Update changelog v4.8.4

Bump version (changelog ignore)
#90
2022-04-22 11:59:31 +00:00 · 2022-04-22 13:56:54 +02:00 · 2022-04-22 13:56:29 +02:00 · 2022-04-21 02:10:23 +02:00 · 2022-04-21 02:03:29 +02:00 · 2022-04-20 20:32:12 +00:00
100 changed files with 24926 additions and 23202 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -9,16 +9,30 @@ on:

 jobs:

+  test_formatting:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2.3.4
+    - uses: actions/setup-node@v2.1.3
+    - uses: bahmutov/npm-install@v1
+    - name: If this step fails run 'yarn format' then commit again.
+      run: |
+        PACKAGE_MANAGER=npm
+        if [ -f "./yarn.lock" ]; then
+            PACKAGE_MANAGER=yarn
+        fi
+        $PACKAGE_MANAGER run format:check
  test:
    runs-on: macos-10.15
+    needs: test_formatting
    strategy:
      matrix:
-        node: [ '15', '14', '13' ]
+        node: [ '15', '14' ]
    name: Test with Node v${{ matrix.node }}
    steps:
    - name: Tell if project is using npm or yarn
      id: step1
-      uses: garronej/github_actions_toolkit@v2.2
+      uses: garronej/ts-ci@v1.1.6
      with: 
        action_name: tell_if_project_uses_npm_or_yarn
    - uses: actions/checkout@v2.3.4
@ -36,28 +50,35 @@ jobs:
        npm test
  check_if_version_upgraded:
    name: Check if version upgrade
-    if: github.event_name == 'push'
+    # We run this only if it's a push on the default branch or if it's a PR from a 
+    # branch (meaning not a PR from a fork). It would be more straightforward to test if secrets.NPM_TOKEN is 
+    # defined but GitHub Action don't allow it yet.
+    if: |
+      github.event_name == 'push' || 
+      github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login 
    runs-on: ubuntu-latest
    needs: test
    outputs:
      from_version: ${{ steps.step1.outputs.from_version }}
      to_version: ${{ steps.step1.outputs.to_version }}
-      is_upgraded_version: ${{steps.step1.outputs.is_upgraded_version }}
+      is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }}
+      is_release_beta: ${{steps.step1.outputs.is_release_beta }}
    steps:
-    - uses: garronej/github_actions_toolkit@v2.2
+    - uses: garronej/ts-ci@v1.1.6
      id: step1
      with: 
        action_name: is_package_json_version_upgraded
+        branch: ${{ github.head_ref || github.ref }}

  update_changelog:
    runs-on: ubuntu-latest
    needs: check_if_version_upgraded
    if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
    steps:
-    - uses: garronej/github_actions_toolkit@v2.4
+    - uses: garronej/ts-ci@v1.1.6
      with:
        action_name: update_changelog
-        branch: ${{ github.ref }}
+        branch: ${{ github.head_ref || github.ref }}

  create_github_release:
    runs-on: ubuntu-latest
@ -65,9 +86,6 @@ jobs:
      - update_changelog
      - check_if_version_upgraded
    steps:
-    - uses: actions/checkout@v2
-      with:
-        ref: ${{ github.ref }}
    - name: Build GitHub release body
      id: step1
      run: |
@ -83,10 +101,10 @@ jobs:
      with:
        name: Release v${{ needs.check_if_version_upgraded.outputs.to_version }}
        tag_name: v${{ needs.check_if_version_upgraded.outputs.to_version }}
-        target_commitish: ${{ github.ref }}
+        target_commitish: ${{ github.head_ref || github.ref }}
        body: ${{ steps.step1.outputs.body }}
        draft: false
-        prerelease: false
+        prerelease: ${{ needs.check_if_version_upgraded.outputs.is_release_beta == 'true' }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 

@ -123,7 +141,12 @@ jobs:
          echo "Can't publish on NPM, You must first create a secret called NPM_TOKEN that contains your NPM auth token. https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets"
          false
        fi
-        npm publish
+        EXTRA_ARGS=""
+        if [ "$IS_BETA" = "true" ]; then
+            EXTRA_ARGS="--tag beta"
+        fi
+        npm publish $EXTRA_ARGS
      env:
        NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
-        VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
+        VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
+        IS_BETA: ${{ needs.check_if_version_upgraded.outputs.is_release_beta }}
--- a/.gitignore
+++ b/.gitignore
@ -44,3 +44,7 @@ jspm_packages

 /sample_react_project/
 /.yarn_home/
+
+.idea
+
+/keycloak_theme_email
--- a/.prettierignore
+++ b/.prettierignore
@ -0,0 +1,7 @@
+node_modules/
+/dist/
+/CHANGELOG.md
+/.yarn_home/
+/src/test/apps/
+/src/tools/types/
+/sample_react_project
--- a/.prettierrc.json
+++ b/.prettierrc.json
@ -0,0 +1,11 @@
+{
+    "printWidth": 150,
+    "tabWidth": 4,
+    "useTabs": false,
+    "semi": true,
+    "singleQuote": false,
+    "quoteProps": "preserve",
+    "trailingComma": "all",
+    "bracketSpacing": true,
+    "arrowParens": "avoid"
+}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,267 @@
+### **4.8.4** (2022-04-22)  
+  
+- #90    
+  
+### **4.8.3** (2022-04-20)  
+  
+  
+  
+### **4.8.2** (2022-04-20)  
+  
+- Tell pepoles they can test with different keycloak version    
+  
+### **4.8.1** (2022-04-20)  
+  
+- Add missing shebang  
+- Add video demo for npx download-builtin-keycloak-theme    
+  
+## **4.8.0** (2022-04-20)  
+  
+- Document email template customization feature #9  
+- Add mention of download-builtin-keycloak-theme  
+- Let the choice of kc version be auto in GH Action  
+- Only test on node v15 and v14 (bellow is no longer supported (rmSync)  
+- Feature email customization #9    
+  
+### **4.7.6** (2022-04-12)  
+  
+- Fix bugs with language switch #85    
+  
+### **4.7.5** (2022-04-09)  
+  
+- Fix #85    
+  
+### **4.7.4** (2022-04-09)  
+  
+- M1 Mac compat (for real this time)    
+  
+### **4.7.3** (2022-04-08)  
+  
+- Mention that there is still problems with M1 Mac    
+  
+### **4.7.2** (2022-04-06)  
+  
+-  #43: M1 Mac support    
+  
+### **4.7.1** (2022-03-30)  
+  
+- Improve browser autofill  
+- factorization    
+  
+## **4.7.0** (2022-03-17)  
+  
+- Add support for options validator  
+- remove duplicate dependency    
+  
+## **4.6.0** (2022-03-07)  
+  
+- Remove powerhooks as dev dependency    
+  
+### **4.5.5** (2022-03-07)  
+  
+- Update tss-react    
+  
+### **4.5.4** (2022-03-06)  
+  
+- Remove tss-react from peerDependencies (it becomes a dependency)  
+- (dev script) Use tsconfig.json to tell we are at the root of the project    
+  
+### **4.5.3** (2022-01-26)  
+  
+- Themes no longer have to break on minor Keycloakify update    
+  
+### **4.5.2** (2022-01-20)  
+  
+- Test container uses Keycloak 16.1.0  
+- Merge pull request #78 from InseeFrLab/Ann2827/pull
+
+Ann2827/pull  
+- Refactor #78  
+- Compat with Keycloak 16 (and probably 17, 18) #79  
+- Warning about compat issues with Keycloak 16  
+- fix: changes  
+- fix: Errors on pages login-idp-link-confirm and login-idp-link-email
+
+ref: https://github.com/InseeFrLab/keycloakify/issues/75    
+  
+### **4.5.1** (2022-01-18)  
+  
+- fix previous version    
+  
+## **4.5.0** (2022-01-18)  
+  
+- Read public/CNAME for domain name in --externel-assets mode    
+  
+## **4.4.0** (2022-01-01)  
+  
+- Merge pull request #73 from lazToum/main
+
+(feature) added login-page-expired.ftl  
+- added login-page-expired.ftl  
+- Add update instruction for 4.3.0    
+  
+## **4.3.0** (2021-12-27)  
+  
+- Merge pull request #72 from praiz/main
+
+feat(*): added login-update-password  
+- feat(*): added login-update-password    
+  
+### **4.2.21** (2021-12-27)  
+  
+- update dependencies    
+  
+### **4.2.19** (2021-12-21)  
+  
+- Merge pull request #70 from VBustamante/patch-1  
+- Added realm name field to KcContext mocks object  
+- Merge pull request #69 from VBustamante/patch-1
+
+Adding name field to realm in KcContext type  
+- Adding name field to realm in KcContext type    
+  
+### **4.2.18** (2021-12-17)  
+  
+- Improve css url() import (fix CRA 5)    
+  
+### **4.2.17** (2021-12-16)  
+  
+- Fix path.join polyfill    
+  
+### **4.2.16** (2021-12-16)  
+  
+  
+  
+### **4.2.15** (2021-12-16)  
+  
+- use custom polyfill for path.join (fix webpack 5 build)    
+  
+### **4.2.14** (2021-12-12)  
+  
+- Merge pull request #65 from InseeFrLab/doge_ftl_errors
+
+Prevent ftl errors in Keycloak log  
+- Encourage users to report errors in logs  
+- Fix ftl error related to url.loginAction in saml-post-form.ftl  
+- Ftl prevent error with updateProfileCtx  
+- Ftl prevent error with auth.attemptedUsername  
+- Fix ftl error as comment formatting  
+- Merge remote-tracking branch 'origin/main' into doge_ftl_errors  
+- Update README, remove all instruction about errors in logs  
+- Avoid error in Keycloak logs, fix long template loading time  
+- Add missing collon in README sample code
+
+Add miss ','    
+  
+### **4.2.13** (2021-12-08)  
+  
+- Fix broken link about how to import fonts #62  
+- Add a video to show how to test the theme in a local container    
+  
+### **4.2.12** (2021-12-08)  
+  
+- Update post build instructions    
+  
+### **4.2.11** (2021-12-07)  
+  
+  
+  
+### **4.2.10** (2021-11-12)  
+  
+- Export an exaustive list of KcLanguageTag    
+  
+### **4.2.9** (2021-11-11)  
+  
+- Fix useAdvancedMsg    
+  
+### **4.2.8** (2021-11-10)  
+  
+- Update doc about pattern that can be used for user attributes #50  
+- Bring back Safari compat    
+  
+### **4.2.7** (2021-11-09)  
+  
+- Fix useFormValidationSlice    
+  
+### **4.2.6** (2021-11-08)  
+  
+- Fix deepClone so we can overwrite with undefined in when we mock kcContext    
+  
+### **4.2.5** (2021-11-07)  
+  
+- Better debugging experience with user profile    
+  
+### **4.2.4** (2021-11-01)  
+  
+- Better autoComplete typings    
+  
+### **4.2.3** (2021-11-01)  
+  
+- Make it more easy to understand that error in the log are expected    
+  
+### **4.2.2** (2021-10-27)  
+  
+- Replace 'path' by 'browserify-path' #47    
+  
+### **4.2.1** (2021-10-26)  
+  
+- useFormValidationSlice: update when params have changed  
+- Explains that the password can't be validated    
+  
+## **4.2.0** (2021-10-26)  
+  
+- Export types definitions for Attribue and Validator    
+  
+## **4.1.0** (2021-10-26)  
+  
+- Document what's new in v4    
+  
+# **4.0.0** (2021-10-26)  
+  
+- fix RegisterUserProfile password confirmation field  
+- Much better support for frontend field validation  
+- Fix css injection order  
+- Makes the download output predictable. This fixes the case where GitHub redirects and wget was trying to download a filename called "15.0.2", and then unzip wouldn't pick it up.
+Changes wget to curl because curl is awesome. -L is to follow the GitHub redirects.  
+- Remove duplicates    
+  
+### **3.0.2** (2021-10-18)  
+  
+- Scan deeper to retreive user attribute    
+  
+### **3.0.1** (2021-10-17)  
+  
+- Add client.description in type kcContext type def    
+  
+# **3.0.0** (2021-10-16)  
+  
+  
+  
+### **2.5.3** (2021-10-16)  
+  
+  
+  
+### **2.5.2** (2021-10-13)  
+  
+  
+  
+### **2.5.1** (2021-10-13)  
+  
+- Update tss-react    
+  
+## **2.5.0** (2021-10-12)  
+  
+- register-user-profile.ftl tested working  
+- Make kcMessage more easily hackable  
+- fix useKcMessage  
+- Implement and type validators  
+- Remove syntax error in ftl and make it more directly debugable  
+- Support register-user-profile.ftl    
+  
+## **2.4.0** (2021-10-08)  
+  
+-  #38: Implement messagesPerField existsError and get    
+  
 ## **2.3.0** (2021-10-07)  
  
 - #20: Support advancedMsg    
--- a/README.md
+++ b/README.md
@ -5,32 +5,40 @@
    <i>🔏  Create Keycloak themes using React 🔏</i>
    <br>
    <br>
-    <img src="https://github.com/garronej/keycloakify/workflows/ci/badge.svg?branch=develop">
-    <img src="https://img.shields.io/bundlephobia/minzip/keycloakify">
-    <img src="https://img.shields.io/npm/dw/keycloakify">
-    <img src="https://img.shields.io/npm/l/keycloakify">
-    <img src="https://camo.githubusercontent.com/0f9fcc0ac1b8617ad4989364f60f78b2d6b32985ad6a508f215f14d8f897b8d3/68747470733a2f2f62616467656e2e6e65742f62616467652f547970655363726970742f7374726963742532302546302539462539322541412f626c7565">
+    <a href="https://github.com/garronej/keycloakify/actions">
+      <img src="https://github.com/garronej/keycloakify/workflows/ci/badge.svg?branch=main">
+    </a>
+    <a href="https://bundlephobia.com/package/keycloakify">
+      <img src="https://img.shields.io/bundlephobia/minzip/keycloakify">
+    </a>
+    <a href="https://www.npmjs.com/package/keycloakify">
+      <img src="https://img.shields.io/npm/dw/keycloakify">
+    </a>
+    <a href="https://github.com/garronej/keycloakify/blob/main/LICENSE">
+      <img src="https://img.shields.io/npm/l/keycloakify">
+    </a>
+    <a href="https://github.com/InseeFrLab/keycloakify/blob/729503fe31a155a823f46dd66ad4ff34ca274e0a/tsconfig.json#L14">
+        <img src="https://camo.githubusercontent.com/0f9fcc0ac1b8617ad4989364f60f78b2d6b32985ad6a508f215f14d8f897b8d3/68747470733a2f2f62616467656e2e6e65742f62616467652f547970655363726970742f7374726963742532302546302539462539322541412f626c7565">
+    </a>
    <a href="https://github.com/thomasdarimont/awesome-keycloak">
        <img src="https://awesome.re/mentioned-badge.svg"/>
    </a>
 </p>

+> New with v4.8.0: [Email template customization.](#email-template-customization)
+
 <p align="center">
    <i>Ultimately this build tool generates a Keycloak theme</i>
    <img src="https://user-images.githubusercontent.com/6702424/110260457-a1c3d380-7fac-11eb-853a-80459b65626b.png">
 </p>

-**NEW in v2**  
- It's now possible to implement custom `.ftl` pages.
- Support for Keycloak plugins that introduce non standard ftl values. 
-  (Like for example [this plugin](https://github.com/micedre/keycloak-mail-whitelisting) that define `authorizedMailDomains` in `register.ftl`).
 # Motivations

 Keycloak provides [theme support](https://www.keycloak.org/docs/latest/server_development/#_themes) for web pages. This allows customizing the look and feel of end-user facing pages so they can be integrated with your applications.
 It involves, however, a lot of raw JS/CSS/[FTL]() hacking, and bundling the theme is not exactly straightforward.

 Beyond that, if you use Keycloak for a specific app you want your login page to be tightly integrated with it.
-Ideally, you don't want the user to notice when he is being redirected away. 
+Ideally, you don't want the user to notice when he is being redirected away.

 Trying to reproduce the look and feel of a specific app in another stack is not an easy task not to mention
 the cheer amount of maintenance that it involves.
@ -47,76 +55,97 @@ Here is `keycloakify` for you 🍸
    <i> <a href="https://datalab.sspcloud.fr">With keycloakify:</a> </i> 
    <br>
    <img src="https://user-images.githubusercontent.com/6702424/114332075-c5e37900-9b45-11eb-910b-48a05b3d90d9.gif">
-</p>  
+</p>

-**TL;DR**: [Here](https://github.com/garronej/keycloakify-demo-app) is a Hello World React project with Keycloakify set up.  
+**TL;DR**: [Here](https://github.com/garronej/keycloakify-demo-app) is a Hello World React project with Keycloakify set up.

 If you already have a Keycloak custom theme, it can be easily ported to Keycloakify.

 ---

+-   [Motivations](#motivations)
+-   [Requirements](#requirements)
+    -   [My framework doesn’t seem to be supported, what can I do?](#my-framework-doesnt-seem-to-be-supported-what-can-i-do)
+-   [How to use](#how-to-use)
+    -   [Setting up the build tool](#setting-up-the-build-tool)
+        -   [Changing just the look of the default Keycloak theme](#changing-just-the-look-of-the-default-keycloak-theme)
+        -   [Advanced pages configuration](#advanced-pages-configuration)
+        -   [Hot reload](#hot-reload)
+    -   [Enable loading in a blink of an eye of login pages ⚡ (--external-assets)](#enable-loading-in-a-blink-of-an-eye-of-login-pages----external-assets)
+-   [Email template customization.](#email-template-customization)
+-   [User profile and frontend form validation](#user-profile-and-frontend-form-validation)
+-   [Support for Terms and conditions](#support-for-terms-and-conditions)
+-   [Some pages still have the default theme. Why?](#some-pages-still-have-the-default-theme-why)
+-   [GitHub Actions](#github-actions)
+-   [Limitations](#limitations)
+    -   [`process.env.PUBLIC_URL` not supported.](#processenvpublic_url-not-supported)
+    -   [`@font-face` importing fonts from the `src/` dir](#font-face-importing-fonts-from-the-src-dir)
+        -   [Example of setup that **won't** work](#example-of-setup-that-wont-work)
+        -   [Possible workarounds](#possible-workarounds)
+-   [Implement context persistence (optional)](#implement-context-persistence-optional)
+-   [Kickstart video](#kickstart-video)
+-   [FTL errors related to `ftl_object_to_js_code_declaring_an_object` in Keycloak logs.](#ftl-errors-related-to-ftl_object_to_js_code_declaring_an_object-in-keycloak-logs)
+-   [Adding custom message (to `i18n/useKcMessage.tsx`)](#adding-custom-message-to-i18nusekcmessagetsx)
+-   [Downloading builtin theme resource files](#downloading-builtin-theme-resource-files)
+-   [Email domain whitelist](#email-domain-whitelist)
+-   [Changelog highlights](#changelog-highlights)
+    -   [v4.8.0](#v480)
+    -   [v4.7.4](#v474)
+    -   [v4.7.2](#v472)
+    -   [v4.7.0](#v470)
+    -   [v4.6.0](#v460)
+    -   [v4.5.3](#v453)
+    -   [v4.3.0](#v430)
+    -   [v4](#v4)
+    -   [v3](#v3)
+    -   [v2.5](#v25)
+    -   [v2](#v2)

- [Motivations](#motivations)
- [Requirements](#requirements)
-  - [My framework doesn’t seem to be supported, what can I do?](#my-framework-doesnt-seem-to-be-supported-what-can-i-do)
- [How to use](#how-to-use)
-  - [Setting up the build tool](#setting-up-the-build-tool)
-    - [Changing just the look of the default Keycloak theme](#changing-just-the-look-of-the-default-keycloak-theme)
-    - [Advanced pages configuration](#advanced-pages-configuration)
-    - [Hot reload](#hot-reload)
-  - [Enable loading in a blink of an eye of login pages ⚡ (--external-assets)](#enable-loading-in-a-blink-of-an-eye-of-login-pages----external-assets)
- [Support for Terms and conditions](#support-for-terms-and-conditions)
- [Some pages still have the default theme. Why?](#some-pages-still-have-the-default-theme-why)
- [GitHub Actions](#github-actions)
- [Limitations](#limitations)
-  - [`process.env.PUBLIC_URL` not supported.](#processenvpublic_url-not-supported)
-  - [`@font-face` importing fonts from the `src/` dir](#font-face-importing-fonts-from-thesrc-dir)
-    - [Example of setup that **won't** work](#example-of-setup-that-wont-work)
-    - [Possible workarounds](#possible-workarounds)
- [Implement context persistence (optional)](#implement-context-persistence-optional)
- [Kickstart video](#kickstart-video)
- [About the errors related to `objectToJson` in Keycloak logs.](#about-the-errors-related-to-objecttojson-in-keycloak-logs)
- [Email domain whitelist](#email-domain-whitelist)
+# Requirements

-# Requirements 
+On Windows OS you'll have to use [WSL](https://docs.microsoft.com/en-us/windows/wsl/install-win10). More info [here](https://github.com/InseeFrLab/keycloakify/issues/54#issuecomment-984834217)

-Tested with the following Keycloak versions: 
- [11.0.3](https://hub.docker.com/layers/jboss/keycloak/11.0.3/images/sha256-4438f1e51c1369371cb807dffa526e1208086b3ebb9cab009830a178de949782?context=explore)  
- [12.0.4](https://hub.docker.com/layers/jboss/keycloak/12.0.4/images/sha256-67e0c88e69bd0c7aef972c40bdeb558a974013a28b3668ca790ed63a04d70584?context=explore)  
- Tests ongoing with [14.0.0](https://hub.docker.com/layers/jboss/keycloak/14.0.0/images/sha256-ca713e87ad163da71ab329010de2464a41ff030a25ae0aef15c1c290252f3d7f?context=explore) 
+Tested with the following Keycloak versions:

-This tool will be maintained to stay compatible with Keycloak v11 and up, however, the default pages you will get 
+-   [11.0.3](https://hub.docker.com/layers/jboss/keycloak/11.0.3/images/sha256-4438f1e51c1369371cb807dffa526e1208086b3ebb9cab009830a178de949782?context=explore)
+-   [12.0.4](https://hub.docker.com/layers/jboss/keycloak/12.0.4/images/sha256-67e0c88e69bd0c7aef972c40bdeb558a974013a28b3668ca790ed63a04d70584?context=explore)
+-   [15.0.2](https://hub.docker.com/layers/jboss/keycloak/15.0.2/images/sha256-d8ed1ee5df42a178c341f924377da75db49eab08ea9f058ff39a8ed7ee05ec93?context=explore)
+-   [16.1.0](https://hub.docker.com/layers/jboss/keycloak/16.1.0/images/sha256-6ecb9492224c6cfbb55d43f64a5ab634145d8cc1eba14eae8c37e3afde89546e?context=explore)
+-   17.0.1
+
+This tool will be maintained to stay compatible with Keycloak v11 and up, however, the default pages you will get
 (before you customize it) will always be the ones of Keycloak v11.

-This tool assumes you are bundling your app with Webpack (tested with 4.44.2) .
+This tool assumes you are bundling your app with Webpack (tested with the versions that ships with CRA v4.44.2 and v5.0.0) .
 It assumes there is a `build/` directory at the root of your react project directory containing a `index.html` file
-and a `build/static/` directory generated by webpack. 
+and a `build/static/` directory generated by webpack.
 For more information see [this issue](https://github.com/InseeFrLab/keycloakify/issues/5#issuecomment-832296432)

-**All this is defaults with [`create-react-app`](https://create-react-app.dev)** (tested with 4.0.3)
+**All this is defaults with [`create-react-app`](https://create-react-app.dev)** (tested with 5.0.0, 4.0.3)

- `mvn` ([Maven](https://maven.apache.org/)), `rm`, `mkdir`, `wget`, `unzip` are assumed to be available.
- `docker` must be up and running when running `yarn keycloak`.
+-   `mvn` ([Maven](https://maven.apache.org/)), `rm`, `mkdir`, `curl`, `unzip` are assumed to be available.
+-   `docker` must be up and running when running `start_keycloak_testing_container.sh` (Instructions provided after running `yarn keycloak`).

-On Windows you'll have to use [WSL](https://docs.microsoft.com/en-us/windows/wsl/install-win10).
+## My framework doesn’t seem to be supported, what can I do?

-## My framework doesn’t seem to be supported, what can I do?  
-
-Currently Keycloakify is only compatible with `create-react-app` apps.
-It doesn’t mean that you can't use Keycloakify if you are using Next.js, Express or any other 
-framework that involves SSR but your Keycloak theme will need to be a standalone project.  
-Find specific instructions about how to get started [**here**](https://github.com/garronej/keycloakify-demo-app#keycloak-theme-only).  
+Currently Keycloakify is only compatible with SPA React apps.
+It doesn’t mean that you can't use Keycloakify if you are using Next.js, Express or any other
+framework that involves a server but your Keycloak theme will need to be a standalone project.  
+Find specific instructions about how to get started [**here**](https://github.com/garronej/keycloakify-demo-app#keycloak-theme-only).

 To share your styles between your main app and your login pages you will need to externalize your design system by making it a
-separate module. Checkout [ts_ci](https://github.com/garronej/ts_ci), it can help with that.
+separate module. Checkout [ts_ci](https://github.com/garronej/ts_ci), it can help with that (example with [our design system](https://github.com/InseeFrLab/onyxia-ui)).
+
 # How to use
+
 ## Setting up the build tool

 ```bash
-yarn add keycloakify
+yarn add keycloakify @emotion/react
 ```

 [`package.json`](https://github.com/garronej/keycloakify-demo-app/blob/main/package.json)
+
 ```json
 "scripts": {
    "keycloak": "yarn build && build-keycloak-theme",
@ -135,115 +164,101 @@ The first approach is to only customize the style of the default Keycloak login
 your own class names.

 If you have created a new React project specifically to create a Keycloak theme and nothing else then
-your index should look something like:  
+your index should look something like:

 `src/index.tsx`
+
 ```tsx
-import { App } from "./<wherever>/App";
-import { 
-  KcApp, 
-  defaultKcProps, 
-  getKcContext
-} from "keycloakify";
-import { css } from "tss-react/@emotion/css";
+import { App } from "./<wherever>/App";
+import { KcApp, defaultKcProps, getKcContext } from "keycloakify";
+import { css } from "tss-react/@emotion/css";

 const { kcContext } = getKcContext();

 const myClassName = css({ "color": "red" });

 reactDom.render(
-        <KcApp 
-            kcContext={kcContext} 
-            {...{
-                ...defaultKcProps,
-                "kcHeaderWrapperClass": myClassName
-            }} 
-        />
-    document.getElementById("root")
+    <KcApp
+        kcContext={kcContext}
+        {...{
+            ...defaultKcProps,
+            "kcHeaderWrapperClass": myClassName,
+        }}
+    />,
+    document.getElementById("root"),
 );
 ```

 If you share a unique project for your app and the Keycloak theme, your index should look
-more like this: 
+more like this:

 `src/index.tsx`
+
 ```tsx
-import { App } from "./<wherever>/App";
-import { 
-  KcApp, 
-  defaultKcProps, 
-  getKcContext
-} from "keycloakify";
-import { css } from "tss-react/@emotion/css";
+import { App } from "./<wherever>/App";
+import { KcApp, defaultKcProps, getKcContext } from "keycloakify";
+import { css } from "tss-react/@emotion/css";

 const { kcContext } = getKcContext();

 const myClassName = css({ "color": "red" });

 reactDom.render(
-    // Unless the app is currently being served by Keycloak 
+    // Unless the app is currently being served by Keycloak
    // kcContext is undefined.
-    kcContext !== undefined ? 
-        <KcApp 
-            kcContext={kcContext} 
+    kcContext !== undefined ? (
+        <KcApp
+            kcContext={kcContext}
            {...{
                ...defaultKcProps,
-                "kcHeaderWrapperClass": myClassName
-            }} 
-        /> :
-        <App />, // Your actual app
-    document.getElementById("root")
+                "kcHeaderWrapperClass": myClassName,
+            }}
+        />
+    ) : (
+        <App />
+    ), // Your actual app
+    document.getElementById("root"),
 );
 ```

-
 <p align="center">
    <i>result:</i></br>
    <img src="https://user-images.githubusercontent.com/6702424/114326299-6892fc00-9b34-11eb-8d75-85696e55458f.png">
 </p>

-Example of a customization using only CSS: [here](https://github.com/InseeFrLab/onyxia-ui/blob/012639d62327a9a56be80c46e32c32c9497b82db/src/app/components/KcApp.tsx) 
-(the [index.tsx](https://github.com/InseeFrLab/onyxia-ui/blob/012639d62327a9a56be80c46e32c32c9497b82db/src/app/index.tsx#L89-L94) )
-and the result you can expect: 
+Example of a customization using only CSS: [here](https://github.com/InseeFrLab/onyxia-web/blob/012639d62327a9a56be80c46e32c32c9497b82db/src/app/components/KcApp.tsx)
+(the [index.tsx](https://github.com/InseeFrLab/onyxia-web/blob/012639d62327a9a56be80c46e32c32c9497b82db/src/app/index.tsx#L89-L94) )
+and the result you can expect:

 <p align="center">
-    <i> <a href="https://datalab.sspcloud.fr">Customization using only CSS:</a> </i> 
-    <br>
    <img src="https://github.com/InseeFrLab/keycloakify/releases/download/v0.3.8/keycloakify_after.gif">
 </p>

 ### Advanced pages configuration

-If you want to go beyond only customizing the CSS you can re-implement some of the 
-pages or even add new ones. 
+If you want to go beyond only customizing the CSS you can re-implement some of the
+pages or even add new ones.

 If you want to go this way checkout the demo setup provided [here](https://github.com/garronej/keycloakify-demo-app/tree/look_and_feel).
-If you prefer a real life example you can checkout [onyxia-web's source](https://github.com/InseeFrLab/onyxia-web/tree/main/src/app/components/KcApp). 
+If you prefer a real life example you can checkout [onyxia-web's source](https://github.com/InseeFrLab/onyxia-web/tree/main/src/ui/components/KcApp).
 The web app is in production [here](https://datalab.sspcloud.fr).

 Main takeaways are:
- You must declare your custom pages in the package.json. [example](https://github.com/garronej/keycloakify-demo-app/blob/4eb2a9f63e9823e653b2d439495bda55e5ecc134/package.json#L17-L22)
- (TS only) You must declare theses page in the type argument of the getter 
-  function for the `kcContext` in order to have the correct typings. [example](https://github.com/garronej/keycloakify-demo-app/blob/4eb2a9f63e9823e653b2d439495bda55e5ecc134/src/KcApp/kcContext.ts#L16-L21)
- (TS only) If you use Keycloak plugins that defines non standard `.ftl` values
-  (Like for example [this plugin](https://github.com/micedre/keycloak-mail-whitelisting) 
-  that define `authorizedMailDomains` in `register.ftl`) you should 
-  declare theses value to get the type. [example](https://github.com/garronej/keycloakify-demo-app/blob/4eb2a9f63e9823e653b2d439495bda55e5ecc134/src/KcApp/kcContext.ts#L6-L13)
- You should provide sample data for all the non standard value if you want to be able
-  to debug the page outside of keycloak. [example](https://github.com/garronej/keycloakify-demo-app/blob/4eb2a9f63e9823e653b2d439495bda55e5ecc134/src/KcApp/kcContext.ts#L28-L43)

-WARNING: If you chose to go this way use:
-```json
-"dependencies": {
-    "keycloakify": "~X.Y.Z"
-}
-```
-in your `package.json` instead of `^X.Y.Z`. A minor update of Keycloakify might break your app.
+-   You must declare your custom pages in the package.json. [example](https://github.com/garronej/keycloakify-demo-app/blob/4eb2a9f63e9823e653b2d439495bda55e5ecc134/package.json#L17-L22)
+-   (TS only) You must declare theses page in the type argument of the getter
+    function for the `kcContext` in order to have the correct typings. [example](https://github.com/garronej/keycloakify-demo-app/blob/4eb2a9f63e9823e653b2d439495bda55e5ecc134/src/KcApp/kcContext.ts#L16-L21)
+-   (TS only) If you use Keycloak plugins that defines non standard `.ftl` values
+    (Like for example [this plugin](https://github.com/micedre/keycloak-mail-whitelisting)
+    that define `authorizedMailDomains` in `register.ftl`) you should
+    declare theses value to get the type. [example](https://github.com/garronej/keycloakify-demo-app/blob/4eb2a9f63e9823e653b2d439495bda55e5ecc134/src/KcApp/kcContext.ts#L6-L13)
+-   You should provide sample data for all the non standard value if you want to be able
+    to debug the page outside of keycloak. [example](https://github.com/garronej/keycloakify-demo-app/blob/4eb2a9f63e9823e653b2d439495bda55e5ecc134/src/KcApp/kcContext.ts#L28-L43)

 ### Hot reload

 Rebuild the theme each time you make a change to see the result is not practical.
-If you want to test your login screens outside of Keycloak you can mock a given `kcContext`: 
+If you want to test your login screens outside of Keycloak you can mock a given `kcContext`:

 ```tsx
 import {
@ -257,9 +272,9 @@ const { kcContext } = getKcContext({
 });

 reactDom.render(
-        <KcApp 
+        <KcApp
            kcContext={kcContextMocks.kcLoginContext}
-            {...defaultKcProps} 
+            {...defaultKcProps}
        />
    document.getElementById("root")
 );
@ -274,18 +289,59 @@ Checkout [this concrete example](https://github.com/garronej/keycloakify-demo-ap
 By default the theme generated is standalone. Meaning that when your users
 reach the login pages all scripts, images and stylesheet are downloaded from the Keycloak server.  
 If you are specifically building a theme to integrate with an app or a website that allows users
-to first browse unauthenticated before logging in, you will get a significant 
+to first browse unauthenticated before logging in, you will get a significant
 performance boost if you jump through those hoops:

- Provide the url of your app in the `homepage` field of package.json. [ex](https://github.com/garronej/keycloakify-demo-app/blob/7847cc70ef374ab26a6cc7953461cf25603e9a6d/package.json#L2)
- Build the theme using `npx build-keycloak-theme --external-assets` [ex](https://github.com/garronej/keycloakify-demo-app/blob/7847cc70ef374ab26a6cc7953461cf25603e9a6d/.github/workflows/ci.yaml#L21)
- Enable [long-term assets caching](https://create-react-app.dev/docs/production-build/#static-file-caching) on the server hosting your app.
- Make sure not to build your app and the keycloak theme separately
-  and remember to update the Keycloak theme every time you update your app.
- Be mindful that if your app is down your login pages are down as well.
+-   Provide the url of your app in the `homepage` field of package.json. [ex](https://github.com/garronej/keycloakify-demo-app/blob/7847cc70ef374ab26a6cc7953461cf25603e9a6d/package.json#L2) or in a `public/CNAME` file. [ex](https://github.com/garronej/keycloakify-demo-app/blob/main/public/CNAME).
+-   Build the theme using `npx build-keycloak-theme --external-assets` [ex](https://github.com/garronej/keycloakify-demo-app/blob/7847cc70ef374ab26a6cc7953461cf25603e9a6d/.github/workflows/ci.yaml#L21)
+-   Enable [long-term assets caching](https://create-react-app.dev/docs/production-build/#static-file-caching) on the server hosting your app.
+-   Make sure not to build your app and the keycloak theme separately
+    and remember to update the Keycloak theme every time you update your app.
+-   Be mindful that if your app is down your login pages are down as well.

 Checkout a complete setup [here](https://github.com/garronej/keycloakify-demo-app#about-keycloakify)

+# Email template customization.
+
+_Introduced in [v4.8.0](https://github.com/InseeFrLab/keycloakify/releases/tag/v4.8.0)_
+
+It is now possible to customize the emails sent to your users to confirm their email address ect.  
+Just run `npx create-keycloak-theme-email-directory`, it will create a `keycloak_theme_email` directory
+at the root of your project.  
+This directory should be tracked by Git (`yarn add -A`)
+You can start hacking the default template.  
+When `npx build-keycloak-theme` (`yarn keycloak`) is run. If the directory `keycloak_theme_email` exists
+at the root of your project, it will be bundled into your `.jar` file and you will be able to select
+it [in the Keycloak administration pages](https://user-images.githubusercontent.com/6702424/164299589-75f8008b-b24e-4836-ad6b-72149bb55621.png).
+
+# User profile and frontend form validation
+
+<p align="center">
+    <a href="https://github.com/InseeFrLab/keycloakify/releases/download/v0.0.1/keycloakify_fontend_validation.mp4">
+        <img src="https://user-images.githubusercontent.com/6702424/138880146-6fef3280-c4a5-46d2-bbb3-8b9598c057a5.gif">
+    </a>
+</p>
+
+NOTE: In reality the regexp used in this gif doesn't work server side, the regexp pattern should be `^[^@]@gmail\.com$` 😬.
+
+User Profile is a Keycloak feature that enables to
+[define, from the admin console](https://user-images.githubusercontent.com/6702424/136872461-1f5b64ef-d2ef-4c6b-bb8d-07d4729552b3.png),
+what information you want to collect on your users in the register page and to validate inputs
+[**on the frontend**, in realtime](https://github.com/InseeFrLab/keycloakify/blob/6dca6a93d8cfe634ee4d8574ad0c091641220092/src/lib/getKcContext/KcContextBase.ts#L225-L261)!
+
+NOTE: User profile is only available in Keycloak 15 and it's a beta feature that
+[needs to be enabled when launching keycloak](https://github.com/InseeFrLab/keycloakify/blob/59f106bf9e210b63b190826da2bf5f75fc8b7644/src/bin/build-keycloak-theme/build-keycloak-theme.ts#L116-L117)
+and [enabled in the console](https://user-images.githubusercontent.com/6702424/136874428-b071d614-c7f7-440d-9b2e-670faadc0871.png).
+
+Keycloakify, in [`register-user-profile.ftl`](https://github.com/InseeFrLab/keycloakify/blob/main/src/lib/components/RegisterUserProfile.tsx),
+provides frontend validation out of the box.
+
+For implementing your own `register-user-profile.ftl` page, you can use [`import { useFormValidationSlice } from "keycloakify";`](https://github.com/InseeFrLab/keycloakify/blob/main/src/lib/useFormValidationSlice.tsx).  
+Find usage example [`here`](https://github.com/InseeFrLab/keycloakify/blob/d3a07edfcb3739e30032dc96fc2a55944dfc3387/src/lib/components/RegisterUserProfile.tsx#L79-L112).
+
+As for right now [it's not possible to define a pattern for the password](https://keycloak.discourse.group/t/make-password-policies-available-to-freemarker/11632)
+from the admin console. You can however pass validators for it to the `useFormValidationSlice` function.
+
 # Support for Terms and conditions

 [Many organizations have a requirement that when a new user logs in for the first time, they need to agree to the terms and conditions of the website.](https://www.keycloak.org/docs/4.8/server_admin/#terms-and-conditions).
@ -308,51 +364,52 @@ If you need to customize pages that are not supported yet or if you need to impl

 [Here is a demo repo](https://github.com/garronej/keycloakify-demo-app) to show how to automate
 the building and publishing of the theme (the .jar file).
+
 # Limitations
+
 ## `process.env.PUBLIC_URL` not supported.

-You won't be able to [import things from your public directory **in your JavaScript code**](https://create-react-app.dev/docs/using-the-public-folder/#adding-assets-outside-of-the-module-system). 
+You won't be able to [import things from your public directory **in your JavaScript code** (it's supported in `public/index.html`)](https://create-react-app.dev/docs/using-the-public-folder/#adding-assets-outside-of-the-module-system).
 (This isn't recommended anyway).

+## `@font-face` importing fonts from the `src/` dir

-
-## `@font-face` importing fonts from the `src/` dir
-
-If you are building the theme with [--external-assets](#enable-loading-in-a-blink-of-a-eye-of-login-pages-) 
+If you are building the theme with [--external-assets](#enable-loading-in-a-blink-of-a-eye-of-login-pages-)
 this limitation doesn't apply, you can import fonts however you see fit.

-### Example of setup that **won't** work 
+### Example of setup that **won't** work

- We have a `fonts/` directory in `src/`
- We import the font like this [`src: url("/fonts/my-font.woff2") format("woff2");`](https://github.com/garronej/keycloakify-demo-app/blob/07d54a3012ef354ee12b1374c6f7ad1cb125d56b/src/fonts.scss#L4) in a `.scss` a file.  
+-   We have a `fonts/` directory in `src/`
+-   We import the font like this [`src: url("/fonts/my-font.woff2") format("woff2");`](https://github.com/garronej/keycloakify-demo-app/blob/07d54a3012ef354ee12b1374c6f7ad1cb125d56b/src/fonts.scss#L4) in a `.scss` a file.

-### Possible workarounds  
+### Possible workarounds

- Use [`--external-assets`](#enable-loading-in-a-blink-of-a-eye-of-login-pages-).
- If it is possible, use Google Fonts or any other font provider.
- If you want to host your font recommended approach is to move your fonts into the `public` 
-directory and to place your `@font-face` statements in the `public/index.html`.  
-Example [here](https://github.com/InseeFrLab/onyxia-ui/blob/0e3a04610cfe872ca71dad59e05ced8f785dee4b/public/index.html#L6-L51).  
- You can also [use non relative url](https://github.com/garronej/keycloakify-demo-app/blob/2de8a9eb6f5de9c94f9cd3991faad0377e63268c/src/fonts.scss#L16) but don't forget [`Access-Control-Allow-Origin`](https://github.com/garronej/keycloakify-demo-app/blob/2de8a9eb6f5de9c94f9cd3991faad0377e63268c/nginx.conf#L17-L19).
+-   Use [`--external-assets`](#enable-loading-in-a-blink-of-a-eye-of-login-pages-).
+-   If it is possible, use Google Fonts or any other font provider.
+-   If you want to host your font recommended approach is to move your fonts into the `public`
+    directory and to place your `@font-face` statements in the `public/index.html`.  
+    Example [here](https://github.com/garronej/keycloakify-demo-app/blob/9aa2dbaec28a7786d6b2983c9a59d393dec1b2d6/public/index.html#L27-L73)
+    (and the font are [here](https://github.com/garronej/keycloakify-demo-app/tree/main/public/fonts/WorkSans)).
+-   You can also [use non relative url](https://github.com/garronej/keycloakify-demo-app/blob/2de8a9eb6f5de9c94f9cd3991faad0377e63268c/src/fonts.scss#L16) but don't forget [`Access-Control-Allow-Origin`](https://github.com/garronej/keycloakify-demo-app/blob/2de8a9eb6f5de9c94f9cd3991faad0377e63268c/nginx.conf#L17-L19).

 # Implement context persistence (optional)

-If, before logging in, a user has selected a specific language 
+If, before logging in, a user has selected a specific language
 you don't want it to be reset to default when the user gets redirected to
-the login or register pages.  
-  
+the login or register pages.
+
 Same goes for the dark mode, you don't want, if the user had it enabled
-to show the login page with light themes.  
-  
+to show the login page with light themes.
+
 The problem is that you are probably using `localStorage` to persist theses values across
 reload but, as the Keycloak pages are not served on the same domain that the rest of your
-app you won't be able to carry over states using `localStorage`.  
+app you won't be able to carry over states using `localStorage`.

 The only reliable solution is to inject parameters into the URL before
-redirecting to Keycloak. We integrate with 
-[`keycloak-js`](https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/javascript-adapter.adoc), 
+redirecting to Keycloak. We integrate with
+[`keycloak-js`](https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/javascript-adapter.adoc),
 by providing you a way to tell `keycloak-js` that you would like to inject
-some search parameters before redirecting.  
+some search parameters before redirecting.

 The method also works with [`@react-keycloak/web`](https://www.npmjs.com/package/@react-keycloak/web) (use the `initOptions`).

