Ange återställningskod | ${clientName}",passwordLabel:"Nytt lösenord",passwordPlaceholder:"Nytt lösenord",passwordTooWeak:"Lösenordet är för svagt",passwordsDidntMatch:"Lösenorden matchar inte",resendFailed:"Kunde inte skicka koden igen. Försök igen.",resendSuccess:"En ny kod har skickats till din e-post",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Ange återställningskod"}},signup:n$,"signup-id":{"signup-id":{buttonText:"Fortsätt",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.","email-already-exists":"E-postadressen är redan upptagen",emailPlaceholder:"E-postadress",federatedConnectionButtonText:"Fortsätt med ${connectionName}","invalid-email-format":"Ogiltig e-postadress",loginActionLinkText:"Logga in",loginActionText:"Har du redan ett konto?","no-email":"Vänligen ange en e-postadress",pageTitle:"Registrera dig | ${clientName}",phonePlaceholder:"Telefonnummer",separatorText:"eller",title:"Välj lösenord",usernamePlaceholder:"Användarnamn"}},"signup-password":{"signup-password":{buttonText:"Fortsätt",description:"Välj ett lösenord med en blandning av stora och små bokstäver, siffror och symboler.",hidePasswordText:"Dölj lösenord","no-password":"Lösenord krävs",pageTitle:"Registrera dig | ${clientName}","password-policy-not-met":"Lösenordet uppfyller inte kraven","password-too-weak":"Lösenordet är för svagt",passwordPlaceholder:"Lösenord",showPasswordText:"Visa lösenord",title:"Välj lösenord"}},"sms-otp-challenge":{"sms-otp-challenge":{buttonText:"Fortsätt",codeLabel:"Verifieringskod",codePlaceholder:"Ange kod",defaultDescription:"Ange verifieringskoden som skickades till din telefon",description:"Vi skickade en kod till ${username}","invalid-code":"Ogiltig kod",noCode:"Ange verifieringskoden",pageTitle:"Ange kod | ${clientName}",resendText:"Skicka koden igen",sessionExpired:"Din session har gått ut. Försök igen.",title:"Kolla din telefon",unexpectedError:"Ett oväntat fel uppstod"}},status:i$},i9=Object.freeze(Object.defineProperty({__proto__:null,common:JI,consent:YI,default:n9,invitation:QI,login:ZI,mfa:XI,organizations:t$,passkeys:e$,signup:n$,status:i$},Symbol.toStringTag,{value:"Module"})),r$=["cs","da","en","fi","it","nb","pl","sv"],Xp="en",r9={cs:"Čeština",da:"Dansk",en:"English",fi:"Suomi",it:"Italiano",nb:"Norsk",pl:"Polski",sv:"Svenska"},o9=r9;function s9(e){return o9[e]??e}const a9=Object.assign({"../../locales/cs.json":qj,"../../locales/da.json":Vj,"../../locales/en.json":Gj,"../../locales/fi.json":Jj,"../../locales/it.json":Qj,"../../locales/nb.json":Xj,"../../locales/pl.json":t9,"../../locales/sv.json":i9}),sd={};for(const[e,t]of Object.entries(a9)){const n=e.match(/\/(\w+)\.json$/)?.[1];n&&(sd[n]=t.default||t)}const o$={},NA=sd[Xp];if(NA)for(const[e,t]of Object.entries(NA))for(const[n,i]of Object.entries(t)){const r={};for(const o of Object.keys(i))r[o]=s.z.string();o$[`${e}.${n}`]=s.z.object(r)}function c9(e,t){if(!t)return e;let n=e;for(const[i,r]of Object.entries(t))if(r!==void 0){const o=i.replace(/[.*+?^${}()|[\]\\]/g,"\\$&");n=n.replace(new RegExp(`\\$\\{${o}\\}`,"g"),String(r)).replace(new RegExp(`#\\{${o}\\}`,"g"),String(r)).replace(new RegExp(`\\{${o}\\}`,"g"),String(r))}return n}function l9(e){const t=e.split("-")[0]?.toLowerCase()||Xp;return r$.includes(t)?t:Xp}function Ee(e,t,n,i){const r=l9(n),o=sd[Xp]?.[e]?.[t]??{},a=sd[r]?.[e]?.[t]??{},c={...o,...a},l=i?.[t]??{},d={...c,...l},u=o$[`${e}.${t}`];if(u){const h=u.safeParse(d);h.success||console.warn(`[i18n] Missing translations for ${e}.${t} (${r}):`,h.error.issues.map(g=>g.path.join(".")).join(", "))}const p={};for(const[h,g]of Object.entries(d))p[h]=m=>c9(g,m);return{m:new Proxy(p,{get:(h,g)=>h[g]??(()=>g)}),locale:r}}function d9(e){const t=e?.language?.split("-")[0]?.toLowerCase(),n=[];for(const[i,r]of Object.entries(sd))if(!(t&&i!==t))for(const[o,a]of Object.entries(r))e?.prompt&&o!==e.prompt||n.push({prompt:o,language:i,custom_text:a});return n}function gc(e,t){const n=Bj(e,"ah-dark-mode");if(n==="dark"||n==="light"||n==="auto")return n;const i=t?.dark_mode;return i==="dark"||i==="light"||i==="auto"?i:"auto"}const ef={"--ah-color-text":"#f9fafb","--ah-color-text-muted":"#9ca3af","--ah-color-text-label":"#d1d5db","--ah-color-header":"#f9fafb","--ah-color-bg":"#1f2937","--ah-color-bg-hover":"#374151","--ah-color-bg-muted":"#374151","--ah-color-bg-disabled":"#4b5563","--ah-color-input-bg":"#374151","--ah-color-border":"#4b5563","--ah-color-border-hover":"#6b7280","--ah-color-border-muted":"#374151","--ah-color-error-bg":"rgba(220,38,38,0.2)","--ah-color-success-bg":"rgba(22,163,74,0.2)","--ah-color-link":"#60a5fa"};function s$(e){const t=e.replace("#",""),n=parseInt(t,16);return[n>>16&255,n>>8&255,n&255]}function PA(e){const[t,n,i]=s$(e).map(r=>{const o=r/255;return o<=.04045?o/12.92:Math.pow((o+.055)/1.055,2.4)});return .2126*t+.7152*n+.0722*i}function Fi(e,t){const n=PA(e),i=PA(t);return(Math.max(n,i)+.05)/(Math.min(n,i)+.05)}function a$(e,t){const[n,i,r]=s$(e),o=a=>Math.min(255,Math.round(a+(255-a)*t)).toString(16).padStart(2,"0");return`#${o(n)}${o(i)}${o(r)}`}function FA(e,t){const n={...ef};if(t){const r=ef["--ah-color-bg"];if(Fi(t,r)<3){let d=t;for(let u=1;u<=10&&(d=a$(t,u*.1),!(Fi(d,r)>=3));u++);n["--ah-color-primary"]=d,n["--ah-color-primary-hover"]=d}const o=1.35,a=n["--ah-color-primary"]||t,c=Fi(a,"#ffffff"),l=Fi(a,"#000000");n["--ah-color-text-on-primary"]=l>c*o?"#000000":"#ffffff"}const i=Object.entries(n).map(([r,o])=>`${r}: ${o} !important`).join("; ");return`${e} { ${i}; }`}const u9="(function(btn){var h=document.documentElement;var cur=h.classList.contains('ah-dark-mode')?'dark':h.classList.contains('ah-light-mode')?'light':'auto';var next=cur==='auto'?'dark':cur==='dark'?'light':'auto';h.classList.remove('ah-dark-mode','ah-light-mode');if(next==='dark'){h.classList.add('ah-dark-mode');h.setAttribute('data-mode','dark')}else if(next==='light'){h.classList.add('ah-light-mode');h.setAttribute('data-mode','light')}else{h.removeAttribute('data-mode')}btn.querySelector('.icon-sun').style.display=next==='light'?'block':'none';btn.querySelector('.icon-moon').style.display=next==='dark'?'block':'none';btn.querySelector('.icon-auto').style.display=next==='auto'?'block':'none';document.cookie='ah-dark-mode='+next+';path=/;max-age=31536000;SameSite=Lax';if(window.__ahDarkMode){window.__ahDarkMode(next)}})(this)",p9="var p=new URLSearchParams(window.location.search);p.set('ui_locales',this.value);window.location.search=p.toString()";function c$({logoUrl:e,clientName:t}){const n=e?mn(e):null;return S("div",{class:"ah-chip ah-chip-logo","data-ah-slot":"top-left",children:n?S("img",{src:n,alt:t}):S("span",{class:"ah-logo-text",children:t})})}function l$({darkMode:e}){return S("button",{type:"button","aria-label":"Toggle dark mode",onclick:u9,children:[S("svg",{class:"icon-auto",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="auto"?void 0:"display:none",children:[S("circle",{cx:"12",cy:"12",r:"9"}),S("path",{d:"M12 3a9 9 0 0 1 0 18",fill:"currentColor"})]}),S("svg",{class:"icon-sun",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="light"?void 0:"display:none",children:[S("circle",{cx:"12",cy:"12",r:"5"}),S("line",{x1:"12",y1:"1",x2:"12",y2:"3"}),S("line",{x1:"12",y1:"21",x2:"12",y2:"23"}),S("line",{x1:"4.22",y1:"4.22",x2:"5.64",y2:"5.64"}),S("line",{x1:"18.36",y1:"18.36",x2:"19.78",y2:"19.78"}),S("line",{x1:"1",y1:"12",x2:"3",y2:"12"}),S("line",{x1:"21",y1:"12",x2:"23",y2:"12"})]}),S("svg",{class:"icon-moon",width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",style:e==="dark"?void 0:"display:none",children:S("path",{d:"M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"})})]})}function d$({language:e,availableLanguages:t}){return!t||t.length<2?null:S("div",{class:"ah-lang",children:[S("svg",{width:"13",height:"13",viewBox:"0 0 24 24",fill:"none",stroke:"currentColor","stroke-width":"2.2","stroke-linecap":"round","stroke-linejoin":"round",children:[S("circle",{cx:"12",cy:"12",r:"10"}),S("path",{d:"M2 12h20"}),S("path",{d:"M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"})]}),S("select",{"aria-label":"Language",onchange:p9,children:t.map(n=>S("option",{value:n,selected:n===e,children:s9(n)}))})]})}function u$({darkMode:e,language:t,availableLanguages:n}){return S("div",{class:"ah-chip ah-chip-settings","data-ah-slot":"top-right",children:[S(l$,{darkMode:e}),n&&S(d$,{language:t,availableLanguages:n})]})}function p$({url:e,href:t,alt:n,height:i}){const r=mn(e),o=t?mn(t):null;if(!r)return null;const a=S("img",{src:r,alt:n||"",height:i||18});return S("div",{class:"ah-chip ah-chip-trust","data-ah-slot":"bottom-left",children:o?S("a",{href:o,target:"_blank",rel:"noopener noreferrer",children:a}):a})}function f$({termsAndConditionsUrl:e,language:t}){if(!e)return null;const{m:n}=Ee("common","common",t||"en");return S("div",{class:"ah-chip-legal","data-ah-slot":"bottom-right",children:S("a",{href:e,target:"_blank",rel:"noopener noreferrer",children:n.termsShortText()})})}function h$(e,t){const n=[],i=gn(e?.colors?.primary);i&&n.push(`--ah-color-primary: ${i}`);const r=gn(t?.colors?.primary_button)||i;if(r){const a=Fi(r,"#ffffff"),l=Fi(r,"#000000")>a*1.35?"#000000":"#ffffff";n.push(`--ah-color-text-on-primary: ${l}`)}return n.length>0?n.join("; ")+"; width: clamp(320px, 100%, 400px);":"width: clamp(320px, 100%, 400px);"}function f9(e){const{primaryColor:t,themePrimary:n,widgetBackground:i}=e;return`
2
2
  * { box-sizing: border-box; margin: 0; padding: 0; }
3
3
 
4
4
  /* ============= CHROME TOKENS =============
@@ -347,8 +347,8 @@ From `+this.originalError.stack)}static is(t){return t?.[aS]==="LiquidError"}}cl
347
347
  </body>
348
348
  </html>`;return n.set("content-type","text/html; charset=utf-8"),n.set("cache-control","no-store"),n.set("pragma","no-cache"),new Response(r,{status:200,headers:n})}const Yl=["openid","profile","email","address","phone","offline_access"];async function IW(e,t,n,i){const r=[];if(!(await e.env.data.tenants.get(t))?.flags?.inherit_global_permissions_in_organizations)return[];const a=await e.env.data.userRoles.list(t,n,void 0,"");for(const c of a)(await e.env.data.rolePermissions.list(t,c.id,{per_page:1e3})).forEach(d=>{d.resource_server_identifier===i&&r.push(d.permission_name)});return[...new Set(r)]}async function $W(e,t){const{tenantId:n,clientId:i,audience:r,requestedScopes:o}=t,a=o.filter(k=>Yl.includes(k)),c=o.filter(k=>!Yl.includes(k)),d=(await e.env.data.resourceServers.list(n)).resource_servers.filter(k=>k.identifier===r);if(d.length===0)return{scopes:a,permissions:[],token_lifetime:86400,token_lifetime_for_web:7200};const u=d[0];if(!u)return{scopes:a,permissions:[],token_lifetime:86400,token_lifetime_for_web:7200};const p=u.options?.enforce_policies===!0,f=u.options?.token_dialect||"access_token",g=(await e.env.data.clientGrants.list(n,{q:`client_id:"${i}"`})).client_grants.find(k=>k.audience===r);if(!g)return{scopes:a,permissions:[],token_lifetime:u.token_lifetime,token_lifetime_for_web:u.token_lifetime_for_web};const m=g.scope||[],_=(u.scopes||[]).map(k=>k.value);if(c.length>0){const k=c.filter(C=>!m.includes(C));if(k.length>0)throw new H(403,{error:"access_denied",error_description:`Client is not authorized for scope(s): ${k.join(", ")}`})}const w=m.filter(k=>_.includes(k)),y=o.length===0?w:c.filter(k=>w.includes(k)),v={token_lifetime:u.token_lifetime,token_lifetime_for_web:u.token_lifetime_for_web};if(!p)return{scopes:[...new Set([...a,...y])],permissions:[],...v};const A=y;return f==="access_token_authz"?{scopes:[...new Set([...a,...y])],permissions:A,...v}:{scopes:[...new Set([...a,...y])],permissions:[],...v}}async function Id(e,t){if(t.grantType===nn.ClientCredential)return await $W(e,{tenantId:t.tenantId,clientId:t.clientId,audience:t.audience,requestedScopes:t.requestedScopes});const{tenantId:n,userId:i,audience:r,requestedScopes:o,organizationId:a}=t;let c=!1;if(a){if((await e.env.data.tenants.get(n))?.flags?.inherit_global_permissions_in_organizations){const R=await e.env.data.userRoles.list(n,i,void 0,"");for(const O of R)if((await e.env.data.rolePermissions.list(n,O.id,{per_page:1e3})).some(M=>M.permission_name==="admin:organizations"&&M.resource_server_identifier===r)){c=!0;break}}if(!c&&!(await e.env.data.userOrganizations.list(n,{q:`user_id:${i}`,per_page:1e3})).userOrganizations.some(j=>j.organization_id===a))throw new H(403,{error:"access_denied",error_description:"User is not a member of the specified organization"})}const l=o.filter(F=>Yl.includes(F)),p=(await e.env.data.resourceServers.list(n)).resource_servers.filter(F=>F.identifier===r)[0];if(!p){if(o.filter(R=>R&&!Yl.includes(R)).length>0)throw new H(403,{error:"access_denied",error_description:`Service not found: ${r}`});return{scopes:l,permissions:[],token_lifetime:86400,token_lifetime_for_web:7200}}const f=(p.scopes||[]).map(F=>F.value),h=p.options?.enforce_policies===!0,g=p.options?.token_dialect||"access_token",m={token_lifetime:p.token_lifetime,token_lifetime_for_web:p.token_lifetime_for_web};if(!h)return{scopes:o,permissions:[],...m};const _=await e.env.data.userPermissions.list(n,i,void 0,a),w=await e.env.data.userRoles.list(n,i,void 0,""),y=a?await e.env.data.userRoles.list(n,i,void 0,a):[],v=[...w,...y],A=a?await IW(e,n,i,r):[],b=[];for(const F of v)(await e.env.data.rolePermissions.list(n,F.id,{per_page:1e3})).forEach(O=>{O.resource_server_identifier===r&&b.push(O.permission_name)});const k=new Set;_.forEach(F=>{F.resource_server_identifier===r&&k.add(F.permission_name)}),b.forEach(F=>{k.add(F)}),A.forEach(F=>{k.add(F)});const C=Array.from(k),$=C.filter(F=>f.includes(F)),z=o.filter(F=>!f.includes(F)&&!Yl.includes(F));if(g==="access_token_authz")return{scopes:[...new Set([...l,...z])],permissions:$,...m};const P=o.filter(F=>f.includes(F)&&C.includes(F));return{scopes:[...new Set([...l,...P,...z])],permissions:[],...m}}function s8(e,t){switch(t){case"email":return e.email||void 0;case"email_verified":return e.email_verified!==void 0?e.email_verified:void 0;case"name":return e.name||void 0;case"family_name":return e.family_name||void 0;case"given_name":return e.given_name||void 0;case"middle_name":return e.middle_name||void 0;case"nickname":return e.nickname||void 0;case"preferred_username":return e.preferred_username||e.username||void 0;case"profile":return e.profile||void 0;case"picture":return e.picture||void 0;case"website":return e.website||void 0;case"gender":return e.gender||void 0;case"birthdate":return e.birthdate||void 0;case"zoneinfo":return e.zoneinfo||void 0;case"locale":return e.locale||void 0;case"updated_at":{if(!e.updated_at)return;const n=new Date(e.updated_at).getTime();return Number.isFinite(n)?Math.floor(n/1e3):void 0}case"address":return e.address||void 0;case"phone_number":return e.phone_number||void 0;case"phone_number_verified":return e.phone_verified!==void 0?e.phone_verified:void 0;default:return}}const zW={email:["email","email_verified"],profile:["name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],address:["address"],phone:["phone_number","phone_number_verified"]};function a8(e,t){const n={};for(const i of t){const r=zW[i];if(r)for(const o of r){const a=s8(e,o);a!==void 0&&(n[o]=a)}}return n}function vw(e,t){const n={};for(const i of t){const r=s8(e,i);r!==void 0&&(n[i]=r)}return n}function NW(){if(typeof globalThis<"u")return globalThis;if(typeof self<"u")return self;if(typeof window<"u")return window;if(typeof global<"u")return global}function PW(){const e=NW();if(e.__xstate__)return e.__xstate__}const FW=e=>{if(typeof window>"u")return;const t=PW();t&&t.register(e)};class KS{constructor(t){this._process=t,this._active=!1,this._current=null,this._last=null}start(){this._active=!0,this.flush()}clear(){this._current&&(this._current.next=null,this._last=this._current)}enqueue(t){const n={value:t,next:null};if(this._current){this._last.next=n,this._last=n;return}this._current=n,this._last=n,this._active&&this.flush()}flush(){for(;this._current;){const t=this._current;this._process(t.value),this._current=t.next}this._last=null}}const c8=".",OW="",l8="",RW="#",jW="*",d8="xstate.init",DW="xstate.error",bw="xstate.stop";function LW(e,t){return{type:`xstate.after.${e}.${t}`}}function Aw(e,t){return{type:`xstate.done.state.${e}`,output:t}}function BW(e,t){return{type:`xstate.done.actor.${e}`,output:t,actorId:e}}function u8(e,t){return{type:`xstate.error.actor.${e}`,error:t,actorId:e}}function p8(e){return{type:d8,input:e}}function Ei(e){setTimeout(()=>{throw e})}const MW=typeof Symbol=="function"&&Symbol.observable||"@@observable";function f8(e,t){const n=GS(e),i=GS(t);return typeof i=="string"?typeof n=="string"?i===n:!1:typeof n=="string"?n in i:Object.keys(n).every(r=>r in i?f8(n[r],i[r]):!1)}function i1(e){if(g8(e))return e;const t=[];let n="";for(let i=0;i<e.length;i++){switch(e.charCodeAt(i)){case 92:n+=e[i+1],i++;continue;case 46:t.push(n),n="";continue}n+=e[i]}return t.push(n),t}function GS(e){if(SJ(e))return e.value;if(typeof e!="string")return e;const t=i1(e);return UW(t)}function UW(e){if(e.length===1)return e[0];const t={};let n=t;for(let i=0;i<e.length-1;i++)if(i===e.length-2)n[e[i]]=e[i+1];else{const r=n;n={},r[e[i]]=n}return t}function WS(e,t){const n={},i=Object.keys(e);for(let r=0;r<i.length;r++){const o=i[r];n[o]=t(e[o],o,e,r)}return n}function h8(e){return g8(e)?e:[e]}function Jr(e){return e===void 0?[]:h8(e)}function kw(e,t,n,i){return typeof e=="function"?e({context:t,event:n,self:i}):e}function g8(e){return Array.isArray(e)}function qW(e){return e.type.startsWith("xstate.error.actor")}function la(e){return h8(e).map(t=>typeof t>"u"||typeof t=="string"?{target:t}:t)}function m8(e){if(!(e===void 0||e===OW))return Jr(e)}function vp(e,t,n){const i=typeof e=="object",r=i?e:void 0;return{next:(i?e.next:e)?.bind(r),error:(i?e.error:t)?.bind(r),complete:(i?e.complete:n)?.bind(r)}}function JS(e,t){return`${t}.${e}`}function r1(e,t){const n=t.match(/^xstate\.invoke\.(\d+)\.(.*)/);if(!n)return e.implementations.actors[t];const[,i,r]=n,a=e.getStateNodeById(r).config.invoke;return(Array.isArray(a)?a[i]:a).src}function HW(e,t){if(t===e||t===jW)return!0;if(!t.endsWith(".*"))return!1;const n=t.split("."),i=e.split(".");for(let r=0;r<n.length;r++){const o=n[r],a=i[r];if(o==="*")return r===n.length-1;if(o!==a)return!1}return!0}function YS(e,t){return`${e.sessionId}.${t}`}let VW=0;function KW(e,t){const n=new Map,i=new Map,r=new WeakMap,o=new Set,a={},{clock:c,logger:l}=t,d={schedule:(f,h,g,m,_=Math.random().toString(36).slice(2))=>{const w={source:f,target:h,event:g,delay:m,id:_,startedAt:Date.now()},y=YS(f,_);p._snapshot._scheduledEvents[y]=w;const v=c.setTimeout(()=>{delete a[y],delete p._snapshot._scheduledEvents[y],p._relay(f,h,g)},m);a[y]=v},cancel:(f,h)=>{const g=YS(f,h),m=a[g];delete a[g],delete p._snapshot._scheduledEvents[g],m!==void 0&&c.clearTimeout(m)},cancelAll:f=>{for(const h in p._snapshot._scheduledEvents){const g=p._snapshot._scheduledEvents[h];g.source===f&&d.cancel(f,g.id)}}},u=f=>{if(!o.size)return;const h={...f,rootId:e.sessionId};o.forEach(g=>g.next?.(h))},p={_snapshot:{_scheduledEvents:(t?.snapshot&&t.snapshot.scheduler)??{}},_bookId:()=>`x:${VW++}`,_register:(f,h)=>(n.set(f,h),f),_unregister:f=>{n.delete(f.sessionId);const h=r.get(f);h!==void 0&&(i.delete(h),r.delete(f))},get:f=>i.get(f),getAll:()=>Object.fromEntries(i.entries()),_set:(f,h)=>{const g=i.get(f);if(g&&g!==h)throw new Error(`Actor with system ID '${f}' already exists.`);i.set(f,h),r.set(h,f)},inspect:f=>{const h=vp(f);return o.add(h),{unsubscribe(){o.delete(h)}}},_sendInspectionEvent:u,_relay:(f,h,g)=>{p._sendInspectionEvent({type:"@xstate.event",sourceRef:f,actorRef:h,event:g}),h._send(g)},scheduler:d,getSnapshot:()=>({_scheduledEvents:{...p._snapshot._scheduledEvents}}),start:()=>{const f=p._snapshot._scheduledEvents;p._snapshot._scheduledEvents={};for(const h in f){const{source:g,target:m,event:_,delay:w,id:y}=f[h];d.schedule(g,m,_,w,y)}},_clock:c,_logger:l};return p}let Fm=!1;const o1=1;let pn=(function(e){return e[e.NotStarted=0]="NotStarted",e[e.Running=1]="Running",e[e.Stopped=2]="Stopped",e})({});const GW={clock:{setTimeout:(e,t)=>setTimeout(e,t),clearTimeout:e=>clearTimeout(e)},logger:console.log.bind(console),devTools:!1};class WW{constructor(t,n){this.logic=t,this._snapshot=void 0,this.clock=void 0,this.options=void 0,this.id=void 0,this.mailbox=new KS(this._process.bind(this)),this.observers=new Set,this.eventListeners=new Map,this.logger=void 0,this._processingStatus=pn.NotStarted,this._parent=void 0,this._syncSnapshot=void 0,this.ref=void 0,this._actorScope=void 0,this.systemId=void 0,this.sessionId=void 0,this.system=void 0,this._doneEvent=void 0,this.src=void 0,this._deferred=[];const i={...GW,...n},{clock:r,logger:o,parent:a,syncSnapshot:c,id:l,systemId:d,inspect:u}=i;this.system=a?a.system:KW(this,{clock:r,logger:o}),u&&!a&&this.system.inspect(vp(u)),this.sessionId=this.system._bookId(),this.id=l??this.sessionId,this.logger=n?.logger??this.system._logger,this.clock=n?.clock??this.system._clock,this._parent=a,this._syncSnapshot=c,this.options=i,this.src=i.src??t,this.ref=this,this._actorScope={self:this,id:this.id,sessionId:this.sessionId,logger:this.logger,defer:p=>{this._deferred.push(p)},system:this.system,stopChild:p=>{if(p._parent!==this)throw new Error(`Cannot stop child actor ${p.id} of ${this.id} because it is not a child`);p._stop()},emit:p=>{const f=this.eventListeners.get(p.type),h=this.eventListeners.get("*");if(!f&&!h)return;const g=[...f?f.values():[],...h?h.values():[]];for(const m of g)try{m(p)}catch(_){Ei(_)}},actionExecutor:p=>{const f=()=>{if(this._actorScope.system._sendInspectionEvent({type:"@xstate.action",actorRef:this,action:{type:p.type,params:p.params}}),!p.exec)return;const h=Fm;try{Fm=!0,p.exec(p.info,p.params)}finally{Fm=h}};this._processingStatus===pn.Running?f():this._deferred.push(f)}},this.send=this.send.bind(this),this.system._sendInspectionEvent({type:"@xstate.actor",actorRef:this}),d&&(this.systemId=d,this.system._set(d,this)),this._initState(n?.snapshot??n?.state),d&&this._snapshot.status!=="active"&&this.system._unregister(this)}_initState(t){try{this._snapshot=t?this.logic.restoreSnapshot?this.logic.restoreSnapshot(t,this._actorScope):t:this.logic.getInitialSnapshot(this._actorScope,this.options?.input)}catch(n){this._snapshot={status:"error",output:void 0,error:n}}}update(t,n){this._snapshot=t;let i;for(;i=this._deferred.shift();)try{i()}catch(r){this._deferred.length=0,this._snapshot={...t,status:"error",error:r}}switch(this._snapshot.status){case"active":for(const r of this.observers)try{r.next?.(t)}catch(o){Ei(o)}break;case"done":for(const r of this.observers)try{r.next?.(t)}catch(o){Ei(o)}this._stopProcedure(),this._complete(),this._doneEvent=BW(this.id,this._snapshot.output),this._parent&&this.system._relay(this,this._parent,this._doneEvent);break;case"error":this._error(this._snapshot.error);break}this.system._sendInspectionEvent({type:"@xstate.snapshot",actorRef:this,event:n,snapshot:t})}subscribe(t,n,i){const r=vp(t,n,i);if(this._processingStatus!==pn.Stopped)this.observers.add(r);else switch(this._snapshot.status){case"done":try{r.complete?.()}catch(o){Ei(o)}break;case"error":{const o=this._snapshot.error;if(!r.error)Ei(o);else try{r.error(o)}catch(a){Ei(a)}break}}return{unsubscribe:()=>{this.observers.delete(r)}}}on(t,n){let i=this.eventListeners.get(t);i||(i=new Set,this.eventListeners.set(t,i));const r=n.bind(void 0);return i.add(r),{unsubscribe:()=>{i.delete(r)}}}select(t,n=Object.is){return{subscribe:i=>{const r=vp(i),o=this.getSnapshot();let a=t(o);return this.subscribe(c=>{const l=t(c);n(a,l)||(a=l,r.next?.(l))})},get:()=>t(this.getSnapshot())}}start(){if(this._processingStatus===pn.Running)return this;this._syncSnapshot&&this.subscribe({next:i=>{i.status==="active"&&this.system._relay(this,this._parent,{type:`xstate.snapshot.${this.id}`,snapshot:i})},error:()=>{}}),this.system._register(this.sessionId,this),this.systemId&&this.system._set(this.systemId,this),this._processingStatus=pn.Running;const t=p8(this.options.input);switch(this.system._sendInspectionEvent({type:"@xstate.event",sourceRef:this._parent,actorRef:this,event:t}),this._snapshot.status){case"done":return this.update(this._snapshot,t),this;case"error":return this._error(this._snapshot.error),this}if(this._parent||this.system.start(),this.logic.start)try{this.logic.start(this._snapshot,this._actorScope)}catch(i){return this._snapshot={...this._snapshot,status:"error",error:i},this._error(i),this}return this.update(this._snapshot,t),this.options.devTools&&this.attachDevTools(),this.mailbox.start(),this}_process(t){let n,i;try{n=this.logic.transition(this._snapshot,t,this._actorScope)}catch(r){i={err:r}}if(i){const{err:r}=i;this._snapshot={...this._snapshot,status:"error",error:r},this._error(r);return}this.update(n,t),t.type===bw&&(this._stopProcedure(),this._complete())}_stop(){return this._processingStatus===pn.Stopped?this:(this.mailbox.clear(),this._processingStatus===pn.NotStarted?(this._processingStatus=pn.Stopped,this):(this.mailbox.enqueue({type:bw}),this))}stop(){if(this._parent)throw new Error("A non-root actor cannot be stopped directly.");return this._stop()}_complete(){for(const t of this.observers)try{t.complete?.()}catch(n){Ei(n)}this.observers.clear(),this.eventListeners.clear()}_reportError(t){if(!this.observers.size){this._parent||Ei(t),this.eventListeners.clear();return}let n=!1;for(const i of this.observers){const r=i.error;n||=!r;try{r?.(t)}catch(o){Ei(o)}}this.observers.clear(),this.eventListeners.clear(),n&&Ei(t)}_error(t){this._stopProcedure(),this._reportError(t),this._parent&&this.system._relay(this,this._parent,u8(this.id,t))}_stopProcedure(){return this._processingStatus!==pn.Running?this:(this.system.scheduler.cancelAll(this),this.mailbox.clear(),this.mailbox=new KS(this._process.bind(this)),this._processingStatus=pn.Stopped,this.system._unregister(this),this)}_send(t){this._processingStatus!==pn.Stopped&&this.mailbox.enqueue(t)}send(t){this.system._relay(void 0,this,t)}attachDevTools(){const{devTools:t}=this.options;t&&(typeof t=="function"?t:FW)(this)}toJSON(){return{xstate$$type:o1,id:this.id}}getPersistedSnapshot(t){return this.logic.getPersistedSnapshot(this._snapshot,t)}[MW](){return this}getSnapshot(){return this._snapshot}}function $d(e,...[t]){return new WW(e,t)}function JW(e,t,n,i,{sendId:r}){const o=typeof r=="function"?r(n,i):r;return[t,{sendId:o},void 0]}function YW(e,t){e.defer(()=>{e.system.scheduler.cancel(e.self,t.sendId)})}function s1(e){function t(n,i){}return t.type="xstate.cancel",t.sendId=e,t.resolve=JW,t.execute=YW,t}function QW(e,t,n,i,{id:r,systemId:o,src:a,input:c,syncSnapshot:l}){const d=typeof a=="string"?r1(t.machine,a):a,u=typeof r=="function"?r(n):r;let p,f;return d&&(f=typeof c=="function"?c({context:t.context,event:n.event,self:e.self}):c,p=$d(d,{id:u,src:a,parent:e.self,syncSnapshot:l,systemId:o,input:f})),[vs(t,{children:{...t.children,[u]:p}}),{id:r,systemId:o,actorRef:p,src:a,input:f},void 0]}function ZW(e,{actorRef:t}){t&&e.defer(()=>{t._processingStatus!==pn.Stopped&&t.start()})}function a1(...[e,{id:t,systemId:n,input:i,syncSnapshot:r=!1}={}]){function o(a,c){}return o.type="xstate.spawnChild",o.id=t,o.systemId=n,o.src=e,o.input=i,o.syncSnapshot=r,o.resolve=QW,o.execute=ZW,o}function XW(e,t,n,i,{actorRef:r}){const o=typeof r=="function"?r(n,i):r,a=typeof o=="string"?t.children[o]:o;let c=t.children;return a&&(c={...c},delete c[a.id]),[vs(t,{children:c}),a,void 0]}function y8(e,t){const n=t.getSnapshot();if(n&&"children"in n)for(const i of Object.values(n.children))y8(e,i);e.system._unregister(t)}function eJ(e,t){if(t){if(y8(e,t),t._processingStatus!==pn.Running){e.stopChild(t);return}e.defer(()=>{e.stopChild(t)})}}function Mg(e){function t(n,i){}return t.type="xstate.stopChild",t.actorRef=e,t.resolve=XW,t.execute=eJ,t}function tJ(e,{context:t,event:n},{guards:i}){return i.every(r=>gu(r,t,n,e))}function nJ(e){function t(n,i){return!1}return t.check=tJ,t.guards=e,t}function gu(e,t,n,i){const{machine:r}=i,o=typeof e=="function",a=o?e:r.implementations.guards[typeof e=="string"?e:e.type];if(!o&&!a)throw new Error(`Guard '${typeof e=="string"?e:e.type}' is not implemented.'.`);if(typeof a!="function")return gu(a,t,n,i);const c={context:t,event:n},l=o||typeof e=="string"?void 0:"params"in e?typeof e.params=="function"?e.params({context:t,event:n}):e.params:void 0;return"check"in a?a.check(i,c,a):a(c,l)}function c1(e){return e.type==="atomic"||e.type==="final"}function oc(e){return Object.values(e.states).filter(t=>t.type!=="history")}function mu(e,t){const n=[];if(t===e)return n;let i=e.parent;for(;i&&i!==t;)n.push(i),i=i.parent;return n}function eh(e){const t=new Set(e),n=w8(t);for(const i of t)if(i.type==="compound"&&(!n.get(i)||!n.get(i).length))QS(i).forEach(r=>t.add(r));else if(i.type==="parallel"){for(const r of oc(i))if(r.type!=="history"&&!t.has(r)){const o=QS(r);for(const a of o)t.add(a)}}for(const i of t){let r=i.parent;for(;r;)t.add(r),r=r.parent}return t}function _8(e,t){const n=t.get(e);if(!n)return{};if(e.type==="compound"){const r=n[0];if(r){if(c1(r))return r.key}else return{}}const i={};for(const r of n)i[r.key]=_8(r,t);return i}function w8(e){const t=new Map;for(const n of e)t.has(n)||t.set(n,[]),n.parent&&(t.has(n.parent)||t.set(n.parent,[]),t.get(n.parent).push(n));return t}function v8(e,t){const n=eh(t);return _8(e,w8(n))}function l1(e,t){return t.type==="compound"?oc(t).some(n=>n.type==="final"&&e.has(n)):t.type==="parallel"?oc(t).every(n=>l1(e,n)):t.type==="final"}const Ug=e=>e[0]===RW;function iJ(e,t){return e.transitions.get(t)||[...e.transitions.keys()].filter(i=>HW(t,i)).sort((i,r)=>r.length-i.length).flatMap(i=>e.transitions.get(i))}function rJ(e){const t=e.config.after;if(!t)return[];const n=r=>{const o=LW(r,e.id),a=o.type;return e.entry.push(p1(o,{id:a,delay:r})),e.exit.push(s1(a)),a};return Object.keys(t).flatMap(r=>{const o=t[r],a=typeof o=="string"?{target:o}:o,c=Number.isNaN(+r)?r:+r,l=n(c);return Jr(a).map(d=>({...d,event:l,delay:c}))}).map(r=>{const{delay:o}=r;return{...Ur(e,r.event,r),delay:o}})}function Ur(e,t,n){const i=m8(n.target),r=n.reenter??!1,o=cJ(e,i),a={...n,actions:Jr(n.actions),guard:n.guard,target:o,source:e,reenter:r,eventType:t,toJSON:()=>({...a,source:`#${e.id}`,target:o?o.map(c=>`#${c.id}`):void 0})};return a}function oJ(e){const t=new Map;if(e.config.on)for(const n of Object.keys(e.config.on)){if(n===l8)throw new Error('Null events ("") cannot be specified as a transition key. Use `always: { ... }` instead.');const i=e.config.on[n];t.set(n,la(i).map(r=>Ur(e,n,r)))}if(e.config.onDone){const n=`xstate.done.state.${e.id}`;t.set(n,la(e.config.onDone).map(i=>Ur(e,n,i)))}for(const n of e.invoke){if(n.onDone){const i=`xstate.done.actor.${n.id}`;t.set(i,la(n.onDone).map(r=>Ur(e,i,r)))}if(n.onError){const i=`xstate.error.actor.${n.id}`;t.set(i,la(n.onError).map(r=>Ur(e,i,r)))}if(n.onSnapshot){const i=`xstate.snapshot.${n.id}`;t.set(i,la(n.onSnapshot).map(r=>Ur(e,i,r)))}}for(const n of e.after){let i=t.get(n.eventType);i||(i=[],t.set(n.eventType,i)),i.push(n)}return t}function sJ(e){const t=[],n=i=>{Object.values(i).forEach(r=>{if(r.config.route&&r.config.id){const o=r.config.id,a=r.config.route.guard,c=({event:d})=>d.to===`#${o}`,l={...r.config.route,guard:a?nJ([c,a]):c,target:`#${o}`};t.push(Ur(e,"xstate.route",l))}r.states&&n(r.states)})};n(e.states),t.length>0&&e.transitions.set("xstate.route",t)}function aJ(e,t){const n=typeof t=="string"?e.states[t]:t?e.states[t.target]:void 0;if(!n&&t)throw new Error(`Initial state node "${t}" not found on parent state node #${e.id}`);const i={source:e,actions:!t||typeof t=="string"?[]:Jr(t.actions),eventType:null,reenter:!1,target:n?[n]:[],toJSON:()=>({...i,source:`#${e.id}`,target:n?[`#${n.id}`]:[]})};return i}function cJ(e,t){if(t!==void 0)return t.map(n=>{if(typeof n!="string")return n;if(Ug(n))return e.machine.getStateNodeById(n);const i=n[0]===c8;if(i&&!e.parent)return th(e,n.slice(1));const r=i?e.key+n:n;if(e.parent)try{return th(e.parent,r)}catch(o){throw new Error(`Invalid transition definition for state node '${e.id}':
349
349
  ${o.message}`)}else throw new Error(`Invalid target: "${n}" is not a valid target from the root node. Did you mean ".${n}"?`)})}function b8(e){const t=m8(e.config.target);return t?{target:t.map(n=>typeof n=="string"?th(e.parent,n):n)}:e.parent.initial}function Jo(e){return e.type==="history"}function QS(e){const t=A8(e);for(const n of t)for(const i of mu(n,e))t.add(i);return t}function A8(e){const t=new Set;function n(i){if(!t.has(i)){if(t.add(i),i.type==="compound")n(i.initial.target[0]);else if(i.type==="parallel")for(const r of oc(i))n(r)}}return n(e),t}function sc(e,t){if(Ug(t))return e.machine.getStateNodeById(t);if(!e.states)throw new Error(`Unable to retrieve child state '${t}' from '${e.id}'; no child states exist.`);const n=e.states[t];if(!n)throw new Error(`Child state '${t}' does not exist on '${e.id}'`);return n}function th(e,t){if(typeof t=="string"&&Ug(t))try{return e.machine.getStateNodeById(t)}catch{}const n=i1(t).slice();let i=e;for(;n.length;){const r=n.shift();if(!r.length)break;i=sc(i,r)}return i}function nh(e,t){if(typeof t=="string"){const r=e.states[t];if(!r)throw new Error(`State '${t}' does not exist on '${e.id}'`);return[e,r]}const n=Object.keys(t),i=n.map(r=>sc(e,r)).filter(Boolean);return[e.machine.root,e].concat(i,n.reduce((r,o)=>{const a=sc(e,o);if(!a)return r;const c=nh(a,t[o]);return r.concat(c)},[]))}function lJ(e,t,n,i){const o=sc(e,t).next(n,i);return!o||!o.length?e.next(n,i):o}function dJ(e,t,n,i){const r=Object.keys(t),o=sc(e,r[0]),a=d1(o,t[r[0]],n,i);return!a||!a.length?e.next(n,i):a}function uJ(e,t,n,i){const r=[];for(const o of Object.keys(t)){const a=t[o];if(!a)continue;const c=sc(e,o),l=d1(c,a,n,i);l&&r.push(...l)}return r.length?r:e.next(n,i)}function d1(e,t,n,i){return typeof t=="string"?lJ(e,t,n,i):Object.keys(t).length===1?dJ(e,t,n,i):uJ(e,t,n,i)}function pJ(e){return Object.keys(e.states).map(t=>e.states[t]).filter(t=>t.type==="history")}function lo(e,t){let n=e;for(;n.parent&&n.parent!==t;)n=n.parent;return n.parent===t}function fJ(e,t){const n=new Set(e),i=new Set(t);for(const r of n)if(i.has(r))return!0;for(const r of i)if(n.has(r))return!0;return!1}function k8(e,t,n){const i=new Set;for(const r of e){let o=!1;const a=new Set;for(const c of i)if(fJ(Sw([r],t,n),Sw([c],t,n)))if(lo(r.source,c.source))a.add(c);else{o=!0;break}if(!o){for(const c of a)i.delete(c);i.add(r)}}return Array.from(i)}function hJ(e){const[t,...n]=e;for(const i of mu(t,void 0))if(n.every(r=>lo(r,i)))return i}function u1(e,t){if(!e.target)return[];const n=new Set;for(const i of e.target)if(Jo(i))if(t[i.id])for(const r of t[i.id])n.add(r);else for(const r of u1(b8(i),t))n.add(r);else n.add(i);return[...n]}function S8(e,t){const n=u1(e,t);if(!n)return;if(!e.reenter&&n.every(r=>r===e.source||lo(r,e.source)))return e.source;const i=hJ(n.concat(e.source));if(i)return i;if(!e.reenter)return e.source.machine.root}function Sw(e,t,n){const i=new Set;for(const r of e)if(r.target?.length){const o=S8(r,n);r.reenter&&r.source===o&&i.add(o);for(const a of t)lo(a,o)&&i.add(a)}return[...i]}function gJ(e,t){if(e.length!==t.size)return!1;for(const n of e)if(!t.has(n))return!1;return!0}function mJ(e,t,n,i,r){return Ew([{target:[...A8(e)],source:e,reenter:!0,actions:[],eventType:null,toJSON:null}],t,n,i,!0,r)}function Ew(e,t,n,i,r,o){const a=[];if(!e.length)return[t,a];const c=n.actionExecutor;n.actionExecutor=l=>{a.push(l),c(l)};try{const l=new Set(t._nodes);let d=t.historyValue;const u=k8(e,l,d);let p=t;r||([p,d]=vJ(p,i,n,u,l,d,o,n.actionExecutor)),p=ac(p,i,n,u.flatMap(h=>h.actions),o,void 0),p=_J(p,i,n,u,l,o,d,r);const f=[...l];p.status==="done"&&(p=ac(p,i,n,f.sort((h,g)=>g.order-h.order).flatMap(h=>h.exit),o,void 0));try{return d===t.historyValue&&gJ(t._nodes,l)?[p,a]:[vs(p,{_nodes:f,historyValue:d}),a]}catch(h){throw h}}finally{n.actionExecutor=c}}function yJ(e,t,n,i,r){if(i.output===void 0)return;const o=Aw(r.id,r.output!==void 0&&r.parent?kw(r.output,e.context,t,n.self):void 0);return kw(i.output,e.context,o,n.self)}function _J(e,t,n,i,r,o,a,c){let l=e;const d=new Set,u=new Set;wJ(i,a,u,d),c&&u.add(e.machine.root);const p=new Set;for(const f of[...d].sort((h,g)=>h.order-g.order)){r.add(f);const h=[];h.push(...f.entry);for(const g of f.invoke)h.push(a1(g.src,{...g,syncSnapshot:!!g.onSnapshot}));if(u.has(f)){const g=f.initial.actions;h.push(...g)}if(l=ac(l,t,n,h,o,f.invoke.map(g=>g.id)),f.type==="final"){const g=f.parent;let m=g?.type==="parallel"?g:g?.parent,_=m||f;for(g?.type==="compound"&&o.push(Aw(g.id,f.output!==void 0?kw(f.output,l.context,t,n.self):void 0));m?.type==="parallel"&&!p.has(m)&&l1(r,m);)p.add(m),o.push(Aw(m.id)),_=m,m=m.parent;if(m)continue;l=vs(l,{status:"done",output:yJ(l,t,n,l.machine.root,_)})}}return l}function wJ(e,t,n,i){for(const r of e){const o=S8(r,t);for(const c of r.target||[])!Jo(c)&&(r.source!==c||r.source!==o||r.reenter)&&(i.add(c),n.add(c)),Aa(c,t,n,i);const a=u1(r,t);for(const c of a){const l=mu(c,o);o?.type==="parallel"&&l.push(o),E8(i,t,n,l,!r.source.parent&&r.reenter?void 0:o)}}}function Aa(e,t,n,i){if(Jo(e))if(t[e.id]){const r=t[e.id];for(const o of r)i.add(o),Aa(o,t,n,i);for(const o of r)Om(o,e.parent,i,t,n)}else{const r=b8(e);for(const o of r.target)i.add(o),r===e.parent?.initial&&n.add(e.parent),Aa(o,t,n,i);for(const o of r.target)Om(o,e.parent,i,t,n)}else if(e.type==="compound"){const[r]=e.initial.target;Jo(r)||(i.add(r),n.add(r)),Aa(r,t,n,i),Om(r,e,i,t,n)}else if(e.type==="parallel")for(const r of oc(e).filter(o=>!Jo(o)))[...i].some(o=>lo(o,r))||(Jo(r)||(i.add(r),n.add(r)),Aa(r,t,n,i))}function E8(e,t,n,i,r){for(const o of i)if((!r||lo(o,r))&&e.add(o),o.type==="parallel")for(const a of oc(o).filter(c=>!Jo(c)))[...e].some(c=>lo(c,a))||(e.add(a),Aa(a,t,n,e))}function Om(e,t,n,i,r){E8(n,i,r,mu(e,t))}function vJ(e,t,n,i,r,o,a,c){let l=e;const d=Sw(i,r,o);d.sort((p,f)=>f.order-p.order);let u;for(const p of d)for(const f of pJ(p)){let h;f.history==="deep"?h=g=>c1(g)&&lo(g,p):h=g=>g.parent===p,u??={...o},u[f.id]=Array.from(r).filter(h)}for(const p of d)l=ac(l,t,n,[...p.exit,...p.invoke.map(f=>Mg(f.id))],a,void 0),r.delete(p);return[l,u||o]}function bJ(e,t){return e.implementations.actions[t]}function C8(e,t,n,i,r,o){const{machine:a}=e;let c=e;for(const l of i){const d=typeof l=="function",u=d?l:bJ(a,typeof l=="string"?l:l.type),p={context:c.context,event:t,self:n.self,system:n.system},f=d||typeof l=="string"?void 0:"params"in l?typeof l.params=="function"?l.params({context:c.context,event:t}):l.params:void 0;if(!u||!("resolve"in u)){n.actionExecutor({type:typeof l=="string"?l:typeof l=="object"?l.type:l.name||"(anonymous)",info:p,params:f,exec:u});continue}const h=u,[g,m,_]=h.resolve(n,c,p,f,u,r);c=g,"retryResolve"in h&&o?.push([h,m]),"execute"in h&&n.actionExecutor({type:h.type,info:p,params:m,exec:h.execute.bind(null,n,m)}),_&&(c=C8(c,t,n,_,r,o))}return c}function ac(e,t,n,i,r,o){const a=o?[]:void 0,c=C8(e,t,n,i,{internalQueue:r,deferredActorIds:o},a);return a?.forEach(([l,d])=>{l.retryResolve(n,c,d)}),c}function Rm(e,t,n,i){let r=e;const o=[];function a(p,f,h){n.system._sendInspectionEvent({type:"@xstate.microstep",actorRef:n.self,event:f,snapshot:p[0],_transitions:h}),o.push(p)}if(t.type===bw)return r=vs(ZS(r,t,n),{status:"stopped"}),a([r,[]],t,[]),{snapshot:r,microsteps:o};let c=t;if(c.type!==d8){const p=c,f=qW(p),h=XS(p,r);if(f&&!h.length)return r=vs(e,{status:"error",error:p.error}),a([r,[]],p,[]),{snapshot:r,microsteps:o};const g=Ew(h,e,n,c,!1,i);r=g[0],a(g,p,h)}let l=!0;const d=e.machine.options?.maxIterations??1/0;let u=0;for(;r.status==="active";){if(u++,u>d)throw new Error(`Infinite loop detected: the machine has processed more than ${d} microsteps without reaching a stable state. This usually happens when there's a cycle of transitions (e.g., eventless transitions or raised events causing state A -> B -> C -> A).`);let p=l?AJ(r,c):[];const f=p.length?r:void 0;if(!p.length){if(!i.length)break;c=i.shift(),p=XS(c,r)}const h=Ew(p,r,n,c,!1,i);r=h[0],l=r!==f,a(h,c,p)}return r.status!=="active"&&ZS(r,c,n),{snapshot:r,microsteps:o}}function ZS(e,t,n){return ac(e,t,n,Object.values(e.children).map(i=>Mg(i)),[],void 0)}function XS(e,t){return t.machine.getTransitionData(t,e)}function AJ(e,t){const n=new Set,i=e._nodes.filter(c1);for(const r of i)e:for(const o of[r].concat(mu(r,void 0)))if(o.always){for(const a of o.always)if(a.guard===void 0||gu(a.guard,e.context,t,e)){n.add(a);break e}}return k8(Array.from(n),new Set(e._nodes),e.historyValue)}function kJ(e,t){const n=eh(nh(e,t));return v8(e,[...n])}function SJ(e){return!!e&&typeof e=="object"&&"machine"in e&&"value"in e}const EJ=function(t){return f8(t,this.value)},CJ=function(t){return this.tags.has(t)},TJ=function(t){const n=this.machine.getTransitionData(this,t);return!!n?.length&&n.some(i=>i.target!==void 0||i.actions.length)},xJ=function(){const{_nodes:t,tags:n,machine:i,getMeta:r,toJSON:o,can:a,hasTag:c,matches:l,...d}=this;return{...d,tags:Array.from(n)}},IJ=function(){return this._nodes.reduce((t,n)=>(n.meta!==void 0&&(t[n.id]=n.meta),t),{})};function bp(e,t){return{status:e.status,output:e.output,error:e.error,machine:t,context:e.context,_nodes:e._nodes,value:v8(t.root,e._nodes),tags:new Set(e._nodes.flatMap(n=>n.tags)),children:e.children,historyValue:e.historyValue||{},matches:EJ,hasTag:CJ,can:TJ,getMeta:IJ,toJSON:xJ}}function vs(e,t={}){return bp({...e,...t},e.machine)}function $J(e){if(typeof e!="object"||e===null)return{};const t={};for(const n in e){const i=e[n];Array.isArray(i)&&(t[n]=i.map(r=>({id:r.id})))}return t}function zJ(e,t){const{_nodes:n,tags:i,machine:r,children:o,context:a,can:c,hasTag:l,matches:d,getMeta:u,toJSON:p,...f}=e,h={};for(const m in o){const _=o[m];h[m]={snapshot:_.getPersistedSnapshot(t),src:_.src,systemId:_.systemId,syncSnapshot:_._syncSnapshot}}return{...f,context:T8(a),children:h,historyValue:$J(f.historyValue)}}function T8(e){let t;for(const n in e){const i=e[n];if(i&&typeof i=="object")if("sessionId"in i&&"send"in i&&"ref"in i)t??=Array.isArray(e)?e.slice():{...e},t[n]={xstate$$type:o1,id:i.id};else{const r=T8(i);r!==i&&(t??=Array.isArray(e)?e.slice():{...e},t[n]=r)}}return t??e}function NJ(e,t,n,i,{event:r,id:o,delay:a},{internalQueue:c}){const l=t.machine.implementations.delays;if(typeof r=="string")throw new Error(`Only event objects may be used with raise; use raise({ type: "${r}" }) instead`);const d=typeof r=="function"?r(n,i):r;let u;if(typeof a=="string"){const p=l&&l[a];u=typeof p=="function"?p(n,i):p}else u=typeof a=="function"?a(n,i):a;return typeof u!="number"&&c.push(d),[t,{event:d,id:o,delay:u},void 0]}function PJ(e,t){const{event:n,delay:i,id:r}=t;if(typeof i=="number"){e.defer(()=>{const o=e.self;e.system.scheduler.schedule(o,o,n,i,r)});return}}function p1(e,t){function n(i,r){}return n.type="xstate.raise",n.event=e,n.id=t?.id,n.delay=t?.delay,n.resolve=NJ,n.execute=PJ,n}function FJ(e,{machine:t,context:n},i,r){const o=(a,c)=>{if(typeof a=="string"){const l=r1(t,a);if(!l)throw new Error(`Actor logic '${a}' not implemented in machine '${t.id}'`);const d=$d(l,{id:c?.id,parent:e.self,syncSnapshot:c?.syncSnapshot,input:typeof c?.input=="function"?c.input({context:n,event:i,self:e.self}):c?.input,src:a,systemId:c?.systemId});return r[d.id]=d,d}else return $d(a,{id:c?.id,parent:e.self,syncSnapshot:c?.syncSnapshot,input:c?.input,src:a,systemId:c?.systemId})};return(a,c)=>{const l=o(a,c);return r[l.id]=l,e.defer(()=>{l._processingStatus!==pn.Stopped&&l.start()}),l}}function OJ(e,t,n,i,{assignment:r}){if(!t.context)throw new Error("Cannot assign to undefined `context`. Ensure that `context` is defined in the machine config.");const o={},a={context:t.context,event:n.event,spawn:FJ(e,t,n.event,o),self:e.self,system:e.system};let c={};if(typeof r=="function")c=r(a,i);else for(const d of Object.keys(r)){const u=r[d];c[d]=typeof u=="function"?u(a,i):u}const l=Object.assign({},t.context,c);return[vs(t,{context:l,children:Object.keys(o).length?{...t.children,...o}:t.children}),void 0,void 0]}function or(e){function t(n,i){}return t.type="xstate.assign",t.assignment=e,t.resolve=OJ,t}const eE=new WeakMap;function Vs(e,t,n){let i=eE.get(e);return i?t in i||(i[t]=n()):(i={[t]:n()},eE.set(e,i)),i[t]}const RJ={},Kc=e=>typeof e=="string"?{type:e}:typeof e=="function"?"resolve"in e?{type:e.type}:{type:e.name}:e;class ih{constructor(t,n){if(this.config=t,this.key=void 0,this.id=void 0,this.type=void 0,this.path=void 0,this.states=void 0,this.history=void 0,this.entry=void 0,this.exit=void 0,this.parent=void 0,this.machine=void 0,this.meta=void 0,this.output=void 0,this.order=-1,this.description=void 0,this.tags=[],this.transitions=void 0,this.always=void 0,this.parent=n._parent,this.key=n._key,this.machine=n._machine,this.path=this.parent?this.parent.path.concat(this.key):[],this.id=this.config.id||[this.machine.id,...this.path].join(c8),this.type=this.config.type||(this.config.states&&Object.keys(this.config.states).length?"compound":this.config.history?"history":"atomic"),this.description=this.config.description,this.order=this.machine.idMap.size,this.machine.idMap.set(this.id,this),this.states=this.config.states?WS(this.config.states,(i,r)=>new ih(i,{_parent:this,_key:r,_machine:this.machine})):RJ,this.type==="compound"&&!this.config.initial)throw new Error(`No initial state specified for compound state node "#${this.id}". Try adding { initial: "${Object.keys(this.states)[0]}" } to the state config.`);this.history=this.config.history===!0?"shallow":this.config.history||!1,this.entry=Jr(this.config.entry).slice(),this.exit=Jr(this.config.exit).slice(),this.meta=this.config.meta,this.output=this.type==="final"||!this.parent?this.config.output:void 0,this.tags=Jr(t.tags).slice()}_initialize(){this.transitions=oJ(this),this.config.always&&(this.always=la(this.config.always).map(t=>Ur(this,l8,t))),Object.keys(this.states).forEach(t=>{this.states[t]._initialize()})}get definition(){return{id:this.id,key:this.key,version:this.machine.version,type:this.type,initial:this.initial?{target:this.initial.target,source:this,actions:this.initial.actions.map(Kc),eventType:null,reenter:!1,toJSON:()=>({target:this.initial.target.map(t=>`#${t.id}`),source:`#${this.id}`,actions:this.initial.actions.map(Kc),eventType:null})}:void 0,history:this.history,states:WS(this.states,t=>t.definition),on:this.on,transitions:[...this.transitions.values()].flat().map(t=>({...t,actions:t.actions.map(Kc)})),entry:this.entry.map(Kc),exit:this.exit.map(Kc),meta:this.meta,order:this.order||-1,output:this.output,invoke:this.invoke,description:this.description,tags:this.tags}}toJSON(){return this.definition}get invoke(){return Vs(this,"invoke",()=>Jr(this.config.invoke).map((t,n)=>{const{src:i,systemId:r}=t,o=t.id??JS(this.id,n),a=typeof i=="string"?i:`xstate.invoke.${JS(this.id,n)}`;return{...t,src:a,id:o,systemId:r,toJSON(){const{onDone:c,onError:l,...d}=t;return{...d,type:"xstate.invoke",src:a,id:o}}}}))}get on(){return Vs(this,"on",()=>[...this.transitions].flatMap(([n,i])=>i.map(r=>[n,r])).reduce((n,[i,r])=>(n[i]=n[i]||[],n[i].push(r),n),{}))}get after(){return Vs(this,"delayedTransitions",()=>rJ(this))}get initial(){return Vs(this,"initial",()=>aJ(this,this.config.initial))}next(t,n){const i=n.type,r=[];let o;const a=Vs(this,`candidates-${i}`,()=>iJ(this,i));for(const c of a){const{guard:l}=c,d=t.context;let u=!1;try{u=!l||gu(l,d,n,t)}catch(p){const f=typeof l=="string"?l:typeof l=="object"?l.type:void 0;throw new Error(`Unable to evaluate guard ${f?`'${f}' `:""}in transition for event '${i}' in state node '${this.id}':
350
- ${p.message}`)}if(u){r.push(...c.actions),o=c;break}}return o?[o]:void 0}get events(){return Vs(this,"events",()=>{const{states:t}=this,n=new Set(this.ownEvents);if(t)for(const i of Object.keys(t)){const r=t[i];if(r.states)for(const o of r.events)n.add(`${o}`)}return Array.from(n)})}get ownEvents(){const t=Object.keys(Object.fromEntries(this.transitions)),n=new Set(t.filter(i=>this.transitions.get(i).some(r=>!(!r.target&&!r.actions.length&&!r.reenter))));return Array.from(n)}}const jJ="#";class f1{constructor(t,n){this.config=t,this.version=void 0,this.schemas=void 0,this.implementations=void 0,this.options=void 0,this.__xstatenode=!0,this.idMap=new Map,this.root=void 0,this.id=void 0,this.states=void 0,this.events=void 0,this.id=t.id||"(machine)",this.implementations={actors:n?.actors??{},actions:n?.actions??{},delays:n?.delays??{},guards:n?.guards??{}},this.version=this.config.version,this.schemas=this.config.schemas,this.options={maxIterations:1/0,...this.config.options},this.transition=this.transition.bind(this),this.getInitialSnapshot=this.getInitialSnapshot.bind(this),this.getPersistedSnapshot=this.getPersistedSnapshot.bind(this),this.restoreSnapshot=this.restoreSnapshot.bind(this),this.start=this.start.bind(this),this.root=new ih(t,{_key:this.id,_machine:this}),this.root._initialize(),sJ(this.root),this.states=this.root.states,this.events=this.root.events}provide(t){const{actions:n,guards:i,actors:r,delays:o}=this.implementations;return new f1(this.config,{actions:{...n,...t.actions},guards:{...i,...t.guards},actors:{...r,...t.actors},delays:{...o,...t.delays}})}resolveState(t){const n=kJ(this.root,t.value),i=eh(nh(this.root,n));return bp({_nodes:[...i],context:t.context||{},children:{},status:l1(i,this.root)?"done":t.status||"active",output:t.output,error:t.error,historyValue:t.historyValue},this)}transition(t,n,i){return Rm(t,n,i,[]).snapshot}microstep(t,n,i){return Rm(t,n,i,[]).microsteps.map(([r])=>r)}getTransitionData(t,n){return d1(this.root,t.value,t,n)||[]}_getPreInitialState(t,n,i){const{context:r}=this.config,o=bp({context:typeof r!="function"&&r?r:{},_nodes:[this.root],children:{},status:"active"},this);return typeof r=="function"?ac(o,n,t,[or(({spawn:c,event:l,self:d})=>r({spawn:c,input:l.input,self:d}))],i,void 0):o}getInitialSnapshot(t,n){const i=p8(n),r=[],o=this._getPreInitialState(t,i,r),[a]=mJ(this.root,o,t,i,r),{snapshot:c}=Rm(a,i,t,r);return c}start(t){Object.values(t.children).forEach(n=>{n.getSnapshot().status==="active"&&n.start()})}getStateNodeById(t){const n=i1(t),i=n.slice(1),r=Ug(n[0])?n[0].slice(jJ.length):n[0],o=this.idMap.get(r);if(!o)throw new Error(`Child state node '#${r}' does not exist on machine '${this.id}'`);return th(o,i)}get definition(){return this.root.definition}toJSON(){return this.definition}getPersistedSnapshot(t,n){return zJ(t,n)}restoreSnapshot(t,n){const i={},r=t.children;Object.keys(r).forEach(p=>{const f=r[p],h=f.snapshot,g=f.src,m=typeof g=="string"?r1(this,g):g;if(!m)return;const _=$d(m,{id:p,parent:n.self,syncSnapshot:f.syncSnapshot,snapshot:h,src:g,systemId:f.systemId});i[p]=_});function o(p,f){if(f instanceof ih)return f;try{return p.machine.getStateNodeById(f.id)}catch{}}function a(p,f){if(!f||typeof f!="object")return{};const h={};for(const g in f){const m=f[g];for(const _ of m){const w=o(p,_);w&&(h[g]??=[],h[g].push(w))}}return h}const c=a(this.root,t.historyValue),l=bp({...t,children:i,_nodes:Array.from(eh(nh(this.root,t.value))),historyValue:c},this),d=new Set;function u(p,f){if(!d.has(p)){d.add(p);for(const h in p){const g=p[h];if(g&&typeof g=="object"){if("xstate$$type"in g&&g.xstate$$type===o1){p[h]=f[g.id];continue}u(g,f)}}}}return u(l.context,i),l}}function DJ(e,t,n,i,{event:r}){const o=typeof r=="function"?r(n,i):r;return[t,{event:o},void 0]}function LJ(e,{event:t}){e.defer(()=>e.emit(t))}function x8(e){function t(n,i){}return t.type="xstate.emit",t.event=e,t.resolve=DJ,t.execute=LJ,t}let Cw=(function(e){return e.Parent="#_parent",e.Internal="#_internal",e})({});function BJ(e,t,n,i,{to:r,event:o,id:a,delay:c},l){const d=t.machine.implementations.delays;if(typeof o=="string")throw new Error(`Only event objects may be used with sendTo; use sendTo({ type: "${o}" }) instead`);const u=typeof o=="function"?o(n,i):o;let p;if(typeof c=="string"){const g=d&&d[c];p=typeof g=="function"?g(n,i):g}else p=typeof c=="function"?c(n,i):c;const f=typeof r=="function"?r(n,i):r;let h;if(typeof f=="string"){if(f===Cw.Parent?h=e.self._parent:f===Cw.Internal?h=e.self:f.startsWith("#_")?h=t.children[f.slice(2)]:h=l.deferredActorIds?.includes(f)?f:t.children[f],!h)throw new Error(`Unable to send event to actor '${f}' from machine '${t.machine.id}'.`)}else h=f||e.self;return[t,{to:h,targetId:typeof f=="string"?f:void 0,event:u,id:a,delay:p},void 0]}function MJ(e,t,n){typeof n.to=="string"&&(n.to=t.children[n.to])}function UJ(e,t){e.defer(()=>{const{to:n,event:i,delay:r,id:o}=t;if(typeof r=="number"){e.system.scheduler.schedule(e.self,n,i,r,o);return}e.system._relay(e.self,n,i.type===DW?u8(e.self.id,i.data):i)})}function h1(e,t,n){function i(r,o){}return i.type="xstate.sendTo",i.to=e,i.event=t,i.id=n?.id,i.delay=n?.delay,i.resolve=BJ,i.retryResolve=MJ,i.execute=UJ,i}function qJ(e,t){return h1(Cw.Parent,e,t)}function HJ(e,t,n,i,{collect:r}){const o=[],a=function(l){o.push(l)};return a.assign=(...c)=>{o.push(or(...c))},a.cancel=(...c)=>{o.push(s1(...c))},a.raise=(...c)=>{o.push(p1(...c))},a.sendTo=(...c)=>{o.push(h1(...c))},a.sendParent=(...c)=>{o.push(qJ(...c))},a.spawnChild=(...c)=>{o.push(a1(...c))},a.stopChild=(...c)=>{o.push(Mg(...c))},a.emit=(...c)=>{o.push(x8(...c))},r({context:n.context,event:n.event,enqueue:a,check:c=>gu(c,t.context,n.event,t),self:e.self,system:e.system},i),[t,void 0,o]}function VJ(e){function t(n,i){}return t.type="xstate.enqueueActions",t.collect=e,t.resolve=HJ,t}function KJ(e,t,n,i,{value:r,label:o}){return[t,{value:typeof r=="function"?r(n,i):r,label:o},void 0]}function GJ({logger:e},{value:t,label:n}){n?e(n,t):e(t)}function WJ(e=({context:n,event:i})=>({context:n,event:i}),t){function n(i,r){}return n.type="xstate.log",n.value=e,n.label=t,n.resolve=KJ,n.execute=GJ,n}function JJ(e,t){return new f1(e,t)}function YJ(e){const t=$d(e);return{self:t,defer:()=>{},id:"",logger:()=>{},sessionId:"",stopChild:()=>{},system:t.system,emit:()=>{},actionExecutor:()=>{}}}function I8({schemas:e,actors:t,actions:n,guards:i,delays:r}){return{assign:or,sendTo:h1,raise:p1,log:WJ,cancel:s1,stopChild:Mg,enqueueActions:VJ,emit:x8,spawnChild:a1,createStateConfig:o=>o,createAction:o=>o,createMachine:o=>JJ({...o,schemas:e},{actors:t,actions:n,guards:i,delays:r}),extend:o=>I8({schemas:e,actors:t,actions:{...n,...o.actions},guards:{...i,...o.guards},delays:{...r,...o.delays}})}}function QJ(e,t,n){const i=[],r=YJ(e);return r.actionExecutor=a=>{i.push(a)},[e.transition(t,n,r),i]}var Kn=(e=>(e.AUTHENTICATE="AUTHENTICATE",e.REQUIRE_EMAIL_VERIFICATION="REQUIRE_EMAIL_VERIFICATION",e.REQUIRE_MFA="REQUIRE_MFA",e.COMPLETE_MFA="COMPLETE_MFA",e.START_HOOK="START_HOOK",e.COMPLETE_HOOK="COMPLETE_HOOK",e.START_CONTINUATION="START_CONTINUATION",e.COMPLETE_CONTINUATION="COMPLETE_CONTINUATION",e.COMPLETE="COMPLETE",e.FAIL="FAIL",e.EXPIRE="EXPIRE",e))(Kn||{});const $8=I8({actions:{setUserId:or(({event:e})=>e.type==="AUTHENTICATE"?{userId:e.userId}:{}),setHookId:or(({event:e})=>e.type==="START_HOOK"?{hookId:e.hookId}:{}),clearHookId:or({hookId:void 0}),setContinuationScope:or(({event:e})=>e.type==="START_CONTINUATION"?{continuationScope:e.scope}:{}),clearContinuationScope:or({continuationScope:void 0}),setFailureReason:or(({event:e})=>e.type==="FAIL"?{failureReason:e.reason}:{})}}).createMachine({id:"loginSession",initial:"pending",context:{},states:{pending:{on:{AUTHENTICATE:{target:"authenticated",actions:"setUserId"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},authenticated:{on:{REQUIRE_EMAIL_VERIFICATION:{target:"awaiting_email_verification"},REQUIRE_MFA:{target:"awaiting_mfa"},START_HOOK:{target:"awaiting_hook",actions:"setHookId"},START_CONTINUATION:{target:"awaiting_continuation",actions:"setContinuationScope"},COMPLETE:{target:"completed"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_email_verification:{on:{COMPLETE:{target:"authenticated"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_mfa:{on:{COMPLETE_MFA:{target:"authenticated"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_hook:{on:{COMPLETE_HOOK:{target:"authenticated",actions:"clearHookId"},START_CONTINUATION:{target:"awaiting_continuation",actions:"setContinuationScope"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_continuation:{on:{COMPLETE_CONTINUATION:{target:"authenticated",actions:"clearContinuationScope"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},completed:{type:"final"},failed:{type:"final"},expired:{type:"final"}}});function ZJ(e,t={}){return $8.resolveState({value:e,context:t})}function Ai(e,t,n={}){const i=ZJ(e,n),[r]=QJ($8,i,t),o={},a=r.context,c=n;return a.userId!==c.userId&&(o.userId=a.userId),a.hookId!==c.hookId&&(o.hookId=a.hookId),a.continuationScope!==c.continuationScope&&(o.continuationScope=a.continuationScope),a.failureReason!==c.failureReason&&(o.failureReason=a.failureReason),{state:r.value,context:o}}function z8(e,t){Object.keys(t).forEach(n=>{const i=t[n];i!=null&&i.length&&e.searchParams.set(n,i)})}function XJ(e){try{const t=typeof e=="string"?new URL(e):e;let n=`${t.protocol}//${t.host}${t.pathname}`;if(t.search){const i=Array.from(t.searchParams.keys()).map(r=>`${r}=[REDACTED]`).join("&");n+=`?${i}`}return t.hash&&(n+="#[REDACTED]"),n}catch{const n=(typeof e=="string"?e:e.toString()).match(/^([^?#]*)(\?[^#]*)?(#.*)?$/);if(!n)return"[invalid-url]";const[,i="",r,o]=n;let a=i;if(r){const c=r.substring(1).split("&").map(l=>{const[d]=l.split("=");return`${d}=[REDACTED]`}).join("&");a+=`?${c}`}return o&&(a+="#[REDACTED]"),a}}const Tw=["sub","iss","aud","exp","nbf","iat","jti"];function jm(e,t,n){return{accessToken:{setCustomClaim:(i,r)=>{if(Tw.includes(i))throw new Error(`Cannot overwrite reserved claim '${i}'`);t[i]=r}},idToken:{setCustomClaim:(i,r)=>{if(Tw.includes(i))throw new Error(`Cannot overwrite reserved claim '${i}'`);n&&(n[i]=r)}},access:{deny:i=>{throw new H(400,{message:`Access denied: ${i}`})}},token:{createServiceToken:async i=>(await Fs(e,e.var.tenant_id,i.scope,i.expiresInSeconds,i.customClaims)).access_token}}}async function cc(e,t){const{authParams:n,user:i,client:r,session_id:o,organization:a,permissions:c,impersonatingUser:l}=t;let d=t.auth_time;if(d===void 0&&o&&e.var.tenant_id){const O=await e.env.data.sessions.get(e.var.tenant_id,o);O?.authenticated_at&&(d=Math.floor(new Date(O.authenticated_at).getTime()/1e3))}const u=e.var.tenant_id,f=(await $b(e.env.data.keys,u??"",u?e.env.signingKeyMode:"control-plane",{purpose:"sign"}))[0];if(!f?.pkcs7||!f.cert)throw new H(500,{message:"No signing key available"});const h=M6(f.pkcs7),g=await q6(f.cert),m=Wt(e.env,e.var.custom_domain),_=n.audience??r.tenant.default_audience;if(!_)throw new H(400,{error:"invalid_request",error_description:"An audience must be specified in the request or configured as the tenant default_audience"});const w=n.claims?.userinfo?Object.keys(n.claims.userinfo):void 0,y={aud:_,scope:n.scope||"",sub:i?.user_id||n.client_id,iss:m,tenant_id:e.var.tenant_id,sid:o,act:l?{sub:l.user_id}:void 0,org_id:a?a.id:void 0,requested_userinfo_claims:w,org_name:a&&r.tenant.allow_organization_name_in_authentication_api?a.name.toLowerCase():void 0,permissions:c,...t.customClaims};if(t.customClaims){for(const O of Tw)if(O in t.customClaims)throw new Error(`Cannot overwrite reserved claim '${O}'`)}const v=n.scope?.split(" ")||[],A=v.includes("openid"),b=(n.response_type??"").trim()===Tn.ID_TOKEN,k=r.auth0_conformant!==!1||b,C=i&&A?{aud:n.client_id,sub:i.user_id,iss:m,sid:o,nonce:n.nonce,...d!==void 0?{auth_time:d}:{},...n.acr_values?{acr:n.acr_values.split(" ")[0]}:{},...k?a8(i,v):{},...n.claims?.id_token?vw(i,Object.keys(n.claims.id_token)):{},...b&&n.claims?.userinfo?vw(i,Object.keys(n.claims.userinfo)):{},act:l?{sub:l.user_id}:void 0,org_id:a?.id,org_name:a?.name.toLowerCase()}:void 0,$=t.loginSession?.auth_connection||t.authConnection||e.var.connection;let z;if($)try{const O=await e.env.data.connections.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1}),j=O.connections.find(B=>B.name===$)??O.connections.find(B=>B.name.toLowerCase()===$.toLowerCase());j&&(z={id:j.id||j.name,name:j.name,strategy:j.strategy||i?.provider||"auth0",metadata:j.options||{}})}catch(O){console.error("Error fetching connection info:",O)}e.env.hooks?.onExecuteCredentialsExchange&&await e.env.hooks.onExecuteCredentialsExchange({ctx:e,client:r,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req.method,url:e.req.url},scope:n.scope||"",grant_type:"",connection:z||($?{id:$,name:$,strategy:i?.provider||"auth0"}:void 0)},jm(e,y,C));{const{hooks:O}=await e.env.data.hooks.list(e.var.tenant_id,{q:"trigger_id:credentials-exchange",page:0,per_page:100,include_totals:!1}),j=O.filter(W=>W.enabled&&co(W)),B=jm(e,y,C);if(i){for(const W of j)if(co(W))try{await mW(e,W.template_id,i,B)}catch(ne){if(ne instanceof N)throw ne;console.warn(`[credentials-exchange] Failed to execute template hook: ${W.template_id}`,ne)}}const M=jm(e,y,C),V=await dW(e,O,{ctx:e,client:r,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req?.method||"",url:e.req?.url||""},scope:n.scope||"",grant_type:"",connection:z||($?{id:$,name:$,strategy:i?.provider||"auth0"}:void 0)},M);V&&e.set("action_execution_id",V)}const P=l?3600:t.token_lifetime??86400,I={includeIssuedTimestamp:!0,expiresIn:new Hd(P,"s"),headers:{kid:f.kid}},F=await jy(g,h,y,I);if(C){const O=(n.response_type??"").split(" ");t.code&&O.includes("code")&&(C.c_hash=await OS(t.code,g)),O.includes("id_token")&&O.includes("token")&&(C.at_hash=await OS(F,g))}const R=C?await jy(g,h,C,I):void 0;return{access_token:F,refresh_token:t.refresh_token,id_token:R,token_type:"Bearer",expires_in:P}}async function rh(e,t){return{code:(await e.env.data.codes.create(t.client.tenant.id,{code_id:Fe(32),user_id:t.user.user_id,code_type:"authorization_code",login_id:t.login_id,expires_at:new Date(Date.now()+qB*1e3).toISOString(),code_challenge:t.authParams.code_challenge,code_challenge_method:t.authParams.code_challenge_method,redirect_uri:t.authParams.redirect_uri,state:t.authParams.state,nonce:t.authParams.nonce})).code_id,state:t.authParams.state}}function oh(e){if(e)return new Date(Date.now()+e*60*60*1e3).toISOString()}async function g1(e,t){const{client:n,scope:i,login_id:r}=t,o=t.audience??n.tenant.default_audience;if(!o)throw new H(400,{error:"invalid_request",error_description:"An audience must be specified in the request or configured as the tenant default_audience"});const a=oh(n.tenant.idle_session_lifetime),c=oh(n.tenant.session_lifetime),l=Zb(),{lookup:d,secret:u}=j6(),p=await Yf(u),f=n.refresh_token?.rotation_type==="rotating";return{row:await e.env.data.refreshTokens.create(n.tenant.id,{id:l,login_id:r,client_id:n.client_id,idle_expires_at:a,expires_at:c,user_id:t.user.user_id,device:{last_ip:e.var.ip,initial_ip:e.var.ip,last_user_agent:e.var.useragent||"",initial_user_agent:e.var.useragent||"",initial_asn:"",last_asn:""},resource_servers:[{audience:o,scopes:i}],rotating:f,token_lookup:d,token_hash:p,family_id:l}),wireToken:D6(d,u)}}async function tE(e,{user:t,client:n,loginSession:i}){const r=oh(n.tenant.idle_session_lifetime),o=oh(n.tenant.session_lifetime);return await e.env.data.sessions.create(n.tenant.id,{id:Zb(),user_id:t.user_id,login_session_id:i.id,idle_expires_at:r,expires_at:o,device:{last_ip:e.var.ip||"",initial_ip:e.var.ip||"",last_user_agent:e.var.useragent||"",initial_user_agent:e.var.useragent||"",initial_asn:"",last_asn:""},clients:[n.client_id]})}async function m1(e,{user:t,client:n,loginSession:i,existingSessionId:r,authConnection:o}){const a=await e.env.data.loginSessions.get(n.tenant.id,i.id);if(!a)throw new N(400,{message:`Login session ${i.id} not found`});const c=a.state||be.PENDING;if(c===be.FAILED)throw new H(400,{error:"access_denied",error_description:a.failure_reason||"Cannot authenticate login session in failed state"});if(c===be.COMPLETED)throw new H(400,{error:"access_denied",error_description:"Login session has already been completed"});if(c===be.AUTHENTICATED){if(a.session_id)return a.session_id;throw new N(500,{message:"Login session is authenticated but has no session_id"})}let l;if(r){const f=await e.env.data.sessions.get(n.tenant.id,r);!f||f.revoked_at?l=(await tE(e,{user:t,client:n,loginSession:i})).id:(l=r,f.clients.includes(n.client_id)||await e.env.data.sessions.update(n.tenant.id,r,{clients:[...f.clients,n.client_id]}))}else l=(await tE(e,{user:t,client:n,loginSession:i})).id;const d=c===be.EXPIRED?be.PENDING:c,{state:u}=Ai(d,{type:Kn.AUTHENTICATE,userId:t.user_id}),p=o||e.var.connection;return await e.env.data.loginSessions.update(n.tenant.id,i.id,{session_id:l,state:u,user_id:t.user_id,...p?{auth_connection:p}:{},...c===be.EXPIRED?{expires_at:new Date(Date.now()+Di*1e3).toISOString()}:{}}),l}async function eY(e,t){const{user:n,client:i,loginSession:r,authStrategy:o,authConnection:a}=t;await m1(e,{user:n,client:i,loginSession:r,existingSessionId:t.existingSessionId,authConnection:a}),await e.env.data.loginSessions.update(i.tenant.id,r.id,{...o?{auth_strategy:o}:{},authenticated_at:new Date().toISOString()});const c=`/authorize/resume?state=${encodeURIComponent(r.id)}`;let l=c;if(r.authorization_url)try{const d=new URL(r.authorization_url),u=e.var.host||"";d.host&&d.host!==u&&(l=`${d.origin}${c}`)}catch{}return new Response(null,{status:302,headers:{location:l}})}async function tY(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to mark as failed`);return}const o=r.state||be.PENDING,{state:a,context:c}=Ai(o,{type:Kn.FAIL,reason:i});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,failure_reason:c.failureReason})}async function sh(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to start hook`);return}const o=r.state||be.PENDING,{state:a,context:c}=Ai(o,{type:Kn.START_HOOK,hookId:i});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,state_data:c.hookId?JSON.stringify({hookId:c.hookId}):void 0})}async function zd(e,t,n){const i=await e.env.data.loginSessions.get(t,n.id);if(!i){console.warn(`Login session ${n.id} not found when trying to complete hook`);return}const r=i.state||be.PENDING,{state:o}=Ai(r,{type:Kn.COMPLETE_HOOK});o!==r&&await e.env.data.loginSessions.update(t,n.id,{state:o,state_data:void 0})}async function Dm(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to mark as completed`);return}const o=r.state||be.PENDING,{state:a}=Ai(o,{type:Kn.COMPLETE});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,...i?{auth_connection:i}:{}})}async function yu(e,t,n,i,r){const o=await e.env.data.loginSessions.get(t,n.id);if(!o){console.warn(`Login session ${n.id} not found when trying to start continuation`);return}const a=o.state||be.PENDING,{state:c}=Ai(a,{type:Kn.START_CONTINUATION,scope:i});if(c!==a){let l={};if(o.state_data)try{l=JSON.parse(o.state_data)}catch{}await e.env.data.loginSessions.update(t,n.id,{state:c,state_data:JSON.stringify({...l,continuationScope:i,continuationReturnUrl:r})})}else console.warn(`Failed to start continuation for login session ${n.id}: cannot transition from ${a} to AWAITING_CONTINUATION. Scope: ${JSON.stringify(i)}, Return URL: ${XJ(r)}`)}async function ah(e,t,n){const i=await e.env.data.loginSessions.get(t,n.id);if(!i){console.warn(`Login session ${n.id} not found when trying to complete continuation`);return}let r,o={};if(i.state_data)try{const l=JSON.parse(i.state_data);r=l.continuationReturnUrl;const{continuationScope:d,continuationReturnUrl:u,...p}=l;o=p}catch{}const a=i.state||be.PENDING,{state:c}=Ai(a,{type:Kn.COMPLETE_CONTINUATION});return c!==a?await e.env.data.loginSessions.update(t,n.id,{state:c,state_data:Object.keys(o).length>0?JSON.stringify(o):void 0}):console.warn(`completeLoginSessionContinuation: State transition from ${a} with COMPLETE_CONTINUATION was invalid or no-op`),r}function nY(e){if(!e.state_data)return null;try{return JSON.parse(e.state_data).continuationScope||null}catch{return null}}function ch(e,t){if(e.state!==be.AWAITING_CONTINUATION)return!1;const n=nY(e);return n?n.includes(t):!1}async function ot(e,t){const{authParams:n,client:i,ticketAuth:r}=t;let{user:o}=t;const a=n.response_type||Tn.CODE,c=n.response_mode||mt.QUERY;if(r){if(!t.loginSession)throw new H(500,{message:"Login session not found for ticket auth."});o&&!t.skipHooks&&(t.authStrategy&&o.app_metadata?.strategy!==t.authStrategy.strategy&&(o.app_metadata={...o.app_metadata,strategy:t.authStrategy.strategy},await e.env.data.users.update(i.tenant.id,o.user_id,{app_metadata:{...o.app_metadata||{},strategy:t.authStrategy.strategy}})),await o8(e,e.env.data,i.tenant.id,o,t.loginSession,{client:i,authParams:n,authStrategy:t.authStrategy}));const $=_G(),z=Fe(12),P=await e.env.data.codes.create(i.tenant.id,{code_id:Fe(32),code_type:"ticket",login_id:t.loginSession.id,expires_at:new Date(Date.now()+VB).toISOString(),code_verifier:[z,$].join("|"),redirect_uri:n.redirect_uri,state:n.state,nonce:n.nonce});return e.json({login_ticket:P.code_id,co_verifier:$,co_id:z})}let l=t.refreshToken,d;if(t.loginSession){const $=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if(!$)throw new H(500,{message:"Login session not found."});const z=$.state||be.PENDING;if(z===be.COMPLETED)throw new H(400,{error:"invalid_request",error_description:"Login session has already been completed"});if(z===be.FAILED)throw new H(400,{error:"access_denied",error_description:`Login session failed: ${$.failure_reason||"unknown reason"}`});if(z===be.PENDING||z===be.EXPIRED)d=await m1(e,{user:o,client:i,loginSession:t.loginSession,existingSessionId:t.existingSessionIdToLink,authConnection:t.authConnection});else if(d=$.session_id,!d)throw new H(500,{message:`Login session in ${z} state but has no session_id`})}else throw new H(500,{message:"loginSession must be provided for front-channel auth responses."});if(t.loginSession&&o){const $=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if($){const z=$.state||be.PENDING;let P={};if($.state_data)try{P=JSON.parse($.state_data)}catch{console.error("Failed to parse state_data for login session",$.id)}if(z===be.AWAITING_MFA){let I="/u2/mfa/login-options";if(P.authenticationMethodId){const R=(await e.env.data.authenticationMethods.list(i.tenant.id,o.user_id)).find(O=>O.id===P.authenticationMethodId);R?.confirmed&&R.type==="phone"?I="/u2/mfa/phone-challenge":R?.confirmed&&R.type==="totp"?I="/u2/mfa/totp-challenge":R?.confirmed&&(R.type==="passkey"||R.type==="webauthn-roaming"||R.type==="webauthn-platform")?I="/u2/passkey/challenge":R?.type==="totp"?I="/u2/mfa/totp-enrollment":R?.type==="phone"&&(I="/u2/mfa/phone-enrollment")}return new Response(null,{status:302,headers:{location:`${I}?state=${encodeURIComponent(t.loginSession.id)}`}})}if(z===be.AUTHENTICATED&&!P.mfa_verified){const{checkMfaRequired:I,sendMfaOtp:F}=await Promise.resolve().then(()=>EP),R=await I(e,i.tenant.id,o.user_id);if(R.required){const{state:O}=Ai(be.AUTHENTICATED,{type:Kn.REQUIRE_MFA});if(R.enrolled){if(R.allEnrollments.length>1)return await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:O}),new Response(null,{status:302,headers:{location:`/u2/mfa/login-options?state=${encodeURIComponent(t.loginSession.id)}`}});if(await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:O,state_data:JSON.stringify({...P,authenticationMethodId:R.enrollment.id})}),R.enrollment.type==="totp")return new Response(null,{status:302,headers:{location:`/u2/mfa/totp-challenge?state=${encodeURIComponent(t.loginSession.id)}`}});if(R.enrollment.type==="passkey"||R.enrollment.type==="webauthn-roaming"||R.enrollment.type==="webauthn-platform")return new Response(null,{status:302,headers:{location:`/u2/passkey/challenge?state=${encodeURIComponent(t.loginSession.id)}`}});if(!R.enrollment.phone_number)throw new Error("MFA enrollment is missing phone_number");return await F(e,i,t.loginSession,R.enrollment.phone_number),new Response(null,{status:302,headers:{location:`/u2/mfa/phone-challenge?state=${encodeURIComponent(t.loginSession.id)}`}})}else{const j=i.tenant,B=j.mfa?.factors?.otp===!0,M=j.mfa?.factors?.sms===!0,V=j.mfa?.factors?.webauthn_roaming===!0||j.mfa?.factors?.webauthn_platform===!0;return await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:O}),(B?1:0)+(M?1:0)+(V?1:0)>1?new Response(null,{status:302,headers:{location:`/u2/mfa/login-options?state=${encodeURIComponent(t.loginSession.id)}`}}):B?new Response(null,{status:302,headers:{location:`/u2/mfa/totp-enrollment?state=${encodeURIComponent(t.loginSession.id)}`}}):V?new Response(null,{status:302,headers:{location:`/u2/passkey/enrollment?state=${encodeURIComponent(t.loginSession.id)}`}}):new Response(null,{status:302,headers:{location:`/u2/mfa/phone-enrollment?state=${encodeURIComponent(t.loginSession.id)}`}})}}}}}if(t.loginSession&&o&&c!==mt.WEB_MESSAGE){const $=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if($){const z=$.state||be.PENDING;let P={};if($.state_data)try{P=JSON.parse($.state_data)}catch{}if(z===be.AUTHENTICATED&&!P.passkey_nudge_completed){const{checkPasskeyNudgeRequired:I}=await Promise.resolve().then(()=>require("./passkey-enrollment-dbZd6Zqw.js"));if((await I(e,i.tenant.id,o.user_id,$.auth_connection)).show)return await yu(e,i.tenant.id,$,["passkey-enrollment"],`/u/continue?state=${encodeURIComponent(t.loginSession.id)}`),new Response(null,{status:302,headers:{location:`/u2/passkey/enrollment-nudge?state=${encodeURIComponent(t.loginSession.id)}`}});await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state_data:JSON.stringify({...P,passkey_nudge_completed:!0})})}}}const u=a.split(" ").includes("code");if(!l&&n.scope?.split(" ").includes("offline_access")&&a!==Tn.TOKEN&&!u&&!t.impersonatingUser&&(l=(await g1(e,{user:o,client:i,login_id:t.loginSession?.id||"",scope:n.scope,audience:n.audience})).wireToken),c===mt.SAML_POST){if(!d)throw new N(500,{message:"Session ID not available for SAML response"});return QG(e,t.client,t.authParams,o,d)}const p=await iY(e,{authParams:n,user:o,client:i,session_id:d,refresh_token:l,authStrategy:t.authStrategy,authConnection:t.authConnection,loginSession:t.loginSession,responseType:a,skipHooks:t.skipHooks,organization:t.organization,impersonatingUser:t.impersonatingUser});if(p instanceof Response)return p;if(!n.redirect_uri)throw new H(400,{message:c===mt.WEB_MESSAGE?"Redirect URI not allowed for WEB_MESSAGE response mode.":"Redirect uri not found for this response mode."});const f=new Headers;d?t1(i.tenant.id,d,e.var.host||"").forEach(z=>{f.append("set-cookie",z)}):c===mt.WEB_MESSAGE&&console.warn("Session ID not available for WEB_MESSAGE, cookie will not be set.");const h=a.split(" "),g=h.includes("code"),m=h.includes("id_token"),_=h.includes("token"),w={},y="code"in p&&typeof p.code=="string",v="access_token"in p&&typeof p.access_token=="string";if(y&&g&&(w.code=p.code),v&&(_&&(w.access_token=p.access_token,w.token_type=p.token_type,w.expires_in=p.expires_in.toString()),m&&p.id_token&&(w.id_token=p.id_token)),!y&&!v)throw new H(500,{message:"Invalid token response for front-channel flow."});const b=("state"in p&&typeof p.state=="string"?p.state:void 0)??n.state;if(b&&(w.state=b),(_||m)&&n.scope&&(w.scope=n.scope),c===mt.WEB_MESSAGE){const $=new URL(n.redirect_uri),z=`${$.protocol}//${$.host}`;return ww(e,z,JSON.stringify(w),f)}if(c===mt.FORM_POST)return Xf(n.redirect_uri,w,f);const k=m||_,C=new URL(n.redirect_uri);if(k)C.hash=new URLSearchParams(w).toString();else for(const[$,z]of Object.entries(w))C.searchParams.set($,z);return f.set("location",C.toString()),new Response("Redirecting",{status:302,headers:f})}async function iY(e,t){let{user:n}=t;const i=t.responseType||Tn.TOKEN;if(n&&t.organization&&!(await e.env.data.userOrganizations.list(t.client.tenant.id,{q:`user_id:${n.user_id}`,per_page:1e3})).userOrganizations.some(_=>_.organization_id===t.organization.id))throw new H(403,{error:"access_denied",error_description:"User is not a member of the specified organization"});let r=t.authParams.scope||"",o=[],a;const c=t.authParams.audience??t.client.tenant.default_audience;if(c)try{let g;if(t.grantType===nn.ClientCredential||!n&&!t.user)g=await Id(e,{grantType:nn.ClientCredential,tenantId:t.client.tenant.id,clientId:t.client.client_id,audience:c,requestedScopes:t.authParams.scope?.split(" ")||[],organizationId:t.organization?.id});else{const m=n?.user_id||t.user?.user_id;if(!m)throw new H(400,{error:"invalid_request",error_description:"User ID is required for user-based grants"});g=await Id(e,{grantType:t.grantType,tenantId:t.client.tenant.id,userId:m,clientId:t.client.client_id,audience:c,requestedScopes:t.authParams.scope?.split(" ")||[],organizationId:t.organization?.id})}r=g.scopes.join(" "),o=g.permissions,a=t.client.app_type==="spa"&&g.token_lifetime_for_web?g.token_lifetime_for_web:g.token_lifetime}catch(g){if(g instanceof N)throw g}const l={...t.authParams,scope:r};if(t.loginSession&&n&&!t.skipHooks){t.authStrategy&&n.app_metadata?.strategy!==t.authStrategy.strategy&&(n.app_metadata={...n.app_metadata,strategy:t.authStrategy.strategy},await e.env.data.users.update(t.client.tenant.id,n.user_id,{app_metadata:{...n.app_metadata||{},strategy:t.authStrategy.strategy}}));const g=await o8(e,e.env.data,t.client.tenant.id,n,t.loginSession,{client:t.client,authParams:l,authStrategy:t.authStrategy});if(g instanceof Response)return g;n=g}const d=t.loginSession?.auth_connection||t.authConnection||e.var.connection,u=i.split(" "),p=u.includes("code"),f=u.includes("id_token")||u.includes("token"),h=p&&f;if(i===Tn.CODE){if(!n||!t.loginSession)throw new H(500,{message:"User and loginSession is required for code flow"});const g=await rh(e,{user:n,client:t.client,authParams:l,login_id:t.loginSession.id});return await Dm(e,t.client.tenant.id,t.loginSession,d),g}else if(h){if(!n||!t.loginSession)throw new H(500,{message:"User and loginSession is required for hybrid flow"});const g=await rh(e,{user:n,client:t.client,authParams:l,login_id:t.loginSession.id}),m=await cc(e,{...t,user:n,authParams:l,permissions:o,token_lifetime:a,code:g.code});return await Dm(e,t.client.tenant.id,t.loginSession,d),{...m,code:g.code,state:g.state}}else{const g=await cc(e,{...t,user:n,authParams:l,permissions:o,token_lifetime:a});return t.loginSession&&await Dm(e,t.client.tenant.id,t.loginSession,d),g}}function In(){const e=new Uint8Array(6);crypto.getRandomValues(e);let t="";for(let n=0;n<6;n+=1)t+=(e[n]%10).toString();return t}async function rY(e,t){const i=[];for(let r=0;;r++){const{connections:o}=await e.env.data.connections.list(t,{page:r,per_page:100,include_totals:!1});if(i.push(...o),o.length<100)break}return i}async function nE(e,t,n){return(await rY(e,t)).find(r=>r.name===n)??null}const oY="http://auth0.com/oauth/grant-type/password-realm",sY="openid profile email",aY=1e4;class En extends Error{status;code;description;constructor(t,n,i){super(i??n),this.name="Auth0UpstreamError",this.status=t,this.code=n,this.description=i}}function lh(e){return typeof e=="object"&&e!==null}function qr(e){return typeof e=="string"?e:void 0}async function y1(e){const t=await e.text();if(!t)return null;try{return JSON.parse(t)}catch{throw new En(e.status,"malformed_response","Upstream returned non-JSON body")}}function N8(e){if(!lh(e))throw new En(502,"malformed_response","Upstream token response was not an object");const t=qr(e.access_token);if(!t)throw new En(502,"malformed_response","Upstream token response missing access_token");return{access_token:t,id_token:qr(e.id_token),refresh_token:qr(e.refresh_token),expires_in:typeof e.expires_in=="number"?e.expires_in:void 0,token_type:qr(e.token_type),scope:qr(e.scope)}}function _1(e,t){const n=lh(t)?qr(t.error):void 0,i=lh(t)?qr(t.error_description):void 0;return new En(e,n??"invalid_grant",i??`Upstream returned HTTP ${e}`)}async function cY(e){const t=new URLSearchParams;t.set("grant_type",oY),t.set("client_id",e.clientId),t.set("client_secret",e.clientSecret),t.set("realm",e.realm),t.set("username",e.username),t.set("password",e.password),t.set("scope",e.scope??sY),e.audience&&t.set("audience",e.audience);let n;try{n=await fetch(e.tokenEndpoint,{method:"POST",headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json"},body:t.toString()})}catch(r){const o=r instanceof Error?r.message:"fetch failed";throw new En(0,"network_error",o)}const i=await y1(n);if(!n.ok)throw _1(n.status,i);return N8(i)}async function lY(e){const t=new URLSearchParams;t.set("grant_type","refresh_token"),t.set("client_id",e.clientId),t.set("client_secret",e.clientSecret),t.set("refresh_token",e.refreshToken),e.scope&&t.set("scope",e.scope),e.audience&&t.set("audience",e.audience);const n=new AbortController,i=setTimeout(()=>n.abort(),aY);let r;try{r=await fetch(e.tokenEndpoint,{method:"POST",headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json"},body:t.toString(),signal:n.signal})}catch(a){if(n.signal.aborted)throw new En(0,"network_error","request_timed_out");const c=a instanceof Error?a.message:"fetch failed";throw new En(0,"network_error",c)}finally{clearTimeout(i)}const o=await y1(r);if(!r.ok)throw _1(r.status,o);return N8(o)}async function P8(e,t){let n;try{n=await fetch(e,{method:"GET",headers:{authorization:`Bearer ${t}`,accept:"application/json"}})}catch(o){const a=o instanceof Error?o.message:"fetch failed";throw new En(0,"network_error",a)}const i=await y1(n);if(!n.ok)throw _1(n.status,i);if(!lh(i))throw new En(502,"malformed_response","Upstream userinfo response was not an object");const r=qr(i.sub);if(!r)throw new En(502,"malformed_response","Upstream userinfo response missing sub");return{...i,sub:r}}function Gc(e){return typeof e=="string"?e:void 0}function dY(e){const t=e.options&&typeof e.options=="object"?e.options.configuration:void 0;if(!t||typeof t!="object")return null;const n=t,i=Gc(n.token_endpoint),r=Gc(n.userinfo_endpoint),o=Gc(n.client_id),a=Gc(n.client_secret),c=Gc(n.realm);return!i||!r||!o||!a?null:{tokenEndpoint:i,userinfoEndpoint:r,clientId:o,clientSecret:a,realm:c}}async function iE(e){const{ctx:t,client:n,username:i,password:r,dbConnection:o,existingUser:a}=e;if(o.options?.import_mode!==!0)return null;const c=dY(o);if(!c)return null;let l;try{l=await cY({tokenEndpoint:c.tokenEndpoint,clientId:c.clientId,clientSecret:c.clientSecret,realm:c.realm??o.name,username:i,password:r})}catch(g){if(g instanceof En)return console.warn(`Auth0 upstream ROPG failed for tenant=${n.tenant.id} realm=${o.name}: ${g.code} ${g.description??""}`),null;throw g}const d=t.env.data;let u=a;if(!u){let g;try{g=await P8(c.userinfoEndpoint,l.access_token)}catch(v){if(v instanceof En)return console.warn(`Auth0 upstream userinfo failed for tenant=${n.tenant.id}: ${v.code} ${v.description??""}`),null;throw v}const m=i.includes("@"),_=typeof g.email=="string"?g.email:void 0,w=await Cs(t.env,n.tenant.id),y=`${w}|${Sr()}`;t.set("is_lazy_migration",!0);try{u=await d.users.create(n.tenant.id,{user_id:y,email:_??(m?i:void 0),username:m?void 0:i,name:typeof g.name=="string"?g.name:i,given_name:typeof g.given_name=="string"?g.given_name:void 0,family_name:typeof g.family_name=="string"?g.family_name:void 0,nickname:typeof g.nickname=="string"?g.nickname:void 0,picture:typeof g.picture=="string"?g.picture:void 0,email_verified:g.email_verified===!0,provider:w,connection:o.name,is_social:!1,last_ip:t.var.ip??"",last_login:new Date().toISOString(),profileData:JSON.stringify(g)})}finally{t.set("is_lazy_migration",!1)}}const{hash:p,algorithm:f}=await to(r),h=await d.passwords.get(n.tenant.id,u.user_id);return h&&await d.passwords.update(n.tenant.id,{id:h.id,user_id:u.user_id,password:h.password,algorithm:h.algorithm,is_current:!1}),await d.passwords.create(n.tenant.id,{user_id:u.user_id,password:p,algorithm:f,is_current:!0}),D(t,n.tenant.id,{type:T.SUCCESS_PASSWORD_MIGRATION,description:`Imported password from upstream for ${u.user_id}`,userId:u.user_id,connection:o.name}),u}async function uY(e,t,n){const i=n.app_metadata||{},r=i.failed_logins||[],o=Date.now(),a=[...r.filter(c=>o-c<1e3*60*5),o];i.failed_logins=a,await e.users.update(t,n.user_id,{app_metadata:i})}function pY(e){return typeof e=="object"&&e!==null&&"allowed"in e&&typeof e.allowed=="boolean"}function fY(e){const n=(e.app_metadata||{}).failed_logins||[],i=Date.now();return n.filter(r=>i-r<1e3*60*5)}async function w1(e,t,n,i,r=Y.USERNAME_PASSWORD){const{data:o}=e.env,{username:a}=n;if(e.set("username",a),!a)throw new H(400,{message:"Username is required"});const c=t.tenant.attack_protection?.suspicious_ip_throttling,l=e.var.ip,d=l?c?.allowlist?.includes(l):!1;if(o.rateLimit&&c?.enabled&&l&&!d){let _={allowed:!0};try{const w=await o.rateLimit.consume("pre-login",`${t.tenant.id}:${l}`);pY(w)&&(_=w)}catch(w){console.error("Pre-login rate limit consume failed:",w)}if(!_.allowed)throw D(e,t.tenant.id,{type:T.FAILED_LOGIN,description:"Rate limit exceeded for pre-login"}),new Po(429,{message:"Too many requests",code:"TOO_MANY_REQUESTS"})}let u=await Er({env:e.env,tenant_id:t.tenant.id,username:a});if(!u){let _=await nE(e,t.tenant.id,r);if(!_&&r===Y.USERNAME_PASSWORD){const w=t.connections.filter(y=>y.strategy===Y.USERNAME_PASSWORD);if(w.length>1)throw new H(400,{message:"Multiple username-password connections configured for this client; specify an explicit realm."});_=w[0]??null}if(_?.options?.import_mode===!0){const w=await iE({ctx:e,client:t,username:a,password:n.password,dbConnection:_,existingUser:null});w&&(u=w)}if(!u)throw D(e,t.tenant.id,{type:T.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"}),new Po(403,{message:"User not found",code:"USER_NOT_FOUND"})}const p=u.linked_to?await o.users.get(t.tenant.id,u.linked_to):u;if(!p)throw new Po(403,{message:"User not found",code:"USER_NOT_FOUND"});if(e.set("connection",u.connection),e.set("user_id",p.user_id),fY(p).length>=3)throw D(e,t.tenant.id,{type:T.FAILED_LOGIN,description:"Too many failed login attempts"}),new Po(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"});const h=await o.passwords.get(t.tenant.id,u.user_id);let g=h&&await mc.compare(n.password,h.password);if(!g){const _=await nE(e,t.tenant.id,u.connection);_?.options?.import_mode===!0&&await iE({ctx:e,client:t,username:a,password:n.password,dbConnection:_,existingUser:p})&&(g=!0)}if(!g)throw D(e,t.tenant.id,{type:T.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"}),uY(o,t.tenant.id,p),new Po(403,{message:"Invalid password",code:"INVALID_PASSWORD"});if(!u.email_verified&&t.client_metadata?.email_validation==="enforced"){const _=i?.authParams?.ui_locales?.split(" ")?.map(w=>w.split("-")[0])[0];throw await Fg(e,u,_),D(e,t.tenant.id,{type:T.FAILED_LOGIN,description:"Email not verified"}),i&&await tY(e,t.tenant.id,i,"Email not verified"),new Po(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const m=p.app_metadata||{};return m.failed_logins&&m.failed_logins.length>0&&(m.failed_logins=[],o.users.update(t.tenant.id,p.user_id,{app_metadata:m})),{client:t,authParams:n,user:p,loginSession:i}}async function Pc(e,t,n,i,r,o=Y.USERNAME_PASSWORD){const a=await w1(e,t,n,i,o);return ot(e,{...a,ticketAuth:r,authConnection:e.get("connection")||Y.USERNAME_PASSWORD,authStrategy:{strategy:Y.USERNAME_PASSWORD,strategy_type:Gt.DATABASE}})}async function v1(e,t,n,i,r){await K$(e,{client:t,username:n,connection:Y.USERNAME_PASSWORD,ip:e.var.ip});let o=In(),a=await e.env.data.codes.get(t.tenant.id,o,"password_reset");for(;a;)o=In(),a=await e.env.data.codes.get(t.tenant.id,o,"password_reset");let c=i;if(!await e.env.data.loginSessions.get(t.tenant.id,i)){const u=e.get("ip"),p=e.get("useragent"),f=e.get("auth0_client"),h=Bi(f);c=(await e.env.data.loginSessions.create(t.tenant.id,{expires_at:new Date(Date.now()+L5).toISOString(),authParams:{client_id:t.client_id,username:n},csrf_token:Fe(),ip:u,useragent:p,auth0Client:h})).id}const d=await e.env.data.codes.create(t.tenant.id,{code_id:o,code_type:"password_reset",login_id:c,expires_at:new Date(Date.now()+KB).toISOString()});r==="code"?await lG(e,n,d.code_id):await R6(e,n,d.code_id,c)}function hY(e){return e===Y.USERNAME_PASSWORD||e===Xa}const gY=Ct.extend({connections:s.z.array(Hr)}),F8=["client_secret","app_secret","twilio_token"];function Uu(e){if(!e.options)return e;const t={...e.options};for(const n of F8)delete t[n];return{...e,options:t}}const mY=s.z.object({enabled_clients:s.z.array(s.z.object({client_id:s.z.string(),name:s.z.string()}))}),yY=s.z.array(s.z.object({client_id:s.z.string(),status:s.z.boolean()})),_Y=new s.OpenAPIHono().openapi(s.createRoute({tags:["connections"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Hr),gY])}},description:"List of connectionss"}}}),async e=>{const{page:t,per_page:n,include_totals:i=!1,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.connections.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:St(r),q:o}),c=a.connections.map(Uu);return i?e.json({...a,connections:c}):e.json(c)}).openapi(s.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections"]}],responses:{200:{content:{"application/json":{schema:Hr}},description:"A connection"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.connections.get(e.var.tenant_id,t);if(!n)throw new N(404);return e.json(Uu(n))}).openapi(s.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:connections"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!await e.env.data.connections.remove(n,t))throw new N(404,{message:"Connection not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Connection",targetType:"connection",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Dp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:connections"]}],responses:{200:{content:{"application/json":{schema:Hr}},description:"The updated connection"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.var.tenant_id,r=await e.env.data.connections.get(i,t);let o=n;if(n.options&&r?.options){const l={...n.options};for(const d of F8)l[d]===void 0&&r.options[d]!==void 0&&(l[d]=r.options[d]);o={...n,options:l}}if(!await e.env.data.connections.update(i,t,o))throw new N(404,{message:"Connection not found"});const c=await e.env.data.connections.get(i,t);if(!c)throw new N(404,{message:"Connection not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Connection",beforeState:r,afterState:c,targetType:"connection",targetId:t,body:n}),e.json(Uu(c))}).openapi(s.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Dp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:connections"]}],responses:{201:{content:{"application/json":{schema:Hr}},description:"A connection"}}}),async e=>{const t=e.req.valid("json"),n=e.var.tenant_id,i=t.id||QR(),r=await e.env.data.connections.create(n,{...t,id:i});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Connection",afterState:r,targetType:"connection",targetId:r.id}),e.json(Uu(r),{status:201})}).openapi(s.createRoute({tags:["connections"],method:"get",path:"/{id}/clients",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections"]}],responses:{200:{content:{"application/json":{schema:mY}},description:"List of clients enabled for this connection"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.connections.get(e.var.tenant_id,t))throw new N(404,{message:"Connection not found"});const{clients:i}=await e.env.data.clients.list(e.var.tenant_id,{per_page:1e3}),r=i.filter(o=>o.connections?.includes(t)).map(o=>({client_id:o.client_id,name:o.name}));return e.json({enabled_clients:r})}).openapi(s.createRoute({tags:["connections"],method:"patch",path:"/{id}/clients",request:{body:{content:{"application/json":{schema:yY}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:connections"]}],responses:{204:{description:"Clients updated successfully (No Content)"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.connections.get(e.var.tenant_id,t))throw new N(404,{message:"Connection not found"});for(const r of n){const o=await e.env.data.clients.get(e.var.tenant_id,r.client_id);if(!o)continue;const a=o.connections||[];r.status?a.includes(t)||await e.env.data.clients.update(e.var.tenant_id,r.client_id,{connections:[...a,t]}):a.includes(t)&&await e.env.data.clients.update(e.var.tenant_id,r.client_id,{connections:a.filter(c=>c!==t)})}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Connection Clients",targetType:"connection_client",targetId:t}),e.body(null,204)}).openapi(s.createRoute({tags:["connections"],method:"post",path:"/{id}/try",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({username:s.z.string().optional(),password:s.z.string().optional()}).optional()}}}},security:[{Bearer:["update:connections"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.object({mode:s.z.literal("redirect"),authorize_url:s.z.string(),state:s.z.string(),result_url:s.z.string(),client_id:s.z.string(),connection:s.z.object({id:s.z.string(),name:s.z.string(),strategy:s.z.string()})}),s.z.object({mode:s.z.literal("inline"),status:s.z.enum(["success","error"]),connection_id:s.z.string(),connection_name:s.z.string(),strategy:s.z.string(),userinfo:s.z.record(s.z.unknown()).optional(),raw:s.z.record(s.z.unknown()).nullable().optional(),error:s.z.string().optional(),error_description:s.z.string().optional()})])}},description:"Test outcome (inline) or how to drive the test (redirect)"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id,i=await e.env.data.connections.get(n,t);if(!i)throw new N(404,{message:"Connection not found"});const r=i.id??t,o=await YB(e.env,n);if(await D(e,n,{type:T.SUCCESS_API_OPERATION,description:"Try Connection initiated",targetType:"connection",targetId:t}),hY(i.strategy)){const f=e.req.valid("json")??{};if(!f.username||!f.password)throw new N(400,{message:"username and password are required for database connections"});const h=await Je(e.env,o,n);try{const g=await w1(e,h,{username:f.username,password:f.password,client_id:o},void 0,i.name),{user:m}=g;return e.json({mode:"inline",status:"success",connection_id:r,connection_name:i.name,strategy:i.strategy,userinfo:m,raw:m})}catch(g){const m=g instanceof Error?g.message:"Password login failed",_=g&&typeof g=="object"&&"code"in g?String(g.code):"error";return e.json({mode:"inline",status:"error",connection_id:r,connection_name:i.name,strategy:i.strategy,error:_,error_description:m})}}const a=Fe(),c=new URL(M5(e.env)),l=e.req.header("origin");if(l)try{new URL(l).origin===l&&c.searchParams.set("opener_origin",l)}catch{}const d=c.toString(),u=On(e.env),p=new URL(`${u}authorize`);return p.searchParams.set("client_id",o),p.searchParams.set("response_type","code"),p.searchParams.set("scope","openid profile email"),p.searchParams.set("connection",i.name),p.searchParams.set("redirect_uri",d),p.searchParams.set("state",a),e.json({mode:"redirect",authorize_url:p.toString(),state:a,result_url:d,client_id:o,connection:{id:r,name:i.name,strategy:i.strategy}})}),wY=new s.OpenAPIHono().openapi(s.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:prompts"]}],responses:{200:{content:{"application/json":{schema:Qo}},description:"Branding settings"}}}),async e=>{const t=await e.env.data.promptSettings.get(e.var.tenant_id);return t?e.json(t):e.json(Qo.parse({}))}).openapi(s.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Qo.shape).partial()}}}},security:[{Bearer:["update:prompts"]}],responses:{200:{description:"Prompts settings"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.promptSettings.get(e.var.tenant_id);return Object.assign(n,t),await e.env.data.promptSettings.set(e.var.tenant_id,n),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Prompt Settings",targetType:"prompt_settings",targetId:e.var.tenant_id}),e.json(n)}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/custom-text",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:prompts"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.object({prompt:_a,language:s.z.string()}))}},description:"List of custom text entries"}}}),async e=>{const t=await e.env.data.customText.list(e.var.tenant_id);return e.json(t)}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/custom-text/defaults",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),query:s.z.object({language:s.z.string().optional(),prompt:s.z.string().optional()})},security:[{Bearer:["read:prompts"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.object({prompt:s.z.string(),language:s.z.string(),custom_text:Ro}))}},description:"Bundled default text for every prompt/language shipped with authhero. authhero extension; not available in Auth0."