@ -368,23 +425,23 @@ Note that the states are automatically restored on the other side by `powerhooks
 ```typescript
 import keycloak_js from "keycloak-js";
 import { injectGlobalStatesInSearchParams } from "powerhooks/useGlobalState";
-import { createKeycloakAdapter } from "keycloakify";
+import { createKeycloakAdapter } from "keycloakify";

 //...

 const keycloakInstance = keycloak_js({
    "url": "http://keycloak-server/auth",
    "realm": "myrealm",
-    "clientId": "myapp"
+    "clientId": "myapp",
 });

 keycloakInstance.init({
-    "onLoad": 'check-sso',
+    "onLoad": "check-sso",
    "silentCheckSsoRedirectUri": window.location.origin + "/silent-check-sso.html",
    "adapter": createKeycloakAdapter({
        "transformUrlBeforeRedirect": injectGlobalStatesInSearchParams,
-        keycloakInstance
-    })
+        keycloakInstance,
+    }),
 });

 //...
@ -392,31 +449,108 @@ keycloakInstance.init({

 If you really want to go the extra miles and avoid having the white
 flash of the blank html before the js bundle have been evaluated
-[here is a snippet](https://github.com/InseeFrLab/onyxia-ui/blob/a77eb502870cfe6878edd0d956c646d28746d053/public/index.html#L5-L54) that you can place in your `public/index.html` if you are using `powerhooks/useGlobalState`.
+[here is a snippet](https://github.com/InseeFrLab/onyxia-web/blob/e1c1f309aaa3d5f860df39ba0b75cce89c88a9de/public/index.html#L117-L166) that you can place in your `public/index.html` if you are using `powerhooks/useGlobalState`.

 # Kickstart video

-*NOTE: keycloak-react-theming was renamed keycloakify since this video was recorded*
+_NOTE: keycloak-react-theming was renamed keycloakify since this video was recorded_
 [![kickstart_video](https://user-images.githubusercontent.com/6702424/108877866-f146ee80-75ff-11eb-8120-003b3c5f6dd8.png)](https://youtu.be/xTz0Rj7i2v8)

-# About the errors related to `objectToJson` in Keycloak logs.  
+# FTL errors related to `ftl_object_to_js_code_declaring_an_object` in Keycloak logs.
+
+If you ever encounter one of these errors:

-The logs of your keycloak server will always show this kind of errors every time a client request a page:  
 ```log
 FTL stack trace ("~" means nesting-related):
-        - Failed at: #local value = object[key]  [in template "login.ftl" in macro "objectToJson" at line 70, column 21]
-        - Reached through: @compress  [in template "login.ftl" in macro "objectToJson" at line 36, column 5]
-        - Reached through: @objectToJson object=value depth=(dep...  [in template "login.ftl" in macro "objectToJson" at line 81, column 27]
-        - Reached through: @compress  [in template "login.ftl" in macro "objectToJson" at line 36, column 5]
-        - Reached through: @objectToJson object=(.data_model) de...  [in template "login.ftl" at line 163, column 43]
+        - Failed at: #local value = object[key]  [in template "login.ftl" in macro "ftl_object_to_js_code_declaring_an_object" at line 70, column 21]
+        - Reached through: @compress  [in template "login.ftl" in macro "ftl_object_to_js_code_declaring_an_object" at line 36, column 5]
+        - Reached through: @ftl_object_to_js_code_declaring_an_object object=value depth=(dep...  [in template "login.ftl" in macro "ftl_object_to_js_code_declaring_an_object" at line 81, column 27]
+        - Reached through: @compress  [in template "login.ftl" in macro "ftl_object_to_js_code_declaring_an_object" at line 36, column 5]
+        - Reached through: @ftl_object_to_js_code_declaring_an_object object=(.data_model) de...  [in template "login.ftl" at line 163, column 43]
 ```
-Theses are expected and can be safely ignored.  

-To [converts the `.ftl` values into a JavaScript object](https://github.com/InseeFrLab/keycloakify/blob/main/src/bin/build-keycloak-theme/generateFtl/common.ftl) 
-without making assumptions on the `.data_model` we have to do things that throws.  
-It's all-right though because every statement that can fail is inside an `<#attempt><#recorver>` block but it results in errors being printed to the logs.
+It's just noise, they can be safely ignored.  
+You can, however, and are encouraged to, report any that you would spot.  
+Just open an issue about it and I will release a patched version of Keycloakify in the better delays.
+
+# Adding custom message (to `i18n/useKcMessage.tsx`)
+
+You can reproduce [this approach](https://github.com/garronej/keycloakify-demo-app/blob/main/src/kcMessagesExtension.ts)
+( don't forget to [evaluate the code](https://github.com/garronej/keycloakify-demo-app/blob/0a6d349dba89a5702f98ba48bca6c76ac7265e1f/src/index.tsx#L15) ).  
+This approach is a bit hacky as it doesn't provide type safety but it works.
+
+# Downloading builtin theme resource files
+
+Running `npx download-builtin-keycloak-theme` will let you download the themes that comes by default with
+a Keycloak version of your choosing.
+
+[Video demo](https://user-images.githubusercontent.com/6702424/164304458-934b0e1d-9de7-4bb4-8a1c-e06a70b1636a.mov)

 # Email domain whitelist

-If you want to restrict the emails domain that can register, you can use [this plugin](https://github.com/micedre/keycloak-mail-whitelisting) 
+NOTE: This have been kind of deprecated by [user attribute](#user-profile-and-frontend-form-validation) you could
+use a pattern [like this one](https://github.com/InseeFrLab/onyxia-web/blob/f1206e0329b3b8d401ca7bffa95ca9c213cb190a/src/app/components/KcApp/kcContext.ts#L106) to whitelist email domains.
+
+If you want to restrict the emails domain that can register, you can use [this plugin](https://github.com/micedre/keycloak-mail-whitelisting)
 and `kcRegisterContext["authorizedMailDomains"]` to validate on.
+
+# Changelog highlights
+
+## v4.8.0
+
+[Email template customization.](#email-template-customization)
+
+## v4.7.4
+
+**M1 Mac** support (for testing locally with a dockerized Keycloak).
+
+## v4.7.2
+
+> WARNING: This is broken.  
+> Testing with local Keycloak container working with M1 Mac. Thanks to [@eduardosanzb](https://github.com/InseeFrLab/keycloakify/issues/43#issuecomment-975699658).  
+> Be aware: When running M1s you are testing with Keycloak v15 else the local container spun will be a Keycloak v16.1.0.
+
+## v4.7.0
+
+Register with user profile enabled: Out of the box `options` validator support.  
+[Example](https://user-images.githubusercontent.com/6702424/158911163-81e6bbe8-feb0-4dc8-abff-de199d7a678e.mov)
+
+## v4.6.0
+
+`tss-react` and `powerhooks` are no longer peer dependencies of `keycloakify`.
+After updating Keycloakify you can remove `tss-react` and `powerhooks` from your dependencies if you don't use them explicitly.
+
+## v4.5.3
+
+There is a new recommended way to setup highly customized theme. See [here](https://github.com/garronej/keycloakify-demo-app/blob/look_and_feel/src/KcApp/KcApp.tsx).  
+Unlike with [the previous recommended method](https://github.com/garronej/keycloakify-demo-app/blob/a51660578bea15fb3e506b8a2b78e1056c6d68bb/src/KcApp/KcApp.tsx),
+with this new method your theme wont break on minor Keycloakify update.
+
+## v4.3.0
+
+Feature [`login-update-password.ftl`](https://user-images.githubusercontent.com/6702424/147517600-6191cf72-93dd-437b-a35c-47180142063e.png).  
+Every time a page is added it's a breaking change for non CSS-only theme.  
+Change [this](https://github.com/garronej/keycloakify-demo-app/blob/df664c13c77ce3c53ac7df0622d94d04e76d3f9f/src/KcApp/KcApp.tsx#L17) and [this](https://github.com/garronej/keycloakify-demo-app/blob/df664c13c77ce3c53ac7df0622d94d04e76d3f9f/src/KcApp/KcApp.tsx#L37) to update.
+
+## v4
+
+-   Out of the box [frontend form validation](#user-profile-and-frontend-form-validation) 🥳
+-   Improvements (and breaking changes in `import { useKcMessage } from "keycloakify"`.
+
+## v3
+
+No breaking changes except that `@emotion/react`, [`tss-react`](https://www.npmjs.com/package/tss-react) and [`powerhooks`](https://www.npmjs.com/package/powerhooks) are now `peerDependencies` instead of being just dependencies.  
+It's important to avoid problem when using `keycloakify` alongside [`mui`](https://mui.com) and
+[when passing params from the app to the login page](https://github.com/InseeFrLab/keycloakify#implement-context-persistence-optional).
+
+## v2.5
+
+-   Feature [Use advanced message](https://github.com/InseeFrLab/keycloakify/blob/59f106bf9e210b63b190826da2bf5f75fc8b7644/src/lib/i18n/useKcMessage.tsx#L53-L66)
+    and [`messagesPerFields`](https://github.com/InseeFrLab/keycloakify/blob/59f106bf9e210b63b190826da2bf5f75fc8b7644/src/lib/getKcContext/KcContextBase.ts#L70-L75) (implementation [here](https://github.com/InseeFrLab/keycloakify/blob/59f106bf9e210b63b190826da2bf5f75fc8b7644/src/bin/build-keycloak-theme/generateFtl/common.ftl#L130-L189))
+-   Test container now uses Keycloak version `15.0.2`.
+
+## v2
+
+-   It's now possible to implement custom `.ftl` pages.
+-   Support for Keycloak plugins that introduce non standard ftl values.
+    (Like for example [this plugin](https://github.com/micedre/keycloak-mail-whitelisting) that define `authorizedMailDomains` in `register.ftl`).
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
    "name": "keycloakify",
-    "version": "2.3.0",
+    "version": "4.8.4",
    "description": "Keycloak theme generator for Reacts app",
    "repository": {
        "type": "git",
@ -15,12 +15,26 @@
        "test": "node dist/test/bin/main && node dist/test/lib",
        "copy-files": "copyfiles -u 1 src/**/*.ftl src/**/*.xml src/**/*.js dist/",
        "generate-messages": "node dist/bin/generate-i18n-messages.js",
-        "link_in_test_app": "node dist/bin/link_in_test_app.js"
+        "link_in_test_app": "node dist/bin/link_in_test_app.js",
+        "_format": "prettier '**/*.{ts,tsx,json,md}'",
+        "format": "yarn _format --write",
+        "format:check": "yarn _format --list-different"
    },
    "bin": {
        "build-keycloak-theme": "dist/bin/build-keycloak-theme/index.js",
+        "create-keycloak-theme-email-directory": "dist/bin/create-keycloak-theme-email-directory.js",
        "download-builtin-keycloak-theme": "dist/bin/download-builtin-keycloak-theme.js"
    },
+    "lint-staged": {
+        "*.{ts,tsx,json,md}": [
+            "prettier --write"
+        ]
+    },
+    "husky": {
+        "hooks": {
+            "pre-commit": "lint-staged -v"
+        }
+    },
    "author": "u/garronej",
    "license": "MIT",
    "files": [
@ -41,26 +55,34 @@
        "register"
    ],
    "homepage": "https://github.com/garronej/keycloakify",
+    "peerDependencies": {
+        "@emotion/react": "^11.4.1",
+        "react": "^16.8.0 || ^17.0.0"
+    },
    "devDependencies": {
-        "@types/node": "^10.0.0",
+        "@emotion/react": "^11.4.1",
+        "@types/node": "^17.0.25",
        "@types/react": "^17.0.0",
        "copyfiles": "^2.4.1",
+        "husky": "^4.3.8",
+        "lint-staged": "^11.0.0",
+        "prettier": "^2.3.0",
        "properties-parser": "^0.3.1",
        "react": "^17.0.1",
        "rimraf": "^3.0.2",
-        "ts-toolbelt": "^9.6.0",
        "typescript": "^4.2.3"
    },
    "dependencies": {
-        "@emotion/react": "^11.4.1",
+        "@octokit/rest": "^18.12.0",
        "cheerio": "^1.0.0-rc.5",
-        "evt": "2.0.0-beta.38",
+        "cli-select": "^1.1.2",
+        "evt": "2.0.0-beta.39",
        "minimal-polyfills": "^2.2.1",
-        "path": "^0.12.7",
-        "powerhooks": "^0.9.3",
+        "path-browserify": "^1.0.1",
+        "powerhooks": "^0.14.0",
        "react-markdown": "^5.0.3",
        "scripting-tools": "^0.19.13",
-        "tsafe": "^0.4.1",
-        "tss-react": "^0.9.1"
+        "tsafe": "^0.9.0",
+        "tss-react": "^3.5.2"
    }
 }
--- a/src/bin/KeycloakVersion.ts
+++ b/src/bin/KeycloakVersion.ts
@ -1,5 +0,0 @@
-
-export const keycloakVersions = ["11.0.3", "15.0.2"] as const;
-
-export type KeycloakVersion = typeof keycloakVersions[number];
-
--- a/src/bin/build-keycloak-theme/build-keycloak-theme.ts
+++ b/src/bin/build-keycloak-theme/build-keycloak-theme.ts
@ -2,8 +2,9 @@ import { generateKeycloakThemeResources } from "./generateKeycloakThemeResources
 import { generateJavaStackFiles } from "./generateJavaStackFiles";
 import { join as pathJoin, relative as pathRelative, basename as pathBasename } from "path";
 import * as child_process from "child_process";
-import { generateDebugFiles, containerLaunchScriptBasename } from "./generateDebugFiles";
+import { generateStartKeycloakTestingContainer } from "./generateStartKeycloakTestingContainer";
 import { URL } from "url";
+import * as fs from "fs";

 type ParsedPackageJson = {
    name: string;
@ -18,9 +19,13 @@ const doUseExternalAssets = process.argv[2]?.toLowerCase() === "--external-asset
 const parsedPackageJson: ParsedPackageJson = require(pathJoin(reactProjectDirPath, "package.json"));

 export const keycloakThemeBuildingDirPath = pathJoin(reactProjectDirPath, "build_keycloak");
+export const keycloakThemeEmailDirPath = pathJoin(keycloakThemeBuildingDirPath, "..", "keycloak_theme_email");

 function sanitizeThemeName(name: string) {
-    return name.replace(/^@(.*)/, '$1').split('/').join('-');
+    return name
+        .replace(/^@(.*)/, "$1")
+        .split("/")
+        .join("-");
 }

 export function main() {
@ -30,110 +35,120 @@ export function main() {
    const extraThemeProperties: string[] = (parsedPackageJson as any)["keycloakify"]?.["extraThemeProperties"] ?? [];
    const themeName = sanitizeThemeName(parsedPackageJson.name);

-    generateKeycloakThemeResources({
+    const { doBundleEmailTemplate } = generateKeycloakThemeResources({
        keycloakThemeBuildingDirPath,
+        keycloakThemeEmailDirPath,
        "reactAppBuildDirPath": pathJoin(reactProjectDirPath, "build"),
        themeName,
        ...(() => {
-
            const url = (() => {
-
                const { homepage } = parsedPackageJson;

-                return homepage === undefined ?
-                    undefined :
-                    new URL(homepage);
+                if (homepage !== undefined) {
+                    return new URL(homepage);
+                }

+                const cnameFilePath = pathJoin(reactProjectDirPath, "public", "CNAME");
+
+                if (fs.existsSync(cnameFilePath)) {
+                    return new URL(`https://${fs.readFileSync(cnameFilePath).toString("utf8").replace(/\s+$/, "")}`);
+                }
+
+                return undefined;
            })();

            return {
-                "urlPathname":
-                    url === undefined ?
-                        "/" :
-                        url.pathname.replace(/([^/])$/, "$1/"),
-                "urlOrigin": !doUseExternalAssets ? undefined : (() => {
-
-                    if (url === undefined) {
-                        console.error("ERROR: You must specify 'homepage' in your package.json");
-                        process.exit(-1);
-                    }
-
-                    return url.origin;
-
-                })()
+                "urlPathname": url === undefined ? "/" : url.pathname.replace(/([^/])$/, "$1/"),
+                "urlOrigin": !doUseExternalAssets
+                    ? undefined
+                    : (() => {
+                          if (url === undefined) {
+                              console.error("ERROR: You must specify 'homepage' in your package.json");
+                              process.exit(-1);
+                          }

+                          return url.origin;
+                      })(),
            };
-
        })(),
        extraPagesId,
        extraThemeProperties,
-        //We have to leave it at that otherwise we break our default theme. 
-        //Problem is that we can't guarantee that the the old resources common
-        //will still be available on the newer keycloak version. 
-        "keycloakVersion": "11.0.3"
+        //We have to leave it at that otherwise we break our default theme.
+        //Problem is that we can't guarantee that the the old resources
+        //will still be available on the newer keycloak version.
+        "keycloakVersion": "11.0.3",
    });

    const { jarFilePath } = generateJavaStackFiles({
-        version: parsedPackageJson.version,
+        "version": parsedPackageJson.version,
        themeName,
-        homepage: parsedPackageJson.homepage,
-        keycloakThemeBuildingDirPath
+        "homepage": parsedPackageJson.homepage,
+        keycloakThemeBuildingDirPath,
+        doBundleEmailTemplate,
    });

-    child_process.execSync(
-        "mvn package",
-        { "cwd": keycloakThemeBuildingDirPath }
-    );
+    child_process.execSync("mvn package", {
+        "cwd": keycloakThemeBuildingDirPath,
+    });

-    generateDebugFiles({
+    //We want, however to test in a container running the latest Keycloak version
+    const containerKeycloakVersion = "17.0.1";
+
+    generateStartKeycloakTestingContainer({
        keycloakThemeBuildingDirPath,
        themeName,
-        "keycloakVersion": "15.0.2"
+        "keycloakVersion": containerKeycloakVersion,
    });

-    console.log([
-        '',
-        `✅ Your keycloak theme has been generated and bundled into ./${pathRelative(reactProjectDirPath, jarFilePath)} 🚀`,
-        `It is to be placed in "/opt/jboss/keycloak/standalone/deployments" in the container running a jboss/keycloak Docker image.`,
-        '',
-        'Using Helm (https://github.com/codecentric/helm-charts), edit to reflect:',
-        '',
-        'value.yaml: ',
-        '    extraInitContainers: |',
-        '        - name: realm-ext-provider',
-        '          image: curlimages/curl',
-        '          imagePullPolicy: IfNotPresent',
-        '          command:',
-        '            - sh',
-        '          args:',
-        '            - -c',
-        `            - curl -L -f -S -o /extensions/${pathBasename(jarFilePath)} https://AN.URL.FOR/${pathBasename(jarFilePath)}`,
-        '          volumeMounts:',
-        '            - name: extensions',
-        '              mountPath: /extensions',
-        '        ',
-        '        extraVolumeMounts: |',
-        '            - name: extensions',
-        '              mountPath: /opt/jboss/keycloak/standalone/deployments',
-        '    extraEnv: |',
-        '    - name: KEYCLOAK_USER',
-        '      value: admin',
-        '    - name: KEYCLOAK_PASSWORD',
-        '      value: xxxxxxxxx',
-        '    - name: JAVA_OPTS',
-        '      value: -Dkeycloak.profile=preview',
-        '',
-        '',
-        'To test your theme locally, with hot reloading, you can spin up a Keycloak container image with the theme loaded by running:',
-        '',
-        `👉 $ ./${pathRelative(reactProjectDirPath, pathJoin(keycloakThemeBuildingDirPath, containerLaunchScriptBasename))} 👈`,
-        '',
-        'To enable the theme within keycloak log into the admin console ( 👉 http://localhost:8080 username: admin, password: admin 👈), create a realm (called "myrealm" for example),',
-        `go to your realm settings, click on the theme tab then select ${themeName}.`,
-        `More details: https://www.keycloak.org/getting-started/getting-started-docker`,
-        '',
-        'Once your container is up and configured 👉 http://localhost:8080/auth/realms/myrealm/account 👈',
-        '',
-    ].join("\n"));
-
+    console.log(
+        [
+            "",
+            `✅ Your keycloak theme has been generated and bundled into ./${pathRelative(reactProjectDirPath, jarFilePath)} 🚀`,
+            `It is to be placed in "/opt/jboss/keycloak/standalone/deployments" in the container running a jboss/keycloak Docker image.`,
+            "",
+            "Using Helm (https://github.com/codecentric/helm-charts), edit to reflect:",
+            "",
+            "value.yaml: ",
+            "    extraInitContainers: |",
+            "        - name: realm-ext-provider",
+            "          image: curlimages/curl",
+            "          imagePullPolicy: IfNotPresent",
+            "          command:",
+            "            - sh",
+            "          args:",
+            "            - -c",
+            `            - curl -L -f -S -o /extensions/${pathBasename(jarFilePath)} https://AN.URL.FOR/${pathBasename(jarFilePath)}`,
+            "          volumeMounts:",
+            "            - name: extensions",
+            "              mountPath: /extensions",
+            "        ",
+            "        extraVolumeMounts: |",
+            "            - name: extensions",
+            "              mountPath: /opt/jboss/keycloak/standalone/deployments",
+            "    extraEnv: |",
+            "    - name: KEYCLOAK_USER",
+            "      value: admin",
+            "    - name: KEYCLOAK_PASSWORD",
+            "      value: xxxxxxxxx",
+            "    - name: JAVA_OPTS",
+            "      value: -Dkeycloak.profile=preview",
+            "",
+            "",
+            `To test your theme locally you can spin up a Keycloak ${containerKeycloakVersion} container image with the theme pre loaded by running:`,
+            "",
+            `👉 $ ./${pathRelative(reactProjectDirPath, pathJoin(keycloakThemeBuildingDirPath, generateStartKeycloakTestingContainer.basename))} 👈`,
+            "",
+            "Test with different Keycloak versions by editing the .sh file. see available versions here: https://quay.io/repository/keycloak/keycloak?tab=tags",
+            "",
+            "Once your container is up and running: ",
+            "- Log into the admin console 👉 http://localhost:8080/admin username: admin, password: admin 👈",
+            '- Create a realm named "myrealm"',
+            '- Create a client with id "myclient" and root url: "https://www.keycloak.org/app/"',
+            `- Select Login Theme: ${themeName} (don't forget to save at the bottom of the page)`,
+            `- Go to 👉 https://www.keycloak.org/app/ 👈 Click "Save" then "Sign in". You should see your login page`,
+            "",
+            "Video demoing this process: https://youtu.be/N3wlBoH4hKg",
+            "",
+        ].join("\n"),
+    );
 }
--- a/src/bin/build-keycloak-theme/ftlValuesGlobalName.ts
+++ b/src/bin/build-keycloak-theme/ftlValuesGlobalName.ts
@ -1,2 +1 @@
-
-export const ftlValuesGlobalName = "kcContext";
+export const ftlValuesGlobalName = "kcContext";
--- a/src/bin/build-keycloak-theme/generateDebugFiles/generateDebugFiles.ts
+++ b/src/bin/build-keycloak-theme/generateDebugFiles/generateDebugFiles.ts
@ -1,95 +0,0 @@
-
-import * as fs from "fs";
-import { join as pathJoin, dirname as pathDirname, } from "path";
-
-export const containerLaunchScriptBasename = "start_keycloak_testing_container.sh";
-
-/** Files for being able to run a hot reload keycloak container */
-export function generateDebugFiles(
-    params: {
-        keycloakVersion: "11.0.3" | "15.0.2";
-        themeName: string;
-        keycloakThemeBuildingDirPath: string;
-    }
-) {
-
-    const { themeName, keycloakThemeBuildingDirPath, keycloakVersion } = params;
-
-    fs.writeFileSync(
-        pathJoin(keycloakThemeBuildingDirPath, "Dockerfile"),
-        Buffer.from(
-            [
-                `FROM jboss/keycloak:${keycloakVersion}`,
-                "",
-                "USER root",
-                "",
-                "WORKDIR /",
-                "",
-                "ADD configuration /opt/jboss/keycloak/standalone/configuration/",
-                "",
-                'ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]',
-            ].join("\n"),
-            "utf8"
-        )
-    );
-
-    const dockerImage = `${themeName}/keycloak-hot-reload`;
-    const containerName = "keycloak-testing-container";
-
-    fs.writeFileSync(
-        pathJoin(keycloakThemeBuildingDirPath, containerLaunchScriptBasename),
-        Buffer.from(
-            [
-                "#!/bin/bash",
-                "",
-                `cd ${keycloakThemeBuildingDirPath}`,
-                "",
-                `docker rm ${containerName} || true`,
-                "",
-                `docker build . -t ${dockerImage}`,
-                "",
-                "docker run \\",
-                "   -p 8080:8080 \\",
-                `   --name ${containerName} \\`,
-                "   -e KEYCLOAK_USER=admin \\",
-                "   -e KEYCLOAK_PASSWORD=admin \\",
-                "   -e JAVA_OPTS=-Dkeycloak.profile=preview \\",
-                `   -v ${pathJoin(keycloakThemeBuildingDirPath, "src", "main", "resources", "theme", themeName)
-                }:/opt/jboss/keycloak/themes/${themeName}:rw \\`,
-                `   -it ${dockerImage}:latest`,
-                ""
-            ].join("\n"),
-            "utf8"
-        ),
-        { "mode": 0o755 }
-    );
-
-    const standaloneHaFilePath = pathJoin(keycloakThemeBuildingDirPath, "configuration", `standalone-ha.xml`);
-
-    try { fs.mkdirSync(pathDirname(standaloneHaFilePath)); } catch { }
-
-    fs.writeFileSync(
-        standaloneHaFilePath,
-        fs.readFileSync(
-            pathJoin(
-                __dirname,
-                `standalone-ha_${keycloakVersion}.xml`
-            )
-        )
-            .toString("utf8")
-            .replace(
-                new RegExp([
-                    "<staticMaxAge>2592000</staticMaxAge>",
-                    "<cacheThemes>true</cacheThemes>",
-                    "<cacheTemplates>true</cacheTemplates>"
-                ].join("\\s*"), "g"
-                ),
-                [
-                    "<staticMaxAge>-1</staticMaxAge>",
-                    "<cacheThemes>false</cacheThemes>",
-                    "<cacheTemplates>false</cacheTemplates>"
-                ].join("\n")
-            )
-    );
-
-}
--- a/src/bin/build-keycloak-theme/generateDebugFiles/index.ts
+++ b/src/bin/build-keycloak-theme/generateDebugFiles/index.ts
@ -1 +0,0 @@
-export * from "./generateDebugFiles";
--- a/src/bin/build-keycloak-theme/generateDebugFiles/standalone-ha_11.0.3.xml
+++ b/src/bin/build-keycloak-theme/generateDebugFiles/standalone-ha_11.0.3.xml
@ -1,666 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-
-<server xmlns="urn:jboss:domain:13.0">
-    <extensions>
-        <extension module="org.jboss.as.clustering.infinispan"/>
-        <extension module="org.jboss.as.clustering.jgroups"/>
-        <extension module="org.jboss.as.connector"/>
-        <extension module="org.jboss.as.deployment-scanner"/>
-        <extension module="org.jboss.as.ee"/>
-        <extension module="org.jboss.as.ejb3"/>
-        <extension module="org.jboss.as.jaxrs"/>
-        <extension module="org.jboss.as.jmx"/>
-        <extension module="org.jboss.as.jpa"/>
-        <extension module="org.jboss.as.logging"/>
-        <extension module="org.jboss.as.mail"/>
-        <extension module="org.jboss.as.modcluster"/>
-        <extension module="org.jboss.as.naming"/>
-        <extension module="org.jboss.as.remoting"/>
-        <extension module="org.jboss.as.security"/>
-        <extension module="org.jboss.as.transactions"/>
-        <extension module="org.jboss.as.weld"/>
-        <extension module="org.keycloak.keycloak-server-subsystem"/>
-        <extension module="org.wildfly.extension.bean-validation"/>
-        <extension module="org.wildfly.extension.core-management"/>
-        <extension module="org.wildfly.extension.elytron"/>
-        <extension module="org.wildfly.extension.io"/>
-        <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
-        <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
-        <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
-        <extension module="org.wildfly.extension.request-controller"/>
-        <extension module="org.wildfly.extension.security.manager"/>
-        <extension module="org.wildfly.extension.undertow"/>
-    </extensions>
-    <management>
-        <security-realms>
-            <security-realm name="ManagementRealm">
-                <authentication>
-                    <local default-user="$local" skip-group-loading="true"/>
-                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
-                </authentication>
-                <authorization map-groups-to-roles="false">
-                    <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
-                </authorization>
-            </security-realm>
-            <security-realm name="ApplicationRealm">
-                <server-identities>
-                    <ssl>
-                        <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
-                    </ssl>
-                </server-identities>
-                <authentication>
-                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
-                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
-                </authentication>
-                <authorization>
-                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
-                </authorization>
-            </security-realm>
-        </security-realms>
-        <audit-log>
-            <formatters>
-                <json-formatter name="json-formatter"/>
-            </formatters>
-            <handlers>
-                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
-            </handlers>
-            <logger log-boot="true" log-read-only="false" enabled="false">
-                <handlers>
-                    <handler name="file"/>
-                </handlers>
-            </logger>
-        </audit-log>
-        <management-interfaces>
-            <http-interface security-realm="ManagementRealm">
-                <http-upgrade enabled="true"/>
-                <socket-binding http="management-http"/>
-            </http-interface>
-        </management-interfaces>
-        <access-control provider="simple">
-            <role-mapping>
-                <role name="SuperUser">
-                    <include>
-                        <user name="$local"/>
-                    </include>
-                </role>
-            </role-mapping>
-        </access-control>
-    </management>
-    <profile>
-        <subsystem xmlns="urn:jboss:domain:logging:8.0">
-            <console-handler name="CONSOLE">
-                <formatter>
-                    <named-formatter name="COLOR-PATTERN"/>
-                </formatter>
-            </console-handler>
-            <logger category="com.arjuna">
-                <level name="WARN"/>
-            </logger>
-            <logger category="io.jaegertracing.Configuration">
-                <level name="WARN"/>
-            </logger>
-            <logger category="org.jboss.as.config">
-                <level name="DEBUG"/>
-            </logger>
-            <logger category="sun.rmi">
-                <level name="WARN"/>
-            </logger>
-            <logger category="org.keycloak">
-                <level name="${env.KEYCLOAK_LOGLEVEL:INFO}"/>
-            </logger>
-            <root-logger>
-                <level name="${env.ROOT_LOGLEVEL:INFO}"/>
-                <handlers>
-                    <handler name="CONSOLE"/>
-                </handlers>
-            </root-logger>
-            <formatter name="PATTERN">
-                <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
-            </formatter>
-            <formatter name="COLOR-PATTERN">
-                <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
-            </formatter>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
-        <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
-        <subsystem xmlns="urn:jboss:domain:datasources:6.0">
-            <datasources>
-                <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-                    <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
-                    <driver>h2</driver>
-                    <security>
-                        <user-name>sa</user-name>
-                        <password>sa</password>
-                    </security>
-                </datasource>
-                <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-                    <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
-                    <driver>h2</driver>
-                    <pool>
-                        <max-pool-size>100</max-pool-size>
-                    </pool>
-                    <security>
-                        <user-name>sa</user-name>
-                        <password>sa</password>
-                    </security>
-                </datasource>
-                <drivers>
-                    <driver name="h2" module="com.h2database.h2">
-                        <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
-                    </driver>
-                </drivers>
-            </datasources>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
-            <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:ee:5.0">
-            <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
-            <concurrent>
-                <context-services>
-                    <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
-                </context-services>
-                <managed-thread-factories>
-                    <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
-                </managed-thread-factories>
-                <managed-executor-services>
-                    <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
-                </managed-executor-services>
-                <managed-scheduled-executor-services>
-                    <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
-                </managed-scheduled-executor-services>
-            </concurrent>
-            <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:ejb3:7.0">
-            <session-bean>
-                <stateless>
-                    <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
-                </stateless>
-                <stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
-                <singleton default-access-timeout="5000"/>
-            </session-bean>
-            <pools>
-                <bean-instance-pools>
-                    <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
-                    <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
-                </bean-instance-pools>
-            </pools>
-            <caches>
-                <cache name="simple"/>
-                <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
-            </caches>
-            <passivation-stores>
-                <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
-            </passivation-stores>
-            <async thread-pool-name="default"/>
-            <timer-service thread-pool-name="default" default-data-store="default-file-store">
-                <data-stores>
-                    <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
-                </data-stores>
-            </timer-service>
-            <remote connector-ref="http-remoting-connector" thread-pool-name="default">
-                <channel-creation-options>
-                    <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
-                </channel-creation-options>
-            </remote>
-            <thread-pools>
-                <thread-pool name="default">
-                    <max-threads count="10"/>
-                    <keepalive-time time="60" unit="seconds"/>
-                </thread-pool>
-            </thread-pools>
-            <default-security-domain value="other"/>
-            <default-missing-method-permissions-deny-access value="true"/>
-            <statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
-            <log-system-exceptions value="true"/>
-        </subsystem>
-        <subsystem xmlns="urn:wildfly:elytron:10.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
-            <providers>
-                <aggregate-providers name="combined-providers">
-                    <providers name="elytron"/>
-                    <providers name="openssl"/>
-                </aggregate-providers>
-                <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
-                <provider-loader name="openssl" module="org.wildfly.openssl"/>
-            </providers>
-            <audit-logging>
-                <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
-            </audit-logging>
-            <security-domains>
-                <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
-                    <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
-                    <realm name="local"/>
-                </security-domain>
-                <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
-                    <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
-                    <realm name="local" role-mapper="super-user-mapper"/>
-                </security-domain>
-            </security-domains>
-            <security-realms>
-                <identity-realm name="local" identity="$local"/>
-                <properties-realm name="ApplicationRealm">
-                    <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
-                    <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
-                </properties-realm>
-                <properties-realm name="ManagementRealm">
-                    <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
-                    <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
-                </properties-realm>
-            </security-realms>
-            <mappers>
-                <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
-                    <permission-mapping>
-                        <principal name="anonymous"/>
-                        <permission-set name="default-permissions"/>
-                    </permission-mapping>
-                    <permission-mapping match-all="true">
-                        <permission-set name="login-permission"/>
-                        <permission-set name="default-permissions"/>
-                    </permission-mapping>
-                </simple-permission-mapper>
-                <constant-realm-mapper name="local" realm-name="local"/>
-                <simple-role-decoder name="groups-to-roles" attribute="groups"/>
-                <constant-role-mapper name="super-user-mapper">
-                    <role name="SuperUser"/>
-                </constant-role-mapper>
-            </mappers>
-            <permission-sets>
-                <permission-set name="login-permission">
-                    <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
-                </permission-set>
-                <permission-set name="default-permissions">
-                    <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
-                    <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
-                    <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
-                </permission-set>
-            </permission-sets>
-            <http>
-                <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
-                    <mechanism-configuration>
-                        <mechanism mechanism-name="DIGEST">
-                            <mechanism-realm realm-name="ManagementRealm"/>
-                        </mechanism>
-                    </mechanism-configuration>
-                </http-authentication-factory>
-                <provider-http-server-mechanism-factory name="global"/>
-            </http>
-            <sasl>
-                <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
-                    <mechanism-configuration>
-                        <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
-                        <mechanism mechanism-name="DIGEST-MD5">
-                            <mechanism-realm realm-name="ApplicationRealm"/>
-                        </mechanism>
-                    </mechanism-configuration>
-                </sasl-authentication-factory>
-                <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
-                    <mechanism-configuration>
-                        <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
-                        <mechanism mechanism-name="DIGEST-MD5">
-                            <mechanism-realm realm-name="ManagementRealm"/>
-                        </mechanism>
-                    </mechanism-configuration>
-                </sasl-authentication-factory>
-                <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
-                    <properties>
-                        <property name="wildfly.sasl.local-user.default-user" value="$local"/>
-                    </properties>
-                </configurable-sasl-server-factory>
-                <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
-                    <filters>
-                        <filter provider-name="WildFlyElytron"/>
-                    </filters>
-                </mechanism-provider-filtering-sasl-server-factory>
-                <provider-sasl-server-factory name="global"/>
-            </sasl>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:infinispan:10.0">
-            <cache-container name="keycloak" module="org.keycloak.keycloak-model-infinispan">
-                <transport lock-timeout="60000"/>
-                <local-cache name="realms">
-                    <object-memory size="10000"/>
-                </local-cache>
-                <local-cache name="users">
-                    <object-memory size="10000"/>
-                </local-cache>
-                <local-cache name="authorization">
-                    <object-memory size="10000"/>
-                </local-cache>
-                <local-cache name="keys">
-                    <object-memory size="1000"/>
-                    <expiration max-idle="3600000"/>
-                </local-cache>
-                <replicated-cache name="work"/>
-                <distributed-cache name="sessions" owners="1"/>
-                <distributed-cache name="authenticationSessions" owners="1"/>
-                <distributed-cache name="offlineSessions" owners="1"/>
-                <distributed-cache name="clientSessions" owners="1"/>
-                <distributed-cache name="offlineClientSessions" owners="1"/>
-                <distributed-cache name="loginFailures" owners="1"/>
-                <distributed-cache name="actionTokens" owners="2">
-                    <object-memory size="-1"/>
-                    <expiration interval="300000" max-idle="-1"/>
-                </distributed-cache>
-            </cache-container>
-            <cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
-                <transport lock-timeout="60000"/>
-                <replicated-cache name="default">
-                    <transaction mode="BATCH"/>
-                </replicated-cache>
-            </cache-container>
-            <cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
-                <transport lock-timeout="60000"/>
-                <replicated-cache name="sso">
-                    <locking isolation="REPEATABLE_READ"/>
-                    <transaction mode="BATCH"/>
-                </replicated-cache>
-                <distributed-cache name="dist">
-                    <locking isolation="REPEATABLE_READ"/>
-                    <transaction mode="BATCH"/>
-                    <file-store/>
-                </distributed-cache>
-                <distributed-cache name="routing"/>
-            </cache-container>
-            <cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
-                <transport lock-timeout="60000"/>
-                <distributed-cache name="dist">
-                    <locking isolation="REPEATABLE_READ"/>
-                    <transaction mode="BATCH"/>
-                    <file-store/>
-                </distributed-cache>
-            </cache-container>
-            <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
-                <transport lock-timeout="60000"/>
-                <local-cache name="local-query">
-                    <object-memory size="10000"/>
-                    <expiration max-idle="100000"/>
-                </local-cache>
-                <invalidation-cache name="entity">
-                    <transaction mode="NON_XA"/>
-                    <object-memory size="10000"/>
-                    <expiration max-idle="100000"/>
-                </invalidation-cache>
-                <replicated-cache name="timestamps"/>
-            </cache-container>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:io:3.0">
-            <worker name="default"/>
-            <buffer-pool name="default"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
-        <subsystem xmlns="urn:jboss:domain:jca:5.0">
-            <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
-            <bean-validation enabled="true"/>
-            <default-workmanager>
-                <short-running-threads>
-                    <core-threads count="50"/>
-                    <queue-length count="50"/>
-                    <max-threads count="50"/>
-                    <keepalive-time time="10" unit="seconds"/>
-                </short-running-threads>
-                <long-running-threads>
-                    <core-threads count="50"/>
-                    <queue-length count="50"/>
-                    <max-threads count="50"/>
-                    <keepalive-time time="10" unit="seconds"/>
-                </long-running-threads>
-            </default-workmanager>
-            <cached-connection-manager/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:jgroups:8.0">
-            <channels default="ee">
-                <channel name="ee" stack="udp" cluster="ejb"/>
-            </channels>
-            <stacks>
-                <stack name="udp">
-                    <transport type="UDP" socket-binding="jgroups-udp"/>
-                    <protocol type="PING"/>
-                    <protocol type="MERGE3"/>
-                    <socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
-                    <protocol type="FD_ALL"/>
-                    <protocol type="VERIFY_SUSPECT"/>
-                    <protocol type="pbcast.NAKACK2"/>
-                    <protocol type="UNICAST3"/>
-                    <protocol type="pbcast.STABLE"/>
-                    <protocol type="pbcast.GMS"/>
-                    <protocol type="UFC"/>
-                    <protocol type="MFC"/>
-                    <protocol type="FRAG3"/>
-                </stack>
-                <stack name="tcp">
-                    <transport type="TCP" socket-binding="jgroups-tcp"/>
-                    <socket-protocol type="MPING" socket-binding="jgroups-mping"/>
-                    <protocol type="MERGE3"/>
-                    <socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
-                    <protocol type="FD_ALL"/>
-                    <protocol type="VERIFY_SUSPECT"/>
-                    <protocol type="pbcast.NAKACK2"/>
-                    <protocol type="UNICAST3"/>
-                    <protocol type="pbcast.STABLE"/>
-                    <protocol type="pbcast.GMS"/>
-                    <protocol type="MFC"/>
-                    <protocol type="FRAG3"/>
-                </stack>
-            </stacks>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:jmx:1.3">
-            <expose-resolved-model/>
-            <expose-expression-model/>
-            <remoting-connector/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:jpa:1.1">
-            <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-            <web-context>auth</web-context>
-            <providers>
-                <provider>
-                    classpath:${jboss.home.dir}/providers/*
-                </provider>
-            </providers>
-            <master-realm-name>master</master-realm-name>
-            <scheduled-task-interval>900</scheduled-task-interval>
-            <theme>
-                <staticMaxAge>2592000</staticMaxAge>
-                <cacheThemes>true</cacheThemes>
-                <cacheTemplates>true</cacheTemplates>
-                <welcomeTheme>${env.KEYCLOAK_WELCOME_THEME:keycloak}</welcomeTheme>
-                <default>${env.KEYCLOAK_DEFAULT_THEME:keycloak}</default>
-                <dir>${jboss.home.dir}/themes</dir>
-            </theme>
-            <spi name="eventsStore">
-                <provider name="jpa" enabled="true">
-                    <properties>
-                        <property name="exclude-events" value="[&quot;REFRESH_TOKEN&quot;]"/>
-                    </properties>
-                </provider>
-            </spi>
-            <spi name="userCache">
-                <provider name="default" enabled="true"/>
-            </spi>
-            <spi name="userSessionPersister">
-                <default-provider>jpa</default-provider>
-            </spi>
-            <spi name="timer">
-                <default-provider>basic</default-provider>
-            </spi>
-            <spi name="connectionsHttpClient">
-                <provider name="default" enabled="true"/>
-            </spi>
-            <spi name="connectionsJpa">
-                <provider name="default" enabled="true">
-                    <properties>
-                        <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
-                        <property name="initializeEmpty" value="true"/>
-                        <property name="migrationStrategy" value="update"/>
-                        <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
-                    </properties>
-                </provider>
-            </spi>
-            <spi name="realmCache">
-                <provider name="default" enabled="true"/>
-            </spi>
-            <spi name="connectionsInfinispan">
-                <default-provider>default</default-provider>
-                <provider name="default" enabled="true">
-                    <properties>
-                        <property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
-                    </properties>
-                </provider>
-            </spi>
-            <spi name="jta-lookup">
-                <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
-                <provider name="jboss" enabled="true"/>
-            </spi>
-            <spi name="publicKeyStorage">
-                <provider name="infinispan" enabled="true">
-                    <properties>
-                        <property name="minTimeBetweenRequests" value="10"/>
-                    </properties>
-                </provider>
-            </spi>
-            <spi name="x509cert-lookup">
-                <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
-                <provider name="default" enabled="true"/>
-            </spi>
-            <spi name="hostname">
-                <default-provider>${keycloak.hostname.provider:default}</default-provider>
-                <provider name="default" enabled="true">
-                    <properties>
-                        <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
-                        <property name="forceBackendUrlToFrontendUrl" value="false"/>
-                    </properties>
-                </provider>
-                <provider name="fixed" enabled="true">
-                    <properties>
-                        <property name="hostname" value="${keycloak.hostname.fixed.hostname:localhost}"/>
-                        <property name="httpPort" value="${keycloak.hostname.fixed.httpPort:-1}"/>
-                        <property name="httpsPort" value="${keycloak.hostname.fixed.httpsPort:-1}"/>
-                        <property name="alwaysHttps" value="${keycloak.hostname.fixed.alwaysHttps:false}"/>
-                    </properties>
-                </provider>
-            </spi>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:mail:4.0">
-            <mail-session name="default" jndi-name="java:jboss/mail/Default">
-                <smtp-server outbound-socket-binding-ref="mail-smtp"/>
-            </mail-session>
-        </subsystem>
-        <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
-        <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
-        <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
-        <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
-            <proxy name="default" advertise-socket="modcluster" listener="ajp">
-                <dynamic-load-provider>
-                    <load-metric type="cpu"/>
-                </dynamic-load-provider>
-            </proxy>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:naming:2.0">
-            <remote-naming/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:remoting:4.0">
-            <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
-        <subsystem xmlns="urn:jboss:domain:security:2.0">
-            <security-domains>
-                <security-domain name="other" cache-type="default">
-                    <authentication>
-                        <login-module code="Remoting" flag="optional">
-                            <module-option name="password-stacking" value="useFirstPass"/>
-                        </login-module>
-                        <login-module code="RealmDirect" flag="required">
-                            <module-option name="password-stacking" value="useFirstPass"/>
-                        </login-module>
-                    </authentication>
-                </security-domain>
-                <security-domain name="jboss-web-policy" cache-type="default">
-                    <authorization>
-                        <policy-module code="Delegating" flag="required"/>
-                    </authorization>
-                </security-domain>
-                <security-domain name="jaspitest" cache-type="default">
-                    <authentication-jaspi>
-                        <login-module-stack name="dummy">
-                            <login-module code="Dummy" flag="optional"/>
-                        </login-module-stack>
-                        <auth-module code="Dummy"/>
-                    </authentication-jaspi>
-                </security-domain>
-                <security-domain name="jboss-ejb-policy" cache-type="default">
-                    <authorization>
-                        <policy-module code="Delegating" flag="required"/>
-                    </authorization>
-                </security-domain>
-            </security-domains>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
-            <deployment-permissions>
-                <maximum-set>
-                    <permission class="java.security.AllPermission"/>
-                </maximum-set>
-            </deployment-permissions>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:transactions:5.0">
-            <core-environment node-identifier="${jboss.tx.node.id:1}">
-                <process-id>
-                    <uuid/>
-                </process-id>
-            </core-environment>
-            <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
-            <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
-            <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:undertow:11.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
-            <buffer-cache name="default"/>
-            <server name="default-server">
-                <ajp-listener name="ajp" socket-binding="ajp"/>
-                <http-listener name="default" read-timeout="30000" socket-binding="http" redirect-socket="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" enable-http2="true"/>
-                <https-listener name="https" read-timeout="30000" socket-binding="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" security-realm="ApplicationRealm" enable-http2="true"/>
-                <host name="default-host" alias="localhost">
-                    <location name="/" handler="welcome-content"/>
-                    <http-invoker security-realm="ApplicationRealm"/>
-                </host>
-            </server>
-            <servlet-container name="default">
-                <jsp-config/>
-                <websockets/>
-            </servlet-container>
-            <handlers>
-                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
-            </handlers>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
-    </profile>
-    <interfaces>
-        <interface name="management">
-            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
-        </interface>
-        <interface name="private">
-            <inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
-        </interface>
-        <interface name="public">
-            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
-        </interface>
-    </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
-        <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
-        <socket-binding name="http" port="${jboss.http.port:8080}"/>
-        <socket-binding name="https" port="${jboss.https.port:8443}"/>
-        <socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
-        <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
-        <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
-        <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
-        <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
-        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
-        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
-        <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
-        <socket-binding name="txn-recovery-environment" port="4712"/>
-        <socket-binding name="txn-status-manager" port="4713"/>
-        <outbound-socket-binding name="mail-smtp">
-            <remote-destination host="localhost" port="25"/>
-        </outbound-socket-binding>
-    </socket-binding-group>
-</server>
--- a/src/bin/build-keycloak-theme/generateDebugFiles/standalone-ha_15.0.2.xml
+++ b/src/bin/build-keycloak-theme/generateDebugFiles/standalone-ha_15.0.2.xml
@ -1,693 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-
-<server xmlns="urn:jboss:domain:16.0">
-    <extensions>
-        <extension module="org.jboss.as.clustering.infinispan"/>
-        <extension module="org.jboss.as.clustering.jgroups"/>
-        <extension module="org.jboss.as.connector"/>
-        <extension module="org.jboss.as.deployment-scanner"/>
-        <extension module="org.jboss.as.ee"/>
-        <extension module="org.jboss.as.ejb3"/>
-        <extension module="org.jboss.as.jaxrs"/>
-        <extension module="org.jboss.as.jmx"/>
-        <extension module="org.jboss.as.jpa"/>
-        <extension module="org.jboss.as.logging"/>
-        <extension module="org.jboss.as.mail"/>
-        <extension module="org.jboss.as.modcluster"/>
-        <extension module="org.jboss.as.naming"/>
-        <extension module="org.jboss.as.remoting"/>
-        <extension module="org.jboss.as.security"/>
-        <extension module="org.jboss.as.transactions"/>
-        <extension module="org.jboss.as.weld"/>
-        <extension module="org.keycloak.keycloak-server-subsystem"/>
-        <extension module="org.wildfly.extension.bean-validation"/>
-        <extension module="org.wildfly.extension.core-management"/>
-        <extension module="org.wildfly.extension.elytron"/>
-        <extension module="org.wildfly.extension.health"/>
-        <extension module="org.wildfly.extension.io"/>
-        <extension module="org.wildfly.extension.metrics"/>
-        <extension module="org.wildfly.extension.request-controller"/>
-        <extension module="org.wildfly.extension.security.manager"/>
-        <extension module="org.wildfly.extension.undertow"/>
-    </extensions>
-    <management>
-        <security-realms>
-            <security-realm name="ManagementRealm">
-                <authentication>
-                    <local default-user="$local" skip-group-loading="true"/>
-                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
-                </authentication>
-                <authorization map-groups-to-roles="false">
-                    <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
-                </authorization>
-            </security-realm>
-            <security-realm name="ApplicationRealm">
-                <server-identities>
-                    <ssl>
-                        <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
-                    </ssl>
-                </server-identities>
-                <authentication>
-                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
-                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
-                </authentication>
-                <authorization>
-                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
-                </authorization>
-            </security-realm>
-        </security-realms>
-        <audit-log>
-            <formatters>
-                <json-formatter name="json-formatter"/>
-            </formatters>
-            <handlers>
-                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
-            </handlers>
-            <logger log-boot="true" log-read-only="false" enabled="false">
-                <handlers>
-                    <handler name="file"/>
-                </handlers>
-            </logger>
-        </audit-log>
-        <management-interfaces>
-            <http-interface security-realm="ManagementRealm">
-                <http-upgrade enabled="true"/>
-                <socket-binding http="management-http"/>
-            </http-interface>
-        </management-interfaces>
-        <access-control provider="simple">
-            <role-mapping>
-                <role name="SuperUser">
-                    <include>
-                        <user name="$local"/>
-                    </include>
-                </role>
-            </role-mapping>
-        </access-control>
-    </management>
-    <profile>
-        <subsystem xmlns="urn:jboss:domain:logging:8.0">
-            <console-handler name="CONSOLE">
-                <formatter>
-                    <named-formatter name="COLOR-PATTERN"/>
-                </formatter>
-            </console-handler>
-            <logger category="com.arjuna">
-                <level name="WARN"/>
-            </logger>
-            <logger category="io.jaegertracing.Configuration">
-                <level name="WARN"/>
-            </logger>
-            <logger category="org.jboss.as.config">
-                <level name="DEBUG"/>
-            </logger>
-            <logger category="sun.rmi">
-                <level name="WARN"/>
-            </logger>
-            <logger category="org.keycloak">
-                <level name="${env.KEYCLOAK_LOGLEVEL:INFO}"/>
-            </logger>
-            <root-logger>
-                <level name="${env.ROOT_LOGLEVEL:INFO}"/>
-                <handlers>
-                    <handler name="CONSOLE"/>
-                </handlers>
-            </root-logger>
-            <formatter name="PATTERN">
-                <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
-            </formatter>
-            <formatter name="COLOR-PATTERN">
-                <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
-            </formatter>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
-        <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
-        <subsystem xmlns="urn:jboss:domain:datasources:6.0">
-            <datasources>
-                <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-                    <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
-                    <driver>h2</driver>
-                    <security>
-                        <user-name>sa</user-name>
-                        <password>sa</password>
-                    </security>
-                </datasource>
-                <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-                    <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
-                    <driver>h2</driver>
-                    <security>
-                        <user-name>sa</user-name>
-                        <password>sa</password>
-                    </security>
-                </datasource>
-                <drivers>
-                    <driver name="h2" module="com.h2database.h2">
-                        <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
-                    </driver>
-                </drivers>
-            </datasources>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
-            <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:ee:6.0">
-            <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
-            <concurrent>
-                <context-services>
-                    <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
-                </context-services>
-                <managed-thread-factories>
-                    <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
-                </managed-thread-factories>
-                <managed-executor-services>
-                    <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
-                </managed-executor-services>
-                <managed-scheduled-executor-services>
-                    <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
-                </managed-scheduled-executor-services>
-            </concurrent>