}}}),async e=>{const{language:t,prompt:n}=e.req.valid("query");return e.json(d9({language:t,prompt:n}))}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:_a,language:s.z.string()})},security:[{Bearer:["read:prompts"]}],responses:{200:{content:{"application/json":{schema:Ro}},description:"Custom text for the prompt and language"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param"),i=await e.env.data.customText.get(e.var.tenant_id,t,n);return e.json(i??{})}).openapi(s.createRoute({tags:["prompts"],method:"put",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:_a,language:s.z.string()}),body:{content:{"application/json":{schema:Ro}}}},security:[{Bearer:["update:prompts"]}],responses:{200:{content:{"application/json":{schema:Ro}},description:"Updated custom text"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param"),i=await e.req.json(),r=Ro.parse(i);return await e.env.data.customText.set(e.var.tenant_id,t,n,r),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Set Custom Text",targetType:"custom_text",targetId:e.var.tenant_id}),e.json(r)}).openapi(s.createRoute({tags:["prompts"],method:"delete",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:_a,language:s.z.string()})},security:[{Bearer:["delete:prompts"]}],responses:{204:{description:"Custom text deleted"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param");return await e.env.data.customText.delete(e.var.tenant_id,t,n),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete Custom Text",targetType:"custom_text",targetId:e.var.tenant_id}),e.body(null,204)});let rE=!1;function b1(e){e.use(async(t,n)=>(rE||(e.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${t.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),rE=!0),await n()))}var O8=e=>R8(e.replace(/_|-/g,t=>({_:"/","-":"+"})[t]??t)),R8=e=>{const t=atob(e),n=new Uint8Array(new ArrayBuffer(t.length)),i=t.length/2;for(let r=0,o=t.length-1;r<=i;r++,o--)n[r]=t.charCodeAt(r),n[o]=t.charCodeAt(o);return n},Ql=(e=>(e.HS256="HS256",e.HS384="HS384",e.HS512="HS512",e.RS256="RS256",e.RS384="RS384",e.RS512="RS512",e.PS256="PS256",e.PS384="PS384",e.PS512="PS512",e.ES256="ES256",e.ES384="ES384",e.ES512="ES512",e.EdDSA="EdDSA",e))(Ql||{}),vY=class extends Error{constructor(e){super(`${e} is not an implemented algorithm`),this.name="JwtAlgorithmNotImplemented"}},oE=class extends Error{constructor(){super('JWT verification requires "alg" option to be specified'),this.name="JwtAlgorithmRequired"}},bY=class extends Error{constructor(e,t){super(`JWT algorithm mismatch: expected "${e}", got "${t}"`),this.name="JwtAlgorithmMismatch"}},xw=class extends Error{constructor(e){super(`invalid JWT token: ${e}`),this.name="JwtTokenInvalid"}},AY=class extends Error{constructor(e){super(`token (${e}) is being used before it's valid`),this.name="JwtTokenNotBefore"}},kY=class extends Error{constructor(e){super(`token (${e}) expired`),this.name="JwtTokenExpired"}},SY=class extends Error{constructor(e,t){super(`Invalid "iat" claim, must be a valid number lower than "${e}" (iat: "${t}")`),this.name="JwtTokenIssuedAt"}},Lm=class extends Error{constructor(e,t){super(`expected issuer "${e}", got ${t?`"${t}"`:"none"} `),this.name="JwtTokenIssuer"}},EY=class extends Error{constructor(e){super(`jwt header is invalid: ${JSON.stringify(e)}`),this.name="JwtHeaderInvalid"}},CY=class extends Error{constructor(e){super(`token(${e}) signature mismatched`),this.name="JwtTokenSignatureMismatched"}},TY=class extends Error{constructor(e){super(`required "aud" in jwt payload: ${JSON.stringify(e)}`),this.name="JwtPayloadRequiresAud"}},xY=class extends Error{constructor(e,t){super(`expected audience "${Array.isArray(e)?e.join(", "):e}", got "${t}"`),this.name="JwtTokenAudience"}},dh=(e=>(e.Encrypt="encrypt",e.Decrypt="decrypt",e.Sign="sign",e.Verify="verify",e.DeriveKey="deriveKey",e.DeriveBits="deriveBits",e.WrapKey="wrapKey",e.UnwrapKey="unwrapKey",e))(dh||{}),j8=new TextEncoder,IY=new TextDecoder;async function $Y(e,t,n,i){const r=NY(t),o=await zY(e,r);return await crypto.subtle.verify(r,o,n,i)}function sE(e){return R8(e.replace(/-+(BEGIN|END).*?-+/g,"").replace(/\s/g,""))}async function zY(e,t){if(!crypto.subtle||!crypto.subtle.importKey)throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");if(PY(e)){if(e.type==="public"||e.type==="secret")return e;e=await aE(e)}if(typeof e=="string"&&e.includes("PRIVATE")){const i=await crypto.subtle.importKey("pkcs8",sE(e),t,!0,[dh.Sign]);e=await aE(i)}const n=[dh.Verify];return typeof e=="object"?await crypto.subtle.importKey("jwk",e,t,!1,n):e.includes("PUBLIC")?await crypto.subtle.importKey("spki",sE(e),t,!1,n):await crypto.subtle.importKey("raw",j8.encode(e),t,!1,n)}async function aE(e){if(e.type!=="private")throw new Error(`unexpected key type: ${e.type}`);if(!e.extractable)throw new Error("unexpected private key is unextractable");const t=await crypto.subtle.exportKey("jwk",e),{kty:n}=t,{alg:i,e:r,n:o}=t,{crv:a,x:c,y:l}=t;return{kty:n,alg:i,e:r,n:o,crv:a,x:c,y:l,key_ops:[dh.Verify]}}function NY(e){switch(e){case"HS256":return{name:"HMAC",hash:{name:"SHA-256"}};case"HS384":return{name:"HMAC",hash:{name:"SHA-384"}};case"HS512":return{name:"HMAC",hash:{name:"SHA-512"}};case"RS256":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}};case"RS384":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-384"}};case"RS512":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-512"}};case"PS256":return{name:"RSA-PSS",hash:{name:"SHA-256"},saltLength:32};case"PS384":return{name:"RSA-PSS",hash:{name:"SHA-384"},saltLength:48};case"PS512":return{name:"RSA-PSS",hash:{name:"SHA-512"},saltLength:64};case"ES256":return{name:"ECDSA",hash:{name:"SHA-256"},namedCurve:"P-256"};case"ES384":return{name:"ECDSA",hash:{name:"SHA-384"},namedCurve:"P-384"};case"ES512":return{name:"ECDSA",hash:{name:"SHA-512"},namedCurve:"P-521"};case"EdDSA":return{name:"Ed25519",namedCurve:"Ed25519"};default:throw new vY(e)}}function PY(e){return bv()==="node"&&crypto.webcrypto?e instanceof crypto.webcrypto.CryptoKey:e instanceof CryptoKey}var cE=e=>JSON.parse(IY.decode(O8(e)));function FY(e){if(typeof e=="object"&&e!==null){const t=e;return"alg"in t&&Object.values(Ql).includes(t.alg)&&(!("typ"in t)||t.typ==="JWT")}return!1}var OY=async(e,t,n)=>{if(!n)throw new oE;const{alg:i,iss:r,nbf:o=!0,exp:a=!0,iat:c=!0,aud:l}=typeof n=="string"?{alg:n}:n;if(!i)throw new oE;const d=e.split(".");if(d.length!==3)throw new xw(e);const{header:u,payload:p}=D8(e);if(!FY(u))throw new EY(u);if(u.alg!==i)throw new bY(i,u.alg);const f=Math.floor(Date.now()/1e3);if(o&&p.nbf!==void 0&&(typeof p.nbf!="number"||!Number.isFinite(p.nbf)||p.nbf>f))throw new AY(e);if(a&&p.exp!==void 0&&(typeof p.exp!="number"||!Number.isFinite(p.exp)||p.exp<=f))throw new kY(e);if(c&&p.iat!==void 0&&(typeof p.iat!="number"||!Number.isFinite(p.iat)||f<p.iat))throw new SY(f,p.iat);if(r){if(!p.iss)throw new Lm(r,null);if(typeof r=="string"&&p.iss!==r)throw new Lm(r,p.iss);if(r instanceof RegExp&&!r.test(p.iss))throw new Lm(r,p.iss)}if(l){if(!p.aud)throw new TY(p);if(!(Array.isArray(p.aud)?p.aud:[p.aud]).some(w=>l instanceof RegExp?l.test(w):typeof l=="string"?w===l:Array.isArray(l)&&l.includes(w)))throw new xY(l,p.aud)}const h=e.substring(0,e.lastIndexOf("."));if(!await $Y(t,i,O8(d[2]),j8.encode(h)))throw new CY(e);return p};Ql.HS256,Ql.HS384,Ql.HS512;var D8=e=>{const t=e.split(".");if(t.length!==3)throw new xw(e);try{const n=cE(t[0]),i=cE(t[1]);return{header:n,payload:i}}catch{throw new xw(e)}},L8={verify:OY,decode:D8},RY=L8.verify,jY=L8.decode;async function B8(e){return Promise.all(e.map(async t=>{const i=await new so(t.cert).publicKey.export(),r=await crypto.subtle.exportKey("jwk",i),o=r.alg??U6(r);return Ch.parse({...r,alg:o,use:"sig",kid:t.kid})}))}async function Bm(e){const{signingKeys:t}=await e.keys.list({q:"type:jwt_signing"});return B8(t)}async function DY(e,t,n){const i=await $b(e.keys,t,n,{purpose:"publish"});return B8(i)}async function LY(e){if(e.JWKS_URL&&e.JWKS_SERVICE)try{const t=await e.JWKS_SERVICE.fetch(e.JWKS_URL);if(!t.ok)return console.warn(`JWKS fetch failed with status ${t.status}, falling back to database`),await Bm(e.data);const n=await t.json();return s.z.object({keys:s.z.array(Ch)}).parse(n).keys}catch(t){return console.warn(`JWKS fetch error: ${t instanceof Error?t.message:"Unknown error"}, falling back to database`),await Bm(e.data)}return await Bm(e.data)}function BY(e){switch(e){case"RS256":case"RS384":case"RS512":case"ES256":case"ES384":case"ES512":return e;default:throw new H(401,{message:`Unsupported JWS alg: ${e??"(missing)"}`})}}async function uh(e,t){try{const{header:n}=jY(t),i=BY(n?.alg),o=(await LY(e.env)).find(d=>d.kid===n.kid);if(!o)throw new H(401,{message:"No matching kid found"});if(o.alg!==i)throw new H(401,{message:"alg mismatch between token header and JWK"});const a=Xb(o,i),c=await crypto.subtle.importKey("jwk",o,a,!1,["verify"]);return await RY(t,c,i)}catch(n){throw n instanceof N?n:new H(403,{message:"Invalid JWT signature"})}}function A1(e){if(!e)return;const[t,n]=e.split(" ");if(!(!t||t.toLowerCase()!=="bearer"))return n?.trim()||void 0}function M8(e){if(!e)return{};const[t,n]=e.split(" ");if(t?.toLowerCase()!=="basic"||!n)return{};try{const[i,r]=atob(n).split(":");return!i||!r?{}:{client_id:i,client_secret:r}}catch{return{}}}const k1="urn:authhero:management";function MY(e){return e.replace(/:([a-zA-Z_][a-zA-Z0-9_]*)/g,"{$1}")}function qg(e){return async(t,n)=>{const i=t.req.matchedRoutes.find(l=>l.method.toUpperCase()===t.req.method&&l.path!=="/*");if(!i)return await n();const r=MY(i.path),o="/api/v2",a=r.startsWith(o)?r.slice(o.length)||"/":r,c=e.openAPIRegistry.definitions.find(l=>"route"in l&&l.route.path===a&&l.route.method.toUpperCase()===t.req.method.toUpperCase());if(c&&"route"in c){const l=c.route.security?.[0]?.Bearer;if(l===void 0)return await n();const d=A1(t.req.header("authorization"));if(!d)throw new H(401,{message:"Missing bearer token"});try{const u=await uh(t,d),p=u.aud;if(!(Array.isArray(p)?p:p?[p]:[]).includes(k1))throw new H(403,{message:"Invalid audience"});t.set("user_id",u.sub),t.set("user",u),u.org_name&&t.set("org_name",u.org_name),u.org_id&&t.set("organization_id",u.org_id),!t.var.tenant_id&&u.tenant_id&&t.set("tenant_id",u.tenant_id);const h=Array.isArray(u.permissions)?u.permissions:[],g=typeof u.scope=="string"?u.scope.split(" "):Array.isArray(u.scope)?u.scope:[];if(l.length&&!(l.some(m=>h.includes(m))||l.some(m=>g.includes(m))))throw new H(403,{message:"Unauthorized"})}catch(u){throw u instanceof N?u:new H(403,{message:"Invalid token"})}}return await n()}}const lE=new s.OpenAPIHono().openapi(s.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:email_provider"]}],responses:{200:{content:{"application/json":{schema:s.z.object(ea.shape).partial()}},description:"Email provider"}}}),async e=>{const t=await e.env.data.emailProviders.get(e.var.tenant_id);return e.json(t??{})}).openapi(s.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(ea.shape)}}}},security:[{Bearer:["create:email_provider"]}],responses:{201:{content:{"application/json":{schema:ea}},description:"Email provider"},409:{description:"Email provider already configured"}}}),async e=>{const t=e.req.valid("json");if(await e.env.data.emailProviders.get(e.var.tenant_id))throw new N(409,{message:"Email provider already configured"});await e.env.data.emailProviders.create(e.var.tenant_id,t),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create Email Provider",targetType:"email_provider",targetId:e.var.tenant_id});const i=await e.env.data.emailProviders.get(e.var.tenant_id);return e.json(i??t,{status:201})}).openapi(s.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(ea.shape).partial()}}}},security:[{Bearer:["update:email_provider"]}],responses:{200:{content:{"application/json":{schema:ea}},description:"Email provider"}}}),async e=>{const t=e.req.valid("json");await e.env.data.emailProviders.update(e.var.tenant_id,t);const n=await e.env.data.emailProviders.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Email provider not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Email Provider",targetType:"email_provider",targetId:e.var.tenant_id}),e.json(n)}).openapi(s.createRoute({tags:["emails"],method:"delete",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:email_provider"]}],responses:{204:{description:"Email provider deleted"},404:{description:"Email provider not found"}}}),async e=>{if(!await e.env.data.emailProviders.get(e.var.tenant_id))throw new N(404,{message:"Email provider not found"});return await e.env.data.emailProviders.remove(e.var.tenant_id),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete Email Provider",targetType:"email_provider",targetId:e.var.tenant_id}),e.body(null,204)}),qu=s.z.object({"tenant-id":s.z.string().optional()}),Mm=s.z.object({templateName:_v}),UY=Mr.partial(),qY=new s.OpenAPIHono().openapi(s.createRoute({tags:["email-templates"],method:"post",path:"/",request:{headers:qu,body:{content:{"application/json":{schema:Mr}}}},security:[{Bearer:["create:email_templates"]}],responses:{201:{content:{"application/json":{schema:Mr}},description:"Email template"},409:{description:"Template already exists"}}}),async e=>{const t=e.req.valid("json");if(await e.env.data.emailTemplates.get(e.var.tenant_id,t.template))throw new N(409,{message:"Email template already configured"});const i=await e.env.data.emailTemplates.create(e.var.tenant_id,t);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create Email Template",targetType:"email_template",targetId:t.template}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["email-templates"],method:"get",path:"/{templateName}",request:{headers:qu,params:Mm},security:[{Bearer:["read:email_templates"]}],responses:{200:{content:{"application/json":{schema:Mr}},description:"Email template"},404:{description:"Template not found"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Email template not found"});return e.json(n)}).openapi(s.createRoute({tags:["email-templates"],method:"put",path:"/{templateName}",request:{headers:qu,params:Mm,body:{content:{"application/json":{schema:Mr}}}},security:[{Bearer:["update:email_templates"]}],responses:{200:{content:{"application/json":{schema:Mr}},description:"Email template upserted"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=e.req.valid("json");if(n.template!==t)throw new N(400,{message:"Body template must match URL templateName"});await e.env.data.emailTemplates.get(e.var.tenant_id,t)?await e.env.data.emailTemplates.update(e.var.tenant_id,t,n):await e.env.data.emailTemplates.create(e.var.tenant_id,n);const r=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!r)throw new N(500,{message:`Email template not found after upsert (tenant_id=${e.var.tenant_id}, template=${t})`});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Email Template",targetType:"email_template",targetId:t}),e.json(r)}).openapi(s.createRoute({tags:["email-templates"],method:"patch",path:"/{templateName}",request:{headers:qu,params:Mm,body:{content:{"application/json":{schema:UY}}}},security:[{Bearer:["update:email_templates"]}],responses:{200:{content:{"application/json":{schema:Mr}},description:"Email template"},404:{description:"Template not found"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.emailTemplates.update(e.var.tenant_id,t,n))throw new N(404,{message:"Email template not found"});const r=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!r)throw new N(404,{message:"Email template not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Patch Email Template",targetType:"email_template",targetId:t}),e.json(r)}),HY=new s.OpenAPIHono().openapi(s.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:sessions"]}],responses:{200:{content:{"application/json":{schema:Th}},description:"A session"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.sessions.get(e.var.tenant_id,t);if(!n)throw new N(404);return e.json(n)}).openapi(s.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:sessions"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.sessions.remove(e.var.tenant_id,t))throw new N(404,{message:"Session not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Session",targetType:"session",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:sessions"]}],responses:{202:{description:"Sesssion deletion status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.sessions.update(e.var.tenant_id,t,{revoked_at:new Date().toISOString()}))throw new N(404,{message:"Session not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Revoke a Session",targetType:"session",targetId:t}),e.text("Session deletion request accepted.",{status:202})}),VY=new s.OpenAPIHono().openapi(s.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:refresh_tokens"]}],responses:{200:{content:{"application/json":{schema:wv}},description:"A session"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.refreshTokens.get(e.var.tenant_id,t);if(!n)throw new N(404);return e.json(n)}).openapi(s.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:refresh_tokens"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.refreshTokens.get(e.var.tenant_id,t),i=n?.family_id??n?.id;if(i&&await e.env.data.refreshTokens.revokeFamily(e.var.tenant_id,i,new Date().toISOString()),!await e.env.data.refreshTokens.remove(e.var.tenant_id,t))throw new N(404,{message:"Session not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Refresh Token",targetType:"refresh_token",targetId:t}),e.text("OK")}),KY=new s.OpenAPIHono().openapi(s.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:custom_domains"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Br)}},description:"List of custom domains"}}}),async e=>{const t=await e.env.data.customDomains.list(e.var.tenant_id);return e.json(t)}).openapi(s.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:custom_domains"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"A customDomain"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.customDomains.get(e.var.tenant_id,t);if(!n)throw new N(404);return e.json(n)}).openapi(s.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:custom_domains"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.customDomains.remove(e.var.tenant_id,t))throw new N(404,{message:"Custom domain not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Custom Domain",targetType:"custom_domain",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Br.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:custom_domains"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"The updated custom domain"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.customDomains.update(e.var.tenant_id,t,n))throw new N(404);const r=await e.env.data.customDomains.get(e.var.tenant_id,t);if(!r)throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Custom Domain",targetType:"custom_domain",targetId:t,afterState:r}),e.json(r)}).openapi(s.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(sv.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:custom_domains"]}],responses:{201:{content:{"application/json":{schema:Br}},description:"The created custom domain"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.customDomains.create(e.var.tenant_id,t);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Custom Domain",targetType:"custom_domain",targetId:n.custom_domain_id,afterState:n}),e.json(n,{status:201})}).openapi(s.createRoute({tags:["custom-domains"],method:"post",path:"/{id}/verify",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:custom_domains"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"The custom domain"}}}),async()=>{throw new N(501,{message:"Not implemented"})});function Wc(e){const t=e.env.data.logStreams;if(!t)throw new N(501,{message:"Log streams are not supported by this adapter"});return t}const GY=new s.OpenAPIHono().openapi(s.createRoute({tags:["log-streams"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:log_streams"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Xs)}},description:"List of log streams"}}}),async e=>{const n=await Wc(e).list(e.var.tenant_id);return e.json(n)}).openapi(s.createRoute({tags:["log-streams"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:log_streams"]}],responses:{200:{content:{"application/json":{schema:Xs}},description:"A log stream"}}}),async e=>{const t=Wc(e),{id:n}=e.req.valid("param"),i=await t.get(e.var.tenant_id,n);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["log-streams"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(gv.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:log_streams"]}],responses:{201:{content:{"application/json":{schema:Xs}},description:"The created log stream"}}}),async e=>{const t=Wc(e),n=e.req.valid("json"),i=await t.create(e.var.tenant_id,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Log Stream",targetType:"log_stream",targetId:i.id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["log-streams"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(Xs.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:log_streams"]}],responses:{200:{content:{"application/json":{schema:Xs}},description:"The updated log stream"}}}),async e=>{const t=Wc(e),{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await t.update(e.var.tenant_id,n,i))throw new N(404);const o=await t.get(e.var.tenant_id,n);if(!o)throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Log Stream",targetType:"log_stream",targetId:n,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["log-streams"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:log_streams"]}],responses:{204:{description:"Log stream deleted"}}}),async e=>{const t=Wc(e),{id:n}=e.req.valid("param");if(!await t.remove(e.var.tenant_id,n))throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Log Stream",targetType:"log_stream",targetId:n}),e.body(null,204)}),WY="***",Hu=xy.extend({credentials:xy.shape.credentials.extend({client_secret:s.z.string()})});function Ks(e){return{...e,credentials:{...e.credentials,client_secret:WY}}}function Jc(e){const t=e.env.data.migrationSources;if(!t)throw new N(501,{message:"Migration sources are not supported by this adapter"});return t}const JY=new s.OpenAPIHono().openapi(s.createRoute({tags:["migration-sources"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:migration_sources"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Hu)}},description:"List of migration sources"}}}),async e=>{const n=await Jc(e).list(e.var.tenant_id);return e.json(n.map(Ks))}).openapi(s.createRoute({tags:["migration-sources"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:migration_sources"]}],responses:{200:{content:{"application/json":{schema:Hu}},description:"A migration source"}}}),async e=>{const t=Jc(e),{id:n}=e.req.valid("param"),i=await t.get(e.var.tenant_id,n);if(!i)throw new N(404);return e.json(Ks(i))}).openapi(s.createRoute({tags:["migration-sources"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Up.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:migration_sources"]}],responses:{201:{content:{"application/json":{schema:Hu}},description:"The created migration source"}}}),async e=>{const t=Jc(e),n=e.req.valid("json"),i=await t.create(e.var.tenant_id,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Migration Source",targetType:"migration_source",targetId:i.id,afterState:Ks(i)}),e.json(Ks(i),{status:201})}).openapi(s.createRoute({tags:["migration-sources"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(Up.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:migration_sources"]}],responses:{200:{content:{"application/json":{schema:Hu}},description:"The updated migration source"}}}),async e=>{const t=Jc(e),{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await t.update(e.var.tenant_id,n,i))throw new N(404);const o=await t.get(e.var.tenant_id,n);if(!o)throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Migration Source",targetType:"migration_source",targetId:n,afterState:Ks(o)}),e.json(Ks(o))}).openapi(s.createRoute({tags:["migration-sources"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:migration_sources"]}],responses:{204:{description:"Migration source deleted"}}}),async e=>{const t=Jc(e),{id:n}=e.req.valid("param");if(!await t.remove(e.var.tenant_id,n))throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Migration Source",targetType:"migration_source",targetId:n}),e.body(null,204)});function Um(e){return!!e&&typeof e=="object"&&!Array.isArray(e)}function U8(e,t){if(!Um(t))return e;const n=Um(e)?{...e}:{};for(const[i,r]of Object.entries(t))n[i]=Um(r)?U8(n[i],r):r;return n}async function qm(e,t){const n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Tenant not found"});return n.attack_protection?.[t]??{}}async function Hm(e,t,n){const i=await e.env.data.tenants.get(e.var.tenant_id);if(!i)throw new N(404,{message:"Tenant not found"});const r=i.attack_protection??{},o=U8(r[t]??{},n??{}),a={...r,[t]:o};return await e.env.data.tenants.update(e.var.tenant_id,{attack_protection:a}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:`Update Attack Protection (${t})`,targetType:"attack_protection",targetId:e.var.tenant_id}),a[t]}const YY=new s.OpenAPIHono().openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/breached-password-detection",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ha}},description:"Breached password detection settings"}}}),async e=>e.json(await qm(e,"breached_password_detection"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/breached-password-detection",request:{body:{content:{"application/json":{schema:ha}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ha}},description:"Updated settings"}}}),async e=>{const t=ha.parse(await e.req.json());return e.json(await Hm(e,"breached_password_detection",t))}).openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/brute-force-protection",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ga}},description:"Brute force protection settings"}}}),async e=>e.json(await qm(e,"brute_force_protection"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/brute-force-protection",request:{body:{content:{"application/json":{schema:ga}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ga}},description:"Updated settings"}}}),async e=>{const t=ga.parse(await e.req.json());return e.json(await Hm(e,"brute_force_protection",t))}).openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/suspicious-ip-throttling",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ma}},description:"Suspicious IP throttling settings"}}}),async e=>e.json(await qm(e,"suspicious_ip_throttling"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/suspicious-ip-throttling",request:{body:{content:{"application/json":{schema:ma}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ma}},description:"Updated settings"}}}),async e=>{const t=ma.parse(await e.req.json());return e.json(await Hm(e,"suspicious_ip_throttling",t))});function _u(e,t){const n={};for(const[i,r]of Object.entries(t)){if(r==null)continue;if(typeof r=="function"){n[i]=r;continue}const o={};for(const[a,c]of Object.entries(r))typeof c=="function"?o[a]=async(...l)=>{const d=performance.now();try{const u=await c(...l),f=performance.now()-d,h=e.res.headers.get("Server-Timing")||"",g=h?`${h}, ${i}-${a};dur=${f.toFixed(2)}`:`${i}-${a};dur=${f.toFixed(2)}`;return e.res.headers.set("Server-Timing",g),u}catch(u){const f=performance.now()-d,h=e.res.headers.get("Server-Timing")||"",g=h?`${h}, ${i}-${a}-error;dur=${f.toFixed(2)}`:`${i}-${a}-error;dur=${f.toFixed(2)}`;throw e.res.headers.set("Server-Timing",g),u}}:o[a]=c;n[i]=o}return n}function Fc(e){return async(t,n)=>(t.env||(t.env={}),!t.env.data&&e.dataAdapter&&(t.env.data=e.dataAdapter),e.hooks&&(t.env.hooks={...e.hooks,...t.env.hooks||{}}),e.samlSigner&&(t.env.samlSigner=e.samlSigner),e.poweredByLogo&&(t.env.poweredByLogo=e.poweredByLogo),t.env.codeExecutor==null&&e.codeExecutor&&(t.env.codeExecutor=e.codeExecutor),e.webhookInvoker&&(t.env.webhookInvoker=e.webhookInvoker),e.outbox&&(t.env.outbox=e.outbox),e.userLinkingMode&&(t.env.userLinkingMode=e.userLinkingMode),e.usernamePasswordProvider&&(t.env.usernamePasswordProvider=e.usernamePasswordProvider),e.signingKeyMode&&(t.env.signingKeyMode=e.signingKeyMode),n())}async function Oc(e,t){const n=e.req.header("x-forwarded-host"),i=e.req.header("host");e.set("host",n||i||new URL(Wt(e.env)).host);const r=e.var.user;if(r?.tenant_id)return e.set("tenant_id",r.tenant_id),await t();const o=e.req.header("tenant-id");if(o)return e.set("tenant_id",o),await t();if(n){const a=await e.env.data.customDomains.getByDomain(n.toLowerCase());if(a)return e.set("tenant_id",a.tenant_id),e.set("custom_domain",n),await t()}if(i){const a=i.toLowerCase(),c=await e.env.data.customDomains.getByDomain(a);if(c)return e.set("tenant_id",c.tenant_id),e.set("custom_domain",i),await t();const l=a.split(".");if(l.length>1&&typeof l[0]=="string"){const d=l[0];if(await e.env.data.tenants.get(d)){e.set("tenant_id",d);const p=new URL(Wt(e.env)).host.toLowerCase();a!==p&&e.set("custom_domain",i)}}}if(!e.var.tenant_id){const a=e.req.query("tenant_id");if(a)return e.set("tenant_id",a),await t()}if(!e.var.tenant_id){const{tenants:a}=await e.env.data.tenants.list({per_page:2});a.length===1&&a[0]&&e.set("tenant_id",a[0].id)}return await t()}const QY=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.object({node:s.z.string().optional()}).optional()});function ZY(e){if(e)try{let t=e;try{t=atob(e)}catch{}try{const n=JSON.parse(t);return QY.parse(n)}catch{}}catch{return}}const Rc=async(e,t)=>{const n=e.req.query("auth0Client")?.slice(0,255),r=(e.req.header("x-forwarded-host")&&e.req.header("x-forwarded-for")?e.req.header("x-forwarded-for")?.split(",")[0]?.trim():e.req.header("cf-connecting-ip")||e.req.header("x-real-ip"))?.slice(0,45),o=e.req.header("user-agent")?.slice(0,512),a=e.req.header("cf-ipcountry")?.slice(0,2),c=n?ZY(n):void 0;c&&e.set("auth0_client",c),r&&e.set("ip",r),o&&e.set("useragent",o),a&&e.set("countryCode",a),await t()};function Vm(e,t,n,i){try{const r=`${e}:${t}:${JSON.stringify(n)}`;return i?`${i}:${r}`:r}catch{const o=`${e}:${t}:${Date.now()}-${Math.random()}`;return i?`${i}:${o}`:o}}function wu(e,t){const{cache:n,defaultTtl:i,customTtls:r={},excludeMethods:o=[],cacheEntities:a=[],keyPrefix:c}=t,l=new Set(o),d=a.length===0,u=new Set(a),p={};for(const[f,h]of Object.entries(e)){if(h==null)continue;if(typeof h=="function"){p[f]=h;continue}const g=d||u.has(f),m={};for(const[_,w]of Object.entries(h))if(typeof w=="function"){if(!g){m[_]=w;continue}const y=`${f}:${_}`;if(l.has(y)){m[_]=w;continue}const v=r[y]??i,A=["create","update","remove","delete","set","used","add"].some(b=>_.startsWith(b));m[_]=async(...b)=>{if(A){const z=await w.apply(h,b);try{if(b.length>=2&&["update","remove","delete"].includes(_)){const I=Vm(f,"get",[b[0],b[1]],c);await n.delete(I);const F=Vm(f,"list",[b[0],{}],c);await n.delete(F)}const P=c?`${c}:${f}:`:`${f}:`;await n.deleteByPrefix(P)}catch{}return z}const k=Vm(f,_,b,c),C=await n.get(k);if(C!==null)if(C&&typeof C=="object"&&"isCachedNull"in C){const z=C;return z.isCachedNull?null:z.value}else return C;const $=await w.apply(h,b);if(v>=0)if($!==null)await n.set(k,$,v);else{const z={value:null,isCachedNull:!0};await n.set(k,z,v)}return $}}else m[_]=w;p[f]=m}return p}function Vu(e){if(!e)return;const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:{beforeCreate:ph(t.map(n=>n.beforeCreate),(n,i)=>[n,i],(n,i)=>[n[0],i]),afterCreate:ka(t.map(n=>n.afterCreate)),beforeUpdate:ph(t.map(n=>n.beforeUpdate),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterUpdate:ka(t.map(n=>n.afterUpdate)),beforeDelete:ka(t.map(n=>n.beforeDelete)),afterDelete:ka(t.map(n=>n.afterDelete))}}function ph(e,t,n){const i=e.filter(r=>r!==void 0);if(i.length!==0)return i.length===1?i[0]:async(...r)=>{let o=t(...r),a=o[o.length-1];for(const c of i)a=await c(...o),o=n(o,a);return a}}function ka(e){const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:async(...n)=>{for(const i of t)await i(...n)}}function XY(e){if(!e)return;const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:{beforeAssign:ph(t.map(n=>n.beforeAssign),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterAssign:ka(t.map(n=>n.afterAssign)),beforeRemove:ph(t.map(n=>n.beforeRemove),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterRemove:ka(t.map(n=>n.afterRemove))}}function Km(e,t,n){return t?{...e,create:async(i,r)=>{let o=r;t.beforeCreate&&(o=await t.beforeCreate(n,r));const a=await e.create(i,o);return t.afterCreate&&await t.afterCreate(n,a),a},update:async(i,r,o)=>{let a=o;t.beforeUpdate&&(a=await t.beforeUpdate(n,r,o));const c=await e.update(i,r,a);if(t.afterUpdate){let l;typeof c=="boolean"?l=await e.get(i,r):l=c,l&&await t.afterUpdate(n,r,l)}return c},remove:async(i,r)=>{t.beforeDelete&&await t.beforeDelete(n,r);const o=await e.remove(i,r);return t.afterDelete&&o&&await t.afterDelete(n,r),o}}:e}function eQ(e,t,n){return t?{...e,assign:async(i,r,o)=>{let a=o;t.beforeAssign&&(a=await t.beforeAssign(n,r,o));const c=await e.assign(i,r,a);return t.afterAssign&&c&&await t.afterAssign(n,r,a),c},remove:async(i,r,o)=>{let a=o;t.beforeRemove&&(a=await t.beforeRemove(n,r,o));const c=await e.remove(i,r,a);return t.afterRemove&&c&&await t.afterRemove(n,r,a),c}}:e}function tQ(e,t,n){return t?{...e,create:async i=>{let r=i;t.beforeCreate&&(r=await t.beforeCreate(n,i));const o=await e.create(r);return t.afterCreate&&await t.afterCreate(n,o),o},update:async(i,r)=>{let o=r;if(t.beforeUpdate&&(o=await t.beforeUpdate(n,i,r)),await e.update(i,o),t.afterUpdate){const a=await e.get(i);a&&await t.afterUpdate(n,i,a)}},remove:async i=>{t.beforeDelete&&await t.beforeDelete(n,i);const r=await e.remove(i);return t.afterDelete&&r&&await t.afterDelete(n,i),r}}:e}function q8(e,t){const{tenantId:n,entityHooks:i}=t;if(!i)return e;const r={connections:Vu(i.connections),roles:Vu(i.roles),resourceServers:Vu(i.resourceServers),rolePermissions:XY(i.rolePermissions),tenants:Vu(i.tenants)},o={tenantId:n,adapters:e};return{...e,connections:Km(e.connections,r.connections,o),roles:Km(e.roles,r.roles,o),resourceServers:Km(e.resourceServers,r.resourceServers,o),rolePermissions:eQ(e.rolePermissions,r.rolePermissions,o),tenants:tQ(e.tenants,r.tenants,o)}}class nQ{constructor(t={}){this.config=t;const n=t.cleanupIntervalMs;n&&n>0&&(this.cleanupTimer=setInterval(()=>{this.cleanupExpired()},n))}config;cache=new Map;accessOrder=new Map;accessCounter=0;cleanupTimer;async get(t){const n=this.cache.get(t);return n?n.expiresAt&&n.expiresAt<new Date?(this.cache.delete(t),this.accessOrder.delete(t),null):(this.accessOrder.set(t,++this.accessCounter),n.value):null}async set(t,n,i){let r;const o=i??this.config.defaultTtlSeconds,a=o!==void 0,c=a?Math.max(0,o):0;a&&(r=new Date(Date.now()+(c>0?c*1e3:-1))),this.config.maxEntries&&this.cache.size>=this.config.maxEntries&&!this.cache.has(t)&&this.evictLeastRecentlyUsed();const l={value:n,expiresAt:r};this.cache.set(t,l),this.accessOrder.set(t,++this.accessCounter)}async delete(t){const n=this.cache.has(t);return this.cache.delete(t),this.accessOrder.delete(t),n}async deleteByPrefix(t){let n=0;for(const i of this.cache.keys())i.startsWith(t)&&(this.cache.delete(i),this.accessOrder.delete(i),n++);return n}async clear(){this.cache.clear(),this.accessOrder.clear(),this.accessCounter=0}getStats(){return{size:this.cache.size,maxEntries:this.config.maxEntries,defaultTtlSeconds:this.config.defaultTtlSeconds}}cleanupExpired(){const t=new Date,n=[];for(const[i,r]of this.cache.entries())r.expiresAt&&r.expiresAt<t&&n.push(i);for(const i of n)this.cache.delete(i),this.accessOrder.delete(i)}evictLeastRecentlyUsed(){let t=null,n=1/0;for(const[i,r]of this.accessOrder.entries())r<n&&(n=r,t=i);t&&(this.cache.delete(t),this.accessOrder.delete(t))}destroy(){this.cleanupTimer&&(clearInterval(this.cleanupTimer),this.cleanupTimer=void 0)}}function jc(e={}){return new nQ(e)}const iQ=Ct.extend({forms:s.z.array(pa)}),rQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["forms"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:forms"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(pa),iQ])}},description:"List of forms"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.forms.list(t,{page:n,per_page:i,include_totals:r,sort:St(o),q:a});return r?e.json(c):e.json(c.forms)}).openapi(s.createRoute({tags:["forms"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:forms"]}],responses:{200:{content:{"application/json":{schema:pa}},description:"A form"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.forms.get(t,n);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["forms"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:forms"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.forms.remove(t,n))throw new N(404,{message:"Form not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Form",targetType:"form",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["forms"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Lp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:forms"]}],responses:{200:{content:{"application/json":{schema:pa}},description:"The updated form"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.forms.update(t,n,i))throw new N(404,{message:"Form not found"});const o=await e.env.data.forms.get(t,n);if(!o)throw new N(404,{message:"Form not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Form",targetType:"form",targetId:n,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["forms"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Lp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:forms"]}],responses:{201:{content:{"application/json":{schema:pa}},description:"A form"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.forms.create(t,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Form",targetType:"form",targetId:i.id,afterState:i}),e.json(i,{status:201})}),oQ=Ct.extend({flows:s.z.array(ua)}),sQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["flows"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:flows"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(ua),oQ])}},description:"List of flows"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.flows.list(t,{page:n,per_page:i,include_totals:r,sort:St(o),q:a});return r?e.json(c):e.json(c.flows)}).openapi(s.createRoute({tags:["flows"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:flows"]}],responses:{200:{content:{"application/json":{schema:ua}},description:"A flow"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.flows.get(t,n);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["flows"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:flows"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.flows.remove(t,n))throw new N(404,{message:"Flow not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Flow",targetType:"flow",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["flows"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Pp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:flows"]}],responses:{200:{content:{"application/json":{schema:ua}},description:"The updated flow"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.flows.update(t,n,i);if(!r)throw new N(404,{message:"Flow not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Flow",targetType:"flow",targetId:n,afterState:r}),e.json(r)}).openapi(s.createRoute({tags:["flows"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Pp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:flows"]}],responses:{201:{content:{"application/json":{schema:ua}},description:"The created flow"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.flows.create(t,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Flow",targetType:"flow",targetId:i.id,afterState:i}),e.json(i,{status:201})}),aQ=Ct.extend({roles:s.z.array(Ko)}),cQ=Ct.extend({permissions:s.z.array(vv)}),lQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["roles"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:roles"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Ko),aQ])}},description:"List of roles"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=e.var.tenant_id;if(!a)throw new N(400,{message:"tenant-id header is required"});const c=await e.env.data.roles.list(a,{page:t,per_page:n,include_totals:i,sort:St(r),q:o});return i?e.json(c):e.json(c.roles)}).openapi(s.createRoute({tags:["roles"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:roles"]}],responses:{200:{content:{"application/json":{schema:Ko}},description:"A role"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!n)throw new N(400,{message:"tenant-id header is required"});const i=await e.env.data.roles.get(n,t);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["roles"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Vp}}}},security:[{Bearer:["create:roles"]}],responses:{201:{content:{"application/json":{schema:Ko}},description:"Role created"}}}),async e=>{const t=e.req.valid("json"),n=e.var.tenant_id;if(!n)throw new N(400,{message:"tenant-id header is required"});const i=await e.env.data.roles.create(n,t);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Role",targetType:"role",targetId:i.id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["roles"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Vp.partial()}}}},security:[{Bearer:["update:roles"]}],responses:{200:{content:{"application/json":{schema:Ko}},description:"Updated role"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.update(i,t,n))throw new N(404);const o=await e.env.data.roles.get(i,t);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Role",targetType:"role",targetId:t,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["roles"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:roles"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!n)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.remove(n,t))throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Role",targetType:"role",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["roles"],method:"get",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:dt},security:[{Bearer:["read:roles"]}],responses:{200:{content:{"application/json":{schema:s.z.union([rx,cQ])}},description:"Role permissions"}}}),async e=>{const{id:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o,q:a}=e.req.valid("query"),c=e.var.tenant_id;if(!c)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(c,t))throw new N(404,{message:"Role not found"});if(r){const u=await e.env.data.rolePermissions.list(c,t,{per_page:1e4,sort:St(o),q:a}),p=i??50,f=(n??0)*p,h=u.slice(f,f+p);return e.json({permissions:h,total:u.length,start:f,limit:p,length:h.length})}const d=await e.env.data.rolePermissions.list(c,t,{page:n,per_page:i,include_totals:!1,sort:St(o),q:a});return e.json(d)}).openapi(s.createRoute({tags:["roles"],method:"post",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:roles"]}],responses:{204:{description:"Permissions assigned to role"}}}),async e=>{const{id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(i,t))throw new N(404,{message:"Role not found"});const o=n.map(c=>({role_id:t,resource_server_identifier:c.resource_server_identifier,permission_name:c.permission_name}));if(!await e.env.data.rolePermissions.assign(i,t,o))throw new N(500,{message:"Failed to assign permissions to role"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Assign Permissions to a Role",targetType:"role_permission",targetId:t}),e.body(null,204)}).openapi(s.createRoute({tags:["roles"],method:"delete",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:roles"]}],responses:{200:{description:"Permissions removed from role"}}}),async e=>{const{id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(i,t))throw new N(404,{message:"Role not found"});if(!await e.env.data.rolePermissions.remove(i,t,n))throw new N(500,{message:"Failed to remove permissions from role"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Remove Permissions from a Role",targetType:"role_permission",targetId:t}),e.json({message:"Permissions removed successfully"})}),dQ=Ct.extend({resource_servers:s.z.array(Vo)});async function Gm(e,t,n){const i=await e.env.data.resourceServers.get(t,n);return i||((await e.env.data.resourceServers.list(t,{})).resource_servers.find(o=>o.identifier===n)??null)}const uQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["resource-servers"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:resource_servers"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Vo),dQ])}},description:"List of resource servers"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.resourceServers.list(t,{page:n,per_page:i,include_totals:r,sort:St(o),q:a});return r?e.json(c):e.json(c.resource_servers)}).openapi(s.createRoute({tags:["resource-servers"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:resource_servers"]}],responses:{200:{content:{"application/json":{schema:Vo}},description:"A resource server"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await Gm(e,t,n);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["resource-servers"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:resource_servers"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await Gm(e,t,n);if(!i)throw new N(404,{message:"Resource server not found"});if(i.is_system)throw new N(403,{message:"System entities cannot be deleted"});return await e.env.data.resourceServers.remove(t,i.id),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Resource Server",targetType:"resource_server",targetId:i.id,beforeState:i}),e.text("OK")}).openapi(s.createRoute({tags:["resource-servers"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Hp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:resource_servers"]}],responses:{200:{content:{"application/json":{schema:Vo}},description:"The updated resource server"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await Gm(e,t,n);if(!r)throw new N(404,{message:"Resource server not found"});if(r.is_system)throw new N(403,{message:"System entities cannot be modified"});const o=r.id;await e.env.data.resourceServers.update(t,o,i);const a=await e.env.data.resourceServers.get(t,o);if(!a)throw new N(404,{message:"Resource server not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Resource Server",targetType:"resource_server",targetId:a.id,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["resource-servers"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Hp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:resource_servers"]}],responses:{201:{content:{"application/json":{schema:Vo}},description:"A resource server"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.resourceServers.create(t,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Resource Server",targetType:"resource_server",targetId:i.id,afterState:i}),e.json(i,{status:201})}),pQ=s.z.object({per_page:s.z.string().min(1).optional().default("50").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"Return results inside an object that contains the total result count (true) or as a direct array of results (false, default)."}),from:s.z.string().optional().openapi({description:"Optional Id from which to start selection."}),take:s.z.string().min(1).optional().transform(e=>e?parseInt(e,10):void 0).openapi({description:"Number of results per page. Defaults to 50."}),audience:s.z.string().optional().openapi({description:"Optional filter on audience."}),client_id:s.z.string().optional().openapi({description:"Optional filter on client_id."}),allow_any_organization:s.z.string().optional().transform(e=>e==="true"?!0:e==="false"?!1:void 0).openapi({description:"Optional filter on allow_any_organization."}),subject_type:s.z.enum(["client","user"]).optional().openapi({description:"EA The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."})}),fQ=Ct.extend({client_grants:s.z.array(Ho)}),hQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["client-grants"],method:"get",path:"/",request:{query:pQ,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:client_grants"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Ho),fQ])}},description:"List of client grants"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,from:o,take:a,audience:c,client_id:l,allow_any_organization:d,subject_type:u}=e.req.valid("query"),p=[];l&&p.push(`client_id:"${l}"`),c&&p.push(`audience:"${c}"`),d!