-            <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
-            <session-bean>
-                <stateless>
-                    <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
-                </stateless>
-                <stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
-                <singleton default-access-timeout="5000"/>
-            </session-bean>
-            <pools>
-                <bean-instance-pools>
-                    <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
-                    <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
-                </bean-instance-pools>
-            </pools>
-            <caches>
-                <cache name="simple"/>
-                <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
-            </caches>
-            <passivation-stores>
-                <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
-            </passivation-stores>
-            <async thread-pool-name="default"/>
-            <timer-service thread-pool-name="default" default-data-store="default-file-store">
-                <data-stores>
-                    <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
-                </data-stores>
-            </timer-service>
-            <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
-                <channel-creation-options>
-                    <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
-                </channel-creation-options>
-            </remote>
-            <thread-pools>
-                <thread-pool name="default">
-                    <max-threads count="10"/>
-                    <keepalive-time time="60" unit="seconds"/>
-                </thread-pool>
-            </thread-pools>
-            <default-security-domain value="other"/>
-            <default-missing-method-permissions-deny-access value="true"/>
-            <statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
-            <log-system-exceptions value="true"/>
-        </subsystem>
-        <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
-            <providers>
-                <aggregate-providers name="combined-providers">
-                    <providers name="elytron"/>
-                    <providers name="openssl"/>
-                </aggregate-providers>
-                <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
-                <provider-loader name="openssl" module="org.wildfly.openssl"/>
-            </providers>
-            <audit-logging>
-                <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
-            </audit-logging>
-            <security-domains>
-                <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
-                    <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
-                    <realm name="local"/>
-                </security-domain>
-                <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
-                    <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
-                    <realm name="local" role-mapper="super-user-mapper"/>
-                </security-domain>
-            </security-domains>
-            <security-realms>
-                <identity-realm name="local" identity="$local"/>
-                <properties-realm name="ApplicationRealm">
-                    <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
-                    <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
-                </properties-realm>
-                <properties-realm name="ManagementRealm">
-                    <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
-                    <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
-                </properties-realm>
-            </security-realms>
-            <mappers>
-                <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
-                    <permission-mapping>
-                        <principal name="anonymous"/>
-                        <permission-set name="default-permissions"/>
-                    </permission-mapping>
-                    <permission-mapping match-all="true">
-                        <permission-set name="login-permission"/>
-                        <permission-set name="default-permissions"/>
-                    </permission-mapping>
-                </simple-permission-mapper>
-                <constant-realm-mapper name="local" realm-name="local"/>
-                <simple-role-decoder name="groups-to-roles" attribute="groups"/>
-                <constant-role-mapper name="super-user-mapper">
-                    <role name="SuperUser"/>
-                </constant-role-mapper>
-            </mappers>
-            <permission-sets>
-                <permission-set name="login-permission">
-                    <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
-                </permission-set>
-                <permission-set name="default-permissions">
-                    <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
-                    <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
-                    <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
-                    <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
-                </permission-set>
-            </permission-sets>
-            <http>
-                <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
-                    <mechanism-configuration>
-                        <mechanism mechanism-name="DIGEST">
-                            <mechanism-realm realm-name="ManagementRealm"/>
-                        </mechanism>
-                    </mechanism-configuration>
-                </http-authentication-factory>
-                <provider-http-server-mechanism-factory name="global"/>
-            </http>
-            <sasl>
-                <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
-                    <mechanism-configuration>
-                        <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
-                        <mechanism mechanism-name="DIGEST-MD5">
-                            <mechanism-realm realm-name="ApplicationRealm"/>
-                        </mechanism>
-                    </mechanism-configuration>
-                </sasl-authentication-factory>
-                <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
-                    <mechanism-configuration>
-                        <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
-                        <mechanism mechanism-name="DIGEST-MD5">
-                            <mechanism-realm realm-name="ManagementRealm"/>
-                        </mechanism>
-                    </mechanism-configuration>
-                </sasl-authentication-factory>
-                <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
-                    <properties>
-                        <property name="wildfly.sasl.local-user.default-user" value="$local"/>
-                    </properties>
-                </configurable-sasl-server-factory>
-                <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
-                    <filters>
-                        <filter provider-name="WildFlyElytron"/>
-                    </filters>
-                </mechanism-provider-filtering-sasl-server-factory>
-                <provider-sasl-server-factory name="global"/>
-            </sasl>
-            <tls>
-                <key-stores>
-                    <key-store name="applicationKS">
-                        <credential-reference clear-text="password"/>
-                        <implementation type="JKS"/>
-                        <file path="application.keystore" relative-to="jboss.server.config.dir"/>
-                    </key-store>
-                </key-stores>
-                <key-managers>
-                    <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
-                        <credential-reference clear-text="password"/>
-                    </key-manager>
-                </key-managers>
-                <server-ssl-contexts>
-                    <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
-                </server-ssl-contexts>
-            </tls>
-        </subsystem>
-        <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
-        <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
-            <cache-container name="ejb" default-cache="dist" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
-                <transport lock-timeout="60000"/>
-                <distributed-cache name="dist">
-                    <locking isolation="REPEATABLE_READ"/>
-                    <transaction mode="BATCH"/>
-                    <file-store/>
-                </distributed-cache>
-            </cache-container>
-            <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
-                <transport lock-timeout="60000"/>
-                <local-cache name="realms">
-                    <heap-memory size="10000"/>
-                </local-cache>
-                <local-cache name="users">
-                    <heap-memory size="10000"/>
-                </local-cache>
-                <local-cache name="authorization">
-                    <heap-memory size="10000"/>
-                </local-cache>
-                <local-cache name="keys">
-                    <heap-memory size="1000"/>
-                    <expiration max-idle="3600000"/>
-                </local-cache>
-                <replicated-cache name="work">
-                    <expiration lifespan="900000000000000000"/>
-                </replicated-cache>
-                <distributed-cache name="sessions" owners="1">
-                    <expiration lifespan="900000000000000000"/>
-                </distributed-cache>
-                <distributed-cache name="authenticationSessions" owners="1">
-                    <expiration lifespan="900000000000000000"/>
-                </distributed-cache>
-                <distributed-cache name="offlineSessions" owners="1">
-                    <expiration lifespan="900000000000000000"/>
-                </distributed-cache>
-                <distributed-cache name="clientSessions" owners="1">
-                    <expiration lifespan="900000000000000000"/>
-                </distributed-cache>
-                <distributed-cache name="offlineClientSessions" owners="1">
-                    <expiration lifespan="900000000000000000"/>
-                </distributed-cache>
-                <distributed-cache name="loginFailures" owners="1">
-                    <expiration lifespan="900000000000000000"/>
-                </distributed-cache>
-                <distributed-cache name="actionTokens" owners="2">
-                    <heap-memory size="-1"/>
-                    <expiration interval="300000" lifespan="900000000000000000" max-idle="-1"/>
-                </distributed-cache>
-            </cache-container>
-            <cache-container name="server" default-cache="default" aliases="singleton cluster" modules="org.wildfly.clustering.server">
-                <transport lock-timeout="60000"/>
-                <replicated-cache name="default">
-                    <transaction mode="BATCH"/>
-                </replicated-cache>
-            </cache-container>
-            <cache-container name="web" default-cache="dist" modules="org.wildfly.clustering.web.infinispan">
-                <transport lock-timeout="60000"/>
-                <replicated-cache name="sso">
-                    <locking isolation="REPEATABLE_READ"/>
-                    <transaction mode="BATCH"/>
-                </replicated-cache>
-                <distributed-cache name="dist">
-                    <locking isolation="REPEATABLE_READ"/>
-                    <transaction mode="BATCH"/>
-                    <file-store/>
-                </distributed-cache>
-                <distributed-cache name="routing"/>
-            </cache-container>
-            <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
-                <transport lock-timeout="60000"/>
-                <local-cache name="local-query">
-                    <heap-memory size="10000"/>
-                    <expiration max-idle="100000"/>
-                </local-cache>
-                <invalidation-cache name="entity">
-                    <transaction mode="NON_XA"/>
-                    <heap-memory size="10000"/>
-                    <expiration max-idle="100000"/>
-                </invalidation-cache>
-                <replicated-cache name="timestamps"/>
-            </cache-container>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:io:3.0">
-            <worker name="default"/>
-            <buffer-pool name="default"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
-        <subsystem xmlns="urn:jboss:domain:jca:5.0">
-            <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
-            <bean-validation enabled="true"/>
-            <default-workmanager>
-                <short-running-threads>
-                    <core-threads count="50"/>
-                    <queue-length count="50"/>
-                    <max-threads count="50"/>
-                    <keepalive-time time="10" unit="seconds"/>
-                </short-running-threads>
-                <long-running-threads>
-                    <core-threads count="50"/>
-                    <queue-length count="50"/>
-                    <max-threads count="50"/>
-                    <keepalive-time time="10" unit="seconds"/>
-                </long-running-threads>
-            </default-workmanager>
-            <cached-connection-manager/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:jgroups:8.0">
-            <channels default="ee">
-                <channel name="ee" stack="udp" cluster="ejb"/>
-            </channels>
-            <stacks>
-                <stack name="udp">
-                    <transport type="UDP" socket-binding="jgroups-udp"/>
-                    <protocol type="PING"/>
-                    <protocol type="MERGE3"/>
-                    <socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
-                    <protocol type="FD_ALL"/>
-                    <protocol type="VERIFY_SUSPECT"/>
-                    <protocol type="pbcast.NAKACK2"/>
-                    <protocol type="UNICAST3"/>
-                    <protocol type="pbcast.STABLE"/>
-                    <protocol type="pbcast.GMS"/>
-                    <protocol type="UFC"/>
-                    <protocol type="MFC"/>
-                    <protocol type="FRAG3"/>
-                </stack>
-                <stack name="tcp">
-                    <transport type="TCP" socket-binding="jgroups-tcp"/>
-                    <socket-protocol type="MPING" socket-binding="jgroups-mping"/>
-                    <protocol type="MERGE3"/>
-                    <socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
-                    <protocol type="FD_ALL"/>
-                    <protocol type="VERIFY_SUSPECT"/>
-                    <protocol type="pbcast.NAKACK2"/>
-                    <protocol type="UNICAST3"/>
-                    <protocol type="pbcast.STABLE"/>
-                    <protocol type="pbcast.GMS"/>
-                    <protocol type="MFC"/>
-                    <protocol type="FRAG3"/>
-                </stack>
-            </stacks>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:jmx:1.3">
-            <expose-resolved-model/>
-            <expose-expression-model/>
-            <remoting-connector/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:jpa:1.1">
-            <jpa default-extended-persistence-inheritance="DEEP"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-            <web-context>auth</web-context>
-            <providers>
-                <provider>
-                    classpath:${jboss.home.dir}/providers/*
-                </provider>
-            </providers>
-            <master-realm-name>master</master-realm-name>
-            <scheduled-task-interval>900</scheduled-task-interval>
-            <theme>
-                <staticMaxAge>2592000</staticMaxAge>
-                <cacheThemes>true</cacheThemes>
-                <cacheTemplates>true</cacheTemplates>
-                <welcomeTheme>${env.KEYCLOAK_WELCOME_THEME:keycloak}</welcomeTheme>
-                <default>${env.KEYCLOAK_DEFAULT_THEME:keycloak}</default>
-                <dir>${jboss.home.dir}/themes</dir>
-            </theme>
-            <spi name="eventsStore">
-                <provider name="jpa" enabled="true">
-                    <properties>
-                        <property name="exclude-events" value="[&quot;REFRESH_TOKEN&quot;]"/>
-                    </properties>
-                </provider>
-            </spi>
-            <spi name="userCache">
-                <provider name="default" enabled="true"/>
-            </spi>
-            <spi name="userSessionPersister">
-                <default-provider>jpa</default-provider>
-            </spi>
-            <spi name="timer">
-                <default-provider>basic</default-provider>
-            </spi>
-            <spi name="connectionsHttpClient">
-                <provider name="default" enabled="true"/>
-            </spi>
-            <spi name="connectionsJpa">
-                <provider name="default" enabled="true">
-                    <properties>
-                        <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
-                        <property name="initializeEmpty" value="true"/>
-                        <property name="migrationStrategy" value="update"/>
-                        <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
-                    </properties>
-                </provider>
-            </spi>
-            <spi name="realmCache">
-                <provider name="default" enabled="true"/>
-            </spi>
-            <spi name="connectionsInfinispan">
-                <default-provider>default</default-provider>
-                <provider name="default" enabled="true">
-                    <properties>
-                        <property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
-                    </properties>
-                </provider>
-            </spi>
-            <spi name="jta-lookup">
-                <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
-                <provider name="jboss" enabled="true"/>
-            </spi>
-            <spi name="publicKeyStorage">
-                <provider name="infinispan" enabled="true">
-                    <properties>
-                        <property name="minTimeBetweenRequests" value="10"/>
-                    </properties>
-                </provider>
-            </spi>
-            <spi name="x509cert-lookup">
-                <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
-                <provider name="default" enabled="true"/>
-            </spi>
-            <spi name="hostname">
-                <default-provider>${keycloak.hostname.provider:default}</default-provider>
-                <provider name="default" enabled="true">
-                    <properties>
-                        <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
-                        <property name="forceBackendUrlToFrontendUrl" value="false"/>
-                    </properties>
-                </provider>
-                <provider name="fixed" enabled="true">
-                    <properties>
-                        <property name="hostname" value="${keycloak.hostname.fixed.hostname:localhost}"/>
-                        <property name="httpPort" value="${keycloak.hostname.fixed.httpPort:-1}"/>
-                        <property name="httpsPort" value="${keycloak.hostname.fixed.httpsPort:-1}"/>
-                        <property name="alwaysHttps" value="${keycloak.hostname.fixed.alwaysHttps:false}"/>
-                    </properties>
-                </provider>
-            </spi>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:mail:4.0">
-            <mail-session name="default" jndi-name="java:jboss/mail/Default">
-                <smtp-server outbound-socket-binding-ref="mail-smtp"/>
-            </mail-session>
-        </subsystem>
-        <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
-        <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
-            <proxy name="default" advertise-socket="modcluster" listener="ajp">
-                <dynamic-load-provider>
-                    <load-metric type="cpu"/>
-                </dynamic-load-provider>
-            </proxy>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:naming:2.0">
-            <remote-naming/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:remoting:4.0">
-            <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
-        <subsystem xmlns="urn:jboss:domain:security:2.0">
-            <security-domains>
-                <security-domain name="other" cache-type="default">
-                    <authentication>
-                        <login-module code="Remoting" flag="optional">
-                            <module-option name="password-stacking" value="useFirstPass"/>
-                        </login-module>
-                        <login-module code="RealmDirect" flag="required">
-                            <module-option name="password-stacking" value="useFirstPass"/>
-                        </login-module>
-                    </authentication>
-                </security-domain>
-                <security-domain name="jboss-web-policy" cache-type="default">
-                    <authorization>
-                        <policy-module code="Delegating" flag="required"/>
-                    </authorization>
-                </security-domain>
-                <security-domain name="jaspitest" cache-type="default">
-                    <authentication-jaspi>
-                        <login-module-stack name="dummy">
-                            <login-module code="Dummy" flag="optional"/>
-                        </login-module-stack>
-                        <auth-module code="Dummy"/>
-                    </authentication-jaspi>
-                </security-domain>
-                <security-domain name="jboss-ejb-policy" cache-type="default">
-                    <authorization>
-                        <policy-module code="Delegating" flag="required"/>
-                    </authorization>
-                </security-domain>
-            </security-domains>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
-            <deployment-permissions>
-                <maximum-set>
-                    <permission class="java.security.AllPermission"/>
-                </maximum-set>
-            </deployment-permissions>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:transactions:6.0">
-            <core-environment node-identifier="${jboss.tx.node.id:1}">
-                <process-id>
-                    <uuid/>
-                </process-id>
-            </core-environment>
-            <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
-            <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
-            <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
-            <buffer-cache name="default"/>
-            <server name="default-server">
-                <ajp-listener name="ajp" socket-binding="ajp"/>
-                <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" enable-http2="true"/>
-                <https-listener name="https" socket-binding="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" security-realm="ApplicationRealm" enable-http2="true"/>
-                <host name="default-host" alias="localhost">
-                    <location name="/" handler="welcome-content"/>
-                    <http-invoker security-realm="ApplicationRealm"/>
-                </host>
-            </server>
-            <servlet-container name="default">
-                <jsp-config/>
-                <websockets/>
-            </servlet-container>
-            <handlers>
-                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
-            </handlers>
-        </subsystem>
-        <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
-    </profile>
-    <interfaces>
-        <interface name="management">
-            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
-        </interface>
-        <interface name="private">
-            <inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
-        </interface>
-        <interface name="public">
-            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
-        </interface>
-    </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
-        <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
-        <socket-binding name="http" port="${jboss.http.port:8080}"/>
-        <socket-binding name="https" port="${jboss.https.port:8443}"/>
-        <socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
-        <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
-        <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
-        <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
-        <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
-        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
-        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
-        <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
-        <socket-binding name="txn-recovery-environment" port="4712"/>
-        <socket-binding name="txn-status-manager" port="4713"/>
-        <outbound-socket-binding name="mail-smtp">
-            <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
-        </outbound-socket-binding>
-    </socket-binding-group>
-</server>
--- a/src/bin/build-keycloak-theme/generateFtl/Object.deepAssign.js
+++ b/src/bin/build-keycloak-theme/generateFtl/Object.deepAssign.js
@ -1,28 +0,0 @@
-
-Object.defineProperty(
-    Object,
-    "deepAssign",
-    {
-        "value": function callee(target, source) {
-            Object.keys(source).forEach(function (key) {
-                var value = source[key];
-                if (target[key] === undefined) {
-                    target[key] = value;
-                    return;
-                }
-                if (value instanceof Object) {
-                    if (value instanceof Array) {
-                        value.forEach(function (entry) {
-                            target[key].push(entry);
-                        });
-                        return;
-                    }
-                    callee(target[key], value);
-                    return;
-                }
-                target[key] = value;
-            });
-            return target;
-        }
-    }
-);
--- a/src/bin/build-keycloak-theme/generateFtl/common.ftl
+++ b/src/bin/build-keycloak-theme/generateFtl/common.ftl
@ -1,193 +0,0 @@
-<script>const _= 
-<#macro objectToJson object depth>
-    <@compress>
-
-        <#local isHash = false>
-        <#attempt>
-            <#local isHash = object?is_hash || object?is_hash_ex>
-        <#recover>
-            /* can't evaluate if object is hash */
-            undefined
-            <#return>
-        </#attempt>
-        <#if isHash>
-
-            <#local keys = "">
-
-            <#attempt>
-                <#local keys = object?keys>
-            <#recover>
-                /* can't list keys of object */
-                undefined
-                <#return>
-            </#attempt>
-
-            {${'\n'}
-
-            <#list keys as key>
-
-                <#if key == "class">
-                    /* skipping "class" property of object */
-                    <#continue>
-                </#if>
-
-                <#local value = "">
-
-                <#attempt>
-                    <#local value = object[key]>
-                <#recover>
-                    /* couldn't dereference ${key} of object */
-                    <#continue>
-                </#attempt>
-
-                <#if depth gt 4>
-                    /* Avoid calling recustively too many times depth: ${depth}, key: ${key} */
-                    <#continue>
-                </#if>
-
-                "${key}": <@objectToJson object=value depth=depth+1/>,
-
-            </#list>
-
-            }${'\n'}
-
-            <#return>
-
-        </#if>
-
-
-        <#local isMethod = "">
-        <#attempt>
-            <#local isMethod = object?is_method>
-        <#recover>
-            /* can't test if object is a method */
-            undefined
-            <#return>
-        </#attempt>
-
-        <#if isMethod>
-            undefined
-            <#return>
-        </#if>
-
-
-
-        <#local isBoolean = "">
-        <#attempt>
-            <#local isBoolean = object?is_boolean>
-        <#recover>
-            /* can't test if object is a boolean */
-            undefined
-            <#return>
-        </#attempt>
-
-        <#if isBoolean>
-            ${object?c}
-            <#return>
-        </#if>
-
-
-        <#local isEnumerable = "">
-        <#attempt>
-            <#local isEnumerable = object?is_enumerable>
-        <#recover>
-            /* can't test if object is enumerable */
-            undefined
-            <#return>
-        </#attempt>
-
-        <#if isEnumerable>
-
-            [${'\n'}
-
-            <#list object as item>
-
-                <@objectToJson object=item depth=depth+1/>,
-
-            </#list>
-
-            ]${'\n'}
-
-            <#return>
-        </#if>
-
-
-        <#attempt>
-            "${object?replace('"', '\\"')?no_esc}"
-        <#recover>
-            /* couldn't convert into string non hash, non method, non boolean, non enumerable object */
-            undefined;
-            <#return>
-        </#attempt>
-
-
-    </@compress>
-</#macro>
-
-(()=>{
-
-    //Removing all the undefined
-    const obj = JSON.parse(JSON.stringify(<@objectToJson object=.data_model depth=0 />));
-
-    //Freemarker values that can't be automatically converted into a JavaScript object.
-    Object.deepAssign(
-        obj,
-        { 
-            "messagesPerField": {
-                "printIfExists": function (key, x) {
-                    switch(key){
-                        case "userLabel": return (function (){
-                            <#attempt>
-                                return "${messagesPerField.printIfExists('userLabel','1')}" ? x : undefined;
-                            <#recover>
-                            </#attempt>
-                        })();
-                        case "username": return (function (){
-                            <#attempt>
-                                return "${messagesPerField.printIfExists('username','1')}" ? x : undefined;
-                            <#recover>
-                            </#attempt>
-                        })();
-                        case "email": return (function (){
-                            <#attempt>
-                                return "${messagesPerField.printIfExists('email','1')}" ? x : undefined;
-                            <#recover>
-                            </#attempt>
-                        })();
-                        case "firstName": return (function (){
-                            <#attempt>
-                                return "${messagesPerField.printIfExists('firstName','1')}" ? x : undefined;
-                            <#recover>
-                            </#attempt>
-                        })();
-                        case "lastName": return (function (){
-                            <#attempt>
-                                return "${messagesPerField.printIfExists('lastName','1')}" ? x : undefined;
-                            <#recover>
-                            </#attempt>
-                        })();
-                        case "password": return (function (){
-                            <#attempt>
-                                return "${messagesPerField.printIfExists('password','1')}" ? x : undefined;
-                            <#recover>
-                            </#attempt>
-                        })();
-                        case "password-confirm": return (function (){
-                            <#attempt>
-                                return "${messagesPerField.printIfExists('password-confirm','1')}" ? x : undefined;
-                            <#recover>
-                            </#attempt>
-                        })();
-                    }
-                }
-            },
-            "msg": function(){ throw new Error("use import { useKcMessage } from 'keycloakify'"); },
-            "advancedMsg": function(){ throw new Error("use import { useKcMessage } from 'keycloakify'"); },
-        }
-    );
-
-    return obj;
-
-})()
-
-</script>
--- a/src/bin/build-keycloak-theme/generateFtl/ftl_object_to_js_code_declaring_an_object.ftl
+++ b/src/bin/build-keycloak-theme/generateFtl/ftl_object_to_js_code_declaring_an_object.ftl
@ -0,0 +1,298 @@
+<script>const _= 
+<#assign pageId="PAGE_ID_xIgLsPgGId9D8e">
+(()=>{
+
+    const out = 
+${ftl_object_to_js_code_declaring_an_object(.data_model, [])?no_esc};
+
+    out["msg"]= function(){ throw new Error("use import { useKcMessage } from 'keycloakify'"); };
+    out["advancedMsg"]= function(){ throw new Error("use import { useKcMessage } from 'keycloakify'"); };
+
+    out["messagesPerField"]= {
+        <#assign fieldNames = [
+            "global", "userLabel", "username", "email", "firstName", "lastName", "password", "password-confirm",
+            "totp", "totpSecret", "SAMLRequest", "SAMLResponse", "relayState", "device_user_code", "code", 
+            "password-new", "rememberMe", "login", "authenticationExecution", "cancel-aia", "clientDataJSON", 
+            "authenticatorData", "signature", "credentialId", "userHandle", "error", "authn_use_chk", "authenticationExecution", 
+            "isSetRetry", "try-again", "attestationObject", "publicKeyCredentialId", "authenticatorLabel"
+        ]>
+    
+        <#attempt>
+            <#if profile?? && profile.attributes?? && profile.attributes?is_enumerable>
+                <#list profile.attributes as attribute>
+                    <#if fieldNames?seq_contains(attribute.name)>
+                        <#continue>
+                    </#if>
+                    <#assign fieldNames += [attribute.name]>
+                </#list>
+            </#if>
+        <#recover>
+        </#attempt>
+    
+        "printIfExists": function (fieldName, x) {
+            <#list fieldNames as fieldName>
+                if(fieldName === "${fieldName}" ){
+                    <#attempt>
+                        return "${messagesPerField.printIfExists(fieldName,'1')}" ? x : undefined;
+                    <#recover>
+                    </#attempt>
+                }
+            </#list>
+            throw new Error("There is no " + fieldName + " field");
+        },
+        "existsError": function (fieldName) {
+            <#list fieldNames as fieldName>
+                if(fieldName === "${fieldName}" ){
+                    <#attempt>
+                        return <#if messagesPerField.existsError('${fieldName}')>true<#else>false</#if>;
+                    <#recover>
+                    </#attempt>
+                }
+            </#list>
+            throw new Error("There is no " + fieldName + " field");
+        },
+        "get": function (fieldName) {
+            <#list fieldNames as fieldName>
+                if(fieldName === "${fieldName}" ){
+                    <#attempt>
+                        <#if messagesPerField.existsError('${fieldName}')>
+                            return "${messagesPerField.get('${fieldName}')?no_esc}";
+                        </#if>
+                    <#recover>
+                    </#attempt>
+                }
+            </#list>
+            throw new Error("There is no " + fieldName + " field");
+        },
+        "exists": function (fieldName) {
+            <#list fieldNames as fieldName>
+                if(fieldName === "${fieldName}" ){
+                    <#attempt>
+                        return <#if messagesPerField.exists('${fieldName}')>true<#else>false</#if>;
+                    <#recover>
+                    </#attempt>
+                }
+            </#list>
+            throw new Error("There is no " + fieldName + " field");
+        }
+    };
+
+    out["pageId"] = "${pageId}";
+
+    return out;
+
+})()
+<#function ftl_object_to_js_code_declaring_an_object object path>
+
+        <#local isHash = "">
+        <#attempt>
+            <#local isHash = object?is_hash || object?is_hash_ex>
+        <#recover>
+            <#return "ABORT: Can't evaluate if " + path?join(".") + " is hash">
+        </#attempt>
+
+        <#if isHash>
+
+            <#if path?size gt 10>
+                <#return "ABORT: Too many recursive calls">
+            </#if>
+
+            <#local keys = "">
+
+            <#attempt>
+                <#local keys = object?keys>
+            <#recover>
+                <#return "ABORT: We can't list keys on this object">
+            </#attempt>
+
+
+            <#local out_seq = []>
+
+            <#list keys as key>
+
+                <#if ["class","declaredConstructors","superclass","declaringClass" ]?seq_contains(key) >
+                    <#continue>
+                </#if>
+
+                <#if 
+                    (
+                        ["loginUpdatePasswordUrl", "loginUpdateProfileUrl", "loginUsernameReminderUrl", "loginUpdateTotpUrl"]?seq_contains(key) && 
+                        are_same_path(path, ["url"])
+                    ) || (
+                        key == "updateProfileCtx" && 
+                        are_same_path(path, [])
+                    ) || (
+                        <#-- https://github.com/InseeFrLab/keycloakify/pull/65#issuecomment-991896344 -->
+                        key == "loginAction" && 
+                        are_same_path(path, ["url"]) && 
+                        pageId == "saml-post-form.ftl"
+                    ) || (
+                        ["contextData", "idpConfig", "idp", "authenticationSession"]?seq_contains(key) &&
+                        are_same_path(path, ["brokerContext"]) &&
+                        ["login-idp-link-confirm.ftl", "login-idp-link-email.ftl" ]?seq_contains(pageId)
+                    ) || (
+                        key == "identityProviderBrokerCtx" && 
+                        are_same_path(path, []) &&
+                        ["login-idp-link-confirm.ftl", "login-idp-link-email.ftl" ]?seq_contains(pageId)
+                    )
+                >
+                    <#local out_seq += ["/*If you need '" + key + "' on " + pageId + ", please submit an issue to the Keycloakify repo*/"]>
+                    <#continue>
+                </#if>
+
+                <#if key == "attemptedUsername" && are_same_path(path, ["auth"])>
+
+                    <#attempt>
+                        <#-- https://github.com/keycloak/keycloak/blob/3a2bf0c04bcde185e497aaa32d0bb7ab7520cf4a/themes/src/main/resources/theme/base/login/template.ftl#L63 -->
+                        <#if !(auth?has_content && auth.showUsername() && !auth.showResetCredentials())>
+                            <#continue>
+                        </#if>
+                    <#recover>
+                    </#attempt>
+
+                </#if>
+
+                <#attempt>
+                    <#if !object[key]??>
+                        <#continue>
+                    </#if>
+                <#recover>
+                    <#local out_seq += ["/*Couldn't test if '" + key + "' is available on this object*/"]>
+                    <#continue>
+                </#attempt>
+
+                <#local propertyValue = "">
+
+                <#attempt>
+                    <#local propertyValue = object[key]>
+                <#recover>
+                    <#local out_seq += ["/*Couldn't dereference '" + key + "' on this object*/"]>
+                    <#continue>
+                </#attempt>
+
+                <#local rec_out = ftl_object_to_js_code_declaring_an_object(propertyValue, path + [ key ])>
+
+                <#if rec_out?starts_with("ABORT:")>
+
+                    <#local errorMessage = rec_out?remove_beginning("ABORT:")>
+
+                    <#if errorMessage != " It's a method" >
+                        <#local out_seq += ["/*" + key + ": " + errorMessage + "*/"]>
+                    </#if>
+
+                    <#continue>
+                </#if>
+
+                <#local out_seq +=  ['"' + key + '": ' + rec_out + ","]>
+
+            </#list>
+
+            <#return (["{"] + out_seq?map(str -> ""?right_pad(4 * (path?size + 1)) + str) + [ ""?right_pad(4 * path?size) + "}"])?join("\n")>
+
+        </#if>
+
+        <#local isMethod = "">
+        <#attempt>
+            <#local isMethod = object?is_method>
+        <#recover>
+            <#return "ABORT: Can't test if it'sa method.">
+        </#attempt>
+
+        <#if isMethod>
+            <#return "ABORT: It's a method">
+        </#if>
+
+        <#local isBoolean = "">
+        <#attempt>
+            <#local isBoolean = object?is_boolean>
+        <#recover>
+            <#return "ABORT: Can't test if it's a boolean">
+        </#attempt>
+
+        <#if isBoolean>
+            <#return object?c>
+        </#if>
+
+        <#local isEnumerable = "">
+        <#attempt>
+            <#local isEnumerable = object?is_enumerable>
+        <#recover>
+            <#return "ABORT: Can't test if it's an enumerable">
+        </#attempt>
+
+
+        <#if isEnumerable>
+
+            <#local out_seq = []>
+
+            <#local i = 0>
+
+            <#list object as array_item>
+
+                <#local rec_out = ftl_object_to_js_code_declaring_an_object(array_item, path + [ i ])>
+
+                <#local i = i + 1>
+
+                <#if rec_out?starts_with("ABORT:")>
+
+                    <#local errorMessage = rec_out?remove_beginning("ABORT:")>
+
+                    <#if errorMessage != " It's a method" >
+                        <#local out_seq += ["/*" + i?string + ": " + errorMessage + "*/"]>
+                    </#if>
+
+                    <#continue>
+                </#if>
+
+                <#local out_seq += [rec_out + ","]>
+
+            </#list>
+
+            <#return (["["] + out_seq?map(str -> ""?right_pad(4 * (path?size + 1)) + str) + [ ""?right_pad(4 * path?size) + "]"])?join("\n")>
+
+        </#if>
+
+        <#attempt>
+            <#return '"' + object?js_string + '"'>;
+        <#recover>
+        </#attempt>
+
+        <#return "ABORT: Couldn't convert into string non hash, non method, non boolean, non enumerable object">
+
+</#function>
+<#function are_same_path path searchedPath>
+
+    <#if path?size != path?size>
+        <#return false>
+    </#if>
+
+    <#local i=0>
+
+    <#list path as property>
+
+        <#local searchedProperty=searchedPath[i]>
+
+        <#if searchedProperty?is_string && searchedProperty == "*">
+            <#continue>
+        </#if>
+
+        <#if searchedProperty?is_string && !property?is_string>
+            <#return false>
+        </#if>
+
+        <#if searchedProperty?is_number && !property?is_number>
+            <#return false>
+        </#if>
+
+        <#if searchedProperty?string != property?string>
+            <#return false>
+        </#if>
+
+        <#local i+= 1>
+
+    </#list>
+
+    <#return true>
+
+</#function>
+</script>
--- a/src/bin/build-keycloak-theme/generateFtl/generateFtl.ts
+++ b/src/bin/build-keycloak-theme/generateFtl/generateFtl.ts
@ -1,74 +1,64 @@
-
-
 import cheerio from "cheerio";
-import {
-    replaceImportsFromStaticInJsCode,
-    replaceImportsInInlineCssCode,
-    generateCssCodeToDefineGlobals
-} from "../replaceImportFromStatic";
+import { replaceImportsFromStaticInJsCode, replaceImportsInInlineCssCode, generateCssCodeToDefineGlobals } from "../replaceImportFromStatic";
 import fs from "fs";
 import { join as pathJoin } from "path";
 import { objectKeys } from "tsafe/objectKeys";
 import { ftlValuesGlobalName } from "../ftlValuesGlobalName";

 export const pageIds = [
-    "login.ftl", "register.ftl", "info.ftl",
-    "error.ftl", "login-reset-password.ftl",
-    "login-verify-email.ftl", "terms.ftl",
-    "login-otp.ftl", "login-update-profile.ftl",
-    "login-idp-link-confirm.ftl"
+    "login.ftl",
+    "register.ftl",
+    "register-user-profile.ftl",
+    "info.ftl",
+    "error.ftl",
+    "login-reset-password.ftl",
+    "login-verify-email.ftl",
+    "terms.ftl",
+    "login-otp.ftl",
+    "login-update-profile.ftl",
+    "login-update-password.ftl",
+    "login-idp-link-confirm.ftl",
+    "login-page-expired.ftl",
 ] as const;

 export type PageId = typeof pageIds[number];

-function loadAdjacentFile(fileBasename: string) {
-    return fs.readFileSync(pathJoin(__dirname, fileBasename))
-        .toString("utf8");
-};
-
-
-export function generateFtlFilesCodeFactory(
-    params: {
-        cssGlobalsToDefine: Record<string, string>;
-        indexHtmlCode: string;
-        urlPathname: string;
-        urlOrigin: undefined | string;
-    }
-) {
-
+export function generateFtlFilesCodeFactory(params: {
+    cssGlobalsToDefine: Record<string, string>;
+    indexHtmlCode: string;
+    urlPathname: string;
+    urlOrigin: undefined | string;
+}) {
    const { cssGlobalsToDefine, indexHtmlCode, urlPathname, urlOrigin } = params;

    const $ = cheerio.load(indexHtmlCode);

    $("script:not([src])").each((...[, element]) => {
-
        const { fixedJsCode } = replaceImportsFromStaticInJsCode({
            "jsCode": $(element).html()!,
-            urlOrigin
+            urlOrigin,
        });

        $(element).text(fixedJsCode);
-
    });

    $("style").each((...[, element]) => {
-
        const { fixedCssCode } = replaceImportsInInlineCssCode({
            "cssCode": $(element).html()!,
            "urlPathname": params.urlPathname,
-            urlOrigin
+            urlOrigin,
        });

        $(element).text(fixedCssCode);
-
    });

-    ([
-        ["link", "href"],
-        ["script", "src"],
-    ] as const).forEach(([selector, attrName]) =>
+    (
+        [
+            ["link", "href"],
+            ["script", "src"],
+        ] as const
+    ).forEach(([selector, attrName]) =>
        $(selector).each((...[, element]) => {
-
            const href = $(element).attr(attrName);

            if (href === undefined) {
@ -77,94 +67,69 @@ export function generateFtlFilesCodeFactory(

            $(element).attr(
                attrName,
-                urlOrigin !== undefined ?
-                    href.replace(/^\//, `${urlOrigin}/`) :
-                    href.replace(
-                        new RegExp(`^${urlPathname.replace(/\//g, "\\/")}`),
-                        "${url.resourcesPath}/build/"
-                    )
+                urlOrigin !== undefined
+                    ? href.replace(/^\//, `${urlOrigin}/`)
+                    : href.replace(new RegExp(`^${urlPathname.replace(/\//g, "\\/")}`), "${url.resourcesPath}/build/"),
            );
-
-        })
+        }),
    );

    //FTL is no valid html, we can't insert with cheerio, we put placeholder for injecting later.
-    const ftlPlaceholders = {
-        '{ "x": "vIdLqMeOed9sdLdIdOxdK0d" }': loadAdjacentFile("common.ftl")
+    const replaceValueBySearchValue = {
+        '{ "x": "vIdLqMeOed9sdLdIdOxdK0d" }': fs
+            .readFileSync(pathJoin(__dirname, "ftl_object_to_js_code_declaring_an_object.ftl"))
+            .toString("utf8")
            .match(/^<script>const _=((?:.|\n)+)<\/script>[\n]?$/)![1],
-        '<!-- xIdLqMeOedErIdLsPdNdI9dSlxI -->':
-            [
-                '<#if scripts??>',
-                '    <#list scripts as script>',
-                '        <script src="${script}" type="text/javascript"></script>',
-                '    </#list>',
-                '</#if>'
-            ].join("\n")
+        "<!-- xIdLqMeOedErIdLsPdNdI9dSlxI -->": [
+            "<#if scripts??>",
+            "    <#list scripts as script>",
+            '        <script src="${script}" type="text/javascript"></script>',
+            "    </#list>",
+            "</#if>",
+        ].join("\n"),
    };

-    const pageSpecificCodePlaceholder = "<!-- dIddLqMeOedErIdLsPdNdI9dSl42sw -->";
-
    $("head").prepend(
        [
-            ...(Object.keys(cssGlobalsToDefine).length === 0 ? [] : [
-                '',
-                '<style>',
-                generateCssCodeToDefineGlobals({
-                    cssGlobalsToDefine,
-                    urlPathname
-                }).cssCodeToPrependInHead,
-                '</style>',
-                ''
-            ]),
+            ...(Object.keys(cssGlobalsToDefine).length === 0
+                ? []
+                : [
+                      "",
+                      "<style>",
+                      generateCssCodeToDefineGlobals({
+                          cssGlobalsToDefine,
+                          urlPathname,
+                      }).cssCodeToPrependInHead,
+                      "</style>",
+                      "",
+                  ]),
            "<script>",
-            loadAdjacentFile("Object.deepAssign.js"),
+            `    window.${ftlValuesGlobalName}= ${objectKeys(replaceValueBySearchValue)[0]};`,
            "</script>",
-            '<script>',
-            `    window.${ftlValuesGlobalName}= Object.assign(`,
-            `        {},`,
-            `        ${objectKeys(ftlPlaceholders)[0]}`,
-            '    );',
-            '</script>',
-            '',
-            pageSpecificCodePlaceholder,
-            '',
-            objectKeys(ftlPlaceholders)[1]
+            "",
+            objectKeys(replaceValueBySearchValue)[1],
        ].join("\n"),
    );

    const partiallyFixedIndexHtmlCode = $.html();

-    function generateFtlFilesCode(
-        params: {
-            pageId: string;
-        }
-    ): { ftlCode: string; } {
-
+    function generateFtlFilesCode(params: { pageId: string }): {
+        ftlCode: string;
+    } {
        const { pageId } = params;

        const $ = cheerio.load(partiallyFixedIndexHtmlCode);

-        let ftlCode = $.html()
-            .replace(
-                pageSpecificCodePlaceholder,
-                [
-                    '<script>',
-                    `    Object.deepAssign(`,
-                    `        window.${ftlValuesGlobalName},`,
-                    `        { "pageId": "${pageId}" }`,
-                    '    );',
-                    '</script>'
-                ].join("\n")
-            );
+        let ftlCode = $.html();

-        objectKeys(ftlPlaceholders)
-            .forEach(id => ftlCode = ftlCode.replace(id, ftlPlaceholders[id]));
+        Object.entries({
+            ...replaceValueBySearchValue,
+            //If updated, don't forget to change in the ftl script as well.
+            "PAGE_ID_xIgLsPgGId9D8e": pageId,
+        }).map(([searchValue, replaceValue]) => (ftlCode = ftlCode.replace(searchValue, replaceValue)));

        return { ftlCode };
-
    }

    return { generateFtlFilesCode };
-
-
-}
+}
--- a/src/bin/build-keycloak-theme/generateFtl/index.ts
+++ b/src/bin/build-keycloak-theme/generateFtl/index.ts
@ -1 +1 @@
-export * from "./generateFtl";
+export * from "./generateFtl";
--- a/src/bin/build-keycloak-theme/generateJavaStackFiles.ts
+++ b/src/bin/build-keycloak-theme/generateJavaStackFiles.ts
@ -1,39 +1,35 @@
-
 import * as url from "url";
 import * as fs from "fs";
 import { join as pathJoin, dirname as pathDirname } from "path";

-
-export function generateJavaStackFiles(
-    params: {
-        version: string;
-        themeName: string;
-        homepage?: string;
-        keycloakThemeBuildingDirPath: string;
-    }
-): { jarFilePath: string; } {
-
-    const {
-        themeName,
-        version,
-        homepage,
-        keycloakThemeBuildingDirPath
-    } = params;
+export function generateJavaStackFiles(params: {
+    version: string;
+    themeName: string;
+    homepage?: string;
+    keycloakThemeBuildingDirPath: string;
+    doBundleEmailTemplate: boolean;
+}): {
+    jarFilePath: string;
+} {
+    const { themeName, version, homepage, keycloakThemeBuildingDirPath, doBundleEmailTemplate } = params;

    {
-
-        const { pomFileCode } = (function generatePomFileCode(): { pomFileCode: string; } {
-
-
+        const { pomFileCode } = (function generatePomFileCode(): {
+            pomFileCode: string;
+        } {
            const groupId = (() => {
-
                const fallbackGroupId = `there.was.no.homepage.field.in.the.package.json.${themeName}`;

-                return (!homepage ?
-                    fallbackGroupId :
-                    url.parse(homepage).host?.replace(/:[0-9]+$/,"")?.split(".").reverse().join(".") ?? fallbackGroupId
-                ) + ".keycloak";
-
+                return (
+                    (!homepage
+                        ? fallbackGroupId
+                        : url
+                              .parse(homepage)
+                              .host?.replace(/:[0-9]+$/, "")
+                              ?.split(".")
+                              .reverse()
+                              .join(".") ?? fallbackGroupId) + ".keycloak"
+                );
            })();

            const artefactId = `${themeName}-keycloak-theme`;
@ -49,51 +45,43 @@ export function generateJavaStackFiles(
                `	<version>${version}</version>`,
                `	<name>${artefactId}</name>`,
                `	<description />`,
-                `</project>`
+                `</project>`,
            ].join("\n");

            return { pomFileCode };
-
        })();

-        fs.writeFileSync(
-            pathJoin(keycloakThemeBuildingDirPath, "pom.xml"),
-            Buffer.from(pomFileCode, "utf8")
-        );
-
+        fs.writeFileSync(pathJoin(keycloakThemeBuildingDirPath, "pom.xml"), Buffer.from(pomFileCode, "utf8"));
    }

    {
-
-        const themeManifestFilePath = pathJoin(
-            keycloakThemeBuildingDirPath, "src", "main",
-            "resources", "META-INF", "keycloak-themes.json"
-        );
+        const themeManifestFilePath = pathJoin(keycloakThemeBuildingDirPath, "src", "main", "resources", "META-INF", "keycloak-themes.json");

        try {
-
            fs.mkdirSync(pathDirname(themeManifestFilePath));
-
-        } catch { }
+        } catch {}

        fs.writeFileSync(
            themeManifestFilePath,
            Buffer.from(
-                JSON.stringify({
-                    "themes": [
-                        {
-                            "name": themeName,
-                            "types": ["login"]
-                        }
-                    ]
-                }, null, 2),
-                "utf8"
-            )
+                JSON.stringify(
+                    {
+                        "themes": [
+                            {
+                                "name": themeName,
+                                "types": ["login", ...(doBundleEmailTemplate ? ["email"] : [])],
+                            },
+                        ],
+                    },
+                    null,
+                    2,
+                ),
+                "utf8",
+            ),
        );
-
    }

-    return { "jarFilePath": pathJoin(keycloakThemeBuildingDirPath, "target", `${themeName}-${version}.jar`) };
-
+    return {
+        "jarFilePath": pathJoin(keycloakThemeBuildingDirPath, "target", `${themeName}-${version}.jar`),
+    };
 }
-
--- a/src/bin/build-keycloak-theme/generateKeycloakThemeResources.ts
+++ b/src/bin/build-keycloak-theme/generateKeycloakThemeResources.ts
@ -1,36 +1,35 @@
-
 import { transformCodebase } from "../tools/transformCodebase";
 import * as fs from "fs";
-import { join as pathJoin } from "path";
-import {
-    replaceImportsInCssCode,
-    replaceImportsFromStaticInJsCode
-} from "./replaceImportFromStatic";
+import { join as pathJoin, basename as pathBasename } from "path";
+import { replaceImportsInCssCode, replaceImportsFromStaticInJsCode } from "./replaceImportFromStatic";
 import { generateFtlFilesCodeFactory, pageIds } from "./generateFtl";
 import { downloadBuiltinKeycloakTheme } from "../download-builtin-keycloak-theme";
 import * as child_process from "child_process";
 import { resourcesCommonPath, resourcesPath, subDirOfPublicDirBasename } from "../../lib/getKcContext/kcContextMocks/urlResourcesPath";
 import { isInside } from "../tools/isInside";

-
-export function generateKeycloakThemeResources(
-    params: {
-        themeName: string;
-        reactAppBuildDirPath: string;
-        keycloakThemeBuildingDirPath: string;
-        urlPathname: string;
-        //If urlOrigin is not undefined then it means --externals-assets
-        urlOrigin: undefined | string;
-        extraPagesId: string[];
-        extraThemeProperties: string[];
-        keycloakVersion: "11.0.3" | "15.0.2"
-    }
-) {
-
-    const { 
-        themeName, reactAppBuildDirPath, keycloakThemeBuildingDirPath, 
-        urlPathname, urlOrigin, extraPagesId, extraThemeProperties,
-        keycloakVersion
+export function generateKeycloakThemeResources(params: {
+    themeName: string;
+    reactAppBuildDirPath: string;
+    keycloakThemeBuildingDirPath: string;
+    keycloakThemeEmailDirPath: string;
+    urlPathname: string;
+    //If urlOrigin is not undefined then it means --externals-assets
+    urlOrigin: undefined | string;
+    extraPagesId: string[];
+    extraThemeProperties: string[];
+    keycloakVersion: string;
+}): { doBundleEmailTemplate: boolean } {
+    const {
+        themeName,
+        reactAppBuildDirPath,
+        keycloakThemeBuildingDirPath,
+        keycloakThemeEmailDirPath,
+        urlPathname,
+        urlOrigin,
+        extraPagesId,
+        extraThemeProperties,
+        keycloakVersion,
    } = params;

    const themeDirPath = pathJoin(keycloakThemeBuildingDirPath, "src", "main", "resources", "theme", themeName, "login");
@ -38,141 +37,132 @@ export function generateKeycloakThemeResources(
    let allCssGlobalsToDefine: Record<string, string> = {};

    transformCodebase({
-        "destDirPath":
-            urlOrigin === undefined ?
-                pathJoin(themeDirPath, "resources", "build") :
-                reactAppBuildDirPath,
+        "destDirPath": urlOrigin === undefined ? pathJoin(themeDirPath, "resources", "build") : reactAppBuildDirPath,
        "srcDirPath": reactAppBuildDirPath,
        "transformSourceCode": ({ filePath, sourceCode }) => {
-
            //NOTE: Prevent cycles, excludes the folder we generated for debug in public/
            if (
                urlOrigin === undefined &&
                isInside({
                    "dirPath": pathJoin(reactAppBuildDirPath, subDirOfPublicDirBasename),
-                    filePath
+                    filePath,
                })
            ) {
                return undefined;
            }

            if (urlOrigin === undefined && /\.css?$/i.test(filePath)) {
-
-                const { cssGlobalsToDefine, fixedCssCode } = replaceImportsInCssCode(
-                    { "cssCode": sourceCode.toString("utf8") }
-                );
+                const { cssGlobalsToDefine, fixedCssCode } = replaceImportsInCssCode({
+                    "cssCode": sourceCode.toString("utf8"),
+                });

                allCssGlobalsToDefine = {
                    ...allCssGlobalsToDefine,
-                    ...cssGlobalsToDefine
+                    ...cssGlobalsToDefine,
                };

-                return { "modifiedSourceCode": Buffer.from(fixedCssCode, "utf8") };
-
+                return {
+                    "modifiedSourceCode": Buffer.from(fixedCssCode, "utf8"),
+                };
            }

            if (/\.js?$/i.test(filePath)) {
-
                const { fixedJsCode } = replaceImportsFromStaticInJsCode({
                    "jsCode": sourceCode.toString("utf8"),
-                    urlOrigin
+                    urlOrigin,
                });

-                return { "modifiedSourceCode": Buffer.from(fixedJsCode, "utf8") };
-
+                return {
+                    "modifiedSourceCode": Buffer.from(fixedJsCode, "utf8"),
+                };
            }

-            return urlOrigin === undefined ? 
-                { "modifiedSourceCode": sourceCode } :
-                undefined;
-
-        }
+            return urlOrigin === undefined ? { "modifiedSourceCode": sourceCode } : undefined;
+        },
    });

+    let doBundleEmailTemplate: boolean;
+
+    email: {
+        if (!fs.existsSync(keycloakThemeEmailDirPath)) {
+            console.log(
+                [
+                    `Not bundling email template because ${pathBasename(keycloakThemeEmailDirPath)} does not exist`,
+                    `To start customizing the email template, run: 👉 npx create-keycloak-theme-email-directory 👈`,
+                ].join("\n"),
+            );
+            doBundleEmailTemplate = false;
+            break email;
+        }
+
+        doBundleEmailTemplate = true;
+
+        transformCodebase({
+            "srcDirPath": keycloakThemeEmailDirPath,
+            "destDirPath": pathJoin(themeDirPath, "..", "email"),
+        });
+    }
+
    const { generateFtlFilesCode } = generateFtlFilesCodeFactory({
        "cssGlobalsToDefine": allCssGlobalsToDefine,
-        "indexHtmlCode": fs.readFileSync(
-            pathJoin(reactAppBuildDirPath, "index.html")
-        ).toString("utf8"),
+        "indexHtmlCode": fs.readFileSync(pathJoin(reactAppBuildDirPath, "index.html")).toString("utf8"),
        urlPathname,
-        urlOrigin
+        urlOrigin,
    });

    [...pageIds, ...extraPagesId].forEach(pageId => {
-
        const { ftlCode } = generateFtlFilesCode({ pageId });

        fs.mkdirSync(themeDirPath, { "recursive": true });

-        fs.writeFileSync(
-            pathJoin(themeDirPath, pageId),
-            Buffer.from(ftlCode, "utf8")
-        );
-
+        fs.writeFileSync(pathJoin(themeDirPath, pageId), Buffer.from(ftlCode, "utf8"));
    });

    {
-
        const tmpDirPath = pathJoin(themeDirPath, "..", "tmp_xxKdLpdIdLd");

        downloadBuiltinKeycloakTheme({
            keycloakVersion,
-            "destDirPath": tmpDirPath
+            "destDirPath": tmpDirPath,
        });

        const themeResourcesDirPath = pathJoin(themeDirPath, "resources");

        transformCodebase({
            "srcDirPath": pathJoin(tmpDirPath, "keycloak", "login", "resources"),
-            "destDirPath": themeResourcesDirPath
+            "destDirPath": themeResourcesDirPath,
        });

        const reactAppPublicDirPath = pathJoin(reactAppBuildDirPath, "..", "public");

        transformCodebase({
-            "srcDirPath": themeResourcesDirPath,
-            "destDirPath": pathJoin(
-                reactAppPublicDirPath,
-                resourcesPath
-            )
+            "srcDirPath": pathJoin(tmpDirPath, "keycloak", "common", "resources"),
+            "destDirPath": pathJoin(themeResourcesDirPath, pathBasename(resourcesCommonPath)),
        });

        transformCodebase({
-            "srcDirPath": pathJoin(tmpDirPath, "keycloak", "common", "resources"),
-            "destDirPath": pathJoin(
-                reactAppPublicDirPath,
-                resourcesCommonPath
-            )
+            "srcDirPath": themeResourcesDirPath,
+            "destDirPath": pathJoin(reactAppPublicDirPath, resourcesPath),
        });

-        const keycloakResourcesWithinPublicDirPath =
-            pathJoin(reactAppPublicDirPath, subDirOfPublicDirBasename);
-
+        const keycloakResourcesWithinPublicDirPath = pathJoin(reactAppPublicDirPath, subDirOfPublicDirBasename);

        fs.writeFileSync(
            pathJoin(keycloakResourcesWithinPublicDirPath, "README.txt"),
-            Buffer.from([
-                "This is just a test folder that helps develop",
-                "the login and register page without having to yarn build"
-            ].join(" "))
+            Buffer.from(
+                ["This is just a test folder that helps develop", "the login and register page without having to run a Keycloak container"].join(" "),
+            ),
        );

-        fs.writeFileSync(
-            pathJoin(keycloakResourcesWithinPublicDirPath, ".gitignore"),
-            Buffer.from("*", "utf8")
-        );
+        fs.writeFileSync(pathJoin(keycloakResourcesWithinPublicDirPath, ".gitignore"), Buffer.from("*", "utf8"));

        child_process.execSync(`rm -r ${tmpDirPath}`);
-
    }

    fs.writeFileSync(
        pathJoin(themeDirPath, "theme.properties"),
-        Buffer.from(
-            "parent=keycloak".concat("\n\n", extraThemeProperties.join("\n\n")),
-            "utf8"
-        )
+        Buffer.from("parent=keycloak".concat("\n\n", extraThemeProperties.join("\n\n")), "utf8"),
    );

+    return { doBundleEmailTemplate };
 }
-
--- a/src/bin/build-keycloak-theme/generateStartKeycloakTestingContainer.ts
+++ b/src/bin/build-keycloak-theme/generateStartKeycloakTestingContainer.ts
@ -0,0 +1,44 @@
+import * as fs from "fs";
+import { join as pathJoin } from "path";
+
+generateStartKeycloakTestingContainer.basename = "start_keycloak_testing_container.sh";
+
+const containerName = "keycloak-testing-container";
+