==void 0&&p.push(`allow_any_organization:${d}`),u&&p.push(`subject_type:"${u}"`),o&&p.push(`id:>${o}`);const f=p.length>0?p.join(" AND "):void 0,h=a??i,g=await e.env.data.clientGrants.list(t,{page:n,per_page:h,include_totals:r,q:f});return r?e.json(g):e.json(g.client_grants)}).openapi(s.createRoute({tags:["client-grants"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:client_grants"]}],responses:{200:{content:{"application/json":{schema:Ho}},description:"A client grant"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.clientGrants.get(t,n);if(!i)throw new N(404,{message:"Client grant not found"});return e.json(i)}).openapi(s.createRoute({tags:["client-grants"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:client_grants"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.clientGrants.remove(t,n))throw new N(404,{message:"Client grant not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Client Grant",targetType:"client_grant",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["client-grants"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(jp.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:client_grants"]}],responses:{200:{content:{"application/json":{schema:Ho}},description:"The updated client grant"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.clientGrants.get(t,n);if(!r)throw new N(404,{message:"Client grant not found"});if(!await e.env.data.clientGrants.update(t,n,i))throw new N(500,{message:"Failed to update client grant"});const a=await e.env.data.clientGrants.get(t,n);if(!a)throw new N(404,{message:"Client grant not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Client Grant",targetType:"client_grant",targetId:n,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["client-grants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(jp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:client_grants"]}],responses:{201:{content:{"application/json":{schema:Ho}},description:"A client grant"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.clientGrants.create(t,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Client Grant",targetType:"client_grant",targetId:i.id,afterState:i}),e.json(i,{status:201})});function gQ(e){const t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function H8(e){const t=new TextEncoder().encode(e);return of(await Nh(t))}async function V8(){const e=Bt.encode(gQ(32),{includePadding:!1}),t=await H8(e);return{id:Fe(),token:e,token_hash:t}}const mQ=300;async function K8(e,t,n={}){const i=await V8(),r=n.expires_in_seconds??mQ,o=new Date(Date.now()+r*1e3).toISOString(),a=await e.create(t,{id:i.id,token_hash:i.token_hash,type:"iat",sub:n.sub,constraints:n.constraints,single_use:n.single_use??!0,expires_at:o});return{id:i.id,token:i.token,expires_at:o,record:a}}async function G8(e,t,n,i){const r=await H8(n),o=await e.getByHash(t,r);return o?o.type!==i?{ok:!1,failure:"wrong_type"}:o.revoked_at?{ok:!1,failure:"revoked"}:o.expires_at&&new Date(o.expires_at).getTime()<=Date.now()?{ok:!1,failure:"expired"}:o.single_use&&o.used_at?{ok:!1,failure:"already_used"}:{ok:!0,token:o}:{ok:!1,failure:"not_found"}}function Wm(e,t){return`${On(e.env,e.var.custom_domain)}oidc/register/${t}`}async function Ku(e){const t=await e.env.data.tenants.get(e.var.tenant_id);if(!t)throw new H(404,{error:"invalid_request",error_description:"Tenant not found"});return t}function Gu(e){if(!e.flags?.enable_dynamic_client_registration)throw new H(404,{error:"invalid_request",error_description:"Dynamic Client Registration is not enabled"})}function lc(e){if(!e.clientRegistrationTokens)throw new H(500,{error:"server_error",error_description:"Dynamic Client Registration requires a clientRegistrationTokens adapter"});return e.clientRegistrationTokens}async function yQ(e,t){const n=e.req.header("authorization"),i=A1(n);if(i){const r=await G8(lc(e.env.data),e.var.tenant_id,i,"iat");if(!r.ok||!r.token)throw new H(401,{error:"invalid_token",error_description:`Initial access token ${r.failure??"invalid"}`});return r.token}if(t.flags?.dcr_require_initial_access_token!==!1)throw new H(401,{error:"invalid_token",error_description:"Initial access token required"})}async function Jm(e,t){const n=A1(e.req.header("authorization"));if(!n)throw new H(401,{error:"invalid_token",error_description:"Registration access token required"});const i=await G8(lc(e.env.data),e.var.tenant_id,n,"rat");if(!i.ok||!i.token)throw new H(401,{error:"invalid_token",error_description:`Registration access token ${i.failure??"invalid"}`});if(i.token.client_id!==t)throw new H(401,{error:"invalid_token",error_description:"Registration access token is not bound to this client"});return i.token}function Ym(e){return e.client_metadata?.status==="deleted"}function _Q(){return Fe(24)}function wQ(){return Fe(43)}const vQ=s.z.object({sub:s.z.string().optional().openapi({description:"User ID to bind the IAT to (optional)"}),constraints:s.z.record(s.z.unknown()).optional().openapi({description:"Pre-bound metadata that the registration request must match exactly (or omit, in which case the value is filled in from this map)"}),expires_in_seconds:s.z.number().int().min(30).max(3600*24).optional().openapi({description:"Token TTL in seconds. Default 300 (5 minutes)."}),single_use:s.z.boolean().optional().openapi({description:"Whether the IAT is invalidated after first use. Default true."})}),bQ=s.z.object({id:s.z.string(),token:s.z.string(),expires_at:s.z.string(),sub:s.z.string().optional(),constraints:s.z.record(s.z.unknown()).optional(),single_use:s.z.boolean()}),AQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["client-registration-tokens"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:vQ}}}},security:[{Bearer:["create:client_registration_tokens"]}],responses:{201:{content:{"application/json":{schema:bQ}},description:"Initial Access Token issued. The `token` field is shown once and not retrievable later."}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await K8(lc(e.env.data),t,{sub:n.sub,constraints:n.constraints,expires_in_seconds:n.expires_in_seconds,single_use:n.single_use});return await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"DCR Initial Access Token issued via Management API",targetType:"client_registration_token",targetId:i.id,userId:n.sub}),e.json({id:i.id,token:i.token,expires_at:i.expires_at,sub:i.record.sub,constraints:i.record.constraints,single_use:i.record.single_use},201)}),kQ=s.z.object({page:s.z.string().optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),per_page:s.z.string().optional().default("50").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"When true, return results inside an object that also contains the start and limit. When false (default), a direct array of results is returned."}),fields:s.z.string().optional().openapi({description:"Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields."}),include_fields:s.z.string().optional().default("true").transform(e=>e==="true").openapi({description:"Whether specified fields are to be included (true) or excluded (false). Defaults to true."}),sort:s.z.string().optional().default("created_at:-1").openapi({description:"Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. Defaults to created_at:-1."})}),SQ=s.z.object({invitations:s.z.array(Ml),start:s.z.number(),limit:s.z.number(),length:s.z.number()}),EQ=fv.omit({organization_id:!0,invitation_url:!0}),CQ=Ct.extend({organizations:s.z.array(Vr)}),S1=s.z.object({user_id:s.z.string().openapi({description:"ID of this user"}),email:s.z.string().email().optional().openapi({description:"Email address of this user",format:"email"}),roles:s.z.array(s.z.object({})).default([]).openapi({description:"Array of roles assigned to this user in the organization"})}),TQ=s.z.object({start:s.z.number().openapi({description:"Start index of the current page"}),limit:s.z.number().openapi({description:"Number of items per page"}),total:s.z.number().openapi({description:"Total number of members"}),members:s.z.array(S1).openapi({description:"Array of organization members"})}),xQ=s.z.object({next:s.z.string().optional().openapi({description:"Checkpoint ID to be used to retrieve the next set of results"}),members:s.z.array(S1).openapi({description:"Array of organization members"})}),IQ=s.z.object({members:s.z.array(s.z.string()).openapi({description:"Array of user IDs to add to the organization"})}),$Q=s.z.object({members:s.z.array(s.z.string()).openapi({description:"Array of user IDs to remove from the organization"})}),zQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["organizations"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:s.z.union([CQ,s.z.array(Vr)])}},description:"List of organizations"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r,sort:o,q:a,from:c,take:l}=e.req.valid("query"),d=await e.env.data.organizations.list(t,{page:n,per_page:i,include_totals:r,sort:St(o),q:a,from:c,take:l});return r?e.json(d):e.json(d.organizations)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:Vr}},description:"An organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.organizations.get(t,n);if(!i)throw new N(404,{message:"Organization not found"});return e.json(i)}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:organizations"]}],responses:{200:{description:"Organization deleted successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.organizations.remove(t,n))throw new N(404,{message:"Organization not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete an Organization",targetType:"organization",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["organizations"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:Gp.partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations"]}],responses:{200:{content:{"application/json":{schema:Vr}},description:"The updated organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});if(!await e.env.data.organizations.update(t,n,i))throw new N(404,{message:"Organization not found"});const a=await e.env.data.organizations.get(t,n);if(!a)throw new N(404,{message:"Organization not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update an Organization",targetType:"organization",targetId:n,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:Gp}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:organizations"]}],responses:{201:{content:{"application/json":{schema:Vr}},description:"The created organization"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i={...n,id:n.id||YR()},r=await e.env.data.organizations.create(t,i);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create an Organization",targetType:"organization",targetId:r.id,afterState:r}),e.json(r,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(S1),TQ,xQ])}},description:"List of organization members"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,include_totals:o,sort:a}=e.req.valid("query"),c=await e.env.data.organizations.get(t,n);if(!c)throw new N(404,{message:"Organization not found"});const l=await e.env.data.userOrganizations.list(t,{page:i,per_page:r,include_totals:o,sort:St(a),q:`organization_id:${c.id}`}),d=[];for(const u of l.userOrganizations){const p=await e.env.data.users.get(t,u.user_id);p&&d.push({user_id:p.user_id,email:p.email||void 0,roles:[]})}return o?e.json({start:l.start,limit:l.limit,total:l.length,members:d}):e.json(d)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:IQ}}}},security:[{Bearer:["update:organizations"]}],responses:{204:{description:"Members added successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{members:i}=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});for(const o of i)(await e.env.data.userOrganizations.list(t,{q:`user_id:${o}`,per_page:1})).userOrganizations.some(l=>l.organization_id===r.id)||await e.env.data.userOrganizations.create(t,{user_id:o,organization_id:r.id});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Add Members to an Organization",targetType:"organization_member",targetId:r.id}),new Response(null,{status:204})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:$Q}}}},security:[{Bearer:["update:organizations"]}],responses:{200:{description:"Members removed successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{members:i}=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});for(const o of i){const c=(await e.env.data.userOrganizations.list(t,{q:`user_id:${o}`,per_page:100})).userOrganizations.find(l=>l.organization_id===r.id);c&&await e.env.data.userOrganizations.remove(t,c.id)}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Remove Members from an Organization",targetType:"organization_member",targetId:r.id}),e.json({message:"Members removed successfully"})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:dt},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:Kp}},description:"User roles in organization"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param");if(!await e.env.data.organizations.get(t,n))throw new N(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new N(404,{message:"User not found"});const a=await e.env.data.userRoles.list(t,i,void 0,n);return e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string()).openapi({description:"List of role IDs to associate with the user"})})}}}},security:[{Bearer:["update:organizations"]}],responses:{201:{description:"Roles assigned successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param"),{roles:r}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new N(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new N(404,{message:"User not found"});for(const c of r){if(!await e.env.data.roles.get(t,c))throw new N(400,{message:`Role ${c} not found`});if(!await e.env.data.userRoles.create(t,i,c,n))throw new N(500,{message:`Failed to assign role ${c} to user`})}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Assign Roles to an Organization Member",targetType:"organization_member_role",targetId:i}),e.json({message:"Roles assigned successfully"},{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string()).openapi({description:"List of role IDs to remove from the user"})})}}}},security:[{Bearer:["update:organizations"]}],responses:{200:{description:"Roles removed successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param"),{roles:r}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new N(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new N(404,{message:"User not found"});for(const c of r)if(!await e.env.data.userRoles.remove(t,i,c,n))throw new N(500,{message:`Failed to remove role ${c} from user`});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Remove Roles from an Organization Member",targetType:"organization_member_role",targetId:i}),e.json({message:"Roles removed successfully"})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/roles",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:dt},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:Kp}},description:"List of roles available in organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,sort:o,q:a}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new N(404,{message:"Organization not found"});const l=await e.env.data.roles.list(t,{page:i,per_page:r,sort:St(o),q:a});return e.json(l.roles)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/invitations",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}})}),query:kQ,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Ml),SQ])}},description:"List of organization invitations"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,include_totals:o,fields:a,include_fields:c,sort:l}=e.req.valid("query"),d=await e.env.data.organizations.get(t,n);if(!d)throw new N(404,{message:"Organization not found"});let p=(await e.env.data.invites.list(t,{page:i,per_page:r})).invites.filter(f=>f.organization_id===d.id);if(l){const f=St(l);if(f){const{sort_by:h,sort_order:g}=f;p.sort((m,_)=>{const w=m[h],y=_[h];if(w===void 0||y===void 0||w===y)return 0;const v=w<y?-1:1;return g==="asc"?v:-v})}}if(a){const f=a.split(",").map(h=>h.trim());p=p.map(h=>{const g={};for(const m of Object.keys(h))(c?f.includes(m):!f.includes(m))&&(g[m]=h[m]);return g})}return o?e.json({invitations:p,start:i*r,limit:r,length:p.length}):e.json(p)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/invitations/{invitation_id}",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}}),invitation_id:s.z.string().openapi({description:"Invitation ID",param:{name:"invitation_id",in:"path"}})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:Ml}},description:"An invitation"},404:{description:"Invitation not found"}}}),async e=>{const t=e.var.tenant_id,{id:n,invitation_id:i}=e.req.valid("param"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});const o=await e.env.data.invites.get(t,i);if(!o||o.organization_id!==r.id)throw new N(404,{message:"Invitation not found"});return e.json(o)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/invitations",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}})}),body:{content:{"application/json":{schema:EQ}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations"]}],responses:{201:{content:{"application/json":{schema:Ml}},description:"The created invitation"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});const o=ZR(),a=Wt(e.env,e.var.custom_domain),c=new URL("u2/accept-invitation",a);c.searchParams.set("invitation",o),c.searchParams.set("organization",r.id);const l=c.toString(),d={...i,id:o,organization_id:r.id,invitation_url:l},u=await e.env.data.invites.create(t,d);if(await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create an Organization Invitation",targetType:"invitation",targetId:u.id,afterState:u}),i.send_invitation_email!==!1&&i.invitee?.email)try{await uG(e,{to:i.invitee.email,invitationUrl:l,inviterName:i.inviter?.name,organizationName:r.display_name||r.name||r.id,ttlSec:i.ttl_sec??604800})}catch(p){console.error(`[invitations] failed to send invitation email for ${u.id}:`,p)}return e.json(u,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/invitations/{invitation_id}",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}}),invitation_id:s.z.string().openapi({description:"Invitation ID",param:{name:"invitation_id",in:"path"}})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations"]}],responses:{204:{description:"Invitation deleted successfully"},404:{description:"Invitation not found"}}}),async e=>{const t=e.var.tenant_id,{id:n,invitation_id:i}=e.req.valid("param"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});const o=await e.env.data.invites.get(t,i);if(!o||o.organization_id!==r.id)throw new N(404,{message:"Invitation not found"});if(!await e.env.data.invites.remove(t,i))throw new N(404,{message:"Invitation not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete an Organization Invitation",targetType:"invitation",targetId:i}),e.body(null,{status:204})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/enabled_connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:s.z.object({include_totals:s.z.string().optional().transform(e=>e==="true").openapi({deprecated:!0,description:"Ignored for compatibility; the connections/total/start/limit/length wrapper is always returned."}),page:s.z.string().optional().transform(e=>e?parseInt(e,10):0),per_page:s.z.string().optional().transform(e=>e?parseInt(e,10):50)})},security:[{Bearer:["read:organization_connections"]}],responses:{200:{content:{"application/json":{schema:Ct.extend({connections:s.z.array(ya)})}},description:"Connections enabled for the organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{include_totals:i,page:r,per_page:o}=e.req.valid("query"),a=await e.env.data.organizations.get(t,n);if(!a)throw new N(404,{message:"Organization not found"});const c=await e.env.data.organizationConnections.list(t,a.id),l=r*o,d=c.slice(l,l+o);return e.json({connections:d,total:c.length,start:l,limit:o,length:d.length})}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/enabled_connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Wp}}}},security:[{Bearer:["create:organization_connections"]}],responses:{201:{content:{"application/json":{schema:ya}},description:"Connection enabled for the organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});if(!await e.env.data.connections.get(t,i.connection_id))throw new N(400,{message:`Connection ${i.connection_id} not found`});if(await e.env.data.organizationConnections.get(t,r.id,i.connection_id))throw new N(409,{message:"Connection already enabled for this organization"});const c=await e.env.data.organizationConnections.create(t,r.id,i);return await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Enable an Organization Connection",targetType:"organization_connection",targetId:`${r.id}:${i.connection_id}`}),e.json(c,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organization_connections"]}],responses:{200:{content:{"application/json":{schema:ya}},description:"An enabled organization connection"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});const o=await e.env.data.organizationConnections.get(t,r.id,i);if(!o)throw new N(404,{message:"Organization connection not found"});return e.json(o)}).openapi(s.createRoute({tags:["organizations"],method:"patch",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Wp.omit({connection_id:!0}).partial()}}}},security:[{Bearer:["update:organization_connections"]}],responses:{200:{content:{"application/json":{schema:ya}},description:"Updated organization connection"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=e.req.valid("json"),o=await e.env.data.organizations.get(t,n);if(!o)throw new N(404,{message:"Organization not found"});const a=await e.env.data.organizationConnections.update(t,o.id,i,r);if(!a)throw new N(404,{message:"Organization connection not found"});return await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Update an Organization Connection",targetType:"organization_connection",targetId:`${o.id}:${i}`}),e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:organization_connections"]}],responses:{204:{description:"Connection disabled"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});if(!await e.env.data.organizationConnections.remove(t,r.id,i))throw new N(404,{message:"Organization connection not found"});return await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Disable an Organization Connection",targetType:"organization_connection",targetId:`${r.id}:${i}`}),e.body(null,{status:204})});function dE(e){return`${e.slice(0,4)}-${e.slice(4,6)}-${e.slice(6,8)}`}function Iw(e){return e.toISOString().split("T")[0]}function NQ(e,t,n){const i=new Map(e.map(c=>[c.date,c])),r=[],o=new Date(`${t}T00:00:00.000Z`),a=new Date(`${n}T00:00:00.000Z`);for(let c=o;c<=a;c.setUTCDate(c.getUTCDate()+1)){const l=Iw(c),d=i.get(l);if(d)r.push(d);else{const u=`${l}T00:00:00.000Z`;r.push({date:l,logins:0,signups:0,leaked_passwords:0,created_at:u,updated_at:u})}}return r}const PQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["stats"],method:"get",path:"/daily",request:{query:s.z.object({from:s.z.string().optional().openapi({description:"Optional first day of the date range (inclusive) in YYYYMMDD format",example:"20251120"}),to:s.z.string().optional().openapi({description:"Optional last day of the date range (inclusive) in YYYYMMDD format",example:"20251219"})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats"]}],responses:{200:{content:{"application/json":{schema:s.z.array(gx)}},description:"Daily statistics including logins, signups, and leaked passwords"}}}),async e=>{const{from:t,to:n}=e.req.valid("query");if(!e.env.data.stats)throw new N(501,{message:"Stats adapter not configured"});const i=new Date,r=new Date(i);r.setUTCDate(r.getUTCDate()-30);const o=t?dE(t):Iw(r),a=n?dE(n):Iw(i),c=await e.env.data.stats.getDaily(e.var.tenant_id,{from:o,to:a});return e.json(NQ(c,o,a))}).openapi(s.createRoute({tags:["stats"],method:"get",path:"/active-users",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats"]}],responses:{200:{content:{"application/json":{schema:s.z.number().openapi({description:"Number of active users in the last 30 days",example:1234})}},description:"Number of active users in the last 30 days"}}}),async e=>{if(!e.env.data.stats)throw new N(501,{message:"Stats adapter not configured"});const t=await e.env.data.stats.getActiveUsers(e.var.tenant_id);return e.json(t)}),FQ={"active-users":["time","connection","client_id","user_type"],logins:["time","connection","client_id","user_type","event"],signups:["time","connection","client_id","user_type","event"],"refresh-tokens":["time","client_id","event"],sessions:["time","client_id"]},uE=["hour","day","week","month"],pE=["password","social","passwordless","enterprise"],OQ={"active-users":"active_users",logins:"logins",signups:"signups","refresh-tokens":"refresh_tokens",sessions:"sessions"},RQ=1e4,jQ=1e3,fE=5e4,DQ=720*60*60*1e3;class ri extends Error{constructor(t,n){super(n),this.param=t,this.detail=n}param;detail}function hE(e,t){const n=new Date(e);if(Number.isNaN(n.getTime()))throw new ri(t,`'${t}' must be an ISO 8601 datetime`);return n.toISOString()}function gE(e,t,n,{min:i,max:r}){if(e===void 0)return n;const o=Number.parseInt(e,10);if(!Number.isFinite(o)||String(o)!==e)throw new ri(t,`'${t}' must be an integer`);if(o<i||o>r)throw new ri(t,`'${t}' must be between ${i} and ${r}`);return o}function LQ(e,t,n){const i=new Date,r=new Date(i.getTime()-720*60*60*1e3),o=t("from"),a=t("to"),c=o?hE(o,"from"):r.toISOString(),l=a?hE(a,"to"):i.toISOString(),d=new Date(c).getTime(),u=new Date(l).getTime();if(u<=d)throw new ri("to","'to' must be after 'from'");const p=t("interval");let f="day";if(p){if(!uE.includes(p))throw new ri("interval",`'interval' must be one of: ${uE.join(", ")}`);f=p}if(f==="hour"&&u-d>DQ)throw new ri("interval","interval=hour is only allowed for ranges of 30 days or less");const h=t("tz")||"UTC",m=(t("group_by")||"").split(",").map(C=>C.trim()).filter(Boolean),_=new Set(FQ[e]);for(const C of m)if(!_.has(C))throw new ri("group_by",`group_by value '${C}' is not valid for /analytics/${e}. Allowed: ${[..._].join(", ")}`);const w=n("user_type");for(const C of w)if(!pE.includes(C))throw new ri("user_type",`user_type value '${C}' is not valid. Allowed: ${pE.join(", ")}`);const y={connection:n("connection"),client_id:n("client_id"),user_type:w,user_id:n("user_id")},v=gE(t("limit"),"limit",jQ,{min:1,max:RQ}),A=gE(t("offset"),"offset",0,{min:0,max:1e6});if(m.length===0&&v>fE)throw new ri("limit",`ungrouped queries may not request more than ${fE} rows; add group_by or lower limit`);const b=t("order_by");let k;if(b){const $=b.startsWith("-")?b.slice(1):b,z=new Set([...m,OQ[e]]);if(!z.has($))throw new ri("order_by",`'order_by' column '${$}' is not selectable. Allowed: ${[...z].join(", ")}`);k=b}return{from:c,to:l,interval:f,tz:h,filters:y,group_by:m,limit:v,offset:A,order_by:k}}function BQ(e,t=Date.now()){const n=new Date(e).getTime(),i=t-3600*1e3,r=new Date(t);r.setUTCHours(0,0,0,0),r.setUTCDate(r.getUTCDate()-1);const o=t-1440*60*1e3;return n>=i?60:n>=o?300:n<r.getTime()?1440*60:3600}function MQ(e,t,n){const i={from:n.from,to:n.to,interval:n.interval,tz:n.tz,group_by:[...n.group_by].sort(),filters:{connection:[...n.filters.connection||[]].sort(),client_id:[...n.filters.client_id||[]].sort(),user_type:[...n.filters.user_type||[]].sort(),user_id:[...n.filters.user_id||[]].sort()},limit:n.limit,offset:n.offset,order_by:n.order_by||""};return`analytics:${e}:${t}:${JSON.stringify(i)}`}const UQ=s.z.object({from:s.z.string().datetime().optional().openapi({description:"Inclusive lower bound, ISO 8601 datetime"}),to:s.z.string().datetime().optional().openapi({description:"Exclusive upper bound, ISO 8601 datetime"}),interval:s.z.enum(["hour","day","week","month"]).optional().openapi({description:"Time bucket size for time-grouped queries"}),tz:s.z.string().optional().openapi({description:"IANA timezone, e.g. Europe/Madrid"}),group_by:s.z.string().optional().openapi({description:"Comma-separated dimensions, e.g. 'time,connection'"}),connection:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional().openapi({description:"Repeatable. Filter to one or more connection names."}),client_id:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional().openapi({description:"Repeatable. Filter to one or more client IDs."}),user_type:s.z.union([s.z.enum(["password","social","passwordless","enterprise"]),s.z.array(s.z.enum(["password","social","passwordless","enterprise"]))]).optional().openapi({description:"Repeatable."}),user_id:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional().openapi({description:"Repeatable."}),limit:s.z.string().optional().openapi({description:"Max 10000"}),offset:s.z.string().optional(),order_by:s.z.string().optional().openapi({description:"Column name, prefix with '-' for descending"})});function qQ(e={}){const t=e.cache,n=new s.OpenAPIHono;function i(a){return s.createRoute({tags:["analytics"],method:"get",path:`/${a}`,request:{query:UQ,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats"]}],responses:{200:{content:{"application/json":{schema:_x}},description:`${a} analytics`},400:{content:{"application/json":{schema:s.z.any()}},description:"Invalid request"}}})}const r=a=>async c=>{if(!c.env.data.analytics)throw new N(501,{message:"Analytics adapter not configured"});let l;try{l=LQ(a,f=>c.req.query(f)??void 0,f=>c.req.queries(f)??[])}catch(f){if(f instanceof ri)return c.json({type:"https://authhero.net/errors/invalid-parameter",title:"Invalid parameter",status:400,detail:f.detail,param:f.param},400);throw f}const d=c.var.tenant_id,u=t?MQ(d,a,l):null;if(t&&u){const f=await t.get(u);if(f!==null)return c.header("X-Cache","HIT"),c.json(f)}const p=await c.env.data.analytics.query(d,a,l);if(t&&u){const f=BQ(l.to);t.set(u,p,f).catch(()=>{}),c.header("X-Cache","MISS"),c.header("Cache-Control",`public, max-age=${f}`)}return c.json(p)},o=["active-users","logins","signups","refresh-tokens","sessions"];for(const a of o)n.openapi(i(a),r(a));return n}const Ap=["sms","otp","email","push-notification","webauthn-roaming","webauthn-platform","recovery-code","duo"];function Qm(e){return e.replace(/-/g,"_")}const $w=s.z.object({name:s.z.enum(Ap),enabled:s.z.boolean(),trial_expired:s.z.boolean().optional()}),HQ=s.z.array($w),VQ=s.z.object({enabled:s.z.boolean()}),Zm=s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"])}),Xm=s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}),KQ=s.z.object({message_type:s.z.enum(["sms","voice"])}),GQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:HQ}},description:"List of MFA factors"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.factors,i=Ap.map(r=>{const o=Qm(r);return{name:r,enabled:!!n?.[o],trial_expired:!1}});return e.json(i)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/sms/selected-provider",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:Zm}},description:"Selected SMS provider"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.sms_provider?.provider||"twilio";return e.json({provider:n})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/sms/selected-provider",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Zm}}}},security:[{Bearer:["update:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:Zm}},description:"Updated SMS provider selection"}}}),async e=>{const{provider:t}=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Tenant not found"});return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,sms_provider:{provider:t}}}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Set SMS Provider",targetType:"guardian",targetId:e.var.tenant_id}),e.json({provider:t})}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/sms/providers/twilio",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:Xm}},description:"Twilio provider configuration"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.twilio||{};return e.json({sid:n.sid,auth_token:n.auth_token?"********":void 0,from:n.from,messaging_service_sid:n.messaging_service_sid})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/sms/providers/twilio",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Xm}}}},security:[{Bearer:["update:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:Xm}},description:"Updated Twilio configuration"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Tenant not found"});const i=n.mfa?.twilio||{},r={...i,...t,auth_token:t.auth_token&&t.auth_token!=="********"?t.auth_token:i.auth_token};return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,twilio:r}}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Configure Twilio Provider",targetType:"guardian",targetId:e.var.tenant_id}),e.json({sid:r.sid,auth_token:r.auth_token?"********":void 0,from:r.from,messaging_service_sid:r.messaging_service_sid})}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/phone/message-types",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:s.z.array(KQ)}},description:"Available message types"}}}),async e=>{const t=[{message_type:"sms"}];return e.json(t)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/policies",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.string())}},description:"Current MFA policies"}}}),async e=>(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.policy==="always"?e.json(["all-applications"]):e.json([])).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/policies",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.array(s.z.string())}}}},security:[{Bearer:["update:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.string())}},description:"Updated MFA policies"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Tenant not found"});const i=t.includes("all-applications")?"always":"never";return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,policy:i}}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Set Guardian Policies",targetType:"guardian",targetId:e.var.tenant_id}),e.json(i==="always"?["all-applications"]:[])}).openapi(s.createRoute({tags:["guardian"],method:"post",path:"/enrollments/ticket",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({user_id:s.z.string(),send_mail:s.z.boolean().optional(),email:s.z.string().email().optional()})}}}},security:[{Bearer:["create:guardian_enrollment_tickets"]}],responses:{201:{content:{"application/json":{schema:s.z.object({ticket_id:s.z.string(),ticket_url:s.z.string()})}},description:"Enrollment ticket created"}}}),async e=>{const{user_id:t,email:n}=e.req.valid("json"),i=e.var.tenant_id,r=await e.env.data.tenants.get(i);if(!r)throw new N(404,{message:"Tenant not found"});if(!(r.mfa?.factors?.sms===!0||r.mfa?.factors?.otp===!0||r.mfa?.factors?.webauthn_roaming===!0||r.mfa?.factors?.webauthn_platform===!0))throw new N(400,{message:"At least one MFA factor (SMS, OTP, or WebAuthn) must be enabled before creating enrollment tickets."});const a=await e.env.data.users.get(i,t);if(!a)throw new N(404,{message:"User not found"});const{clients:c}=await e.env.data.clients.list(i);if(!c.length)throw new N(400,{message:"No clients configured for this tenant"});const l=c[0].client_id,d=7200*60*1e3,u=new Date(Date.now()+d).toISOString(),p=await e.env.data.loginSessions.create(i,{expires_at:u,authParams:{client_id:l,username:n||a.email},csrf_token:Fe(),user_id:t,state:be.AWAITING_MFA,state_data:JSON.stringify({guardian_enrollment:!0})}),f=Fe();await e.env.data.codes.create(i,{code_id:f,code_type:"ticket",login_id:p.id,user_id:t,expires_at:u});const h=Wt(e.env,e.var.custom_domain),g=new URL("u2/guardian/enroll",h);g.searchParams.append("ticket",f),e.var.custom_domain||g.searchParams.append("tenant_id",i);const m=g.toString();return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create Enrollment Ticket",targetType:"guardian",targetId:e.var.tenant_id}),e.json({ticket_id:f,ticket_url:m},201)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/{factor_name}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({factor_name:s.z.enum(Ap)})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:$w}},description:"MFA factor details"}}}),async e=>{const{factor_name:t}=e.req.valid("param"),i=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.factors,r=Qm(t);return e.json({name:t,enabled:!!i?.[r],trial_expired:!1})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/{factor_name}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({factor_name:s.z.enum(Ap)}),body:{content:{"application/json":{schema:VQ}}}},security:[{Bearer:["update:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:$w}},description:"Updated MFA factor"}}}),async e=>{const{factor_name:t}=e.req.valid("param"),{enabled:n}=e.req.valid("json"),i=Qm(t),r=await e.env.data.tenants.get(e.var.tenant_id);if(!r)throw new N(404,{message:"Tenant not found"});const o=r.mfa?.factors;return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...r.mfa,factors:{sms:o?.sms??!1,otp:o?.otp??!1,email:o?.email??!1,push_notification:o?.push_notification??!1,webauthn_roaming:o?.webauthn_roaming??!1,webauthn_platform:o?.webauthn_platform??!1,recovery_code:o?.recovery_code??!1,duo:o?.duo??!1,[i]:n}}}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Guardian Factor",targetType:"guardian",targetId:e.var.tenant_id}),e.json({name:t,enabled:n,trial_expired:!1})}),zw=s.z.object({id:s.z.string(),type:s.z.string(),confirmed:s.z.boolean(),phone_number:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),created_at:s.z.string()}),WQ=s.z.array(zw),JQ=s.z.object({type:s.z.enum(["phone","totp","email","push","webauthn-roaming","webauthn-platform","passkey"]),phone_number:s.z.string().optional(),totp_secret:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().int().nonnegative().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),confirmed:s.z.boolean().optional().default(!0)}).superRefine((e,t)=>{e.type==="phone"&&!e.phone_number&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"phone_number is required when type is 'phone'",path:["phone_number"]}),e.type==="totp"&&!e.totp_secret&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"totp_secret is required when type is 'totp'",path:["totp_secret"]}),["webauthn-roaming","webauthn-platform","passkey"].includes(e.type)&&(e.credential_id||t.addIssue({code:s.z.ZodIssueCode.custom,message:`credential_id is required when type is '${e.type}'`,path:["credential_id"]}),e.public_key||t.addIssue({code:s.z.ZodIssueCode.custom,message:`public_key is required when type is '${e.type}'`,path:["public_key"]}))}),YQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["users"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users"]}],responses:{200:{content:{"application/json":{schema:WQ}},description:"List of authentication methods for the user"}}}),async e=>{const t=e.req.param("user_id");if(!t)throw new N(400,{message:"user_id is required"});const i=(await e.env.data.authenticationMethods.list(e.var.tenant_id,t)).map(r=>({id:r.id,type:r.type,confirmed:r.confirmed,phone_number:r.phone_number,credential_id:r.credential_id,public_key:r.public_key,sign_count:r.sign_count,credential_backed_up:r.credential_backed_up,transports:r.transports,friendly_name:r.friendly_name,created_at:r.created_at}));return e.json(i)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:JQ}}}},security:[{Bearer:["update:users"]}],responses:{201:{content:{"application/json":{schema:zw}},description:"Created authentication method"}}}),async e=>{const t=e.req.param("user_id");if(!t)throw new N(400,{message:"user_id is required"});const n=e.req.valid("json"),i=await e.env.data.authenticationMethods.create(e.var.tenant_id,{user_id:t,type:n.type,phone_number:n.phone_number,totp_secret:n.totp_secret,credential_id:n.credential_id,public_key:n.public_key,sign_count:n.sign_count,credential_backed_up:n.credential_backed_up,transports:n.transports,friendly_name:n.friendly_name,confirmed:n.confirmed??!0});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create Authentication Method",targetType:"authentication_method",targetId:i.id}),e.json({id:i.id,type:i.type,confirmed:i.confirmed,phone_number:i.phone_number,credential_id:i.credential_id,public_key:i.public_key,sign_count:i.sign_count,credential_backed_up:i.credential_backed_up,transports:i.transports,friendly_name:i.friendly_name,created_at:i.created_at},201)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{method_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({method_id:s.z.string()})},security:[{Bearer:["read:users"]}],responses:{200:{content:{"application/json":{schema:zw}},description:"Authentication method details"}}}),async e=>{const{method_id:t}=e.req.valid("param"),n=e.req.param("user_id"),i=await e.env.data.authenticationMethods.get(e.var.tenant_id,t);if(!i||i.user_id!==n)throw new N(404,{message:"Authentication method not found"});return e.json({id:i.id,type:i.type,confirmed:i.confirmed,phone_number:i.phone_number,credential_id:i.credential_id,public_key:i.public_key,sign_count:i.sign_count,credential_backed_up:i.credential_backed_up,transports:i.transports,friendly_name:i.friendly_name,created_at:i.created_at})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{method_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({method_id:s.z.string()})},security:[{Bearer:["update:users"]}],responses:{204:{description:"Authentication method deleted"}}}),async e=>{const{method_id:t}=e.req.valid("param"),n=e.req.param("user_id"),i=await e.env.data.authenticationMethods.get(e.var.tenant_id,t);if(!i||i.user_id!==n)throw new N(404,{message:"Authentication method not found"});if(!await e.env.data.authenticationMethods.remove(e.var.tenant_id,t))throw new N(404,{message:"Authentication method not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete Authentication Method",targetType:"authentication_method",targetId:t}),e.body(null,204)}),mE=432e3,QQ=s.z.object({user_id:s.z.string(),result_url:s.z.string().url().optional(),ttl_sec:s.z.number().int().positive().max(2592e3).optional(),client_id:s.z.string().optional(),organization_id:s.z.string().optional(),identity:s.z.object({user_id:s.z.string().optional(),provider:s.z.string().optional()}).optional(),includeEmailInRedirect:s.z.boolean().optional()}),ZQ=s.z.object({user_id:s.z.string().optional(),email:s.z.string().email().optional(),connection_id:s.z.string().optional(),result_url:s.z.string().url().optional(),ttl_sec:s.z.number().int().positive().max(2592e3).optional(),client_id:s.z.string().optional(),organization_id:s.z.string().optional(),mark_email_as_verified:s.z.boolean().optional(),includeEmailInRedirect:s.z.boolean().optional(),new_password:s.z.string().optional()}),yE=s.z.object({ticket:s.z.string().openapi({description:"A URL representing the ticket. Single-use, time-limited."})}),XQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["tickets"],method:"post",path:"/email-verification",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:QQ}}}},security:[{Bearer:["create:user_tickets"]}],responses:{201:{description:"Email verification ticket created",content:{"application/json":{schema:yE}}}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.users.get(t,n.user_id);if(!i)throw new N(404,{message:"User not found"});const r=Fe(),o=n.ttl_sec??mE,a=new Date(Date.now()+o*1e3).toISOString();await e.env.data.codes.create(t,{code_id:r,code_type:"ticket",login_id:r,user_id:i.user_id,expires_at:a,redirect_uri:n.result_url,state:JSON.stringify({purpose:"email_verification",client_id:n.client_id,organization_id:n.organization_id,result_url:n.result_url,includeEmailInRedirect:n.includeEmailInRedirect})});const c=Wt(e.env,e.var.custom_domain),l=new URL("u2/tickets/email-verification",c);return l.searchParams.set("ticket",r),e.var.custom_domain||l.searchParams.set("tenant_id",t),await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Create Email Verification Ticket",targetType:"ticket",targetId:r,userId:i.user_id}),e.json({ticket:l.toString()},{status:201})}).openapi(s.createRoute({tags:["tickets"],method:"post",path:"/password-change",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:ZQ}}}},security:[{Bearer:["create:user_tickets"]}],responses:{201:{description:"Password change ticket created",content:{"application/json":{schema:yE}}}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json");let i=n.user_id;if(!i){if(!n.email)throw new N(400,{message:"user_id or email is required"});let d;if(n.connection_id){const h=await e.env.data.connections.get(t,n.connection_id);if(!h)throw new N(404,{message:`Connection not found (connection_id=${n.connection_id})`});d=h.name}const u=d?`email:${n.email.toLowerCase()} connection:${d}`:`email:${n.email.toLowerCase()}`,{users:p}=await e.env.data.users.list(t,{q:u,per_page:1}),f=p[0];if(!f)throw new N(404,{message:"User not found"});i=f.user_id}const r=Fe(),o=n.ttl_sec??mE,a=new Date(Date.now()+o*1e3).toISOString();await e.env.data.codes.create(t,{code_id:r,code_type:"ticket",login_id:r,user_id:i,expires_at:a,redirect_uri:n.result_url,state:JSON.stringify({purpose:"password_change",client_id:n.client_id,organization_id:n.organization_id,connection_id:n.connection_id,result_url:n.result_url,mark_email_as_verified:n.mark_email_as_verified})});const c=Wt(e.env,e.var.custom_domain),l=new URL("u2/tickets/password-change",c);return l.searchParams.set("ticket",r),e.var.custom_domain||l.searchParams.set("tenant_id",t),await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Create Password Change Ticket",targetType:"ticket",targetId:r,userId:i}),e.json({ticket:l.toString()},{status:201})}),eZ=50,tZ=1e3,nZ=3e5,W8=5,iZ=7,J8=3e4;async function fh(e,t,n){console.warn(`Outbox event ${t} dead-lettering: ${n}`);try{await e.deadLetter(t,n)}catch{}}function Y8(e){const t=Math.min(tZ*Math.pow(2,e),nZ);return new Date(Date.now()+t).toISOString()}async function rZ(e,t,n,i){if(t.length===0)return;const r=i?.maxRetries??W8,o=crypto.randomUUID(),a=await e.claimEvents(t,o,J8);if(a.length===0)return;const c=await e.getByIds(a);if(c.length===0)return;const l=[];for(const d of c){if(d.retry_count>=r){await fh(e,d.id,d.error||`Exceeded max retries (${r})`);continue}let u=!0,p=!1;for(const f of n)if(!(f.accepts&&!f.accepts(d))){p=!0;try{const h=f.transform(d);await f.deliver([h])}catch(h){u=!1;const g=h instanceof Error?h.message:String(h);try{await e.markRetry(d.id,`${f.name}: ${g}`,Y8(d.retry_count))}catch{}break}}if(!p){await fh(e,d.id,`No destination accepts event_type=${d.event_type}`);continue}u&&l.push(d.id)}if(l.length>0)try{await e.markProcessed(l)}catch{}}async function Q8(e,t,n){const i=n?.batchSize??eZ,r=n?.maxRetries??W8,o=n?.retentionDays??iZ,a=await e.getUnprocessed(i);if(a.length===0)return;const c=crypto.randomUUID(),l=a.map(h=>h.id),d=new Set(await e.claimEvents(l,c,J8)),u=a.filter(h=>d.has(h.id));if(u.length===0)return;const p=[],f=[];for(const h of u){if(h.retry_count>=r){await fh(e,h.id,h.error||`Exceeded max retries (${r})`);continue}let g=!0,m=!1;for(const _ of t)if(!(_.accepts&&!_.accepts(h))){m=!0;try{const w=_.transform(h);await _.deliver([w])}catch(w){g=!1;const y=w instanceof Error?w.message:String(w);try{await e.markRetry(h.id,`${_.name}: ${y}`,Y8(h.retry_count))}catch{}break}}if(!m){await fh(e,h.id,`No destination accepts event_type=${h.event_type}`);continue}g?p.push(h.id):f.push(h.id)}if(p.length>0)try{await e.markProcessed(p)}catch{}try{const h=new Date(Date.now()-o*24*60*60*1e3).toISOString();await e.cleanup(h)}catch{}}function vu(e){return async(t,n)=>{t.set("outboxEventPromises",[]),t.set("backgroundPromises",[]);let i;try{await n()}catch(r){i=r}finally{const r=t.var.outboxEventPromises??[];let o=[];if(r.length>0){const a=await Promise.allSettled(r);for(const c of a)c.status==="fulfilled"?o.push(c.value):console.error("Outbox event creation failed",c.reason)}if(o.length>0){const a=e.getOutbox(t);a&&xh(t,rZ(a,o,e.getDestinations(t),{maxRetries:t.env.outbox?.maxRetries}))}typeof process<"u"&&process.env?.NODE_ENV==="test"&&await $R(t)}if(i)throw i}}function oZ(e){return{log_id:e.id,type:e.log_type,date:e.timestamp,description:e.description||"",ip:e.request.ip,user_agent:e.request.user_agent||"",user_id:e.actor.id||"",user_name:e.actor.email||"",client_id:e.actor.client_id,client_name:"",connection:e.connection,strategy:e.strategy,strategy_type:e.strategy_type,audience:e.audience||"",scope:e.scope||e.actor.scopes?.join(" "),hostname:e.hostname,auth0_client:e.auth0_client,isMobile:e.is_mobile||!1,location_info:e.location,details:{request:{method:e.request.method,path:e.request.path,qs:e.request.query,body:e.request.body},...e.response&&{response:{statusCode:e.response.status_code,body:e.response.body}}}}}class Os{name="logs";logs;constructor(t){this.logs=t}accepts(t){return!t.event_type.startsWith("hook.")}transform(t){return{tenantId:t.tenant_id,log:oZ(t)}}async deliver(t){for(const{tenantId:n,log:i}of t)try{await this.logs.create(n,i)}catch(r){const o=r instanceof Error?r.message:String(r);if(o.includes("UNIQUE constraint failed")||o.includes("Duplicate entry"))continue;throw r}}}const sZ=1e4;function aZ(e){return{log_id:e.id,description:e.description,data:{date:e.timestamp,type:e.log_type,description:e.description,tenant_name:e.tenant_id,ip:e.request.ip,user_agent:e.request.user_agent,user_id:e.actor.id,user_name:e.actor.email,client_id:e.actor.client_id,connection:e.connection,strategy:e.strategy,strategy_type:e.strategy_type,audience:e.audience,scope:e.scope||e.actor.scopes?.join(" "),hostname:e.hostname,auth0_client:e.auth0_client,location_info:e.location,details:{request:{method:e.request.method,path:e.request.path,qs:e.request.query,body:e.request.body},...e.response&&{response:{statusCode:e.response.status_code,body:e.response.body}}}}}}function cZ(e,t){return!e.filters||e.filters.length===0?!0:e.filters.some(n=>n.name===t)}function lZ(e,t){switch(e){case"JSONOBJECT":return JSON.stringify(t);case"JSONLINES":return JSON.stringify(t)+`