+/** Files for being able to run a hot reload keycloak container */
+export function generateStartKeycloakTestingContainer(params: { keycloakVersion: string; themeName: string; keycloakThemeBuildingDirPath: string }) {
+    const { themeName, keycloakThemeBuildingDirPath, keycloakVersion } = params;
+
+    fs.writeFileSync(
+        pathJoin(keycloakThemeBuildingDirPath, generateStartKeycloakTestingContainer.basename),
+        Buffer.from(
+            [
+                "#!/bin/bash",
+                "",
+                `docker rm ${containerName} || true`,
+                "",
+                `cd ${keycloakThemeBuildingDirPath}`,
+                "",
+                "docker run \\",
+                "   -p 8080:8080 \\",
+                `   --name ${containerName} \\`,
+                "   -e KEYCLOAK_ADMIN=admin \\",
+                "   -e KEYCLOAK_ADMIN_PASSWORD=admin \\",
+                "   -e JAVA_OPTS=-Dkeycloak.profile=preview \\",
+                `   -v ${pathJoin(
+                    keycloakThemeBuildingDirPath,
+                    "src",
+                    "main",
+                    "resources",
+                    "theme",
+                    themeName,
+                )}:/opt/keycloak/themes/${themeName}:rw \\`,
+                `   -it quay.io/keycloak/keycloak:${keycloakVersion} \\`,
+                `   start-dev`,
+                "",
+            ].join("\n"),
+            "utf8",
+        ),
+        { "mode": 0o755 },
+    );
+}
--- a/src/bin/build-keycloak-theme/index.ts
+++ b/src/bin/build-keycloak-theme/index.ts
@ -4,7 +4,5 @@ export * from "./build-keycloak-theme";
 import { main } from "./build-keycloak-theme";

 if (require.main === module) {
-
-	main();
-
-}
+    main();
+}
--- a/src/bin/build-keycloak-theme/replaceImportFromStatic.ts
+++ b/src/bin/build-keycloak-theme/replaceImportFromStatic.ts
@ -1,14 +1,7 @@
-
 import * as crypto from "crypto";
 import { ftlValuesGlobalName } from "./ftlValuesGlobalName";

-export function replaceImportsFromStaticInJsCode(
-    params: {
-        jsCode: string;
-        urlOrigin: undefined | string;
-    }
-): { fixedJsCode: string; } {
-
+export function replaceImportsFromStaticInJsCode(params: { jsCode: string; urlOrigin: undefined | string }): { fixedJsCode: string } {
    /* 
    NOTE:

@ -23,114 +16,77 @@ export function replaceImportsFromStaticInJsCode(

    const { jsCode, urlOrigin } = params;

-    const fixedJsCode =
-        jsCode
-            .replace(
-                /([a-z]+\.[a-z]+)\+"static\//g,
-                (...[, group]) =>
-                    urlOrigin === undefined ?
-                        `window.${ftlValuesGlobalName}.url.resourcesPath + "/build/static/` :
-                        `("${ftlValuesGlobalName}" in window ? "${urlOrigin}" : "") + ${group} + "static/`
-            )
-            .replace(
-                /".chunk.css",([a-z])+=([a-z]+\.[a-z]+)\+([a-z]+),/,
-                (...[, group1, group2, group3]) =>
-                    urlOrigin === undefined ?
-                        `".chunk.css",${group1} = window.${ftlValuesGlobalName}.url.resourcesPath + "/build/" + ${group3},` :
-                        `".chunk.css",${group1} = ("${ftlValuesGlobalName}" in window ? "${urlOrigin}" : "") + ${group2} + ${group3},`
-            );
+    const fixedJsCode = jsCode
+        .replace(/(\w+\.\w+)\+"static\//g, (...[, group]) =>
+            urlOrigin === undefined
+                ? `window.${ftlValuesGlobalName}.url.resourcesPath + "/build/static/`
+                : `("${ftlValuesGlobalName}" in window ? "${urlOrigin}" : "") + ${group} + "static/`,
+        )
+        .replace(/".chunk.css",(\w)+=(\w+\.\w+)\+(\w+),/, (...[, group1, group2, group3]) =>
+            urlOrigin === undefined
+                ? `".chunk.css",${group1} = window.${ftlValuesGlobalName}.url.resourcesPath + "/build/" + ${group3},`
+                : `".chunk.css",${group1} = ("${ftlValuesGlobalName}" in window ? "${urlOrigin}" : "") + ${group2} + ${group3},`,
+        );

    return { fixedJsCode };
-
 }

-export function replaceImportsInInlineCssCode(
-    params: {
-        cssCode: string;
-        urlPathname: string;
-        urlOrigin: undefined | string;
-    }
-): { fixedCssCode: string; } {
-
+export function replaceImportsInInlineCssCode(params: { cssCode: string; urlPathname: string; urlOrigin: undefined | string }): {
+    fixedCssCode: string;
+} {
    const { cssCode, urlPathname, urlOrigin } = params;

    const fixedCssCode = cssCode.replace(
-        urlPathname === "/" ?
-            /url\(\/([^/][^)]+)\)/g :
-            new RegExp(`url\\(${urlPathname}([^)]+)\\)`, "g"),
-        (...[, group]) => `url(${urlOrigin === undefined ?
-            "${url.resourcesPath}/build/" + group :
-            params.urlOrigin + urlPathname + group})`
+        urlPathname === "/" ? /url\(["']?\/([^/][^)"']+)["']?\)/g : new RegExp(`url\\(["']?${urlPathname}([^)"']+)["']?\\)`, "g"),
+        (...[, group]) => `url(${urlOrigin === undefined ? "${url.resourcesPath}/build/" + group : params.urlOrigin + urlPathname + group})`,
    );

    return { fixedCssCode };
-
 }

-export function replaceImportsInCssCode(
-    params: {
-        cssCode: string;
-    }
-): {
+export function replaceImportsInCssCode(params: { cssCode: string }): {
    fixedCssCode: string;
    cssGlobalsToDefine: Record<string, string>;
 } {
-
    const { cssCode } = params;

    const cssGlobalsToDefine: Record<string, string> = {};

-    new Set(cssCode.match(/url\(\/[^/][^)]+\)[^;}]*/g) ?? [])
-        .forEach(match =>
-            cssGlobalsToDefine[
-            "url" + crypto
-                .createHash("sha256")
-                .update(match)
-                .digest("hex")
-                .substring(0, 15)
-            ] = match
-        );
+    new Set(cssCode.match(/url\(["']?\/[^/][^)"']+["']?\)[^;}]*/g) ?? []).forEach(
+        match => (cssGlobalsToDefine["url" + crypto.createHash("sha256").update(match).digest("hex").substring(0, 15)] = match),
+    );

    let fixedCssCode = cssCode;

    Object.keys(cssGlobalsToDefine).forEach(
        cssVariableName =>
            //NOTE: split/join pattern ~ replace all
-            fixedCssCode =
-            fixedCssCode.split(cssGlobalsToDefine[cssVariableName])
-                .join(`var(--${cssVariableName})`)
+            (fixedCssCode = fixedCssCode.split(cssGlobalsToDefine[cssVariableName]).join(`var(--${cssVariableName})`)),
    );

    return { fixedCssCode, cssGlobalsToDefine };
-
 }

-export function generateCssCodeToDefineGlobals(
-    params: {
-        cssGlobalsToDefine: Record<string, string>;
-        urlPathname: string;
-    }
-): {
+export function generateCssCodeToDefineGlobals(params: { cssGlobalsToDefine: Record<string, string>; urlPathname: string }): {
    cssCodeToPrependInHead: string;
 } {
-
    const { cssGlobalsToDefine, urlPathname } = params;

    return {
        "cssCodeToPrependInHead": [
            ":root {",
            ...Object.keys(cssGlobalsToDefine)
-                .map(cssVariableName => [
-                    `--${cssVariableName}:`,
-                    cssGlobalsToDefine[cssVariableName]
-                        .replace(new RegExp(`url\\(${urlPathname.replace(/\//g, "\\/")}`, "g"), "url(${url.resourcesPath}/build/")
-                ].join(" "))
+                .map(cssVariableName =>
+                    [
+                        `--${cssVariableName}:`,
+                        cssGlobalsToDefine[cssVariableName].replace(
+                            new RegExp(`url\\(${urlPathname.replace(/\//g, "\\/")}`, "g"),
+                            "url(${url.resourcesPath}/build/",
+                        ),
+                    ].join(" "),
+                )
                .map(line => `    ${line};`),
-            "}"
-        ].join("\n")
+            "}",
+        ].join("\n"),
    };
-
 }
-
-
-
--- a/src/bin/create-keycloak-theme-email-directory.ts
+++ b/src/bin/create-keycloak-theme-email-directory.ts
@ -0,0 +1,36 @@
+#!/usr/bin/env node
+
+import { downloadBuiltinKeycloakTheme } from "./download-builtin-keycloak-theme";
+import { keycloakThemeEmailDirPath } from "./build-keycloak-theme";
+import { join as pathJoin, basename as pathBasename } from "path";
+import { transformCodebase } from "./tools/transformCodebase";
+import { promptKeycloakVersion } from "./promptKeycloakVersion";
+import * as fs from "fs";
+
+if (require.main === module) {
+    (async () => {
+        if (fs.existsSync(keycloakThemeEmailDirPath)) {
+            console.log(`There is already a ./${pathBasename(keycloakThemeEmailDirPath)} directory in your project. Aborting.`);
+
+            process.exit(-1);
+        }
+
+        const { keycloakVersion } = await promptKeycloakVersion();
+
+        const builtinKeycloakThemeTmpDirPath = pathJoin(keycloakThemeEmailDirPath, "..", "tmp_xIdP3_builtin_keycloak_theme");
+
+        downloadBuiltinKeycloakTheme({
+            keycloakVersion,
+            "destDirPath": builtinKeycloakThemeTmpDirPath,
+        });
+
+        transformCodebase({
+            "srcDirPath": pathJoin(builtinKeycloakThemeTmpDirPath, "base", "email"),
+            "destDirPath": keycloakThemeEmailDirPath,
+        });
+
+        console.log(`./${pathBasename(keycloakThemeEmailDirPath)} ready to be customized`);
+
+        fs.rmSync(builtinKeycloakThemeTmpDirPath, { "recursive": true, "force": true });
+    })();
+}
--- a/src/bin/download-builtin-keycloak-theme.ts
+++ b/src/bin/download-builtin-keycloak-theme.ts
@ -2,52 +2,32 @@

 import { keycloakThemeBuildingDirPath } from "./build-keycloak-theme";
 import { join as pathJoin } from "path";
-import { downloadAndUnzip } from "./tools/downloadAndUnzip"
-import type { KeycloakVersion } from "./KeycloakVersion";
-
-export function downloadBuiltinKeycloakTheme(
-    params: {
-        keycloakVersion: KeycloakVersion;
-        destDirPath: string;
-    }
-) {
+import { downloadAndUnzip } from "./tools/downloadAndUnzip";
+import { promptKeycloakVersion } from "./promptKeycloakVersion";

+export function downloadBuiltinKeycloakTheme(params: { keycloakVersion: string; destDirPath: string }) {
    const { keycloakVersion, destDirPath } = params;

    for (const ext of ["", "-community"]) {
-
        downloadAndUnzip({
            "destDirPath": destDirPath,
            "url": `https://github.com/keycloak/keycloak/archive/refs/tags/${keycloakVersion}.zip`,
-            "pathOfDirToExtractInArchive": `keycloak-${keycloakVersion}/themes/src/main/resources${ext}/theme`
+            "pathOfDirToExtractInArchive": `keycloak-${keycloakVersion}/themes/src/main/resources${ext}/theme`,
        });
-
    }
-
 }

 if (require.main === module) {
+    (async () => {
+        const { keycloakVersion } = await promptKeycloakVersion();

-    const keycloakVersion = (() => {
+        const destDirPath = pathJoin(keycloakThemeBuildingDirPath, "src", "main", "resources", "theme");

-        const keycloakVersion = process.argv[2] as (KeycloakVersion | undefined);
-
-        if (keycloakVersion === undefined) {
-            return "15.0.2";
-        }
-
-        return keycloakVersion;
+        console.log(`Downloading builtins theme of Keycloak ${keycloakVersion} here ${destDirPath}`);

+        downloadBuiltinKeycloakTheme({
+            keycloakVersion,
+            destDirPath,
+        });
    })();
-
-    const destDirPath = pathJoin(keycloakThemeBuildingDirPath, "src", "main", "resources", "theme");
-
-    console.log(`Downloading builtins theme of Keycloak ${keycloakVersion} here ${destDirPath}`);
-
-    downloadBuiltinKeycloakTheme({
-        keycloakVersion,
-        destDirPath
-    });
-
 }
-
--- a/src/bin/generate-i18n-messages.ts
+++ b/src/bin/generate-i18n-messages.ts
@ -5,13 +5,11 @@ import { crawl } from "./tools/crawl";
 import { downloadBuiltinKeycloakTheme } from "./download-builtin-keycloak-theme";
 import { getProjectRoot } from "./tools/getProjectRoot";
 import { rm_rf, rm_r } from "./tools/rm";
-import { keycloakVersions } from "./KeycloakVersion";

 //@ts-ignore
 const propertiesParser = require("properties-parser");

-for (const keycloakVersion of keycloakVersions) {
-
+for (const keycloakVersion of ["11.0.3", "15.0.2", "16.1.0"]) {
    console.log({ keycloakVersion });

    const tmpDirPath = pathJoin(getProjectRoot(), "tmp_xImOef9dOd44");
@ -20,7 +18,7 @@ for (const keycloakVersion of keycloakVersions) {

    downloadBuiltinKeycloakTheme({
        keycloakVersion,
-        "destDirPath": tmpDirPath
+        "destDirPath": tmpDirPath,
    });

    type Dictionary = { [idiomId: string]: string };
@ -28,11 +26,9 @@ for (const keycloakVersion of keycloakVersions) {
    const record: { [typeOfPage: string]: { [language: string]: Dictionary } } = {};

    {
-
        const baseThemeDirPath = pathJoin(tmpDirPath, "base");

        crawl(baseThemeDirPath).forEach(filePath => {
-
            const match = filePath.match(/^([^/]+)\/messages\/messages_([^.]+)\.properties$/);

            if (match === null) {
@ -41,20 +37,12 @@ for (const keycloakVersion of keycloakVersions) {

            const [, typeOfPage, language] = match;

-            (record[typeOfPage] ??= {})[language.replace(/_/g, "-")] =
-                Object.fromEntries(
-                    Object.entries(
-                        propertiesParser.parse(
-                            fs.readFileSync(
-                                pathJoin(baseThemeDirPath, filePath)
-                            )
-                                .toString("utf8")
-                        )
-                    ).map(([key, value]: any) => [key, value.replace(/''/g, "'")])
-                );
-
+            (record[typeOfPage] ??= {})[language.replace(/_/g, "-")] = Object.fromEntries(
+                Object.entries(propertiesParser.parse(fs.readFileSync(pathJoin(baseThemeDirPath, filePath)).toString("utf8"))).map(
+                    ([key, value]: any) => [key, value.replace(/''/g, "'")],
+                ),
+            );
        });
-
    }

    rm_r(tmpDirPath);
@ -64,7 +52,6 @@ for (const keycloakVersion of keycloakVersions) {
    fs.mkdirSync(targetDirPath, { "recursive": true });

    Object.keys(record).forEach(pageType => {
-
        const filePath = pathJoin(targetDirPath, `${pageType}.ts`);

        fs.writeFileSync(
@ -72,16 +59,16 @@ for (const keycloakVersion of keycloakVersions) {
            Buffer.from(
                [
                    `//This code was automatically generated by running ${pathRelative(getProjectRoot(), __filename)}`,
-                    '//PLEASE DO NOT EDIT MANUALLY',
-                    '',
-                    '/* spell-checker: disable */',
+                    "//PLEASE DO NOT EDIT MANUALLY",
+                    "",
+                    "/* spell-checker: disable */",
                    `export const kcMessages= ${JSON.stringify(record[pageType], null, 2)};`,
-                    '/* spell-checker: enable */'
-                ].join("\n"), "utf8")
+                    "/* spell-checker: enable */",
+                ].join("\n"),
+                "utf8",
+            ),
        );

        console.log(`${filePath} wrote`);
-
    });
-
 }
--- a/src/bin/link_in_test_app.ts
+++ b/src/bin/link_in_test_app.ts
@ -1,4 +1,3 @@
-
 import { execSync } from "child_process";
 import { join as pathJoin, relative as pathRelative } from "path";
 import * as fs from "fs";
@ -10,11 +9,7 @@ fs.writeFileSync(
    Buffer.from(
        JSON.stringify(
            (() => {
-                const packageJsonParsed = JSON.parse(
-                    fs
-                        .readFileSync(pathJoin(keycloakifyDirPath, "package.json"))
-                        .toString("utf8"),
-                );
+                const packageJsonParsed = JSON.parse(fs.readFileSync(pathJoin(keycloakifyDirPath, "package.json")).toString("utf8"));

                return {
                    ...packageJsonParsed,
@ -37,17 +32,8 @@ const commonThirdPartyDeps = (() => {
        ...namespaceModuleNames
            .map(namespaceModuleName =>
                fs
-                    .readdirSync(
-                        pathJoin(
-                            keycloakifyDirPath,
-                            "node_modules",
-                            namespaceModuleName,
-                        ),
-                    )
-                    .map(
-                        submoduleName =>
-                            `${namespaceModuleName}/${submoduleName}`,
-                    ),
+                    .readdirSync(pathJoin(keycloakifyDirPath, "node_modules", namespaceModuleName))
+                    .map(submoduleName => `${namespaceModuleName}/${submoduleName}`),
            )
            .reduce((prev, curr) => [...prev, ...curr], []),
        ...standaloneModuleNames,
@ -56,18 +42,12 @@ const commonThirdPartyDeps = (() => {

 const yarnHomeDirPath = pathJoin(keycloakifyDirPath, ".yarn_home");

-execSync(
-    ["rm -rf", "mkdir"].map(cmd => `${cmd} ${yarnHomeDirPath}`).join(" && "),
-);
+execSync(["rm -rf", "mkdir"].map(cmd => `${cmd} ${yarnHomeDirPath}`).join(" && "));

 const execYarnLink = (params: { targetModuleName?: string; cwd: string }) => {
    const { targetModuleName, cwd } = params;

-    const cmd = [
-        "yarn",
-        "link",
-        ...(targetModuleName !== undefined ? [targetModuleName] : []),
-    ].join(" ");
+    const cmd = ["yarn", "link", ...(targetModuleName !== undefined ? [targetModuleName] : [])].join(" ");

    console.log(`$ cd ${pathRelative(keycloakifyDirPath, cwd) || "."} && ${cmd}`);

@ -82,12 +62,9 @@ const execYarnLink = (params: { targetModuleName?: string; cwd: string }) => {

 const testAppNames = ["keycloakify-demo-app"] as const;

-const getTestAppPath = (testAppName: typeof testAppNames[number]) =>
-    pathJoin(keycloakifyDirPath, "..", testAppName);
+const getTestAppPath = (testAppName: typeof testAppNames[number]) => pathJoin(keycloakifyDirPath, "..", testAppName);

-testAppNames.forEach(testAppName =>
-    execSync("yarn install", { "cwd": getTestAppPath(testAppName) }),
-);
+testAppNames.forEach(testAppName => execSync("yarn install", { "cwd": getTestAppPath(testAppName) }));

 console.log("=== Linking common dependencies ===");

@ -100,13 +77,7 @@ commonThirdPartyDeps.forEach(commonThirdPartyDep => {
    console.log(`${current}/${total} ${commonThirdPartyDep}`);

    const localInstallPath = pathJoin(
-        ...[
-            keycloakifyDirPath,
-            "node_modules",
-            ...(commonThirdPartyDep.startsWith("@")
-                ? commonThirdPartyDep.split("/")
-                : [commonThirdPartyDep]),
-        ],
+        ...[keycloakifyDirPath, "node_modules", ...(commonThirdPartyDep.startsWith("@") ? commonThirdPartyDep.split("/") : [commonThirdPartyDep])],
    );

    execYarnLink({ "cwd": localInstallPath });
@ -128,4 +99,4 @@ testAppNames.forEach(testAppName =>
        "cwd": getTestAppPath(testAppName),
        "targetModuleName": "keycloakify",
    }),
-);
+);
--- a/src/bin/promptKeycloakVersion.ts
+++ b/src/bin/promptKeycloakVersion.ts
@ -0,0 +1,44 @@
+import { getLatestsSemVersionedTagFactory } from "./tools/octokit-addons/getLatestsSemVersionedTag";
+import { Octokit } from "@octokit/rest";
+import cliSelect from "cli-select";
+
+export async function promptKeycloakVersion() {
+    const { getLatestsSemVersionedTag } = (() => {
+        const { octokit } = (() => {
+            const githubToken = process.env.GITHUB_TOKEN;
+
+            const octokit = new Octokit(githubToken === undefined ? undefined : { "auth": githubToken });
+
+            return { octokit };
+        })();
+
+        const { getLatestsSemVersionedTag } = getLatestsSemVersionedTagFactory({ octokit });
+
+        return { getLatestsSemVersionedTag };
+    })();
+
+    console.log("Initialize the directory with email template from which keycloak version?");
+
+    const tags = await getLatestsSemVersionedTag({
+        "count": 15,
+        "doIgnoreBeta": true,
+        "owner": "keycloak",
+        "repo": "keycloak",
+    }).then(arr => arr.map(({ tag }) => tag));
+
+    if (process.env["GITHUB_ACTIONS"] === "true") {
+        return { "keycloakVersion": tags[0] };
+    }
+
+    const { value: keycloakVersion } = await cliSelect<string>({
+        "values": tags,
+    }).catch(() => {
+        console.log("Aborting");
+
+        process.exit(-1);
+    });
+
+    console.log(keycloakVersion);
+
+    return { keycloakVersion };
+}
--- a/src/bin/tools/NpmModuleVersion.ts
+++ b/src/bin/tools/NpmModuleVersion.ts
@ -0,0 +1,73 @@
+export type NpmModuleVersion = {
+    major: number;
+    minor: number;
+    patch: number;
+    betaPreRelease?: number;
+};
+
+export namespace NpmModuleVersion {
+    export function parse(versionStr: string): NpmModuleVersion {
+        const match = versionStr.match(/^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-beta.([0-9]+))?/);
+
+        if (!match) {
+            throw new Error(`${versionStr} is not a valid NPM version`);
+        }
+
+        return {
+            "major": parseInt(match[1]),
+            "minor": parseInt(match[2]),
+            "patch": parseInt(match[3]),
+            ...(() => {
+                const str = match[4];
+                return str === undefined ? {} : { "betaPreRelease": parseInt(str) };
+            })(),
+        };
+    }
+
+    export function stringify(v: NpmModuleVersion) {
+        return `${v.major}.${v.minor}.${v.patch}${v.betaPreRelease === undefined ? "" : `-beta.${v.betaPreRelease}`}`;
+    }
+
+    /**
+     *
+     * v1  <  v2  => -1
+     * v1 === v2  => 0
+     * v1  >  v2  => 1
+     *
+     */
+    export function compare(v1: NpmModuleVersion, v2: NpmModuleVersion): -1 | 0 | 1 {
+        const sign = (diff: number): -1 | 0 | 1 => (diff === 0 ? 0 : diff < 0 ? -1 : 1);
+        const noUndefined = (n: number | undefined) => n ?? Infinity;
+
+        for (const level of ["major", "minor", "patch", "betaPreRelease"] as const) {
+            if (noUndefined(v1[level]) !== noUndefined(v2[level])) {
+                return sign(noUndefined(v1[level]) - noUndefined(v2[level]));
+            }
+        }
+
+        return 0;
+    }
+
+    /*
+    console.log(compare(parse("3.0.0-beta.3"), parse("3.0.0")) === -1 )
+    console.log(compare(parse("3.0.0-beta.3"), parse("3.0.0-beta.4")) === -1 )
+    console.log(compare(parse("3.0.0-beta.3"), parse("4.0.0")) === -1 )
+    */
+
+    export function bumpType(params: { versionBehindStr: string; versionAheadStr: string }): "major" | "minor" | "patch" | "betaPreRelease" | "same" {
+        const versionAhead = parse(params.versionAheadStr);
+        const versionBehind = parse(params.versionBehindStr);
+
+        if (compare(versionBehind, versionAhead) === 1) {
+            throw new Error(`Version regression ${versionBehind} -> ${versionAhead}`);
+        }
+
+        for (const level of ["major", "minor", "patch", "betaPreRelease"] as const) {
+            if (versionBehind[level] !== versionAhead[level]) {
+                return level;
+            }
+        }
+
+        return "same";
+    }
+}
--- a/src/bin/tools/crawl.ts
+++ b/src/bin/tools/crawl.ts
@ -3,35 +3,25 @@ import * as path from "path";

 /** List all files in a given directory return paths relative to the dir_path */
 export const crawl = (() => {
-
    const crawlRec = (dir_path: string, paths: string[]) => {
-
        for (const file_name of fs.readdirSync(dir_path)) {
-
            const file_path = path.join(dir_path, file_name);

            if (fs.lstatSync(file_path).isDirectory()) {
-
                crawlRec(file_path, paths);

                continue;
-
            }

            paths.push(file_path);
-
        }
-
    };

    return function crawl(dir_path: string): string[] {
-
        const paths: string[] = [];

        crawlRec(dir_path, paths);

        return paths.map(file_path => path.relative(dir_path, file_path));
-
-    }
-
-})();
+    };
+})();
--- a/src/bin/tools/createOctokit.ts
+++ b/src/bin/tools/createOctokit.ts
@ -0,0 +1,7 @@
+import { Octokit } from "@octokit/rest";
+
+export function createOctokit(params: { github_token: string }) {
+    const { github_token } = params;
+
+    return new Octokit({ ...(github_token !== "" ? { "auth": github_token } : {}) });
+}
--- a/src/bin/tools/downloadAndUnzip.ts
+++ b/src/bin/tools/downloadAndUnzip.ts
@ -1,47 +1,32 @@
-
 import { basename as pathBasename, join as pathJoin } from "path";
 import { execSync } from "child_process";
 import fs from "fs";
-import { transformCodebase } from "../tools/transformCodebase";
+import { transformCodebase } from "./transformCodebase";
 import { rm_rf, rm, rm_r } from "./rm";

 /** assert url ends with .zip */
-export function downloadAndUnzip(
-    params: {
-        url: string;
-        destDirPath: string;
-        pathOfDirToExtractInArchive?: string;
-    }
-) {
-
+export function downloadAndUnzip(params: { url: string; destDirPath: string; pathOfDirToExtractInArchive?: string }) {
    const { url, destDirPath, pathOfDirToExtractInArchive } = params;

    const tmpDirPath = pathJoin(destDirPath, "..", "tmp_xxKdOxnEdx");
+    const zipFilePath = pathBasename(url);

    rm_rf(tmpDirPath);

    fs.mkdirSync(tmpDirPath, { "recursive": true });

-    execSync(`wget ${url}`, { "cwd": tmpDirPath });
+    execSync(`curl -L ${url} -o ${zipFilePath}`, { "cwd": tmpDirPath });

-    execSync(
-        `unzip ${pathBasename(url)
-        }${pathOfDirToExtractInArchive === undefined ?
-            "" : ` "${pathOfDirToExtractInArchive}/*"`
-        }`,
-        { "cwd": tmpDirPath }
-    );
+    execSync(`unzip ${zipFilePath}${pathOfDirToExtractInArchive === undefined ? "" : ` "${pathOfDirToExtractInArchive}/*"`}`, {
+        "cwd": tmpDirPath,
+    });

    rm(pathBasename(url), { "cwd": tmpDirPath });

    transformCodebase({
-        "srcDirPath": pathOfDirToExtractInArchive === undefined ?
-            tmpDirPath :
-            pathJoin(tmpDirPath, pathOfDirToExtractInArchive)
-        ,
+        "srcDirPath": pathOfDirToExtractInArchive === undefined ? tmpDirPath : pathJoin(tmpDirPath, pathOfDirToExtractInArchive),
        destDirPath,
    });

    rm_r(tmpDirPath);
-
-}
+}
--- a/src/bin/tools/getProjectRoot.ts
+++ b/src/bin/tools/getProjectRoot.ts
@ -2,7 +2,7 @@ import * as fs from "fs";
 import * as path from "path";

 function getProjectRootRec(dirPath: string): string {
-    if (fs.existsSync(path.join(dirPath, "package.json"))) {
+    if (fs.existsSync(path.join(dirPath, "tsconfig.json"))) {
        return dirPath;
    }
    return getProjectRootRec(path.join(dirPath, ".."));
@ -16,4 +16,4 @@ export function getProjectRoot(): string {
    }

    return (result = getProjectRootRec(__dirname));
-}
+}
--- a/src/bin/tools/grant-exec-perms.ts
+++ b/src/bin/tools/grant-exec-perms.ts
@ -1,8 +1,9 @@
+import { getProjectRoot } from "./getProjectRoot";
+import { join as pathJoin } from "path";
+import child_process from "child_process";

-import { getProjectRoot } from "./getProjectRoot";
-import { join as pathJoin } from "path";
-import child_process from "child_process";
-
-Object.entries<string>(require(pathJoin(getProjectRoot(), "package.json"))["bin"])
-    .forEach(([, scriptPath]) => child_process.execSync(`chmod +x ${scriptPath}`, { "cwd": getProjectRoot() }));
-
+Object.entries<string>(require(pathJoin(getProjectRoot(), "package.json"))["bin"]).forEach(([, scriptPath]) =>
+    child_process.execSync(`chmod +x ${scriptPath}`, {
+        "cwd": getProjectRoot(),
+    }),
+);
--- a/src/bin/tools/isInside.ts
+++ b/src/bin/tools/isInside.ts
@ -1,14 +1,7 @@
 import { relative as pathRelative } from "path";

-export function isInside(
-    params: {
-        dirPath: string;
-        filePath: string;
-    }
-) {
-
+export function isInside(params: { dirPath: string; filePath: string }) {
    const { dirPath, filePath } = params;

    return !pathRelative(dirPath, filePath).startsWith("..");
-
-}
+}
--- a/src/bin/tools/octokit-addons/getLatestsSemVersionedTag.ts
+++ b/src/bin/tools/octokit-addons/getLatestsSemVersionedTag.ts
@ -0,0 +1,40 @@
+import { listTagsFactory } from "./listTags";
+import type { Octokit } from "@octokit/rest";
+import { NpmModuleVersion } from "../NpmModuleVersion";
+
+export function getLatestsSemVersionedTagFactory(params: { octokit: Octokit }) {
+    const { octokit } = params;
+
+    async function getLatestsSemVersionedTag(params: { owner: string; repo: string; doIgnoreBeta: boolean; count: number }): Promise<
+        {
+            tag: string;
+            version: NpmModuleVersion;
+        }[]
+    > {
+        const { owner, repo, doIgnoreBeta, count } = params;
+
+        const semVersionedTags: { tag: string; version: NpmModuleVersion }[] = [];
+
+        const { listTags } = listTagsFactory({ octokit });
+
+        for await (const tag of listTags({ owner, repo })) {
+            let version: NpmModuleVersion;
+
+            try {
+                version = NpmModuleVersion.parse(tag.replace(/^[vV]?/, ""));
+            } catch {
+                continue;
+            }
+
+            if (doIgnoreBeta && version.betaPreRelease !== undefined) {
+                continue;
+            }
+
+            semVersionedTags.push({ tag, version });
+        }
+
+        return semVersionedTags.sort(({ version: vX }, { version: vY }) => NpmModuleVersion.compare(vY, vX)).slice(0, count);
+    }
+
+    return { getLatestsSemVersionedTag };
+}
--- a/src/bin/tools/octokit-addons/listTags.ts
+++ b/src/bin/tools/octokit-addons/listTags.ts
@ -0,0 +1,49 @@
+import type { Octokit } from "@octokit/rest";
+
+const per_page = 99;
+
+export function listTagsFactory(params: { octokit: Octokit }) {
+    const { octokit } = params;
+
+    const octokit_repo_listTags = async (params: { owner: string; repo: string; per_page: number; page: number }) => {
+        return octokit.repos.listTags(params);
+    };
+
+    async function* listTags(params: { owner: string; repo: string }): AsyncGenerator<string> {
+        const { owner, repo } = params;
+
+        let page = 1;
+
+        while (true) {
+            const resp = await octokit_repo_listTags({
+                owner,
+                repo,
+                per_page,
+                "page": page++,
+            });
+
+            for (const branch of resp.data.map(({ name }) => name)) {
+                yield branch;
+            }
+
+            if (resp.data.length < 99) {
+                break;
+            }
+        }
+    }
+
+    /** Returns the same "latest" tag as deno.land/x, not actually the latest though */
+    async function getLatestTag(params: { owner: string; repo: string }): Promise<string | undefined> {
+        const { owner, repo } = params;
+
+        const itRes = await listTags({ owner, repo }).next();
+
+        if (itRes.done) {
+            return undefined;
+        }
+
+        return itRes.value;
+    }
+
+    return { listTags, getLatestTag };
+}
--- a/src/bin/tools/rm.ts
+++ b/src/bin/tools/rm.ts
@ -1,42 +1,31 @@
-
 import { execSync } from "child_process";

-function rmInternal(
-	params: {
-		pathToRemove: string;
-		args: string | undefined;
-		cwd: string | undefined;
-	}
-) {
+function rmInternal(params: { pathToRemove: string; args: string | undefined; cwd: string | undefined }) {
+    const { pathToRemove, args, cwd } = params;

-	const { pathToRemove, args, cwd } = params;
-
-	execSync(
-		`rm ${args ? `-${args} ` : ""}${pathToRemove.replace(/\ /g, "\\ ")}`,
-		cwd !== undefined ? { cwd } : undefined
-	);
+    execSync(`rm ${args ? `-${args} ` : ""}${pathToRemove.replace(/ /g, "\\ ")}`, cwd !== undefined ? { cwd } : undefined);
 }

-export function rm(pathToRemove: string, options?: { cwd: string; }) {
-	rmInternal({
-		pathToRemove,
-		"args": undefined,
-		"cwd": options?.cwd,
-	});
+export function rm(pathToRemove: string, options?: { cwd: string }) {
+    rmInternal({
+        pathToRemove,
+        "args": undefined,
+        "cwd": options?.cwd,
+    });
 }

-export function rm_r(pathToRemove: string, options?: { cwd: string; }) {
-	rmInternal({
-		pathToRemove,
-		"args": "r",
-		"cwd": options?.cwd,
-	});
+export function rm_r(pathToRemove: string, options?: { cwd: string }) {
+    rmInternal({
+        pathToRemove,
+        "args": "r",
+        "cwd": options?.cwd,
+    });
 }

-export function rm_rf(pathToRemove: string, options?: { cwd: string; }) {
-	rmInternal({
-		pathToRemove,
-		"args": "rf",
-		"cwd": options?.cwd,
-	});
+export function rm_rf(pathToRemove: string, options?: { cwd: string }) {
+    rmInternal({
+        pathToRemove,
+        "args": "rf",
+        "cwd": options?.cwd,
+    });
 }
--- a/src/bin/tools/transformCodebase.ts
+++ b/src/bin/tools/transformCodebase.ts
@ -1,69 +1,46 @@
-
-
 import * as fs from "fs";
 import * as path from "path";
 import { crawl } from "./crawl";
-import { id } from "tsafe/id";
+import { id } from "tsafe/id";

-type TransformSourceCode = 
-        (params: {
-            sourceCode: Buffer;
-            filePath: string;
-        }) => {
-            modifiedSourceCode: Buffer;
-            newFileName?: string;
-        } | undefined;
+type TransformSourceCode = (params: { sourceCode: Buffer; filePath: string }) =>
+    | {
+          modifiedSourceCode: Buffer;
+          newFileName?: string;
+      }
+    | undefined;

 /** Apply a transformation function to every file of directory */
-export function transformCodebase(
-    params: {
-        srcDirPath: string;
-        destDirPath: string;
-        transformSourceCode?: TransformSourceCode;
-    }
-) {
-
-    const { 
-        srcDirPath, 
-        destDirPath, 
-        transformSourceCode = id<TransformSourceCode>(({ sourceCode }) => ({ "modifiedSourceCode": sourceCode }))
+export function transformCodebase(params: { srcDirPath: string; destDirPath: string; transformSourceCode?: TransformSourceCode }) {
+    const {
+        srcDirPath,
+        destDirPath,
+        transformSourceCode = id<TransformSourceCode>(({ sourceCode }) => ({
+            "modifiedSourceCode": sourceCode,
+        })),
    } = params;

    for (const file_relative_path of crawl(srcDirPath)) {
-
        const filePath = path.join(srcDirPath, file_relative_path);

        const transformSourceCodeResult = transformSourceCode({
            "sourceCode": fs.readFileSync(filePath),
-            "filePath": path.join(srcDirPath, file_relative_path)
+            "filePath": path.join(srcDirPath, file_relative_path),
        });

        if (transformSourceCodeResult === undefined) {
            continue;
        }

-        fs.mkdirSync(
-            path.dirname(
-                path.join(
-                    destDirPath,
-                    file_relative_path
-                )
-            ),
-            { "recursive": true }
-        );
+        fs.mkdirSync(path.dirname(path.join(destDirPath, file_relative_path)), {
+            "recursive": true,
+        });

        const { newFileName, modifiedSourceCode } = transformSourceCodeResult;

        fs.writeFileSync(
-            path.join(
-                path.dirname(path.join(destDirPath, file_relative_path)),
-                newFileName ?? path.basename(file_relative_path)
-            ),
-            modifiedSourceCode
+            path.join(path.dirname(path.join(destDirPath, file_relative_path)), newFileName ?? path.basename(file_relative_path)),
+            modifiedSourceCode,
        );
-
    }
-
-
 }
-
--- a/src/lib/components/Error.tsx
+++ b/src/lib/components/Error.tsx
@ -4,8 +4,7 @@ import type { KcProps } from "./KcProps";
 import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";

-export const Error = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Error; } & KcProps) => {
-
+export const Error = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Error } & KcProps) => {
    const { msg } = useKcMessage();

    const { message, client } = kcContext;
@ -19,18 +18,15 @@ export const Error = memo(({ kcContext, ...props }: { kcContext: KcContextBase.E
            formNode={
                <div id="kc-error-message">
                    <p className="instruction">{message.summary}</p>
-                    {
-                        client !== undefined && client.baseUrl !== undefined &&
+                    {client !== undefined && client.baseUrl !== undefined && (
                        <p>
                            <a id="backToApplication" href={client.baseUrl}>
                                {msg("backToApplication")}
                            </a>
                        </p>
-                    }
+                    )}
                </div>
            }
        />
    );
 });
-
-
--- a/src/lib/components/Info.tsx
+++ b/src/lib/components/Info.tsx
@ -1,4 +1,3 @@
-
 import { memo } from "react";
 import { Template } from "./Template";
 import type { KcProps } from "./KcProps";
@ -6,68 +5,45 @@ import { assert } from "../tools/assert";
 import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";

-export const Info = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Info; } & KcProps) => {
-
+export const Info = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Info } & KcProps) => {
    const { msg } = useKcMessage();

    assert(kcContext.message !== undefined);

-    const {
-        messageHeader,
-        message,
-        requiredActions,
-        skipLink,
-        pageRedirectUri,
-        actionUri,
-        client
-    } = kcContext;
+    const { messageHeader, message, requiredActions, skipLink, pageRedirectUri, actionUri, client } = kcContext;

    return (
        <Template
            {...{ kcContext, ...props }}
            doFetchDefaultThemeResources={true}
            displayMessage={false}
-            headerNode={
-                messageHeader !== undefined ?
-                    <>{messageHeader}</>
-                    :
-                    <>{message.summary}</>
-            }
+            headerNode={messageHeader !== undefined ? <>{messageHeader}</> : <>{message.summary}</>}
            formNode={
                <div id="kc-info-message">
-                    <p className="instruction">{message.summary}
-
-                        {
-                            requiredActions !== undefined &&
-                            <b>
-                                {
-                                    requiredActions
-                                        .map(requiredAction => msg(`requiredAction.${requiredAction}` as const))
-                                        .join(",")
-                                }
-
-                            </b>
-
-                        }
+                    <p className="instruction">
+                        {message.summary}

+                        {requiredActions !== undefined && (
+                            <b>{requiredActions.map(requiredAction => msg(`requiredAction.${requiredAction}` as const)).join(",")}</b>
+                        )}
                    </p>
-                    {
-                        !skipLink &&
-                            pageRedirectUri !== undefined ?
-                            <p><a href={pageRedirectUri}>{(msg("backToApplication"))}</a></p>
-                            :
-                            actionUri !== undefined ?
-                                <p><a href={actionUri}>{msg("proceedWithAction")}</a></p>
-                                :
-                                client.baseUrl !== undefined &&
-                                <p><a href={client.baseUrl}>{msg("backToApplication")}</a></p>
-                    }
+                    {!skipLink && pageRedirectUri !== undefined ? (
+                        <p>
+                            <a href={pageRedirectUri}>{msg("backToApplication")}</a>
+                        </p>
+                    ) : actionUri !== undefined ? (
+                        <p>
+                            <a href={actionUri}>{msg("proceedWithAction")}</a>
+                        </p>
+                    ) : (
+                        client.baseUrl !== undefined && (
+                            <p>
+                                <a href={client.baseUrl}>{msg("backToApplication")}</a>
+                            </p>
+                        )
+                    )}
                </div>
-
-
            }
        />
    );
 });
-
-
--- a/src/lib/components/KcApp.tsx
+++ b/src/lib/components/KcApp.tsx
@ -1,29 +1,47 @@
-
 import { memo } from "react";
 import type { KcContextBase } from "../getKcContext/KcContextBase";
 import type { KcProps } from "./KcProps";
 import { Login } from "./Login";
 import { Register } from "./Register";
+import { RegisterUserProfile } from "./RegisterUserProfile";
 import { Info } from "./Info";
 import { Error } from "./Error";
 import { LoginResetPassword } from "./LoginResetPassword";
 import { LoginVerifyEmail } from "./LoginVerifyEmail";
 import { Terms } from "./Terms";
 import { LoginOtp } from "./LoginOtp";
+import { LoginUpdatePassword } from "./LoginUpdatePassword";
 import { LoginUpdateProfile } from "./LoginUpdateProfile";
 import { LoginIdpLinkConfirm } from "./LoginIdpLinkConfirm";
+import { LoginPageExpired } from "./LoginPageExpired";

-export const KcApp = memo(({ kcContext, ...props }: { kcContext: KcContextBase; } & KcProps) => {
+export const KcApp = memo(({ kcContext, ...props }: { kcContext: KcContextBase } & KcProps) => {
    switch (kcContext.pageId) {
-        case "login.ftl": return <Login {...{ kcContext, ...props }} />;
-        case "register.ftl": return <Register {...{ kcContext, ...props }} />;
-        case "info.ftl": return <Info {...{ kcContext, ...props }} />;
-        case "error.ftl": return <Error {...{ kcContext, ...props }} />;
-        case "login-reset-password.ftl": return <LoginResetPassword {...{ kcContext, ...props }} />;
-        case "login-verify-email.ftl": return <LoginVerifyEmail {...{ kcContext, ...props }} />;
-        case "terms.ftl": return <Terms {...{ kcContext, ...props }} />;
-        case "login-otp.ftl": return <LoginOtp {...{ kcContext, ...props }} />;
-        case "login-update-profile.ftl": return <LoginUpdateProfile {...{ kcContext, ...props }} />;
-        case "login-idp-link-confirm.ftl": return <LoginIdpLinkConfirm {...{ kcContext, ...props }} />;
+        case "login.ftl":
+            return <Login {...{ kcContext, ...props }} />;
+        case "register.ftl":
+            return <Register {...{ kcContext, ...props }} />;
+        case "register-user-profile.ftl":
+            return <RegisterUserProfile {...{ kcContext, ...props }} />;
+        case "info.ftl":
+            return <Info {...{ kcContext, ...props }} />;
+        case "error.ftl":
+            return <Error {...{ kcContext, ...props }} />;
+        case "login-reset-password.ftl":
+            return <LoginResetPassword {...{ kcContext, ...props }} />;
+        case "login-verify-email.ftl":
+            return <LoginVerifyEmail {...{ kcContext, ...props }} />;
+        case "terms.ftl":
+            return <Terms {...{ kcContext, ...props }} />;
+        case "login-otp.ftl":
+            return <LoginOtp {...{ kcContext, ...props }} />;
+        case "login-update-password.ftl":
+            return <LoginUpdatePassword {...{ kcContext, ...props }} />;
+        case "login-update-profile.ftl":
+            return <LoginUpdateProfile {...{ kcContext, ...props }} />;
+        case "login-idp-link-confirm.ftl":
+            return <LoginIdpLinkConfirm {...{ kcContext, ...props }} />;
+        case "login-page-expired.ftl":
+            return <LoginPageExpired {...{ kcContext, ...props }} />;
    }
-});
+});
--- a/src/lib/components/KcProps.ts
+++ b/src/lib/components/KcProps.ts
@ -1,39 +1,35 @@
-
 import { allPropertiesValuesToUndefined } from "../tools/allPropertiesValuesToUndefined";
-import { doExtends } from "tsafe/doExtends";
+import { assert } from "tsafe/assert";

 /** Class names can be provided as an array or separated by whitespace */
-export type KcPropsGeneric<CssClasses extends string> = { [key in CssClasses]: readonly string[] | string | undefined; };
+export type KcPropsGeneric<CssClasses extends string> = {
+    [key in CssClasses]: readonly string[] | string | undefined;
+};

 export type KcTemplateClassKey =
-    "stylesCommon" |
-    "styles" |
-    "scripts" |
-    "kcHtmlClass" |
-    "kcLoginClass" |
-    "kcHeaderClass" |
-    "kcHeaderWrapperClass" |
-    "kcFormCardClass" |
-    "kcFormCardAccountClass" |
-    "kcFormHeaderClass" |
-    "kcLocaleWrapperClass" |
-    "kcContentWrapperClass" |
-    "kcLabelWrapperClass" |
-    "kcContentWrapperClass" |
-    "kcLabelWrapperClass" |
-    "kcFormGroupClass" |
-    "kcResetFlowIcon" |
-    "kcResetFlowIcon" |
-    "kcFeedbackSuccessIcon" |
-    "kcFeedbackWarningIcon" |
-    "kcFeedbackErrorIcon" |
-    "kcFeedbackInfoIcon" |
-    "kcContentWrapperClass" |
-    "kcFormSocialAccountContentClass" |
-    "kcFormSocialAccountClass" |
-    "kcSignUpClass" |
-    "kcInfoAreaWrapperClass"
-    ;
+    | "stylesCommon"
+    | "styles"
+    | "scripts"
+    | "kcHtmlClass"
+    | "kcLoginClass"
+    | "kcHeaderClass"
+    | "kcHeaderWrapperClass"
+    | "kcFormCardClass"
+    | "kcFormCardAccountClass"
+    | "kcFormHeaderClass"
+    | "kcLocaleWrapperClass"
+    | "kcContentWrapperClass"
+    | "kcLabelWrapperClass"
+    | "kcFormGroupClass"
+    | "kcResetFlowIcon"
+    | "kcFeedbackSuccessIcon"
+    | "kcFeedbackWarningIcon"
+    | "kcFeedbackErrorIcon"
+    | "kcFeedbackInfoIcon"
+    | "kcFormSocialAccountContentClass"
+    | "kcFormSocialAccountClass"
+    | "kcSignUpClass"
+    | "kcInfoAreaWrapperClass";

 export type KcTemplateProps = KcPropsGeneric<KcTemplateClassKey>;

@ -41,7 +37,7 @@ export const defaultKcTemplateProps = {
    "stylesCommon": [
        "node_modules/patternfly/dist/css/patternfly.min.css",
        "node_modules/patternfly/dist/css/patternfly-additions.min.css",
-        "lib/zocial/zocial.css"
+        "lib/zocial/zocial.css",
    ],
    "styles": ["css/login.css"],
    "scripts": [],
@ -64,67 +60,67 @@ export const defaultKcTemplateProps = {
    "kcFormGroupClass": ["form-group"],
    "kcLabelWrapperClass": ["col-xs-12", "col-sm-12", "col-md-12", "col-lg-12"],
    "kcSignUpClass": ["login-pf-signup"],
-    "kcInfoAreaWrapperClass": []
+    "kcInfoAreaWrapperClass": [],
 } as const;

-
-doExtends<typeof defaultKcTemplateProps, KcTemplateProps>();
+assert<typeof defaultKcTemplateProps extends KcTemplateProps ? true : false>();

 /** Tu use if you don't want any default */
-export const allClearKcTemplateProps =
-    allPropertiesValuesToUndefined(defaultKcTemplateProps);
+export const allClearKcTemplateProps = allPropertiesValuesToUndefined(defaultKcTemplateProps);

-doExtends<typeof allClearKcTemplateProps, KcTemplateProps>();
+assert<typeof allClearKcTemplateProps extends KcTemplateProps ? true : false>();

 export type KcProps = KcPropsGeneric<
-    KcTemplateClassKey |
-    "kcLogoLink" |
-    "kcLogoClass" |
-    "kcContainerClass" |
-    "kcContentClass" |
-    "kcFeedbackAreaClass" |
-    "kcLocaleClass" |
-    "kcAlertIconClasserror" |
-    "kcFormAreaClass" |
-    "kcFormSocialAccountListClass" |
-    "kcFormSocialAccountDoubleListClass" |
-    "kcFormSocialAccountListLinkClass" |
-    "kcWebAuthnKeyIcon" |
-    "kcFormClass" |
-    "kcFormGroupErrorClass" |
-    "kcLabelClass" |
-    "kcInputClass" |
-    "kcInputWrapperClass" |
-    "kcFormOptionsClass" |
-    "kcFormButtonsClass" |
-    "kcFormSettingClass" |
-    "kcTextareaClass" |
-    "kcInfoAreaClass" |
-    "kcButtonClass" |
-    "kcButtonPrimaryClass" |
-    "kcButtonDefaultClass" |
-    "kcButtonLargeClass" |
-    "kcButtonBlockClass" |
-    "kcInputLargeClass" |
-    "kcSrOnlyClass" |
-    "kcSelectAuthListClass" |
-    "kcSelectAuthListItemClass" |
-    "kcSelectAuthListItemInfoClass" |
-    "kcSelectAuthListItemLeftClass" |
-    "kcSelectAuthListItemBodyClass" |
-    "kcSelectAuthListItemDescriptionClass" |
-    "kcSelectAuthListItemHeadingClass" |
-    "kcSelectAuthListItemHelpTextClass" |
-    "kcAuthenticatorDefaultClass" |
-    "kcAuthenticatorPasswordClass" |
-    "kcAuthenticatorOTPClass" |
-    "kcAuthenticatorWebAuthnClass" |
-    "kcAuthenticatorWebAuthnPasswordlessClass" |
-    "kcSelectOTPListClass" |
-    "kcSelectOTPListItemClass" |
-    "kcAuthenticatorOtpCircleClass" |
-    "kcSelectOTPItemHeadingClass" |
-    "kcFormOptionsWrapperClass"
+    | KcTemplateClassKey
+    | "kcLogoLink"
+    | "kcLogoClass"
+    | "kcContainerClass"
+    | "kcContentClass"
+    | "kcFeedbackAreaClass"
+    | "kcLocaleClass"
+    | "kcAlertIconClasserror"
+    | "kcFormAreaClass"
+    | "kcFormSocialAccountListClass"
+    | "kcFormSocialAccountDoubleListClass"
+    | "kcFormSocialAccountListLinkClass"
+    | "kcWebAuthnKeyIcon"
+    | "kcFormClass"
+    | "kcFormGroupErrorClass"
+    | "kcLabelClass"
+    | "kcInputClass"
+    | "kcInputErrorMessageClass"
+    | "kcInputWrapperClass"
+    | "kcFormOptionsClass"
+    | "kcFormButtonsClass"
+    | "kcFormSettingClass"
+    | "kcTextareaClass"
+    | "kcInfoAreaClass"
+    | "kcFormGroupHeader"
+    | "kcButtonClass"
+    | "kcButtonPrimaryClass"
+    | "kcButtonDefaultClass"
+    | "kcButtonLargeClass"
+    | "kcButtonBlockClass"
+    | "kcInputLargeClass"
+    | "kcSrOnlyClass"
+    | "kcSelectAuthListClass"
+    | "kcSelectAuthListItemClass"
+    | "kcSelectAuthListItemInfoClass"
+    | "kcSelectAuthListItemLeftClass"
+    | "kcSelectAuthListItemBodyClass"
+    | "kcSelectAuthListItemDescriptionClass"
+    | "kcSelectAuthListItemHeadingClass"
+    | "kcSelectAuthListItemHelpTextClass"
+    | "kcAuthenticatorDefaultClass"
+    | "kcAuthenticatorPasswordClass"
+    | "kcAuthenticatorOTPClass"
+    | "kcAuthenticatorWebAuthnClass"
+    | "kcAuthenticatorWebAuthnPasswordlessClass"
+    | "kcSelectOTPListClass"
+    | "kcSelectOTPListItemClass"
+    | "kcAuthenticatorOtpCircleClass"
+    | "kcSelectOTPItemHeadingClass"
+    | "kcFormOptionsWrapperClass"
 >;

 export const defaultKcProps = {
@ -147,6 +143,7 @@ export const defaultKcProps = {
    "kcFormGroupErrorClass": ["has-error"],
    "kcLabelClass": ["control-label"],
    "kcInputClass": ["form-control"],
+    "kcInputErrorMessageClass": ["pf-c-form__helper-text", "pf-m-error", "required", "kc-feedback-text"],
    "kcInputWrapperClass": ["col-xs-12", "col-sm-12", "col-md-12", "col-lg-12"],
    "kcFormOptionsClass": ["col-xs-12", "col-sm-12", "col-md-12", "col-lg-12"],
    "kcFormButtonsClass": ["col-xs-12", "col-sm-12", "col-md-12", "col-lg-12"],
@ -155,6 +152,9 @@ export const defaultKcProps = {

    "kcInfoAreaClass": ["col-xs-12", "col-sm-4", "col-md-4", "col-lg-5", "details"],

+    // user-profile grouping
+    "kcFormGroupHeader": ["pf-c-form__group"],
+
    // css classes for form buttons main class used for all buttons
    "kcButtonClass": ["btn"],
    // classes defining priority of the button - primary or default (there is typically only one priority button for the form)
@ -192,14 +192,12 @@ export const defaultKcProps = {
    "kcSelectOTPListItemClass": ["card-pf-body", "card-pf-top-element"],
    "kcAuthenticatorOtpCircleClass": ["fa", "fa-mobile", "card-pf-icon-circle"],
    "kcSelectOTPItemHeadingClass": ["card-pf-title", "text-center"],
-    "kcFormOptionsWrapperClass": []
+    "kcFormOptionsWrapperClass": [],
 } as const;

-doExtends<typeof defaultKcProps, KcProps>();
+assert<typeof defaultKcProps extends KcProps ? true : false>();

 /** Tu use if you don't want any default */
-export const allClearKcProps =
-    allPropertiesValuesToUndefined(defaultKcProps);
-
-doExtends<typeof allClearKcProps, KcProps>();
+export const allClearKcProps = allPropertiesValuesToUndefined(defaultKcProps);

+assert<typeof allClearKcProps extends KcProps ? true : false>();
--- a/src/lib/components/Login.tsx
+++ b/src/lib/components/Login.tsx
@ -1,4 +1,3 @@
-
 import { useState, memo } from "react";
 import { Template } from "./Template";
 import type { KcProps } from "./KcProps";
@ -6,14 +5,10 @@ import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";
 import { useCssAndCx } from "tss-react";
 import { useConstCallback } from "powerhooks/useConstCallback";
+import type { FormEventHandler } from "react";

-export const Login = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Login; } & KcProps) => {
-
-    const {
-        social, realm, url,
-        usernameEditDisabled, login,
-        auth, registrationDisabled
-    } = kcContext;
+export const Login = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Login } & KcProps) => {
+    const { social, realm, url, usernameEditDisabled, login, auth, registrationDisabled } = kcContext;

    const { msg, msgStr } = useKcMessage();

@ -21,9 +16,19 @@ export const Login = memo(({ kcContext, ...props }: { kcContext: KcContextBase.L

    const [isLoginButtonDisabled, setIsLoginButtonDisabled] = useState(false);

-    const onSubmit = useConstCallback(() =>
-        (setIsLoginButtonDisabled(true), true)
-    );
+    const onSubmit = useConstCallback<FormEventHandler<HTMLFormElement>>(e => {
+        e.preventDefault();
+
+        setIsLoginButtonDisabled(true);
+
+        const formElement = e.target as HTMLFormElement;
+
+        //NOTE: Even if we login with email Keycloak expect username and password in
+        //the POST request.
+        formElement.querySelector("input[name='email']")?.setAttribute("name", "username");
+
+        formElement.submit();
+    });

    return (
        <Template
@ -33,125 +38,156 @@ export const Login = memo(({ kcContext, ...props }: { kcContext: KcContextBase.L
            displayWide={realm.password && social.providers !== undefined}
            headerNode={msg("doLogIn")}
            formNode={
-                <div
-                    id="kc-form"
-                    className={cx(realm.password && social.providers !== undefined && props.kcContentWrapperClass)}
-                >
+                <div id="kc-form" className={cx(realm.password && social.providers !== undefined && props.kcContentWrapperClass)}>
                    <div
                        id="kc-form-wrapper"
                        className={cx(realm.password && social.providers && [props.kcFormSocialAccountContentClass, props.kcFormSocialAccountClass])}
                    >
-                        {
-                            realm.password &&
-                            (
-                                <form id="kc-form-login" onSubmit={onSubmit} action={url.loginAction} method="post">
-                                    <div className={cx(props.kcFormGroupClass)}>
-                                        <label htmlFor="username" className={cx(props.kcLabelClass)}>
-                                            {
-                                                !realm.loginWithEmailAllowed ?
-                                                    msg("username")
-                                                    :
-                                                    (
-                                                        !realm.registrationEmailAsUsername ?
-                                                            msg("usernameOrEmail") :
-                                                            msg("email")
-                                                    )
-                                            }
-                                        </label>
-                                        <input
-                                            tabIndex={1}
-                                            id="username"
-                                            className={cx(props.kcInputClass)}
-                                            name="username"
-                                            defaultValue={login.username ?? ''}
-                                            type="text"
-                                            {...(usernameEditDisabled ? { "disabled": true } : { "autoFocus": true, "autoComplete": "off" })}
-                                        />
-                                    </div>
-                                    <div className={cx(props.kcFormGroupClass)}>
-                                        <label htmlFor="password" className={cx(props.kcLabelClass)}>
-                                            {msg("password")}
-                                        </label>
-                                        <input tabIndex={2} id="password" className={cx(props.kcInputClass)} name="password" type="password" autoComplete="off" />
-                                    </div>
-                                    <div className={cx(props.kcFormGroupClass, props.kcFormSettingClass)}>
-                                        <div id="kc-form-options">
-                                            {
-                                                (
-                                                    realm.rememberMe &&
-                                                    !usernameEditDisabled
-                                                ) &&
-                                                <div className="checkbox">
-                                                    <label>
-                                                        <input tabIndex={3} id="rememberMe" name="rememberMe" type="checkbox" {...(login.rememberMe ? { "checked": true } : {})} />
-                                                        {msg("rememberMe")}
-                                                    </label>
-                                                </div>
-                                            }
-                                        </div>
-                                        <div className={cx(props.kcFormOptionsWrapperClass)}>
-                                            {
-                                                realm.resetPasswordAllowed &&
-                                                <span>
-                                                    <a tabIndex={5} href={url.loginResetCredentialsUrl}>{msg("doForgotPassword")}</a>
-                                                </span>
-                                            }
-                                        </div>
+                        {realm.password && (
+                            <form id="kc-form-login" onSubmit={onSubmit} action={url.loginAction} method="post">
+                                <div className={cx(props.kcFormGroupClass)}>
+                                    {(() => {
+                                        const label = !realm.loginWithEmailAllowed
+                                            ? "username"
+                                            : realm.registrationEmailAsUsername
+                                            ? "email"
+                                            : "usernameOrEmail";

+                                        const autoCompleteHelper: typeof label = label === "usernameOrEmail" ? "username" : label;
+
+                                        return (
+                                            <>
+                                                <label htmlFor={autoCompleteHelper} className={cx(props.kcLabelClass)}>
+                                                    {msg(label)}
+                                                </label>
+                                                <input
+                                                    tabIndex={1}
+                                                    id={autoCompleteHelper}
+                                                    className={cx(props.kcInputClass)}
+                                                    //NOTE: This is used by Google Chrome auto fill so we use it to tell
+                                                    //the browser how to pre fill the form but before submit we put it back
+                                                    //to username because it is what keycloak expects.
+                                                    name={autoCompleteHelper}
+                                                    defaultValue={login.username ?? ""}
+                                                    type="text"
+                                                    {...(usernameEditDisabled
+                                                        ? { "disabled": true }
+                                                        : {
+                                                              "autoFocus": true,
+                                                              "autoComplete": "off",
+                                                          })}
+                                                />
+                                            </>
+                                        );
+                                    })()}
+                                </div>
+                                <div className={cx(props.kcFormGroupClass)}>
+                                    <label htmlFor="password" className={cx(props.kcLabelClass)}>
+                                        {msg("password")}
+                                    </label>
+                                    <input
+                                        tabIndex={2}
+                                        id="password"
+                                        className={cx(props.kcInputClass)}
+                                        name="password"
+                                        type="password"
+                                        autoComplete="off"
+                                    />
+                                </div>
+                                <div className={cx(props.kcFormGroupClass, props.kcFormSettingClass)}>
+                                    <div id="kc-form-options">
+                                        {realm.rememberMe && !usernameEditDisabled && (
+                                            <div className="checkbox">
+                                                <label>
+                                                    <input
+                                                        tabIndex={3}
+                                                        id="rememberMe"
+                                                        name="rememberMe"
+                                                        type="checkbox"
+                                                        {...(login.rememberMe
+                                                            ? {
+                                                                  "checked": true,
+                                                              }
+                                                            : {})}
+                                                    />
+                                                    {msg("rememberMe")}
+                                                </label>
+                                            </div>
+                                        )}
                                    </div>
-                                    <div id="kc-form-buttons" className={cx(props.kcFormGroupClass)}>
-                                        <input
-                                            type="hidden"
-                                            id="id-hidden-input"
-                                            name="credentialId"
-                                            {...(auth?.selectedCredential !== undefined ? { "value": auth.selectedCredential } : {})}
-                                        />
-                                        <input
-                                            tabIndex={4}
-                                            className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonBlockClass, props.kcButtonLargeClass)} name="login" id="kc-login" type="submit"
-                                            value={msgStr("doLogIn")}
-                                            disabled={isLoginButtonDisabled}
-                                        />
+                                    <div className={cx(props.kcFormOptionsWrapperClass)}>
+                                        {realm.resetPasswordAllowed && (
+                                            <span>
+                                                <a tabIndex={5} href={url.loginResetCredentialsUrl}>
+                                                    {msg("doForgotPassword")}
+                                                </a>
+                                            </span>
+                                        )}
                                    </div>
-                                </form>
-                            )
-                        }
+                                </div>
+                                <div id="kc-form-buttons" className={cx(props.kcFormGroupClass)}>
+                                    <input
+                                        type="hidden"
+                                        id="id-hidden-input"
+                                        name="credentialId"
+                                        {...(auth?.selectedCredential !== undefined
+                                            ? {
+                                                  "value": auth.selectedCredential,
+                                              }
+                                            : {})}
+                                    />
+                                    <input
+                                        tabIndex={4}
+                                        className={cx(
+                                            props.kcButtonClass,
+                                            props.kcButtonPrimaryClass,
+                                            props.kcButtonBlockClass,
+                                            props.kcButtonLargeClass,
+                                        )}
+                                        name="login"
+                                        id="kc-login"
+                                        type="submit"
+                                        value={msgStr("doLogIn")}
+                                        disabled={isLoginButtonDisabled}
+                                    />
+                                </div>
+                            </form>
+                        )}
                    </div>
-                    {
-                        (realm.password && social.providers !== undefined) &&
+                    {realm.password && social.providers !== undefined && (
                        <div id="kc-social-providers" className={cx(props.kcFormSocialAccountContentClass, props.kcFormSocialAccountClass)}>
-                            <ul className={cx(props.kcFormSocialAccountListClass, social.providers.length > 4 && props.kcFormSocialAccountDoubleListClass)}>
-                                {
-                                    social.providers.map(p =>
-                                        <li key={p.providerId} className={cx(props.kcFormSocialAccountListLinkClass)}>
-                                            <a href={p.loginUrl} id={`zocial-${p.alias}`} className={cx("zocial", p.providerId)}>
-                                                <span>{p.displayName}</span>
-                                            </a>
-                                        </li>
-                                    )
-                                }
+                            <ul
+                                className={cx(
+                                    props.kcFormSocialAccountListClass,
+                                    social.providers.length > 4 && props.kcFormSocialAccountDoubleListClass,
+                                )}
+                            >
+                                {social.providers.map(p => (
+                                    <li key={p.providerId} className={cx(props.kcFormSocialAccountListLinkClass)}>
+                                        <a href={p.loginUrl} id={`zocial-${p.alias}`} className={cx("zocial", p.providerId)}>
+                                            <span>{p.displayName}</span>
+                                        </a>
+                                    </li>
+                                ))}
                            </ul>
                        </div>
-                    }
+                    )}
                </div>
            }
            infoNode={
-                (
-                    realm.password &&
-                    realm.registrationAllowed &&
-                    !registrationDisabled
-                ) &&
-                <div id="kc-registration">
-                    <span>
-                        {msg("noAccount")}
-                        <a tabIndex={6} href={url.registrationUrl}>
-                            {msg("doRegister")}
-                        </a>
-                    </span>
-                </div>
+                realm.password &&
+                realm.registrationAllowed &&
+                !registrationDisabled && (
+                    <div id="kc-registration">
+                        <span>
+                            {msg("noAccount")}
+                            <a tabIndex={6} href={url.registrationUrl}>
+                                {msg("doRegister")}
+                            </a>
+                        </span>
+                    </div>
+                )
            }
        />
    );
 });
-
-
--- a/src/lib/components/LoginIdpLinkConfirm.tsx
+++ b/src/lib/components/LoginIdpLinkConfirm.tsx
@ -1,4 +1,3 @@
-
 import { memo } from "react";
 import { Template } from "./Template";
 import type { KcProps } from "./KcProps";
@ -6,56 +5,42 @@ import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";
 import { useCssAndCx } from "tss-react";

-export const LoginIdpLinkConfirm = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginIdpLinkConfirm; } & KcProps) => {
+export const LoginIdpLinkConfirm = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginIdpLinkConfirm } & KcProps) => {
+    const { url, idpAlias } = kcContext;

-	const { url, idpAlias } = kcContext;
+    const { msg } = useKcMessage();

-	const { msg } = useKcMessage();
-
-	const { cx } = useCssAndCx();
-
-	return (
-		<Template
-			{...{ kcContext, ...props }}
-			doFetchDefaultThemeResources={true}
-			headerNode={msg("confirmLinkIdpTitle")}
-			formNode={
-				<form id="kc-register-form" action={url.loginAction} method="post">
-					<div className={cx(props.kcFormGroupClass)}>
-						<button
-							type="submit"
-							className={cx(
-								props.kcButtonClass,
-								props.kcButtonDefaultClass,
-								props.kcButtonBlockClass,
-								props.kcButtonLargeClass
-							)}
-							name="submitAction"
-							id="updateProfile"
-							value="updateProfile"
-						>
-							{msg("confirmLinkIdpReviewProfile")}
-						</button>
-						<button
-							type="submit"
-							className={cx(
-								props.kcButtonClass,
-								props.kcButtonDefaultClass,
-								props.kcButtonBlockClass,
-								props.kcButtonLargeClass
-							)}
-							name="submitAction"
-							id="linkAccount"
-							value="linkAccount"
-						>
-							{msg("confirmLinkIdpContinue", idpAlias)}
-						</button>
-					</div>
-				</form>
-			}
-		/>
-	);
+    const { cx } = useCssAndCx();

+    return (
+        <Template
+            {...{ kcContext, ...props }}
+            doFetchDefaultThemeResources={true}
+            headerNode={msg("confirmLinkIdpTitle")}
+            formNode={
+                <form id="kc-register-form" action={url.loginAction} method="post">
+                    <div className={cx(props.kcFormGroupClass)}>
+                        <button
+                            type="submit"
+                            className={cx(props.kcButtonClass, props.kcButtonDefaultClass, props.kcButtonBlockClass, props.kcButtonLargeClass)}
+                            name="submitAction"
+                            id="updateProfile"
+                            value="updateProfile"
+                        >
+                            {msg("confirmLinkIdpReviewProfile")}
+                        </button>
+                        <button
+                            type="submit"
+                            className={cx(props.kcButtonClass, props.kcButtonDefaultClass, props.kcButtonBlockClass, props.kcButtonLargeClass)}
+                            name="submitAction"
+                            id="linkAccount"
+                            value="linkAccount"
+                        >
+                            {msg("confirmLinkIdpContinue", idpAlias)}
+                        </button>
+                    </div>
+                </form>
+            }
+        />
+    );
 });
-
-
--- a/src/lib/components/LoginOtp.tsx
+++ b/src/lib/components/LoginOtp.tsx
@ -1,46 +1,35 @@
-
-
 import { useEffect, memo } from "react";
 import { Template } from "./Template";
 import type { KcProps } from "./KcProps";
 import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";
-import { appendHead } from "../tools/appendHead";
-import { join as pathJoin } from "path";
+import { headInsert } from "../tools/headInsert";
+import { pathJoin } from "../tools/pathJoin";
 import { useCssAndCx } from "tss-react";

-export const LoginOtp = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginOtp; } & KcProps) => {
-
+export const LoginOtp = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginOtp } & KcProps) => {
    const { otpLogin, url } = kcContext;

    const { cx } = useCssAndCx();

    const { msg, msgStr } = useKcMessage();

-    useEffect(
-        () => {
+    useEffect(() => {
+        let isCleanedUp = false;

-            let isCleanedUp = false;
+        headInsert({
+            "type": "javascript",
+            "src": pathJoin(kcContext.url.resourcesCommonPath, "node_modules/jquery/dist/jquery.min.js"),
+        }).then(() => {
+            if (isCleanedUp) return;

-            appendHead({
-                "type": "javascript",
-                "src": pathJoin(
-                    kcContext.url.resourcesCommonPath,
-                    "node_modules/jquery/dist/jquery.min.js"
-                )
-            }).then(() => {
+            evaluateInlineScript();
+        });

-                if (isCleanedUp) return;
-
-                evaluateInlineScript();
-
-            });
-
-            return () => { isCleanedUp = true };
-
-        },
-        []
-    );
+        return () => {
+            isCleanedUp = true;
+        };
+    }, []);

    return (
        <Template
@ -48,33 +37,22 @@ export const LoginOtp = memo(({ kcContext, ...props }: { kcContext: KcContextBas
            doFetchDefaultThemeResources={true}
            headerNode={msg("doLogIn")}
            formNode={
-
-                <form
-                    id="kc-otp-login-form"
-                    className={cx(props.kcFormClass)}
-                    action={url.loginAction}
-                    method="post"
-                >
-                    {
-                        otpLogin.userOtpCredentials.length > 1 &&
+                <form id="kc-otp-login-form" className={cx(props.kcFormClass)} action={url.loginAction} method="post">
+                    {otpLogin.userOtpCredentials.length > 1 && (
                        <div className={cx(props.kcFormGroupClass)}>
                            <div className={cx(props.kcInputWrapperClass)}>
-                                {
-                                    otpLogin.userOtpCredentials.map(otpCredential =>
-                                        <div key={otpCredential.id} className={cx(props.kcSelectOTPListClass)}>
-                                            <input type="hidden" value="${otpCredential.id}" />
-                                            <div className={cx(props.kcSelectOTPListItemClass)}>
-                                                <span className={cx(props.kcAuthenticatorOtpCircleClass)} />
-                                                <h2 className={cx(props.kcSelectOTPItemHeadingClass)}>
-                                                    {otpCredential.userLabel}
-                                                </h2>
-                                            </div>
+                                {otpLogin.userOtpCredentials.map(otpCredential => (
+                                    <div key={otpCredential.id} className={cx(props.kcSelectOTPListClass)}>
+                                        <input type="hidden" value="${otpCredential.id}" />
+                                        <div className={cx(props.kcSelectOTPListItemClass)}>
+                                            <span className={cx(props.kcAuthenticatorOtpCircleClass)} />
+                                            <h2 className={cx(props.kcSelectOTPItemHeadingClass)}>{otpCredential.userLabel}</h2>
                                        </div>
-                                    )
-                                }
+                                    </div>
+                                ))}
                            </div>
                        </div>
-                    }
+                    )}
                    <div className={cx(props.kcFormGroupClass)}>
                        <div className={cx(props.kcLabelWrapperClass)}>
                            <label htmlFor="otp" className={cx(props.kcLabelClass)}>
@ -83,14 +61,7 @@ export const LoginOtp = memo(({ kcContext, ...props }: { kcContext: KcContextBas
                        </div>

                        <div className={cx(props.kcInputWrapperClass)}>
-                            <input
-                                id="otp"
-                                name="otp"
-                                autoComplete="off"
-                                type="text"
-                                className={cx(props.kcInputClass)}
-                                autoFocus
-                            />
+                            <input id="otp" name="otp" autoComplete="off" type="text" className={cx(props.kcInputClass)} autoFocus />
                        </div>
                    </div>

@ -101,12 +72,7 @@ export const LoginOtp = memo(({ kcContext, ...props }: { kcContext: KcContextBas

                        <div id="kc-form-buttons" className={cx(props.kcFormButtonsClass)}>
                            <input
-                                className={cx(
-                                    props.kcButtonClass,
-                                    props.kcButtonPrimaryClass,
-                                    props.kcButtonBlockClass,
-                                    props.kcButtonLargeClass
-                                )}
+                                className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonBlockClass, props.kcButtonLargeClass)}
                                name="login"
                                id="kc-login"
                                type="submit"
@ -114,35 +80,32 @@ export const LoginOtp = memo(({ kcContext, ...props }: { kcContext: KcContextBas
                            />
                        </div>
                    </div>
-                </form >
-
+                </form>
            }
        />
    );
 });

-
-
-
 declare const $: any;

 function evaluateInlineScript() {
-
    $(document).ready(function () {
        // Card Single Select
-        $('.card-pf-view-single-select').click(function (this: any) {
-            if ($(this).hasClass('active')) { $(this).removeClass('active'); $(this).children().removeAttr('name'); }
-            else {
-                $('.card-pf-view-single-select').removeClass('active');
-                $('.card-pf-view-single-select').children().removeAttr('name');
-                $(this).addClass('active'); $(this).children().attr('name', 'selectedCredentialId');
+        $(".card-pf-view-single-select").click(function (this: any) {
+            if ($(this).hasClass("active")) {
+                $(this).removeClass("active");
+                $(this).children().removeAttr("name");
+            } else {
+                $(".card-pf-view-single-select").removeClass("active");
+                $(".card-pf-view-single-select").children().removeAttr("name");
+                $(this).addClass("active");
+                $(this).children().attr("name", "selectedCredentialId");
            }
        });

-        var defaultCred = $('.card-pf-view-single-select')[0];
+        var defaultCred = $(".card-pf-view-single-select")[0];
        if (defaultCred) {
            defaultCred.click();
        }
    });
-
-}
+}
--- a/src/lib/components/LoginPageExpired.tsx
+++ b/src/lib/components/LoginPageExpired.tsx
@ -0,0 +1,36 @@
+import { memo } from "react";
+import { Template } from "./Template";
+import type { KcProps } from "./KcProps";
+import type { KcContextBase } from "../getKcContext/KcContextBase";
+import { useKcMessage } from "../i18n/useKcMessage";
+
+export const LoginPageExpired = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginPageExpired } & KcProps) => {
+    const { url } = kcContext;
+
+    const { msg } = useKcMessage();
+
+    return (
+        <Template
+            {...{ kcContext, ...props }}
+            doFetchDefaultThemeResources={true}
+            displayMessage={false}
+            headerNode={msg("pageExpiredTitle")}
+            formNode={
+                <>
+                    <p id="instruction1" className="instruction">
+                        {msg("pageExpiredMsg1")}
+                        <a id="loginRestartLink" href={url.loginRestartFlowUrl}>
+                            {msg("doClickHere")}
+                        </a>{" "}
+                        .<br />
+                        {msg("pageExpiredMsg2")}{" "}
+                        <a id="loginContinueLink" href={url.loginAction}>
+                            {msg("doClickHere")}
+                        </a>{" "}
+                        .
+                    </p>
+                </>
+            }
+        />
+    );
+});
--- a/src/lib/components/LoginResetPassword.tsx
+++ b/src/lib/components/LoginResetPassword.tsx
@ -1,4 +1,3 @@
-
 import { memo } from "react";
 import { Template } from "./Template";
 import type { KcProps } from "./KcProps";
@ -6,13 +5,8 @@ import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";
 import { useCssAndCx } from "tss-react";

-export const LoginResetPassword = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginResetPassword; } & KcProps) => {
-
-    const {
-        url,
-        realm,
-        auth
-    } = kcContext;
+export const LoginResetPassword = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginResetPassword } & KcProps) => {
+    const { url, realm, auth } = kcContext;

    const { msg, msgStr } = useKcMessage();

@ -29,14 +23,11 @@ export const LoginResetPassword = memo(({ kcContext, ...props }: { kcContext: Kc
                    <div className={cx(props.kcFormGroupClass)}>
                        <div className={cx(props.kcLabelWrapperClass)}>
                            <label htmlFor="username" className={cx(props.kcLabelClass)}>
-                                {
-                                    !realm.loginWithEmailAllowed ?
-                                        msg("username")
-                                        :
-                                        !realm.registrationEmailAsUsername ?
-                                            msg("usernameOrEmail") :
-                                            msg("email")
-                                }
+                                {!realm.loginWithEmailAllowed
+                                    ? msg("username")
+                                    : !realm.registrationEmailAsUsername
+                                    ? msg("usernameOrEmail")
+                                    : msg("email")}
                            </label>
                        </div>
                        <div className={cx(props.kcInputWrapperClass)}>
@ -46,10 +37,7 @@ export const LoginResetPassword = memo(({ kcContext, ...props }: { kcContext: Kc
                                name="username"
                                className={cx(props.kcInputClass)}
                                autoFocus
-                                defaultValue={
-                                    auth !== undefined && auth.showUsername ?
-                                        auth.attemptedUsername : undefined
-                                }
+                                defaultValue={auth !== undefined && auth.showUsername ? auth.attemptedUsername : undefined}
                            />
                        </div>
                    </div>
@ -64,10 +52,7 @@ export const LoginResetPassword = memo(({ kcContext, ...props }: { kcContext: Kc

                        <div id="kc-form-buttons" className={cx(props.kcFormButtonsClass)}>
                            <input
-                                className={cx(
-                                    props.kcButtonClass, props.kcButtonPrimaryClass,
-                                    props.kcButtonBlockClass, props.kcButtonLargeClass
-                                )}
+                                className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonBlockClass, props.kcButtonLargeClass)}
                                type="submit"
                                value={msgStr("doSubmit")}
                            />
@ -79,5 +64,3 @@ export const LoginResetPassword = memo(({ kcContext, ...props }: { kcContext: Kc
        />
    );
 });
-
-
--- a/src/lib/components/LoginUpdatePassword.tsx
+++ b/src/lib/components/LoginUpdatePassword.tsx
@ -0,0 +1,117 @@
+import { memo } from "react";
+import { Template } from "./Template";
+import type { KcProps } from "./KcProps";
+import type { KcContextBase } from "../getKcContext/KcContextBase";
+import { useKcMessage } from "../i18n/useKcMessage";
+import { useCssAndCx } from "tss-react";
+
+export const LoginUpdatePassword = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginUpdatePassword } & KcProps) => {
+    const { cx } = useCssAndCx();
+
+    const { msg, msgStr } = useKcMessage();
+
+    const { url, messagesPerField, isAppInitiatedAction, username } = kcContext;
+
+    return (
+        <Template
+            {...{ kcContext, ...props }}
+            doFetchDefaultThemeResources={true}
+            headerNode={msg("updatePasswordTitle")}
+            formNode={
+                <form id="kc-passwd-update-form" className={cx(props.kcFormClass)} action={url.loginAction} method="post">
+                    <input
+                        type="text"
+                        id="username"
+                        name="username"
+                        value={username}
+                        readOnly={true}
+                        autoComplete="username"
+                        style={{ display: "none" }}
+                    />
+                    <input type="password" id="password" name="password" autoComplete="current-password" style={{ display: "none" }} />
+
+                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("password", props.kcFormGroupErrorClass))}>
+                        <div className={cx(props.kcLabelWrapperClass)}>
+                            <label htmlFor="password-new" className={cx(props.kcLabelClass)}>
+                                {msg("passwordNew")}
+                            </label>
+                        </div>
+                        <div className={cx(props.kcInputWrapperClass)}>
+                            <input
+                                type="password"
+                                id="password-new"
+                                name="password-new"
+                                autoFocus
+                                autoComplete="new-password"
+                                className={cx(props.kcInputClass)}
+                            />
+                        </div>
+                    </div>
+
+                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("password-confirm", props.kcFormGroupErrorClass))}>
+                        <div className={cx(props.kcLabelWrapperClass)}>
+                            <label htmlFor="password-confirm" className={cx(props.kcLabelClass)}>
+                                {msg("passwordConfirm")}
+                            </label>
+                        </div>
+                        <div className={cx(props.kcInputWrapperClass)}>
+                            <input
+                                type="password"
+                                id="password-confirm"
+                                name="password-confirm"
+                                autoComplete="new-password"
+                                className={cx(props.kcInputClass)}
+                            />
+                        </div>
+                    </div>
+
+                    <div className={cx(props.kcFormGroupClass)}>
+                        <div id="kc-form-options" className={cx(props.kcFormOptionsClass)}>
+                            <div className={cx(props.kcFormOptionsWrapperClass)}>
+                                {isAppInitiatedAction && (
+                                    <div className="checkbox">
+                                        <label>
+                                            <input type="checkbox" id="logout-sessions" name="logout-sessions" value="on" checked />
+                                            {msgStr("logoutOtherSessions")}
+                                        </label>
+                                    </div>
+                                )}
+                            </div>
+                        </div>
+
+                        <div id="kc-form-buttons" className={cx(props.kcFormButtonsClass)}>
+                            {isAppInitiatedAction ? (
+                                <>
+                                    <input
+                                        className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonLargeClass)}
+                                        type="submit"
+                                        defaultValue={msgStr("doSubmit")}
+                                    />
+                                    <button
+                                        className={cx(props.kcButtonClass, props.kcButtonDefaultClass, props.kcButtonLargeClass)}
+                                        type="submit"
+                                        name="cancel-aia"
+                                        value="true"
+                                    >
+                                        {msg("doCancel")}
+                                    </button>
+                                </>
+                            ) : (
+                                <input
+                                    className={cx(
+                                        props.kcButtonClass,
+                                        props.kcButtonPrimaryClass,
+                                        props.kcButtonBlockClass,
+                                        props.kcButtonLargeClass,
+                                    )}
+                                    type="submit"
+                                    defaultValue={msgStr("doSubmit")}
+                                />
+                            )}
+                        </div>
+                    </div>
+                </form>
+            }
+        />
+    );
+});
--- a/src/lib/components/LoginUpdateProfile.tsx
+++ b/src/lib/components/LoginUpdateProfile.tsx
@ -5,129 +5,116 @@ import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";
 import { useCssAndCx } from "tss-react";

-export const LoginUpdateProfile = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginUpdateProfile; } & KcProps) => {
+export const LoginUpdateProfile = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginUpdateProfile } & KcProps) => {
+    const { cx } = useCssAndCx();

-	const { cx } = useCssAndCx();
+    const { msg, msgStr } = useKcMessage();

-	const { msg, msgStr } = useKcMessage();
+    const { url, user, messagesPerField, isAppInitiatedAction } = kcContext;

-	const { url, user, messagesPerField, isAppInitiatedAction } = kcContext;
+    return (
+        <Template
+            {...{ kcContext, ...props }}
+            doFetchDefaultThemeResources={true}
+            headerNode={msg("loginProfileTitle")}
+            formNode={
+                <form id="kc-update-profile-form" className={cx(props.kcFormClass)} action={url.loginAction} method="post">
+                    {user.editUsernameAllowed && (
+                        <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("username", props.kcFormGroupErrorClass))}>
+                            <div className={cx(props.kcLabelWrapperClass)}>
+                                <label htmlFor="username" className={cx(props.kcLabelClass)}>
+                                    {msg("username")}
+                                </label>
+                            </div>
+                            <div className={cx(props.kcInputWrapperClass)}>
+                                <input
+                                    type="text"
+                                    id="username"
+                                    name="username"
+                                    defaultValue={user.username ?? ""}
+                                    className={cx(props.kcInputClass)}
+                                />
+                            </div>
+                        </div>
+                    )}

-	return (
-		<Template
-			{...{ kcContext, ...props }}
-			doFetchDefaultThemeResources={true}
-			headerNode={msg("loginProfileTitle")}
-			formNode={
-				<form id="kc-update-profile-form" className={cx(props.kcFormClass)} action={url.loginAction} method="post">
-					{user.editUsernameAllowed &&
-						<div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("username", props.kcFormGroupErrorClass))}>
-							<div className={cx(props.kcLabelWrapperClass)}>
-								<label htmlFor="username" className={cx(props.kcLabelClass)}>
-									{msg("username")}
-								</label>
-							</div>
-							<div className={cx(props.kcInputWrapperClass)}>
-								<input
-									type="text"
-									id="username"
-									name="username"
-									defaultValue={user.username ?? ""}
-									className={cx(props.kcInputClass)}
-								/>
-							</div>
-						</div>
-					}
+                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("email", props.kcFormGroupErrorClass))}>
+                        <div className={cx(props.kcLabelWrapperClass)}>
+                            <label htmlFor="email" className={cx(props.kcLabelClass)}>
+                                {msg("email")}
+                            </label>
+                        </div>
+                        <div className={cx(props.kcInputWrapperClass)}>
+                            <input type="text" id="email" name="email" defaultValue={user.email ?? ""} className={cx(props.kcInputClass)} />
+                        </div>
+                    </div>

-					<div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("email", props.kcFormGroupErrorClass))}>
-						<div className={cx(props.kcLabelWrapperClass)}>
-							<label htmlFor="email" className={cx(props.kcLabelClass)}>
-								{msg("email")}
-							</label>
-						</div>
-						<div className={cx(props.kcInputWrapperClass)}>
-							<input
-								type="text"
-								id="email"
-								name="email"
-								defaultValue={user.email ?? ""}
-								className={cx(props.kcInputClass)}
-							/>
-						</div>
-					</div>
+                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("firstName", props.kcFormGroupErrorClass))}>
+                        <div className={cx(props.kcLabelWrapperClass)}>
+                            <label htmlFor="firstName" className={cx(props.kcLabelClass)}>
+                                {msg("firstName")}
+                            </label>
+                        </div>
+                        <div className={cx(props.kcInputWrapperClass)}>
+                            <input
+                                type="text"
+                                id="firstName"
+                                name="firstName"
+                                defaultValue={user.firstName ?? ""}
+                                className={cx(props.kcInputClass)}
+                            />
+                        </div>
+                    </div>

-					<div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("firstName", props.kcFormGroupErrorClass))}>
-						<div className={cx(props.kcLabelWrapperClass)}>
-							<label htmlFor="firstName" className={cx(props.kcLabelClass)}>
-								{msg("firstName")}
-							</label>
-						</div>
-						<div className={cx(props.kcInputWrapperClass)}>
-							<input
-								type="text"
-								id="firstName"
-								name="firstName"
-								defaultValue={user.firstName ?? ""}
-								className={cx(props.kcInputClass)}
-							/>
-						</div>
-					</div>
+                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("lastName", props.kcFormGroupErrorClass))}>
+                        <div className={cx(props.kcLabelWrapperClass)}>
+                            <label htmlFor="lastName" className={cx(props.kcLabelClass)}>
+                                {msg("lastName")}
+                            </label>
+                        </div>
+                        <div className={cx(props.kcInputWrapperClass)}>
+                            <input type="text" id="lastName" name="lastName" defaultValue={user.lastName ?? ""} className={cx(props.kcInputClass)} />
+                        </div>
+                    </div>

-					<div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("lastName", props.kcFormGroupErrorClass))}>
-						<div className={cx(props.kcLabelWrapperClass)}>
-							<label htmlFor="lastName" className={cx(props.kcLabelClass)}>
-								{msg("lastName")}
-							</label>
-						</div>
-						<div className={cx(props.kcInputWrapperClass)}>
-							<input
-								type="text"
-								id="lastName"
-								name="lastName"
-								defaultValue={user.lastName ?? ""}
-								className={cx(props.kcInputClass)}
-							/>
-						</div>
-					</div>
-
-					<div className={cx(props.kcFormGroupClass)}>
-						<div id="kc-form-options" className={cx(props.kcFormOptionsClass)}>
-							<div className={cx(props.kcFormOptionsWrapperClass)} />
-						</div>
-
-						<div id="kc-form-buttons" className={cx(props.kcFormButtonsClass)}>
-							{
-								isAppInitiatedAction ?
-									<>
-										<input
-											className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonLargeClass)}
-											type="submit"
-											defaultValue={msgStr("doSubmit")}
-										/>
-										<button
-											className={cx(props.kcButtonClass, props.kcButtonDefaultClass, props.kcButtonLargeClass)}
-											type="submit"
-											name="cancel-aia"
-											value="true"
-										>
-											{msg("doCancel")}
-										</button>
-									</>
-									:
-									<input
-										className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonBlockClass, props.kcButtonLargeClass)}
-										type="submit"
-										defaultValue={msgStr("doSubmit")}
-									/>
-							}
-						</div>
-					</div>
-
-				</form>
-			}
-		/>
-	);
+                    <div className={cx(props.kcFormGroupClass)}>
+                        <div id="kc-form-options" className={cx(props.kcFormOptionsClass)}>
+                            <div className={cx(props.kcFormOptionsWrapperClass)} />
+                        </div>

+                        <div id="kc-form-buttons" className={cx(props.kcFormButtonsClass)}>
+                            {isAppInitiatedAction ? (
+                                <>
+                                    <input
+                                        className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonLargeClass)}
+                                        type="submit"
+                                        defaultValue={msgStr("doSubmit")}
+                                    />
+                                    <button
+                                        className={cx(props.kcButtonClass, props.kcButtonDefaultClass, props.kcButtonLargeClass)}
+                                        type="submit"
+                                        name="cancel-aia"
+                                        value="true"
+                                    >
+                                        {msg("doCancel")}
+                                    </button>
+                                </>
+                            ) : (
+                                <input
+                                    className={cx(
+                                        props.kcButtonClass,
+                                        props.kcButtonPrimaryClass,
+                                        props.kcButtonBlockClass,
+                                        props.kcButtonLargeClass,
+                                    )}
+                                    type="submit"
+                                    defaultValue={msgStr("doSubmit")}
+                                />
+                            )}
+                        </div>
+                    </div>
+                </form>
+            }
+        />
+    );
 });
-
-
--- a/src/lib/components/LoginVerifyEmail.tsx
+++ b/src/lib/components/LoginVerifyEmail.tsx
@ -1,17 +1,13 @@
-
 import { memo } from "react";
 import { Template } from "./Template";
 import type { KcProps } from "./KcProps";
 import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";

-export const LoginVerifyEmail = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginVerifyEmail; } & KcProps) => {
-
+export const LoginVerifyEmail = memo(({ kcContext, ...props }: { kcContext: KcContextBase.LoginVerifyEmail } & KcProps) => {
    const { msg } = useKcMessage();

-    const {
-        url
-    } = kcContext;
+    const { url } = kcContext;

    return (
        <Template
@ -21,9 +17,7 @@ export const LoginVerifyEmail = memo(({ kcContext, ...props }: { kcContext: KcCo
            headerNode={msg("emailVerifyTitle")}
            formNode={
                <>
-                    <p className="instruction">
-                        {msg("emailVerifyInstruction1")}
-                    </p>
+                    <p className="instruction">{msg("emailVerifyInstruction1")}</p>
                    <p className="instruction">
                        {msg("emailVerifyInstruction2")}
                        <a href={url.loginAction}>{msg("doClickHere")}</a>
@ -33,7 +27,4 @@ export const LoginVerifyEmail = memo(({ kcContext, ...props }: { kcContext: KcCo
            }
        />
    );
-
 });
-
-
--- a/src/lib/components/Register.tsx
+++ b/src/lib/components/Register.tsx
@ -5,17 +5,8 @@ import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";
 import { useCssAndCx } from "tss-react";

-export const Register = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Register; } & KcProps) => {
-
-    const {
-        url,
-        messagesPerField,
-        register,
-        realm,
-        passwordRequired,
-        recaptchaRequired,
-        recaptchaSiteKey
-    } = kcContext;
+export const Register = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Register } & KcProps) => {
+    const { url, messagesPerField, register, realm, passwordRequired, recaptchaRequired, recaptchaSiteKey } = kcContext;

    const { msg, msgStr } = useKcMessage();

@ -28,13 +19,18 @@ export const Register = memo(({ kcContext, ...props }: { kcContext: KcContextBas
            headerNode={msg("registerTitle")}
            formNode={
                <form id="kc-register-form" className={cx(props.kcFormClass)} action={url.registrationAction} method="post">
-
                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("firstName", props.kcFormGroupErrorClass))}>
                        <div className={cx(props.kcLabelWrapperClass)}>
-                            <label htmlFor="firstName" className={cx(props.kcLabelClass)}>{msg("firstName")}</label>
+                            <label htmlFor="firstName" className={cx(props.kcLabelClass)}>
+                                {msg("firstName")}
+                            </label>
                        </div>
                        <div className={cx(props.kcInputWrapperClass)}>
-                            <input type="text" id="firstName" className={cx(props.kcInputClass)} name="firstName"
+                            <input
+                                type="text"
+                                id="firstName"
+                                className={cx(props.kcInputClass)}
+                                name="firstName"
                                defaultValue={register.formData.firstName ?? ""}
                            />
                        </div>
@ -42,84 +38,118 @@ export const Register = memo(({ kcContext, ...props }: { kcContext: KcContextBas

                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("lastName", props.kcFormGroupErrorClass))}>
                        <div className={cx(props.kcLabelWrapperClass)}>
-                            <label htmlFor="lastName" className={cx(props.kcLabelClass)}>{msg("lastName")}</label>
+                            <label htmlFor="lastName" className={cx(props.kcLabelClass)}>
+                                {msg("lastName")}
+                            </label>
                        </div>
                        <div className={cx(props.kcInputWrapperClass)}>
-                            <input type="text" id="lastName" className={cx(props.kcInputClass)} name="lastName"
+                            <input
+                                type="text"
+                                id="lastName"
+                                className={cx(props.kcInputClass)}
+                                name="lastName"
                                defaultValue={register.formData.lastName ?? ""}
                            />
                        </div>
                    </div>

-                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists('email', props.kcFormGroupErrorClass))}>
+                    <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("email", props.kcFormGroupErrorClass))}>
                        <div className={cx(props.kcLabelWrapperClass)}>
-                            <label htmlFor="email" className={cx(props.kcLabelClass)}>{msg("email")}</label>
+                            <label htmlFor="email" className={cx(props.kcLabelClass)}>
+                                {msg("email")}
+                            </label>
                        </div>
                        <div className={cx(props.kcInputWrapperClass)}>
-                            <input type="text" id="email" className={cx(props.kcInputClass)} name="email"
-                                defaultValue={register.formData.email ?? ""} autoComplete="email"
+                            <input
+                                type="text"
+                                id="email"
+                                className={cx(props.kcInputClass)}
+                                name="email"
+                                defaultValue={register.formData.email ?? ""}
+                                autoComplete="email"
                            />
                        </div>
                    </div>
-                    {
-                        !realm.registrationEmailAsUsername &&
-
-                        <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists('username', props.kcFormGroupErrorClass))}>
+                    {!realm.registrationEmailAsUsername && (
+                        <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("username", props.kcFormGroupErrorClass))}>
                            <div className={cx(props.kcLabelWrapperClass)}>
-                                <label htmlFor="username" className={cx(props.kcLabelClass)}>{msg("username")}</label>
+                                <label htmlFor="username" className={cx(props.kcLabelClass)}>
+                                    {msg("username")}
+                                </label>
                            </div>
                            <div className={cx(props.kcInputWrapperClass)}>
-                                <input type="text" id="username" className={cx(props.kcInputClass)} name="username"
-                                    defaultValue={register.formData.username ?? ""} autoComplete="username" />
+                                <input
+                                    type="text"
+                                    id="username"
+                                    className={cx(props.kcInputClass)}
+                                    name="username"
+                                    defaultValue={register.formData.username ?? ""}
+                                    autoComplete="username"
+                                />
                            </div>
-                        </div >
-
-                    }
-                    {
-                        passwordRequired &&
+                        </div>
+                    )}
+                    {passwordRequired && (
                        <>
-
                            <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("password", props.kcFormGroupErrorClass))}>
                                <div className={cx(props.kcLabelWrapperClass)}>
-                                    <label htmlFor="password" className={cx(props.kcLabelClass)}>{msg("password")}</label>
+                                    <label htmlFor="password" className={cx(props.kcLabelClass)}>
+                                        {msg("password")}
+                                    </label>
                                </div>
                                <div className={cx(props.kcInputWrapperClass)}>
-                                    <input type="password" id="password" className={cx(props.kcInputClass)} name="password" autoComplete="new-password" />
+                                    <input
+                                        type="password"
+                                        id="password"
+                                        className={cx(props.kcInputClass)}
+                                        name="password"
+                                        autoComplete="new-password"
+                                    />
                                </div>
                            </div>

-                            <div className={cx(props.kcFormGroupClass, messagesPerField.printIfExists("password-confirm", props.kcFormGroupErrorClass))}>
+                            <div
+                                className={cx(
+                                    props.kcFormGroupClass,
+                                    messagesPerField.printIfExists("password-confirm", props.kcFormGroupErrorClass),
+                                )}
+                            >
                                <div className={cx(props.kcLabelWrapperClass)}>
-                                    <label htmlFor="password-confirm" className={cx(props.kcLabelClass)}>{msg("passwordConfirm")}</label>
+                                    <label htmlFor="password-confirm" className={cx(props.kcLabelClass)}>
+                                        {msg("passwordConfirm")}
+                                    </label>
                                </div>
                                <div className={cx(props.kcInputWrapperClass)}>
                                    <input type="password" id="password-confirm" className={cx(props.kcInputClass)} name="password-confirm" />
                                </div>
                            </div>
                        </>
-
-                    }
-                    {
-                        recaptchaRequired &&
+                    )}
+                    {recaptchaRequired && (
                        <div className="form-group">
                            <div className={cx(props.kcInputWrapperClass)}>
                                <div className="g-recaptcha" data-size="compact" data-sitekey={recaptchaSiteKey}></div>
                            </div>
                        </div>
-                    }
+                    )}
                    <div className={cx(props.kcFormGroupClass)}>
                        <div id="kc-form-options" className={cx(props.kcFormOptionsClass)}>
                            <div className={cx(props.kcFormOptionsWrapperClass)}>
-                                <span><a href={url.loginUrl}>{msg("backToLogin")}</a></span>
+                                <span>
+                                    <a href={url.loginUrl}>{msg("backToLogin")}</a>
+                                </span>
                            </div>
                        </div>

                        <div id="kc-form-buttons" className={cx(props.kcFormButtonsClass)}>
-                            <input className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonBlockClass, props.kcButtonLargeClass)} type="submit"
-                                value={msgStr("doRegister")} />
+                            <input
+                                className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonBlockClass, props.kcButtonLargeClass)}
+                                type="submit"
+                                value={msgStr("doRegister")}
+                            />
                        </div>
                    </div>
-                </form >
+                </form>
            }
        />
    );
--- a/src/lib/components/RegisterUserProfile.tsx
+++ b/src/lib/components/RegisterUserProfile.tsx
@ -0,0 +1,217 @@
+import { useMemo, memo, useEffect, useState, Fragment } from "react";
+import { Template } from "./Template";
+import type { KcProps } from "./KcProps";
+import type { KcContextBase, Attribute } from "../getKcContext/KcContextBase";
+import { useKcMessage } from "../i18n/useKcMessage";
+import { useCssAndCx } from "tss-react";
+import type { ReactComponent } from "../tools/ReactComponent";
+import { useCallbackFactory } from "powerhooks/useCallbackFactory";
+import { useFormValidationSlice } from "../useFormValidationSlice";
+
+export const RegisterUserProfile = memo(({ kcContext, ...props_ }: { kcContext: KcContextBase.RegisterUserProfile } & KcProps) => {
+    const { url, messagesPerField, recaptchaRequired, recaptchaSiteKey } = kcContext;
+
+    const { msg, msgStr } = useKcMessage();
+
+    const { cx, css } = useCssAndCx();
+
+    const props = useMemo(
+        () => ({
+            ...props_,
+            "kcFormGroupClass": cx(props_.kcFormGroupClass, css({ "marginBottom": 20 })),
+        }),
+        [cx, css],
+    );
+
+    const [isFomSubmittable, setIsFomSubmittable] = useState(false);
+
+    return (
+        <Template
+            {...{ kcContext, ...props }}
+            displayMessage={messagesPerField.exists("global")}
+            displayRequiredFields={true}
+            doFetchDefaultThemeResources={true}
+            headerNode={msg("registerTitle")}
+            formNode={
+                <form id="kc-register-form" className={cx(props.kcFormClass)} action={url.registrationAction} method="post">
+                    <UserProfileFormFields kcContext={kcContext} onIsFormSubmittableValueChange={setIsFomSubmittable} {...props} />
+                    {recaptchaRequired && (
+                        <div className="form-group">
+                            <div className={cx(props.kcInputWrapperClass)}>
+                                <div className="g-recaptcha" data-size="compact" data-sitekey={recaptchaSiteKey} />
+                            </div>
+                        </div>
+                    )}
+                    <div className={cx(props.kcFormGroupClass)}>
+                        <div id="kc-form-options" className={cx(props.kcFormOptionsClass)}>
+                            <div className={cx(props.kcFormOptionsWrapperClass)}>
+                                <span>
+                                    <a href={url.loginUrl}>{msg("backToLogin")}</a>
+                                </span>
+                            </div>
+                        </div>
+
+                        <div id="kc-form-buttons" className={cx(props.kcFormButtonsClass)}>
+                            <input
+                                className={cx(props.kcButtonClass, props.kcButtonPrimaryClass, props.kcButtonBlockClass, props.kcButtonLargeClass)}
+                                type="submit"
+                                value={msgStr("doRegister")}
+                                disabled={!isFomSubmittable}
+                            />
+                        </div>
+                    </div>
+                </form>
+            }
+        />
+    );
+});
+
+type UserProfileFormFieldsProps = { kcContext: KcContextBase.RegisterUserProfile } & KcProps &
+    Partial<Record<"BeforeField" | "AfterField", ReactComponent<{ attribute: Attribute }>>> & {
+        onIsFormSubmittableValueChange: (isFormSubmittable: boolean) => void;
+    };
+
+const UserProfileFormFields = memo(({ kcContext, onIsFormSubmittableValueChange, ...props }: UserProfileFormFieldsProps) => {
+    const { cx, css } = useCssAndCx();
+
+    const { advancedMsg } = useKcMessage();
+
+    const {
+        formValidationState: { fieldStateByAttributeName, isFormSubmittable },
+        formValidationReducer,
+        attributesWithPassword,
+    } = useFormValidationSlice({
+        kcContext,
+    });
+
+    useEffect(() => {
+        onIsFormSubmittableValueChange(isFormSubmittable);
+    }, [isFormSubmittable]);
+
+    const onChangeFactory = useCallbackFactory(
+        (
+            [name]: [string],
+            [
+                {
+                    target: { value },
+                },
+            ]: [React.ChangeEvent<HTMLInputElement | HTMLSelectElement>],
+        ) =>
+            formValidationReducer({
+                "action": "update value",
+                name,
+                "newValue": value,
+            }),
+    );
+
+    const onBlurFactory = useCallbackFactory(([name]: [string]) =>
+        formValidationReducer({
+            "action": "focus lost",
+            name,
+        }),
+    );
+
+    let currentGroup = "";
+
+    return (
+        <>
+            {attributesWithPassword.map((attribute, i) => {
+                const { group = "", groupDisplayHeader = "", groupDisplayDescription = "" } = attribute;
+
+                const { value, displayableErrors } = fieldStateByAttributeName[attribute.name];
+
+                const formGroupClassName = cx(props.kcFormGroupClass, displayableErrors.length !== 0 && props.kcFormGroupErrorClass);
+
+                return (
+                    <Fragment key={i}>
+                        {group !== currentGroup && (currentGroup = group) !== "" && (
+                            <div className={formGroupClassName}>
+                                <div className={cx(props.kcContentWrapperClass)}>
+                                    <label id={`header-${group}`} className={cx(props.kcFormGroupHeader)}>
+                                        {advancedMsg(groupDisplayHeader) || currentGroup}
+                                    </label>
+                                </div>
+                                {groupDisplayDescription !== "" && (
+                                    <div className={cx(props.kcLabelWrapperClass)}>
+                                        <label id={`description-${group}`} className={`${cx(props.kcLabelClass)}`}>
+                                            {advancedMsg(groupDisplayDescription)}
+                                        </label>
+                                    </div>
+                                )}
+                            </div>
+                        )}
+                        <div className={formGroupClassName}>
+                            <div className={cx(props.kcLabelWrapperClass)}>
+                                <label htmlFor={attribute.name} className={cx(props.kcLabelClass)}>
+                                    {advancedMsg(attribute.displayName ?? "")}
+                                </label>
+                                {attribute.required && <>*</>}
+                            </div>
+                            <div className={cx(props.kcInputWrapperClass)}>
+                                {(() => {
+                                    const { options } = attribute.validators;
+
+                                    if (options !== undefined) {
+                                        return (
+                                            <select
+                                                id={attribute.name}
+                                                name={attribute.name}
+                                                onChange={onChangeFactory(attribute.name)}
+                                                onBlur={onBlurFactory(attribute.name)}
+                                                value={value}
+                                            >
+                                                {options.options.map(option => (
+                                                    <option key={option} value={option}>
+                                                        {option}
+                                                    </option>
+                                                ))}
+                                            </select>
+                                        );
+                                    }
+
+                                    return (
+                                        <input
+                                            type={(() => {
+                                                switch (attribute.name) {
+                                                    case "password-confirm":
+                                                    case "password":
+                                                        return "password";
+                                                    default:
+                                                        return "text";
+                                                }
+                                            })()}
+                                            id={attribute.name}
+                                            name={attribute.name}
+                                            value={value}
+                                            onChange={onChangeFactory(attribute.name)}
+                                            className={cx(props.kcInputClass)}
+                                            aria-invalid={displayableErrors.length !== 0}
+                                            disabled={attribute.readOnly}
+                                            autoComplete={attribute.autocomplete}
+                                            onBlur={onBlurFactory(attribute.name)}
+                                        />
+                                    );
+                                })()}
+                                {displayableErrors.length !== 0 && (
+                                    <span
+                                        id={`input-error-${attribute.name}`}
+                                        className={cx(
+                                            props.kcInputErrorMessageClass,
+                                            css({
+                                                "position": displayableErrors.length === 1 ? "absolute" : undefined,
+                                                "& > span": { "display": "block" },
+                                            }),
+                                        )}
+                                        aria-live="polite"
+                                    >
+                                        {displayableErrors.map(({ errorMessage }) => errorMessage)}
+                                    </span>
+                                )}
+                            </div>
+                        </div>
+                    </Fragment>
+                );
+            })}
+        </>
+    );
+});
--- a/src/lib/components/Template.tsx
+++ b/src/lib/components/Template.tsx
@ -1,4 +1,3 @@
-
 import { useReducer, useEffect, memo } from "react";
 import type { ReactNode } from "react";
 import { useKcMessage } from "../i18n/useKcMessage";
@ -9,8 +8,8 @@ import type { KcLanguageTag } from "../i18n/KcLanguageTag";
 import { getBestMatchAmongKcLanguageTag } from "../i18n/KcLanguageTag";
 import { getKcLanguageTagLabel } from "../i18n/KcLanguageTag";
 import { useCallbackFactory } from "powerhooks/useCallbackFactory";
-import { appendHead } from "../tools/appendHead";
-import { join as pathJoin } from "path";
+import { headInsert } from "../tools/headInsert";
+import { pathJoin } from "../tools/pathJoin";
 import { useConstCallback } from "powerhooks/useConstCallback";
 import type { KcTemplateProps } from "./KcProps";
 import { useCssAndCx } from "tss-react";
@ -29,10 +28,9 @@ export type TemplateProps = {
     * to avoid pulling the default theme assets.
     */
    doFetchDefaultThemeResources: boolean;
-} & { kcContext: KcContextBase; } & KcTemplateProps;
+} & { kcContext: KcContextBase } & KcTemplateProps;

 export const Template = memo((props: TemplateProps) => {
-
    const {
        displayInfo = false,
        displayMessage = true,
@ -44,53 +42,48 @@ export const Template = memo((props: TemplateProps) => {
        formNode,
        infoNode = null,
        kcContext,
-        doFetchDefaultThemeResources
+        doFetchDefaultThemeResources,
    } = props;

    const { cx } = useCssAndCx();

-    useEffect(() => { console.log("Rendering this page with react using keycloakify") }, []);
+    useEffect(() => {
+        console.log("Rendering this page with react using keycloakify");
+    }, []);

    const { msg } = useKcMessage();

    const { kcLanguageTag, setKcLanguageTag } = useKcLanguageTag();

+    const onChangeLanguageClickFactory = useCallbackFactory(([languageTag]: [KcLanguageTag]) => setKcLanguageTag(languageTag));

-    const onChangeLanguageClickFactory = useCallbackFactory(
-        ([languageTag]: [KcLanguageTag]) =>
-            setKcLanguageTag(languageTag)
-    );
+    const onTryAnotherWayClick = useConstCallback(() => (document.forms["kc-select-try-another-way-form" as never].submit(), false));

-    const onTryAnotherWayClick = useConstCallback(() =>
-        (document.forms["kc-select-try-another-way-form" as never].submit(), false)
-    );
-
-    const {
-        realm, locale, auth,
-        url, message, isAppInitiatedAction
-    } = kcContext;
+    const { realm, locale, auth, url, message, isAppInitiatedAction } = kcContext;

    useEffect(() => {
-
        if (!realm.internationalizationEnabled) {
            return;
        }

        assert(locale !== undefined);

-        if (kcLanguageTag === getBestMatchAmongKcLanguageTag(locale.current)) {
+        const kcContext_kcLanguageTag = getBestMatchAmongKcLanguageTag(locale.current);
+
+        if (["error.ftl", "info.ftl", "login-page-expired.ftl"].indexOf(kcContext.pageId) >= 0) {
+            setKcLanguageTag(kcContext_kcLanguageTag);
+
            return;
        }

-        window.location.href =
-            locale.supported.find(({ languageTag }) => languageTag === kcLanguageTag)!.url;
-
+        if (kcLanguageTag !== kcContext_kcLanguageTag) {
+            window.location.href = locale.supported.find(({ languageTag }) => languageTag === kcLanguageTag)!.url;
+        }
    }, [kcLanguageTag]);

    const [isExtraCssLoaded, setExtraCssLoaded] = useReducer(() => true, false);

    useEffect(() => {
-
        if (!doFetchDefaultThemeResources) {
            setExtraCssLoaded();
            return;
@ -99,55 +92,51 @@ export const Template = memo((props: TemplateProps) => {
        let isUnmounted = false;
        const cleanups: (() => void)[] = [];

-        const toArr = (x: string | readonly string[] | undefined) =>
-            typeof x === "string" ? x.split(" ") : x ?? [];
+        const toArr = (x: string | readonly string[] | undefined) => (typeof x === "string" ? x.split(" ") : x ?? []);

        Promise.all(
            [
                ...toArr(props.stylesCommon).map(relativePath => pathJoin(url.resourcesCommonPath, relativePath)),
-                ...toArr(props.styles).map(relativePath => pathJoin(url.resourcesPath, relativePath))
-            ].map(href => appendHead({
-                "type": "css",
-                href
-            }))).then(() => {
+                ...toArr(props.styles).map(relativePath => pathJoin(url.resourcesPath, relativePath)),
+            ]
+                .reverse()
+                .map(href =>
+                    headInsert({
+                        "type": "css",
+                        href,
+                        "position": "prepend",
+                    }),
+                ),
+        ).then(() => {
+            if (isUnmounted) {
+                return;
+            }

-                if (isUnmounted) {
-                    return;
-                }
+            setExtraCssLoaded();
+        });

-                setExtraCssLoaded();
-
-            });
-
-        toArr(props.scripts).forEach(
-            relativePath => appendHead({
+        toArr(props.scripts).forEach(relativePath =>
+            headInsert({
                "type": "javascript",
-                "src": pathJoin(url.resourcesPath, relativePath)
-            })
+                "src": pathJoin(url.resourcesPath, relativePath),
+            }),
        );

        if (props.kcHtmlClass !== undefined) {
+            const htmlClassList = document.getElementsByTagName("html")[0].classList;

-            const htmlClassList =
-                document.getElementsByTagName("html")[0]
-                    .classList;
-
-            const tokens = cx(props.kcHtmlClass).split(" ")
+            const tokens = cx(props.kcHtmlClass).split(" ");

            htmlClassList.add(...tokens);

            cleanups.push(() => htmlClassList.remove(...tokens));
-
        }

        return () => {
-
            isUnmounted = true;

            cleanups.forEach(f => f());
-
        };
-
    }, [props.kcHtmlClass]);

    if (!isExtraCssLoaded) {
@ -156,7 +145,6 @@ export const Template = memo((props: TemplateProps) => {

    return (
        <div className={cx(props.kcLoginClass)}>
-
            <div id="kc-header" className={cx(props.kcHeaderClass)}>
                <div id="kc-header-wrapper" className={cx(props.kcHeaderWrapperClass)}>