351
- `;default:return JSON.stringify([t])}}class Dc{name="log-streams";logStreams;timeoutMs;constructor(t,n){this.logStreams=t,this.timeoutMs=n?.timeoutMs??sZ}accepts(t){return!t.event_type.startsWith("hook.")}transform(t){return{tenantId:t.tenant_id,logType:t.log_type,payload:aZ(t)}}async deliver(t){for(const{tenantId:n,logType:i,payload:r}of t){const a=(await this.logStreams.list(n)).filter(c=>c.type==="http"&&c.status==="active");if(a.length!==0)for(const c of a)cZ(c,i)&&await this.deliverToStream(c,r)}}async deliverToStream(t,n){const i=t.sink;if(!i.http_endpoint)throw new Error(`Log stream ${t.id} is missing sink.http_endpoint`);const r={"Content-Type":i.http_content_type||"application/json"};if(i.http_authorization&&(r.Authorization=i.http_authorization),Array.isArray(i.http_custom_headers))for(const l of i.http_custom_headers)l&&typeof l.header=="string"&&typeof l.value=="string"&&(r[l.header]=l.value);const o=lZ(i.http_content_format,n),a=new AbortController,c=setTimeout(()=>a.abort(),this.timeoutMs);try{const l=await fetch(i.http_endpoint,{method:"POST",headers:r,body:o,signal:a.signal});if(!l.ok){const d=await l.text().catch(()=>"");throw new Error(`Log stream ${t.id} returned ${l.status}: ${d.slice(0,256)}`)}}finally{clearTimeout(c)}}}const _E="hook.",dZ=1e4,wE="webhook";class Lc{name="webhooks";hooks;getServiceToken;timeoutMs;webhookInvoker;constructor(t,n,i={}){this.hooks=t,this.getServiceToken=n,this.timeoutMs=i.timeoutMs??dZ,this.webhookInvoker=i.webhookInvoker}accepts(t){return t.event_type.startsWith(_E)}transform(t){const n=t.event_type.slice(_E.length);return{eventId:t.id,tenantId:t.tenant_id,triggerId:n,payload:{tenant_id:t.tenant_id,trigger_id:n,user:t.target?.after,request:t.request}}}async deliver(t){for(const n of t){const{hooks:i}=await this.hooks.list(n.tenantId),r=i.filter(o=>o.enabled&&o.trigger_id===n.triggerId&&"url"in o);if(r.length!==0)for(const o of r)this.webhookInvoker?await this.invokeCustom(o,n):await this.invokeDefault(o,n)}}async invokeCustom(t,n){const i=this.webhookInvoker,r=(c=wE)=>this.getServiceToken(n.tenantId,c),o=new Promise((c,l)=>{setTimeout(()=>l(new Error(`Webhook ${t.hook_id} (${n.triggerId}) timed out after ${this.timeoutMs}ms`)),this.timeoutMs)}),a=await Promise.race([i({hook:t,data:n.payload,tenant_id:n.tenantId,idempotency_key:n.eventId,createServiceToken:r}),o]);if(!a.ok){const c=await a.text().catch(()=>"");throw new Error(`Webhook ${t.hook_id} (${n.triggerId}) returned ${a.status}: ${c.slice(0,256)}`)}}async invokeDefault(t,n){const i=await this.getServiceToken(n.tenantId,wE),r=new AbortController,o=setTimeout(()=>r.abort(),this.timeoutMs);try{const a=await fetch(t.url,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${i}`,"Idempotency-Key":n.eventId},body:JSON.stringify(n.payload),signal:r.signal});if(!a.ok){const c=await a.text().catch(()=>"");throw new Error(`Webhook ${t.hook_id} (${n.triggerId}) returned ${a.status}: ${c.slice(0,256)}`)}}finally{clearTimeout(o)}}}const uZ="hook.post-user-registration";class Bc{name="registration-finalizer";users;constructor(t){this.users=t}accepts(t){return t.event_type===uZ}transform(t){return{tenantId:t.tenant_id,userId:t.target?.id??"",timestamp:new Date().toISOString()}}async deliver(t){for(const{tenantId:n,userId:i,timestamp:r}of t)i&&await this.users.update(n,i,{registration_completed_at:r})}}function pZ(e){const t=new s.OpenAPIHono,n=e.managementDataAdapter??e.dataAdapter;t.use(Fc(e)),t.use(async(c,l)=>{const d=c.req.header("origin"),u=p=>{c.res.headers.set("Access-Control-Allow-Origin",p),c.res.headers.set("Access-Control-Allow-Headers","Tenant-Id, Content-Type, Content-Range, Auth0-Client, Authorization, Range, Upgrade-Insecure-Requests"),c.res.headers.set("Access-Control-Allow-Methods","POST, PUT, GET, DELETE, PATCH, OPTIONS"),c.res.headers.set("Access-Control-Expose-Headers","Content-Length, Content-Range"),c.res.headers.set("Access-Control-Max-Age","600"),c.res.headers.set("Access-Control-Allow-Credentials","true"),c.res.headers.append("Vary","Origin")};if(c.req.method==="OPTIONS"){const p=new Response(null,{status:204});if(d){const f=g=>{p.headers.set("Access-Control-Allow-Origin",g),p.headers.set("Access-Control-Allow-Headers","Tenant-Id, Content-Type, Content-Range, Auth0-Client, Authorization, Range, Upgrade-Insecure-Requests"),p.headers.set("Access-Control-Allow-Methods","POST, PUT, GET, DELETE, PATCH, OPTIONS"),p.headers.set("Access-Control-Expose-Headers","Content-Length, Content-Range"),p.headers.set("Access-Control-Max-Age","600"),p.headers.set("Access-Control-Allow-Credentials","true"),p.headers.append("Vary","Origin")};if(e.allowedOrigins?.includes(d))return f(d),p;const h=c.req.header("tenant-id");if(h&&(await n.clients.list(h,{})).clients.flatMap(_=>_.web_origins||[]).includes(d))return f(d),p}return p.headers.append("Vary","Origin"),p}if(await l(),c.res.headers.append("Vary","Origin"),d){if(e.allowedOrigins?.includes(d)){u(d);return}const p=c.var.tenant_id||c.req.header("tenant-id");p&&(await n.clients.list(p,{})).clients.flatMap(g=>g.web_origins||[]).includes(d)&&u(d)}}),t.onError((c,l)=>{if(!(c instanceof N))throw c;const d=c.status;if(d<400||d>=500)throw c;const u=c.getResponse();if(u.headers.get("content-type")?.includes("application/json"))return u;const p={400:"Bad Request",401:"Unauthorized",403:"Forbidden",404:"Not Found",405:"Method Not Allowed",409:"Conflict",422:"Unprocessable Entity",429:"Too Many Requests"};return l.json({statusCode:d,error:p[d]??"Error",message:c.message||p[d]||"Error"},d)}),t.use(async(c,l)=>{if(await l(),c.res.status!==400||!c.res.headers.get("content-type")?.includes("application/json"))return;let d;try{d=await c.res.clone().json()}catch{return}if(typeof d!="object"||d===null||!("success"in d)||d.success!==!1||!("error"in d)||typeof d.error!="object"||d.error===null||!("name"in d.error)||d.error.name!=="ZodError")return;const u="issues"in d.error&&Array.isArray(d.error.issues)?d.error.issues:[],p=u.length?`Payload validation error: ${u.map(f=>{const h=Array.isArray(f.path)?f.path:[];return`'${h.length?h.join("."):"root"}': ${f.message??"invalid"}`}).join("; ")}`:"Payload validation error";c.res=new Response(JSON.stringify({statusCode:400,error:"Bad Request",message:p,errorCode:"invalid_body"}),{status:400,headers:{"content-type":"application/json"}})}),b1(t);const i=e.dataAdapter.cache||jc({defaultTtlSeconds:0,maxEntries:100,cleanupIntervalMs:0}),r=(c,l)=>{const d=hu(c,l),u=wu(d,{defaultTtl:0,cacheEntities:["tenants","connections","clients","branding","themes","promptSettings","customText","forms","hooks"],cache:i});return _u(c,u)};t.use(vu({getOutbox:()=>n.outbox,getDestinations:c=>[new Os(n.logs),...n.logStreams?[new Dc(n.logStreams)]:[],new Lc(n.hooks,async l=>(await Fs(c,l,"webhook")).access_token),new Bc(n.users)]})),t.use(async(c,l)=>{c.env.data=r(c,n),c.env.entityHooks=e.entityHooks,await l()}),t.use(Rc).use(Oc).use(qg(t)).use(async(c,l)=>(e.entityHooks&&c.var.tenant_id&&(c.env.data=q8(c.env.data,{tenantId:c.var.tenant_id,entityHooks:e.entityHooks})),l()));const o=new Set(e.managementApiExtensions?.map(c=>c.path)||[]),a=t.route("/actions/actions",MR).route("/actions/executions",HR).route("/actions/triggers",ij).route("/branding",_9).route("/custom-domains",KY).route("/email/providers",lE).route("/emails/provider",lE).route("/email-templates",qY).route("/users",c7).route("/keys",xB).route("/users-by-email",IB).route("/clients",NB).route("/client-grants",hQ).route("/client-registration-tokens",AQ).route("/logs",OB).route("/log-streams",GY).route("/migration-sources",JY).route("/attack-protection",YY).route("/failed-events",DB).route("/hooks",BB).route("/hook-code",MB).route("/connections",_Y).route("/prompts",wY).route("/sessions",HY).route("/refresh_tokens",VY).route("/forms",rQ).route("/flows",sQ).route("/roles",lQ).route("/resource-servers",uQ).route("/organizations",zQ).route("/stats",PQ).route("/analytics",qQ({cache:i})).route("/guardian",GQ).route("/tickets",XQ).route("/users/:user_id/authentication-methods",YQ);if(o.has("/tenants")||a.route("/tenants",PB),e.managementApiExtensions)for(const c of e.managementApiExtensions)a.route(c.path,c.router);return a.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management API"},servers:[{url:"/api/v2",description:"API V2"}],security:[{oauth2:["openid","email","profile"]}]}),a}var Z8=e=>{const t={origin:"*",allowMethods:["GET","HEAD","PUT","POST","DELETE","PATCH"],allowHeaders:[],exposeHeaders:[],...e},n=(r=>typeof r=="string"?r==="*"?t.credentials?o=>o||null:()=>r:o=>r===o?o:null:typeof r=="function"?r:o=>r.includes(o)?o:null)(t.origin),i=(r=>typeof r=="function"?r:Array.isArray(r)?()=>r:()=>[])(t.allowMethods);return async function(o,a){function c(d,u){o.res.headers.set(d,u)}const l=await n(o.req.header("origin")||"",o);if(l&&c("Access-Control-Allow-Origin",l),t.credentials&&c("Access-Control-Allow-Credentials","true"),t.exposeHeaders?.length&&c("Access-Control-Expose-Headers",t.exposeHeaders.join(",")),o.req.method==="OPTIONS"){(t.origin!=="*"||t.credentials)&&c("Vary","Origin"),t.maxAge!=null&&c("Access-Control-Max-Age",t.maxAge.toString());const d=await i(o.req.header("origin")||"",o);d.length&&c("Access-Control-Allow-Methods",d.join(","));let u=t.allowHeaders;if(!u?.length){const p=o.req.header("Access-Control-Request-Headers");p&&(u=p.split(/\s*,\s*/))}return u?.length&&(c("Access-Control-Allow-Headers",u.join(",")),o.res.headers.append("Vary","Access-Control-Request-Headers")),o.res.headers.delete("Content-Length"),o.res.headers.delete("Content-Type"),new Response(null,{headers:o.res.headers,status:204,statusText:"No Content"})}await a(),(t.origin!=="*"||t.credentials)&&o.header("Vary","Origin",{append:!0})}};function sn(e,t){const n=e.var.tenant_id;if(!n){e.set("tenant_id",t);return}if(n!==t)throw new N(403,{message:"Tenant mismatch"})}const X8="try_connection_result";function eN(e){if(!e)return{};try{const t=JSON.parse(e);return typeof t=="object"&&t!==null?t:{}}catch{return{}}}async function e0(e,t,n,i){const r={...eN(n.state_data),[X8]:i};await e.env.data.loginSessions.update(t,n.id,{state_data:JSON.stringify(r)});const o=n.authParams.redirect_uri;if(!o)return new Response(JSON.stringify(i,null,2),{status:i.status==="success"?200:400,headers:{"content-type":"application/json"}});const a=new URL(o);return a.searchParams.set("state",n.id),new Response(null,{status:302,headers:{location:a.href}})}function fZ(e){return eN(e.state_data)[X8]??null}async function hh(e,t,n,i){if(!i.state)throw new H(400,{message:"State not found"});const r=t.connections.find(l=>l.name===n);if(!r)throw e.set("client_id",t.client_id),await D(e,t.tenant.id,{type:T.FAILED_LOGIN,description:"Connection not found"}),new H(403,{message:"Connection Not Found"});let o=await e.env.data.loginSessions.get(t.tenant.id,i.state);if(!o){const l=e.get("ip"),d=e.get("useragent"),u=e.get("auth0_client");o=await e.env.data.loginSessions.create(t.tenant.id,{expires_at:new Date(Date.now()+Di*1e3).toISOString(),authParams:i,csrf_token:Fe(),ip:l,useragent:d,auth0Client:Bi(u)})}const c=await q$(e,r.strategy).getRedirect(e,r,i.username);return await e.env.data.codes.create(t.tenant.id,{login_id:o.id,code_id:c.code,code_type:"oauth2_state",connection_id:r.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+HB*1e3).toISOString()}),new Response(null,{status:302,headers:{location:c.redirectUrl}})}async function hZ(e,{code:t,state:n}){const{env:i}=e,r=await i.data.codes.get(e.var.tenant_id||"",n,"oauth2_state");if(!r||!r.connection_id)throw new H(403,{message:"State not found"});const o=await i.data.loginSessions.get(e.var.tenant_id||"",r.login_id);if(!o)throw new H(403,{message:"Session not found"});const a=await Je(i,o.authParams.client_id);e.set("client_id",a.client_id),sn(e,a.tenant.id);const c=WB(a.client_id),l=r.connection_id,d=a.connections.find(v=>v.id===l);if(!d){if(await D(e,a.tenant.id,{type:T.FAILED_LOGIN,description:"Connection not found"}),c)return e0(e,a.tenant.id,o,{status:"error",connection_id:l,error:"connection_not_found",error_description:"Connection not found",completed_at:new Date().toISOString()});throw new H(403,{message:"Connection not found"})}if(e.set("connection",d.name),!o.authParams.redirect_uri)throw await D(e,a.tenant.id,{type:T.FAILED_LOGIN,description:"Redirect URI not defined"}),new H(403,{message:"Redirect URI not defined"});const u=q$(e,d.strategy);if(c){const v=new Date().toISOString();try{const A=u.validateAuthorizationCodeAndGetUserWithRaw?await u.validateAuthorizationCodeAndGetUserWithRaw(e,d,t,r.code_verifier):{userinfo:await u.validateAuthorizationCodeAndGetUser(e,d,t,r.code_verifier),raw:null};return e.set("user_id",A.userinfo.sub),e0(e,a.tenant.id,o,{status:"success",connection_id:l,connection_name:d.name,strategy:d.strategy,userinfo:A.userinfo,raw:A.raw,completed_at:v})}catch(A){const b=A instanceof Error?A.message:"Strategy validation failed";return await D(e,a.tenant.id,{type:T.FAILED_LOGIN,description:`Try connection failed: ${b}`}),e0(e,a.tenant.id,o,{status:"error",connection_id:l,connection_name:d.name,strategy:d.strategy,error:"strategy_error",error_description:b,completed_at:v})}}const p=await u.validateAuthorizationCodeAndGetUser(e,d,t,r.code_verifier),{sub:f,...h}=p;e.set("user_id",f);const g=p.email?.toLocaleLowerCase()||`${d.name}.${f}@${new URL(e.env.ISSUER).hostname}`;e.set("username",g);const m=H$.has(d.strategy),_=m?"enterprise":Gt.SOCIAL,w=!m,y=await qd(e,{client:a,username:g,provider:V$(d),connection:d.name,userId:f,profileData:h,isSocial:w,ip:e.var.ip,set_user_root_attributes:d.options.set_user_root_attributes});return eY(e,{client:a,loginSession:o,user:y,authConnection:d.name,authStrategy:{strategy:d.strategy,strategy_type:_}})}function Nw(e,t,n){const i=new URL("/u/error",Wt(e.env,e.var.custom_domain));return z8(i,{error:t,error_description:n}),e.redirect(i.toString())}async function t0(e,t,n,i,r,o){const a=await e.env.data.codes.get(e.var.tenant_id||"",t,"oauth2_state");if(!a)return Nw(e,"state_not_found");const c=await e.env.data.loginSessions.get(e.var.tenant_id,a.login_id);if(!c)return Nw(e,"session_not_found");const{redirect_uri:l}=c.authParams;if(!l)throw new N(400,{message:"Redirect uri not found"});o||D(e,e.var.tenant_id,{type:T.FAILED_LOGIN,description:`Failed connection login: ${r} ${n}, ${i}`});let d="/u",u="/login/identifier";if(c.authParams.client_id)try{const f=await Je(e.env,c.authParams.client_id,e.var.tenant_id);if(f?.client_metadata?.universal_login_version==="2"){d="/u2";const h=await e.env.data.promptSettings.get(e.var.tenant_id),g=Qo.parse(h||{}),m=f.connections.some(_=>_.strategy===Y.USERNAME_PASSWORD);g.identifier_first===!1&&m&&(u="/login")}}catch{}const p=new URL(`${d}${u}`,Wt(e.env,e.var.custom_domain));return z8(p,{state:c.id,error:n,error_description:i}),e.redirect(p.toString())}function gZ(e){if(e instanceof Error){if("code"in e&&"description"in e){const t=e;return t.description?`${t.code}: ${t.description}`:t.code}if("status"in e){const t=e;return`${e.message} (status: ${t.status})`}return e.message}return String(e)}async function vE(e,t){const{state:n,code:i,error:r,error_description:o,error_code:a}=t;if(r)return t0(e,n,r,o,a);if(!i)throw new N(400,{message:"Code is required"});try{const c=await hZ(e,{code:i,state:n});if(!(c instanceof Response))throw new N(500,{message:"Internal server error"});return c}catch(c){if(c instanceof H){if(c.status===403)return Nw(e,"state_not_found");if(c.status===400){const d=await e.env.data.codes.get(e.var.tenant_id||"",n,"oauth2_state");if(d&&await e.env.data.loginSessions.get(e.var.tenant_id,d.login_id)){let p="access_denied",f="access_denied";try{const h=JSON.parse(c.message);p=h.error_description||h.message||p,f=h.error||f}catch{p=c.message||p}return t0(e,n,f,p)}}}if(c instanceof N)throw c;const l=gZ(c);return D(e,e.var.tenant_id,{type:T.FAILED_LOGIN,description:`Connection callback failed: ${l}`}),t0(e,n,"connection_error","Connection failed",void 0,!0)}}const bE=s.z.object({state:s.z.string(),code:s.z.string().optional(),scope:s.z.string().optional(),hd:s.z.string().optional(),error:s.z.string().optional(),error_description:s.z.string().optional(),error_code:s.z.string().optional(),error_reason:s.z.string().optional()});function tN(e){return new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth2"],method:"get",path:"/",operationId:`${e.operationIdPrefix}Get`,deprecated:e.deprecated,request:{query:bE},responses:{302:{description:"Redirect to the client's redirect uri"},400:{description:"Bad Request",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},500:{description:"Internal Server Error",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>vE(t,t.req.valid("query"))).openapi(s.createRoute({tags:["oauth2"],method:"post",path:"/",operationId:`${e.operationIdPrefix}Post`,deprecated:e.deprecated,request:{body:{content:{"application/x-www-form-urlencoded":{schema:bE}}}},responses:{302:{description:"Redirect to the client's redirect uri"},400:{description:"Bad Request",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},500:{description:"Internal Server Error",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>vE(t,t.req.valid("form")))}const mZ=tN({operationIdPrefix:"callback",deprecated:!0}),yZ=tN({operationIdPrefix:"loginCallback"});function gh(e,t=[],n={}){try{const i=new URL(e);return t.some(r=>{try{return _Z(i,new URL(r),n)}catch{return!1}})}catch{return!1}}function _Z(e,t,n={}){if(e.protocol!==t.protocol)return!1;if(n.allowPathWildcards&&t.pathname.includes("*")){const i=t.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${i}$`).test(e.pathname))return!1}else if(e.pathname!==t.pathname)return!1;if(n.allowSubDomainWildcards&&t.hostname.startsWith("*.")&&t.hostname.split(".").length>2&&["http:","https:"].includes(t.protocol)){const i=t.hostname.split(".").slice(1).join(".");return e.hostname===i||e.hostname.endsWith("."+i)}return e.hostname===t.hostname}const wZ=new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:s.z.object({client_id:s.z.string(),returnTo:s.z.string().optional()}),header:s.z.object({cookie:s.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async e=>{const{client_id:t,returnTo:n}=e.req.valid("query");let i;try{i=await Je(e.env,t)}catch{return e.text("OK")}let r;try{r=await Je(e.env,"DEFAULT_CLIENT")}catch{}e.set("client_id",t),sn(e,i.tenant.id);const o=n||e.req.header("referer");if(!o)return e.text("OK");if(!gh(o,[...i.allowed_logout_urls||[],...r?.allowed_logout_urls||[]],{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw D(e,i.tenant.id,{type:T.FAILED_LOGOUT,description:"Invalid redirect uri"}),new N(400,{message:"Invalid redirect uri"});const a=e.req.header("cookie");if(a){const d=$r(i.tenant.id,a);if(d){const u=await e.env.data.sessions.get(i.tenant.id,d);if(u){const p=await e.env.data.users.get(i.tenant.id,u.user_id);p&&(e.set("user_id",p.user_id),e.set("connection",p.connection));const f=new Date().toISOString(),{revokedCount:h,committedEventId:g}=await e.env.data.transaction(async m=>{const _=u.login_session_id?await m.refreshTokens.revokeByLoginSession(i.tenant.id,u.login_session_id,f):0;await m.sessions.update(i.tenant.id,d,{revoked_at:f});const w=_>0?await Sx(e,m,i.tenant.id,{type:T.SUCCESS_REVOCATION,description:`Revoked ${_} refresh token(s)`}):void 0;return{revokedCount:_,committedEventId:w}});if(g){const m=e.var.outboxEventPromises??[];m.push(Promise.resolve(g)),e.set("outboxEventPromises",m)}else h>0&&D(e,i.tenant.id,{type:T.SUCCESS_REVOCATION,description:`Revoked ${h} refresh token(s)`})}}}D(e,i.tenant.id,{type:T.SUCCESS_LOGOUT,description:"User successfully logged out"});const c=new Headers;return e1(i.tenant.id,e.var.host).forEach(d=>{c.append("set-cookie",d)}),c.set("location",o),new Response("Redirecting",{status:302,headers:c})}),vZ=s.z.object({id_token_hint:s.z.string().optional(),client_id:s.z.string().optional(),post_logout_redirect_uri:s.z.string().optional(),state:s.z.string().optional(),logout_hint:s.z.string().optional(),ui_locales:s.z.string().optional()}),bZ=`<!DOCTYPE html>
350
+ ${p.message}`)}if(u){r.push(...c.actions),o=c;break}}return o?[o]:void 0}get events(){return Vs(this,"events",()=>{const{states:t}=this,n=new Set(this.ownEvents);if(t)for(const i of Object.keys(t)){const r=t[i];if(r.states)for(const o of r.events)n.add(`${o}`)}return Array.from(n)})}get ownEvents(){const t=Object.keys(Object.fromEntries(this.transitions)),n=new Set(t.filter(i=>this.transitions.get(i).some(r=>!(!r.target&&!r.actions.length&&!r.reenter))));return Array.from(n)}}const jJ="#";class f1{constructor(t,n){this.config=t,this.version=void 0,this.schemas=void 0,this.implementations=void 0,this.options=void 0,this.__xstatenode=!0,this.idMap=new Map,this.root=void 0,this.id=void 0,this.states=void 0,this.events=void 0,this.id=t.id||"(machine)",this.implementations={actors:n?.actors??{},actions:n?.actions??{},delays:n?.delays??{},guards:n?.guards??{}},this.version=this.config.version,this.schemas=this.config.schemas,this.options={maxIterations:1/0,...this.config.options},this.transition=this.transition.bind(this),this.getInitialSnapshot=this.getInitialSnapshot.bind(this),this.getPersistedSnapshot=this.getPersistedSnapshot.bind(this),this.restoreSnapshot=this.restoreSnapshot.bind(this),this.start=this.start.bind(this),this.root=new ih(t,{_key:this.id,_machine:this}),this.root._initialize(),sJ(this.root),this.states=this.root.states,this.events=this.root.events}provide(t){const{actions:n,guards:i,actors:r,delays:o}=this.implementations;return new f1(this.config,{actions:{...n,...t.actions},guards:{...i,...t.guards},actors:{...r,...t.actors},delays:{...o,...t.delays}})}resolveState(t){const n=kJ(this.root,t.value),i=eh(nh(this.root,n));return bp({_nodes:[...i],context:t.context||{},children:{},status:l1(i,this.root)?"done":t.status||"active",output:t.output,error:t.error,historyValue:t.historyValue},this)}transition(t,n,i){return Rm(t,n,i,[]).snapshot}microstep(t,n,i){return Rm(t,n,i,[]).microsteps.map(([r])=>r)}getTransitionData(t,n){return d1(this.root,t.value,t,n)||[]}_getPreInitialState(t,n,i){const{context:r}=this.config,o=bp({context:typeof r!="function"&&r?r:{},_nodes:[this.root],children:{},status:"active"},this);return typeof r=="function"?ac(o,n,t,[or(({spawn:c,event:l,self:d})=>r({spawn:c,input:l.input,self:d}))],i,void 0):o}getInitialSnapshot(t,n){const i=p8(n),r=[],o=this._getPreInitialState(t,i,r),[a]=mJ(this.root,o,t,i,r),{snapshot:c}=Rm(a,i,t,r);return c}start(t){Object.values(t.children).forEach(n=>{n.getSnapshot().status==="active"&&n.start()})}getStateNodeById(t){const n=i1(t),i=n.slice(1),r=Ug(n[0])?n[0].slice(jJ.length):n[0],o=this.idMap.get(r);if(!o)throw new Error(`Child state node '#${r}' does not exist on machine '${this.id}'`);return th(o,i)}get definition(){return this.root.definition}toJSON(){return this.definition}getPersistedSnapshot(t,n){return zJ(t,n)}restoreSnapshot(t,n){const i={},r=t.children;Object.keys(r).forEach(p=>{const f=r[p],h=f.snapshot,g=f.src,m=typeof g=="string"?r1(this,g):g;if(!m)return;const _=$d(m,{id:p,parent:n.self,syncSnapshot:f.syncSnapshot,snapshot:h,src:g,systemId:f.systemId});i[p]=_});function o(p,f){if(f instanceof ih)return f;try{return p.machine.getStateNodeById(f.id)}catch{}}function a(p,f){if(!f||typeof f!="object")return{};const h={};for(const g in f){const m=f[g];for(const _ of m){const w=o(p,_);w&&(h[g]??=[],h[g].push(w))}}return h}const c=a(this.root,t.historyValue),l=bp({...t,children:i,_nodes:Array.from(eh(nh(this.root,t.value))),historyValue:c},this),d=new Set;function u(p,f){if(!d.has(p)){d.add(p);for(const h in p){const g=p[h];if(g&&typeof g=="object"){if("xstate$$type"in g&&g.xstate$$type===o1){p[h]=f[g.id];continue}u(g,f)}}}}return u(l.context,i),l}}function DJ(e,t,n,i,{event:r}){const o=typeof r=="function"?r(n,i):r;return[t,{event:o},void 0]}function LJ(e,{event:t}){e.defer(()=>e.emit(t))}function x8(e){function t(n,i){}return t.type="xstate.emit",t.event=e,t.resolve=DJ,t.execute=LJ,t}let Cw=(function(e){return e.Parent="#_parent",e.Internal="#_internal",e})({});function BJ(e,t,n,i,{to:r,event:o,id:a,delay:c},l){const d=t.machine.implementations.delays;if(typeof o=="string")throw new Error(`Only event objects may be used with sendTo; use sendTo({ type: "${o}" }) instead`);const u=typeof o=="function"?o(n,i):o;let p;if(typeof c=="string"){const g=d&&d[c];p=typeof g=="function"?g(n,i):g}else p=typeof c=="function"?c(n,i):c;const f=typeof r=="function"?r(n,i):r;let h;if(typeof f=="string"){if(f===Cw.Parent?h=e.self._parent:f===Cw.Internal?h=e.self:f.startsWith("#_")?h=t.children[f.slice(2)]:h=l.deferredActorIds?.includes(f)?f:t.children[f],!h)throw new Error(`Unable to send event to actor '${f}' from machine '${t.machine.id}'.`)}else h=f||e.self;return[t,{to:h,targetId:typeof f=="string"?f:void 0,event:u,id:a,delay:p},void 0]}function MJ(e,t,n){typeof n.to=="string"&&(n.to=t.children[n.to])}function UJ(e,t){e.defer(()=>{const{to:n,event:i,delay:r,id:o}=t;if(typeof r=="number"){e.system.scheduler.schedule(e.self,n,i,r,o);return}e.system._relay(e.self,n,i.type===DW?u8(e.self.id,i.data):i)})}function h1(e,t,n){function i(r,o){}return i.type="xstate.sendTo",i.to=e,i.event=t,i.id=n?.id,i.delay=n?.delay,i.resolve=BJ,i.retryResolve=MJ,i.execute=UJ,i}function qJ(e,t){return h1(Cw.Parent,e,t)}function HJ(e,t,n,i,{collect:r}){const o=[],a=function(l){o.push(l)};return a.assign=(...c)=>{o.push(or(...c))},a.cancel=(...c)=>{o.push(s1(...c))},a.raise=(...c)=>{o.push(p1(...c))},a.sendTo=(...c)=>{o.push(h1(...c))},a.sendParent=(...c)=>{o.push(qJ(...c))},a.spawnChild=(...c)=>{o.push(a1(...c))},a.stopChild=(...c)=>{o.push(Mg(...c))},a.emit=(...c)=>{o.push(x8(...c))},r({context:n.context,event:n.event,enqueue:a,check:c=>gu(c,t.context,n.event,t),self:e.self,system:e.system},i),[t,void 0,o]}function VJ(e){function t(n,i){}return t.type="xstate.enqueueActions",t.collect=e,t.resolve=HJ,t}function KJ(e,t,n,i,{value:r,label:o}){return[t,{value:typeof r=="function"?r(n,i):r,label:o},void 0]}function GJ({logger:e},{value:t,label:n}){n?e(n,t):e(t)}function WJ(e=({context:n,event:i})=>({context:n,event:i}),t){function n(i,r){}return n.type="xstate.log",n.value=e,n.label=t,n.resolve=KJ,n.execute=GJ,n}function JJ(e,t){return new f1(e,t)}function YJ(e){const t=$d(e);return{self:t,defer:()=>{},id:"",logger:()=>{},sessionId:"",stopChild:()=>{},system:t.system,emit:()=>{},actionExecutor:()=>{}}}function I8({schemas:e,actors:t,actions:n,guards:i,delays:r}){return{assign:or,sendTo:h1,raise:p1,log:WJ,cancel:s1,stopChild:Mg,enqueueActions:VJ,emit:x8,spawnChild:a1,createStateConfig:o=>o,createAction:o=>o,createMachine:o=>JJ({...o,schemas:e},{actors:t,actions:n,guards:i,delays:r}),extend:o=>I8({schemas:e,actors:t,actions:{...n,...o.actions},guards:{...i,...o.guards},delays:{...r,...o.delays}})}}function QJ(e,t,n){const i=[],r=YJ(e);return r.actionExecutor=a=>{i.push(a)},[e.transition(t,n,r),i]}var Kn=(e=>(e.AUTHENTICATE="AUTHENTICATE",e.REQUIRE_EMAIL_VERIFICATION="REQUIRE_EMAIL_VERIFICATION",e.REQUIRE_MFA="REQUIRE_MFA",e.COMPLETE_MFA="COMPLETE_MFA",e.START_HOOK="START_HOOK",e.COMPLETE_HOOK="COMPLETE_HOOK",e.START_CONTINUATION="START_CONTINUATION",e.COMPLETE_CONTINUATION="COMPLETE_CONTINUATION",e.COMPLETE="COMPLETE",e.FAIL="FAIL",e.EXPIRE="EXPIRE",e))(Kn||{});const $8=I8({actions:{setUserId:or(({event:e})=>e.type==="AUTHENTICATE"?{userId:e.userId}:{}),setHookId:or(({event:e})=>e.type==="START_HOOK"?{hookId:e.hookId}:{}),clearHookId:or({hookId:void 0}),setContinuationScope:or(({event:e})=>e.type==="START_CONTINUATION"?{continuationScope:e.scope}:{}),clearContinuationScope:or({continuationScope:void 0}),setFailureReason:or(({event:e})=>e.type==="FAIL"?{failureReason:e.reason}:{})}}).createMachine({id:"loginSession",initial:"pending",context:{},states:{pending:{on:{AUTHENTICATE:{target:"authenticated",actions:"setUserId"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},authenticated:{on:{REQUIRE_EMAIL_VERIFICATION:{target:"awaiting_email_verification"},REQUIRE_MFA:{target:"awaiting_mfa"},START_HOOK:{target:"awaiting_hook",actions:"setHookId"},START_CONTINUATION:{target:"awaiting_continuation",actions:"setContinuationScope"},COMPLETE:{target:"completed"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_email_verification:{on:{COMPLETE:{target:"authenticated"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_mfa:{on:{COMPLETE_MFA:{target:"authenticated"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_hook:{on:{COMPLETE_HOOK:{target:"authenticated",actions:"clearHookId"},START_CONTINUATION:{target:"awaiting_continuation",actions:"setContinuationScope"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},awaiting_continuation:{on:{COMPLETE_CONTINUATION:{target:"authenticated",actions:"clearContinuationScope"},FAIL:{target:"failed",actions:"setFailureReason"},EXPIRE:{target:"expired"}}},completed:{type:"final"},failed:{type:"final"},expired:{type:"final"}}});function ZJ(e,t={}){return $8.resolveState({value:e,context:t})}function Ai(e,t,n={}){const i=ZJ(e,n),[r]=QJ($8,i,t),o={},a=r.context,c=n;return a.userId!==c.userId&&(o.userId=a.userId),a.hookId!==c.hookId&&(o.hookId=a.hookId),a.continuationScope!==c.continuationScope&&(o.continuationScope=a.continuationScope),a.failureReason!==c.failureReason&&(o.failureReason=a.failureReason),{state:r.value,context:o}}function z8(e,t){Object.keys(t).forEach(n=>{const i=t[n];i!=null&&i.length&&e.searchParams.set(n,i)})}function XJ(e){try{const t=typeof e=="string"?new URL(e):e;let n=`${t.protocol}//${t.host}${t.pathname}`;if(t.search){const i=Array.from(t.searchParams.keys()).map(r=>`${r}=[REDACTED]`).join("&");n+=`?${i}`}return t.hash&&(n+="#[REDACTED]"),n}catch{const n=(typeof e=="string"?e:e.toString()).match(/^([^?#]*)(\?[^#]*)?(#.*)?$/);if(!n)return"[invalid-url]";const[,i="",r,o]=n;let a=i;if(r){const c=r.substring(1).split("&").map(l=>{const[d]=l.split("=");return`${d}=[REDACTED]`}).join("&");a+=`?${c}`}return o&&(a+="#[REDACTED]"),a}}const Tw=["sub","iss","aud","exp","nbf","iat","jti"];function jm(e,t,n){return{accessToken:{setCustomClaim:(i,r)=>{if(Tw.includes(i))throw new Error(`Cannot overwrite reserved claim '${i}'`);t[i]=r}},idToken:{setCustomClaim:(i,r)=>{if(Tw.includes(i))throw new Error(`Cannot overwrite reserved claim '${i}'`);n&&(n[i]=r)}},access:{deny:i=>{throw new H(400,{message:`Access denied: ${i}`})}},token:{createServiceToken:async i=>(await Fs(e,e.var.tenant_id,i.scope,i.expiresInSeconds,i.customClaims)).access_token}}}async function cc(e,t){const{authParams:n,user:i,client:r,session_id:o,organization:a,permissions:c,impersonatingUser:l}=t;let d=t.auth_time;if(d===void 0&&o&&e.var.tenant_id){const O=await e.env.data.sessions.get(e.var.tenant_id,o);O?.authenticated_at&&(d=Math.floor(new Date(O.authenticated_at).getTime()/1e3))}const u=e.var.tenant_id,f=(await $b(e.env.data.keys,u??"",u?e.env.signingKeyMode:"control-plane",{purpose:"sign"}))[0];if(!f?.pkcs7||!f.cert)throw new H(500,{message:"No signing key available"});const h=M6(f.pkcs7),g=await q6(f.cert),m=Wt(e.env,e.var.custom_domain),_=n.audience??r.tenant.default_audience;if(!_)throw new H(400,{error:"invalid_request",error_description:"An audience must be specified in the request or configured as the tenant default_audience"});const w=n.claims?.userinfo?Object.keys(n.claims.userinfo):void 0,y={aud:_,scope:n.scope||"",sub:i?.user_id||n.client_id,iss:m,tenant_id:e.var.tenant_id,sid:o,act:l?{sub:l.user_id}:void 0,org_id:a?a.id:void 0,requested_userinfo_claims:w,org_name:a&&r.tenant.allow_organization_name_in_authentication_api?a.name.toLowerCase():void 0,permissions:c,...t.customClaims};if(t.customClaims){for(const O of Tw)if(O in t.customClaims)throw new Error(`Cannot overwrite reserved claim '${O}'`)}const v=n.scope?.split(" ")||[],A=v.includes("openid"),b=(n.response_type??"").trim()===Tn.ID_TOKEN,k=r.auth0_conformant!==!1||b,C=i&&A?{aud:n.client_id,sub:i.user_id,iss:m,sid:o,nonce:n.nonce,...d!==void 0?{auth_time:d}:{},...n.acr_values?{acr:n.acr_values.split(" ")[0]}:{},...k?a8(i,v):{},...n.claims?.id_token?vw(i,Object.keys(n.claims.id_token)):{},...b&&n.claims?.userinfo?vw(i,Object.keys(n.claims.userinfo)):{},act:l?{sub:l.user_id}:void 0,org_id:a?.id,org_name:a?.name.toLowerCase()}:void 0,$=t.loginSession?.auth_connection||t.authConnection||e.var.connection;let z;if($)try{const O=await e.env.data.connections.list(e.var.tenant_id,{page:0,per_page:100,include_totals:!1}),j=O.connections.find(B=>B.name===$)??O.connections.find(B=>B.name.toLowerCase()===$.toLowerCase());j&&(z={id:j.id||j.name,name:j.name,strategy:j.strategy||i?.provider||"auth0",metadata:j.options||{}})}catch(O){console.error("Error fetching connection info:",O)}e.env.hooks?.onExecuteCredentialsExchange&&await e.env.hooks.onExecuteCredentialsExchange({ctx:e,client:r,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req.method,url:e.req.url},scope:n.scope||"",grant_type:"",connection:z||($?{id:$,name:$,strategy:i?.provider||"auth0"}:void 0)},jm(e,y,C));{const{hooks:O}=await e.env.data.hooks.list(e.var.tenant_id,{q:"trigger_id:credentials-exchange",page:0,per_page:100,include_totals:!1}),j=O.filter(W=>W.enabled&&co(W)),B=jm(e,y,C);if(i){for(const W of j)if(co(W))try{await mW(e,W.template_id,i,B)}catch(ne){if(ne instanceof N)throw ne;console.warn(`[credentials-exchange] Failed to execute template hook: ${W.template_id}`,ne)}}const M=jm(e,y,C),V=await dW(e,O,{ctx:e,client:r,user:i,request:{ip:e.var.ip||"",user_agent:e.var.useragent||"",method:e.req?.method||"",url:e.req?.url||""},scope:n.scope||"",grant_type:"",connection:z||($?{id:$,name:$,strategy:i?.provider||"auth0"}:void 0)},M);V&&e.set("action_execution_id",V)}const P=l?3600:t.token_lifetime??86400,I={includeIssuedTimestamp:!0,expiresIn:new Hd(P,"s"),headers:{kid:f.kid}},F=await jy(g,h,y,I);if(C){const O=(n.response_type??"").split(" ");t.code&&O.includes("code")&&(C.c_hash=await OS(t.code,g)),O.includes("id_token")&&O.includes("token")&&(C.at_hash=await OS(F,g))}const R=C?await jy(g,h,C,I):void 0;return{access_token:F,refresh_token:t.refresh_token,id_token:R,token_type:"Bearer",expires_in:P}}async function rh(e,t){return{code:(await e.env.data.codes.create(t.client.tenant.id,{code_id:Fe(32),user_id:t.user.user_id,code_type:"authorization_code",login_id:t.login_id,expires_at:new Date(Date.now()+qB*1e3).toISOString(),code_challenge:t.authParams.code_challenge,code_challenge_method:t.authParams.code_challenge_method,redirect_uri:t.authParams.redirect_uri,state:t.authParams.state,nonce:t.authParams.nonce})).code_id,state:t.authParams.state}}function oh(e){if(e)return new Date(Date.now()+e*60*60*1e3).toISOString()}async function g1(e,t){const{client:n,scope:i,login_id:r}=t,o=t.audience??n.tenant.default_audience;if(!o)throw new H(400,{error:"invalid_request",error_description:"An audience must be specified in the request or configured as the tenant default_audience"});const a=oh(n.tenant.idle_session_lifetime),c=oh(n.tenant.session_lifetime),l=Zb(),{lookup:d,secret:u}=j6(),p=await Yf(u),f=n.refresh_token?.rotation_type==="rotating";return{row:await e.env.data.refreshTokens.create(n.tenant.id,{id:l,login_id:r,client_id:n.client_id,idle_expires_at:a,expires_at:c,user_id:t.user.user_id,device:{last_ip:e.var.ip,initial_ip:e.var.ip,last_user_agent:e.var.useragent||"",initial_user_agent:e.var.useragent||"",initial_asn:"",last_asn:""},resource_servers:[{audience:o,scopes:i}],rotating:f,token_lookup:d,token_hash:p,family_id:l}),wireToken:D6(d,u)}}async function tE(e,{user:t,client:n,loginSession:i}){const r=oh(n.tenant.idle_session_lifetime),o=oh(n.tenant.session_lifetime);return await e.env.data.sessions.create(n.tenant.id,{id:Zb(),user_id:t.user_id,login_session_id:i.id,idle_expires_at:r,expires_at:o,device:{last_ip:e.var.ip||"",initial_ip:e.var.ip||"",last_user_agent:e.var.useragent||"",initial_user_agent:e.var.useragent||"",initial_asn:"",last_asn:""},clients:[n.client_id]})}async function m1(e,{user:t,client:n,loginSession:i,existingSessionId:r,authConnection:o}){const a=await e.env.data.loginSessions.get(n.tenant.id,i.id);if(!a)throw new N(400,{message:`Login session ${i.id} not found`});const c=a.state||be.PENDING;if(c===be.FAILED)throw new H(400,{error:"access_denied",error_description:a.failure_reason||"Cannot authenticate login session in failed state"});if(c===be.COMPLETED)throw new H(400,{error:"access_denied",error_description:"Login session has already been completed"});if(c===be.AUTHENTICATED){if(a.session_id)return a.session_id;throw new N(500,{message:"Login session is authenticated but has no session_id"})}let l;if(r){const f=await e.env.data.sessions.get(n.tenant.id,r);!f||f.revoked_at?l=(await tE(e,{user:t,client:n,loginSession:i})).id:(l=r,f.clients.includes(n.client_id)||await e.env.data.sessions.update(n.tenant.id,r,{clients:[...f.clients,n.client_id]}))}else l=(await tE(e,{user:t,client:n,loginSession:i})).id;const d=c===be.EXPIRED?be.PENDING:c,{state:u}=Ai(d,{type:Kn.AUTHENTICATE,userId:t.user_id}),p=o||e.var.connection;return await e.env.data.loginSessions.update(n.tenant.id,i.id,{session_id:l,state:u,user_id:t.user_id,...p?{auth_connection:p}:{},...c===be.EXPIRED?{expires_at:new Date(Date.now()+Di*1e3).toISOString()}:{}}),l}async function eY(e,t){const{user:n,client:i,loginSession:r,authStrategy:o,authConnection:a}=t;await m1(e,{user:n,client:i,loginSession:r,existingSessionId:t.existingSessionId,authConnection:a}),await e.env.data.loginSessions.update(i.tenant.id,r.id,{...o?{auth_strategy:o}:{},authenticated_at:new Date().toISOString()});const c=`/authorize/resume?state=${encodeURIComponent(r.id)}`;let l=c;if(r.authorization_url)try{const d=new URL(r.authorization_url),u=e.var.host||"";d.host&&d.host!==u&&(l=`${d.origin}${c}`)}catch{}return new Response(null,{status:302,headers:{location:l}})}async function tY(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to mark as failed`);return}const o=r.state||be.PENDING,{state:a,context:c}=Ai(o,{type:Kn.FAIL,reason:i});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,failure_reason:c.failureReason})}async function sh(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to start hook`);return}const o=r.state||be.PENDING,{state:a,context:c}=Ai(o,{type:Kn.START_HOOK,hookId:i});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,state_data:c.hookId?JSON.stringify({hookId:c.hookId}):void 0})}async function zd(e,t,n){const i=await e.env.data.loginSessions.get(t,n.id);if(!i){console.warn(`Login session ${n.id} not found when trying to complete hook`);return}const r=i.state||be.PENDING,{state:o}=Ai(r,{type:Kn.COMPLETE_HOOK});o!==r&&await e.env.data.loginSessions.update(t,n.id,{state:o,state_data:void 0})}async function Dm(e,t,n,i){const r=await e.env.data.loginSessions.get(t,n.id);if(!r){console.warn(`Login session ${n.id} not found when trying to mark as completed`);return}const o=r.state||be.PENDING,{state:a}=Ai(o,{type:Kn.COMPLETE});a!==o&&await e.env.data.loginSessions.update(t,n.id,{state:a,...i?{auth_connection:i}:{}})}async function yu(e,t,n,i,r){const o=await e.env.data.loginSessions.get(t,n.id);if(!o){console.warn(`Login session ${n.id} not found when trying to start continuation`);return}const a=o.state||be.PENDING,{state:c}=Ai(a,{type:Kn.START_CONTINUATION,scope:i});if(c!==a){let l={};if(o.state_data)try{l=JSON.parse(o.state_data)}catch{}await e.env.data.loginSessions.update(t,n.id,{state:c,state_data:JSON.stringify({...l,continuationScope:i,continuationReturnUrl:r})})}else console.warn(`Failed to start continuation for login session ${n.id}: cannot transition from ${a} to AWAITING_CONTINUATION. Scope: ${JSON.stringify(i)}, Return URL: ${XJ(r)}`)}async function ah(e,t,n){const i=await e.env.data.loginSessions.get(t,n.id);if(!i){console.warn(`Login session ${n.id} not found when trying to complete continuation`);return}let r,o={};if(i.state_data)try{const l=JSON.parse(i.state_data);r=l.continuationReturnUrl;const{continuationScope:d,continuationReturnUrl:u,...p}=l;o=p}catch{}const a=i.state||be.PENDING,{state:c}=Ai(a,{type:Kn.COMPLETE_CONTINUATION});return c!==a?await e.env.data.loginSessions.update(t,n.id,{state:c,state_data:Object.keys(o).length>0?JSON.stringify(o):void 0}):console.warn(`completeLoginSessionContinuation: State transition from ${a} with COMPLETE_CONTINUATION was invalid or no-op`),r}function nY(e){if(!e.state_data)return null;try{return JSON.parse(e.state_data).continuationScope||null}catch{return null}}function ch(e,t){if(e.state!==be.AWAITING_CONTINUATION)return!1;const n=nY(e);return n?n.includes(t):!1}async function ot(e,t){const{authParams:n,client:i,ticketAuth:r}=t;let{user:o}=t;const a=n.response_type||Tn.CODE,c=n.response_mode||mt.QUERY;if(r){if(!t.loginSession)throw new H(500,{message:"Login session not found for ticket auth."});o&&!t.skipHooks&&(t.authStrategy&&o.app_metadata?.strategy!==t.authStrategy.strategy&&(o.app_metadata={...o.app_metadata,strategy:t.authStrategy.strategy},await e.env.data.users.update(i.tenant.id,o.user_id,{app_metadata:{...o.app_metadata||{},strategy:t.authStrategy.strategy}})),await o8(e,e.env.data,i.tenant.id,o,t.loginSession,{client:i,authParams:n,authStrategy:t.authStrategy}));const $=_G(),z=Fe(12),P=await e.env.data.codes.create(i.tenant.id,{code_id:Fe(32),code_type:"ticket",login_id:t.loginSession.id,expires_at:new Date(Date.now()+VB).toISOString(),code_verifier:[z,$].join("|"),redirect_uri:n.redirect_uri,state:n.state,nonce:n.nonce});return e.json({login_ticket:P.code_id,co_verifier:$,co_id:z})}let l=t.refreshToken,d;if(t.loginSession){const $=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if(!$)throw new H(500,{message:"Login session not found."});const z=$.state||be.PENDING;if(z===be.COMPLETED)throw new H(400,{error:"invalid_request",error_description:"Login session has already been completed"});if(z===be.FAILED)throw new H(400,{error:"access_denied",error_description:`Login session failed: ${$.failure_reason||"unknown reason"}`});if(z===be.PENDING||z===be.EXPIRED)d=await m1(e,{user:o,client:i,loginSession:t.loginSession,existingSessionId:t.existingSessionIdToLink,authConnection:t.authConnection});else if(d=$.session_id,!d)throw new H(500,{message:`Login session in ${z} state but has no session_id`})}else throw new H(500,{message:"loginSession must be provided for front-channel auth responses."});if(t.loginSession&&o){const $=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if($){const z=$.state||be.PENDING;let P={};if($.state_data)try{P=JSON.parse($.state_data)}catch{console.error("Failed to parse state_data for login session",$.id)}if(z===be.AWAITING_MFA){let I="/u2/mfa/login-options";if(P.authenticationMethodId){const R=(await e.env.data.authenticationMethods.list(i.tenant.id,o.user_id)).find(O=>O.id===P.authenticationMethodId);R?.confirmed&&R.type==="phone"?I="/u2/mfa/phone-challenge":R?.confirmed&&R.type==="totp"?I="/u2/mfa/totp-challenge":R?.confirmed&&(R.type==="passkey"||R.type==="webauthn-roaming"||R.type==="webauthn-platform")?I="/u2/passkey/challenge":R?.type==="totp"?I="/u2/mfa/totp-enrollment":R?.type==="phone"&&(I="/u2/mfa/phone-enrollment")}return new Response(null,{status:302,headers:{location:`${I}?state=${encodeURIComponent(t.loginSession.id)}`}})}if(z===be.AUTHENTICATED&&!P.mfa_verified){const{checkMfaRequired:I,sendMfaOtp:F}=await Promise.resolve().then(()=>EP),R=await I(e,i.tenant.id,o.user_id);if(R.required){const{state:O}=Ai(be.AUTHENTICATED,{type:Kn.REQUIRE_MFA});if(R.enrolled){if(R.allEnrollments.length>1)return await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:O}),new Response(null,{status:302,headers:{location:`/u2/mfa/login-options?state=${encodeURIComponent(t.loginSession.id)}`}});if(await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:O,state_data:JSON.stringify({...P,authenticationMethodId:R.enrollment.id})}),R.enrollment.type==="totp")return new Response(null,{status:302,headers:{location:`/u2/mfa/totp-challenge?state=${encodeURIComponent(t.loginSession.id)}`}});if(R.enrollment.type==="passkey"||R.enrollment.type==="webauthn-roaming"||R.enrollment.type==="webauthn-platform")return new Response(null,{status:302,headers:{location:`/u2/passkey/challenge?state=${encodeURIComponent(t.loginSession.id)}`}});if(!R.enrollment.phone_number)throw new Error("MFA enrollment is missing phone_number");return await F(e,i,t.loginSession,R.enrollment.phone_number),new Response(null,{status:302,headers:{location:`/u2/mfa/phone-challenge?state=${encodeURIComponent(t.loginSession.id)}`}})}else{const j=i.tenant,B=j.mfa?.factors?.otp===!0,M=j.mfa?.factors?.sms===!0,V=j.mfa?.factors?.webauthn_roaming===!0||j.mfa?.factors?.webauthn_platform===!0;return await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state:O}),(B?1:0)+(M?1:0)+(V?1:0)>1?new Response(null,{status:302,headers:{location:`/u2/mfa/login-options?state=${encodeURIComponent(t.loginSession.id)}`}}):B?new Response(null,{status:302,headers:{location:`/u2/mfa/totp-enrollment?state=${encodeURIComponent(t.loginSession.id)}`}}):V?new Response(null,{status:302,headers:{location:`/u2/passkey/enrollment?state=${encodeURIComponent(t.loginSession.id)}`}}):new Response(null,{status:302,headers:{location:`/u2/mfa/phone-enrollment?state=${encodeURIComponent(t.loginSession.id)}`}})}}}}}if(t.loginSession&&o&&c!==mt.WEB_MESSAGE){const $=await e.env.data.loginSessions.get(i.tenant.id,t.loginSession.id);if($){const z=$.state||be.PENDING;let P={};if($.state_data)try{P=JSON.parse($.state_data)}catch{}if(z===be.AUTHENTICATED&&!P.passkey_nudge_completed){const{checkPasskeyNudgeRequired:I}=await Promise.resolve().then(()=>require("./passkey-enrollment-dbZd6Zqw.js"));if((await I(e,i.tenant.id,o.user_id,$.auth_connection)).show)return await yu(e,i.tenant.id,$,["passkey-enrollment"],`/u/continue?state=${encodeURIComponent(t.loginSession.id)}`),new Response(null,{status:302,headers:{location:`/u2/passkey/enrollment-nudge?state=${encodeURIComponent(t.loginSession.id)}`}});await e.env.data.loginSessions.update(i.tenant.id,t.loginSession.id,{state_data:JSON.stringify({...P,passkey_nudge_completed:!0})})}}}const u=a.split(" ").includes("code");if(!l&&n.scope?.split(" ").includes("offline_access")&&a!==Tn.TOKEN&&!u&&!t.impersonatingUser&&(l=(await g1(e,{user:o,client:i,login_id:t.loginSession?.id||"",scope:n.scope,audience:n.audience})).wireToken),c===mt.SAML_POST){if(!d)throw new N(500,{message:"Session ID not available for SAML response"});return QG(e,t.client,t.authParams,o,d)}const p=await iY(e,{authParams:n,user:o,client:i,session_id:d,refresh_token:l,authStrategy:t.authStrategy,authConnection:t.authConnection,loginSession:t.loginSession,responseType:a,skipHooks:t.skipHooks,organization:t.organization,impersonatingUser:t.impersonatingUser});if(p instanceof Response)return p;if(!n.redirect_uri)throw new H(400,{message:c===mt.WEB_MESSAGE?"Redirect URI not allowed for WEB_MESSAGE response mode.":"Redirect uri not found for this response mode."});const f=new Headers;d?t1(i.tenant.id,d,e.var.host||"").forEach(z=>{f.append("set-cookie",z)}):c===mt.WEB_MESSAGE&&console.warn("Session ID not available for WEB_MESSAGE, cookie will not be set.");const h=a.split(" "),g=h.includes("code"),m=h.includes("id_token"),_=h.includes("token"),w={},y="code"in p&&typeof p.code=="string",v="access_token"in p&&typeof p.access_token=="string";if(y&&g&&(w.code=p.code),v&&(_&&(w.access_token=p.access_token,w.token_type=p.token_type,w.expires_in=p.expires_in.toString()),m&&p.id_token&&(w.id_token=p.id_token)),!y&&!v)throw new H(500,{message:"Invalid token response for front-channel flow."});const b=("state"in p&&typeof p.state=="string"?p.state:void 0)??n.state;if(b&&(w.state=b),(_||m)&&n.scope&&(w.scope=n.scope),c===mt.WEB_MESSAGE){const $=new URL(n.redirect_uri),z=`${$.protocol}//${$.host}`;return ww(e,z,JSON.stringify(w),f)}if(c===mt.FORM_POST)return Xf(n.redirect_uri,w,f);const k=m||_,C=new URL(n.redirect_uri);if(k)C.hash=new URLSearchParams(w).toString();else for(const[$,z]of Object.entries(w))C.searchParams.set($,z);return f.set("location",C.toString()),new Response("Redirecting",{status:302,headers:f})}async function iY(e,t){let{user:n}=t;const i=t.responseType||Tn.TOKEN;if(n&&t.organization&&!(await e.env.data.userOrganizations.list(t.client.tenant.id,{q:`user_id:${n.user_id}`,per_page:1e3})).userOrganizations.some(_=>_.organization_id===t.organization.id))throw new H(403,{error:"access_denied",error_description:"User is not a member of the specified organization"});let r=t.authParams.scope||"",o=[],a;const c=t.authParams.audience??t.client.tenant.default_audience;if(c)try{let g;if(t.grantType===nn.ClientCredential||!n&&!t.user)g=await Id(e,{grantType:nn.ClientCredential,tenantId:t.client.tenant.id,clientId:t.client.client_id,audience:c,requestedScopes:t.authParams.scope?.split(" ")||[],organizationId:t.organization?.id});else{const m=n?.user_id||t.user?.user_id;if(!m)throw new H(400,{error:"invalid_request",error_description:"User ID is required for user-based grants"});g=await Id(e,{grantType:t.grantType,tenantId:t.client.tenant.id,userId:m,clientId:t.client.client_id,audience:c,requestedScopes:t.authParams.scope?.split(" ")||[],organizationId:t.organization?.id})}r=g.scopes.join(" "),o=g.permissions,a=t.client.app_type==="spa"&&g.token_lifetime_for_web?g.token_lifetime_for_web:g.token_lifetime}catch(g){if(g instanceof N)throw g}const l={...t.authParams,scope:r};if(t.loginSession&&n&&!t.skipHooks){t.authStrategy&&n.app_metadata?.strategy!==t.authStrategy.strategy&&(n.app_metadata={...n.app_metadata,strategy:t.authStrategy.strategy},await e.env.data.users.update(t.client.tenant.id,n.user_id,{app_metadata:{...n.app_metadata||{},strategy:t.authStrategy.strategy}}));const g=await o8(e,e.env.data,t.client.tenant.id,n,t.loginSession,{client:t.client,authParams:l,authStrategy:t.authStrategy});if(g instanceof Response)return g;n=g}const d=t.loginSession?.auth_connection||t.authConnection||e.var.connection,u=i.split(" "),p=u.includes("code"),f=u.includes("id_token")||u.includes("token"),h=p&&f;if(i===Tn.CODE){if(!n||!t.loginSession)throw new H(500,{message:"User and loginSession is required for code flow"});const g=await rh(e,{user:n,client:t.client,authParams:l,login_id:t.loginSession.id});return await Dm(e,t.client.tenant.id,t.loginSession,d),g}else if(h){if(!n||!t.loginSession)throw new H(500,{message:"User and loginSession is required for hybrid flow"});const g=await rh(e,{user:n,client:t.client,authParams:l,login_id:t.loginSession.id}),m=await cc(e,{...t,user:n,authParams:l,permissions:o,token_lifetime:a,code:g.code});return await Dm(e,t.client.tenant.id,t.loginSession,d),{...m,code:g.code,state:g.state}}else{const g=await cc(e,{...t,user:n,authParams:l,permissions:o,token_lifetime:a});return t.loginSession&&await Dm(e,t.client.tenant.id,t.loginSession,d),g}}function In(){const e=new Uint8Array(6);crypto.getRandomValues(e);let t="";for(let n=0;n<6;n+=1)t+=(e[n]%10).toString();return t}async function rY(e,t){const i=[];for(let r=0;;r++){const{connections:o}=await e.env.data.connections.list(t,{page:r,per_page:100,include_totals:!1});if(i.push(...o),o.length<100)break}return i}async function nE(e,t,n){return(await rY(e,t)).find(r=>r.name===n)??null}const oY="http://auth0.com/oauth/grant-type/password-realm",sY="openid profile email",aY=1e4;class En extends Error{status;code;description;constructor(t,n,i){super(i??n),this.name="Auth0UpstreamError",this.status=t,this.code=n,this.description=i}}function lh(e){return typeof e=="object"&&e!==null}function qr(e){return typeof e=="string"?e:void 0}async function y1(e){const t=await e.text();if(!t)return null;try{return JSON.parse(t)}catch{throw new En(e.status,"malformed_response","Upstream returned non-JSON body")}}function N8(e){if(!lh(e))throw new En(502,"malformed_response","Upstream token response was not an object");const t=qr(e.access_token);if(!t)throw new En(502,"malformed_response","Upstream token response missing access_token");return{access_token:t,id_token:qr(e.id_token),refresh_token:qr(e.refresh_token),expires_in:typeof e.expires_in=="number"?e.expires_in:void 0,token_type:qr(e.token_type),scope:qr(e.scope)}}function _1(e,t){const n=lh(t)?qr(t.error):void 0,i=lh(t)?qr(t.error_description):void 0;return new En(e,n??"invalid_grant",i??`Upstream returned HTTP ${e}`)}async function cY(e){const t=new URLSearchParams;t.set("grant_type",oY),t.set("client_id",e.clientId),t.set("client_secret",e.clientSecret),t.set("realm",e.realm),t.set("username",e.username),t.set("password",e.password),t.set("scope",e.scope??sY),e.audience&&t.set("audience",e.audience);let n;try{n=await fetch(e.tokenEndpoint,{method:"POST",headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json"},body:t.toString()})}catch(r){const o=r instanceof Error?r.message:"fetch failed";throw new En(0,"network_error",o)}const i=await y1(n);if(!n.ok)throw _1(n.status,i);return N8(i)}async function lY(e){const t=new URLSearchParams;t.set("grant_type","refresh_token"),t.set("client_id",e.clientId),t.set("client_secret",e.clientSecret),t.set("refresh_token",e.refreshToken),e.scope&&t.set("scope",e.scope),e.audience&&t.set("audience",e.audience);const n=new AbortController,i=setTimeout(()=>n.abort(),aY);let r;try{r=await fetch(e.tokenEndpoint,{method:"POST",headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json"},body:t.toString(),signal:n.signal})}catch(a){if(n.signal.aborted)throw new En(0,"network_error","request_timed_out");const c=a instanceof Error?a.message:"fetch failed";throw new En(0,"network_error",c)}finally{clearTimeout(i)}const o=await y1(r);if(!r.ok)throw _1(r.status,o);return N8(o)}async function P8(e,t){let n;try{n=await fetch(e,{method:"GET",headers:{authorization:`Bearer ${t}`,accept:"application/json"}})}catch(o){const a=o instanceof Error?o.message:"fetch failed";throw new En(0,"network_error",a)}const i=await y1(n);if(!n.ok)throw _1(n.status,i);if(!lh(i))throw new En(502,"malformed_response","Upstream userinfo response was not an object");const r=qr(i.sub);if(!r)throw new En(502,"malformed_response","Upstream userinfo response missing sub");return{...i,sub:r}}function Gc(e){return typeof e=="string"?e:void 0}function dY(e){const t=e.options&&typeof e.options=="object"?e.options.configuration:void 0;if(!t||typeof t!="object")return null;const n=t,i=Gc(n.token_endpoint),r=Gc(n.userinfo_endpoint),o=Gc(n.client_id),a=Gc(n.client_secret),c=Gc(n.realm);return!i||!r||!o||!a?null:{tokenEndpoint:i,userinfoEndpoint:r,clientId:o,clientSecret:a,realm:c}}async function iE(e){const{ctx:t,client:n,username:i,password:r,dbConnection:o,existingUser:a}=e;if(o.options?.import_mode!==!0)return null;const c=dY(o);if(!c)return null;let l;try{l=await cY({tokenEndpoint:c.tokenEndpoint,clientId:c.clientId,clientSecret:c.clientSecret,realm:c.realm??o.name,username:i,password:r})}catch(g){if(g instanceof En)return console.warn(`Auth0 upstream ROPG failed for tenant=${n.tenant.id} realm=${o.name}: ${g.code} ${g.description??""}`),null;throw g}const d=t.env.data;let u=a;if(!u){let g;try{g=await P8(c.userinfoEndpoint,l.access_token)}catch(v){if(v instanceof En)return console.warn(`Auth0 upstream userinfo failed for tenant=${n.tenant.id}: ${v.code} ${v.description??""}`),null;throw v}const m=i.includes("@"),_=typeof g.email=="string"?g.email:void 0,w=await Cs(t.env,n.tenant.id),y=`${w}|${Sr()}`;t.set("is_lazy_migration",!0);try{u=await d.users.create(n.tenant.id,{user_id:y,email:_??(m?i:void 0),username:m?void 0:i,name:typeof g.name=="string"?g.name:i,given_name:typeof g.given_name=="string"?g.given_name:void 0,family_name:typeof g.family_name=="string"?g.family_name:void 0,nickname:typeof g.nickname=="string"?g.nickname:void 0,picture:typeof g.picture=="string"?g.picture:void 0,email_verified:g.email_verified===!0,provider:w,connection:o.name,is_social:!1,last_ip:t.var.ip??"",last_login:new Date().toISOString(),profileData:JSON.stringify(g)})}finally{t.set("is_lazy_migration",!1)}}const{hash:p,algorithm:f}=await to(r),h=await d.passwords.get(n.tenant.id,u.user_id);return h&&await d.passwords.update(n.tenant.id,{id:h.id,user_id:u.user_id,password:h.password,algorithm:h.algorithm,is_current:!1}),await d.passwords.create(n.tenant.id,{user_id:u.user_id,password:p,algorithm:f,is_current:!0}),D(t,n.tenant.id,{type:T.SUCCESS_PASSWORD_MIGRATION,description:`Imported password from upstream for ${u.user_id}`,userId:u.user_id,connection:o.name}),u}async function uY(e,t,n){const i=n.app_metadata||{},r=i.failed_logins||[],o=Date.now(),a=[...r.filter(c=>o-c<1e3*60*5),o];i.failed_logins=a,await e.users.update(t,n.user_id,{app_metadata:i})}function pY(e){return typeof e=="object"&&e!==null&&"allowed"in e&&typeof e.allowed=="boolean"}function fY(e){const n=(e.app_metadata||{}).failed_logins||[],i=Date.now();return n.filter(r=>i-r<1e3*60*5)}async function w1(e,t,n,i,r=Y.USERNAME_PASSWORD){const{data:o}=e.env,{username:a}=n;if(e.set("username",a),!a)throw new H(400,{message:"Username is required"});const c=t.tenant.attack_protection?.suspicious_ip_throttling,l=e.var.ip,d=l?c?.allowlist?.includes(l):!1;if(o.rateLimit&&c?.enabled&&l&&!d){let _={allowed:!0};try{const w=await o.rateLimit.consume("pre-login",`${t.tenant.id}:${l}`);pY(w)&&(_=w)}catch(w){console.error("Pre-login rate limit consume failed:",w)}if(!_.allowed)throw D(e,t.tenant.id,{type:T.FAILED_LOGIN,description:"Rate limit exceeded for pre-login"}),new Po(429,{message:"Too many requests",code:"TOO_MANY_REQUESTS"})}let u=await Er({env:e.env,tenant_id:t.tenant.id,username:a});if(!u){let _=await nE(e,t.tenant.id,r);if(!_&&r===Y.USERNAME_PASSWORD){const w=t.connections.filter(y=>y.strategy===Y.USERNAME_PASSWORD);if(w.length>1)throw new H(400,{message:"Multiple username-password connections configured for this client; specify an explicit realm."});_=w[0]??null}if(_?.options?.import_mode===!0){const w=await iE({ctx:e,client:t,username:a,password:n.password,dbConnection:_,existingUser:null});w&&(u=w)}if(!u)throw D(e,t.tenant.id,{type:T.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"}),new Po(403,{message:"User not found",code:"USER_NOT_FOUND"})}const p=u.linked_to?await o.users.get(t.tenant.id,u.linked_to):u;if(!p)throw new Po(403,{message:"User not found",code:"USER_NOT_FOUND"});if(e.set("connection",u.connection),e.set("user_id",p.user_id),fY(p).length>=3)throw D(e,t.tenant.id,{type:T.FAILED_LOGIN,description:"Too many failed login attempts"}),new Po(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"});const h=await o.passwords.get(t.tenant.id,u.user_id);let g=h&&await mc.compare(n.password,h.password);if(!g){const _=await nE(e,t.tenant.id,u.connection);_?.options?.import_mode===!0&&await iE({ctx:e,client:t,username:a,password:n.password,dbConnection:_,existingUser:p})&&(g=!0)}if(!g)throw D(e,t.tenant.id,{type:T.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"}),uY(o,t.tenant.id,p),new Po(403,{message:"Invalid password",code:"INVALID_PASSWORD"});if(!u.email_verified&&t.client_metadata?.email_validation==="enforced"){const _=i?.authParams?.ui_locales?.split(" ")?.map(w=>w.split("-")[0])[0];throw await Fg(e,u,_),D(e,t.tenant.id,{type:T.FAILED_LOGIN,description:"Email not verified"}),i&&await tY(e,t.tenant.id,i,"Email not verified"),new Po(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const m=p.app_metadata||{};return m.failed_logins&&m.failed_logins.length>0&&(m.failed_logins=[],o.users.update(t.tenant.id,p.user_id,{app_metadata:m})),{client:t,authParams:n,user:p,loginSession:i}}async function Pc(e,t,n,i,r,o=Y.USERNAME_PASSWORD){const a=await w1(e,t,n,i,o);return ot(e,{...a,ticketAuth:r,authConnection:e.get("connection")||Y.USERNAME_PASSWORD,authStrategy:{strategy:Y.USERNAME_PASSWORD,strategy_type:Gt.DATABASE}})}async function v1(e,t,n,i,r){await K$(e,{client:t,username:n,connection:Y.USERNAME_PASSWORD,ip:e.var.ip});let o=In(),a=await e.env.data.codes.get(t.tenant.id,o,"password_reset");for(;a;)o=In(),a=await e.env.data.codes.get(t.tenant.id,o,"password_reset");let c=i;if(!await e.env.data.loginSessions.get(t.tenant.id,i)){const u=e.get("ip"),p=e.get("useragent"),f=e.get("auth0_client"),h=Bi(f);c=(await e.env.data.loginSessions.create(t.tenant.id,{expires_at:new Date(Date.now()+L5).toISOString(),authParams:{client_id:t.client_id,username:n},csrf_token:Fe(),ip:u,useragent:p,auth0Client:h})).id}const d=await e.env.data.codes.create(t.tenant.id,{code_id:o,code_type:"password_reset",login_id:c,expires_at:new Date(Date.now()+KB).toISOString()});r==="code"?await lG(e,n,d.code_id):await R6(e,n,d.code_id,c)}function hY(e){return e===Y.USERNAME_PASSWORD||e===Xa}const gY=Ct.extend({connections:s.z.array(Hr)}),F8=["client_secret","app_secret","twilio_token"];function Uu(e){if(!e.options)return e;const t={...e.options};for(const n of F8)delete t[n];return{...e,options:t}}const mY=s.z.object({enabled_clients:s.z.array(s.z.object({client_id:s.z.string(),name:s.z.string()}))}),yY=s.z.array(s.z.object({client_id:s.z.string(),status:s.z.boolean()})),_Y=new s.OpenAPIHono().openapi(s.createRoute({tags:["connections"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Hr),gY])}},description:"List of connectionss"}}}),async e=>{const{page:t,per_page:n,include_totals:i=!1,sort:r,q:o}=e.req.valid("query"),a=await e.env.data.connections.list(e.var.tenant_id,{page:t,per_page:n,include_totals:i,sort:St(r),q:o}),c=a.connections.map(Uu);return i?e.json({...a,connections:c}):e.json(c)}).openapi(s.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections"]}],responses:{200:{content:{"application/json":{schema:Hr}},description:"A connection"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.connections.get(e.var.tenant_id,t);if(!n)throw new N(404);return e.json(Uu(n))}).openapi(s.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:connections"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!await e.env.data.connections.remove(n,t))throw new N(404,{message:"Connection not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Connection",targetType:"connection",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Dp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:connections"]}],responses:{200:{content:{"application/json":{schema:Hr}},description:"The updated connection"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.var.tenant_id,r=await e.env.data.connections.get(i,t);let o=n;if(n.options&&r?.options){const l={...n.options};for(const d of F8)l[d]===void 0&&r.options[d]!==void 0&&(l[d]=r.options[d]);o={...n,options:l}}if(!await e.env.data.connections.update(i,t,o))throw new N(404,{message:"Connection not found"});const c=await e.env.data.connections.get(i,t);if(!c)throw new N(404,{message:"Connection not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Connection",beforeState:r,afterState:c,targetType:"connection",targetId:t,body:n}),e.json(Uu(c))}).openapi(s.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Dp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:connections"]}],responses:{201:{content:{"application/json":{schema:Hr}},description:"A connection"}}}),async e=>{const t=e.req.valid("json"),n=e.var.tenant_id,i=t.id||QR(),r=await e.env.data.connections.create(n,{...t,id:i});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Connection",afterState:r,targetType:"connection",targetId:r.id}),e.json(Uu(r),{status:201})}).openapi(s.createRoute({tags:["connections"],method:"get",path:"/{id}/clients",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:connections"]}],responses:{200:{content:{"application/json":{schema:mY}},description:"List of clients enabled for this connection"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.connections.get(e.var.tenant_id,t))throw new N(404,{message:"Connection not found"});const{clients:i}=await e.env.data.clients.list(e.var.tenant_id,{per_page:1e3}),r=i.filter(o=>o.connections?.includes(t)).map(o=>({client_id:o.client_id,name:o.name}));return e.json({enabled_clients:r})}).openapi(s.createRoute({tags:["connections"],method:"patch",path:"/{id}/clients",request:{body:{content:{"application/json":{schema:yY}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:connections"]}],responses:{204:{description:"Clients updated successfully (No Content)"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.connections.get(e.var.tenant_id,t))throw new N(404,{message:"Connection not found"});for(const r of n){const o=await e.env.data.clients.get(e.var.tenant_id,r.client_id);if(!o)continue;const a=o.connections||[];r.status?a.includes(t)||await e.env.data.clients.update(e.var.tenant_id,r.client_id,{connections:[...a,t]}):a.includes(t)&&await e.env.data.clients.update(e.var.tenant_id,r.client_id,{connections:a.filter(c=>c!==t)})}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Connection Clients",targetType:"connection_client",targetId:t}),e.body(null,204)}).openapi(s.createRoute({tags:["connections"],method:"post",path:"/{id}/try",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({username:s.z.string().optional(),password:s.z.string().optional()}).optional()}}}},security:[{Bearer:["update:connections"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.object({mode:s.z.literal("redirect"),authorize_url:s.z.string(),state:s.z.string(),result_url:s.z.string(),client_id:s.z.string(),connection:s.z.object({id:s.z.string(),name:s.z.string(),strategy:s.z.string()})}),s.z.object({mode:s.z.literal("inline"),status:s.z.enum(["success","error"]),connection_id:s.z.string(),connection_name:s.z.string(),strategy:s.z.string(),userinfo:s.z.record(s.z.unknown()).optional(),raw:s.z.record(s.z.unknown()).nullable().optional(),error:s.z.string().optional(),error_description:s.z.string().optional()})])}},description:"Test outcome (inline) or how to drive the test (redirect)"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id,i=await e.env.data.connections.get(n,t);if(!i)throw new N(404,{message:"Connection not found"});const r=i.id??t,o=await YB(e.env,n);if(await D(e,n,{type:T.SUCCESS_API_OPERATION,description:"Try Connection initiated",targetType:"connection",targetId:t}),hY(i.strategy)){const f=e.req.valid("json")??{};if(!f.username||!f.password)throw new N(400,{message:"username and password are required for database connections"});const h=await Je(e.env,o,n);try{const g=await w1(e,h,{username:f.username,password:f.password,client_id:o},void 0,i.name),{user:m}=g;return e.json({mode:"inline",status:"success",connection_id:r,connection_name:i.name,strategy:i.strategy,userinfo:m,raw:m})}catch(g){const m=g instanceof Error?g.message:"Password login failed",_=g&&typeof g=="object"&&"code"in g?String(g.code):"error";return e.json({mode:"inline",status:"error",connection_id:r,connection_name:i.name,strategy:i.strategy,error:_,error_description:m})}}const a=Fe(),c=new URL(M5(e.env)),l=e.req.header("origin");if(l)try{new URL(l).origin===l&&c.searchParams.set("opener_origin",l)}catch{}const d=c.toString(),u=On(e.env),p=new URL(`${u}authorize`);return p.searchParams.set("client_id",o),p.searchParams.set("response_type","code"),p.searchParams.set("scope","openid profile email"),p.searchParams.set("connection",i.name),p.searchParams.set("redirect_uri",d),p.searchParams.set("state",a),e.json({mode:"redirect",authorize_url:p.toString(),state:a,result_url:d,client_id:o,connection:{id:r,name:i.name,strategy:i.strategy}})}),wY=new s.OpenAPIHono().openapi(s.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:prompts"]}],responses:{200:{content:{"application/json":{schema:Qo}},description:"Branding settings"}}}),async e=>{const t=await e.env.data.promptSettings.get(e.var.tenant_id);return t?e.json(t):e.json(Qo.parse({}))}).openapi(s.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(Qo.shape).partial()}}}},security:[{Bearer:["update:prompts"]}],responses:{200:{description:"Prompts settings"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.promptSettings.get(e.var.tenant_id);return Object.assign(n,t),await e.env.data.promptSettings.set(e.var.tenant_id,n),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Prompt Settings",targetType:"prompt_settings",targetId:e.var.tenant_id}),e.json(n)}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/custom-text",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:prompts"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.object({prompt:_a,language:s.z.string()}))}},description:"List of custom text entries"}}}),async e=>{const t=await e.env.data.customText.list(e.var.tenant_id);return e.json(t)}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/custom-text/defaults",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),query:s.z.object({language:s.z.string().optional(),prompt:s.z.string().optional()})},security:[{Bearer:["read:prompts"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.object({prompt:s.z.string(),language:s.z.string(),custom_text:Ro}))}},description:"Bundled default text for every prompt/language shipped with authhero. authhero extension; not available in Auth0."}}}),async e=>{const{language:t,prompt:n}=e.req.valid("query");return e.json(d9({language:t,prompt:n}))}).openapi(s.createRoute({tags:["prompts"],method:"get",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:_a,language:s.z.string()})},security:[{Bearer:["read:prompts"]}],responses:{200:{content:{"application/json":{schema:Ro}},description:"Custom text for the prompt and language"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param"),i=await e.env.data.customText.get(e.var.tenant_id,t,n);return e.json(i??{})}).openapi(s.createRoute({tags:["prompts"],method:"put",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:_a,language:s.z.string()}),body:{content:{"application/json":{schema:Ro}}}},security:[{Bearer:["update:prompts"]}],responses:{200:{content:{"application/json":{schema:Ro}},description:"Updated custom text"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param"),i=await e.req.json(),r=Ro.parse(i);return await e.env.data.customText.set(e.var.tenant_id,t,n,r),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Set Custom Text",targetType:"custom_text",targetId:e.var.tenant_id}),e.json(r)}).openapi(s.createRoute({tags:["prompts"],method:"delete",path:"/{prompt}/custom-text/{language}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({prompt:_a,language:s.z.string()})},security:[{Bearer:["delete:prompts"]}],responses:{204:{description:"Custom text deleted"}}}),async e=>{const{prompt:t,language:n}=e.req.valid("param");return await e.env.data.customText.delete(e.var.tenant_id,t,n),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete Custom Text",targetType:"custom_text",targetId:e.var.tenant_id}),e.body(null,204)});let rE=!1;function b1(e){e.use(async(t,n)=>(rE||(e.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${t.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),rE=!0),await n()))}var O8=e=>R8(e.replace(/_|-/g,t=>({_:"/","-":"+"})[t]??t)),R8=e=>{const t=atob(e),n=new Uint8Array(new ArrayBuffer(t.length)),i=t.length/2;for(let r=0,o=t.length-1;r<=i;r++,o--)n[r]=t.charCodeAt(r),n[o]=t.charCodeAt(o);return n},Ql=(e=>(e.HS256="HS256",e.HS384="HS384",e.HS512="HS512",e.RS256="RS256",e.RS384="RS384",e.RS512="RS512",e.PS256="PS256",e.PS384="PS384",e.PS512="PS512",e.ES256="ES256",e.ES384="ES384",e.ES512="ES512",e.EdDSA="EdDSA",e))(Ql||{}),vY=class extends Error{constructor(e){super(`${e} is not an implemented algorithm`),this.name="JwtAlgorithmNotImplemented"}},oE=class extends Error{constructor(){super('JWT verification requires "alg" option to be specified'),this.name="JwtAlgorithmRequired"}},bY=class extends Error{constructor(e,t){super(`JWT algorithm mismatch: expected "${e}", got "${t}"`),this.name="JwtAlgorithmMismatch"}},xw=class extends Error{constructor(e){super(`invalid JWT token: ${e}`),this.name="JwtTokenInvalid"}},AY=class extends Error{constructor(e){super(`token (${e}) is being used before it's valid`),this.name="JwtTokenNotBefore"}},kY=class extends Error{constructor(e){super(`token (${e}) expired`),this.name="JwtTokenExpired"}},SY=class extends Error{constructor(e,t){super(`Invalid "iat" claim, must be a valid number lower than "${e}" (iat: "${t}")`),this.name="JwtTokenIssuedAt"}},Lm=class extends Error{constructor(e,t){super(`expected issuer "${e}", got ${t?`"${t}"`:"none"} `),this.name="JwtTokenIssuer"}},EY=class extends Error{constructor(e){super(`jwt header is invalid: ${JSON.stringify(e)}`),this.name="JwtHeaderInvalid"}},CY=class extends Error{constructor(e){super(`token(${e}) signature mismatched`),this.name="JwtTokenSignatureMismatched"}},TY=class extends Error{constructor(e){super(`required "aud" in jwt payload: ${JSON.stringify(e)}`),this.name="JwtPayloadRequiresAud"}},xY=class extends Error{constructor(e,t){super(`expected audience "${Array.isArray(e)?e.join(", "):e}", got "${t}"`),this.name="JwtTokenAudience"}},dh=(e=>(e.Encrypt="encrypt",e.Decrypt="decrypt",e.Sign="sign",e.Verify="verify",e.DeriveKey="deriveKey",e.DeriveBits="deriveBits",e.WrapKey="wrapKey",e.UnwrapKey="unwrapKey",e))(dh||{}),j8=new TextEncoder,IY=new TextDecoder;async function $Y(e,t,n,i){const r=NY(t),o=await zY(e,r);return await crypto.subtle.verify(r,o,n,i)}function sE(e){return R8(e.replace(/-+(BEGIN|END).*?-+/g,"").replace(/\s/g,""))}async function zY(e,t){if(!crypto.subtle||!crypto.subtle.importKey)throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");if(PY(e)){if(e.type==="public"||e.type==="secret")return e;e=await aE(e)}if(typeof e=="string"&&e.includes("PRIVATE")){const i=await crypto.subtle.importKey("pkcs8",sE(e),t,!0,[dh.Sign]);e=await aE(i)}const n=[dh.Verify];return typeof e=="object"?await crypto.subtle.importKey("jwk",e,t,!1,n):e.includes("PUBLIC")?await crypto.subtle.importKey("spki",sE(e),t,!1,n):await crypto.subtle.importKey("raw",j8.encode(e),t,!1,n)}async function aE(e){if(e.type!=="private")throw new Error(`unexpected key type: ${e.type}`);if(!e.extractable)throw new Error("unexpected private key is unextractable");const t=await crypto.subtle.exportKey("jwk",e),{kty:n}=t,{alg:i,e:r,n:o}=t,{crv:a,x:c,y:l}=t;return{kty:n,alg:i,e:r,n:o,crv:a,x:c,y:l,key_ops:[dh.Verify]}}function NY(e){switch(e){case"HS256":return{name:"HMAC",hash:{name:"SHA-256"}};case"HS384":return{name:"HMAC",hash:{name:"SHA-384"}};case"HS512":return{name:"HMAC",hash:{name:"SHA-512"}};case"RS256":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}};case"RS384":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-384"}};case"RS512":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-512"}};case"PS256":return{name:"RSA-PSS",hash:{name:"SHA-256"},saltLength:32};case"PS384":return{name:"RSA-PSS",hash:{name:"SHA-384"},saltLength:48};case"PS512":return{name:"RSA-PSS",hash:{name:"SHA-512"},saltLength:64};case"ES256":return{name:"ECDSA",hash:{name:"SHA-256"},namedCurve:"P-256"};case"ES384":return{name:"ECDSA",hash:{name:"SHA-384"},namedCurve:"P-384"};case"ES512":return{name:"ECDSA",hash:{name:"SHA-512"},namedCurve:"P-521"};case"EdDSA":return{name:"Ed25519",namedCurve:"Ed25519"};default:throw new vY(e)}}function PY(e){return bv()==="node"&&crypto.webcrypto?e instanceof crypto.webcrypto.CryptoKey:e instanceof CryptoKey}var cE=e=>JSON.parse(IY.decode(O8(e)));function FY(e){if(typeof e=="object"&&e!==null){const t=e;return"alg"in t&&Object.values(Ql).includes(t.alg)&&(!("typ"in t)||t.typ==="JWT")}return!1}var OY=async(e,t,n)=>{if(!n)throw new oE;const{alg:i,iss:r,nbf:o=!0,exp:a=!0,iat:c=!0,aud:l}=typeof n=="string"?{alg:n}:n;if(!i)throw new oE;const d=e.split(".");if(d.length!==3)throw new xw(e);const{header:u,payload:p}=D8(e);if(!FY(u))throw new EY(u);if(u.alg!==i)throw new bY(i,u.alg);const f=Math.floor(Date.now()/1e3);if(o&&p.nbf!==void 0&&(typeof p.nbf!="number"||!Number.isFinite(p.nbf)||p.nbf>f))throw new AY(e);if(a&&p.exp!==void 0&&(typeof p.exp!="number"||!Number.isFinite(p.exp)||p.exp<=f))throw new kY(e);if(c&&p.iat!==void 0&&(typeof p.iat!="number"||!Number.isFinite(p.iat)||f<p.iat))throw new SY(f,p.iat);if(r){if(!p.iss)throw new Lm(r,null);if(typeof r=="string"&&p.iss!==r)throw new Lm(r,p.iss);if(r instanceof RegExp&&!r.test(p.iss))throw new Lm(r,p.iss)}if(l){if(!p.aud)throw new TY(p);if(!(Array.isArray(p.aud)?p.aud:[p.aud]).some(w=>l instanceof RegExp?l.test(w):typeof l=="string"?w===l:Array.isArray(l)&&l.includes(w)))throw new xY(l,p.aud)}const h=e.substring(0,e.lastIndexOf("."));if(!await $Y(t,i,O8(d[2]),j8.encode(h)))throw new CY(e);return p};Ql.HS256,Ql.HS384,Ql.HS512;var D8=e=>{const t=e.split(".");if(t.length!==3)throw new xw(e);try{const n=cE(t[0]),i=cE(t[1]);return{header:n,payload:i}}catch{throw new xw(e)}},L8={verify:OY,decode:D8},RY=L8.verify,jY=L8.decode;async function B8(e){return Promise.all(e.map(async t=>{const i=await new so(t.cert).publicKey.export(),r=await crypto.subtle.exportKey("jwk",i),o=r.alg??U6(r);return Ch.parse({...r,alg:o,use:"sig",kid:t.kid})}))}async function Bm(e){const{signingKeys:t}=await e.keys.list({q:"type:jwt_signing"});return B8(t)}async function DY(e,t,n){const i=await $b(e.keys,t,n,{purpose:"publish"});return B8(i)}async function LY(e){if(e.JWKS_URL&&e.JWKS_SERVICE)try{const t=await e.JWKS_SERVICE.fetch(e.JWKS_URL);if(!t.ok)return console.warn(`JWKS fetch failed with status ${t.status}, falling back to database`),await Bm(e.data);const n=await t.json();return s.z.object({keys:s.z.array(Ch)}).parse(n).keys}catch(t){return console.warn(`JWKS fetch error: ${t instanceof Error?t.message:"Unknown error"}, falling back to database`),await Bm(e.data)}return await Bm(e.data)}function BY(e){switch(e){case"RS256":case"RS384":case"RS512":case"ES256":case"ES384":case"ES512":return e;default:throw new H(401,{message:`Unsupported JWS alg: ${e??"(missing)"}`})}}async function uh(e,t){try{const{header:n}=jY(t),i=BY(n?.alg),o=(await LY(e.env)).find(d=>d.kid===n.kid);if(!o)throw new H(401,{message:"No matching kid found"});if(o.alg!==i)throw new H(401,{message:"alg mismatch between token header and JWK"});const a=Xb(o,i),c=await crypto.subtle.importKey("jwk",o,a,!1,["verify"]);return await RY(t,c,i)}catch(n){throw n instanceof N?n:new H(403,{message:"Invalid JWT signature"})}}function A1(e){if(!e)return;const[t,n]=e.split(" ");if(!(!t||t.toLowerCase()!=="bearer"))return n?.trim()||void 0}function M8(e){if(!e)return{};const[t,n]=e.split(" ");if(t?.toLowerCase()!=="basic"||!n)return{};try{const[i,r]=atob(n).split(":");return!i||!r?{}:{client_id:i,client_secret:r}}catch{return{}}}const k1="urn:authhero:management";function MY(e){return e.replace(/:([a-zA-Z_][a-zA-Z0-9_]*)/g,"{$1}")}function qg(e,t={}){const n=t.requireManagementAudience??!1;return async(i,r)=>{const o=i.req.matchedRoutes.find(u=>u.method.toUpperCase()===i.req.method&&u.path!=="/*");if(!o)return await r();const a=MY(o.path),c="/api/v2",l=a.startsWith(c)?a.slice(c.length)||"/":a,d=e.openAPIRegistry.definitions.find(u=>"route"in u&&u.route.path===l&&u.route.method.toUpperCase()===i.req.method.toUpperCase());if(d&&"route"in d){const u=d.route.security?.[0]?.Bearer;if(u===void 0)return await r();const p=A1(i.req.header("authorization"));if(!p)throw new H(401,{message:"Missing bearer token"});try{const f=await uh(i,p);if(n){const m=f.aud;if(!(Array.isArray(m)?m:m?[m]:[]).includes(k1))throw new H(403,{message:"Invalid audience"})}i.set("user_id",f.sub),i.set("user",f),f.org_name&&i.set("org_name",f.org_name),f.org_id&&i.set("organization_id",f.org_id),!i.var.tenant_id&&f.tenant_id&&i.set("tenant_id",f.tenant_id);const h=Array.isArray(f.permissions)?f.permissions:[],g=typeof f.scope=="string"?f.scope.split(" "):Array.isArray(f.scope)?f.scope:[];if(u.length&&!(u.some(m=>h.includes(m))||u.some(m=>g.includes(m))))throw new H(403,{message:"Unauthorized"})}catch(f){throw f instanceof N?f:new H(403,{message:"Invalid token"})}}return await r()}}const lE=new s.OpenAPIHono().openapi(s.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:email_provider"]}],responses:{200:{content:{"application/json":{schema:s.z.object(ea.shape).partial()}},description:"Email provider"}}}),async e=>{const t=await e.env.data.emailProviders.get(e.var.tenant_id);return e.json(t??{})}).openapi(s.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(ea.shape)}}}},security:[{Bearer:["create:email_provider"]}],responses:{201:{content:{"application/json":{schema:ea}},description:"Email provider"},409:{description:"Email provider already configured"}}}),async e=>{const t=e.req.valid("json");if(await e.env.data.emailProviders.get(e.var.tenant_id))throw new N(409,{message:"Email provider already configured"});await e.env.data.emailProviders.create(e.var.tenant_id,t),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create Email Provider",targetType:"email_provider",targetId:e.var.tenant_id});const i=await e.env.data.emailProviders.get(e.var.tenant_id);return e.json(i??t,{status:201})}).openapi(s.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object(ea.shape).partial()}}}},security:[{Bearer:["update:email_provider"]}],responses:{200:{content:{"application/json":{schema:ea}},description:"Email provider"}}}),async e=>{const t=e.req.valid("json");await e.env.data.emailProviders.update(e.var.tenant_id,t);const n=await e.env.data.emailProviders.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Email provider not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Email Provider",targetType:"email_provider",targetId:e.var.tenant_id}),e.json(n)}).openapi(s.createRoute({tags:["emails"],method:"delete",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:email_provider"]}],responses:{204:{description:"Email provider deleted"},404:{description:"Email provider not found"}}}),async e=>{if(!await e.env.data.emailProviders.get(e.var.tenant_id))throw new N(404,{message:"Email provider not found"});return await e.env.data.emailProviders.remove(e.var.tenant_id),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete Email Provider",targetType:"email_provider",targetId:e.var.tenant_id}),e.body(null,204)}),qu=s.z.object({"tenant-id":s.z.string().optional()}),Mm=s.z.object({templateName:_v}),UY=Mr.partial(),qY=new s.OpenAPIHono().openapi(s.createRoute({tags:["email-templates"],method:"post",path:"/",request:{headers:qu,body:{content:{"application/json":{schema:Mr}}}},security:[{Bearer:["create:email_templates"]}],responses:{201:{content:{"application/json":{schema:Mr}},description:"Email template"},409:{description:"Template already exists"}}}),async e=>{const t=e.req.valid("json");if(await e.env.data.emailTemplates.get(e.var.tenant_id,t.template))throw new N(409,{message:"Email template already configured"});const i=await e.env.data.emailTemplates.create(e.var.tenant_id,t);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create Email Template",targetType:"email_template",targetId:t.template}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["email-templates"],method:"get",path:"/{templateName}",request:{headers:qu,params:Mm},security:[{Bearer:["read:email_templates"]}],responses:{200:{content:{"application/json":{schema:Mr}},description:"Email template"},404:{description:"Template not found"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!n)throw new N(404,{message:"Email template not found"});return e.json(n)}).openapi(s.createRoute({tags:["email-templates"],method:"put",path:"/{templateName}",request:{headers:qu,params:Mm,body:{content:{"application/json":{schema:Mr}}}},security:[{Bearer:["update:email_templates"]}],responses:{200:{content:{"application/json":{schema:Mr}},description:"Email template upserted"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=e.req.valid("json");if(n.template!==t)throw new N(400,{message:"Body template must match URL templateName"});await e.env.data.emailTemplates.get(e.var.tenant_id,t)?await e.env.data.emailTemplates.update(e.var.tenant_id,t,n):await e.env.data.emailTemplates.create(e.var.tenant_id,n);const r=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!r)throw new N(500,{message:`Email template not found after upsert (tenant_id=${e.var.tenant_id}, template=${t})`});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Email Template",targetType:"email_template",targetId:t}),e.json(r)}).openapi(s.createRoute({tags:["email-templates"],method:"patch",path:"/{templateName}",request:{headers:qu,params:Mm,body:{content:{"application/json":{schema:UY}}}},security:[{Bearer:["update:email_templates"]}],responses:{200:{content:{"application/json":{schema:Mr}},description:"Email template"},404:{description:"Template not found"}}}),async e=>{const{templateName:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.emailTemplates.update(e.var.tenant_id,t,n))throw new N(404,{message:"Email template not found"});const r=await e.env.data.emailTemplates.get(e.var.tenant_id,t);if(!r)throw new N(404,{message:"Email template not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Patch Email Template",targetType:"email_template",targetId:t}),e.json(r)}),HY=new s.OpenAPIHono().openapi(s.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:sessions"]}],responses:{200:{content:{"application/json":{schema:Th}},description:"A session"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.sessions.get(e.var.tenant_id,t);if(!n)throw new N(404);return e.json(n)}).openapi(s.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:sessions"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.sessions.remove(e.var.tenant_id,t))throw new N(404,{message:"Session not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Session",targetType:"session",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:sessions"]}],responses:{202:{description:"Sesssion deletion status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.sessions.update(e.var.tenant_id,t,{revoked_at:new Date().toISOString()}))throw new N(404,{message:"Session not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Revoke a Session",targetType:"session",targetId:t}),e.text("Session deletion request accepted.",{status:202})}),VY=new s.OpenAPIHono().openapi(s.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:refresh_tokens"]}],responses:{200:{content:{"application/json":{schema:wv}},description:"A session"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.refreshTokens.get(e.var.tenant_id,t);if(!n)throw new N(404);return e.json(n)}).openapi(s.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:refresh_tokens"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.refreshTokens.get(e.var.tenant_id,t),i=n?.family_id??n?.id;if(i&&await e.env.data.refreshTokens.revokeFamily(e.var.tenant_id,i,new Date().toISOString()),!await e.env.data.refreshTokens.remove(e.var.tenant_id,t))throw new N(404,{message:"Session not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Refresh Token",targetType:"refresh_token",targetId:t}),e.text("OK")}),KY=new s.OpenAPIHono().openapi(s.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:custom_domains"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Br)}},description:"List of custom domains"}}}),async e=>{const t=await e.env.data.customDomains.list(e.var.tenant_id);return e.json(t)}).openapi(s.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:custom_domains"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"A customDomain"}}}),async e=>{const{id:t}=e.req.valid("param"),n=await e.env.data.customDomains.get(e.var.tenant_id,t);if(!n)throw new N(404);return e.json(n)}).openapi(s.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:custom_domains"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param");if(!await e.env.data.customDomains.remove(e.var.tenant_id,t))throw new N(404,{message:"Custom domain not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Custom Domain",targetType:"custom_domain",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Br.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:custom_domains"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"The updated custom domain"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json");if(!await e.env.data.customDomains.update(e.var.tenant_id,t,n))throw new N(404);const r=await e.env.data.customDomains.get(e.var.tenant_id,t);if(!r)throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Custom Domain",targetType:"custom_domain",targetId:t,afterState:r}),e.json(r)}).openapi(s.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(sv.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:custom_domains"]}],responses:{201:{content:{"application/json":{schema:Br}},description:"The created custom domain"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.customDomains.create(e.var.tenant_id,t);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Custom Domain",targetType:"custom_domain",targetId:n.custom_domain_id,afterState:n}),e.json(n,{status:201})}).openapi(s.createRoute({tags:["custom-domains"],method:"post",path:"/{id}/verify",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:custom_domains"]}],responses:{200:{content:{"application/json":{schema:Br}},description:"The custom domain"}}}),async()=>{throw new N(501,{message:"Not implemented"})});function Wc(e){const t=e.env.data.logStreams;if(!t)throw new N(501,{message:"Log streams are not supported by this adapter"});return t}const GY=new s.OpenAPIHono().openapi(s.createRoute({tags:["log-streams"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:log_streams"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Xs)}},description:"List of log streams"}}}),async e=>{const n=await Wc(e).list(e.var.tenant_id);return e.json(n)}).openapi(s.createRoute({tags:["log-streams"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:log_streams"]}],responses:{200:{content:{"application/json":{schema:Xs}},description:"A log stream"}}}),async e=>{const t=Wc(e),{id:n}=e.req.valid("param"),i=await t.get(e.var.tenant_id,n);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["log-streams"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(gv.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:log_streams"]}],responses:{201:{content:{"application/json":{schema:Xs}},description:"The created log stream"}}}),async e=>{const t=Wc(e),n=e.req.valid("json"),i=await t.create(e.var.tenant_id,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Log Stream",targetType:"log_stream",targetId:i.id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["log-streams"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(Xs.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:log_streams"]}],responses:{200:{content:{"application/json":{schema:Xs}},description:"The updated log stream"}}}),async e=>{const t=Wc(e),{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await t.update(e.var.tenant_id,n,i))throw new N(404);const o=await t.get(e.var.tenant_id,n);if(!o)throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Log Stream",targetType:"log_stream",targetId:n,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["log-streams"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:log_streams"]}],responses:{204:{description:"Log stream deleted"}}}),async e=>{const t=Wc(e),{id:n}=e.req.valid("param");if(!await t.remove(e.var.tenant_id,n))throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Log Stream",targetType:"log_stream",targetId:n}),e.body(null,204)}),WY="***",Hu=xy.extend({credentials:xy.shape.credentials.extend({client_secret:s.z.string()})});function Ks(e){return{...e,credentials:{...e.credentials,client_secret:WY}}}function Jc(e){const t=e.env.data.migrationSources;if(!t)throw new N(501,{message:"Migration sources are not supported by this adapter"});return t}const JY=new s.OpenAPIHono().openapi(s.createRoute({tags:["migration-sources"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:migration_sources"]}],responses:{200:{content:{"application/json":{schema:s.z.array(Hu)}},description:"List of migration sources"}}}),async e=>{const n=await Jc(e).list(e.var.tenant_id);return e.json(n.map(Ks))}).openapi(s.createRoute({tags:["migration-sources"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:migration_sources"]}],responses:{200:{content:{"application/json":{schema:Hu}},description:"A migration source"}}}),async e=>{const t=Jc(e),{id:n}=e.req.valid("param"),i=await t.get(e.var.tenant_id,n);if(!i)throw new N(404);return e.json(Ks(i))}).openapi(s.createRoute({tags:["migration-sources"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Up.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:migration_sources"]}],responses:{201:{content:{"application/json":{schema:Hu}},description:"The created migration source"}}}),async e=>{const t=Jc(e),n=e.req.valid("json"),i=await t.create(e.var.tenant_id,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Migration Source",targetType:"migration_source",targetId:i.id,afterState:Ks(i)}),e.json(Ks(i),{status:201})}).openapi(s.createRoute({tags:["migration-sources"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(Up.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:migration_sources"]}],responses:{200:{content:{"application/json":{schema:Hu}},description:"The updated migration source"}}}),async e=>{const t=Jc(e),{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await t.update(e.var.tenant_id,n,i))throw new N(404);const o=await t.get(e.var.tenant_id,n);if(!o)throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Migration Source",targetType:"migration_source",targetId:n,afterState:Ks(o)}),e.json(Ks(o))}).openapi(s.createRoute({tags:["migration-sources"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:migration_sources"]}],responses:{204:{description:"Migration source deleted"}}}),async e=>{const t=Jc(e),{id:n}=e.req.valid("param");if(!await t.remove(e.var.tenant_id,n))throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Migration Source",targetType:"migration_source",targetId:n}),e.body(null,204)});function Um(e){return!!e&&typeof e=="object"&&!Array.isArray(e)}function U8(e,t){if(!Um(t))return e;const n=Um(e)?{...e}:{};for(const[i,r]of Object.entries(t))n[i]=Um(r)?U8(n[i],r):r;return n}async function qm(e,t){const n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Tenant not found"});return n.attack_protection?.[t]??{}}async function Hm(e,t,n){const i=await e.env.data.tenants.get(e.var.tenant_id);if(!i)throw new N(404,{message:"Tenant not found"});const r=i.attack_protection??{},o=U8(r[t]??{},n??