                    {msg("loginTitleHtml", realm.displayNameHtml)}
@ -165,12 +153,7 @@ export const Template = memo((props: TemplateProps) => {

            <div className={cx(props.kcFormCardClass, displayWide && props.kcFormCardAccountClass)}>
                <header className={cx(props.kcFormHeaderClass)}>
-                    {
-                        (
-                            realm.internationalizationEnabled &&
-                            (assert(locale !== undefined), true) &&
-                            locale.supported.length > 1
-                        ) &&
+                    {realm.internationalizationEnabled && (assert(locale !== undefined), true) && locale.supported.length > 1 && (
                        <div id="kc-locale">
                            <div id="kc-locale-wrapper" className={cx(props.kcLocaleWrapperClass)}>
                                <div className="kc-dropdown" id="kc-locale-dropdown">
@ -178,104 +161,77 @@ export const Template = memo((props: TemplateProps) => {
                                        {getKcLanguageTagLabel(kcLanguageTag)}
                                    </a>
                                    <ul>
-                                        {
-                                            locale.supported.map(
-                                                ({ languageTag }) =>
-                                                    <li key={languageTag} className="kc-dropdown-item">
-                                                        <a href="#" onClick={onChangeLanguageClickFactory(languageTag)}>
-                                                            {getKcLanguageTagLabel(languageTag)}
-                                                        </a>
-
-                                                    </li>
-                                            )
-                                        }
+                                        {locale.supported.map(({ languageTag }) => (
+                                            <li key={languageTag} className="kc-dropdown-item">
+                                                <a href="#" onClick={onChangeLanguageClickFactory(languageTag)}>
+                                                    {getKcLanguageTagLabel(languageTag)}
+                                                </a>
+                                            </li>
+                                        ))}
                                    </ul>
                                </div>
                            </div>
                        </div>
-
-                    }
-                    {
-                        !(
-                            auth !== undefined &&
-                            auth.showUsername &&
-                            !auth.showResetCredentials
-                        ) ?
-                            (
-                                displayRequiredFields ?
-                                    (
-
-                                        <div className={cx(props.kcContentWrapperClass)}>
-                                            <div className={cx(props.kcLabelWrapperClass, "subtitle")}>
-                                                <span className="subtitle">
-                                                    <span className="required">*</span>
-                                                    {msg("requiredFields")}
-                                                </span>
+                    )}
+                    {!(auth !== undefined && auth.showUsername && !auth.showResetCredentials) ? (
+                        displayRequiredFields ? (
+                            <div className={cx(props.kcContentWrapperClass)}>
+                                <div className={cx(props.kcLabelWrapperClass, "subtitle")}>
+                                    <span className="subtitle">
+                                        <span className="required">*</span>
+                                        {msg("requiredFields")}
+                                    </span>
+                                </div>
+                                <div className="col-md-10">
+                                    <h1 id="kc-page-title">{headerNode}</h1>
+                                </div>
+                            </div>
+                        ) : (
+                            <h1 id="kc-page-title">{headerNode}</h1>
+                        )
+                    ) : displayRequiredFields ? (
+                        <div className={cx(props.kcContentWrapperClass)}>
+                            <div className={cx(props.kcLabelWrapperClass, "subtitle")}>
+                                <span className="subtitle">
+                                    <span className="required">*</span> {msg("requiredFields")}
+                                </span>
+                            </div>
+                            <div className="col-md-10">
+                                {showUsernameNode}
+                                <div className={cx(props.kcFormGroupClass)}>
+                                    <div id="kc-username">
+                                        <label id="kc-attempted-username">{auth?.attemptedUsername}</label>
+                                        <a id="reset-login" href={url.loginRestartFlowUrl}>
+                                            <div className="kc-login-tooltip">
+                                                <i className={cx(props.kcResetFlowIcon)}></i>
+                                                <span className="kc-tooltip-text">{msg("restartLoginTooltip")}</span>
                                            </div>
-                                            <div className="col-md-10">
-                                                <h1 id="kc-page-title">{headerNode}</h1>
-                                            </div>
-                                        </div>
-
-                                    )
-                                    :
-                                    (
-
-                                        <h1 id="kc-page-title">{headerNode}</h1>
-
-                                    )
-                            ) : (
-                                displayRequiredFields ? (
-                                    <div className={cx(props.kcContentWrapperClass)}>
-                                        <div className={cx(props.kcLabelWrapperClass, "subtitle")}>
-                                            <span className="subtitle"><span className="required">*</span> {msg("requiredFields")}</span>
-                                        </div>
-                                        <div className="col-md-10">
-                                            {showUsernameNode}
-                                            <div className={cx(props.kcFormGroupClass)}>
-                                                <div id="kc-username">
-                                                    <label id="kc-attempted-username">{auth?.attemptedUsername}</label>
-                                                    <a id="reset-login" href={url.loginRestartFlowUrl}>
-                                                        <div className="kc-login-tooltip">
-                                                            <i className={cx(props.kcResetFlowIcon)}></i>
-                                                            <span className="kc-tooltip-text">{msg("restartLoginTooltip")}</span>
-                                                        </div>
-                                                    </a>
-                                                </div>
-                                            </div>
-                                        </div>
+                                        </a>
                                    </div>
-                                ) : (
-                                    <>
-                                        {showUsernameNode}
-                                        <div className={cx(props.kcFormGroupClass)}>
-                                            <div id="kc-username">
-                                                <label id="kc-attempted-username">{auth?.attemptedUsername}</label>
-                                                <a id="reset-login" href={url.loginRestartFlowUrl}>
-                                                    <div className="kc-login-tooltip">
-                                                        <i className={cx(props.kcResetFlowIcon)}></i>
-                                                        <span className="kc-tooltip-text">{msg("restartLoginTooltip")}</span>
-                                                    </div>
-                                                </a>
-                                            </div>
+                                </div>
+                            </div>
+                        </div>
+                    ) : (
+                        <>
+                            {showUsernameNode}
+                            <div className={cx(props.kcFormGroupClass)}>
+                                <div id="kc-username">
+                                    <label id="kc-attempted-username">{auth?.attemptedUsername}</label>
+                                    <a id="reset-login" href={url.loginRestartFlowUrl}>
+                                        <div className="kc-login-tooltip">
+                                            <i className={cx(props.kcResetFlowIcon)}></i>
+                                            <span className="kc-tooltip-text">{msg("restartLoginTooltip")}</span>
                                        </div>
-                                    </>
-                                )
-                            )
-                    }
+                                    </a>
+                                </div>
+                            </div>
+                        </>
+                    )}
                </header>
                <div id="kc-content">
                    <div id="kc-content-wrapper">
                        {/* App-initiated actions should not see warning messages about the need to complete the action during login. */}
-                        {
-                            (
-                                displayMessage &&
-                                message !== undefined &&
-                                (
-                                    message.type !== "warning" ||
-                                    !isAppInitiatedAction
-                                )
-                            ) &&
+                        {displayMessage && message !== undefined && (message.type !== "warning" || !isAppInitiatedAction) && (
                            <div className={cx("alert", `alert-${message.type}`)}>
                                {message.type === "success" && <span className={cx(props.kcFeedbackSuccessIcon)}></span>}
                                {message.type === "warning" && <span className={cx(props.kcFeedbackWarningIcon)}></span>}
@ -283,36 +239,37 @@ export const Template = memo((props: TemplateProps) => {
                                {message.type === "info" && <span className={cx(props.kcFeedbackInfoIcon)}></span>}
                                <span
                                    className="kc-feedback-text"
-                                    dangerouslySetInnerHTML={{ "__html": message.summary }}
+                                    dangerouslySetInnerHTML={{
+                                        "__html": message.summary,
+                                    }}
                                />
                            </div>
-                        }
+                        )}
                        {formNode}
-                        {
-                            (
-                                auth !== undefined &&
-                                auth.showTryAnotherWayLink &&
-                                showAnotherWayIfPresent
-                            ) &&
-
-                            <form id="kc-select-try-another-way-form" action={url.loginAction} method="post" className={cx(displayWide && props.kcContentWrapperClass)} >
-                                <div className={cx(displayWide && [props.kcFormSocialAccountContentClass, props.kcFormSocialAccountClass])} >
+                        {auth !== undefined && auth.showTryAnotherWayLink && showAnotherWayIfPresent && (
+                            <form
+                                id="kc-select-try-another-way-form"
+                                action={url.loginAction}
+                                method="post"
+                                className={cx(displayWide && props.kcContentWrapperClass)}
+                            >
+                                <div className={cx(displayWide && [props.kcFormSocialAccountContentClass, props.kcFormSocialAccountClass])}>
                                    <div className={cx(props.kcFormGroupClass)}>
                                        <input type="hidden" name="tryAnotherWay" value="on" />
-                                        <a href="#" id="try-another-way" onClick={onTryAnotherWayClick}>{msg("doTryAnotherWay")}</a>
+                                        <a href="#" id="try-another-way" onClick={onTryAnotherWayClick}>
+                                            {msg("doTryAnotherWay")}
+                                        </a>
                                    </div>
-                                </div >
+                                </div>
                            </form>
-                        }
-                        {
-                            displayInfo &&
-
+                        )}
+                        {displayInfo && (
                            <div id="kc-info" className={cx(props.kcSignUpClass)}>
                                <div id="kc-info-wrapper" className={cx(props.kcInfoAreaWrapperClass)}>
                                    {infoNode}
                                </div>
                            </div>
-                        }
+                        )}
                    </div>
                </div>
            </div>
--- a/src/lib/components/Terms.tsx
+++ b/src/lib/components/Terms.tsx
@ -5,8 +5,7 @@ import type { KcContextBase } from "../getKcContext/KcContextBase";
 import { useKcMessage } from "../i18n/useKcMessage";
 import { useCssAndCx } from "tss-react";

-export const Terms = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Terms; } & KcProps) => {
-
+export const Terms = memo(({ kcContext, ...props }: { kcContext: KcContextBase.Terms } & KcProps) => {
    const { msg, msgStr } = useKcMessage();

    const { cx } = useCssAndCx();
@ -21,9 +20,7 @@ export const Terms = memo(({ kcContext, ...props }: { kcContext: KcContextBase.T
            headerNode={msg("termsTitle")}
            formNode={
                <>
-                    <div id="kc-terms-text">
-                        {msg("termsText")}
-                    </div>
+                    <div id="kc-terms-text">{msg("termsText")}</div>
                    <form className="form-actions" action={url.loginAction} method="POST">
                        <input
                            className={cx(
@ -31,7 +28,7 @@ export const Terms = memo(({ kcContext, ...props }: { kcContext: KcContextBase.T
                                props.kcButtonClass,
                                props.kcButtonClass,
                                props.kcButtonPrimaryClass,
-                                props.kcButtonLargeClass
+                                props.kcButtonLargeClass,
                            )}
                            name="accept"
                            id="kc-accept"
@ -39,11 +36,7 @@ export const Terms = memo(({ kcContext, ...props }: { kcContext: KcContextBase.T
                            value={msgStr("doAccept")}
                        />
                        <input
-                            className={cx(
-                                props.kcButtonClass,
-                                props.kcButtonDefaultClass,
-                                props.kcButtonLargeClass
-                            )}
+                            className={cx(props.kcButtonClass, props.kcButtonDefaultClass, props.kcButtonLargeClass)}
                            name="cancel"
                            id="kc-decline"
                            type="submit"
@ -56,5 +49,3 @@ export const Terms = memo(({ kcContext, ...props }: { kcContext: KcContextBase.T
        />
    );
 });
-
-
--- a/src/lib/getKcContext/KcContextBase.ts
+++ b/src/lib/getKcContext/KcContextBase.ts
@ -1,25 +1,32 @@
-
 import type { PageId } from "../../bin/build-keycloak-theme/generateFtl";
 import type { KcLanguageTag } from "../i18n/KcLanguageTag";
-import { doExtends } from "tsafe/doExtends";
+import { assert } from "tsafe/assert";
+import type { Equals } from "tsafe";
 import type { MessageKey } from "../i18n/useKcMessage";
 import type { LanguageLabel } from "../i18n/KcLanguageTag";

-type ExtractAfterStartingWith<Prefix extends string, StrEnum> =
-    StrEnum extends `${Prefix}${infer U}` ? U : never;
+type ExtractAfterStartingWith<Prefix extends string, StrEnum> = StrEnum extends `${Prefix}${infer U}` ? U : never;

-/** Take theses type definition with a grain of salt. 
+/** Take theses type definition with a grain of salt.
 * Some values might be undefined on some pages.
 * (ex: url.loginAction is undefined on error.ftl)
 */
 export type KcContextBase =
-    KcContextBase.Login | KcContextBase.Register | KcContextBase.Info |
-    KcContextBase.Error | KcContextBase.LoginResetPassword | KcContextBase.LoginVerifyEmail |
-    KcContextBase.Terms | KcContextBase.LoginOtp | KcContextBase.LoginUpdateProfile |
-    KcContextBase.LoginIdpLinkConfirm;
+    | KcContextBase.Login
+    | KcContextBase.Register
+    | KcContextBase.RegisterUserProfile
+    | KcContextBase.Info
+    | KcContextBase.Error
+    | KcContextBase.LoginResetPassword
+    | KcContextBase.LoginVerifyEmail
+    | KcContextBase.Terms
+    | KcContextBase.LoginOtp
+    | KcContextBase.LoginUpdatePassword
+    | KcContextBase.LoginUpdateProfile
+    | KcContextBase.LoginIdpLinkConfirm
+    | KcContextBase.LoginPageExpired;

 export declare namespace KcContextBase {
-
    export type Common = {
        url: {
            loginAction: string;
@ -29,6 +36,7 @@ export declare namespace KcContextBase {
            loginUrl: string;
        };
        realm: {
+            name: string;
            displayName?: string;
            displayNameHtml?: string;
            internationalizationEnabled: boolean;
@ -45,7 +53,7 @@ export declare namespace KcContextBase {
                //label: LanguageLabel;
            }[];
            current: LanguageLabel;
-        },
+        };
        auth?: {
            showUsername: boolean;
            showResetCredentials: boolean;
@ -60,8 +68,15 @@ export declare namespace KcContextBase {
        client: {
            clientId: string;
            name?: string;
-        }
+            description?: string;
+        };
        isAppInitiatedAction: boolean;
+        messagesPerField: {
+            printIfExists: <T>(fieldName: string, x: T) => T | undefined;
+            existsError: (fieldName: string) => boolean;
+            get: (fieldName: string) => string;
+            exists: (fieldName: string) => boolean;
+        };
    };

    export type Login = Common & {
@ -93,37 +108,14 @@ export declare namespace KcContextBase {
                alias: string;
                providerId: string;
                displayName: string;
-            }[]
+            }[];
        };
    };

-    export type Register = Common & {
-        pageId: "register.ftl";
+    export type RegisterCommon = Common & {
        url: {
            registrationAction: string;
        };
-        messagesPerField: {
-            printIfExists<T>(
-                key:
-                    "userLabel" |
-                    "username" |
-                    "email" |
-                    "firstName" |
-                    "lastName" |
-                    "password" |
-                    "password-confirm",
-                x: T
-            ): T | undefined;
-        };
-        register: {
-            formData: {
-                firstName?: string;
-                displayName?: string;
-                lastName?: string;
-                email?: string;
-                username?: string;
-            }
-        };
        passwordRequired: boolean;
        recaptchaRequired: boolean;
        recaptchaSiteKey?: string;
@ -134,7 +126,29 @@ export declare namespace KcContextBase {
                alias: string;
                providerId: string;
                displayName: string;
-            }[]
+            }[];
+        };
+    };
+
+    export type Register = RegisterCommon & {
+        pageId: "register.ftl";
+        register: {
+            formData: {
+                firstName?: string;
+                displayName?: string;
+                lastName?: string;
+                email?: string;
+                username?: string;
+            };
+        };
+    };
+
+    export type RegisterUserProfile = RegisterCommon & {
+        pageId: "register-user-profile.ftl";
+        profile: {
+            context: "REGISTRATION_PROFILE";
+            attributes: Attribute[];
+            attributesByName: Record<string, Attribute>;
        };
    };

@ -147,14 +161,14 @@ export declare namespace KcContextBase {
        actionUri?: string;
        client: {
            baseUrl?: string;
-        }
+        };
    };

    export type Error = Common & {
        pageId: "error.ftl";
        client?: {
            baseUrl?: string;
-        },
+        };
        message: NonNullable<Common["message"]>;
    };

@ -162,7 +176,7 @@ export declare namespace KcContextBase {
        pageId: "login-reset-password.ftl";
        realm: {
            loginWithEmailAllowed: boolean;
-        }
+        };
    };

    export type LoginVerifyEmail = Common & {
@ -176,8 +190,13 @@ export declare namespace KcContextBase {
    export type LoginOtp = Common & {
        pageId: "login-otp.ftl";
        otpLogin: {
-            userOtpCredentials: { id: string; userLabel: string; }[];
-        }
+            userOtpCredentials: { id: string; userLabel: string }[];
+        };
+    };
+
+    export type LoginUpdatePassword = Common & {
+        pageId: "login-update-password.ftl";
+        username: string;
    };

    export type LoginUpdateProfile = Common & {
@ -189,13 +208,6 @@ export declare namespace KcContextBase {
            firstName?: string;
            lastName?: string;
        };
-        messagesPerField: {
-            printIfExists<T>(
-                key: "username" | "email" | "firstName" | "lastName",
-                x: T
-            ): T | undefined;
-        };
-
    };

    export type LoginIdpLinkConfirm = Common & {
@ -203,10 +215,126 @@ export declare namespace KcContextBase {
        idpAlias: string;
    };

+    export type LoginPageExpired = Common & {
+        pageId: "login-page-expired.ftl";
+    };
 }

-doExtends<KcContextBase["pageId"], PageId>();
-doExtends<PageId, KcContextBase["pageId"]>();
+export type Attribute = {
+    name: string;
+    displayName?: string;
+    required: boolean;
+    value?: string;
+    group?: string;
+    groupDisplayHeader?: string;
+    groupDisplayDescription?: string;
+    readOnly: boolean;
+    validators: Validators;
+    annotations: Record<string, string>;
+    groupAnnotations: Record<string, string>;
+    autocomplete?:
+        | "on"
+        | "off"
+        | "name"
+        | "honorific-prefix"
+        | "given-name"
+        | "additional-name"
+        | "family-name"
+        | "honorific-suffix"
+        | "nickname"
+        | "email"
+        | "username"
+        | "new-password"
+        | "current-password"
+        | "one-time-code"
+        | "organization-title"
+        | "organization"
+        | "street-address"
+        | "address-line1"
+        | "address-line2"
+        | "address-line3"
+        | "address-level4"
+        | "address-level3"
+        | "address-level2"
+        | "address-level1"
+        | "country"
+        | "country-name"
+        | "postal-code"
+        | "cc-name"
+        | "cc-given-name"
+        | "cc-additional-name"
+        | "cc-family-name"
+        | "cc-number"
+        | "cc-exp"
+        | "cc-exp-month"
+        | "cc-exp-year"
+        | "cc-csc"
+        | "cc-type"
+        | "transaction-currency"
+        | "transaction-amount"
+        | "language"
+        | "bday"
+        | "bday-day"
+        | "bday-month"
+        | "bday-year"
+        | "sex"
+        | "tel"
+        | "tel-country-code"
+        | "tel-national"
+        | "tel-area-code"
+        | "tel-local"
+        | "tel-extension"
+        | "impp"
+        | "url"
+        | "photo";
+};

+export type Validators = Partial<{
+    length: Validators.DoIgnoreEmpty & Validators.Range;
+    double: Validators.DoIgnoreEmpty & Validators.Range;
+    integer: Validators.DoIgnoreEmpty & Validators.Range;
+    email: Validators.DoIgnoreEmpty;
+    "up-immutable-attribute": {};
+    "up-attribute-required-by-metadata-value": {};
+    "up-username-has-value": {};
+    "up-duplicate-username": {};
+    "up-username-mutation": {};
+    "up-email-exists-as-username": {};
+    "up-blank-attribute-value": Validators.ErrorMessage & {
+        "fail-on-null": boolean;
+    };
+    "up-duplicate-email": {};
+    "local-date": Validators.DoIgnoreEmpty;
+    pattern: Validators.DoIgnoreEmpty & Validators.ErrorMessage & { pattern: string };
+    "person-name-prohibited-characters": Validators.DoIgnoreEmpty & Validators.ErrorMessage;
+    uri: Validators.DoIgnoreEmpty;
+    "username-prohibited-characters": Validators.DoIgnoreEmpty & Validators.ErrorMessage;
+    /** Made up validator that only exists in Keycloakify */
+    _compareToOther: Validators.DoIgnoreEmpty &
+        Validators.ErrorMessage & {
+            name: string;
+            shouldBe: "equal" | "different";
+        };
+    options: Validators.Options;
+}>;

+export declare namespace Validators {
+    export type DoIgnoreEmpty = {
+        "ignore.empty.value"?: boolean;
+    };

+    export type ErrorMessage = {
+        "error-message"?: string;
+    };
+
+    export type Range = {
+        /** "0", "1", "2"... yeah I know, don't tell me */
+        min?: `${number}`;
+        max?: `${number}`;
+    };
+    export type Options = {
+        options: string[];
+    };
+}
+
+assert<Equals<KcContextBase["pageId"], PageId>>();
--- a/src/lib/getKcContext/getKcContext.ts
+++ b/src/lib/getKcContext/getKcContext.ts
@ -1,86 +1,108 @@
-
-import type { KcContextBase } from "./KcContextBase";
+import type { KcContextBase, Attribute } from "./KcContextBase";
 import { kcContextMocks, kcContextCommonMock } from "./kcContextMocks";
-import { ftlValuesGlobalName } from "../../bin/build-keycloak-theme/ftlValuesGlobalName";
-import type { AndByDiscriminatingKey } from "../tools/AndByDiscriminatingKey";
 import type { DeepPartial } from "../tools/DeepPartial";
 import { deepAssign } from "../tools/deepAssign";
+import { id } from "tsafe/id";
+import { exclude } from "tsafe/exclude";
+import { assert } from "tsafe/assert";
+import type { ExtendsKcContextBase } from "./getKcContextFromWindow";
+import { getKcContextFromWindow } from "./getKcContextFromWindow";
+import { pathJoin } from "../tools/pathJoin";
+import { pathBasename } from "../tools/pathBasename";
+import { resourcesCommonPath } from "./kcContextMocks/urlResourcesPath";

+export function getKcContext<KcContextExtended extends { pageId: string } = never>(params?: {
+    mockPageId?: ExtendsKcContextBase<KcContextExtended>["pageId"];
+    mockData?: readonly DeepPartial<ExtendsKcContextBase<KcContextExtended>>[];
+}): { kcContext: ExtendsKcContextBase<KcContextExtended> | undefined } {
+    const { mockPageId, mockData } = params ?? {};

-export type ExtendsKcContextBase<
-	KcContextExtended extends { pageId: string; }
-	> =
-	[KcContextExtended] extends [never] ?
-	KcContextBase :
-	AndByDiscriminatingKey<
-		"pageId",
-		KcContextExtended & KcContextBase.Common,
-		KcContextBase
-	>;
+    if (mockPageId !== undefined) {
+        //TODO maybe trow if no mock fo custom page

-export function getKcContext<KcContextExtended extends { pageId: string; } = never>(
-	params?: {
-		mockPageId?: ExtendsKcContextBase<KcContextExtended>["pageId"];
-		mockData?: readonly DeepPartial<ExtendsKcContextBase<KcContextExtended>>[];
-	}
-): { kcContext: ExtendsKcContextBase<KcContextExtended> | undefined; } {
+        const kcContextDefaultMock = kcContextMocks.find(({ pageId }) => pageId === mockPageId);

-	const {
-		mockPageId,
-		mockData
-	} = params ?? {};
+        const partialKcContextCustomMock = mockData?.find(({ pageId }) => pageId === mockPageId);

-	if (mockPageId !== undefined) {
+        if (kcContextDefaultMock === undefined && partialKcContextCustomMock === undefined) {
+            console.warn(
+                [
+                    `WARNING: You declared the non build in page ${mockPageId} but you didn't `,
+                    `provide mock data needed to debug the page outside of Keycloak as you are trying to do now.`,
+                    `Please check the documentation of the getKcContext function`,
+                ].join("\n"),
+            );
+        }

-		//TODO maybe trow if no mock fo custom page
+        const kcContext: any = {};

-		const kcContextDefaultMock = kcContextMocks.find(({ pageId }) => pageId === mockPageId);
+        deepAssign({
+            "target": kcContext,
+            "source": kcContextDefaultMock !== undefined ? kcContextDefaultMock : { "pageId": mockPageId, ...kcContextCommonMock },
+        });

-		const partialKcContextCustomMock = mockData?.find(({ pageId }) => pageId === mockPageId);
+        if (partialKcContextCustomMock !== undefined) {
+            deepAssign({
+                "target": kcContext,
+                "source": partialKcContextCustomMock,
+            });

-		if (
-			kcContextDefaultMock === undefined &&
-			partialKcContextCustomMock === undefined
-		) {
+            if (partialKcContextCustomMock.pageId === "register-user-profile.ftl") {
+                assert(kcContextDefaultMock?.pageId === "register-user-profile.ftl");

-			console.warn([
-				`WARNING: You declared the non build in page ${mockPageId} but you didn't `,
-				`provide mock data needed to debug the page outside of Keycloak as you are trying to do now.`,
-				`Please check the documentation of the getKcContext function`
-			].join("\n"));
+                const { attributes } = kcContextDefaultMock.profile;

-		}
+                id<KcContextBase.RegisterUserProfile>(kcContext).profile.attributes = [];
+                id<KcContextBase.RegisterUserProfile>(kcContext).profile.attributesByName = {};

-		const kcContext: any = {};
+                const partialAttributes = [
+                    ...((partialKcContextCustomMock as DeepPartial<KcContextBase.RegisterUserProfile>).profile?.attributes ?? []),
+                ].filter(exclude(undefined));

-		deepAssign({
-			"target": kcContext,
-			"source": kcContextDefaultMock !== undefined ?
-				kcContextDefaultMock :
-				{ "pageId": mockPageId, ...kcContextCommonMock,  }
-		});
+                attributes.forEach(attribute => {
+                    const partialAttribute = partialAttributes.find(({ name }) => name === attribute.name);

-		if (partialKcContextCustomMock !== undefined) {
+                    const augmentedAttribute: Attribute = {} as any;

-			deepAssign({
-				"target": kcContext,
-				"source": partialKcContextCustomMock
-			});
+                    deepAssign({
+                        "target": augmentedAttribute,
+                        "source": attribute,
+                    });

-		}
+                    if (partialAttribute !== undefined) {
+                        partialAttributes.splice(partialAttributes.indexOf(partialAttribute), 1);

-		return { kcContext };
+                        deepAssign({
+                            "target": augmentedAttribute,
+                            "source": partialAttribute,
+                        });
+                    }

-	}
+                    id<KcContextBase.RegisterUserProfile>(kcContext).profile.attributes.push(augmentedAttribute);
+                    id<KcContextBase.RegisterUserProfile>(kcContext).profile.attributesByName[augmentedAttribute.name] = augmentedAttribute;
+                });

-	return {
-		"kcContext":
-			typeof window === "undefined" ?
-				undefined :
-				(window as any)[ftlValuesGlobalName]
-	};
+                partialAttributes.forEach(partialAttribute => {
+                    const { name } = partialAttribute;

+                    assert(name !== undefined, "If you define a mock attribute it must have at least a name");
+
+                    id<KcContextBase.RegisterUserProfile>(kcContext).profile.attributes.push(partialAttribute as any);
+                    id<KcContextBase.RegisterUserProfile>(kcContext).profile.attributesByName[name] = partialAttribute as any;
+                });
+            }
+        }
+
+        return { kcContext };
+    }
+
+    const kcContext = getKcContextFromWindow<KcContextExtended>();
+
+    if (kcContext !== undefined) {
+        const { url } = kcContext;
+
+        url.resourcesCommonPath = pathJoin(url.resourcesPath, pathBasename(resourcesCommonPath));
+    }
+
+    return { kcContext };
 }
-
-
-
--- a/src/lib/getKcContext/getKcContextFromWindow.ts
+++ b/src/lib/getKcContext/getKcContextFromWindow.ts
@ -0,0 +1,11 @@
+import type { KcContextBase } from "./KcContextBase";
+import type { AndByDiscriminatingKey } from "../tools/AndByDiscriminatingKey";
+import { ftlValuesGlobalName } from "../../bin/build-keycloak-theme/ftlValuesGlobalName";
+
+export type ExtendsKcContextBase<KcContextExtended extends { pageId: string }> = [KcContextExtended] extends [never]
+    ? KcContextBase
+    : AndByDiscriminatingKey<"pageId", KcContextExtended & KcContextBase.Common, KcContextBase>;
+
+export function getKcContextFromWindow<KcContextExtended extends { pageId: string } = never>(): ExtendsKcContextBase<KcContextExtended> | undefined {
+    return typeof window === "undefined" ? undefined : (window as any)[ftlValuesGlobalName];
+}
--- a/src/lib/getKcContext/index.ts
+++ b/src/lib/getKcContext/index.ts
@ -1,2 +1,3 @@
-export type { KcContextBase } from "./KcContextBase";
-export { getKcContext } from "./getKcContext";
+export type { KcContextBase, Attribute, Validators } from "./KcContextBase";
+export type { ExtendsKcContextBase } from "./getKcContextFromWindow";
+export { getKcContext } from "./getKcContext";
--- a/src/lib/getKcContext/kcContextMocks/index.ts
+++ b/src/lib/getKcContext/kcContextMocks/index.ts
@ -1 +1 @@
-export * from "./kcContextMocks";
+export * from "./kcContextMocks";
--- a/src/lib/getKcContext/kcContextMocks/kcContextMocks.ts
+++ b/src/lib/getKcContext/kcContextMocks/kcContextMocks.ts
@ -1,261 +1,370 @@
-
-import type { KcContextBase } from "../KcContextBase";
+import "minimal-polyfills/Object.fromEntries";
+import type { KcContextBase, Attribute } from "../KcContextBase";
 import { getEvtKcLanguage } from "../../i18n/useKcLanguageTag";
 import { getKcLanguageTagLabel } from "../../i18n/KcLanguageTag";
 //NOTE: Aside because we want to be able to import them from node
 import { resourcesCommonPath, resourcesPath } from "./urlResourcesPath";
 import { id } from "tsafe/id";
-import { join as pathJoin } from "path";
+import { pathJoin } from "../../tools/pathJoin";

 const PUBLIC_URL = process.env["PUBLIC_URL"] ?? "/";

 export const kcContextCommonMock: KcContextBase.Common = {
-	"url": {
-		"loginAction": "#",
-		"resourcesPath": pathJoin(PUBLIC_URL, resourcesPath),
-		"resourcesCommonPath": pathJoin(PUBLIC_URL, resourcesCommonPath),
-		"loginRestartFlowUrl": "/auth/realms/myrealm/login-actions/restart?client_id=account&tab_id=HoAx28ja4xg",
-		"loginUrl": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg",
-	},
-	"realm": {
-		"displayName": "myrealm",
-		"displayNameHtml": "myrealm",
-		"internationalizationEnabled": true,
-		"registrationEmailAsUsername": true,
-	},
-	"locale": {
-		"supported": [
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=de",
-				"languageTag": "de"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=no",
-				"languageTag": "no"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=ru",
-				"languageTag": "ru"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=sv",
-				"languageTag": "sv"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=pt-BR",
-				"languageTag": "pt-BR"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=lt",
-				"languageTag": "lt"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=en",
-				"languageTag": "en"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=it",
-				"languageTag": "it"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=fr",
-				"languageTag": "fr"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=zh-CN",
-				"languageTag": "zh-CN"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=es",
-				"languageTag": "es"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=cs",
-				"languageTag": "cs"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=ja",
-				"languageTag": "ja"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=sk",
-				"languageTag": "sk"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=pl",
-				"languageTag": "pl"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=ca",
-				"languageTag": "ca"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=nl",
-				"languageTag": "nl"
-			},
-			{
-				"url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=tr",
-				"languageTag": "tr"
-			}
-		],
-		//"current": null as any
-		"current": "English"
-	},
-	"auth": {
-		"showUsername": false,
-		"showResetCredentials": false,
-		"showTryAnotherWayLink": false
-	},
-	"client": {
-		"clientId": "myApp"
-	},
-	"scripts": [],
-	"message": {
-		"type": "success",
-		"summary": "This is a test message"
-	},
-	"isAppInitiatedAction": false,
+    "url": {
+        "loginAction": "#",
+        "resourcesPath": pathJoin(PUBLIC_URL, resourcesPath),
+        "resourcesCommonPath": pathJoin(PUBLIC_URL, resourcesCommonPath),
+        "loginRestartFlowUrl": "/auth/realms/myrealm/login-actions/restart?client_id=account&tab_id=HoAx28ja4xg",
+        "loginUrl": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg",
+    },
+    "realm": {
+        "name": "myrealm",
+        "displayName": "myrealm",
+        "displayNameHtml": "myrealm",
+        "internationalizationEnabled": true,
+        "registrationEmailAsUsername": false,
+    },
+    "messagesPerField": {
+        "printIfExists": (...[, x]) => x,
+        "existsError": () => true,
+        "get": key => `Fake error for ${key}`,
+        "exists": () => true,
+    },
+    "locale": {
+        "supported": [
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=de",
+                "languageTag": "de",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=no",
+                "languageTag": "no",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=ru",
+                "languageTag": "ru",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=sv",
+                "languageTag": "sv",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=pt-BR",
+                "languageTag": "pt-BR",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=lt",
+                "languageTag": "lt",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=en",
+                "languageTag": "en",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=it",
+                "languageTag": "it",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=fr",
+                "languageTag": "fr",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=zh-CN",
+                "languageTag": "zh-CN",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=es",
+                "languageTag": "es",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=cs",
+                "languageTag": "cs",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=ja",
+                "languageTag": "ja",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=sk",
+                "languageTag": "sk",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=pl",
+                "languageTag": "pl",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=ca",
+                "languageTag": "ca",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=nl",
+                "languageTag": "nl",
+            },
+            {
+                "url": "/auth/realms/myrealm/login-actions/authenticate?client_id=account&tab_id=HoAx28ja4xg&execution=ee6c2834-46a4-4a20-a1b6-f6d6f6451b36&kc_locale=tr",
+                "languageTag": "tr",
+            },
+        ],
+        //"current": null as any
+        "current": "English",
+    },
+    "auth": {
+        "showUsername": false,
+        "showResetCredentials": false,
+        "showTryAnotherWayLink": false,
+    },
+    "client": {
+        "clientId": "myApp",
+    },
+    "scripts": [],
+    "message": {
+        "type": "success",
+        "summary": "This is a test message",
+    },
+    "isAppInitiatedAction": false,
 };

-
-Object.defineProperty(
-	kcContextCommonMock.locale!,
-	"current",
-	{
-		"get": () => getKcLanguageTagLabel(getEvtKcLanguage().state),
-		"enumerable": true
-	}
-);
+Object.defineProperty(kcContextCommonMock.locale!, "current", {
+    "get": () => getKcLanguageTagLabel(getEvtKcLanguage().state),
+    "enumerable": true,
+});

 const loginUrl = {
-	...kcContextCommonMock.url,
-	"loginResetCredentialsUrl": "/auth/realms/myrealm/login-actions/reset-credentials?client_id=account&tab_id=HoAx28ja4xg",
-	"registrationUrl": "/auth/realms/myrealm/login-actions/registration?client_id=account&tab_id=HoAx28ja4xg"
+    ...kcContextCommonMock.url,
+    "loginResetCredentialsUrl": "/auth/realms/myrealm/login-actions/reset-credentials?client_id=account&tab_id=HoAx28ja4xg",
+    "registrationUrl": "/auth/realms/myrealm/login-actions/registration?client_id=account&tab_id=HoAx28ja4xg",
 };

 export const kcContextMocks: KcContextBase[] = [
-	id<KcContextBase.Login>({
-		...kcContextCommonMock,
-		"pageId": "login.ftl",
-		"url": loginUrl,
-		"realm": {
-			...kcContextCommonMock.realm,
-			"loginWithEmailAllowed": true,
-			"rememberMe": true,
-			"password": true,
-			"resetPasswordAllowed": true,
-			"registrationAllowed": true
-		},
-		"auth": kcContextCommonMock.auth!,
-		"social": {
-			"displayInfo": true
-		},
-		"usernameEditDisabled": false,
-		"login": {
-			"rememberMe": false
-		},
-		"registrationDisabled": false,
+    id<KcContextBase.Login>({
+        ...kcContextCommonMock,
+        "pageId": "login.ftl",
+        "url": loginUrl,
+        "realm": {
+            ...kcContextCommonMock.realm,
+            "loginWithEmailAllowed": true,
+            "rememberMe": true,
+            "password": true,
+            "resetPasswordAllowed": true,
+            "registrationAllowed": true,
+        },
+        "auth": kcContextCommonMock.auth!,
+        "social": {
+            "displayInfo": true,
+        },
+        "usernameEditDisabled": false,
+        "login": {
+            "rememberMe": false,
+        },
+        "registrationDisabled": false,
+    }),
+    ...(() => {
+        const registerCommon: KcContextBase.RegisterCommon = {
+            ...kcContextCommonMock,
+            "url": {
+                ...loginUrl,
+                "registrationAction":
+                    "http://localhost:8080/auth/realms/myrealm/login-actions/registration?session_code=gwZdUeO7pbYpFTRxiIxRg_QtzMbtFTKrNu6XW_f8asM&execution=12146ce0-b139-4bbd-b25b-0eccfee6577e&client_id=account&tab_id=uS8lYfebLa0",
+            },
+            "scripts": [],
+            "isAppInitiatedAction": false,
+            "passwordRequired": true,
+            "recaptchaRequired": false,
+            "social": {
+                "displayInfo": true,
+            },
+        };

-	}),
-	id<KcContextBase.Register>({
-		...kcContextCommonMock,
-		"pageId": "register.ftl",
-		"url": {
-			...loginUrl,
-			"registrationAction": "http://localhost:8080/auth/realms/myrealm/login-actions/registration?session_code=gwZdUeO7pbYpFTRxiIxRg_QtzMbtFTKrNu6XW_f8asM&execution=12146ce0-b139-4bbd-b25b-0eccfee6577e&client_id=account&tab_id=uS8lYfebLa0"
-		},
-		"messagesPerField": {
-			"printIfExists": (...[, x]) => x
-		},
-		"scripts": [],
-		"isAppInitiatedAction": false,
-		"register": {
-			"formData": {}
-		},
-		"passwordRequired": true,
-		"recaptchaRequired": false,
-		"social": {
-			"displayInfo": true
-		},
+        return [
+            id<KcContextBase.Register>({
+                "pageId": "register.ftl",
+                ...registerCommon,
+                "register": {
+                    "formData": {},
+                },
+            }),
+            id<KcContextBase.RegisterUserProfile>({
+                "pageId": "register-user-profile.ftl",
+                ...registerCommon,
+                "profile": {
+                    "context": "REGISTRATION_PROFILE" as const,
+                    ...(() => {
+                        const attributes: Attribute[] = [
+                            {
+                                "validators": {
+                                    "username-prohibited-characters": {
+                                        "ignore.empty.value": true,
+                                    },
+                                    "up-username-has-value": {},
+                                    "length": {
+                                        "ignore.empty.value": true,
+                                        "min": "3",
+                                        "max": "255",
+                                    },
+                                    "up-duplicate-username": {},
+                                    "up-username-mutation": {},
+                                },
+                                "displayName": "${username}",
+                                "annotations": {},
+                                "required": true,
+                                "groupAnnotations": {},
+                                "autocomplete": "username",
+                                "readOnly": false,
+                                "name": "username",
+                                "value": "xxxx",
+                            },
+                            {
+                                "validators": {
+                                    "up-email-exists-as-username": {},
+                                    "length": {
+                                        "max": "255",
+                                        "ignore.empty.value": true,
+                                    },
+                                    "up-blank-attribute-value": {
+                                        "error-message": "missingEmailMessage",
+                                        "fail-on-null": false,
+                                    },
+                                    "up-duplicate-email": {},
+                                    "email": {
+                                        "ignore.empty.value": true,
+                                    },
+                                    "pattern": {
+                                        "ignore.empty.value": true,
+                                        "pattern": "gmail\\.com$",
+                                    },
+                                },
+                                "displayName": "${email}",
+                                "annotations": {},
+                                "required": true,
+                                "groupAnnotations": {},
+                                "autocomplete": "email",
+                                "readOnly": false,
+                                "name": "email",
+                            },
+                            {
+                                "validators": {
+                                    "length": {
+                                        "max": "255",
+                                        "ignore.empty.value": true,
+                                    },
+                                    "person-name-prohibited-characters": {
+                                        "ignore.empty.value": true,
+                                    },
+                                    "up-immutable-attribute": {},
+                                    "up-attribute-required-by-metadata-value": {},
+                                },
+                                "displayName": "${firstName}",
+                                "annotations": {},
+                                "required": true,
+                                "groupAnnotations": {},
+                                "readOnly": false,
+                                "name": "firstName",
+                            },
+                            {
+                                "validators": {
+                                    "length": {
+                                        "max": "255",
+                                        "ignore.empty.value": true,
+                                    },
+                                    "person-name-prohibited-characters": {
+                                        "ignore.empty.value": true,
+                                    },
+                                    "up-immutable-attribute": {},
+                                    "up-attribute-required-by-metadata-value": {},
+                                },
+                                "displayName": "${lastName}",
+                                "annotations": {},
+                                "required": true,
+                                "groupAnnotations": {},
+                                "readOnly": false,
+                                "name": "lastName",
+                            },
+                        ];

-	}),
-	id<KcContextBase.Info>({
-		...kcContextCommonMock,
-		"pageId": "info.ftl",
-		"messageHeader": "<Message header>",
-		"requiredActions": undefined,
-		"skipLink": false,
-		"actionUri": "#",
-		"client": {
-			"clientId": "myApp",
-			"baseUrl": "#"
-		}
-
-	}),
-	id<KcContextBase.Error>({
-		...kcContextCommonMock,
-		"pageId": "error.ftl",
-		"client": {
-			"clientId": "myApp",
-			"baseUrl": "#"
-		},
-		"message": {
-			"type": "error",
-			"summary": "This is the error message"
-		}
-	}),
-	id<KcContextBase.LoginResetPassword>({
-		...kcContextCommonMock,
-		"pageId": "login-reset-password.ftl",
-		"realm": {
-			...kcContextCommonMock.realm,
-			"loginWithEmailAllowed": false
-		}
-
-	}),
-	id<KcContextBase.LoginVerifyEmail>({
-		...kcContextCommonMock,
-		"pageId": "login-verify-email.ftl"
-	}),
-	id<KcContextBase.Terms>({
-		...kcContextCommonMock,
-		"pageId": "terms.ftl"
-
-	}),
-	id<KcContextBase.LoginOtp>({
-		...kcContextCommonMock,
-		"pageId": "login-otp.ftl",
-		"otpLogin": {
-			"userOtpCredentials": [
-				{
-					"id": "id1",
-					"userLabel": "label1"
-				},
-				{
-					"id": "id2",
-					"userLabel": "label2"
-				}
-			]
-		}
-
-	}),
-	id<KcContextBase.LoginUpdateProfile>({
-		...kcContextCommonMock,
-		"pageId": "login-update-profile.ftl",
-		"user": {
-			"editUsernameAllowed": true,
-			"username": "anUsername",
-			"email": "foo@example.com",
-			"firstName": "aFirstName",
-			"lastName": "aLastName"
-		},
-		"messagesPerField": {
-			"printIfExists": () => undefined
-		}
-	}),
-	id<KcContextBase.LoginIdpLinkConfirm>({
-		...kcContextCommonMock,
-		"pageId": "login-idp-link-confirm.ftl",
-		"idpAlias": "FranceConnect"
-	})
+                        return {
+                            attributes,
+                            "attributesByName": Object.fromEntries(attributes.map(attribute => [attribute.name, attribute])) as any,
+                        } as any;
+                    })(),
+                },
+            }),
+        ];
+    })(),
+    id<KcContextBase.Info>({
+        ...kcContextCommonMock,
+        "pageId": "info.ftl",
+        "messageHeader": "<Message header>",
+        "requiredActions": undefined,
+        "skipLink": false,
+        "actionUri": "#",
+        "client": {
+            "clientId": "myApp",
+            "baseUrl": "#",
+        },
+    }),
+    id<KcContextBase.Error>({
+        ...kcContextCommonMock,
+        "pageId": "error.ftl",
+        "client": {
+            "clientId": "myApp",
+            "baseUrl": "#",
+        },
+        "message": {
+            "type": "error",
+            "summary": "This is the error message",
+        },
+    }),
+    id<KcContextBase.LoginResetPassword>({
+        ...kcContextCommonMock,
+        "pageId": "login-reset-password.ftl",
+        "realm": {
+            ...kcContextCommonMock.realm,
+            "loginWithEmailAllowed": false,
+        },
+    }),
+    id<KcContextBase.LoginVerifyEmail>({
+        ...kcContextCommonMock,
+        "pageId": "login-verify-email.ftl",
+    }),
+    id<KcContextBase.Terms>({
+        ...kcContextCommonMock,
+        "pageId": "terms.ftl",
+    }),
+    id<KcContextBase.LoginOtp>({
+        ...kcContextCommonMock,
+        "pageId": "login-otp.ftl",
+        "otpLogin": {
+            "userOtpCredentials": [
+                {
+                    "id": "id1",
+                    "userLabel": "label1",
+                },
+                {
+                    "id": "id2",
+                    "userLabel": "label2",
+                },
+            ],
+        },
+    }),
+    id<KcContextBase.LoginUpdatePassword>({
+        ...kcContextCommonMock,
+        "pageId": "login-update-password.ftl",
+        "username": "anUsername",
+    }),
+    id<KcContextBase.LoginUpdateProfile>({
+        ...kcContextCommonMock,
+        "pageId": "login-update-profile.ftl",
+        "user": {
+            "editUsernameAllowed": true,
+            "username": "anUsername",
+            "email": "foo@example.com",
+            "firstName": "aFirstName",
+            "lastName": "aLastName",
+        },
+    }),
+    id<KcContextBase.LoginIdpLinkConfirm>({
+        ...kcContextCommonMock,
+        "pageId": "login-idp-link-confirm.ftl",
+        "idpAlias": "FranceConnect",
+    }),
 ];
--- a/src/lib/getKcContext/kcContextMocks/urlResourcesPath.ts
+++ b/src/lib/getKcContext/kcContextMocks/urlResourcesPath.ts
@ -1,6 +1,5 @@
-
-import { join as pathJoin } from "path";
+import { pathJoin } from "../../tools/pathJoin";

 export const subDirOfPublicDirBasename = "keycloak_static";
-export const resourcesPath = pathJoin(subDirOfPublicDirBasename, "/resources");
-export const resourcesCommonPath = pathJoin(subDirOfPublicDirBasename, "/resources_common");
+export const resourcesPath = pathJoin(subDirOfPublicDirBasename, "resources");
+export const resourcesCommonPath = pathJoin(resourcesPath, "resources_common");
--- a/src/lib/i18n/KcLanguageTag.ts
+++ b/src/lib/i18n/KcLanguageTag.ts
@ -1,64 +1,54 @@
-
 import { objectKeys } from "tsafe/objectKeys";
 import { kcMessages } from "./kcMessages/login";

 export type KcLanguageTag = keyof typeof kcMessages;

-export type LanguageLabel =
+const kcLanguageByTagLabel = {
    /* spell-checker: disable */
-    "Deutsch" | "Norsk" | "Русский" | "Svenska" | "Português (Brasil)" | "Lietuvių" |
-    "English" | "Italiano" | "Français" | "中文简体" | "Español" | "Čeština" | "日本語" |
-    "Slovenčina" | "Polski" | "Català" | "Nederlands" | "Türkçe" | "Dansk" | "Magyar";
-/* spell-checker: enable */
+    "es": "Español",
+    "it": "Italiano",
+    "fr": "Français",
+    "ca": "Català",
+    "en": "English",
+    "de": "Deutsch",
+    "no": "Norsk",
+    "pt-BR": "Português (Brasil)",
+    "ru": "Русский",
+    "sk": "Slovenčina",
+    "ja": "日本語",
+    "pl": "Polski",
+    "zh-CN": "中文简体",
+    "sv": "Svenska",
+    "lt": "Lietuvių",
+    "cs": "Čeština",
+    "nl": "Nederlands",
+    "tr": "Türkçe",
+    "da": "Dansk",
+    "hu": "Magyar",
+    /* spell-checker: enable */
+} as const;
+
+export type LanguageLabel = typeof kcLanguageByTagLabel[keyof typeof kcLanguageByTagLabel];

 export function getKcLanguageTagLabel(language: KcLanguageTag): LanguageLabel {
-
-    switch (language) {
-        /* spell-checker: disable */
-        case "es": return "Español";
-        case "it": return "Italiano";
-        case "fr": return "Français";
-        case "ca": return "Català";
-        case "en": return "English";
-        case "de": return "Deutsch";
-        case "no": return "Norsk";
-        case "pt-BR": return "Português (Brasil)";
-        case "ru": return "Русский";
-        case "sk": return "Slovenčina";
-        case "ja": return "日本語";
-        case "pl": return "Polski";
-        case "zh-CN": return "中文简体"
-        case "sv": return "Svenska";
-        case "lt": return "Lietuvių";
-        case "cs": return "Čeština";
-        case "nl": return "Nederlands";
-        case "tr": return "Türkçe";
-        case "da": return "Dansk";
-        case "hu": return "Magyar";
-        /* spell-checker: enable */
-    }
-
-    return language;
-
+    return kcLanguageByTagLabel[language] ?? language;
 }

-const availableLanguages = objectKeys(kcMessages);
+export const kcLanguageTags = objectKeys(kcMessages);

-/** 
+/**
 * Pass in "fr-FR" or "français" for example, it will return the AvailableLanguage
- * it corresponds to: "fr". 
+ * it corresponds to: "fr".
 * If there is no reasonable match it's guessed from navigator.language.
 * If still no matches "en" is returned.
-*/
-export function getBestMatchAmongKcLanguageTag(
-    languageLike: string
-): KcLanguageTag {
-
+ */
+export function getBestMatchAmongKcLanguageTag(languageLike: string): KcLanguageTag {
    const iso2LanguageLike = languageLike.split("-")[0].toLowerCase();

-    const kcLanguageTag = availableLanguages.find(language =>
-        language.toLowerCase().includes(iso2LanguageLike) ||
-        getKcLanguageTagLabel(language).toLocaleLowerCase() === languageLike.toLocaleLowerCase()
+    const kcLanguageTag = kcLanguageTags.find(
+        language =>
+            language.toLowerCase().includes(iso2LanguageLike) ||
+            getKcLanguageTagLabel(language).toLocaleLowerCase() === languageLike.toLocaleLowerCase(),
    );

    if (kcLanguageTag !== undefined) {
@ -71,4 +61,3 @@ export function getBestMatchAmongKcLanguageTag(

    return "en";
 }
-
--- a/src/lib/i18n/generated_kcMessages/11.0.3/account.ts
+++ b/src/lib/i18n/generated_kcMessages/11.0.3/account.ts
--- a/src/lib/i18n/generated_kcMessages/11.0.3/admin.ts
+++ b/src/lib/i18n/generated_kcMessages/11.0.3/admin.ts
@ -2,243 +2,252 @@
 //PLEASE DO NOT EDIT MANUALLY

 /* spell-checker: disable */
-export const kcMessages= {
-  "ca": {
-    "invalidPasswordHistoryMessage": "Contrasenya incorrecta: no pot ser igual a cap de les últimes {0} contrasenyes.",
-    "invalidPasswordMinDigitsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres numéricos.",
-    "invalidPasswordMinLengthMessage": "Contrasenya incorrecta: longitud mínima {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} lletres minúscules.",
-    "invalidPasswordMinSpecialCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} caràcters especials.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} lletres majúscules.",
-    "invalidPasswordNotUsernameMessage": "Contrasenya incorrecta: no pot ser igual al nom d'usuari.",
-    "invalidPasswordRegexPatternMessage": "Contrasenya incorrecta: no compleix l'expressió regular."
-  },
-  "de": {
-    "invalidPasswordMinLengthMessage": "Ungültiges Passwort: muss mindestens {0} Zeichen beinhalten.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Ungültiges Passwort: muss mindestens {0} Kleinbuchstaben beinhalten.",
-    "invalidPasswordMinDigitsMessage": "Ungültiges Passwort: muss mindestens {0} Ziffern beinhalten.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Ungültiges Passwort: muss mindestens {0} Großbuchstaben beinhalten.",
-    "invalidPasswordMinSpecialCharsMessage": "Ungültiges Passwort: muss mindestens {0} Sonderzeichen beinhalten.",
-    "invalidPasswordNotUsernameMessage": "Ungültiges Passwort: darf nicht identisch mit dem Benutzernamen sein.",
-    "invalidPasswordRegexPatternMessage": "Ungültiges Passwort: stimmt nicht mit Regex-Muster überein.",
-    "invalidPasswordHistoryMessage": "Ungültiges Passwort: darf nicht identisch mit einem der letzten {0} Passwörter sein.",
-    "invalidPasswordBlacklistedMessage": "Ungültiges Passwort: Passwort ist zu bekannt und auf der schwarzen Liste.",
-    "invalidPasswordGenericMessage": "Ungültiges Passwort: neues Passwort erfüllt die Passwort-Anforderungen nicht."
-  },
-  "en": {
-    "invalidPasswordMinLengthMessage": "Invalid password: minimum length {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Invalid password: must contain at least {0} lower case characters.",
-    "invalidPasswordMinDigitsMessage": "Invalid password: must contain at least {0} numerical digits.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Invalid password: must contain at least {0} upper case characters.",
-    "invalidPasswordMinSpecialCharsMessage": "Invalid password: must contain at least {0} special characters.",
-    "invalidPasswordNotUsernameMessage": "Invalid password: must not be equal to the username.",
-    "invalidPasswordRegexPatternMessage": "Invalid password: fails to match regex pattern(s).",
-    "invalidPasswordHistoryMessage": "Invalid password: must not be equal to any of last {0} passwords.",
-    "invalidPasswordBlacklistedMessage": "Invalid password: password is blacklisted.",
-    "invalidPasswordGenericMessage": "Invalid password: new password does not match password policies.",
-    "ldapErrorInvalidCustomFilter": "Custom configured LDAP filter does not start with \"(\" or does not end with \")\".",
-    "ldapErrorConnectionTimeoutNotNumber": "Connection Timeout must be a number",
-    "ldapErrorReadTimeoutNotNumber": "Read Timeout must be a number",
-    "ldapErrorMissingClientId": "Client ID needs to be provided in config when Realm Roles Mapping is not used.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Not possible to preserve group inheritance and use UID membership type together.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Can not set write only when LDAP provider mode is not WRITABLE",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Can not set write-only and read-only together",
-    "ldapErrorCantEnableStartTlsAndConnectionPooling": "Can not enable both StartTLS and connection pooling.",
-    "ldapErrorCantEnableUnsyncedAndImportOff": "Can not disable Importing users when LDAP provider mode is UNSYNCED",
-    "ldapErrorMissingGroupsPathGroup": "Groups path group does not exist - please create the group on specified path first",
-    "clientRedirectURIsFragmentError": "Redirect URIs must not contain an URI fragment",
-    "clientRootURLFragmentError": "Root URL must not contain an URL fragment",
-    "clientRootURLIllegalSchemeError": "Root URL uses an illegal scheme",
-    "clientBaseURLIllegalSchemeError": "Base URL uses an illegal scheme",
-    "clientRedirectURIsIllegalSchemeError": "A redirect URI uses an illegal scheme",
-    "clientBaseURLInvalid": "Base URL is not a valid URL",
-    "clientRootURLInvalid": "Root URL is not a valid URL",
-    "clientRedirectURIsInvalid": "A redirect URI is not a valid URI",
-    "pairwiseMalformedClientRedirectURI": "Client contained an invalid redirect URI.",
-    "pairwiseClientRedirectURIsMissingHost": "Client redirect URIs must contain a valid host component.",
-    "pairwiseClientRedirectURIsMultipleHosts": "Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.",
-    "pairwiseMalformedSectorIdentifierURI": "Malformed Sector Identifier URI.",
-    "pairwiseFailedToGetRedirectURIs": "Failed to get redirect URIs from the Sector Identifier URI.",
-    "pairwiseRedirectURIsMismatch": "Client redirect URIs does not match redirect URIs fetched from the Sector Identifier URI."
-  },
-  "es": {
-    "invalidPasswordMinLengthMessage": "Contraseña incorrecta: longitud mínima {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Contraseña incorrecta: debe contener al menos {0} letras minúsculas.",
-    "invalidPasswordMinDigitsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres numéricos.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Contraseña incorrecta: debe contener al menos {0} letras mayúsculas.",
-    "invalidPasswordMinSpecialCharsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres especiales.",
-    "invalidPasswordNotUsernameMessage": "Contraseña incorrecta: no puede ser igual al nombre de usuario.",
-    "invalidPasswordRegexPatternMessage": "Contraseña incorrecta: no cumple la expresión regular.",
-    "invalidPasswordHistoryMessage": "Contraseña incorrecta: no puede ser igual a ninguna de las últimas {0} contraseñas."
-  },
-  "fr": {
-    "invalidPasswordMinLengthMessage": "Mot de passe invalide : longueur minimale requise de {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Mot de passe invalide : doit contenir au moins {0} lettre(s) en minuscule.",
-    "invalidPasswordMinDigitsMessage": "Mot de passe invalide : doit contenir au moins {0} chiffre(s).",