{}),a={...r,[t]:o};return await e.env.data.tenants.update(e.var.tenant_id,{attack_protection:a}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:`Update Attack Protection (${t})`,targetType:"attack_protection",targetId:e.var.tenant_id}),a[t]}const YY=new s.OpenAPIHono().openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/breached-password-detection",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ha}},description:"Breached password detection settings"}}}),async e=>e.json(await qm(e,"breached_password_detection"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/breached-password-detection",request:{body:{content:{"application/json":{schema:ha}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ha}},description:"Updated settings"}}}),async e=>{const t=ha.parse(await e.req.json());return e.json(await Hm(e,"breached_password_detection",t))}).openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/brute-force-protection",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ga}},description:"Brute force protection settings"}}}),async e=>e.json(await qm(e,"brute_force_protection"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/brute-force-protection",request:{body:{content:{"application/json":{schema:ga}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ga}},description:"Updated settings"}}}),async e=>{const t=ga.parse(await e.req.json());return e.json(await Hm(e,"brute_force_protection",t))}).openapi(s.createRoute({tags:["attack-protection"],method:"get",path:"/suspicious-ip-throttling",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ma}},description:"Suspicious IP throttling settings"}}}),async e=>e.json(await qm(e,"suspicious_ip_throttling"))).openapi(s.createRoute({tags:["attack-protection"],method:"patch",path:"/suspicious-ip-throttling",request:{body:{content:{"application/json":{schema:ma}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:attack_protection"]}],responses:{200:{content:{"application/json":{schema:ma}},description:"Updated settings"}}}),async e=>{const t=ma.parse(await e.req.json());return e.json(await Hm(e,"suspicious_ip_throttling",t))});function _u(e,t){const n={};for(const[i,r]of Object.entries(t)){if(r==null)continue;if(typeof r=="function"){n[i]=r;continue}const o={};for(const[a,c]of Object.entries(r))typeof c=="function"?o[a]=async(...l)=>{const d=performance.now();try{const u=await c(...l),f=performance.now()-d,h=e.res.headers.get("Server-Timing")||"",g=h?`${h}, ${i}-${a};dur=${f.toFixed(2)}`:`${i}-${a};dur=${f.toFixed(2)}`;return e.res.headers.set("Server-Timing",g),u}catch(u){const f=performance.now()-d,h=e.res.headers.get("Server-Timing")||"",g=h?`${h}, ${i}-${a}-error;dur=${f.toFixed(2)}`:`${i}-${a}-error;dur=${f.toFixed(2)}`;throw e.res.headers.set("Server-Timing",g),u}}:o[a]=c;n[i]=o}return n}function Fc(e){return async(t,n)=>(t.env||(t.env={}),!t.env.data&&e.dataAdapter&&(t.env.data=e.dataAdapter),e.hooks&&(t.env.hooks={...e.hooks,...t.env.hooks||{}}),e.samlSigner&&(t.env.samlSigner=e.samlSigner),e.poweredByLogo&&(t.env.poweredByLogo=e.poweredByLogo),t.env.codeExecutor==null&&e.codeExecutor&&(t.env.codeExecutor=e.codeExecutor),e.webhookInvoker&&(t.env.webhookInvoker=e.webhookInvoker),e.outbox&&(t.env.outbox=e.outbox),e.userLinkingMode&&(t.env.userLinkingMode=e.userLinkingMode),e.usernamePasswordProvider&&(t.env.usernamePasswordProvider=e.usernamePasswordProvider),e.signingKeyMode&&(t.env.signingKeyMode=e.signingKeyMode),n())}async function Oc(e,t){const n=e.req.header("x-forwarded-host"),i=e.req.header("host");e.set("host",n||i||new URL(Wt(e.env)).host);const r=e.var.user;if(r?.tenant_id)return e.set("tenant_id",r.tenant_id),await t();const o=e.req.header("tenant-id");if(o)return e.set("tenant_id",o),await t();if(n){const a=await e.env.data.customDomains.getByDomain(n.toLowerCase());if(a)return e.set("tenant_id",a.tenant_id),e.set("custom_domain",n),await t()}if(i){const a=i.toLowerCase(),c=await e.env.data.customDomains.getByDomain(a);if(c)return e.set("tenant_id",c.tenant_id),e.set("custom_domain",i),await t();const l=a.split(".");if(l.length>1&&typeof l[0]=="string"){const d=l[0];if(await e.env.data.tenants.get(d)){e.set("tenant_id",d);const p=new URL(Wt(e.env)).host.toLowerCase();a!==p&&e.set("custom_domain",i)}}}if(!e.var.tenant_id){const a=e.req.query("tenant_id");if(a)return e.set("tenant_id",a),await t()}if(!e.var.tenant_id){const{tenants:a}=await e.env.data.tenants.list({per_page:2});a.length===1&&a[0]&&e.set("tenant_id",a[0].id)}return await t()}const QY=s.z.object({name:s.z.string(),version:s.z.string(),env:s.z.object({node:s.z.string().optional()}).optional()});function ZY(e){if(e)try{let t=e;try{t=atob(e)}catch{}try{const n=JSON.parse(t);return QY.parse(n)}catch{}}catch{return}}const Rc=async(e,t)=>{const n=e.req.query("auth0Client")?.slice(0,255),r=(e.req.header("x-forwarded-host")&&e.req.header("x-forwarded-for")?e.req.header("x-forwarded-for")?.split(",")[0]?.trim():e.req.header("cf-connecting-ip")||e.req.header("x-real-ip"))?.slice(0,45),o=e.req.header("user-agent")?.slice(0,512),a=e.req.header("cf-ipcountry")?.slice(0,2),c=n?ZY(n):void 0;c&&e.set("auth0_client",c),r&&e.set("ip",r),o&&e.set("useragent",o),a&&e.set("countryCode",a),await t()};function Vm(e,t,n,i){try{const r=`${e}:${t}:${JSON.stringify(n)}`;return i?`${i}:${r}`:r}catch{const o=`${e}:${t}:${Date.now()}-${Math.random()}`;return i?`${i}:${o}`:o}}function wu(e,t){const{cache:n,defaultTtl:i,customTtls:r={},excludeMethods:o=[],cacheEntities:a=[],keyPrefix:c}=t,l=new Set(o),d=a.length===0,u=new Set(a),p={};for(const[f,h]of Object.entries(e)){if(h==null)continue;if(typeof h=="function"){p[f]=h;continue}const g=d||u.has(f),m={};for(const[_,w]of Object.entries(h))if(typeof w=="function"){if(!g){m[_]=w;continue}const y=`${f}:${_}`;if(l.has(y)){m[_]=w;continue}const v=r[y]??i,A=["create","update","remove","delete","set","used","add"].some(b=>_.startsWith(b));m[_]=async(...b)=>{if(A){const z=await w.apply(h,b);try{if(b.length>=2&&["update","remove","delete"].includes(_)){const I=Vm(f,"get",[b[0],b[1]],c);await n.delete(I);const F=Vm(f,"list",[b[0],{}],c);await n.delete(F)}const P=c?`${c}:${f}:`:`${f}:`;await n.deleteByPrefix(P)}catch{}return z}const k=Vm(f,_,b,c),C=await n.get(k);if(C!==null)if(C&&typeof C=="object"&&"isCachedNull"in C){const z=C;return z.isCachedNull?null:z.value}else return C;const $=await w.apply(h,b);if(v>=0)if($!==null)await n.set(k,$,v);else{const z={value:null,isCachedNull:!0};await n.set(k,z,v)}return $}}else m[_]=w;p[f]=m}return p}function Vu(e){if(!e)return;const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:{beforeCreate:ph(t.map(n=>n.beforeCreate),(n,i)=>[n,i],(n,i)=>[n[0],i]),afterCreate:ka(t.map(n=>n.afterCreate)),beforeUpdate:ph(t.map(n=>n.beforeUpdate),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterUpdate:ka(t.map(n=>n.afterUpdate)),beforeDelete:ka(t.map(n=>n.beforeDelete)),afterDelete:ka(t.map(n=>n.afterDelete))}}function ph(e,t,n){const i=e.filter(r=>r!==void 0);if(i.length!==0)return i.length===1?i[0]:async(...r)=>{let o=t(...r),a=o[o.length-1];for(const c of i)a=await c(...o),o=n(o,a);return a}}function ka(e){const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:async(...n)=>{for(const i of t)await i(...n)}}function XY(e){if(!e)return;const t=e.filter(n=>n!==void 0);if(t.length!==0)return t.length===1?t[0]:{beforeAssign:ph(t.map(n=>n.beforeAssign),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterAssign:ka(t.map(n=>n.afterAssign)),beforeRemove:ph(t.map(n=>n.beforeRemove),(n,i,r)=>[n,i,r],(n,i)=>[n[0],n[1],i]),afterRemove:ka(t.map(n=>n.afterRemove))}}function Km(e,t,n){return t?{...e,create:async(i,r)=>{let o=r;t.beforeCreate&&(o=await t.beforeCreate(n,r));const a=await e.create(i,o);return t.afterCreate&&await t.afterCreate(n,a),a},update:async(i,r,o)=>{let a=o;t.beforeUpdate&&(a=await t.beforeUpdate(n,r,o));const c=await e.update(i,r,a);if(t.afterUpdate){let l;typeof c=="boolean"?l=await e.get(i,r):l=c,l&&await t.afterUpdate(n,r,l)}return c},remove:async(i,r)=>{t.beforeDelete&&await t.beforeDelete(n,r);const o=await e.remove(i,r);return t.afterDelete&&o&&await t.afterDelete(n,r),o}}:e}function eQ(e,t,n){return t?{...e,assign:async(i,r,o)=>{let a=o;t.beforeAssign&&(a=await t.beforeAssign(n,r,o));const c=await e.assign(i,r,a);return t.afterAssign&&c&&await t.afterAssign(n,r,a),c},remove:async(i,r,o)=>{let a=o;t.beforeRemove&&(a=await t.beforeRemove(n,r,o));const c=await e.remove(i,r,a);return t.afterRemove&&c&&await t.afterRemove(n,r,a),c}}:e}function tQ(e,t,n){return t?{...e,create:async i=>{let r=i;t.beforeCreate&&(r=await t.beforeCreate(n,i));const o=await e.create(r);return t.afterCreate&&await t.afterCreate(n,o),o},update:async(i,r)=>{let o=r;if(t.beforeUpdate&&(o=await t.beforeUpdate(n,i,r)),await e.update(i,o),t.afterUpdate){const a=await e.get(i);a&&await t.afterUpdate(n,i,a)}},remove:async i=>{t.beforeDelete&&await t.beforeDelete(n,i);const r=await e.remove(i);return t.afterDelete&&r&&await t.afterDelete(n,i),r}}:e}function q8(e,t){const{tenantId:n,entityHooks:i}=t;if(!i)return e;const r={connections:Vu(i.connections),roles:Vu(i.roles),resourceServers:Vu(i.resourceServers),rolePermissions:XY(i.rolePermissions),tenants:Vu(i.tenants)},o={tenantId:n,adapters:e};return{...e,connections:Km(e.connections,r.connections,o),roles:Km(e.roles,r.roles,o),resourceServers:Km(e.resourceServers,r.resourceServers,o),rolePermissions:eQ(e.rolePermissions,r.rolePermissions,o),tenants:tQ(e.tenants,r.tenants,o)}}class nQ{constructor(t={}){this.config=t;const n=t.cleanupIntervalMs;n&&n>0&&(this.cleanupTimer=setInterval(()=>{this.cleanupExpired()},n))}config;cache=new Map;accessOrder=new Map;accessCounter=0;cleanupTimer;async get(t){const n=this.cache.get(t);return n?n.expiresAt&&n.expiresAt<new Date?(this.cache.delete(t),this.accessOrder.delete(t),null):(this.accessOrder.set(t,++this.accessCounter),n.value):null}async set(t,n,i){let r;const o=i??this.config.defaultTtlSeconds,a=o!==void 0,c=a?Math.max(0,o):0;a&&(r=new Date(Date.now()+(c>0?c*1e3:-1))),this.config.maxEntries&&this.cache.size>=this.config.maxEntries&&!this.cache.has(t)&&this.evictLeastRecentlyUsed();const l={value:n,expiresAt:r};this.cache.set(t,l),this.accessOrder.set(t,++this.accessCounter)}async delete(t){const n=this.cache.has(t);return this.cache.delete(t),this.accessOrder.delete(t),n}async deleteByPrefix(t){let n=0;for(const i of this.cache.keys())i.startsWith(t)&&(this.cache.delete(i),this.accessOrder.delete(i),n++);return n}async clear(){this.cache.clear(),this.accessOrder.clear(),this.accessCounter=0}getStats(){return{size:this.cache.size,maxEntries:this.config.maxEntries,defaultTtlSeconds:this.config.defaultTtlSeconds}}cleanupExpired(){const t=new Date,n=[];for(const[i,r]of this.cache.entries())r.expiresAt&&r.expiresAt<t&&n.push(i);for(const i of n)this.cache.delete(i),this.accessOrder.delete(i)}evictLeastRecentlyUsed(){let t=null,n=1/0;for(const[i,r]of this.accessOrder.entries())r<n&&(n=r,t=i);t&&(this.cache.delete(t),this.accessOrder.delete(t))}destroy(){this.cleanupTimer&&(clearInterval(this.cleanupTimer),this.cleanupTimer=void 0)}}function jc(e={}){return new nQ(e)}const iQ=Ct.extend({forms:s.z.array(pa)}),rQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["forms"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:forms"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(pa),iQ])}},description:"List of forms"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.forms.list(t,{page:n,per_page:i,include_totals:r,sort:St(o),q:a});return r?e.json(c):e.json(c.forms)}).openapi(s.createRoute({tags:["forms"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:forms"]}],responses:{200:{content:{"application/json":{schema:pa}},description:"A form"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.forms.get(t,n);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["forms"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:forms"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.forms.remove(t,n))throw new N(404,{message:"Form not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Form",targetType:"form",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["forms"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Lp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:forms"]}],responses:{200:{content:{"application/json":{schema:pa}},description:"The updated form"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json");if(!await e.env.data.forms.update(t,n,i))throw new N(404,{message:"Form not found"});const o=await e.env.data.forms.get(t,n);if(!o)throw new N(404,{message:"Form not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Form",targetType:"form",targetId:n,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["forms"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Lp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:forms"]}],responses:{201:{content:{"application/json":{schema:pa}},description:"A form"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.forms.create(t,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Form",targetType:"form",targetId:i.id,afterState:i}),e.json(i,{status:201})}),oQ=Ct.extend({flows:s.z.array(ua)}),sQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["flows"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:flows"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(ua),oQ])}},description:"List of flows"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.flows.list(t,{page:n,per_page:i,include_totals:r,sort:St(o),q:a});return r?e.json(c):e.json(c.flows)}).openapi(s.createRoute({tags:["flows"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:flows"]}],responses:{200:{content:{"application/json":{schema:ua}},description:"A flow"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.flows.get(t,n);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["flows"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:flows"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.flows.remove(t,n))throw new N(404,{message:"Flow not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Flow",targetType:"flow",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["flows"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Pp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:flows"]}],responses:{200:{content:{"application/json":{schema:ua}},description:"The updated flow"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.flows.update(t,n,i);if(!r)throw new N(404,{message:"Flow not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Flow",targetType:"flow",targetId:n,afterState:r}),e.json(r)}).openapi(s.createRoute({tags:["flows"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Pp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:flows"]}],responses:{201:{content:{"application/json":{schema:ua}},description:"The created flow"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.flows.create(t,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Flow",targetType:"flow",targetId:i.id,afterState:i}),e.json(i,{status:201})}),aQ=Ct.extend({roles:s.z.array(Ko)}),cQ=Ct.extend({permissions:s.z.array(vv)}),lQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["roles"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:roles"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Ko),aQ])}},description:"List of roles"}}}),async e=>{const{page:t,per_page:n,include_totals:i,sort:r,q:o}=e.req.valid("query"),a=e.var.tenant_id;if(!a)throw new N(400,{message:"tenant-id header is required"});const c=await e.env.data.roles.list(a,{page:t,per_page:n,include_totals:i,sort:St(r),q:o});return i?e.json(c):e.json(c.roles)}).openapi(s.createRoute({tags:["roles"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:roles"]}],responses:{200:{content:{"application/json":{schema:Ko}},description:"A role"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!n)throw new N(400,{message:"tenant-id header is required"});const i=await e.env.data.roles.get(n,t);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["roles"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Vp}}}},security:[{Bearer:["create:roles"]}],responses:{201:{content:{"application/json":{schema:Ko}},description:"Role created"}}}),async e=>{const t=e.req.valid("json"),n=e.var.tenant_id;if(!n)throw new N(400,{message:"tenant-id header is required"});const i=await e.env.data.roles.create(n,t);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Role",targetType:"role",targetId:i.id,afterState:i}),e.json(i,{status:201})}).openapi(s.createRoute({tags:["roles"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Vp.partial()}}}},security:[{Bearer:["update:roles"]}],responses:{200:{content:{"application/json":{schema:Ko}},description:"Updated role"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.update(i,t,n))throw new N(404);const o=await e.env.data.roles.get(i,t);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Role",targetType:"role",targetId:t,afterState:o}),e.json(o)}).openapi(s.createRoute({tags:["roles"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:roles"]}],responses:{200:{description:"Status"}}}),async e=>{const{id:t}=e.req.valid("param"),n=e.var.tenant_id;if(!n)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.remove(n,t))throw new N(404);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Role",targetType:"role",targetId:t}),e.text("OK")}).openapi(s.createRoute({tags:["roles"],method:"get",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:dt},security:[{Bearer:["read:roles"]}],responses:{200:{content:{"application/json":{schema:s.z.union([rx,cQ])}},description:"Role permissions"}}}),async e=>{const{id:t}=e.req.valid("param"),{page:n,per_page:i,include_totals:r,sort:o,q:a}=e.req.valid("query"),c=e.var.tenant_id;if(!c)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(c,t))throw new N(404,{message:"Role not found"});if(r){const u=await e.env.data.rolePermissions.list(c,t,{per_page:1e4,sort:St(o),q:a}),p=i??50,f=(n??0)*p,h=u.slice(f,f+p);return e.json({permissions:h,total:u.length,start:f,limit:p,length:h.length})}const d=await e.env.data.rolePermissions.list(c,t,{page:n,per_page:i,include_totals:!1,sort:St(o),q:a});return e.json(d)}).openapi(s.createRoute({tags:["roles"],method:"post",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:roles"]}],responses:{204:{description:"Permissions assigned to role"}}}),async e=>{const{id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(i,t))throw new N(404,{message:"Role not found"});const o=n.map(c=>({role_id:t,resource_server_identifier:c.resource_server_identifier,permission_name:c.permission_name}));if(!await e.env.data.rolePermissions.assign(i,t,o))throw new N(500,{message:"Failed to assign permissions to role"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Assign Permissions to a Role",targetType:"role_permission",targetId:t}),e.body(null,204)}).openapi(s.createRoute({tags:["roles"],method:"delete",path:"/{id}/permissions",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({permissions:s.z.array(s.z.object({permission_name:s.z.string(),resource_server_identifier:s.z.string()}))})}}}},security:[{Bearer:["update:roles"]}],responses:{200:{description:"Permissions removed from role"}}}),async e=>{const{id:t}=e.req.valid("param"),{permissions:n}=e.req.valid("json"),i=e.var.tenant_id;if(!i)throw new N(400,{message:"tenant-id header is required"});if(!await e.env.data.roles.get(i,t))throw new N(404,{message:"Role not found"});if(!await e.env.data.rolePermissions.remove(i,t,n))throw new N(500,{message:"Failed to remove permissions from role"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Remove Permissions from a Role",targetType:"role_permission",targetId:t}),e.json({message:"Permissions removed successfully"})}),dQ=Ct.extend({resource_servers:s.z.array(Vo)});async function Gm(e,t,n){const i=await e.env.data.resourceServers.get(t,n);return i||((await e.env.data.resourceServers.list(t,{})).resource_servers.find(o=>o.identifier===n)??null)}const uQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["resource-servers"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:resource_servers"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Vo),dQ])}},description:"List of resource servers"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,sort:o,q:a}=e.req.valid("query"),c=await e.env.data.resourceServers.list(t,{page:n,per_page:i,include_totals:r,sort:St(o),q:a});return r?e.json(c):e.json(c.resource_servers)}).openapi(s.createRoute({tags:["resource-servers"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:resource_servers"]}],responses:{200:{content:{"application/json":{schema:Vo}},description:"A resource server"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await Gm(e,t,n);if(!i)throw new N(404);return e.json(i)}).openapi(s.createRoute({tags:["resource-servers"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:resource_servers"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await Gm(e,t,n);if(!i)throw new N(404,{message:"Resource server not found"});if(i.is_system)throw new N(403,{message:"System entities cannot be deleted"});return await e.env.data.resourceServers.remove(t,i.id),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Resource Server",targetType:"resource_server",targetId:i.id,beforeState:i}),e.text("OK")}).openapi(s.createRoute({tags:["resource-servers"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:s.z.object(Hp.shape).partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:resource_servers"]}],responses:{200:{content:{"application/json":{schema:Vo}},description:"The updated resource server"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await Gm(e,t,n);if(!r)throw new N(404,{message:"Resource server not found"});if(r.is_system)throw new N(403,{message:"System entities cannot be modified"});const o=r.id;await e.env.data.resourceServers.update(t,o,i);const a=await e.env.data.resourceServers.get(t,o);if(!a)throw new N(404,{message:"Resource server not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Resource Server",targetType:"resource_server",targetId:a.id,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["resource-servers"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(Hp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:resource_servers"]}],responses:{201:{content:{"application/json":{schema:Vo}},description:"A resource server"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.resourceServers.create(t,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Resource Server",targetType:"resource_server",targetId:i.id,afterState:i}),e.json(i,{status:201})}),pQ=s.z.object({per_page:s.z.string().min(1).optional().default("50").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),page:s.z.string().min(0).optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"Return results inside an object that contains the total result count (true) or as a direct array of results (false, default)."}),from:s.z.string().optional().openapi({description:"Optional Id from which to start selection."}),take:s.z.string().min(1).optional().transform(e=>e?parseInt(e,10):void 0).openapi({description:"Number of results per page. Defaults to 50."}),audience:s.z.string().optional().openapi({description:"Optional filter on audience."}),client_id:s.z.string().optional().openapi({description:"Optional filter on client_id."}),allow_any_organization:s.z.string().optional().transform(e=>e==="true"?!0:e==="false"?!1:void 0).openapi({description:"Optional filter on allow_any_organization."}),subject_type:s.z.enum(["client","user"]).optional().openapi({description:"EA The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."})}),fQ=Ct.extend({client_grants:s.z.array(Ho)}),hQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["client-grants"],method:"get",path:"/",request:{query:pQ,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:client_grants"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Ho),fQ])}},description:"List of client grants"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r=!1,from:o,take:a,audience:c,client_id:l,allow_any_organization:d,subject_type:u}=e.req.valid("query"),p=[];l&&p.push(`client_id:"${l}"`),c&&p.push(`audience:"${c}"`),d!==void 0&&p.push(`allow_any_organization:${d}`),u&&p.push(`subject_type:"${u}"`),o&&p.push(`id:>${o}`);const f=p.length>0?p.join(" AND "):void 0,h=a??i,g=await e.env.data.clientGrants.list(t,{page:n,per_page:h,include_totals:r,q:f});return r?e.json(g):e.json(g.client_grants)}).openapi(s.createRoute({tags:["client-grants"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:client_grants"]}],responses:{200:{content:{"application/json":{schema:Ho}},description:"A client grant"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.clientGrants.get(t,n);if(!i)throw new N(404,{message:"Client grant not found"});return e.json(i)}).openapi(s.createRoute({tags:["client-grants"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:client_grants"]}],responses:{200:{description:"Status"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.clientGrants.remove(t,n))throw new N(404,{message:"Client grant not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete a Client Grant",targetType:"client_grant",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["client-grants"],method:"patch",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),body:{content:{"application/json":{schema:s.z.object(jp.shape).partial()}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:client_grants"]}],responses:{200:{content:{"application/json":{schema:Ho}},description:"The updated client grant"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.clientGrants.get(t,n);if(!r)throw new N(404,{message:"Client grant not found"});if(!await e.env.data.clientGrants.update(t,n,i))throw new N(500,{message:"Failed to update client grant"});const a=await e.env.data.clientGrants.get(t,n);if(!a)throw new N(404,{message:"Client grant not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update a Client Grant",targetType:"client_grant",targetId:n,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["client-grants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:s.z.object(jp.shape)}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:client_grants"]}],responses:{201:{content:{"application/json":{schema:Ho}},description:"A client grant"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.clientGrants.create(t,n);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create a Client Grant",targetType:"client_grant",targetId:i.id,afterState:i}),e.json(i,{status:201})});function gQ(e){const t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function H8(e){const t=new TextEncoder().encode(e);return of(await Nh(t))}async function V8(){const e=Bt.encode(gQ(32),{includePadding:!1}),t=await H8(e);return{id:Fe(),token:e,token_hash:t}}const mQ=300;async function K8(e,t,n={}){const i=await V8(),r=n.expires_in_seconds??mQ,o=new Date(Date.now()+r*1e3).toISOString(),a=await e.create(t,{id:i.id,token_hash:i.token_hash,type:"iat",sub:n.sub,constraints:n.constraints,single_use:n.single_use??!0,expires_at:o});return{id:i.id,token:i.token,expires_at:o,record:a}}async function G8(e,t,n,i){const r=await H8(n),o=await e.getByHash(t,r);return o?o.type!==i?{ok:!1,failure:"wrong_type"}:o.revoked_at?{ok:!1,failure:"revoked"}:o.expires_at&&new Date(o.expires_at).getTime()<=Date.now()?{ok:!1,failure:"expired"}:o.single_use&&o.used_at?{ok:!1,failure:"already_used"}:{ok:!0,token:o}:{ok:!1,failure:"not_found"}}function Wm(e,t){return`${On(e.env,e.var.custom_domain)}oidc/register/${t}`}async function Ku(e){const t=await e.env.data.tenants.get(e.var.tenant_id);if(!t)throw new H(404,{error:"invalid_request",error_description:"Tenant not found"});return t}function Gu(e){if(!e.flags?.enable_dynamic_client_registration)throw new H(404,{error:"invalid_request",error_description:"Dynamic Client Registration is not enabled"})}function lc(e){if(!e.clientRegistrationTokens)throw new H(500,{error:"server_error",error_description:"Dynamic Client Registration requires a clientRegistrationTokens adapter"});return e.clientRegistrationTokens}async function yQ(e,t){const n=e.req.header("authorization"),i=A1(n);if(i){const r=await G8(lc(e.env.data),e.var.tenant_id,i,"iat");if(!r.ok||!r.token)throw new H(401,{error:"invalid_token",error_description:`Initial access token ${r.failure??"invalid"}`});return r.token}if(t.flags?.dcr_require_initial_access_token!==!1)throw new H(401,{error:"invalid_token",error_description:"Initial access token required"})}async function Jm(e,t){const n=A1(e.req.header("authorization"));if(!n)throw new H(401,{error:"invalid_token",error_description:"Registration access token required"});const i=await G8(lc(e.env.data),e.var.tenant_id,n,"rat");if(!i.ok||!i.token)throw new H(401,{error:"invalid_token",error_description:`Registration access token ${i.failure??"invalid"}`});if(i.token.client_id!==t)throw new H(401,{error:"invalid_token",error_description:"Registration access token is not bound to this client"});return i.token}function Ym(e){return e.client_metadata?.status==="deleted"}function _Q(){return Fe(24)}function wQ(){return Fe(43)}const vQ=s.z.object({sub:s.z.string().optional().openapi({description:"User ID to bind the IAT to (optional)"}),constraints:s.z.record(s.z.unknown()).optional().openapi({description:"Pre-bound metadata that the registration request must match exactly (or omit, in which case the value is filled in from this map)"}),expires_in_seconds:s.z.number().int().min(30).max(3600*24).optional().openapi({description:"Token TTL in seconds. Default 300 (5 minutes)."}),single_use:s.z.boolean().optional().openapi({description:"Whether the IAT is invalidated after first use. Default true."})}),bQ=s.z.object({id:s.z.string(),token:s.z.string(),expires_at:s.z.string(),sub:s.z.string().optional(),constraints:s.z.record(s.z.unknown()).optional(),single_use:s.z.boolean()}),AQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["client-registration-tokens"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:vQ}}}},security:[{Bearer:["create:client_registration_tokens"]}],responses:{201:{content:{"application/json":{schema:bQ}},description:"Initial Access Token issued. The `token` field is shown once and not retrievable later."}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await K8(lc(e.env.data),t,{sub:n.sub,constraints:n.constraints,expires_in_seconds:n.expires_in_seconds,single_use:n.single_use});return await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"DCR Initial Access Token issued via Management API",targetType:"client_registration_token",targetId:i.id,userId:n.sub}),e.json({id:i.id,token:i.token,expires_at:i.expires_at,sub:i.record.sub,constraints:i.record.constraints,single_use:i.record.single_use},201)}),kQ=s.z.object({page:s.z.string().optional().default("0").transform(e=>parseInt(e,10)).openapi({description:"Page index of the results to return. First page is 0."}),per_page:s.z.string().optional().default("50").transform(e=>parseInt(e,10)).openapi({description:"Number of results per page. Defaults to 50."}),include_totals:s.z.string().optional().default("false").transform(e=>e==="true").openapi({description:"When true, return results inside an object that also contains the start and limit. When false (default), a direct array of results is returned."}),fields:s.z.string().optional().openapi({description:"Comma-separated list of fields to include or exclude (based on value provided for include_fields) in the result. Leave empty to retrieve all fields."}),include_fields:s.z.string().optional().default("true").transform(e=>e==="true").openapi({description:"Whether specified fields are to be included (true) or excluded (false). Defaults to true."}),sort:s.z.string().optional().default("created_at:-1").openapi({description:"Field to sort by. Use field:order where order is 1 for ascending and -1 for descending. Defaults to created_at:-1."})}),SQ=s.z.object({invitations:s.z.array(Ml),start:s.z.number(),limit:s.z.number(),length:s.z.number()}),EQ=fv.omit({organization_id:!0,invitation_url:!0}),CQ=Ct.extend({organizations:s.z.array(Vr)}),S1=s.z.object({user_id:s.z.string().openapi({description:"ID of this user"}),email:s.z.string().email().optional().openapi({description:"Email address of this user",format:"email"}),roles:s.z.array(s.z.object({})).default([]).openapi({description:"Array of roles assigned to this user in the organization"})}),TQ=s.z.object({start:s.z.number().openapi({description:"Start index of the current page"}),limit:s.z.number().openapi({description:"Number of items per page"}),total:s.z.number().openapi({description:"Total number of members"}),members:s.z.array(S1).openapi({description:"Array of organization members"})}),xQ=s.z.object({next:s.z.string().optional().openapi({description:"Checkpoint ID to be used to retrieve the next set of results"}),members:s.z.array(S1).openapi({description:"Array of organization members"})}),IQ=s.z.object({members:s.z.array(s.z.string()).openapi({description:"Array of user IDs to add to the organization"})}),$Q=s.z.object({members:s.z.array(s.z.string()).openapi({description:"Array of user IDs to remove from the organization"})}),zQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["organizations"],method:"get",path:"/",request:{query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:s.z.union([CQ,s.z.array(Vr)])}},description:"List of organizations"}}}),async e=>{const t=e.var.tenant_id,{page:n,per_page:i,include_totals:r,sort:o,q:a,from:c,take:l}=e.req.valid("query"),d=await e.env.data.organizations.list(t,{page:n,per_page:i,include_totals:r,sort:St(o),q:a,from:c,take:l});return r?e.json(d):e.json(d.organizations)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:Vr}},description:"An organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=await e.env.data.organizations.get(t,n);if(!i)throw new N(404,{message:"Organization not found"});return e.json(i)}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:organizations"]}],responses:{200:{description:"Organization deleted successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param");if(!await e.env.data.organizations.remove(t,n))throw new N(404,{message:"Organization not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete an Organization",targetType:"organization",targetId:n}),e.text("OK")}).openapi(s.createRoute({tags:["organizations"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:Gp.partial()}}},params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations"]}],responses:{200:{content:{"application/json":{schema:Vr}},description:"The updated organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});if(!await e.env.data.organizations.update(t,n,i))throw new N(404,{message:"Organization not found"});const a=await e.env.data.organizations.get(t,n);if(!a)throw new N(404,{message:"Organization not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update an Organization",targetType:"organization",targetId:n,beforeState:r,afterState:a}),e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:Gp}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["create:organizations"]}],responses:{201:{content:{"application/json":{schema:Vr}},description:"The created organization"}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i={...n,id:n.id||YR()},r=await e.env.data.organizations.create(t,i);return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create an Organization",targetType:"organization",targetId:r.id,afterState:r}),e.json(r,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),query:dt,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(S1),TQ,xQ])}},description:"List of organization members"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,include_totals:o,sort:a}=e.req.valid("query"),c=await e.env.data.organizations.get(t,n);if(!c)throw new N(404,{message:"Organization not found"});const l=await e.env.data.userOrganizations.list(t,{page:i,per_page:r,include_totals:o,sort:St(a),q:`organization_id:${c.id}`}),d=[];for(const u of l.userOrganizations){const p=await e.env.data.users.get(t,u.user_id);p&&d.push({user_id:p.user_id,email:p.email||void 0,roles:[]})}return o?e.json({start:l.start,limit:l.limit,total:l.length,members:d}):e.json(d)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:IQ}}}},security:[{Bearer:["update:organizations"]}],responses:{204:{description:"Members added successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{members:i}=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});for(const o of i)(await e.env.data.userOrganizations.list(t,{q:`user_id:${o}`,per_page:1})).userOrganizations.some(l=>l.organization_id===r.id)||await e.env.data.userOrganizations.create(t,{user_id:o,organization_id:r.id});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Add Members to an Organization",targetType:"organization_member",targetId:r.id}),new Response(null,{status:204})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/members",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:$Q}}}},security:[{Bearer:["update:organizations"]}],responses:{200:{description:"Members removed successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{members:i}=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});for(const o of i){const c=(await e.env.data.userOrganizations.list(t,{q:`user_id:${o}`,per_page:100})).userOrganizations.find(l=>l.organization_id===r.id);c&&await e.env.data.userOrganizations.remove(t,c.id)}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Remove Members from an Organization",targetType:"organization_member",targetId:r.id}),e.json({message:"Members removed successfully"})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:dt},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:Kp}},description:"User roles in organization"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param");if(!await e.env.data.organizations.get(t,n))throw new N(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new N(404,{message:"User not found"});const a=await e.env.data.userRoles.list(t,i,void 0,n);return e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string()).openapi({description:"List of role IDs to associate with the user"})})}}}},security:[{Bearer:["update:organizations"]}],responses:{201:{description:"Roles assigned successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param"),{roles:r}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new N(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new N(404,{message:"User not found"});for(const c of r){if(!await e.env.data.roles.get(t,c))throw new N(400,{message:`Role ${c} not found`});if(!await e.env.data.userRoles.create(t,i,c,n))throw new N(500,{message:`Failed to assign role ${c} to user`})}return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Assign Roles to an Organization Member",targetType:"organization_member_role",targetId:i}),e.json({message:"Roles assigned successfully"},{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/members/{user_id}/roles",request:{params:s.z.object({id:s.z.string(),user_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({roles:s.z.array(s.z.string()).openapi({description:"List of role IDs to remove from the user"})})}}}},security:[{Bearer:["update:organizations"]}],responses:{200:{description:"Roles removed successfully"}}}),async e=>{const t=e.var.tenant_id,{id:n,user_id:i}=e.req.valid("param"),{roles:r}=e.req.valid("json");if(!await e.env.data.organizations.get(t,n))throw new N(404,{message:"Organization not found"});if(!await e.env.data.users.get(t,i))throw new N(404,{message:"User not found"});for(const c of r)if(!await e.env.data.userRoles.remove(t,i,c,n))throw new N(500,{message:`Failed to remove role ${c} from user`});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Remove Roles from an Organization Member",targetType:"organization_member_role",targetId:i}),e.json({message:"Roles removed successfully"})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/roles",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:dt},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:Kp}},description:"List of roles available in organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,sort:o,q:a}=e.req.valid("query");if(!await e.env.data.organizations.get(t,n))throw new N(404,{message:"Organization not found"});const l=await e.env.data.roles.list(t,{page:i,per_page:r,sort:St(o),q:a});return e.json(l.roles)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/invitations",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}})}),query:kQ,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:s.z.union([s.z.array(Ml),SQ])}},description:"List of organization invitations"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{page:i,per_page:r,include_totals:o,fields:a,include_fields:c,sort:l}=e.req.valid("query"),d=await e.env.data.organizations.get(t,n);if(!d)throw new N(404,{message:"Organization not found"});let p=(await e.env.data.invites.list(t,{page:i,per_page:r})).invites.filter(f=>f.organization_id===d.id);if(l){const f=St(l);if(f){const{sort_by:h,sort_order:g}=f;p.sort((m,_)=>{const w=m[h],y=_[h];if(w===void 0||y===void 0||w===y)return 0;const v=w<y?-1:1;return g==="asc"?v:-v})}}if(a){const f=a.split(",").map(h=>h.trim());p=p.map(h=>{const g={};for(const m of Object.keys(h))(c?f.includes(m):!f.includes(m))&&(g[m]=h[m]);return g})}return o?e.json({invitations:p,start:i*r,limit:r,length:p.length}):e.json(p)}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/invitations/{invitation_id}",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}}),invitation_id:s.z.string().openapi({description:"Invitation ID",param:{name:"invitation_id",in:"path"}})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organizations"]}],responses:{200:{content:{"application/json":{schema:Ml}},description:"An invitation"},404:{description:"Invitation not found"}}}),async e=>{const t=e.var.tenant_id,{id:n,invitation_id:i}=e.req.valid("param"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});const o=await e.env.data.invites.get(t,i);if(!o||o.organization_id!==r.id)throw new N(404,{message:"Invitation not found"});return e.json(o)}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/invitations",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}})}),body:{content:{"application/json":{schema:EQ}}},headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations"]}],responses:{201:{content:{"application/json":{schema:Ml}},description:"The created invitation"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});const o=ZR(),a=Wt(e.env,e.var.custom_domain),c=new URL("u2/accept-invitation",a);c.searchParams.set("invitation",o),c.searchParams.set("organization",r.id);const l=c.toString(),d={...i,id:o,organization_id:r.id,invitation_url:l},u=await e.env.data.invites.create(t,d);if(await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create an Organization Invitation",targetType:"invitation",targetId:u.id,afterState:u}),i.send_invitation_email!==!1&&i.invitee?.email)try{await uG(e,{to:i.invitee.email,invitationUrl:l,inviterName:i.inviter?.name,organizationName:r.display_name||r.name||r.id,ttlSec:i.ttl_sec??604800})}catch(p){console.error(`[invitations] failed to send invitation email for ${u.id}:`,p)}return e.json(u,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/invitations/{invitation_id}",request:{params:s.z.object({id:s.z.string().openapi({description:"Organization ID",param:{name:"id",in:"path"}}),invitation_id:s.z.string().openapi({description:"Invitation ID",param:{name:"invitation_id",in:"path"}})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["update:organizations"]}],responses:{204:{description:"Invitation deleted successfully"},404:{description:"Invitation not found"}}}),async e=>{const t=e.var.tenant_id,{id:n,invitation_id:i}=e.req.valid("param"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});const o=await e.env.data.invites.get(t,i);if(!o||o.organization_id!==r.id)throw new N(404,{message:"Invitation not found"});if(!await e.env.data.invites.remove(t,i))throw new N(404,{message:"Invitation not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete an Organization Invitation",targetType:"invitation",targetId:i}),e.body(null,{status:204})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/enabled_connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),query:s.z.object({include_totals:s.z.string().optional().transform(e=>e==="true").openapi({deprecated:!0,description:"Ignored for compatibility; the connections/total/start/limit/length wrapper is always returned."}),page:s.z.string().optional().transform(e=>e?parseInt(e,10):0),per_page:s.z.string().optional().transform(e=>e?parseInt(e,10):50)})},security:[{Bearer:["read:organization_connections"]}],responses:{200:{content:{"application/json":{schema:Ct.extend({connections:s.z.array(ya)})}},description:"Connections enabled for the organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),{include_totals:i,page:r,per_page:o}=e.req.valid("query"),a=await e.env.data.organizations.get(t,n);if(!a)throw new N(404,{message:"Organization not found"});const c=await e.env.data.organizationConnections.list(t,a.id),l=r*o,d=c.slice(l,l+o);return e.json({connections:d,total:c.length,start:l,limit:o,length:d.length})}).openapi(s.createRoute({tags:["organizations"],method:"post",path:"/{id}/enabled_connections",request:{params:s.z.object({id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Wp}}}},security:[{Bearer:["create:organization_connections"]}],responses:{201:{content:{"application/json":{schema:ya}},description:"Connection enabled for the organization"}}}),async e=>{const t=e.var.tenant_id,{id:n}=e.req.valid("param"),i=e.req.valid("json"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});if(!await e.env.data.connections.get(t,i.connection_id))throw new N(400,{message:`Connection ${i.connection_id} not found`});if(await e.env.data.organizationConnections.get(t,r.id,i.connection_id))throw new N(409,{message:"Connection already enabled for this organization"});const c=await e.env.data.organizationConnections.create(t,r.id,i);return await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Enable an Organization Connection",targetType:"organization_connection",targetId:`${r.id}:${i.connection_id}`}),e.json(c,{status:201})}).openapi(s.createRoute({tags:["organizations"],method:"get",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:organization_connections"]}],responses:{200:{content:{"application/json":{schema:ya}},description:"An enabled organization connection"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});const o=await e.env.data.organizationConnections.get(t,r.id,i);if(!o)throw new N(404,{message:"Organization connection not found"});return e.json(o)}).openapi(s.createRoute({tags:["organizations"],method:"patch",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Wp.omit({connection_id:!0}).partial()}}}},security:[{Bearer:["update:organization_connections"]}],responses:{200:{content:{"application/json":{schema:ya}},description:"Updated organization connection"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=e.req.valid("json"),o=await e.env.data.organizations.get(t,n);if(!o)throw new N(404,{message:"Organization not found"});const a=await e.env.data.organizationConnections.update(t,o.id,i,r);if(!a)throw new N(404,{message:"Organization connection not found"});return await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Update an Organization Connection",targetType:"organization_connection",targetId:`${o.id}:${i}`}),e.json(a)}).openapi(s.createRoute({tags:["organizations"],method:"delete",path:"/{id}/enabled_connections/{connection_id}",request:{params:s.z.object({id:s.z.string(),connection_id:s.z.string()}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["delete:organization_connections"]}],responses:{204:{description:"Connection disabled"}}}),async e=>{const t=e.var.tenant_id,{id:n,connection_id:i}=e.req.valid("param"),r=await e.env.data.organizations.get(t,n);if(!r)throw new N(404,{message:"Organization not found"});if(!await e.env.data.organizationConnections.remove(t,r.id,i))throw new N(404,{message:"Organization connection not found"});return await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Disable an Organization Connection",targetType:"organization_connection",targetId:`${r.id}:${i}`}),e.body(null,{status:204})});function dE(e){return`${e.slice(0,4)}-${e.slice(4,6)}-${e.slice(6,8)}`}function Iw(e){return e.toISOString().split("T")[0]}function NQ(e,t,n){const i=new Map(e.map(c=>[c.date,c])),r=[],o=new Date(`${t}T00:00:00.000Z`),a=new Date(`${n}T00:00:00.000Z`);for(let c=o;c<=a;c.setUTCDate(c.getUTCDate()+1)){const l=Iw(c),d=i.get(l);if(d)r.push(d);else{const u=`${l}T00:00:00.000Z`;r.push({date:l,logins:0,signups:0,leaked_passwords:0,created_at:u,updated_at:u})}}return r}const PQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["stats"],method:"get",path:"/daily",request:{query:s.z.object({from:s.z.string().optional().openapi({description:"Optional first day of the date range (inclusive) in YYYYMMDD format",example:"20251120"}),to:s.z.string().optional().openapi({description:"Optional last day of the date range (inclusive) in YYYYMMDD format",example:"20251219"})}),headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats"]}],responses:{200:{content:{"application/json":{schema:s.z.array(gx)}},description:"Daily statistics including logins, signups, and leaked passwords"}}}),async e=>{const{from:t,to:n}=e.req.valid("query");if(!e.env.data.stats)throw new N(501,{message:"Stats adapter not configured"});const i=new Date,r=new Date(i);r.setUTCDate(r.getUTCDate()-30);const o=t?dE(t):Iw(r),a=n?dE(n):Iw(i),c=await e.env.data.stats.getDaily(e.var.tenant_id,{from:o,to:a});return e.json(NQ(c,o,a))}).openapi(s.createRoute({tags:["stats"],method:"get",path:"/active-users",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats"]}],responses:{200:{content:{"application/json":{schema:s.z.number().openapi({description:"Number of active users in the last 30 days",example:1234})}},description:"Number of active users in the last 30 days"}}}),async e=>{if(!e.env.data.stats)throw new N(501,{message:"Stats adapter not configured"});const t=await e.env.data.stats.getActiveUsers(e.var.tenant_id);return e.json(t)}),FQ={"active-users":["time","connection","client_id","user_type"],logins:["time","connection","client_id","user_type","event"],signups:["time","connection","client_id","user_type","event"],"refresh-tokens":["time","client_id","event"],sessions:["time","client_id"]},uE=["hour","day","week","month"],pE=["password","social","passwordless","enterprise"],OQ={"active-users":"active_users",logins:"logins",signups:"signups","refresh-tokens":"refresh_tokens",sessions:"sessions"},RQ=1e4,jQ=1e3,fE=5e4,DQ=720*60*60*1e3;class ri extends Error{constructor(t,n){super(n),this.param=t,this.detail=n}param;detail}function hE(e,t){const n=new Date(e);if(Number.isNaN(n.getTime()))throw new ri(t,`'${t}' must be an ISO 8601 datetime`);return n.toISOString()}function gE(e,t,n,{min:i,max:r}){if(e===void 0)return n;const o=Number.parseInt(e,10);if(!Number.isFinite(o)||String(o)!==e)throw new ri(t,`'${t}' must be an integer`);if(o<i||o>r)throw new ri(t,`'${t}' must be between ${i} and ${r}`);return o}function LQ(e,t,n){const i=new Date,r=new Date(i.getTime()-720*60*60*1e3),o=t("from"),a=t("to"),c=o?hE(o,"from"):r.toISOString(),l=a?hE(a,"to"):i.toISOString(),d=new Date(c).getTime(),u=new Date(l).getTime();if(u<=d)throw new ri("to","'to' must be after 'from'");const p=t("interval");let f="day";if(p){if(!uE.includes(p))throw new ri("interval",`'interval' must be one of: ${uE.join(", ")}`);f=p}if(f==="hour"&&u-d>DQ)throw new ri("interval","interval=hour is only allowed for ranges of 30 days or less");const h=t("tz")||"UTC",m=(t("group_by")||"").split(",").map(C=>C.trim()).filter(Boolean),_=new Set(FQ[e]);for(const C of m)if(!_.has(C))throw new ri("group_by",`group_by value '${C}' is not valid for /analytics/${e}. Allowed: ${[..._].join(", ")}`);const w=n("user_type");for(const C of w)if(!pE.includes(C))throw new ri("user_type",`user_type value '${C}' is not valid. Allowed: ${pE.join(", ")}`);const y={connection:n("connection"),client_id:n("client_id"),user_type:w,user_id:n("user_id")},v=gE(t("limit"),"limit",jQ,{min:1,max:RQ}),A=gE(t("offset"),"offset",0,{min:0,max:1e6});if(m.length===0&&v>fE)throw new ri("limit",`ungrouped queries may not request more than ${fE} rows; add group_by or lower limit`);const b=t("order_by");let k;if(b){const $=b.startsWith("-")?b.slice(1):b,z=new Set([...m,OQ[e]]);if(!z.has($))throw new ri("order_by",`'order_by' column '${$}' is not selectable. Allowed: ${[...z].join(", ")}`);k=b}return{from:c,to:l,interval:f,tz:h,filters:y,group_by:m,limit:v,offset:A,order_by:k}}function BQ(e,t=Date.now()){const n=new Date(e).getTime(),i=t-3600*1e3,r=new Date(t);r.setUTCHours(0,0,0,0),r.setUTCDate(r.getUTCDate()-1);const o=t-1440*60*1e3;return n>=i?60:n>=o?300:n<r.getTime()?1440*60:3600}function MQ(e,t,n){const i={from:n.from,to:n.to,interval:n.interval,tz:n.tz,group_by:[...n.group_by].sort(),filters:{connection:[...n.filters.connection||[]].sort(),client_id:[...n.filters.client_id||[]].sort(),user_type:[...n.filters.user_type||[]].sort(),user_id:[...n.filters.user_id||[]].sort()},limit:n.limit,offset:n.offset,order_by:n.order_by||""};return`analytics:${e}:${t}:${JSON.stringify(i)}`}const UQ=s.z.object({from:s.z.string().datetime().optional().openapi({description:"Inclusive lower bound, ISO 8601 datetime"}),to:s.z.string().datetime().optional().openapi({description:"Exclusive upper bound, ISO 8601 datetime"}),interval:s.z.enum(["hour","day","week","month"]).optional().openapi({description:"Time bucket size for time-grouped queries"}),tz:s.z.string().optional().openapi({description:"IANA timezone, e.g. Europe/Madrid"}),group_by:s.z.string().optional().openapi({description:"Comma-separated dimensions, e.g. 'time,connection'"}),connection:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional().openapi({description:"Repeatable. Filter to one or more connection names."}),client_id:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional().openapi({description:"Repeatable. Filter to one or more client IDs."}),user_type:s.z.union([s.z.enum(["password","social","passwordless","enterprise"]),s.z.array(s.z.enum(["password","social","passwordless","enterprise"]))]).optional().openapi({description:"Repeatable."}),user_id:s.z.union([s.z.string(),s.z.array(s.z.string())]).optional().openapi({description:"Repeatable."}),limit:s.z.string().optional().openapi({description:"Max 10000"}),offset:s.z.string().optional(),order_by:s.z.string().optional().openapi({description:"Column name, prefix with '-' for descending"})});function qQ(e={}){const t=e.cache,n=new s.OpenAPIHono;function i(a){return s.createRoute({tags:["analytics"],method:"get",path:`/${a}`,request:{query:UQ,headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:stats"]}],responses:{200:{content:{"application/json":{schema:_x}},description:`${a} analytics`},400:{content:{"application/json":{schema:s.z.any()}},description:"Invalid request"}}})}const r=a=>async c=>{if(!c.env.data.analytics)throw new N(501,{message:"Analytics adapter not configured"});let l;try{l=LQ(a,f=>c.req.query(f)??void 0,f=>c.req.queries(f)??[])}catch(f){if(f instanceof ri)return c.json({type:"https://authhero.net/errors/invalid-parameter",title:"Invalid parameter",status:400,detail:f.detail,param:f.param},400);throw f}const d=c.var.tenant_id,u=t?MQ(d,a,l):null;if(t&&u){const f=await t.get(u);if(f!==null)return c.header("X-Cache","HIT"),c.json(f)}const p=await c.env.data.analytics.query(d,a,l);if(t&&u){const f=BQ(l.to);t.set(u,p,f).catch(()=>{}),c.header("X-Cache","MISS"),c.header("Cache-Control",`public, max-age=${f}`)}return c.json(p)},o=["active-users","logins","signups","refresh-tokens","sessions"];for(const a of o)n.openapi(i(a),r(a));return n}const Ap=["sms","otp","email","push-notification","webauthn-roaming","webauthn-platform","recovery-code","duo"];function Qm(e){return e.replace(/-/g,"_")}const $w=s.z.object({name:s.z.enum(Ap),enabled:s.z.boolean(),trial_expired:s.z.boolean().optional()}),HQ=s.z.array($w),VQ=s.z.object({enabled:s.z.boolean()}),Zm=s.z.object({provider:s.z.enum(["twilio","vonage","aws_sns","phone_message_hook"])}),Xm=s.z.object({sid:s.z.string().optional(),auth_token:s.z.string().optional(),from:s.z.string().optional(),messaging_service_sid:s.z.string().optional()}),KQ=s.z.object({message_type:s.z.enum(["sms","voice"])}),GQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:HQ}},description:"List of MFA factors"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.factors,i=Ap.map(r=>{const o=Qm(r);return{name:r,enabled:!!n?.[o],trial_expired:!1}});return e.json(i)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/sms/selected-provider",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:Zm}},description:"Selected SMS provider"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.sms_provider?.provider||"twilio";return e.json({provider:n})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/sms/selected-provider",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Zm}}}},security:[{Bearer:["update:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:Zm}},description:"Updated SMS provider selection"}}}),async e=>{const{provider:t}=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Tenant not found"});return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,sms_provider:{provider:t}}}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Set SMS Provider",targetType:"guardian",targetId:e.var.tenant_id}),e.json({provider:t})}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/sms/providers/twilio",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:Xm}},description:"Twilio provider configuration"}}}),async e=>{const n=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.twilio||{};return e.json({sid:n.sid,auth_token:n.auth_token?"********":void 0,from:n.from,messaging_service_sid:n.messaging_service_sid})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/sms/providers/twilio",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:Xm}}}},security:[{Bearer:["update:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:Xm}},description:"Updated Twilio configuration"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Tenant not found"});const i=n.mfa?.twilio||{},r={...i,...t,auth_token:t.auth_token&&t.auth_token!=="********"?t.auth_token:i.auth_token};return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,twilio:r}}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Configure Twilio Provider",targetType:"guardian",targetId:e.var.tenant_id}),e.json({sid:r.sid,auth_token:r.auth_token?"********":void 0,from:r.from,messaging_service_sid:r.messaging_service_sid})}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/phone/message-types",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:s.z.array(KQ)}},description:"Available message types"}}}),async e=>{const t=[{message_type:"sms"}];return e.json(t)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/policies",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.string())}},description:"Current MFA policies"}}}),async e=>(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.policy==="always"?e.json(["all-applications"]):e.json([])).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/policies",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.array(s.z.string())}}}},security:[{Bearer:["update:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:s.z.array(s.z.string())}},description:"Updated MFA policies"}}}),async e=>{const t=e.req.valid("json"),n=await e.env.data.tenants.get(e.var.tenant_id);if(!n)throw new N(404,{message:"Tenant not found"});const i=t.includes("all-applications")?"always":"never";return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...n.mfa,policy:i}}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Set Guardian Policies",targetType:"guardian",targetId:e.var.tenant_id}),e.json(i==="always"?["all-applications"]:[])}).openapi(s.createRoute({tags:["guardian"],method:"post",path:"/enrollments/ticket",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:s.z.object({user_id:s.z.string(),send_mail:s.z.boolean().optional(),email:s.z.string().email().optional()})}}}},security:[{Bearer:["create:guardian_enrollment_tickets"]}],responses:{201:{content:{"application/json":{schema:s.z.object({ticket_id:s.z.string(),ticket_url:s.z.string()})}},description:"Enrollment ticket created"}}}),async e=>{const{user_id:t,email:n}=e.req.valid("json"),i=e.var.tenant_id,r=await e.env.data.tenants.get(i);if(!r)throw new N(404,{message:"Tenant not found"});if(!(r.mfa?.factors?.sms===!0||r.mfa?.factors?.otp===!0||r.mfa?.factors?.webauthn_roaming===!0||r.mfa?.factors?.webauthn_platform===!0))throw new N(400,{message:"At least one MFA factor (SMS, OTP, or WebAuthn) must be enabled before creating enrollment tickets."});const a=await e.env.data.users.get(i,t);if(!a)throw new N(404,{message:"User not found"});const{clients:c}=await e.env.data.clients.list(i);if(!c.length)throw new N(400,{message:"No clients configured for this tenant"});const l=c[0].client_id,d=7200*60*1e3,u=new Date(Date.now()+d).toISOString(),p=await e.env.data.loginSessions.create(i,{expires_at:u,authParams:{client_id:l,username:n||a.email},csrf_token:Fe(),user_id:t,state:be.AWAITING_MFA,state_data:JSON.stringify({guardian_enrollment:!0})}),f=Fe();await e.env.data.codes.create(i,{code_id:f,code_type:"ticket",login_id:p.id,user_id:t,expires_at:u});const h=Wt(e.env,e.var.custom_domain),g=new URL("u2/guardian/enroll",h);g.searchParams.append("ticket",f),e.var.custom_domain||g.searchParams.append("tenant_id",i);const m=g.toString();return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create Enrollment Ticket",targetType:"guardian",targetId:e.var.tenant_id}),e.json({ticket_id:f,ticket_url:m},201)}).openapi(s.createRoute({tags:["guardian"],method:"get",path:"/factors/{factor_name}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({factor_name:s.z.enum(Ap)})},security:[{Bearer:["read:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:$w}},description:"MFA factor details"}}}),async e=>{const{factor_name:t}=e.req.valid("param"),i=(await e.env.data.tenants.get(e.var.tenant_id))?.mfa?.factors,r=Qm(t);return e.json({name:t,enabled:!!i?.[r],trial_expired:!1})}).openapi(s.createRoute({tags:["guardian"],method:"put",path:"/factors/{factor_name}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({factor_name:s.z.enum(Ap)}),body:{content:{"application/json":{schema:VQ}}}},security:[{Bearer:["update:guardian_factors"]}],responses:{200:{content:{"application/json":{schema:$w}},description:"Updated MFA factor"}}}),async e=>{const{factor_name:t}=e.req.valid("param"),{enabled:n}=e.req.valid("json"),i=Qm(t),r=await e.env.data.tenants.get(e.var.tenant_id);if(!r)throw new N(404,{message:"Tenant not found"});const o=r.mfa?.factors;return await e.env.data.tenants.update(e.var.tenant_id,{mfa:{...r.mfa,factors:{sms:o?.sms??!1,otp:o?.otp??!1,email:o?.email??!1,push_notification:o?.push_notification??!1,webauthn_roaming:o?.webauthn_roaming??!1,webauthn_platform:o?.webauthn_platform??!1,recovery_code:o?.recovery_code??!1,duo:o?.duo??!1,[i]:n}}}),await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Update Guardian Factor",targetType:"guardian",targetId:e.var.tenant_id}),e.json({name:t,enabled:n,trial_expired:!1})}),zw=s.z.object({id:s.z.string(),type:s.z.string(),confirmed:s.z.boolean(),phone_number:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),created_at:s.z.string()}),WQ=s.z.array(zw),JQ=s.z.object({type:s.z.enum(["phone","totp","email","push","webauthn-roaming","webauthn-platform","passkey"]),phone_number:s.z.string().optional(),totp_secret:s.z.string().optional(),credential_id:s.z.string().optional(),public_key:s.z.string().optional(),sign_count:s.z.number().int().nonnegative().optional(),credential_backed_up:s.z.boolean().optional(),transports:s.z.array(s.z.string()).optional(),friendly_name:s.z.string().optional(),confirmed:s.z.boolean().optional().default(!0)}).superRefine((e,t)=>{e.type==="phone"&&!e.phone_number&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"phone_number is required when type is 'phone'",path:["phone_number"]}),e.type==="totp"&&!e.totp_secret&&t.addIssue({code:s.z.ZodIssueCode.custom,message:"totp_secret is required when type is 'totp'",path:["totp_secret"]}),["webauthn-roaming","webauthn-platform","passkey"].includes(e.type)&&(e.credential_id||t.addIssue({code:s.z.ZodIssueCode.custom,message:`credential_id is required when type is '${e.type}'`,path:["credential_id"]}),e.public_key||t.addIssue({code:s.z.ZodIssueCode.custom,message:`public_key is required when type is '${e.type}'`,path:["public_key"]}))}),YQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["users"],method:"get",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()})},security:[{Bearer:["read:users"]}],responses:{200:{content:{"application/json":{schema:WQ}},description:"List of authentication methods for the user"}}}),async e=>{const t=e.req.param("user_id");if(!t)throw new N(400,{message:"user_id is required"});const i=(await e.env.data.authenticationMethods.list(e.var.tenant_id,t)).map(r=>({id:r.id,type:r.type,confirmed:r.confirmed,phone_number:r.phone_number,credential_id:r.credential_id,public_key:r.public_key,sign_count:r.sign_count,credential_backed_up:r.credential_backed_up,transports:r.transports,friendly_name:r.friendly_name,created_at:r.created_at}));return e.json(i)}).openapi(s.createRoute({tags:["users"],method:"post",path:"/",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:JQ}}}},security:[{Bearer:["update:users"]}],responses:{201:{content:{"application/json":{schema:zw}},description:"Created authentication method"}}}),async e=>{const t=e.req.param("user_id");if(!t)throw new N(400,{message:"user_id is required"});const n=e.req.valid("json"),i=await e.env.data.authenticationMethods.create(e.var.tenant_id,{user_id:t,type:n.type,phone_number:n.phone_number,totp_secret:n.totp_secret,credential_id:n.credential_id,public_key:n.public_key,sign_count:n.sign_count,credential_backed_up:n.credential_backed_up,transports:n.transports,friendly_name:n.friendly_name,confirmed:n.confirmed??!0});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Create Authentication Method",targetType:"authentication_method",targetId:i.id}),e.json({id:i.id,type:i.type,confirmed:i.confirmed,phone_number:i.phone_number,credential_id:i.credential_id,public_key:i.public_key,sign_count:i.sign_count,credential_backed_up:i.credential_backed_up,transports:i.transports,friendly_name:i.friendly_name,created_at:i.created_at},201)}).openapi(s.createRoute({tags:["users"],method:"get",path:"/{method_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({method_id:s.z.string()})},security:[{Bearer:["read:users"]}],responses:{200:{content:{"application/json":{schema:zw}},description:"Authentication method details"}}}),async e=>{const{method_id:t}=e.req.valid("param"),n=e.req.param("user_id"),i=await e.env.data.authenticationMethods.get(e.var.tenant_id,t);if(!i||i.user_id!==n)throw new N(404,{message:"Authentication method not found"});return e.json({id:i.id,type:i.type,confirmed:i.confirmed,phone_number:i.phone_number,credential_id:i.credential_id,public_key:i.public_key,sign_count:i.sign_count,credential_backed_up:i.credential_backed_up,transports:i.transports,friendly_name:i.friendly_name,created_at:i.created_at})}).openapi(s.createRoute({tags:["users"],method:"delete",path:"/{method_id}",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),params:s.z.object({method_id:s.z.string()})},security:[{Bearer:["update:users"]}],responses:{204:{description:"Authentication method deleted"}}}),async e=>{const{method_id:t}=e.req.valid("param"),n=e.req.param("user_id"),i=await e.env.data.authenticationMethods.get(e.var.tenant_id,t);if(!i||i.user_id!==n)throw new N(404,{message:"Authentication method not found"});if(!await e.env.data.authenticationMethods.remove(e.var.tenant_id,t))throw new N(404,{message:"Authentication method not found"});return await D(e,e.var.tenant_id,{type:T.SUCCESS_API_OPERATION,description:"Delete Authentication Method",targetType:"authentication_method",targetId:t}),e.body(null,204)}),mE=432e3,QQ=s.z.object({user_id:s.z.string(),result_url:s.z.string().url().optional(),ttl_sec:s.z.number().int().positive().max(2592e3).optional(),client_id:s.z.string().optional(),organization_id:s.z.string().optional(),identity:s.z.object({user_id:s.z.string().optional(),provider:s.z.string().optional()}).optional(),includeEmailInRedirect:s.z.boolean().optional()}),ZQ=s.z.object({user_id:s.z.string().optional(),email:s.z.string().email().optional(),connection_id:s.z.string().optional(),result_url:s.z.string().url().optional(),ttl_sec:s.z.number().int().positive().max(2592e3).optional(),client_id:s.z.string().optional(),organization_id:s.z.string().optional(),mark_email_as_verified:s.z.boolean().optional(),includeEmailInRedirect:s.z.boolean().optional(),new_password:s.z.string().optional()}),yE=s.z.object({ticket:s.z.string().openapi({description:"A URL representing the ticket. Single-use, time-limited."})}),XQ=new s.OpenAPIHono().openapi(s.createRoute({tags:["tickets"],method:"post",path:"/email-verification",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:QQ}}}},security:[{Bearer:["create:user_tickets"]}],responses:{201:{description:"Email verification ticket created",content:{"application/json":{schema:yE}}}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json"),i=await e.env.data.users.get(t,n.user_id);if(!i)throw new N(404,{message:"User not found"});const r=Fe(),o=n.ttl_sec??mE,a=new Date(Date.now()+o*1e3).toISOString();await e.env.data.codes.create(t,{code_id:r,code_type:"ticket",login_id:r,user_id:i.user_id,expires_at:a,redirect_uri:n.result_url,state:JSON.stringify({purpose:"email_verification",client_id:n.client_id,organization_id:n.organization_id,result_url:n.result_url,includeEmailInRedirect:n.includeEmailInRedirect})});const c=Wt(e.env,e.var.custom_domain),l=new URL("u2/tickets/email-verification",c);return l.searchParams.set("ticket",r),e.var.custom_domain||l.searchParams.set("tenant_id",t),await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Create Email Verification Ticket",targetType:"ticket",targetId:r,userId:i.user_id}),e.json({ticket:l.toString()},{status:201})}).openapi(s.createRoute({tags:["tickets"],method:"post",path:"/password-change",request:{headers:s.z.object({"tenant-id":s.z.string().optional()}),body:{content:{"application/json":{schema:ZQ}}}},security:[{Bearer:["create:user_tickets"]}],responses:{201:{description:"Password change ticket created",content:{"application/json":{schema:yE}}}}}),async e=>{const t=e.var.tenant_id,n=e.req.valid("json");let i=n.user_id;if(!i){if(!n.email)throw new N(400,{message:"user_id or email is required"});let d;if(n.connection_id){const h=await e.env.data.connections.get(t,n.connection_id);if(!h)throw new N(404,{message:`Connection not found (connection_id=${n.connection_id})`});d=h.name}const u=d?`email:${n.email.toLowerCase()} connection:${d}`:`email:${n.email.toLowerCase()}`,{users:p}=await e.env.data.users.list(t,{q:u,per_page:1}),f=p[0];if(!f)throw new N(404,{message:"User not found"});i=f.user_id}const r=Fe(),o=n.ttl_sec??mE,a=new Date(Date.now()+o*1e3).toISOString();await e.env.data.codes.create(t,{code_id:r,code_type:"ticket",login_id:r,user_id:i,expires_at:a,redirect_uri:n.result_url,state:JSON.stringify({purpose:"password_change",client_id:n.client_id,organization_id:n.organization_id,connection_id:n.connection_id,result_url:n.result_url,mark_email_as_verified:n.mark_email_as_verified})});const c=Wt(e.env,e.var.custom_domain),l=new URL("u2/tickets/password-change",c);return l.searchParams.set("ticket",r),e.var.custom_domain||l.searchParams.set("tenant_id",t),await D(e,t,{type:T.SUCCESS_API_OPERATION,description:"Create Password Change Ticket",targetType:"ticket",targetId:r,userId:i}),e.json({ticket:l.toString()},{status:201})}),eZ=50,tZ=1e3,nZ=3e5,W8=5,iZ=7,J8=3e4;async function fh(e,t,n){console.warn(`Outbox event ${t} dead-lettering: ${n}`);try{await e.deadLetter(t,n)}catch{}}function Y8(e){const t=Math.min(tZ*Math.pow(2,e),nZ);return new Date(Date.now()+t).toISOString()}async function rZ(e,t,n,i){if(t.length===0)return;const r=i?.maxRetries??W8,o=crypto.randomUUID(),a=await e.claimEvents(t,o,J8);if(a.length===0)return;const c=await e.getByIds(a);if(c.length===0)return;const l=[];for(const d of c){if(d.retry_count>=r){await fh(e,d.id,d.error||`Exceeded max retries (${r})`);continue}let u=!0,p=!1;for(const f of n)if(!(f.accepts&&!f.accepts(d))){p=!0;try{const h=f.transform(d);await f.deliver([h])}catch(h){u=!1;const g=h instanceof Error?h.message:String(h);try{await e.markRetry(d.id,`${f.name}: ${g}`,Y8(d.retry_count))}catch{}break}}if(!p){await fh(e,d.id,`No destination accepts event_type=${d.event_type}`);continue}u&&l.push(d.id)}if(l.length>0)try{await e.markProcessed(l)}catch{}}async function Q8(e,t,n){const i=n?.batchSize??eZ,r=n?.maxRetries??W8,o=n?.retentionDays??iZ,a=await e.getUnprocessed(i);if(a.length===0)return;const c=crypto.randomUUID(),l=a.map(h=>h.id),d=new Set(await e.claimEvents(l,c,J8)),u=a.filter(h=>d.has(h.id));if(u.length===0)return;const p=[],f=[];for(const h of u){if(h.retry_count>=r){await fh(e,h.id,h.error||`Exceeded max retries (${r})`);continue}let g=!0,m=!1;for(const _ of t)if(!(_.accepts&&!_.accepts(h))){m=!0;try{const w=_.transform(h);await _.deliver([w])}catch(w){g=!1;const y=w instanceof Error?w.message:String(w);try{await e.markRetry(h.id,`${_.name}: ${y}`,Y8(h.retry_count))}catch{}break}}if(!m){await fh(e,h.id,`No destination accepts event_type=${h.event_type}`);continue}g?p.push(h.id):f.push(h.id)}if(p.length>0)try{await e.markProcessed(p)}catch{}try{const h=new Date(Date.now()-o*24*60*60*1e3).toISOString();await e.cleanup(h)}catch{}}function vu(e){return async(t,n)=>{t.set("outboxEventPromises",[]),t.set("backgroundPromises",[]);let i;try{await n()}catch(r){i=r}finally{const r=t.var.outboxEventPromises??[];let o=[];if(r.length>0){const a=await Promise.allSettled(r);for(const c of a)c.status==="fulfilled"?o.push(c.value):console.error("Outbox event creation failed",c.reason)}if(o.length>0){const a=e.getOutbox(t);a&&xh(t,rZ(a,o,e.getDestinations(t),{maxRetries:t.env.outbox?.maxRetries}))}typeof process<"u"&&process.env?.NODE_ENV==="test"&&await $R(t)}if(i)throw i}}function oZ(e){return{log_id:e.id,type:e.log_type,date:e.timestamp,description:e.description||"",ip:e.request.ip,user_agent:e.request.user_agent||"",user_id:e.actor.id||"",user_name:e.actor.email||"",client_id:e.actor.client_id,client_name:"",connection:e.connection,strategy:e.strategy,strategy_type:e.strategy_type,audience:e.audience||"",scope:e.scope||e.actor.scopes?.join(" "),hostname:e.hostname,auth0_client:e.auth0_client,isMobile:e.is_mobile||!1,location_info:e.location,details:{request:{method:e.request.method,path:e.request.path,qs:e.request.query,body:e.request.body},...e.response&&{response:{statusCode:e.response.status_code,body:e.response.body}}}}}class Os{name="logs";logs;constructor(t){this.logs=t}accepts(t){return!t.event_type.startsWith("hook.")}transform(t){return{tenantId:t.tenant_id,log:oZ(t)}}async deliver(t){for(const{tenantId:n,log:i}of t)try{await this.logs.create(n,i)}catch(r){const o=r instanceof Error?r.message:String(r);if(o.includes("UNIQUE constraint failed")||o.includes("Duplicate entry"))continue;throw r}}}const sZ=1e4;function aZ(e){return{log_id:e.id,description:e.description,data:{date:e.timestamp,type:e.log_type,description:e.description,tenant_name:e.tenant_id,ip:e.request.ip,user_agent:e.request.user_agent,user_id:e.actor.id,user_name:e.actor.email,client_id:e.actor.client_id,connection:e.connection,strategy:e.strategy,strategy_type:e.strategy_type,audience:e.audience,scope:e.scope||e.actor.scopes?.join(" "),hostname:e.hostname,auth0_client:e.auth0_client,location_info:e.location,details:{request:{method:e.request.method,path:e.request.path,qs:e.request.query,body:e.request.body},...e.response&&{response:{statusCode:e.response.status_code,body:e.response.body}}}}}}function cZ(e,t){return!e.filters||e.filters.length===0?!0:e.filters.some(n=>n.name===t)}function lZ(e,t){switch(e){case"JSONOBJECT":return JSON.stringify(t);case"JSONLINES":return JSON.stringify(t)+`
351
+ `;default:return JSON.stringify([t])}}class Dc{name="log-streams";logStreams;timeoutMs;constructor(t,n){this.logStreams=t,this.timeoutMs=n?.timeoutMs??sZ}accepts(t){return!t.event_type.startsWith("hook.")}transform(t){return{tenantId:t.tenant_id,logType:t.log_type,payload:aZ(t)}}async deliver(t){for(const{tenantId:n,logType:i,payload:r}of t){const a=(await this.logStreams.list(n)).filter(c=>c.type==="http"&&c.status==="active");if(a.length!==0)for(const c of a)cZ(c,i)&&await this.deliverToStream(c,r)}}async deliverToStream(t,n){const i=t.sink;if(!i.http_endpoint)throw new Error(`Log stream ${t.id} is missing sink.http_endpoint`);const r={"Content-Type":i.http_content_type||"application/json"};if(i.http_authorization&&(r.Authorization=i.http_authorization),Array.isArray(i.http_custom_headers))for(const l of i.http_custom_headers)l&&typeof l.header=="string"&&typeof l.value=="string"&&(r[l.header]=l.value);const o=lZ(i.http_content_format,n),a=new AbortController,c=setTimeout(()=>a.abort(),this.timeoutMs);try{const l=await fetch(i.http_endpoint,{method:"POST",headers:r,body:o,signal:a.signal});if(!l.ok){const d=await l.text().catch(()=>"");throw new Error(`Log stream ${t.id} returned ${l.status}: ${d.slice(0,256)}`)}}finally{clearTimeout(c)}}}const _E="hook.",dZ=1e4,wE="webhook";class Lc{name="webhooks";hooks;getServiceToken;timeoutMs;webhookInvoker;constructor(t,n,i={}){this.hooks=t,this.getServiceToken=n,this.timeoutMs=i.timeoutMs??dZ,this.webhookInvoker=i.webhookInvoker}accepts(t){return t.event_type.startsWith(_E)}transform(t){const n=t.event_type.slice(_E.length);return{eventId:t.id,tenantId:t.tenant_id,triggerId:n,payload:{tenant_id:t.tenant_id,trigger_id:n,user:t.target?.after,request:t.request}}}async deliver(t){for(const n of t){const{hooks:i}=await this.hooks.list(n.tenantId),r=i.filter(o=>o.enabled&&o.trigger_id===n.triggerId&&"url"in o);if(r.length!==0)for(const o of r)this.webhookInvoker?await this.invokeCustom(o,n):await this.invokeDefault(o,n)}}async invokeCustom(t,n){const i=this.webhookInvoker,r=(c=wE)=>this.getServiceToken(n.tenantId,c),o=new Promise((c,l)=>{setTimeout(()=>l(new Error(`Webhook ${t.hook_id} (${n.triggerId}) timed out after ${this.timeoutMs}ms`)),this.timeoutMs)}),a=await Promise.race([i({hook:t,data:n.payload,tenant_id:n.tenantId,idempotency_key:n.eventId,createServiceToken:r}),o]);if(!a.ok){const c=await a.text().catch(()=>"");throw new Error(`Webhook ${t.hook_id} (${n.triggerId}) returned ${a.status}: ${c.slice(0,256)}`)}}async invokeDefault(t,n){const i=await this.getServiceToken(n.tenantId,wE),r=new AbortController,o=setTimeout(()=>r.abort(),this.timeoutMs);try{const a=await fetch(t.url,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${i}`,"Idempotency-Key":n.eventId},body:JSON.stringify(n.payload),signal:r.signal});if(!a.ok){const c=await a.text().catch(()=>"");throw new Error(`Webhook ${t.hook_id} (${n.triggerId}) returned ${a.status}: ${c.slice(0,256)}`)}}finally{clearTimeout(o)}}}const uZ="hook.post-user-registration";class Bc{name="registration-finalizer";users;constructor(t){this.users=t}accepts(t){return t.event_type===uZ}transform(t){return{tenantId:t.tenant_id,userId:t.target?.id??"",timestamp:new Date().toISOString()}}async deliver(t){for(const{tenantId:n,userId:i,timestamp:r}of t)i&&await this.users.update(n,i,{registration_completed_at:r})}}function pZ(e){const t=new s.OpenAPIHono,n=e.managementDataAdapter??e.dataAdapter;t.use(Fc(e)),t.use(async(c,l)=>{const d=c.req.header("origin"),u=p=>{c.res.headers.set("Access-Control-Allow-Origin",p),c.res.headers.set("Access-Control-Allow-Headers","Tenant-Id, Content-Type, Content-Range, Auth0-Client, Authorization, Range, Upgrade-Insecure-Requests"),c.res.headers.set("Access-Control-Allow-Methods","POST, PUT, GET, DELETE, PATCH, OPTIONS"),c.res.headers.set("Access-Control-Expose-Headers","Content-Length, Content-Range"),c.res.headers.set("Access-Control-Max-Age","600"),c.res.headers.set("Access-Control-Allow-Credentials","true"),c.res.headers.append("Vary","Origin")};if(c.req.method==="OPTIONS"){const p=new Response(null,{status:204});if(d){const f=g=>{p.headers.set("Access-Control-Allow-Origin",g),p.headers.set("Access-Control-Allow-Headers","Tenant-Id, Content-Type, Content-Range, Auth0-Client, Authorization, Range, Upgrade-Insecure-Requests"),p.headers.set("Access-Control-Allow-Methods","POST, PUT, GET, DELETE, PATCH, OPTIONS"),p.headers.set("Access-Control-Expose-Headers","Content-Length, Content-Range"),p.headers.set("Access-Control-Max-Age","600"),p.headers.set("Access-Control-Allow-Credentials","true"),p.headers.append("Vary","Origin")};if(e.allowedOrigins?.includes(d))return f(d),p;const h=c.req.header("tenant-id");if(h&&(await n.clients.list(h,{})).clients.flatMap(_=>_.web_origins||[]).includes(d))return f(d),p}return p.headers.append("Vary","Origin"),p}if(await l(),c.res.headers.append("Vary","Origin"),d){if(e.allowedOrigins?.includes(d)){u(d);return}const p=c.var.tenant_id||c.req.header("tenant-id");p&&(await n.clients.list(p,{})).clients.flatMap(g=>g.web_origins||[]).includes(d)&&u(d)}}),t.onError((c,l)=>{if(!(c instanceof N))throw c;const d=c.status;if(d<400||d>=500)throw c;const u=c.getResponse();if(u.headers.get("content-type")?.includes("application/json"))return u;const p={400:"Bad Request",401:"Unauthorized",403:"Forbidden",404:"Not Found",405:"Method Not Allowed",409:"Conflict",422:"Unprocessable Entity",429:"Too Many Requests"};return l.json({statusCode:d,error:p[d]??"Error",message:c.message||p[d]||"Error"},d)}),t.use(async(c,l)=>{if(await l(),c.res.status!==400||!c.res.headers.get("content-type")?.includes("application/json"))return;let d;try{d=await c.res.clone().json()}catch{return}if(typeof d!="object"||d===null||!("success"in d)||d.success!==!1||!("error"in d)||typeof d.error!="object"||d.error===null||!("name"in d.error)||d.error.name!=="ZodError")return;const u="issues"in d.error&&Array.isArray(d.error.issues)?d.error.issues:[],p=u.length?`Payload validation error: ${u.map(f=>{const h=Array.isArray(f.path)?f.path:[];return`'${h.length?h.join("."):"root"}': ${f.message??"invalid"}`}).join("; ")}`:"Payload validation error";c.res=new Response(JSON.stringify({statusCode:400,error:"Bad Request",message:p,errorCode:"invalid_body"}),{status:400,headers:{"content-type":"application/json"}})}),b1(t);const i=e.dataAdapter.cache||jc({defaultTtlSeconds:0,maxEntries:100,cleanupIntervalMs:0}),r=(c,l)=>{const d=hu(c,l),u=wu(d,{defaultTtl:0,cacheEntities:["tenants","connections","clients","branding","themes","promptSettings","customText","forms","hooks"],cache:i});return _u(c,u)};t.use(vu({getOutbox:()=>n.outbox,getDestinations:c=>[new Os(n.logs),...n.logStreams?[new Dc(n.logStreams)]:[],new Lc(n.hooks,async l=>(await Fs(c,l,"webhook")).access_token),new Bc(n.users)]})),t.use(async(c,l)=>{c.env.data=r(c,n),c.env.entityHooks=e.entityHooks,await l()}),t.use(Rc).use(Oc).use(qg(t,{requireManagementAudience:!0})).use(async(c,l)=>(e.entityHooks&&c.var.tenant_id&&(c.env.data=q8(c.env.data,{tenantId:c.var.tenant_id,entityHooks:e.entityHooks})),l()));const o=new Set(e.managementApiExtensions?.map(c=>c.path)||[]),a=t.route("/actions/actions",MR).route("/actions/executions",HR).route("/actions/triggers",ij).route("/branding",_9).route("/custom-domains",KY).route("/email/providers",lE).route("/emails/provider",lE).route("/email-templates",qY).route("/users",c7).route("/keys",xB).route("/users-by-email",IB).route("/clients",NB).route("/client-grants",hQ).route("/client-registration-tokens",AQ).route("/logs",OB).route("/log-streams",GY).route("/migration-sources",JY).route("/attack-protection",YY).route("/failed-events",DB).route("/hooks",BB).route("/hook-code",MB).route("/connections",_Y).route("/prompts",wY).route("/sessions",HY).route("/refresh_tokens",VY).route("/forms",rQ).route("/flows",sQ).route("/roles",lQ).route("/resource-servers",uQ).route("/organizations",zQ).route("/stats",PQ).route("/analytics",qQ({cache:i})).route("/guardian",GQ).route("/tickets",XQ).route("/users/:user_id/authentication-methods",YQ);if(o.has("/tenants")||a.route("/tenants",PB),e.managementApiExtensions)for(const c of e.managementApiExtensions)a.route(c.path,c.router);return a.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management API"},servers:[{url:"/api/v2",description:"API V2"}],security:[{oauth2:["openid","email","profile"]}]}),a}var Z8=e=>{const t={origin:"*",allowMethods:["GET","HEAD","PUT","POST","DELETE","PATCH"],allowHeaders:[],exposeHeaders:[],...e},n=(r=>typeof r=="string"?r==="*"?t.credentials?o=>o||null:()=>r:o=>r===o?o:null:typeof r=="function"?r:o=>r.includes(o)?o:null)(t.origin),i=(r=>typeof r=="function"?r:Array.isArray(r)?()=>r:()=>[])(t.allowMethods);return async function(o,a){function c(d,u){o.res.headers.set(d,u)}const l=await n(o.req.header("origin")||"",o);if(l&&c("Access-Control-Allow-Origin",l),t.credentials&&c("Access-Control-Allow-Credentials","true"),t.exposeHeaders?.length&&c("Access-Control-Expose-Headers",t.exposeHeaders.join(",")),o.req.method==="OPTIONS"){(t.origin!=="*"||t.credentials)&&c("Vary","Origin"),t.maxAge!=null&&c("Access-Control-Max-Age",t.maxAge.toString());const d=await i(o.req.header("origin")||"",o);d.length&&c("Access-Control-Allow-Methods",d.join(","));let u=t.allowHeaders;if(!u?.length){const p=o.req.header("Access-Control-Request-Headers");p&&(u=p.split(/\s*,\s*/))}return u?.length&&(c("Access-Control-Allow-Headers",u.join(",")),o.res.headers.append("Vary","Access-Control-Request-Headers")),o.res.headers.delete("Content-Length"),o.res.headers.delete("Content-Type"),new Response(null,{headers:o.res.headers,status:204,statusText:"No Content"})}await a(),(t.origin!=="*"||t.credentials)&&o.header("Vary","Origin",{append:!0})}};function sn(e,t){const n=e.var.tenant_id;if(!n){e.set("tenant_id",t);return}if(n!==t)throw new N(403,{message:"Tenant mismatch"})}const X8="try_connection_result";function eN(e){if(!e)return{};try{const t=JSON.parse(e);return typeof t=="object"&&t!==null?t:{}}catch{return{}}}async function e0(e,t,n,i){const r={...eN(n.state_data),[X8]:i};await e.env.data.loginSessions.update(t,n.id,{state_data:JSON.stringify(r)});const o=n.authParams.redirect_uri;if(!o)return new Response(JSON.stringify(i,null,2),{status:i.status==="success"?200:400,headers:{"content-type":"application/json"}});const a=new URL(o);return a.searchParams.set("state",n.id),new Response(null,{status:302,headers:{location:a.href}})}function fZ(e){return eN(e.state_data)[X8]??null}async function hh(e,t,n,i){if(!i.state)throw new H(400,{message:"State not found"});const r=t.connections.find(l=>l.name===n);if(!r)throw e.set("client_id",t.client_id),await D(e,t.tenant.id,{type:T.FAILED_LOGIN,description:"Connection not found"}),new H(403,{message:"Connection Not Found"});let o=await e.env.data.loginSessions.get(t.tenant.id,i.state);if(!o){const l=e.get("ip"),d=e.get("useragent"),u=e.get("auth0_client");o=await e.env.data.loginSessions.create(t.tenant.id,{expires_at:new Date(Date.now()+Di*1e3).toISOString(),authParams:i,csrf_token:Fe(),ip:l,useragent:d,auth0Client:Bi(u)})}const c=await q$(e,r.strategy).getRedirect(e,r,i.username);return await e.env.data.codes.create(t.tenant.id,{login_id:o.id,code_id:c.code,code_type:"oauth2_state",connection_id:r.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+HB*1e3).toISOString()}),new Response(null,{status:302,headers:{location:c.redirectUrl}})}async function hZ(e,{code:t,state:n}){const{env:i}=e,r=await i.data.codes.get(e.var.tenant_id||"",n,"oauth2_state");if(!r||!r.connection_id)throw new H(403,{message:"State not found"});const o=await i.data.loginSessions.get(e.var.tenant_id||"",r.login_id);if(!o)throw new H(403,{message:"Session not found"});const a=await Je(i,o.authParams.client_id);e.set("client_id",a.client_id),sn(e,a.tenant.id);const c=WB(a.client_id),l=r.connection_id,d=a.connections.find(v=>v.id===l);if(!d){if(await D(e,a.tenant.id,{type:T.FAILED_LOGIN,description:"Connection not found"}),c)return e0(e,a.tenant.id,o,{status:"error",connection_id:l,error:"connection_not_found",error_description:"Connection not found",completed_at:new Date().toISOString()});throw new H(403,{message:"Connection not found"})}if(e.set("connection",d.name),!o.authParams.redirect_uri)throw await D(e,a.tenant.id,{type:T.FAILED_LOGIN,description:"Redirect URI not defined"}),new H(403,{message:"Redirect URI not defined"});const u=q$(e,d.strategy);if(c){const v=new Date().toISOString();try{const A=u.validateAuthorizationCodeAndGetUserWithRaw?await u.validateAuthorizationCodeAndGetUserWithRaw(e,d,t,r.code_verifier):{userinfo:await u.validateAuthorizationCodeAndGetUser(e,d,t,r.code_verifier),raw:null};return e.set("user_id",A.userinfo.sub),e0(e,a.tenant.id,o,{status:"success",connection_id:l,connection_name:d.name,strategy:d.strategy,userinfo:A.userinfo,raw:A.raw,completed_at:v})}catch(A){const b=A instanceof Error?A.message:"Strategy validation failed";return await D(e,a.tenant.id,{type:T.FAILED_LOGIN,description:`Try connection failed: ${b}`}),e0(e,a.tenant.id,o,{status:"error",connection_id:l,connection_name:d.name,strategy:d.strategy,error:"strategy_error",error_description:b,completed_at:v})}}const p=await u.validateAuthorizationCodeAndGetUser(e,d,t,r.code_verifier),{sub:f,...h}=p;e.set("user_id",f);const g=p.email?.toLocaleLowerCase()||`${d.name}.${f}@${new URL(e.env.ISSUER).hostname}`;e.set("username",g);const m=H$.has(d.strategy),_=m?"enterprise":Gt.SOCIAL,w=!m,y=await qd(e,{client:a,username:g,provider:V$(d),connection:d.name,userId:f,profileData:h,isSocial:w,ip:e.var.ip,set_user_root_attributes:d.options.set_user_root_attributes});return eY(e,{client:a,loginSession:o,user:y,authConnection:d.name,authStrategy:{strategy:d.strategy,strategy_type:_}})}function Nw(e,t,n){const i=new URL("/u/error",Wt(e.env,e.var.custom_domain));return z8(i,{error:t,error_description:n}),e.redirect(i.toString())}async function t0(e,t,n,i,r,o){const a=await e.env.data.codes.get(e.var.tenant_id||"",t,"oauth2_state");if(!a)return Nw(e,"state_not_found");const c=await e.env.data.loginSessions.get(e.var.tenant_id,a.login_id);if(!c)return Nw(e,"session_not_found");const{redirect_uri:l}=c.authParams;if(!l)throw new N(400,{message:"Redirect uri not found"});o||D(e,e.var.tenant_id,{type:T.FAILED_LOGIN,description:`Failed connection login: ${r} ${n}, ${i}`});let d="/u",u="/login/identifier";if(c.authParams.client_id)try{const f=await Je(e.env,c.authParams.client_id,e.var.tenant_id);if(f?.client_metadata?.universal_login_version==="2"){d="/u2";const h=await e.env.data.promptSettings.get(e.var.tenant_id),g=Qo.parse(h||{}),m=f.connections.some(_=>_.strategy===Y.USERNAME_PASSWORD);g.identifier_first===!1&&m&&(u="/login")}}catch{}const p=new URL(`${d}${u}`,Wt(e.env,e.var.custom_domain));return z8(p,{state:c.id,error:n,error_description:i}),e.redirect(p.toString())}function gZ(e){if(e instanceof Error){if("code"in e&&"description"in e){const t=e;return t.description?`${t.code}: ${t.description}`:t.code}if("status"in e){const t=e;return`${e.message} (status: ${t.status})`}return e.message}return String(e)}async function vE(e,t){const{state:n,code:i,error:r,error_description:o,error_code:a}=t;if(r)return t0(e,n,r,o,a);if(!i)throw new N(400,{message:"Code is required"});try{const c=await hZ(e,{code:i,state:n});if(!(c instanceof Response))throw new N(500,{message:"Internal server error"});return c}catch(c){if(c instanceof H){if(c.status===403)return Nw(e,"state_not_found");if(c.status===400){const d=await e.env.data.codes.get(e.var.tenant_id||"",n,"oauth2_state");if(d&&await e.env.data.loginSessions.get(e.var.tenant_id,d.login_id)){let p="access_denied",f="access_denied";try{const h=JSON.parse(c.message);p=h.error_description||h.message||p,f=h.error||f}catch{p=c.message||p}return t0(e,n,f,p)}}}if(c instanceof N)throw c;const l=gZ(c);return D(e,e.var.tenant_id,{type:T.FAILED_LOGIN,description:`Connection callback failed: ${l}`}),t0(e,n,"connection_error","Connection failed",void 0,!0)}}const bE=s.z.object({state:s.z.string(),code:s.z.string().optional(),scope:s.z.string().optional(),hd:s.z.string().optional(),error:s.z.string().optional(),error_description:s.z.string().optional(),error_code:s.z.string().optional(),error_reason:s.z.string().optional()});function tN(e){return new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth2"],method:"get",path:"/",operationId:`${e.operationIdPrefix}Get`,deprecated:e.deprecated,request:{query:bE},responses:{302:{description:"Redirect to the client's redirect uri"},400:{description:"Bad Request",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},500:{description:"Internal Server Error",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>vE(t,t.req.valid("query"))).openapi(s.createRoute({tags:["oauth2"],method:"post",path:"/",operationId:`${e.operationIdPrefix}Post`,deprecated:e.deprecated,request:{body:{content:{"application/x-www-form-urlencoded":{schema:bE}}}},responses:{302:{description:"Redirect to the client's redirect uri"},400:{description:"Bad Request",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}},500:{description:"Internal Server Error",content:{"application/json":{schema:s.z.object({message:s.z.string()})}}}}}),async t=>vE(t,t.req.valid("form")))}const mZ=tN({operationIdPrefix:"callback",deprecated:!0}),yZ=tN({operationIdPrefix:"loginCallback"});function gh(e,t=[],n={}){try{const i=new URL(e);return t.some(r=>{try{return _Z(i,new URL(r),n)}catch{return!1}})}catch{return!1}}function _Z(e,t,n={}){if(e.protocol!==t.protocol)return!1;if(n.allowPathWildcards&&t.pathname.includes("*")){const i=t.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${i}$`).test(e.pathname))return!1}else if(e.pathname!==t.pathname)return!1;if(n.allowSubDomainWildcards&&t.hostname.startsWith("*.")&&t.hostname.split(".").length>2&&["http:","https:"].includes(t.protocol)){const i=t.hostname.split(".").slice(1).join(".");return e.hostname===i||e.hostname.endsWith("."+i)}return e.hostname===t.hostname}const wZ=new s.OpenAPIHono().openapi(s.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:s.z.object({client_id:s.z.string(),returnTo:s.z.string().optional()}),header:s.z.object({cookie:s.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async e=>{const{client_id:t,returnTo:n}=e.req.valid("query");let i;try{i=await Je(e.env,t)}catch{return e.text("OK")}let r;try{r=await Je(e.env,"DEFAULT_CLIENT")}catch{}e.set("client_id",t),sn(e,i.tenant.id);const o=n||e.req.header("referer");if(!o)return e.text("OK");if(!gh(o,[...i.allowed_logout_urls||[],...r?.allowed_logout_urls||[]],{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw D(e,i.tenant.id,{type:T.FAILED_LOGOUT,description:"Invalid redirect uri"}),new N(400,{message:"Invalid redirect uri"});const a=e.req.header("cookie");if(a){const d=$r(i.tenant.id,a);if(d){const u=await e.env.data.sessions.get(i.tenant.id,d);if(u){const p=await e.env.data.users.get(i.tenant.id,u.user_id);p&&(e.set("user_id",p.user_id),e.set("connection",p.connection));const f=new Date().toISOString(),{revokedCount:h,committedEventId:g}=await e.env.data.transaction(async m=>{const _=u.login_session_id?await m.refreshTokens.revokeByLoginSession(i.tenant.id,u.login_session_id,f):0;await m.sessions.update(i.tenant.id,d,{revoked_at:f});const w=_>0?await Sx(e,m,i.tenant.id,{type:T.SUCCESS_REVOCATION,description:`Revoked ${_} refresh token(s)`}):void 0;return{revokedCount:_,committedEventId:w}});if(g){const m=e.var.outboxEventPromises??[];m.push(Promise.resolve(g)),e.set("outboxEventPromises",m)}else h>0&&D(e,i.tenant.id,{type:T.SUCCESS_REVOCATION,description:`Revoked ${h} refresh token(s)`})}}}D(e,i.tenant.id,{type:T.SUCCESS_LOGOUT,description:"User successfully logged out"});const c=new Headers;return e1(i.tenant.id,e.var.host).forEach(d=>{c.append("set-cookie",d)}),c.set("location",o),new Response("Redirecting",{status:302,headers:c})}),vZ=s.z.object({id_token_hint:s.z.string().optional(),client_id:s.z.string().optional(),post_logout_redirect_uri:s.z.string().optional(),state:s.z.string().optional(),logout_hint:s.z.string().optional(),ui_locales:s.z.string().optional()}),bZ=`<!DOCTYPE html>
352
352
  <html lang="en">
353
353
  <head>
354
354
  <meta charset="utf-8" />