-    "invalidPasswordMinUpperCaseCharsMessage": "Mot de passe invalide : doit contenir au moins {0} lettre(s) en majuscule.",
-    "invalidPasswordMinSpecialCharsMessage": "Mot de passe invalide : doit contenir au moins {0} caractère(s) spéciaux.",
-    "invalidPasswordNotUsernameMessage": "Mot de passe invalide : ne doit pas être identique au nom d'utilisateur.",
-    "invalidPasswordRegexPatternMessage": "Mot de passe invalide : ne valide pas l'expression rationnelle.",
-    "invalidPasswordHistoryMessage": "Mot de passe invalide : ne doit pas être égal aux {0} derniers mot de passe."
-  },
-  "it": {},
-  "ja": {
-    "invalidPasswordMinLengthMessage": "無効なパスワード: 最小{0}の長さが必要です。",
-    "invalidPasswordMinLowerCaseCharsMessage": "無効なパスワード: 少なくとも{0}文字の小文字を含む必要があります。",
-    "invalidPasswordMinDigitsMessage": "無効なパスワード: 少なくとも{0}文字の数字を含む必要があります。",
-    "invalidPasswordMinUpperCaseCharsMessage": "無効なパスワード: 少なくとも{0}文字の大文字を含む必要があります。",
-    "invalidPasswordMinSpecialCharsMessage": "無効なパスワード: 少なくとも{0}文字の特殊文字を含む必要があります。",
-    "invalidPasswordNotUsernameMessage": "無効なパスワード: ユーザー名と同じパスワードは禁止されています。",
-    "invalidPasswordRegexPatternMessage": "無効なパスワード: 正規表現パターンと一致しません。",
-    "invalidPasswordHistoryMessage": "無効なパスワード: 最近の{0}パスワードのいずれかと同じパスワードは禁止されています。",
-    "invalidPasswordBlacklistedMessage": "無効なパスワード: パスワードがブラックリストに含まれています。",
-    "invalidPasswordGenericMessage": "無効なパスワード: 新しいパスワードはパスワード・ポリシーと一致しません。",
-    "ldapErrorInvalidCustomFilter": "LDAPフィルターのカスタム設定が、「(」から開始または「)」で終了となっていません。",
-    "ldapErrorConnectionTimeoutNotNumber": "接続タイムアウトは数字でなければなりません",
-    "ldapErrorReadTimeoutNotNumber": "読み取りタイムアウトは数字でなければなりません",
-    "ldapErrorMissingClientId": "レルムロール・マッピングを使用しない場合は、クライアントIDは設定内で提供される必要があります。",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "グループの継承を維持することと、UIDメンバーシップ・タイプを使用することは同時にできません。",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "LDAPプロバイダー・モードがWRITABLEではない場合は、write onlyを設定することはできません。",
-    "ldapErrorCantWriteOnlyAndReadOnly": "write-onlyとread-onlyを一緒に設定することはできません。",
-    "ldapErrorCantEnableStartTlsAndConnectionPooling": "StartTLSと接続プーリングの両方を有効にできません。",
-    "clientRedirectURIsFragmentError": "リダイレクトURIにURIフラグメントを含めることはできません。",
-    "clientRootURLFragmentError": "ルートURLにURLフラグメントを含めることはできません。",
-    "pairwiseMalformedClientRedirectURI": "クライアントに無効なリダイレクトURIが含まれていました。",
-    "pairwiseClientRedirectURIsMissingHost": "クライアントのリダイレクトURIには有効なホスト・コンポーネントが含まれている必要があります。",
-    "pairwiseClientRedirectURIsMultipleHosts": "設定されたセレクター識別子URIがない場合は、クライアントのリダイレクトURIは複数のホスト・コンポーネントを含むことはできません。",
-    "pairwiseMalformedSectorIdentifierURI": "不正なセレクター識別子URIです。",
-    "pairwiseFailedToGetRedirectURIs": "セクター識別子URIからリダイレクトURIを取得できませんでした。",
-    "pairwiseRedirectURIsMismatch": "クライアントのリダイレクトURIは、セクター識別子URIからフェッチされたリダイレクトURIと一致しません。"
-  },
-  "lt": {
-    "invalidPasswordMinLengthMessage": "Per trumpas slaptažodis: mažiausias ilgis {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} mažąją raidę.",
-    "invalidPasswordMinDigitsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} skaitmenį.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} didžiąją raidę.",
-    "invalidPasswordMinSpecialCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} specialų simbolį.",
-    "invalidPasswordNotUsernameMessage": "Neteisingas slaptažodis: slaptažodis negali sutapti su naudotojo vardu.",
-    "invalidPasswordRegexPatternMessage": "Neteisingas slaptažodis: slaptažodis netenkina regex taisyklės(ių).",
-    "invalidPasswordHistoryMessage": "Neteisingas slaptažodis: slaptažodis negali sutapti su prieš tai buvusiais {0} slaptažodžiais.",
-    "ldapErrorInvalidCustomFilter": "Sukonfigūruotas LDAP filtras neprasideda \"(\" ir nesibaigia \")\" simboliais.",
-    "ldapErrorMissingClientId": "Privaloma nurodyti kliento ID kai srities rolių susiejimas nėra nenaudojamas.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Grupių paveldėjimo ir UID narystės tipas kartu negali būti naudojami.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Negalima nustatyti rašymo rėžimo kuomet LDAP teikėjo rėžimas ne WRITABLE",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Negalima nustatyti tik rašyti ir tik skaityti kartu",
-    "clientRedirectURIsFragmentError": "Nurodykite URI fragmentą, kurio negali būti peradresuojamuose URI adresuose",
-    "clientRootURLFragmentError": "Nurodykite URL fragmentą, kurio negali būti šakniniame URL adrese",
-    "pairwiseMalformedClientRedirectURI": "Klientas pateikė neteisingą nukreipimo nuorodą.",
-    "pairwiseClientRedirectURIsMissingHost": "Kliento nukreipimo nuorodos privalo būti nurodytos su serverio vardo komponentu.",
-    "pairwiseClientRedirectURIsMultipleHosts": "Kuomet nesukonfigūruotas sektoriaus identifikatoriaus URL, kliento nukreipimo nuorodos privalo talpinti ne daugiau kaip vieną skirtingą serverio vardo komponentą.",
-    "pairwiseMalformedSectorIdentifierURI": "Neteisinga sektoriaus identifikatoriaus URI.",
-    "pairwiseFailedToGetRedirectURIs": "Nepavyko gauti nukreipimo nuorodų iš sektoriaus identifikatoriaus URI.",
-    "pairwiseRedirectURIsMismatch": "Kliento nukreipimo nuoroda neatitinka nukreipimo nuorodų iš sektoriaus identifikatoriaus URI."
-  },
-  "nl": {
-    "invalidPasswordMinLengthMessage": "Ongeldig wachtwoord: de minimale lengte is {0} karakters.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} kleine letters bevatten.",
-    "invalidPasswordMinDigitsMessage": "Ongeldig wachtwoord: het moet minstens {0} getallen bevatten.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} hoofdletters bevatten.",
-    "invalidPasswordMinSpecialCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} speciale karakters bevatten.",
-    "invalidPasswordNotUsernameMessage": "Ongeldig wachtwoord: het mag niet overeenkomen met de gebruikersnaam.",
-    "invalidPasswordRegexPatternMessage": "Ongeldig wachtwoord: het voldoet niet aan het door de beheerder ingestelde patroon.",
-    "invalidPasswordHistoryMessage": "Ongeldig wachtwoord: het mag niet overeen komen met een van de laatste {0} wachtwoorden.",
-    "invalidPasswordGenericMessage": "Ongeldig wachtwoord: het nieuwe wachtwoord voldoet niet aan het wachtwoordbeleid.",
-    "ldapErrorInvalidCustomFilter": "LDAP filter met aangepaste configuratie start niet met \"(\" of eindigt niet met \")\".",
-    "ldapErrorConnectionTimeoutNotNumber": "Verbindingstimeout moet een getal zijn",
-    "ldapErrorReadTimeoutNotNumber": "Lees-timeout moet een getal zijn",
-    "ldapErrorMissingClientId": "Client ID moet ingesteld zijn als Realm Roles Mapping niet gebruikt wordt.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Kan groepsovererving niet behouden bij UID-lidmaatschapstype.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Alleen-schrijven niet mogelijk als LDAP provider mode niet WRITABLE is",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Alleen-schrijven en alleen-lezen mogen niet tegelijk ingesteld zijn",
-    "clientRedirectURIsFragmentError": "Redirect URIs mogen geen URI fragment bevatten",
-    "clientRootURLFragmentError": "Root URL mag geen URL fragment bevatten",
-    "pairwiseMalformedClientRedirectURI": "Client heeft een ongeldige redirect URI.",
-    "pairwiseClientRedirectURIsMissingHost": "Client redirect URIs moeten een geldige host-component bevatten.",
-    "pairwiseClientRedirectURIsMultipleHosts": "Zonder een geconfigureerde Sector Identifier URI mogen client redirect URIs niet meerdere host componenten hebben.",
-    "pairwiseMalformedSectorIdentifierURI": "Onjuist notatie in Sector Identifier URI.",
-    "pairwiseFailedToGetRedirectURIs": "Kon geen redirect URIs verkrijgen van de Sector Identifier URI.",
-    "pairwiseRedirectURIsMismatch": "Client redirect URIs komen niet overeen met redict URIs ontvangen van de Sector Identifier URI."
-  },
-  "no": {
-    "invalidPasswordMinLengthMessage": "Ugyldig passord: minimum lengde {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Ugyldig passord: må inneholde minst {0} små bokstaver.",
-    "invalidPasswordMinDigitsMessage": "Ugyldig passord: må inneholde minst {0} sifre.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Ugyldig passord: må inneholde minst {0} store bokstaver.",
-    "invalidPasswordMinSpecialCharsMessage": "Ugyldig passord: må inneholde minst {0} spesialtegn.",
-    "invalidPasswordNotUsernameMessage": "Ugyldig passord: kan ikke være likt brukernavn.",
-    "invalidPasswordRegexPatternMessage": "Ugyldig passord: tilfredsstiller ikke kravene for passord-mønster.",
-    "invalidPasswordHistoryMessage": "Ugyldig passord: kan ikke være likt noen av de {0} foregående passordene.",
-    "ldapErrorInvalidCustomFilter": "Tilpasset konfigurasjon av LDAP-filter starter ikke med \"(\" eller slutter ikke med \")\".",
-    "ldapErrorMissingClientId": "KlientID må være tilgjengelig i config når sikkerhetsdomenerollemapping ikke brukes.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Ikke mulig å bevare gruppearv og samtidig bruke UID medlemskapstype.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Kan ikke sette write-only når LDAP leverandør-modus ikke er WRITABLE",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Kan ikke sette både write-only og read-only"
-  },
-  "pl": {},
-  "pt-BR": {
-    "invalidPasswordMinLengthMessage": "Senha inválida: deve conter ao menos {0} caracteres.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres minúsculos.",
-    "invalidPasswordMinDigitsMessage": "Senha inválida: deve conter ao menos {0} digitos numéricos.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres maiúsculos.",
-    "invalidPasswordMinSpecialCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres especiais.",
-    "invalidPasswordNotUsernameMessage": "Senha inválida: não deve ser igual ao nome de usuário.",
-    "invalidPasswordRegexPatternMessage": "Senha inválida: falha ao passar por padrões.",
-    "invalidPasswordHistoryMessage": "Senha inválida: não deve ser igual às últimas {0} senhas.",
-    "ldapErrorInvalidCustomFilter": "Filtro LDAP não inicia com \"(\" ou não termina com \")\".",
-    "ldapErrorMissingClientId": "ID do cliente precisa ser definido na configuração quando mapeamentos de Roles do Realm não é utilizado.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Não é possível preservar herança de grupos e usar tipo de associação de UID ao mesmo tempo.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Não é possível definir modo de somente escrita quando o provedor LDAP não suporta escrita",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Não é possível definir somente escrita e somente leitura ao mesmo tempo",
-    "clientRedirectURIsFragmentError": "URIs de redirecionamento não podem conter fragmentos",
-    "clientRootURLFragmentError": "URL raiz não pode conter fragmentos"
-  },
-  "ru": {
-    "invalidPasswordMinLengthMessage": "Некорректный пароль: длина пароля должна быть не менее {0} символов(а).",
-    "invalidPasswordMinDigitsMessage": "Некорректный пароль: должен содержать не менее {0} цифр(ы).",
-    "invalidPasswordMinLowerCaseCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} символов(а) в нижнем регистре.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} символов(а) в верхнем регистре.",
-    "invalidPasswordMinSpecialCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} спецсимволов(а).",
-    "invalidPasswordNotUsernameMessage": "Некорректный пароль: пароль не должен совпадать с именем пользователя.",
-    "invalidPasswordRegexPatternMessage": "Некорректный пароль: пароль не прошел проверку по регулярному выражению.",
-    "invalidPasswordHistoryMessage": "Некорректный пароль: пароль не должен совпадать с последним(и) {0} паролем(ями).",
-    "invalidPasswordGenericMessage": "Некорректный пароль: новый пароль не соответствует правилам пароля.",
-    "ldapErrorInvalidCustomFilter": "Сконфигурированный пользователем фильтр LDAP не должен начинаться с \"(\" или заканчиваться на \")\".",
-    "ldapErrorMissingClientId": "Client ID должен быть настроен в конфигурации, если не используется сопоставление ролей в realm.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Не удалось унаследовать группу и использовать членство UID типа вместе.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Невозможно установить режим \"только на запись\", когда LDAP провайдер не в режиме WRITABLE",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Невозможно одновременно установить режимы \"только на чтение\" и \"только на запись\"",
-    "clientRedirectURIsFragmentError": "URI перенаправления не должен содержать фрагмент URI",
-    "clientRootURLFragmentError": "Корневой URL не должен содержать фрагмент URL ",
-    "pairwiseMalformedClientRedirectURI": "Клиент содержит некорректный URI перенаправления.",
-    "pairwiseClientRedirectURIsMissingHost": "URI перенаправления клиента должен содержать корректный компонент хоста.",
-    "pairwiseClientRedirectURIsMultipleHosts": "Без конфигурации по части идентификатора URI, URI перенаправления клиента не может содержать несколько компонентов хоста.",
-    "pairwiseMalformedSectorIdentifierURI": "Искаженная часть идентификатора URI.",
-    "pairwiseFailedToGetRedirectURIs": "Не удалось получить идентификаторы URI перенаправления из части идентификатора URI.",
-    "pairwiseRedirectURIsMismatch": "Клиент URI переадресации не соответствует URI переадресации, полученной из части идентификатора URI."
-  },
-  "zh-CN": {
-    "invalidPasswordMinLengthMessage": "无效的密码：最短长度 {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "无效的密码：至少包含 {0} 小写字母",
-    "invalidPasswordMinDigitsMessage": "无效的密码：至少包含 {0} 个数字",
-    "invalidPasswordMinUpperCaseCharsMessage": "无效的密码：最短长度 {0} 大写字母",
-    "invalidPasswordMinSpecialCharsMessage": "无效的密码：最短长度 {0} 特殊字符",
-    "invalidPasswordNotUsernameMessage": "无效的密码： 不可以与用户名相同",
-    "invalidPasswordRegexPatternMessage": "无效的密码： 无法与正则表达式匹配",
-    "invalidPasswordHistoryMessage": "无效的密码：不能与最后使用的 {0} 个密码相同",
-    "ldapErrorInvalidCustomFilter": "定制的 LDAP过滤器不是以 \"(\" 开头或以 \")\"结尾.",
-    "ldapErrorConnectionTimeoutNotNumber": "Connection Timeout 必须是个数字",
-    "ldapErrorMissingClientId": "当域角色映射未启用时，客户端 ID 需要指定。",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "无法在使用UID成员类型的同时维护组继承属性。",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "当LDAP提供方不是可写模式时，无法设置只写",
-    "ldapErrorCantWriteOnlyAndReadOnly": "无法同时设置只读和只写",
-    "clientRedirectURIsFragmentError": "重定向URL不应包含URI片段",
-    "clientRootURLFragmentError": "根URL 不应包含 URL 片段",
-    "pairwiseMalformedClientRedirectURI": "客户端包含一个无效的重定向URL",
-    "pairwiseClientRedirectURIsMissingHost": "客户端重定向URL需要有一个有效的主机",
-    "pairwiseClientRedirectURIsMultipleHosts": "Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.",
-    "pairwiseMalformedSectorIdentifierURI": "Malformed Sector Identifier URI.",
-    "pairwiseFailedToGetRedirectURIs": "无法从服务器获得重定向URL",
-    "pairwiseRedirectURIsMismatch": "客户端的重定向URI与服务器端获取的URI配置不匹配。"
-  }
+export const kcMessages = {
+    "ca": {
+        "invalidPasswordHistoryMessage": "Contrasenya incorrecta: no pot ser igual a cap de les últimes {0} contrasenyes.",
+        "invalidPasswordMinDigitsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres numéricos.",
+        "invalidPasswordMinLengthMessage": "Contrasenya incorrecta: longitud mínima {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} lletres minúscules.",
+        "invalidPasswordMinSpecialCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} caràcters especials.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} lletres majúscules.",
+        "invalidPasswordNotUsernameMessage": "Contrasenya incorrecta: no pot ser igual al nom d'usuari.",
+        "invalidPasswordRegexPatternMessage": "Contrasenya incorrecta: no compleix l'expressió regular.",
+    },
+    "de": {
+        "invalidPasswordMinLengthMessage": "Ungültiges Passwort: muss mindestens {0} Zeichen beinhalten.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Ungültiges Passwort: muss mindestens {0} Kleinbuchstaben beinhalten.",
+        "invalidPasswordMinDigitsMessage": "Ungültiges Passwort: muss mindestens {0} Ziffern beinhalten.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Ungültiges Passwort: muss mindestens {0} Großbuchstaben beinhalten.",
+        "invalidPasswordMinSpecialCharsMessage": "Ungültiges Passwort: muss mindestens {0} Sonderzeichen beinhalten.",
+        "invalidPasswordNotUsernameMessage": "Ungültiges Passwort: darf nicht identisch mit dem Benutzernamen sein.",
+        "invalidPasswordRegexPatternMessage": "Ungültiges Passwort: stimmt nicht mit Regex-Muster überein.",
+        "invalidPasswordHistoryMessage": "Ungültiges Passwort: darf nicht identisch mit einem der letzten {0} Passwörter sein.",
+        "invalidPasswordBlacklistedMessage": "Ungültiges Passwort: Passwort ist zu bekannt und auf der schwarzen Liste.",
+        "invalidPasswordGenericMessage": "Ungültiges Passwort: neues Passwort erfüllt die Passwort-Anforderungen nicht.",
+    },
+    "en": {
+        "invalidPasswordMinLengthMessage": "Invalid password: minimum length {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Invalid password: must contain at least {0} lower case characters.",
+        "invalidPasswordMinDigitsMessage": "Invalid password: must contain at least {0} numerical digits.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Invalid password: must contain at least {0} upper case characters.",
+        "invalidPasswordMinSpecialCharsMessage": "Invalid password: must contain at least {0} special characters.",
+        "invalidPasswordNotUsernameMessage": "Invalid password: must not be equal to the username.",
+        "invalidPasswordRegexPatternMessage": "Invalid password: fails to match regex pattern(s).",
+        "invalidPasswordHistoryMessage": "Invalid password: must not be equal to any of last {0} passwords.",
+        "invalidPasswordBlacklistedMessage": "Invalid password: password is blacklisted.",
+        "invalidPasswordGenericMessage": "Invalid password: new password does not match password policies.",
+        "ldapErrorInvalidCustomFilter": 'Custom configured LDAP filter does not start with "(" or does not end with ")".',
+        "ldapErrorConnectionTimeoutNotNumber": "Connection Timeout must be a number",
+        "ldapErrorReadTimeoutNotNumber": "Read Timeout must be a number",
+        "ldapErrorMissingClientId": "Client ID needs to be provided in config when Realm Roles Mapping is not used.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType":
+            "Not possible to preserve group inheritance and use UID membership type together.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Can not set write only when LDAP provider mode is not WRITABLE",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Can not set write-only and read-only together",
+        "ldapErrorCantEnableStartTlsAndConnectionPooling": "Can not enable both StartTLS and connection pooling.",
+        "ldapErrorCantEnableUnsyncedAndImportOff": "Can not disable Importing users when LDAP provider mode is UNSYNCED",
+        "ldapErrorMissingGroupsPathGroup": "Groups path group does not exist - please create the group on specified path first",
+        "clientRedirectURIsFragmentError": "Redirect URIs must not contain an URI fragment",
+        "clientRootURLFragmentError": "Root URL must not contain an URL fragment",
+        "clientRootURLIllegalSchemeError": "Root URL uses an illegal scheme",
+        "clientBaseURLIllegalSchemeError": "Base URL uses an illegal scheme",
+        "clientRedirectURIsIllegalSchemeError": "A redirect URI uses an illegal scheme",
+        "clientBaseURLInvalid": "Base URL is not a valid URL",
+        "clientRootURLInvalid": "Root URL is not a valid URL",
+        "clientRedirectURIsInvalid": "A redirect URI is not a valid URI",
+        "pairwiseMalformedClientRedirectURI": "Client contained an invalid redirect URI.",
+        "pairwiseClientRedirectURIsMissingHost": "Client redirect URIs must contain a valid host component.",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.",
+        "pairwiseMalformedSectorIdentifierURI": "Malformed Sector Identifier URI.",
+        "pairwiseFailedToGetRedirectURIs": "Failed to get redirect URIs from the Sector Identifier URI.",
+        "pairwiseRedirectURIsMismatch": "Client redirect URIs does not match redirect URIs fetched from the Sector Identifier URI.",
+    },
+    "es": {
+        "invalidPasswordMinLengthMessage": "Contraseña incorrecta: longitud mínima {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Contraseña incorrecta: debe contener al menos {0} letras minúsculas.",
+        "invalidPasswordMinDigitsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres numéricos.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Contraseña incorrecta: debe contener al menos {0} letras mayúsculas.",
+        "invalidPasswordMinSpecialCharsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres especiales.",
+        "invalidPasswordNotUsernameMessage": "Contraseña incorrecta: no puede ser igual al nombre de usuario.",
+        "invalidPasswordRegexPatternMessage": "Contraseña incorrecta: no cumple la expresión regular.",
+        "invalidPasswordHistoryMessage": "Contraseña incorrecta: no puede ser igual a ninguna de las últimas {0} contraseñas.",
+    },
+    "fr": {
+        "invalidPasswordMinLengthMessage": "Mot de passe invalide : longueur minimale requise de {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Mot de passe invalide : doit contenir au moins {0} lettre(s) en minuscule.",
+        "invalidPasswordMinDigitsMessage": "Mot de passe invalide : doit contenir au moins {0} chiffre(s).",
+        "invalidPasswordMinUpperCaseCharsMessage": "Mot de passe invalide : doit contenir au moins {0} lettre(s) en majuscule.",
+        "invalidPasswordMinSpecialCharsMessage": "Mot de passe invalide : doit contenir au moins {0} caractère(s) spéciaux.",
+        "invalidPasswordNotUsernameMessage": "Mot de passe invalide : ne doit pas être identique au nom d'utilisateur.",
+        "invalidPasswordRegexPatternMessage": "Mot de passe invalide : ne valide pas l'expression rationnelle.",
+        "invalidPasswordHistoryMessage": "Mot de passe invalide : ne doit pas être égal aux {0} derniers mot de passe.",
+    },
+    "it": {},
+    "ja": {
+        "invalidPasswordMinLengthMessage": "無効なパスワード: 最小{0}の長さが必要です。",
+        "invalidPasswordMinLowerCaseCharsMessage": "無効なパスワード: 少なくとも{0}文字の小文字を含む必要があります。",
+        "invalidPasswordMinDigitsMessage": "無効なパスワード: 少なくとも{0}文字の数字を含む必要があります。",
+        "invalidPasswordMinUpperCaseCharsMessage": "無効なパスワード: 少なくとも{0}文字の大文字を含む必要があります。",
+        "invalidPasswordMinSpecialCharsMessage": "無効なパスワード: 少なくとも{0}文字の特殊文字を含む必要があります。",
+        "invalidPasswordNotUsernameMessage": "無効なパスワード: ユーザー名と同じパスワードは禁止されています。",
+        "invalidPasswordRegexPatternMessage": "無効なパスワード: 正規表現パターンと一致しません。",
+        "invalidPasswordHistoryMessage": "無効なパスワード: 最近の{0}パスワードのいずれかと同じパスワードは禁止されています。",
+        "invalidPasswordBlacklistedMessage": "無効なパスワード: パスワードがブラックリストに含まれています。",
+        "invalidPasswordGenericMessage": "無効なパスワード: 新しいパスワードはパスワード・ポリシーと一致しません。",
+        "ldapErrorInvalidCustomFilter": "LDAPフィルターのカスタム設定が、「(」から開始または「)」で終了となっていません。",
+        "ldapErrorConnectionTimeoutNotNumber": "接続タイムアウトは数字でなければなりません",
+        "ldapErrorReadTimeoutNotNumber": "読み取りタイムアウトは数字でなければなりません",
+        "ldapErrorMissingClientId": "レルムロール・マッピングを使用しない場合は、クライアントIDは設定内で提供される必要があります。",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType":
+            "グループの継承を維持することと、UIDメンバーシップ・タイプを使用することは同時にできません。",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "LDAPプロバイダー・モードがWRITABLEではない場合は、write onlyを設定することはできません。",
+        "ldapErrorCantWriteOnlyAndReadOnly": "write-onlyとread-onlyを一緒に設定することはできません。",
+        "ldapErrorCantEnableStartTlsAndConnectionPooling": "StartTLSと接続プーリングの両方を有効にできません。",
+        "clientRedirectURIsFragmentError": "リダイレクトURIにURIフラグメントを含めることはできません。",
+        "clientRootURLFragmentError": "ルートURLにURLフラグメントを含めることはできません。",
+        "pairwiseMalformedClientRedirectURI": "クライアントに無効なリダイレクトURIが含まれていました。",
+        "pairwiseClientRedirectURIsMissingHost": "クライアントのリダイレクトURIには有効なホスト・コンポーネントが含まれている必要があります。",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "設定されたセレクター識別子URIがない場合は、クライアントのリダイレクトURIは複数のホスト・コンポーネントを含むことはできません。",
+        "pairwiseMalformedSectorIdentifierURI": "不正なセレクター識別子URIです。",
+        "pairwiseFailedToGetRedirectURIs": "セクター識別子URIからリダイレクトURIを取得できませんでした。",
+        "pairwiseRedirectURIsMismatch": "クライアントのリダイレクトURIは、セクター識別子URIからフェッチされたリダイレクトURIと一致しません。",
+    },
+    "lt": {
+        "invalidPasswordMinLengthMessage": "Per trumpas slaptažodis: mažiausias ilgis {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} mažąją raidę.",
+        "invalidPasswordMinDigitsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} skaitmenį.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} didžiąją raidę.",
+        "invalidPasswordMinSpecialCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} specialų simbolį.",
+        "invalidPasswordNotUsernameMessage": "Neteisingas slaptažodis: slaptažodis negali sutapti su naudotojo vardu.",
+        "invalidPasswordRegexPatternMessage": "Neteisingas slaptažodis: slaptažodis netenkina regex taisyklės(ių).",
+        "invalidPasswordHistoryMessage": "Neteisingas slaptažodis: slaptažodis negali sutapti su prieš tai buvusiais {0} slaptažodžiais.",
+        "ldapErrorInvalidCustomFilter": 'Sukonfigūruotas LDAP filtras neprasideda "(" ir nesibaigia ")" simboliais.',
+        "ldapErrorMissingClientId": "Privaloma nurodyti kliento ID kai srities rolių susiejimas nėra nenaudojamas.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Grupių paveldėjimo ir UID narystės tipas kartu negali būti naudojami.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Negalima nustatyti rašymo rėžimo kuomet LDAP teikėjo rėžimas ne WRITABLE",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Negalima nustatyti tik rašyti ir tik skaityti kartu",
+        "clientRedirectURIsFragmentError": "Nurodykite URI fragmentą, kurio negali būti peradresuojamuose URI adresuose",
+        "clientRootURLFragmentError": "Nurodykite URL fragmentą, kurio negali būti šakniniame URL adrese",
+        "pairwiseMalformedClientRedirectURI": "Klientas pateikė neteisingą nukreipimo nuorodą.",
+        "pairwiseClientRedirectURIsMissingHost": "Kliento nukreipimo nuorodos privalo būti nurodytos su serverio vardo komponentu.",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Kuomet nesukonfigūruotas sektoriaus identifikatoriaus URL, kliento nukreipimo nuorodos privalo talpinti ne daugiau kaip vieną skirtingą serverio vardo komponentą.",
+        "pairwiseMalformedSectorIdentifierURI": "Neteisinga sektoriaus identifikatoriaus URI.",
+        "pairwiseFailedToGetRedirectURIs": "Nepavyko gauti nukreipimo nuorodų iš sektoriaus identifikatoriaus URI.",
+        "pairwiseRedirectURIsMismatch": "Kliento nukreipimo nuoroda neatitinka nukreipimo nuorodų iš sektoriaus identifikatoriaus URI.",
+    },
+    "nl": {
+        "invalidPasswordMinLengthMessage": "Ongeldig wachtwoord: de minimale lengte is {0} karakters.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} kleine letters bevatten.",
+        "invalidPasswordMinDigitsMessage": "Ongeldig wachtwoord: het moet minstens {0} getallen bevatten.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} hoofdletters bevatten.",
+        "invalidPasswordMinSpecialCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} speciale karakters bevatten.",
+        "invalidPasswordNotUsernameMessage": "Ongeldig wachtwoord: het mag niet overeenkomen met de gebruikersnaam.",
+        "invalidPasswordRegexPatternMessage": "Ongeldig wachtwoord: het voldoet niet aan het door de beheerder ingestelde patroon.",
+        "invalidPasswordHistoryMessage": "Ongeldig wachtwoord: het mag niet overeen komen met een van de laatste {0} wachtwoorden.",
+        "invalidPasswordGenericMessage": "Ongeldig wachtwoord: het nieuwe wachtwoord voldoet niet aan het wachtwoordbeleid.",
+        "ldapErrorInvalidCustomFilter": 'LDAP filter met aangepaste configuratie start niet met "(" of eindigt niet met ")".',
+        "ldapErrorConnectionTimeoutNotNumber": "Verbindingstimeout moet een getal zijn",
+        "ldapErrorReadTimeoutNotNumber": "Lees-timeout moet een getal zijn",
+        "ldapErrorMissingClientId": "Client ID moet ingesteld zijn als Realm Roles Mapping niet gebruikt wordt.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Kan groepsovererving niet behouden bij UID-lidmaatschapstype.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Alleen-schrijven niet mogelijk als LDAP provider mode niet WRITABLE is",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Alleen-schrijven en alleen-lezen mogen niet tegelijk ingesteld zijn",
+        "clientRedirectURIsFragmentError": "Redirect URIs mogen geen URI fragment bevatten",
+        "clientRootURLFragmentError": "Root URL mag geen URL fragment bevatten",
+        "pairwiseMalformedClientRedirectURI": "Client heeft een ongeldige redirect URI.",
+        "pairwiseClientRedirectURIsMissingHost": "Client redirect URIs moeten een geldige host-component bevatten.",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Zonder een geconfigureerde Sector Identifier URI mogen client redirect URIs niet meerdere host componenten hebben.",
+        "pairwiseMalformedSectorIdentifierURI": "Onjuist notatie in Sector Identifier URI.",
+        "pairwiseFailedToGetRedirectURIs": "Kon geen redirect URIs verkrijgen van de Sector Identifier URI.",
+        "pairwiseRedirectURIsMismatch": "Client redirect URIs komen niet overeen met redict URIs ontvangen van de Sector Identifier URI.",
+    },
+    "no": {
+        "invalidPasswordMinLengthMessage": "Ugyldig passord: minimum lengde {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Ugyldig passord: må inneholde minst {0} små bokstaver.",
+        "invalidPasswordMinDigitsMessage": "Ugyldig passord: må inneholde minst {0} sifre.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Ugyldig passord: må inneholde minst {0} store bokstaver.",
+        "invalidPasswordMinSpecialCharsMessage": "Ugyldig passord: må inneholde minst {0} spesialtegn.",
+        "invalidPasswordNotUsernameMessage": "Ugyldig passord: kan ikke være likt brukernavn.",
+        "invalidPasswordRegexPatternMessage": "Ugyldig passord: tilfredsstiller ikke kravene for passord-mønster.",
+        "invalidPasswordHistoryMessage": "Ugyldig passord: kan ikke være likt noen av de {0} foregående passordene.",
+        "ldapErrorInvalidCustomFilter": 'Tilpasset konfigurasjon av LDAP-filter starter ikke med "(" eller slutter ikke med ")".',
+        "ldapErrorMissingClientId": "KlientID må være tilgjengelig i config når sikkerhetsdomenerollemapping ikke brukes.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Ikke mulig å bevare gruppearv og samtidig bruke UID medlemskapstype.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Kan ikke sette write-only når LDAP leverandør-modus ikke er WRITABLE",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Kan ikke sette både write-only og read-only",
+    },
+    "pl": {},
+    "pt-BR": {
+        "invalidPasswordMinLengthMessage": "Senha inválida: deve conter ao menos {0} caracteres.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres minúsculos.",
+        "invalidPasswordMinDigitsMessage": "Senha inválida: deve conter ao menos {0} digitos numéricos.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres maiúsculos.",
+        "invalidPasswordMinSpecialCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres especiais.",
+        "invalidPasswordNotUsernameMessage": "Senha inválida: não deve ser igual ao nome de usuário.",
+        "invalidPasswordRegexPatternMessage": "Senha inválida: falha ao passar por padrões.",
+        "invalidPasswordHistoryMessage": "Senha inválida: não deve ser igual às últimas {0} senhas.",
+        "ldapErrorInvalidCustomFilter": 'Filtro LDAP não inicia com "(" ou não termina com ")".',
+        "ldapErrorMissingClientId": "ID do cliente precisa ser definido na configuração quando mapeamentos de Roles do Realm não é utilizado.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType":
+            "Não é possível preservar herança de grupos e usar tipo de associação de UID ao mesmo tempo.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Não é possível definir modo de somente escrita quando o provedor LDAP não suporta escrita",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Não é possível definir somente escrita e somente leitura ao mesmo tempo",
+        "clientRedirectURIsFragmentError": "URIs de redirecionamento não podem conter fragmentos",
+        "clientRootURLFragmentError": "URL raiz não pode conter fragmentos",
+    },
+    "ru": {
+        "invalidPasswordMinLengthMessage": "Некорректный пароль: длина пароля должна быть не менее {0} символов(а).",
+        "invalidPasswordMinDigitsMessage": "Некорректный пароль: должен содержать не менее {0} цифр(ы).",
+        "invalidPasswordMinLowerCaseCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} символов(а) в нижнем регистре.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} символов(а) в верхнем регистре.",
+        "invalidPasswordMinSpecialCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} спецсимволов(а).",
+        "invalidPasswordNotUsernameMessage": "Некорректный пароль: пароль не должен совпадать с именем пользователя.",
+        "invalidPasswordRegexPatternMessage": "Некорректный пароль: пароль не прошел проверку по регулярному выражению.",
+        "invalidPasswordHistoryMessage": "Некорректный пароль: пароль не должен совпадать с последним(и) {0} паролем(ями).",
+        "invalidPasswordGenericMessage": "Некорректный пароль: новый пароль не соответствует правилам пароля.",
+        "ldapErrorInvalidCustomFilter": 'Сконфигурированный пользователем фильтр LDAP не должен начинаться с "(" или заканчиваться на ")".',
+        "ldapErrorMissingClientId": "Client ID должен быть настроен в конфигурации, если не используется сопоставление ролей в realm.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Не удалось унаследовать группу и использовать членство UID типа вместе.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": 'Невозможно установить режим "только на запись", когда LDAP провайдер не в режиме WRITABLE',
+        "ldapErrorCantWriteOnlyAndReadOnly": 'Невозможно одновременно установить режимы "только на чтение" и "только на запись"',
+        "clientRedirectURIsFragmentError": "URI перенаправления не должен содержать фрагмент URI",
+        "clientRootURLFragmentError": "Корневой URL не должен содержать фрагмент URL ",
+        "pairwiseMalformedClientRedirectURI": "Клиент содержит некорректный URI перенаправления.",
+        "pairwiseClientRedirectURIsMissingHost": "URI перенаправления клиента должен содержать корректный компонент хоста.",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Без конфигурации по части идентификатора URI, URI перенаправления клиента не может содержать несколько компонентов хоста.",
+        "pairwiseMalformedSectorIdentifierURI": "Искаженная часть идентификатора URI.",
+        "pairwiseFailedToGetRedirectURIs": "Не удалось получить идентификаторы URI перенаправления из части идентификатора URI.",
+        "pairwiseRedirectURIsMismatch": "Клиент URI переадресации не соответствует URI переадресации, полученной из части идентификатора URI.",
+    },
+    "zh-CN": {
+        "invalidPasswordMinLengthMessage": "无效的密码：最短长度 {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "无效的密码：至少包含 {0} 小写字母",
+        "invalidPasswordMinDigitsMessage": "无效的密码：至少包含 {0} 个数字",
+        "invalidPasswordMinUpperCaseCharsMessage": "无效的密码：最短长度 {0} 大写字母",
+        "invalidPasswordMinSpecialCharsMessage": "无效的密码：最短长度 {0} 特殊字符",
+        "invalidPasswordNotUsernameMessage": "无效的密码： 不可以与用户名相同",
+        "invalidPasswordRegexPatternMessage": "无效的密码： 无法与正则表达式匹配",
+        "invalidPasswordHistoryMessage": "无效的密码：不能与最后使用的 {0} 个密码相同",
+        "ldapErrorInvalidCustomFilter": '定制的 LDAP过滤器不是以 "(" 开头或以 ")"结尾.',
+        "ldapErrorConnectionTimeoutNotNumber": "Connection Timeout 必须是个数字",
+        "ldapErrorMissingClientId": "当域角色映射未启用时，客户端 ID 需要指定。",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "无法在使用UID成员类型的同时维护组继承属性。",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "当LDAP提供方不是可写模式时，无法设置只写",
+        "ldapErrorCantWriteOnlyAndReadOnly": "无法同时设置只读和只写",
+        "clientRedirectURIsFragmentError": "重定向URL不应包含URI片段",
+        "clientRootURLFragmentError": "根URL 不应包含 URL 片段",
+        "pairwiseMalformedClientRedirectURI": "客户端包含一个无效的重定向URL",
+        "pairwiseClientRedirectURIsMissingHost": "客户端重定向URL需要有一个有效的主机",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.",
+        "pairwiseMalformedSectorIdentifierURI": "Malformed Sector Identifier URI.",
+        "pairwiseFailedToGetRedirectURIs": "无法从服务器获得重定向URL",
+        "pairwiseRedirectURIsMismatch": "客户端的重定向URI与服务器端获取的URI配置不匹配。",
+    },
 };
-/* spell-checker: enable */
+/* spell-checker: enable */
--- a/src/lib/i18n/generated_kcMessages/11.0.3/email.ts
+++ b/src/lib/i18n/generated_kcMessages/11.0.3/email.ts
--- a/src/lib/i18n/generated_kcMessages/11.0.3/login.ts
+++ b/src/lib/i18n/generated_kcMessages/11.0.3/login.ts
--- a/src/lib/i18n/generated_kcMessages/15.0.2/account.ts
+++ b/src/lib/i18n/generated_kcMessages/15.0.2/account.ts
--- a/src/lib/i18n/generated_kcMessages/15.0.2/admin.ts
+++ b/src/lib/i18n/generated_kcMessages/15.0.2/admin.ts
@ -2,268 +2,277 @@
 //PLEASE DO NOT EDIT MANUALLY

 /* spell-checker: disable */
-export const kcMessages= {
-  "ca": {
-    "invalidPasswordHistoryMessage": "Contrasenya incorrecta: no pot ser igual a cap de les últimes {0} contrasenyes.",
-    "invalidPasswordMinDigitsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres numéricos.",
-    "invalidPasswordMinLengthMessage": "Contrasenya incorrecta: longitud mínima {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} lletres minúscules.",
-    "invalidPasswordMinSpecialCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} caràcters especials.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} lletres majúscules.",
-    "invalidPasswordNotUsernameMessage": "Contrasenya incorrecta: no pot ser igual al nom d'usuari.",
-    "invalidPasswordRegexPatternMessage": "Contrasenya incorrecta: no compleix l'expressió regular."
-  },
-  "de": {
-    "invalidPasswordMinLengthMessage": "Ungültiges Passwort: muss mindestens {0} Zeichen beinhalten.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Ungültiges Passwort: muss mindestens {0} Kleinbuchstaben beinhalten.",
-    "invalidPasswordMinDigitsMessage": "Ungültiges Passwort: muss mindestens {0} Ziffern beinhalten.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Ungültiges Passwort: muss mindestens {0} Großbuchstaben beinhalten.",
-    "invalidPasswordMinSpecialCharsMessage": "Ungültiges Passwort: muss mindestens {0} Sonderzeichen beinhalten.",
-    "invalidPasswordNotUsernameMessage": "Ungültiges Passwort: darf nicht identisch mit dem Benutzernamen sein.",
-    "invalidPasswordNotEmailMessage": "Ungültiges Passwort: darf nicht identisch mit der E-Mail-Adresse sein.",
-    "invalidPasswordRegexPatternMessage": "Ungültiges Passwort: stimmt nicht mit Regex-Muster überein.",
-    "invalidPasswordHistoryMessage": "Ungültiges Passwort: darf nicht identisch mit einem der letzten {0} Passwörter sein.",
-    "invalidPasswordBlacklistedMessage": "Ungültiges Passwort: Passwort ist zu bekannt und auf der schwarzen Liste.",
-    "invalidPasswordGenericMessage": "Ungültiges Passwort: neues Passwort erfüllt die Passwort-Anforderungen nicht."
-  },
-  "en": {
-    "invalidPasswordMinLengthMessage": "Invalid password: minimum length {0}.",
-    "invalidPasswordMaxLengthMessage": "Invalid password: maximum length {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Invalid password: must contain at least {0} lower case characters.",
-    "invalidPasswordMinDigitsMessage": "Invalid password: must contain at least {0} numerical digits.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Invalid password: must contain at least {0} upper case characters.",
-    "invalidPasswordMinSpecialCharsMessage": "Invalid password: must contain at least {0} special characters.",
-    "invalidPasswordNotUsernameMessage": "Invalid password: must not be equal to the username.",
-    "invalidPasswordNotEmailMessage": "Invalid password: must not be equal to the email.",
-    "invalidPasswordRegexPatternMessage": "Invalid password: fails to match regex pattern(s).",
-    "invalidPasswordHistoryMessage": "Invalid password: must not be equal to any of last {0} passwords.",
-    "invalidPasswordBlacklistedMessage": "Invalid password: password is blacklisted.",
-    "invalidPasswordGenericMessage": "Invalid password: new password does not match password policies.",
-    "ldapErrorInvalidCustomFilter": "Custom configured LDAP filter does not start with \"(\" or does not end with \")\".",
-    "ldapErrorConnectionTimeoutNotNumber": "Connection Timeout must be a number",
-    "ldapErrorReadTimeoutNotNumber": "Read Timeout must be a number",
-    "ldapErrorMissingClientId": "Client ID needs to be provided in config when Realm Roles Mapping is not used.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Not possible to preserve group inheritance and use UID membership type together.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Can not set write only when LDAP provider mode is not WRITABLE",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Can not set write-only and read-only together",
-    "ldapErrorCantEnableStartTlsAndConnectionPooling": "Can not enable both StartTLS and connection pooling.",
-    "ldapErrorCantEnableUnsyncedAndImportOff": "Can not disable Importing users when LDAP provider mode is UNSYNCED",
-    "ldapErrorMissingGroupsPathGroup": "Groups path group does not exist - please create the group on specified path first",
-    "clientRedirectURIsFragmentError": "Redirect URIs must not contain an URI fragment",
-    "clientRootURLFragmentError": "Root URL must not contain an URL fragment",
-    "clientRootURLIllegalSchemeError": "Root URL uses an illegal scheme",
-    "clientBaseURLIllegalSchemeError": "Base URL uses an illegal scheme",
-    "backchannelLogoutUrlIllegalSchemeError": "Backchannel logout URL uses an illegal scheme",
-    "clientRedirectURIsIllegalSchemeError": "A redirect URI uses an illegal scheme",
-    "clientBaseURLInvalid": "Base URL is not a valid URL",
-    "clientRootURLInvalid": "Root URL is not a valid URL",
-    "clientRedirectURIsInvalid": "A redirect URI is not a valid URI",
-    "backchannelLogoutUrlIsInvalid": "Backchannel logout URL is not a valid URL",
-    "pairwiseMalformedClientRedirectURI": "Client contained an invalid redirect URI.",
-    "pairwiseClientRedirectURIsMissingHost": "Client redirect URIs must contain a valid host component.",
-    "pairwiseClientRedirectURIsMultipleHosts": "Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.",
-    "pairwiseMalformedSectorIdentifierURI": "Malformed Sector Identifier URI.",
-    "pairwiseFailedToGetRedirectURIs": "Failed to get redirect URIs from the Sector Identifier URI.",
-    "pairwiseRedirectURIsMismatch": "Client redirect URIs does not match redirect URIs fetched from the Sector Identifier URI.",
-    "error-invalid-value": "Invalid value.",
-    "error-invalid-blank": "Please specify value.",
-    "error-empty": "Please specify value.",
-    "error-invalid-length": "Attribute {0} must have a length between {1} and {2}.",
-    "error-invalid-length-too-short": "Attribute {0} must have minimal length of {1}.",
-    "error-invalid-length-too-long": "Attribute {0} must have maximal length of {2}.",
-    "error-invalid-email": "Invalid email address.",
-    "error-invalid-number": "Invalid number.",
-    "error-number-out-of-range": "Attribute {0} must be a number between {1} and {2}.",
-    "error-number-out-of-range-too-small": "Attribute {0} must have minimal value of {1}.",
-    "error-number-out-of-range-too-big": "Attribute {0} must have maximal value of {2}.",
-    "error-pattern-no-match": "Invalid value.",
-    "error-invalid-uri": "Invalid URL.",
-    "error-invalid-uri-scheme": "Invalid URL scheme.",
-    "error-invalid-uri-fragment": "Invalid URL fragment.",
-    "error-user-attribute-required": "Please specify attribute {0}.",
-    "error-invalid-date": "Attribute {0} is invalid date.",
-    "error-user-attribute-read-only": "Attribute {0} is read only.",
-    "error-username-invalid-character": "{0} contains invalid character.",
-    "error-person-name-invalid-character": "{0} contains invalid character."
-  },
-  "es": {
-    "invalidPasswordMinLengthMessage": "Contraseña incorrecta: longitud mínima {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Contraseña incorrecta: debe contener al menos {0} letras minúsculas.",
-    "invalidPasswordMinDigitsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres numéricos.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Contraseña incorrecta: debe contener al menos {0} letras mayúsculas.",
-    "invalidPasswordMinSpecialCharsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres especiales.",
-    "invalidPasswordNotUsernameMessage": "Contraseña incorrecta: no puede ser igual al nombre de usuario.",
-    "invalidPasswordRegexPatternMessage": "Contraseña incorrecta: no cumple la expresión regular.",
-    "invalidPasswordHistoryMessage": "Contraseña incorrecta: no puede ser igual a ninguna de las últimas {0} contraseñas."
-  },
-  "fr": {
-    "invalidPasswordMinLengthMessage": "Mot de passe invalide : longueur minimale requise de {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Mot de passe invalide : doit contenir au moins {0} lettre(s) en minuscule.",
-    "invalidPasswordMinDigitsMessage": "Mot de passe invalide : doit contenir au moins {0} chiffre(s).",
-    "invalidPasswordMinUpperCaseCharsMessage": "Mot de passe invalide : doit contenir au moins {0} lettre(s) en majuscule.",
-    "invalidPasswordMinSpecialCharsMessage": "Mot de passe invalide : doit contenir au moins {0} caractère(s) spéciaux.",
-    "invalidPasswordNotUsernameMessage": "Mot de passe invalide : ne doit pas être identique au nom d'utilisateur.",
-    "invalidPasswordRegexPatternMessage": "Mot de passe invalide : ne valide pas l'expression rationnelle.",
-    "invalidPasswordHistoryMessage": "Mot de passe invalide : ne doit pas être égal aux {0} derniers mot de passe."
-  },
-  "it": {},
-  "ja": {
-    "invalidPasswordMinLengthMessage": "無効なパスワード: 最小{0}の長さが必要です。",
-    "invalidPasswordMinLowerCaseCharsMessage": "無効なパスワード: 少なくとも{0}文字の小文字を含む必要があります。",
-    "invalidPasswordMinDigitsMessage": "無効なパスワード: 少なくとも{0}文字の数字を含む必要があります。",
-    "invalidPasswordMinUpperCaseCharsMessage": "無効なパスワード: 少なくとも{0}文字の大文字を含む必要があります。",
-    "invalidPasswordMinSpecialCharsMessage": "無効なパスワード: 少なくとも{0}文字の特殊文字を含む必要があります。",
-    "invalidPasswordNotUsernameMessage": "無効なパスワード: ユーザー名と同じパスワードは禁止されています。",
-    "invalidPasswordRegexPatternMessage": "無効なパスワード: 正規表現パターンと一致しません。",
-    "invalidPasswordHistoryMessage": "無効なパスワード: 最近の{0}パスワードのいずれかと同じパスワードは禁止されています。",
-    "invalidPasswordBlacklistedMessage": "無効なパスワード: パスワードがブラックリストに含まれています。",
-    "invalidPasswordGenericMessage": "無効なパスワード: 新しいパスワードはパスワード・ポリシーと一致しません。",
-    "ldapErrorInvalidCustomFilter": "LDAPフィルターのカスタム設定が、「(」から開始または「)」で終了となっていません。",
-    "ldapErrorConnectionTimeoutNotNumber": "接続タイムアウトは数字でなければなりません",
-    "ldapErrorReadTimeoutNotNumber": "読み取りタイムアウトは数字でなければなりません",
-    "ldapErrorMissingClientId": "レルムロール・マッピングを使用しない場合は、クライアントIDは設定内で提供される必要があります。",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "グループの継承を維持することと、UIDメンバーシップ・タイプを使用することは同時にできません。",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "LDAPプロバイダー・モードがWRITABLEではない場合は、write onlyを設定することはできません。",
-    "ldapErrorCantWriteOnlyAndReadOnly": "write-onlyとread-onlyを一緒に設定することはできません。",
-    "ldapErrorCantEnableStartTlsAndConnectionPooling": "StartTLSと接続プーリングの両方を有効にできません。",
-    "clientRedirectURIsFragmentError": "リダイレクトURIにURIフラグメントを含めることはできません。",
-    "clientRootURLFragmentError": "ルートURLにURLフラグメントを含めることはできません。",
-    "pairwiseMalformedClientRedirectURI": "クライアントに無効なリダイレクトURIが含まれていました。",
-    "pairwiseClientRedirectURIsMissingHost": "クライアントのリダイレクトURIには有効なホスト・コンポーネントが含まれている必要があります。",
-    "pairwiseClientRedirectURIsMultipleHosts": "設定されたセレクター識別子URIがない場合は、クライアントのリダイレクトURIは複数のホスト・コンポーネントを含むことはできません。",
-    "pairwiseMalformedSectorIdentifierURI": "不正なセレクター識別子URIです。",
-    "pairwiseFailedToGetRedirectURIs": "セクター識別子URIからリダイレクトURIを取得できませんでした。",
-    "pairwiseRedirectURIsMismatch": "クライアントのリダイレクトURIは、セクター識別子URIからフェッチされたリダイレクトURIと一致しません。"
-  },
-  "lt": {
-    "invalidPasswordMinLengthMessage": "Per trumpas slaptažodis: mažiausias ilgis {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} mažąją raidę.",
-    "invalidPasswordMinDigitsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} skaitmenį.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} didžiąją raidę.",
-    "invalidPasswordMinSpecialCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} specialų simbolį.",
-    "invalidPasswordNotUsernameMessage": "Neteisingas slaptažodis: slaptažodis negali sutapti su naudotojo vardu.",
-    "invalidPasswordRegexPatternMessage": "Neteisingas slaptažodis: slaptažodis netenkina regex taisyklės(ių).",
-    "invalidPasswordHistoryMessage": "Neteisingas slaptažodis: slaptažodis negali sutapti su prieš tai buvusiais {0} slaptažodžiais.",
-    "ldapErrorInvalidCustomFilter": "Sukonfigūruotas LDAP filtras neprasideda \"(\" ir nesibaigia \")\" simboliais.",
-    "ldapErrorMissingClientId": "Privaloma nurodyti kliento ID kai srities rolių susiejimas nėra nenaudojamas.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Grupių paveldėjimo ir UID narystės tipas kartu negali būti naudojami.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Negalima nustatyti rašymo rėžimo kuomet LDAP teikėjo rėžimas ne WRITABLE",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Negalima nustatyti tik rašyti ir tik skaityti kartu",
-    "clientRedirectURIsFragmentError": "Nurodykite URI fragmentą, kurio negali būti peradresuojamuose URI adresuose",
-    "clientRootURLFragmentError": "Nurodykite URL fragmentą, kurio negali būti šakniniame URL adrese",
-    "pairwiseMalformedClientRedirectURI": "Klientas pateikė neteisingą nukreipimo nuorodą.",
-    "pairwiseClientRedirectURIsMissingHost": "Kliento nukreipimo nuorodos privalo būti nurodytos su serverio vardo komponentu.",
-    "pairwiseClientRedirectURIsMultipleHosts": "Kuomet nesukonfigūruotas sektoriaus identifikatoriaus URL, kliento nukreipimo nuorodos privalo talpinti ne daugiau kaip vieną skirtingą serverio vardo komponentą.",
-    "pairwiseMalformedSectorIdentifierURI": "Neteisinga sektoriaus identifikatoriaus URI.",
-    "pairwiseFailedToGetRedirectURIs": "Nepavyko gauti nukreipimo nuorodų iš sektoriaus identifikatoriaus URI.",
-    "pairwiseRedirectURIsMismatch": "Kliento nukreipimo nuoroda neatitinka nukreipimo nuorodų iš sektoriaus identifikatoriaus URI."
-  },
-  "nl": {
-    "invalidPasswordMinLengthMessage": "Ongeldig wachtwoord: de minimale lengte is {0} karakters.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} kleine letters bevatten.",
-    "invalidPasswordMinDigitsMessage": "Ongeldig wachtwoord: het moet minstens {0} getallen bevatten.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} hoofdletters bevatten.",
-    "invalidPasswordMinSpecialCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} speciale karakters bevatten.",
-    "invalidPasswordNotUsernameMessage": "Ongeldig wachtwoord: het mag niet overeenkomen met de gebruikersnaam.",
-    "invalidPasswordRegexPatternMessage": "Ongeldig wachtwoord: het voldoet niet aan het door de beheerder ingestelde patroon.",
-    "invalidPasswordHistoryMessage": "Ongeldig wachtwoord: het mag niet overeen komen met een van de laatste {0} wachtwoorden.",
-    "invalidPasswordGenericMessage": "Ongeldig wachtwoord: het nieuwe wachtwoord voldoet niet aan het wachtwoordbeleid.",
-    "ldapErrorInvalidCustomFilter": "LDAP filter met aangepaste configuratie start niet met \"(\" of eindigt niet met \")\".",
-    "ldapErrorConnectionTimeoutNotNumber": "Verbindingstimeout moet een getal zijn",
-    "ldapErrorReadTimeoutNotNumber": "Lees-timeout moet een getal zijn",
-    "ldapErrorMissingClientId": "Client ID moet ingesteld zijn als Realm Roles Mapping niet gebruikt wordt.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Kan groepsovererving niet behouden bij UID-lidmaatschapstype.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Alleen-schrijven niet mogelijk als LDAP provider mode niet WRITABLE is",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Alleen-schrijven en alleen-lezen mogen niet tegelijk ingesteld zijn",
-    "clientRedirectURIsFragmentError": "Redirect URIs mogen geen URI fragment bevatten",
-    "clientRootURLFragmentError": "Root URL mag geen URL fragment bevatten",
-    "pairwiseMalformedClientRedirectURI": "Client heeft een ongeldige redirect URI.",
-    "pairwiseClientRedirectURIsMissingHost": "Client redirect URIs moeten een geldige host-component bevatten.",
-    "pairwiseClientRedirectURIsMultipleHosts": "Zonder een geconfigureerde Sector Identifier URI mogen client redirect URIs niet meerdere host componenten hebben.",
-    "pairwiseMalformedSectorIdentifierURI": "Onjuist notatie in Sector Identifier URI.",
-    "pairwiseFailedToGetRedirectURIs": "Kon geen redirect URIs verkrijgen van de Sector Identifier URI.",
-    "pairwiseRedirectURIsMismatch": "Client redirect URIs komen niet overeen met redict URIs ontvangen van de Sector Identifier URI."
-  },
-  "no": {
-    "invalidPasswordMinLengthMessage": "Ugyldig passord: minimum lengde {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Ugyldig passord: må inneholde minst {0} små bokstaver.",
-    "invalidPasswordMinDigitsMessage": "Ugyldig passord: må inneholde minst {0} sifre.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Ugyldig passord: må inneholde minst {0} store bokstaver.",
-    "invalidPasswordMinSpecialCharsMessage": "Ugyldig passord: må inneholde minst {0} spesialtegn.",
-    "invalidPasswordNotUsernameMessage": "Ugyldig passord: kan ikke være likt brukernavn.",
-    "invalidPasswordRegexPatternMessage": "Ugyldig passord: tilfredsstiller ikke kravene for passord-mønster.",
-    "invalidPasswordHistoryMessage": "Ugyldig passord: kan ikke være likt noen av de {0} foregående passordene.",
-    "ldapErrorInvalidCustomFilter": "Tilpasset konfigurasjon av LDAP-filter starter ikke med \"(\" eller slutter ikke med \")\".",
-    "ldapErrorMissingClientId": "KlientID må være tilgjengelig i config når sikkerhetsdomenerollemapping ikke brukes.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Ikke mulig å bevare gruppearv og samtidig bruke UID medlemskapstype.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Kan ikke sette write-only når LDAP leverandør-modus ikke er WRITABLE",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Kan ikke sette både write-only og read-only"
-  },
-  "pl": {},
-  "pt-BR": {
-    "invalidPasswordMinLengthMessage": "Senha inválida: deve conter ao menos {0} caracteres.",
-    "invalidPasswordMinLowerCaseCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres minúsculos.",
-    "invalidPasswordMinDigitsMessage": "Senha inválida: deve conter ao menos {0} digitos numéricos.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres maiúsculos.",
-    "invalidPasswordMinSpecialCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres especiais.",
-    "invalidPasswordNotUsernameMessage": "Senha inválida: não deve ser igual ao nome de usuário.",
-    "invalidPasswordRegexPatternMessage": "Senha inválida: falha ao passar por padrões.",
-    "invalidPasswordHistoryMessage": "Senha inválida: não deve ser igual às últimas {0} senhas.",
-    "ldapErrorInvalidCustomFilter": "Filtro LDAP não inicia com \"(\" ou não termina com \")\".",
-    "ldapErrorMissingClientId": "ID do cliente precisa ser definido na configuração quando mapeamentos de Roles do Realm não é utilizado.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Não é possível preservar herança de grupos e usar tipo de associação de UID ao mesmo tempo.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Não é possível definir modo de somente escrita quando o provedor LDAP não suporta escrita",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Não é possível definir somente escrita e somente leitura ao mesmo tempo",
-    "clientRedirectURIsFragmentError": "URIs de redirecionamento não podem conter fragmentos",
-    "clientRootURLFragmentError": "URL raiz não pode conter fragmentos"
-  },
-  "ru": {
-    "invalidPasswordMinLengthMessage": "Некорректный пароль: длина пароля должна быть не менее {0} символов(а).",
-    "invalidPasswordMinDigitsMessage": "Некорректный пароль: должен содержать не менее {0} цифр(ы).",
-    "invalidPasswordMinLowerCaseCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} символов(а) в нижнем регистре.",
-    "invalidPasswordMinUpperCaseCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} символов(а) в верхнем регистре.",
-    "invalidPasswordMinSpecialCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} спецсимволов(а).",
-    "invalidPasswordNotUsernameMessage": "Некорректный пароль: пароль не должен совпадать с именем пользователя.",
-    "invalidPasswordRegexPatternMessage": "Некорректный пароль: пароль не прошел проверку по регулярному выражению.",
-    "invalidPasswordHistoryMessage": "Некорректный пароль: пароль не должен совпадать с последним(и) {0} паролем(ями).",
-    "invalidPasswordGenericMessage": "Некорректный пароль: новый пароль не соответствует правилам пароля.",
-    "ldapErrorInvalidCustomFilter": "Сконфигурированный пользователем фильтр LDAP не должен начинаться с \"(\" или заканчиваться на \")\".",
-    "ldapErrorMissingClientId": "Client ID должен быть настроен в конфигурации, если не используется сопоставление ролей в realm.",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Не удалось унаследовать группу и использовать членство UID типа вместе.",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "Невозможно установить режим \"только на запись\", когда LDAP провайдер не в режиме WRITABLE",
-    "ldapErrorCantWriteOnlyAndReadOnly": "Невозможно одновременно установить режимы \"только на чтение\" и \"только на запись\"",
-    "clientRedirectURIsFragmentError": "URI перенаправления не должен содержать фрагмент URI",
-    "clientRootURLFragmentError": "Корневой URL не должен содержать фрагмент URL ",
-    "pairwiseMalformedClientRedirectURI": "Клиент содержит некорректный URI перенаправления.",
-    "pairwiseClientRedirectURIsMissingHost": "URI перенаправления клиента должен содержать корректный компонент хоста.",
-    "pairwiseClientRedirectURIsMultipleHosts": "Без конфигурации по части идентификатора URI, URI перенаправления клиента не может содержать несколько компонентов хоста.",
-    "pairwiseMalformedSectorIdentifierURI": "Искаженная часть идентификатора URI.",
-    "pairwiseFailedToGetRedirectURIs": "Не удалось получить идентификаторы URI перенаправления из части идентификатора URI.",
-    "pairwiseRedirectURIsMismatch": "Клиент URI переадресации не соответствует URI переадресации, полученной из части идентификатора URI."
-  },
-  "zh-CN": {
-    "invalidPasswordMinLengthMessage": "无效的密码：最短长度 {0}.",
-    "invalidPasswordMinLowerCaseCharsMessage": "无效的密码：至少包含 {0} 小写字母",
-    "invalidPasswordMinDigitsMessage": "无效的密码：至少包含 {0} 个数字",
-    "invalidPasswordMinUpperCaseCharsMessage": "无效的密码：最短长度 {0} 大写字母",
-    "invalidPasswordMinSpecialCharsMessage": "无效的密码：最短长度 {0} 特殊字符",
-    "invalidPasswordNotUsernameMessage": "无效的密码： 不可以与用户名相同",
-    "invalidPasswordRegexPatternMessage": "无效的密码： 无法与正则表达式匹配",
-    "invalidPasswordHistoryMessage": "无效的密码：不能与最后使用的 {0} 个密码相同",
-    "ldapErrorInvalidCustomFilter": "定制的 LDAP过滤器不是以 \"(\" 开头或以 \")\"结尾.",
-    "ldapErrorConnectionTimeoutNotNumber": "Connection Timeout 必须是个数字",
-    "ldapErrorMissingClientId": "当域角色映射未启用时，客户端 ID 需要指定。",
-    "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "无法在使用UID成员类型的同时维护组继承属性。",
-    "ldapErrorCantWriteOnlyForReadOnlyLdap": "当LDAP提供方不是可写模式时，无法设置只写",
-    "ldapErrorCantWriteOnlyAndReadOnly": "无法同时设置只读和只写",
-    "clientRedirectURIsFragmentError": "重定向URL不应包含URI片段",
-    "clientRootURLFragmentError": "根URL 不应包含 URL 片段",
-    "pairwiseMalformedClientRedirectURI": "客户端包含一个无效的重定向URL",
-    "pairwiseClientRedirectURIsMissingHost": "客户端重定向URL需要有一个有效的主机",
-    "pairwiseClientRedirectURIsMultipleHosts": "Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.",
-    "pairwiseMalformedSectorIdentifierURI": "Malformed Sector Identifier URI.",
-    "pairwiseFailedToGetRedirectURIs": "无法从服务器获得重定向URL",
-    "pairwiseRedirectURIsMismatch": "客户端的重定向URI与服务器端获取的URI配置不匹配。"
-  }
+export const kcMessages = {
+    "ca": {
+        "invalidPasswordHistoryMessage": "Contrasenya incorrecta: no pot ser igual a cap de les últimes {0} contrasenyes.",
+        "invalidPasswordMinDigitsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres numéricos.",
+        "invalidPasswordMinLengthMessage": "Contrasenya incorrecta: longitud mínima {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} lletres minúscules.",
+        "invalidPasswordMinSpecialCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} caràcters especials.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Contrasenya incorrecta: ha de contenir almenys {0} lletres majúscules.",
+        "invalidPasswordNotUsernameMessage": "Contrasenya incorrecta: no pot ser igual al nom d'usuari.",
+        "invalidPasswordRegexPatternMessage": "Contrasenya incorrecta: no compleix l'expressió regular.",
+    },
+    "de": {
+        "invalidPasswordMinLengthMessage": "Ungültiges Passwort: muss mindestens {0} Zeichen beinhalten.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Ungültiges Passwort: muss mindestens {0} Kleinbuchstaben beinhalten.",
+        "invalidPasswordMinDigitsMessage": "Ungültiges Passwort: muss mindestens {0} Ziffern beinhalten.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Ungültiges Passwort: muss mindestens {0} Großbuchstaben beinhalten.",
+        "invalidPasswordMinSpecialCharsMessage": "Ungültiges Passwort: muss mindestens {0} Sonderzeichen beinhalten.",
+        "invalidPasswordNotUsernameMessage": "Ungültiges Passwort: darf nicht identisch mit dem Benutzernamen sein.",
+        "invalidPasswordNotEmailMessage": "Ungültiges Passwort: darf nicht identisch mit der E-Mail-Adresse sein.",
+        "invalidPasswordRegexPatternMessage": "Ungültiges Passwort: stimmt nicht mit Regex-Muster überein.",
+        "invalidPasswordHistoryMessage": "Ungültiges Passwort: darf nicht identisch mit einem der letzten {0} Passwörter sein.",
+        "invalidPasswordBlacklistedMessage": "Ungültiges Passwort: Passwort ist zu bekannt und auf der schwarzen Liste.",
+        "invalidPasswordGenericMessage": "Ungültiges Passwort: neues Passwort erfüllt die Passwort-Anforderungen nicht.",
+    },
+    "en": {
+        "invalidPasswordMinLengthMessage": "Invalid password: minimum length {0}.",
+        "invalidPasswordMaxLengthMessage": "Invalid password: maximum length {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Invalid password: must contain at least {0} lower case characters.",
+        "invalidPasswordMinDigitsMessage": "Invalid password: must contain at least {0} numerical digits.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Invalid password: must contain at least {0} upper case characters.",
+        "invalidPasswordMinSpecialCharsMessage": "Invalid password: must contain at least {0} special characters.",
+        "invalidPasswordNotUsernameMessage": "Invalid password: must not be equal to the username.",
+        "invalidPasswordNotEmailMessage": "Invalid password: must not be equal to the email.",
+        "invalidPasswordRegexPatternMessage": "Invalid password: fails to match regex pattern(s).",
+        "invalidPasswordHistoryMessage": "Invalid password: must not be equal to any of last {0} passwords.",
+        "invalidPasswordBlacklistedMessage": "Invalid password: password is blacklisted.",
+        "invalidPasswordGenericMessage": "Invalid password: new password does not match password policies.",
+        "ldapErrorInvalidCustomFilter": 'Custom configured LDAP filter does not start with "(" or does not end with ")".',
+        "ldapErrorConnectionTimeoutNotNumber": "Connection Timeout must be a number",
+        "ldapErrorReadTimeoutNotNumber": "Read Timeout must be a number",
+        "ldapErrorMissingClientId": "Client ID needs to be provided in config when Realm Roles Mapping is not used.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType":
+            "Not possible to preserve group inheritance and use UID membership type together.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Can not set write only when LDAP provider mode is not WRITABLE",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Can not set write-only and read-only together",
+        "ldapErrorCantEnableStartTlsAndConnectionPooling": "Can not enable both StartTLS and connection pooling.",
+        "ldapErrorCantEnableUnsyncedAndImportOff": "Can not disable Importing users when LDAP provider mode is UNSYNCED",
+        "ldapErrorMissingGroupsPathGroup": "Groups path group does not exist - please create the group on specified path first",
+        "clientRedirectURIsFragmentError": "Redirect URIs must not contain an URI fragment",
+        "clientRootURLFragmentError": "Root URL must not contain an URL fragment",
+        "clientRootURLIllegalSchemeError": "Root URL uses an illegal scheme",
+        "clientBaseURLIllegalSchemeError": "Base URL uses an illegal scheme",
+        "backchannelLogoutUrlIllegalSchemeError": "Backchannel logout URL uses an illegal scheme",
+        "clientRedirectURIsIllegalSchemeError": "A redirect URI uses an illegal scheme",
+        "clientBaseURLInvalid": "Base URL is not a valid URL",
+        "clientRootURLInvalid": "Root URL is not a valid URL",
+        "clientRedirectURIsInvalid": "A redirect URI is not a valid URI",
+        "backchannelLogoutUrlIsInvalid": "Backchannel logout URL is not a valid URL",
+        "pairwiseMalformedClientRedirectURI": "Client contained an invalid redirect URI.",
+        "pairwiseClientRedirectURIsMissingHost": "Client redirect URIs must contain a valid host component.",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.",
+        "pairwiseMalformedSectorIdentifierURI": "Malformed Sector Identifier URI.",
+        "pairwiseFailedToGetRedirectURIs": "Failed to get redirect URIs from the Sector Identifier URI.",
+        "pairwiseRedirectURIsMismatch": "Client redirect URIs does not match redirect URIs fetched from the Sector Identifier URI.",
+        "error-invalid-value": "Invalid value.",
+        "error-invalid-blank": "Please specify value.",
+        "error-empty": "Please specify value.",
+        "error-invalid-length": "Attribute {0} must have a length between {1} and {2}.",
+        "error-invalid-length-too-short": "Attribute {0} must have minimal length of {1}.",
+        "error-invalid-length-too-long": "Attribute {0} must have maximal length of {2}.",
+        "error-invalid-email": "Invalid email address.",
+        "error-invalid-number": "Invalid number.",
+        "error-number-out-of-range": "Attribute {0} must be a number between {1} and {2}.",
+        "error-number-out-of-range-too-small": "Attribute {0} must have minimal value of {1}.",
+        "error-number-out-of-range-too-big": "Attribute {0} must have maximal value of {2}.",
+        "error-pattern-no-match": "Invalid value.",
+        "error-invalid-uri": "Invalid URL.",
+        "error-invalid-uri-scheme": "Invalid URL scheme.",
+        "error-invalid-uri-fragment": "Invalid URL fragment.",
+        "error-user-attribute-required": "Please specify attribute {0}.",
+        "error-invalid-date": "Attribute {0} is invalid date.",
+        "error-user-attribute-read-only": "Attribute {0} is read only.",
+        "error-username-invalid-character": "{0} contains invalid character.",
+        "error-person-name-invalid-character": "{0} contains invalid character.",
+    },
+    "es": {
+        "invalidPasswordMinLengthMessage": "Contraseña incorrecta: longitud mínima {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Contraseña incorrecta: debe contener al menos {0} letras minúsculas.",
+        "invalidPasswordMinDigitsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres numéricos.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Contraseña incorrecta: debe contener al menos {0} letras mayúsculas.",
+        "invalidPasswordMinSpecialCharsMessage": "Contraseña incorrecta: debe contener al menos {0} caracteres especiales.",
+        "invalidPasswordNotUsernameMessage": "Contraseña incorrecta: no puede ser igual al nombre de usuario.",
+        "invalidPasswordRegexPatternMessage": "Contraseña incorrecta: no cumple la expresión regular.",
+        "invalidPasswordHistoryMessage": "Contraseña incorrecta: no puede ser igual a ninguna de las últimas {0} contraseñas.",
+    },
+    "fr": {
+        "invalidPasswordMinLengthMessage": "Mot de passe invalide : longueur minimale requise de {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Mot de passe invalide : doit contenir au moins {0} lettre(s) en minuscule.",
+        "invalidPasswordMinDigitsMessage": "Mot de passe invalide : doit contenir au moins {0} chiffre(s).",
+        "invalidPasswordMinUpperCaseCharsMessage": "Mot de passe invalide : doit contenir au moins {0} lettre(s) en majuscule.",
+        "invalidPasswordMinSpecialCharsMessage": "Mot de passe invalide : doit contenir au moins {0} caractère(s) spéciaux.",
+        "invalidPasswordNotUsernameMessage": "Mot de passe invalide : ne doit pas être identique au nom d'utilisateur.",
+        "invalidPasswordRegexPatternMessage": "Mot de passe invalide : ne valide pas l'expression rationnelle.",
+        "invalidPasswordHistoryMessage": "Mot de passe invalide : ne doit pas être égal aux {0} derniers mot de passe.",
+    },
+    "it": {},
+    "ja": {
+        "invalidPasswordMinLengthMessage": "無効なパスワード: 最小{0}の長さが必要です。",
+        "invalidPasswordMinLowerCaseCharsMessage": "無効なパスワード: 少なくとも{0}文字の小文字を含む必要があります。",
+        "invalidPasswordMinDigitsMessage": "無効なパスワード: 少なくとも{0}文字の数字を含む必要があります。",
+        "invalidPasswordMinUpperCaseCharsMessage": "無効なパスワード: 少なくとも{0}文字の大文字を含む必要があります。",
+        "invalidPasswordMinSpecialCharsMessage": "無効なパスワード: 少なくとも{0}文字の特殊文字を含む必要があります。",
+        "invalidPasswordNotUsernameMessage": "無効なパスワード: ユーザー名と同じパスワードは禁止されています。",
+        "invalidPasswordRegexPatternMessage": "無効なパスワード: 正規表現パターンと一致しません。",
+        "invalidPasswordHistoryMessage": "無効なパスワード: 最近の{0}パスワードのいずれかと同じパスワードは禁止されています。",
+        "invalidPasswordBlacklistedMessage": "無効なパスワード: パスワードがブラックリストに含まれています。",
+        "invalidPasswordGenericMessage": "無効なパスワード: 新しいパスワードはパスワード・ポリシーと一致しません。",
+        "ldapErrorInvalidCustomFilter": "LDAPフィルターのカスタム設定が、「(」から開始または「)」で終了となっていません。",
+        "ldapErrorConnectionTimeoutNotNumber": "接続タイムアウトは数字でなければなりません",
+        "ldapErrorReadTimeoutNotNumber": "読み取りタイムアウトは数字でなければなりません",
+        "ldapErrorMissingClientId": "レルムロール・マッピングを使用しない場合は、クライアントIDは設定内で提供される必要があります。",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType":
+            "グループの継承を維持することと、UIDメンバーシップ・タイプを使用することは同時にできません。",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "LDAPプロバイダー・モードがWRITABLEではない場合は、write onlyを設定することはできません。",
+        "ldapErrorCantWriteOnlyAndReadOnly": "write-onlyとread-onlyを一緒に設定することはできません。",
+        "ldapErrorCantEnableStartTlsAndConnectionPooling": "StartTLSと接続プーリングの両方を有効にできません。",
+        "clientRedirectURIsFragmentError": "リダイレクトURIにURIフラグメントを含めることはできません。",
+        "clientRootURLFragmentError": "ルートURLにURLフラグメントを含めることはできません。",
+        "pairwiseMalformedClientRedirectURI": "クライアントに無効なリダイレクトURIが含まれていました。",
+        "pairwiseClientRedirectURIsMissingHost": "クライアントのリダイレクトURIには有効なホスト・コンポーネントが含まれている必要があります。",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "設定されたセレクター識別子URIがない場合は、クライアントのリダイレクトURIは複数のホスト・コンポーネントを含むことはできません。",
+        "pairwiseMalformedSectorIdentifierURI": "不正なセレクター識別子URIです。",
+        "pairwiseFailedToGetRedirectURIs": "セクター識別子URIからリダイレクトURIを取得できませんでした。",
+        "pairwiseRedirectURIsMismatch": "クライアントのリダイレクトURIは、セクター識別子URIからフェッチされたリダイレクトURIと一致しません。",
+    },
+    "lt": {
+        "invalidPasswordMinLengthMessage": "Per trumpas slaptažodis: mažiausias ilgis {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} mažąją raidę.",
+        "invalidPasswordMinDigitsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} skaitmenį.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} didžiąją raidę.",
+        "invalidPasswordMinSpecialCharsMessage": "Neteisingas slaptažodis: privaloma įvesti {0} specialų simbolį.",
+        "invalidPasswordNotUsernameMessage": "Neteisingas slaptažodis: slaptažodis negali sutapti su naudotojo vardu.",
+        "invalidPasswordRegexPatternMessage": "Neteisingas slaptažodis: slaptažodis netenkina regex taisyklės(ių).",
+        "invalidPasswordHistoryMessage": "Neteisingas slaptažodis: slaptažodis negali sutapti su prieš tai buvusiais {0} slaptažodžiais.",
+        "ldapErrorInvalidCustomFilter": 'Sukonfigūruotas LDAP filtras neprasideda "(" ir nesibaigia ")" simboliais.',
+        "ldapErrorMissingClientId": "Privaloma nurodyti kliento ID kai srities rolių susiejimas nėra nenaudojamas.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Grupių paveldėjimo ir UID narystės tipas kartu negali būti naudojami.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Negalima nustatyti rašymo rėžimo kuomet LDAP teikėjo rėžimas ne WRITABLE",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Negalima nustatyti tik rašyti ir tik skaityti kartu",
+        "clientRedirectURIsFragmentError": "Nurodykite URI fragmentą, kurio negali būti peradresuojamuose URI adresuose",
+        "clientRootURLFragmentError": "Nurodykite URL fragmentą, kurio negali būti šakniniame URL adrese",
+        "pairwiseMalformedClientRedirectURI": "Klientas pateikė neteisingą nukreipimo nuorodą.",
+        "pairwiseClientRedirectURIsMissingHost": "Kliento nukreipimo nuorodos privalo būti nurodytos su serverio vardo komponentu.",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Kuomet nesukonfigūruotas sektoriaus identifikatoriaus URL, kliento nukreipimo nuorodos privalo talpinti ne daugiau kaip vieną skirtingą serverio vardo komponentą.",
+        "pairwiseMalformedSectorIdentifierURI": "Neteisinga sektoriaus identifikatoriaus URI.",
+        "pairwiseFailedToGetRedirectURIs": "Nepavyko gauti nukreipimo nuorodų iš sektoriaus identifikatoriaus URI.",
+        "pairwiseRedirectURIsMismatch": "Kliento nukreipimo nuoroda neatitinka nukreipimo nuorodų iš sektoriaus identifikatoriaus URI.",
+    },
+    "nl": {
+        "invalidPasswordMinLengthMessage": "Ongeldig wachtwoord: de minimale lengte is {0} karakters.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} kleine letters bevatten.",
+        "invalidPasswordMinDigitsMessage": "Ongeldig wachtwoord: het moet minstens {0} getallen bevatten.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} hoofdletters bevatten.",
+        "invalidPasswordMinSpecialCharsMessage": "Ongeldig wachtwoord: het moet minstens {0} speciale karakters bevatten.",
+        "invalidPasswordNotUsernameMessage": "Ongeldig wachtwoord: het mag niet overeenkomen met de gebruikersnaam.",
+        "invalidPasswordRegexPatternMessage": "Ongeldig wachtwoord: het voldoet niet aan het door de beheerder ingestelde patroon.",
+        "invalidPasswordHistoryMessage": "Ongeldig wachtwoord: het mag niet overeen komen met een van de laatste {0} wachtwoorden.",
+        "invalidPasswordGenericMessage": "Ongeldig wachtwoord: het nieuwe wachtwoord voldoet niet aan het wachtwoordbeleid.",
+        "ldapErrorInvalidCustomFilter": 'LDAP filter met aangepaste configuratie start niet met "(" of eindigt niet met ")".',
+        "ldapErrorConnectionTimeoutNotNumber": "Verbindingstimeout moet een getal zijn",
+        "ldapErrorReadTimeoutNotNumber": "Lees-timeout moet een getal zijn",
+        "ldapErrorMissingClientId": "Client ID moet ingesteld zijn als Realm Roles Mapping niet gebruikt wordt.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Kan groepsovererving niet behouden bij UID-lidmaatschapstype.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Alleen-schrijven niet mogelijk als LDAP provider mode niet WRITABLE is",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Alleen-schrijven en alleen-lezen mogen niet tegelijk ingesteld zijn",
+        "clientRedirectURIsFragmentError": "Redirect URIs mogen geen URI fragment bevatten",
+        "clientRootURLFragmentError": "Root URL mag geen URL fragment bevatten",
+        "pairwiseMalformedClientRedirectURI": "Client heeft een ongeldige redirect URI.",
+        "pairwiseClientRedirectURIsMissingHost": "Client redirect URIs moeten een geldige host-component bevatten.",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Zonder een geconfigureerde Sector Identifier URI mogen client redirect URIs niet meerdere host componenten hebben.",
+        "pairwiseMalformedSectorIdentifierURI": "Onjuist notatie in Sector Identifier URI.",
+        "pairwiseFailedToGetRedirectURIs": "Kon geen redirect URIs verkrijgen van de Sector Identifier URI.",
+        "pairwiseRedirectURIsMismatch": "Client redirect URIs komen niet overeen met redict URIs ontvangen van de Sector Identifier URI.",
+    },
+    "no": {
+        "invalidPasswordMinLengthMessage": "Ugyldig passord: minimum lengde {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Ugyldig passord: må inneholde minst {0} små bokstaver.",
+        "invalidPasswordMinDigitsMessage": "Ugyldig passord: må inneholde minst {0} sifre.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Ugyldig passord: må inneholde minst {0} store bokstaver.",
+        "invalidPasswordMinSpecialCharsMessage": "Ugyldig passord: må inneholde minst {0} spesialtegn.",
+        "invalidPasswordNotUsernameMessage": "Ugyldig passord: kan ikke være likt brukernavn.",
+        "invalidPasswordRegexPatternMessage": "Ugyldig passord: tilfredsstiller ikke kravene for passord-mønster.",
+        "invalidPasswordHistoryMessage": "Ugyldig passord: kan ikke være likt noen av de {0} foregående passordene.",
+        "ldapErrorInvalidCustomFilter": 'Tilpasset konfigurasjon av LDAP-filter starter ikke med "(" eller slutter ikke med ")".',
+        "ldapErrorMissingClientId": "KlientID må være tilgjengelig i config når sikkerhetsdomenerollemapping ikke brukes.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Ikke mulig å bevare gruppearv og samtidig bruke UID medlemskapstype.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Kan ikke sette write-only når LDAP leverandør-modus ikke er WRITABLE",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Kan ikke sette både write-only og read-only",
+    },
+    "pl": {},
+    "pt-BR": {
+        "invalidPasswordMinLengthMessage": "Senha inválida: deve conter ao menos {0} caracteres.",
+        "invalidPasswordMinLowerCaseCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres minúsculos.",
+        "invalidPasswordMinDigitsMessage": "Senha inválida: deve conter ao menos {0} digitos numéricos.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres maiúsculos.",
+        "invalidPasswordMinSpecialCharsMessage": "Senha inválida: deve conter ao menos {0} caracteres especiais.",
+        "invalidPasswordNotUsernameMessage": "Senha inválida: não deve ser igual ao nome de usuário.",
+        "invalidPasswordRegexPatternMessage": "Senha inválida: falha ao passar por padrões.",
+        "invalidPasswordHistoryMessage": "Senha inválida: não deve ser igual às últimas {0} senhas.",
+        "ldapErrorInvalidCustomFilter": 'Filtro LDAP não inicia com "(" ou não termina com ")".',
+        "ldapErrorMissingClientId": "ID do cliente precisa ser definido na configuração quando mapeamentos de Roles do Realm não é utilizado.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType":
+            "Não é possível preservar herança de grupos e usar tipo de associação de UID ao mesmo tempo.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "Não é possível definir modo de somente escrita quando o provedor LDAP não suporta escrita",
+        "ldapErrorCantWriteOnlyAndReadOnly": "Não é possível definir somente escrita e somente leitura ao mesmo tempo",
+        "clientRedirectURIsFragmentError": "URIs de redirecionamento não podem conter fragmentos",
+        "clientRootURLFragmentError": "URL raiz não pode conter fragmentos",
+    },
+    "ru": {
+        "invalidPasswordMinLengthMessage": "Некорректный пароль: длина пароля должна быть не менее {0} символов(а).",
+        "invalidPasswordMinDigitsMessage": "Некорректный пароль: должен содержать не менее {0} цифр(ы).",
+        "invalidPasswordMinLowerCaseCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} символов(а) в нижнем регистре.",
+        "invalidPasswordMinUpperCaseCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} символов(а) в верхнем регистре.",
+        "invalidPasswordMinSpecialCharsMessage": "Некорректный пароль: пароль должен содержать не менее {0} спецсимволов(а).",
+        "invalidPasswordNotUsernameMessage": "Некорректный пароль: пароль не должен совпадать с именем пользователя.",
+        "invalidPasswordRegexPatternMessage": "Некорректный пароль: пароль не прошел проверку по регулярному выражению.",
+        "invalidPasswordHistoryMessage": "Некорректный пароль: пароль не должен совпадать с последним(и) {0} паролем(ями).",
+        "invalidPasswordGenericMessage": "Некорректный пароль: новый пароль не соответствует правилам пароля.",
+        "ldapErrorInvalidCustomFilter": 'Сконфигурированный пользователем фильтр LDAP не должен начинаться с "(" или заканчиваться на ")".',
+        "ldapErrorMissingClientId": "Client ID должен быть настроен в конфигурации, если не используется сопоставление ролей в realm.",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "Не удалось унаследовать группу и использовать членство UID типа вместе.",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": 'Невозможно установить режим "только на запись", когда LDAP провайдер не в режиме WRITABLE',
+        "ldapErrorCantWriteOnlyAndReadOnly": 'Невозможно одновременно установить режимы "только на чтение" и "только на запись"',
+        "clientRedirectURIsFragmentError": "URI перенаправления не должен содержать фрагмент URI",
+        "clientRootURLFragmentError": "Корневой URL не должен содержать фрагмент URL ",
+        "pairwiseMalformedClientRedirectURI": "Клиент содержит некорректный URI перенаправления.",
+        "pairwiseClientRedirectURIsMissingHost": "URI перенаправления клиента должен содержать корректный компонент хоста.",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Без конфигурации по части идентификатора URI, URI перенаправления клиента не может содержать несколько компонентов хоста.",
+        "pairwiseMalformedSectorIdentifierURI": "Искаженная часть идентификатора URI.",
+        "pairwiseFailedToGetRedirectURIs": "Не удалось получить идентификаторы URI перенаправления из части идентификатора URI.",
+        "pairwiseRedirectURIsMismatch": "Клиент URI переадресации не соответствует URI переадресации, полученной из части идентификатора URI.",
+    },
+    "zh-CN": {
+        "invalidPasswordMinLengthMessage": "无效的密码：最短长度 {0}.",
+        "invalidPasswordMinLowerCaseCharsMessage": "无效的密码：至少包含 {0} 小写字母",
+        "invalidPasswordMinDigitsMessage": "无效的密码：至少包含 {0} 个数字",
+        "invalidPasswordMinUpperCaseCharsMessage": "无效的密码：最短长度 {0} 大写字母",
+        "invalidPasswordMinSpecialCharsMessage": "无效的密码：最短长度 {0} 特殊字符",
+        "invalidPasswordNotUsernameMessage": "无效的密码： 不可以与用户名相同",
+        "invalidPasswordRegexPatternMessage": "无效的密码： 无法与正则表达式匹配",
+        "invalidPasswordHistoryMessage": "无效的密码：不能与最后使用的 {0} 个密码相同",
+        "ldapErrorInvalidCustomFilter": '定制的 LDAP过滤器不是以 "(" 开头或以 ")"结尾.',
+        "ldapErrorConnectionTimeoutNotNumber": "Connection Timeout 必须是个数字",
+        "ldapErrorMissingClientId": "当域角色映射未启用时，客户端 ID 需要指定。",
+        "ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType": "无法在使用UID成员类型的同时维护组继承属性。",
+        "ldapErrorCantWriteOnlyForReadOnlyLdap": "当LDAP提供方不是可写模式时，无法设置只写",
+        "ldapErrorCantWriteOnlyAndReadOnly": "无法同时设置只读和只写",
+        "clientRedirectURIsFragmentError": "重定向URL不应包含URI片段",
+        "clientRootURLFragmentError": "根URL 不应包含 URL 片段",
+        "pairwiseMalformedClientRedirectURI": "客户端包含一个无效的重定向URL",
+        "pairwiseClientRedirectURIsMissingHost": "客户端重定向URL需要有一个有效的主机",
+        "pairwiseClientRedirectURIsMultipleHosts":
+            "Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.",
+        "pairwiseMalformedSectorIdentifierURI": "Malformed Sector Identifier URI.",
+        "pairwiseFailedToGetRedirectURIs": "无法从服务器获得重定向URL",
+        "pairwiseRedirectURIsMismatch": "客户端的重定向URI与服务器端获取的URI配置不匹配。",
+    },
 };
-/* spell-checker: enable */
+/* spell-checker: enable */
--- a/src/lib/i18n/generated_kcMessages/15.0.2/email.ts
+++ b/src/lib/i18n/generated_kcMessages/15.0.2/email.ts
--- a/src/lib/i18n/generated_kcMessages/15.0.2/login.ts
+++ b/src/lib/i18n/generated_kcMessages/15.0.2/login.ts
--- a/src/lib/i18n/kcMessages/login.ts
+++ b/src/lib/i18n/kcMessages/login.ts
@ -1,8 +1,29 @@
-
-import { kcMessages } from "../generated_kcMessages/15.0.2/login";
+import { kcMessages as kcMessagesBase } from "../generated_kcMessages/15.0.2/login";
 import { Evt } from "evt";
 import { objectKeys } from "tsafe/objectKeys";

+const kcMessages = {
+    ...kcMessagesBase,
+    "en": {
+        ...kcMessagesBase["en"],
+        "shouldBeEqual": "{0} should be equal to {1}",
+        "shouldBeDifferent": "{0} should be different to {1}",
+        "shouldMatchPattern": "Pattern should match: `/{0}/`",
+        "mustBeAnInteger": "Must be an integer",
+        "notAValidOption": "Not a valid option",
+    },
+    "fr": {
+        ...kcMessagesBase["fr"],
+        /* spell-checker: disable */
+        "shouldBeEqual": "{0} doit être egale à {1}",
+        "shouldBeDifferent": "{0} doit être différent de {1}",
+        "shouldMatchPattern": "Dois respecter le schéma: `/{0}/`",
+        "mustBeAnInteger": "Doit être un nombre entiers",
+        "notAValidOption": "N'est pas une option valide",
+        /* spell-checker: enable */
+    },
+};
+
 export const evtTermsUpdated = Evt.asNonPostable(Evt.create<void>());

 (["termsText", "doAccept", "doDecline", "termsTitle"] as const).forEach(key =>
@ -11,7 +32,6 @@ export const evtTermsUpdated = Evt.asNonPostable(Evt.create<void>());
            kcMessages[kcLanguage],
            key,
            (() => {
-
                let value = key === "termsText" ? "⏳" : kcMessages[kcLanguage][key];

                return {
@ -20,14 +40,11 @@ export const evtTermsUpdated = Evt.asNonPostable(Evt.create<void>());
                    "set": (newValue: string) => {
                        value = newValue;
                        Evt.asPostable(evtTermsUpdated).post();
-                    }
+                    },
                };
-
-
-            })()
-        )
-    )
+            })(),
+        ),
+    ),
 );

 export { kcMessages };
-
--- a/src/lib/i18n/useKcLanguageTag.ts
+++ b/src/lib/i18n/useKcLanguageTag.ts
@ -1,35 +1,24 @@
-
 import { createUseGlobalState } from "powerhooks/useGlobalState";
-import { getKcContext } from "../getKcContext";
+import { getKcContextFromWindow } from "../getKcContext/getKcContextFromWindow";
 import { getBestMatchAmongKcLanguageTag } from "./KcLanguageTag";
 import type { StatefulEvt } from "powerhooks";
 import { KcLanguageTag } from "./KcLanguageTag";

-
 //export const { useKcLanguageTag, evtKcLanguageTag } = createUseGlobalState(
 const wrap = createUseGlobalState(
    "kcLanguageTag",
    () => {
+        const kcContext = getKcContextFromWindow();

-
-        const { kcContext } = getKcContext();
-
-        const languageLike =
-            kcContext?.locale?.current ??
-            (
-                typeof navigator === "undefined" ?
-                    undefined :
-                    navigator.language
-            );
+        const languageLike = kcContext?.locale?.current ?? (typeof navigator === "undefined" ? undefined : navigator.language);

        if (languageLike === undefined) {
            return "en";
        }

        return getBestMatchAmongKcLanguageTag(languageLike);
-
    },
-    { "persistance": "localStorage" }
+    { "persistance": "localStorage" },
 );

 export const { useKcLanguageTag } = wrap;
@ -37,6 +26,3 @@ export const { useKcLanguageTag } = wrap;
 export function getEvtKcLanguage(): StatefulEvt<KcLanguageTag> {
    return wrap.evtKcLanguageTag;
 }
-
-
-
--- a/src/lib/i18n/useKcMessage.tsx
+++ b/src/lib/i18n/useKcMessage.tsx
@ -1,72 +1,115 @@
-
-import { useCallback, useReducer } from "react";
+import "minimal-polyfills/Object.fromEntries";
+import { useReducer } from "react";
 import { useKcLanguageTag } from "./useKcLanguageTag";
 import { kcMessages, evtTermsUpdated } from "./kcMessages/login";
 import { useEvt } from "evt/hooks";
 //NOTE for later: https://github.com/remarkjs/react-markdown/blob/236182ecf30bd89c1e5a7652acaf8d0bf81e6170/src/renderers.js#L7-L35
 import ReactMarkdown from "react-markdown";
+import { useGuaranteedMemo } from "powerhooks/useGuaranteedMemo";
+
+export { kcMessages };

 export type MessageKey = keyof typeof kcMessages["en"];

-/** 
+function resolveMsg<Key extends string, DoRenderMarkdown extends boolean>(props: {
+    key: Key;
+    args: (string | undefined)[];
+    kcLanguageTag: string;
+    doRenderMarkdown: DoRenderMarkdown;
+}): Key extends MessageKey ? (DoRenderMarkdown extends true ? JSX.Element : string) : undefined {
+    const { key, args, kcLanguageTag, doRenderMarkdown } = props;
+
+    let str = kcMessages[kcLanguageTag as any as "en"][key as MessageKey] ?? kcMessages["en"][key as MessageKey];
+
+    if (str === undefined) {
+        return undefined as any;
+    }
+
+    str = (() => {
+        const startIndex = str
+            .match(/{[0-9]+}/g)
+            ?.map(g => g.match(/{([0-9]+)}/)![1])
+            .map(indexStr => parseInt(indexStr))
+            .sort((a, b) => a - b)[0];
+
+        if (startIndex === undefined) {
+            return str;
+        }
+
+        args.forEach((arg, i) => {
+            if (arg === undefined) {
+                return;
+            }
+
+            str = str.replace(new RegExp(`\\{${i + startIndex}\\}`, "g"), arg);
+        });
+
+        return str;
+    })();
+
+    return (
+        doRenderMarkdown ? (
+            <ReactMarkdown allowDangerousHtml renderers={key === "termsText" ? undefined : { "paragraph": "span" }}>
+                {str}
+            </ReactMarkdown>
+        ) : (
+            str
+        )
+    ) as any;
+}
+
+function resolveMsgAdvanced<Key extends string, DoRenderMarkdown extends boolean>(props: {
+    key: Key;
+    args: (string | undefined)[];
+    kcLanguageTag: string;
+    doRenderMarkdown: DoRenderMarkdown;
+}): DoRenderMarkdown extends true ? JSX.Element : string {
+    const { key, args, kcLanguageTag, doRenderMarkdown } = props;
+
+    const match = key.match(/^\$\{([^{]+)\}$/);
+
+    const keyUnwrappedFromCurlyBraces = match === null ? key : match[1];
+
+    const out = resolveMsg({
+        "key": keyUnwrappedFromCurlyBraces,
+        args,
+        kcLanguageTag,
+        doRenderMarkdown,
+    });
+
+    return (out !== undefined ? out : doRenderMarkdown ? <span>{keyUnwrappedFromCurlyBraces}</span> : keyUnwrappedFromCurlyBraces) as any;
+}
+
+/**
 * When the language is switched the page is reloaded, this may appear
 * as a bug as you might notice that the language successfully switch before
 * reload.
 * However we need to tell Keycloak that the user have changed the language
 * during login so we can retrieve the "local" field of the JWT encoded accessToken.
+ * https://user-images.githubusercontent.com/6702424/138096682-351bb61f-f24e-4caf-91b7-cca8cfa2cb58.mov
+ *
+ * advancedMsg("${access-denied}") === advancedMsg("access-denied") === msg("access-denied")
+ * advancedMsg("${not-a-message-key}") === advancedMsg(not-a-message-key") === "not-a-message-key"
+ *
 */
 export function useKcMessage() {
-
    const { kcLanguageTag } = useKcLanguageTag();

    const [trigger, forceUpdate] = useReducer((counter: number) => counter + 1, 0);

    useEvt(ctx => evtTermsUpdated.attach(ctx, forceUpdate), []);

-    const msgStr = useCallback(
-        (key: MessageKey, ...args: (string | undefined)[]): string => {
-
-            let str: string = kcMessages[kcLanguageTag as any as "en"][key] ?? kcMessages["en"][key];
-
-            args.forEach((arg, i) => {
-
-                if (arg === undefined) {
-                    return;
-                }
-
-                str = str.replace(new RegExp(`\\{${i}\\}`, "g"), arg);
-
-            });
-
-            return str;
-
-        },
-        [kcLanguageTag, trigger]
+    return useGuaranteedMemo(
+        () => ({
+            "msgStr": (key: MessageKey, ...args: (string | undefined)[]): string =>
+                resolveMsg({ key, args, kcLanguageTag, "doRenderMarkdown": false }),
+            "msg": (key: MessageKey, ...args: (string | undefined)[]): JSX.Element =>
+                resolveMsg({ key, args, kcLanguageTag, "doRenderMarkdown": true }),
+            "advancedMsg": <Key extends string>(key: Key, ...args: (string | undefined)[]): JSX.Element =>
+                resolveMsgAdvanced({ key, args, kcLanguageTag, "doRenderMarkdown": true }),
+            "advancedMsgStr": <Key extends string>(key: Key, ...args: (string | undefined)[]): string =>
+                resolveMsgAdvanced({ key, args, kcLanguageTag, "doRenderMarkdown": false }),
+        }),
+        [kcLanguageTag, trigger],
    );
-
-    const msg = useCallback<(...args: Parameters<typeof msgStr>) => JSX.Element>(
-        (key, ...args) =>
-            <ReactMarkdown allowDangerousHtml renderers={key === "termsText" ? undefined : { "paragraph": "span" }}>
-                {msgStr(key, ...args)}
-            </ReactMarkdown>,
-        [msgStr]
-    );
-
-    const advancedMsg = useCallback(
-        (key: string): string => {
-
-            const match = key.match(/^\$\{([^{]+)\}$/);
-
-            if( match === null ){
-                return key;
-            }
-
-            return msgStr(match[1] as MessageKey);
-
-        },
-        [msgStr]
-    );
-
-    return { msg, msgStr, advancedMsg };
-
-}
+}
--- a/src/lib/index.ts
+++ b/src/lib/index.ts
@ -14,6 +14,6 @@ export * from "./components/Error";
 export * from "./components/LoginResetPassword";
 export * from "./components/LoginVerifyEmail";
 export * from "./keycloakJsAdapter";
+export * from "./useFormValidationSlice";

 export * from "./tools/assert";
-
--- a/src/lib/keycloakJsAdapter.ts
+++ b/src/lib/keycloakJsAdapter.ts
@ -1,7 +1,4 @@
-
-
 export declare namespace keycloak_js {
-
    export type KeycloakPromiseCallback<T> = (result: T) => void;
    export class KeycloakPromise<TSuccess, TError> extends Promise<TSuccess> {
        success(callback: KeycloakPromiseCallback<TSuccess>): KeycloakPromise<TSuccess, TError>;
@ -12,7 +9,7 @@ export declare namespace keycloak_js {
        logout(options?: KeycloakLogoutOptions): KeycloakPromise<void, void>;
        register(options?: KeycloakLoginOptions): KeycloakPromise<void, void>;
        accountManagement(): KeycloakPromise<void, void>;
-        redirectUri(options: { redirectUri: string; }, encodeHash: boolean): string;
+        redirectUri(options: { redirectUri: string }, encodeHash: boolean): string;
    }
    export interface KeycloakLogoutOptions {
        redirectUri?: string;
@ -20,7 +17,7 @@ export declare namespace keycloak_js {
    export interface KeycloakLoginOptions {
        scope?: string;
        redirectUri?: string;
-        prompt?: 'none' | 'login';
+        prompt?: "none" | "login";
        action?: string;
        maxAge?: number;
        loginHint?: string;
@ -30,73 +27,48 @@ export declare namespace keycloak_js {
    }

    export type KeycloakInstance = Record<
-        "createLoginUrl" |
-        "createLogoutUrl" |
-        "createRegisterUrl",
+        "createLoginUrl" | "createLogoutUrl" | "createRegisterUrl",
        (options: KeycloakLoginOptions | undefined) => string
    > & {
        createAccountUrl(): string;
        redirectUri?: string;
-    }
-
+    };
 }

 /**
-* NOTE: This is just a slightly modified version of the default adapter in keycloak-js
-* The goal here is just to be able to inject search param in url before keycloak redirect.
-* Our use case for it is to pass over the login screen the states of useGlobalState
-* namely isDarkModeEnabled, lgn... 
-*/
-export function createKeycloakAdapter(
-    params: {
-        keycloakInstance: keycloak_js.KeycloakInstance;
-        transformUrlBeforeRedirect(url: string): string;
-    }
-): keycloak_js.KeycloakAdapter {
-
+ * NOTE: This is just a slightly modified version of the default adapter in keycloak-js
+ * The goal here is just to be able to inject search param in url before keycloak redirect.
+ * Our use case for it is to pass over the login screen the states of useGlobalState
+ * namely isDarkModeEnabled, lgn...
+ */
+export function createKeycloakAdapter(params: {
+    keycloakInstance: keycloak_js.KeycloakInstance;
+    transformUrlBeforeRedirect(url: string): string;
+}): keycloak_js.KeycloakAdapter {
    const { keycloakInstance, transformUrlBeforeRedirect } = params;

-    const neverResolvingPromise: keycloak_js.KeycloakPromise<void, void> = Object.defineProperties(
-        new Promise(() => { }),
-        {
-            "success": { "value": () => { } },
-            "error": { "value": () => { } }
-        }
-    ) as any;
+    const neverResolvingPromise: keycloak_js.KeycloakPromise<void, void> = Object.defineProperties(new Promise(() => {}), {
+        "success": { "value": () => {} },
+        "error": { "value": () => {} },
+    }) as any;

    return {
        "login": options => {
-            window.location.href= 
-                transformUrlBeforeRedirect(
-                    keycloakInstance.createLoginUrl(
-                        options
-                    )
-                );
+            window.location.href = transformUrlBeforeRedirect(keycloakInstance.createLoginUrl(options));
            return neverResolvingPromise;
        },
        "logout": options => {
-            window.location.replace(
-                transformUrlBeforeRedirect(
-                    keycloakInstance.createLogoutUrl(
-                        options
-                    )
-                )
-            );
+            window.location.replace(transformUrlBeforeRedirect(keycloakInstance.createLogoutUrl(options)));
            return neverResolvingPromise;
        },
        "register": options => {
-            window.location.href =
-                transformUrlBeforeRedirect(
-                    keycloakInstance.createRegisterUrl(
-                        options
-                    )
-                );
+            window.location.href = transformUrlBeforeRedirect(keycloakInstance.createRegisterUrl(options));

            return neverResolvingPromise;
        },
        "accountManagement": () => {
            var accountUrl = transformUrlBeforeRedirect(keycloakInstance.createAccountUrl());
-            if (typeof accountUrl !== 'undefined') {
+            if (typeof accountUrl !== "undefined") {
                window.location.href = accountUrl;
            } else {
                throw new Error("Not supported by the OIDC server");
@ -111,8 +83,6 @@ export function createKeycloakAdapter(
            } else {
                return window.location.href;
            }
-        }
+        },
    };
-
-
-}
+}
--- a/src/lib/tools/AndByDiscriminatingKey.ts
+++ b/src/lib/tools/AndByDiscriminatingKey.ts
@ -1,35 +1,21 @@
-
 export type AndByDiscriminatingKey<
-	DiscriminatingKey extends string,
-	U1 extends Record<DiscriminatingKey, string>,
-	U2 extends Record<DiscriminatingKey, string>
-	> =
-	AndByDiscriminatingKey.Tf1<DiscriminatingKey, U1, U1, U2>;
+    DiscriminatingKey extends string,
+    U1 extends Record<DiscriminatingKey, string>,
+    U2 extends Record<DiscriminatingKey, string>,
+> = AndByDiscriminatingKey.Tf1<DiscriminatingKey, U1, U1, U2>;

 export declare namespace AndByDiscriminatingKey {
+    export type Tf1<
+        DiscriminatingKey extends string,
+        U1,
+        U1Again extends Record<DiscriminatingKey, string>,
+        U2 extends Record<DiscriminatingKey, string>,
+    > = U1 extends Pick<U2, DiscriminatingKey> ? Tf2<DiscriminatingKey, U1, U2, U1Again> : U1;

-	export type Tf1<
-		DiscriminatingKey extends string,
-		U1,
-		U1Again extends Record<DiscriminatingKey, string>,
-		U2 extends Record<DiscriminatingKey, string>
-		> =
-		U1 extends Pick<U2, DiscriminatingKey> ?
-		Tf2<DiscriminatingKey, U1, U2, U1Again> :
-		U1;
-
-	export type Tf2<
-		DiscriminatingKey extends string,
-		SingletonU1 extends Record<DiscriminatingKey, string>,
-		U2,
-		U1 extends Record<DiscriminatingKey, string>
-		> =
-		U2 extends Pick<SingletonU1, DiscriminatingKey> ?
-		U2 & SingletonU1 :
-		U2 extends Pick<U1, DiscriminatingKey> ?
-		never :
-		U2;
-
+    export type Tf2<
+        DiscriminatingKey extends string,
+        SingletonU1 extends Record<DiscriminatingKey, string>,
+        U2,
+        U1 extends Record<DiscriminatingKey, string>,
+    > = U2 extends Pick<SingletonU1, DiscriminatingKey> ? U2 & SingletonU1 : U2 extends Pick<U1, DiscriminatingKey> ? never : U2;
 }
-
-
--- a/src/lib/tools/Array.prototype.every.ts
+++ b/src/lib/tools/Array.prototype.every.ts
@ -0,0 +1,64 @@
+if (!Array.prototype.every) {
+    Array.prototype.every = function (callbackfn: any, thisArg: any) {
+        "use strict";
+        var T, k;
+
+        if (this == null) {
+            throw new TypeError("this is null or not defined");
+        }
+
+        // 1. Let O be the result of calling ToObject passing the this
+        //    value as the argument.
+        var O = Object(this);
+
+        // 2. Let lenValue be the result of calling the Get internal method
+        //    of O with the argument "length".
+        // 3. Let len be ToUint32(lenValue).
+        var len = O.length >>> 0;
+
+        // 4. If IsCallable(callbackfn) is false, throw a TypeError exception.
+        if (typeof callbackfn !== "function" && Object.prototype.toString.call(callbackfn) !== "[object Function]") {
+            throw new TypeError();
+        }
+
+        // 5. If thisArg was supplied, let T be thisArg; else let T be undefined.
+        if (arguments.length > 1) {
+            T = thisArg;
+        }
+
+        // 6. Let k be 0.
+        k = 0;
+
+        // 7. Repeat, while k < len
+        while (k < len) {
+            var kValue;
+
+            // a. Let Pk be ToString(k).
+            //   This is implicit for LHS operands of the in operator
+            // b. Let kPresent be the result of calling the HasProperty internal
+            //    method of O with argument Pk.
+            //   This step can be combined with c
+            // c. If kPresent is true, then
+            if (k in O) {
+                var testResult;
+                // i. Let kValue be the result of calling the Get internal method
+                //    of O with argument Pk.
+                kValue = O[k];
+
+                // ii. Let testResult be the result of calling the Call internal method
+                // of callbackfn with T as the this value if T is not undefined
+                // else is the result of calling callbackfn
+                // and argument list containing kValue, k, and O.
+                if (T) testResult = callbackfn.call(T, kValue, k, O);
+                else testResult = callbackfn(kValue, k, O);
+
+                // iii. If ToBoolean(testResult) is false, return false.
+                if (!testResult) {
+                    return false;
+                }
+            }
+            k++;
+        }
+        return true;
+    };
+}
--- a/src/lib/tools/DeepPartial.ts
+++ b/src/lib/tools/DeepPartial.ts
@ -1,4 +1,3 @@
-
 export type DeepPartial<T> = {
    [P in keyof T]?: DeepPartial<T[P]>;
-};
+};
--- a/src/lib/tools/HTMLElement.prototype.prepend.ts
+++ b/src/lib/tools/HTMLElement.prototype.prepend.ts
@ -0,0 +1,9 @@
+if (!HTMLElement.prototype.prepend) {
+    HTMLElement.prototype.prepend = function (childNode) {
+        if (typeof childNode === "string") {
+            throw new Error("Error with HTMLElement.prototype.appendFirst polyfill");
+        }
+
+        this.insertBefore(childNode, this.firstChild);
+    };
+}
--- a/src/lib/tools/ReactComponent.ts
+++ b/src/lib/tools/ReactComponent.ts
@ -0,0 +1,4 @@
+/* eslint-disable @typescript-eslint/ban-types */
+import type { FC, ComponentClass } from "react";
+
+export type ReactComponent<Props extends Record<string, unknown> = {}> = ((props: Props) => ReturnType<FC>) | ComponentClass<Props>;
--- a/src/lib/tools/allPropertiesValuesToUndefined.ts
+++ b/src/lib/tools/allPropertiesValuesToUndefined.ts
@ -1,10 +1,5 @@
-
-
 import "minimal-polyfills/Object.fromEntries";

 export function allPropertiesValuesToUndefined<T extends Record<string, unknown>>(obj: T): Record<keyof T, undefined> {
-    return Object.fromEntries(
-        Object.entries(obj)
-            .map(([key]) => [key, undefined])
-    ) as any;
+    return Object.fromEntries(Object.entries(obj).map(([key]) => [key, undefined])) as any;
 }
--- a/src/lib/tools/appendHead.ts
+++ b/src/lib/tools/appendHead.ts
@ -1,49 +0,0 @@
-
-import { Deferred } from "evt/tools/Deferred";
-
-export function appendHead(
-    params: {
-        type: "css";
-        href: string;
-    } | {
-        type: "javascript";
-        src: string;
-    }
-) {
-
-    const htmlElement = document.createElement(
-        (() => {
-            switch (params.type) {
-                case "css": return "link";
-                case "javascript": return "script";
-            }
-        })()
-    );
-
-    const dLoaded = new Deferred<void>();
-
-    htmlElement.addEventListener("load", () => dLoaded.resolve());
-
-    Object.assign(
-        htmlElement,
-        (() => {
-            switch (params.type) {
-                case "css": return {
-                    "href": params.href,
-                    "type": "text/css",
-                    "rel": "stylesheet",
-                    "media": "screen,print"
-                };
-                case "javascript": return {
-                    "src": params.src,
-                    "type": "text/javascript",
-                };
-            }
-        })()
-    );
-
-    document.getElementsByTagName("head")[0].appendChild(htmlElement);
-
-    return dLoaded.pr;
-
-}
--- a/src/lib/tools/assert.ts
+++ b/src/lib/tools/assert.ts
@ -1,2 +1 @@
-
-export { assert } from "tsafe/assert";
+export { assert } from "tsafe/assert";
--- a/src/lib/tools/deepAssign.ts
+++ b/src/lib/tools/deepAssign.ts
@ -1,59 +1,44 @@
-
 import { assert } from "tsafe/assert";
 import { is } from "tsafe/is";
+import { deepClone } from "./deepClone";

 //Warning: Be mindful that because of array this is not idempotent.
-export function deepAssign(
-	params: {
-		target: Record<string, unknown>;
-		source: Record<string, unknown>;
-	}
-) {
+export function deepAssign(params: { target: Record<string, unknown>; source: Record<string, unknown> }) {
+    const { target } = params;

-	const { target, source } = params;
+    const source = deepClone(params.source);

-	Object.keys(source).forEach(key => {
-		var dereferencedSource = source[key];
+    Object.keys(source).forEach(key => {
+        var dereferencedSource = source[key];

-		if (
-			target[key] === undefined ||
-			!(dereferencedSource instanceof Object)
-		) {
+        if (target[key] === undefined || !(dereferencedSource instanceof Object)) {
+            Object.defineProperty(target, key, {
+                "enumerable": true,
+                "writable": true,
+                "configurable": true,
+                "value": dereferencedSource,
+            });

-			Object.defineProperty(
-				target,
-				key,
-				{
-					"enumerable": true,
-					"writable": true,
-					"configurable": true,
-					"value": dereferencedSource
-				}
-			);
+            return;
+        }

-			return;
-		}
+        const dereferencedTarget = target[key];

-		const dereferencedTarget = target[key];
+        if (dereferencedSource instanceof Array) {
+            assert(is<unknown[]>(dereferencedTarget));
+            assert(is<unknown[]>(dereferencedSource));

-		if (dereferencedSource instanceof Array) {
+            dereferencedSource.forEach(entry => dereferencedTarget.push(entry));

-			assert(is<unknown[]>(dereferencedTarget));
-			assert(is<unknown[]>(dereferencedSource));
+            return;
+        }

-			dereferencedSource.forEach(entry => dereferencedTarget.push(entry));
+        assert(is<Record<string, unknown>>(dereferencedTarget));
+        assert(is<Record<string, unknown>>(dereferencedSource));

-			return;
-		}
-
-		assert(is<Record<string, unknown>>(dereferencedTarget));
-		assert(is<Record<string, unknown>>(dereferencedSource));
-
-		deepAssign({
-			"target": dereferencedTarget,
-			"source": dereferencedSource
-		});
-
-	});
-
-}
+        deepAssign({
+            "target": dereferencedTarget,
+            "source": dereferencedSource,
+        });
+    });
+}
--- a/src/lib/tools/deepClone.ts
+++ b/src/lib/tools/deepClone.ts
@ -1,4 +1,17 @@
+import "minimal-polyfills/Object.fromEntries";

-export function deepClone<T>(arg: T): T {
-	return JSON.parse(JSON.stringify(arg));
-}
+export function deepClone<T>(o: T): T {
+    if (!(o instanceof Object)) {
+        return o;
+    }
+
+    if (typeof o === "function") {
+        return o;
+    }
+
+    if (o instanceof Array) {
+        return o.map(deepClone) as any;
+    }
+
+    return Object.fromEntries(Object.entries(o).map(([key, value]) => [key, deepClone(value)])) as any;
+}
--- a/src/lib/tools/emailRegExp.ts
+++ b/src/lib/tools/emailRegExp.ts
@ -0,0 +1,2 @@
+export const emailRegexp =
+    /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
--- a/src/lib/tools/headInsert.ts
+++ b/src/lib/tools/headInsert.ts
@ -0,0 +1,70 @@
+import "./HTMLElement.prototype.prepend";
+import { Deferred } from "evt/tools/Deferred";
+
+export function headInsert(
+    params:
+        | {
+              type: "css";
+              href: string;
+              position: "append" | "prepend";
+          }
+        | {
+              type: "javascript";
+              src: string;
+          },
+) {
+    const htmlElement = document.createElement(
+        (() => {
+            switch (params.type) {
+                case "css":
+                    return "link";
+                case "javascript":
+                    return "script";
+            }
+        })(),
+    );
+
+    const dLoaded = new Deferred<void>();
+
+    htmlElement.addEventListener("load", () => dLoaded.resolve());
+
+    Object.assign(
+        htmlElement,
+        (() => {
+            switch (params.type) {
+                case "css":
+                    return {
+                        "href": params.href,
+                        "type": "text/css",
+                        "rel": "stylesheet",
+                        "media": "screen,print",
+                    };
+                case "javascript":
+                    return {
+                        "src": params.src,
+                        "type": "text/javascript",
+                    };
+            }
+        })(),
+    );
+
+    document.getElementsByTagName("head")[0][
+        (() => {
+            switch (params.type) {
+                case "javascript":
+                    return "appendChild";
+                case "css":
+                    return (() => {
+                        switch (params.position) {
+                            case "append":
+                                return "appendChild";
+                            case "prepend":
+                                return "prepend";
+                        }
+                    })();
+            }
+        })()
+    ](htmlElement);
+
+    return dLoaded.pr;
+}
--- a/src/lib/tools/pathBasename.ts
+++ b/src/lib/tools/pathBasename.ts
@ -0,0 +1,3 @@
+export function pathBasename(path: string) {
+    return path.split("/").reverse()[0];
+}
--- a/src/lib/tools/pathJoin.ts
+++ b/src/lib/tools/pathJoin.ts
@ -0,0 +1,6 @@
+export function pathJoin(...path: string[]): string {
+    return path
+        .map((part, i) => (i === 0 ? part : part.replace(/^\/+/, "")))
+        .map((part, i) => (i === path.length - 1 ? part : part.replace(/\/+$/, "")))
+        .join("/");
+}
--- a/src/lib/useFormValidationSlice.tsx
+++ b/src/lib/useFormValidationSlice.tsx
@ -0,0 +1,476 @@
+import "./tools/Array.prototype.every";
+import { useMemo, useReducer, Fragment } from "react";
+import type { KcContextBase, Validators, Attribute } from "./getKcContext/KcContextBase";
+import { useKcMessage } from "./i18n/useKcMessage";
+import { useConstCallback } from "powerhooks/useConstCallback";
+import { id } from "tsafe/id";
+import type { MessageKey } from "./i18n/useKcMessage";
+import { emailRegexp } from "./tools/emailRegExp";
+
+export type KcContextLike = {
+    messagesPerField: Pick<KcContextBase.Common["messagesPerField"], "existsError" | "get">;
+    attributes: { name: string; value?: string; validators: Validators }[];
+    passwordRequired: boolean;
+    realm: { registrationEmailAsUsername: boolean };
+};
+
+export function useGetErrors(params: {
+    kcContext: {
+        messagesPerField: Pick<KcContextBase.Common["messagesPerField"], "existsError" | "get">;
+        profile: {
+            attributes: { name: string; value?: string; validators: Validators }[];
+        };
+    };
+}) {
+    const {
+        kcContext: {
+            messagesPerField,
+            profile: { attributes },
+        },
+    } = params;
+
+    const { msg, msgStr, advancedMsg, advancedMsgStr } = useKcMessage();
+
+    const getErrors = useConstCallback((params: { name: string; fieldValueByAttributeName: Record<string, { value: string }> }) => {
+        const { name, fieldValueByAttributeName } = params;
+
+        const { value } = fieldValueByAttributeName[name];
+
+        const { value: defaultValue, validators } = attributes.find(attribute => attribute.name === name)!;
+
+        block: {
+            if (defaultValue !== value) {
+                break block;
+            }
+
+            let doesErrorExist: boolean;
+
+            try {
+                doesErrorExist = messagesPerField.existsError(name);
+            } catch {
+                break block;
+            }
+
+            if (!doesErrorExist) {
+                break block;
+            }
+
+            const errorMessageStr = messagesPerField.get(name);
+
+            return [
+                {
+                    "validatorName": undefined,
+                    errorMessageStr,
+                    "errorMessage": <span key={0}>{errorMessageStr}</span>,
+                },
+            ];
+        }
+
+        const errors: {
+            errorMessage: JSX.Element;
+            errorMessageStr: string;
+            validatorName: keyof Validators | undefined;
+        }[] = [];
+
+        scope: {
+            const validatorName = "length";
+
+            const validator = validators[validatorName];
+
+            if (validator === undefined) {
+                break scope;
+            }
+
+            const { "ignore.empty.value": ignoreEmptyValue = false, max, min } = validator;
+
+            if (ignoreEmptyValue && value === "") {
+                break scope;
+            }
+
+            if (max !== undefined && value.length > parseInt(max)) {
+                const msgArgs = ["error-invalid-length-too-long", max] as const;
+
+                errors.push({
+                    "errorMessage": <Fragment key={errors.length}>{msg(...msgArgs)}</Fragment>,
+                    "errorMessageStr": msgStr(...msgArgs),
+                    validatorName,
+                });
+            }
+
+            if (min !== undefined && value.length < parseInt(min)) {
+                const msgArgs = ["error-invalid-length-too-short", min] as const;
+
+                errors.push({
+                    "errorMessage": <Fragment key={errors.length}>{msg(...msgArgs)}</Fragment>,
+                    "errorMessageStr": msgStr(...msgArgs),
+                    validatorName,
+                });
+            }
+        }
+
+        scope: {
+            const validatorName = "_compareToOther";
+
+            const validator = validators[validatorName];
+
+            if (validator === undefined) {
+                break scope;
+            }
+
+            const { "ignore.empty.value": ignoreEmptyValue = false, name: otherName, shouldBe, "error-message": errorMessageKey } = validator;
+
+            if (ignoreEmptyValue && value === "") {
+                break scope;
+            }
+
+            const { value: otherValue } = fieldValueByAttributeName[otherName];
+
+            const isValid = (() => {
+                switch (shouldBe) {
+                    case "different":
+                        return otherValue !== value;
+                    case "equal":
+                        return otherValue === value;
+                }
+            })();
+
+            if (isValid) {
+                break scope;
+            }
+
+            const msgArg = [
+                errorMessageKey ??
+                    id<MessageKey>(
+                        (() => {
+                            switch (shouldBe) {
+                                case "equal":
+                                    return "shouldBeEqual";
+                                case "different":
+                                    return "shouldBeDifferent";
+                            }
+                        })(),
+                    ),
+                otherName,
+                name,
+                shouldBe,
+            ] as const;
+
+            errors.push({
+                validatorName,
+                "errorMessage": <Fragment key={errors.length}>{advancedMsg(...msgArg)}</Fragment>,
+                "errorMessageStr": advancedMsgStr(...msgArg),
+            });
+        }
+
+        scope: {
+            const validatorName = "pattern";
+
+            const validator = validators[validatorName];
+
+            if (validator === undefined) {
+                break scope;
+            }
+
+            const { "ignore.empty.value": ignoreEmptyValue = false, pattern, "error-message": errorMessageKey } = validator;
+
+            if (ignoreEmptyValue && value === "") {
+                break scope;
+            }
+
+            if (new RegExp(pattern).test(value)) {
+                break scope;
+            }
+
+            const msgArgs = [errorMessageKey ?? id<MessageKey>("shouldMatchPattern"), pattern] as const;
+
+            errors.push({
+                validatorName,
+                "errorMessage": <Fragment key={errors.length}>{advancedMsg(...msgArgs)}</Fragment>,
+                "errorMessageStr": advancedMsgStr(...msgArgs),
+            });
+        }
+
+        scope: {
+            if ([...errors].reverse()[0]?.validatorName === "pattern") {
+                break scope;
+            }
+
+            const validatorName = "email";
+
+            const validator = validators[validatorName];
+
+            if (validator === undefined) {
+                break scope;
+            }
+
+            const { "ignore.empty.value": ignoreEmptyValue = false } = validator;
+
+            if (ignoreEmptyValue && value === "") {
+                break scope;
+            }
+
+            if (emailRegexp.test(value)) {
+                break scope;
+            }
+
+            const msgArgs = [id<MessageKey>("invalidEmailMessage")] as const;
+
+            errors.push({
+                validatorName,
+                "errorMessage": <Fragment key={errors.length}>{msg(...msgArgs)}</Fragment>,
+                "errorMessageStr": msgStr(...msgArgs),
+            });
+        }
+
+        scope: {
+            const validatorName = "integer";
+
+            const validator = validators[validatorName];
+
+            if (validator === undefined) {
+                break scope;
+            }
+
+            const { "ignore.empty.value": ignoreEmptyValue = false, max, min } = validator;
+
+            if (ignoreEmptyValue && value === "") {
+                break scope;
+            }
+
+            const intValue = parseInt(value);
+
+            if (isNaN(intValue)) {
+                const msgArgs = ["mustBeAnInteger"] as const;
+
+                errors.push({
+                    validatorName,
+                    "errorMessage": <Fragment key={errors.length}>{msg(...msgArgs)}</Fragment>,
+                    "errorMessageStr": msgStr(...msgArgs),
+                });
+
+                break scope;
+            }
+
+            if (max !== undefined && intValue > parseInt(max)) {
+                const msgArgs = ["error-number-out-of-range-too-big", max] as const;
+
+                errors.push({
+                    validatorName,
+                    "errorMessage": <Fragment key={errors.length}>{msg(...msgArgs)}</Fragment>,
+                    "errorMessageStr": msgStr(...msgArgs),
+                });
+
+                break scope;
+            }
+
+            if (min !== undefined && intValue < parseInt(min)) {
+                const msgArgs = ["error-number-out-of-range-too-small", min] as const;
+
+                errors.push({
+                    validatorName,
+                    "errorMessage": <Fragment key={errors.length}>{msg(...msgArgs)}</Fragment>,
+                    "errorMessageStr": msgStr(...msgArgs),
+                });
+
+                break scope;
+            }
+        }
+
+        scope: {
+            const validatorName = "options";
+
+            const validator = validators[validatorName];
+
+            if (validator === undefined) {
+                break scope;
+            }
+
+            if (value === "") {
+                break scope;
+            }
+
+            if (validator.options.indexOf(value) >= 0) {
+                break scope;
+            }
+
+            const msgArgs = [id<MessageKey>("notAValidOption")] as const;
+
+            errors.push({
+                validatorName,
+                "errorMessage": <Fragment key={errors.length}>{advancedMsg(...msgArgs)}</Fragment>,
+                "errorMessageStr": advancedMsgStr(...msgArgs),
+            });
+        }
+
+        //TODO: Implement missing validators.
+
+        return errors;
+    });
+
+    return { getErrors };
+}
+
+export function useFormValidationSlice(params: {
+    kcContext: {
+        messagesPerField: Pick<KcContextBase.Common["messagesPerField"], "existsError" | "get">;
+        profile: {
+            attributes: Attribute[];
+        };
+        passwordRequired: boolean;
+        realm: { registrationEmailAsUsername: boolean };
+    };
+    /** NOTE: Try to avoid passing a new ref every render for better performances. */
+    passwordValidators?: Validators;
+}) {
+    const {
+        kcContext,
+        passwordValidators = {
+            "length": {
+                "ignore.empty.value": true,
+                "min": "4",
+            },
+        },
+    } = params;
+
+    const attributesWithPassword = useMemo(
+        () =>
+            !kcContext.passwordRequired
+                ? kcContext.profile.attributes
+                : (() => {
+                      const name = kcContext.realm.registrationEmailAsUsername ? "email" : "username";
+
+                      return kcContext.profile.attributes.reduce<Attribute[]>(
+                          (prev, curr) => [
+                              ...prev,
+                              ...(curr.name !== name
+                                  ? [curr]
+                                  : [
+                                        curr,
+                                        id<Attribute>({
+                                            "name": "password",
+                                            "displayName": id<`\${${MessageKey}}`>("${password}"),
+                                            "required": true,
+                                            "readOnly": false,
+                                            "validators": passwordValidators,
+                                            "annotations": {},
+                                            "groupAnnotations": {},
+                                            "autocomplete": "new-password",
+                                        }),
+                                        id<Attribute>({
+                                            "name": "password-confirm",
+                                            "displayName": id<`\${${MessageKey}}`>("${passwordConfirm}"),
+                                            "required": true,
+                                            "readOnly": false,
+                                            "validators": {
+                                                "_compareToOther": {
+                                                    "name": "password",
+                                                    "ignore.empty.value": true,
+                                                    "shouldBe": "equal",
+                                                    "error-message": id<`\${${MessageKey}}`>("${invalidPasswordConfirmMessage}"),
+                                                },
+                                            },
+                                            "annotations": {},
+                                            "groupAnnotations": {},
+                                            "autocomplete": "new-password",
+                                        }),
+                                    ]),
+                          ],
+                          [],
+                      );
+                  })(),
+        [kcContext, passwordValidators],
+    );
+
+    const { getErrors } = useGetErrors({
+        "kcContext": {
+            "messagesPerField": kcContext.messagesPerField,
+            "profile": {
+                "attributes": attributesWithPassword,
+            },
+        },
+    });
+
+    const initialInternalState = useMemo(
+        () =>
+            Object.fromEntries(
+                attributesWithPassword
+                    .map(attribute => ({
+                        attribute,
+                        "errors": getErrors({
+                            "name": attribute.name,
+                            "fieldValueByAttributeName": Object.fromEntries(
+                                attributesWithPassword.map(({ name, value }) => [name, { "value": value ?? "" }]),
+                            ),
+                        }),
+                    }))
+                    .map(({ attribute, errors }) => [
+                        attribute.name,
+                        {
+                            "value": attribute.value ?? "",
+                            errors,
+                            "doDisplayPotentialErrorMessages": errors.length !== 0,
+                        },
+                    ]),
+            ),
+        [attributesWithPassword],
+    );
+
+    type InternalState = typeof initialInternalState;
+
+    const [formValidationInternalState, formValidationReducer] = useReducer(
+        (
+            state: InternalState,
+            params:
+                | {
+                      action: "update value";
+                      name: string;
+                      newValue: string;
+                  }
+                | {
+                      action: "focus lost";
+                      name: string;
+                  },
+        ): InternalState => ({
+            ...state,
+            [params.name]: {
+                ...state[params.name],
+                ...(() => {
+                    switch (params.action) {
+                        case "focus lost":
+                            return { "doDisplayPotentialErrorMessages": true };
+                        case "update value":
+                            return {
+                                "value": params.newValue,
+                                "errors": getErrors({
+                                    "name": params.name,
+                                    "fieldValueByAttributeName": {
+                                        ...state,
+                                        [params.name]: { "value": params.newValue },
+                                    },
+                                }),
+                            };
+                    }
+                })(),
+            },
+        }),
+        initialInternalState,
+    );
+
+    const formValidationState = useMemo(
+        () => ({
+            "fieldStateByAttributeName": Object.fromEntries(
+                Object.entries(formValidationInternalState).map(([name, { value, errors, doDisplayPotentialErrorMessages }]) => [
+                    name,
+                    { value, "displayableErrors": doDisplayPotentialErrorMessages ? errors : [] },
+                ]),
+            ),
+            "isFormSubmittable": Object.entries(formValidationInternalState).every(
+                ([name, { value, errors }]) =>
+                    errors.length === 0 && (value !== "" || !attributesWithPassword.find(attribute => attribute.name === name)!.required),
+            ),
+        }),
+        [formValidationInternalState, attributesWithPassword],
+    );
+
+    return { formValidationState, formValidationReducer, attributesWithPassword };
+}
--- a/src/test/bin/generateKeycloakThemeResources.ts
+++ b/src/test/bin/generateKeycloakThemeResources.ts
@ -1,10 +1,6 @@
-
 import { join as pathJoin } from "path";
 import { generateKeycloakThemeResources } from "../../bin/build-keycloak-theme/generateKeycloakThemeResources";
-import {
-    setupSampleReactProject,
-    sampleReactProjectDirPath
-} from "./setupSampleReactProject";
+import { setupSampleReactProject, sampleReactProjectDirPath } from "./setupSampleReactProject";

 setupSampleReactProject();

@ -12,10 +8,10 @@ generateKeycloakThemeResources({
    "themeName": "keycloakify-demo-app",
    "reactAppBuildDirPath": pathJoin(sampleReactProjectDirPath, "build"),
    "keycloakThemeBuildingDirPath": pathJoin(sampleReactProjectDirPath, "build_keycloak_theme"),
+    "keycloakThemeEmailDirPath": pathJoin(sampleReactProjectDirPath, "keycloak_theme_email"),
    "urlPathname": "/keycloakify-demo-app/",
    "urlOrigin": undefined,
    "extraPagesId": ["my-custom-page.ftl"],
    "extraThemeProperties": ["env=test"],
-    "keycloakVersion": "11.0.3"
+    "keycloakVersion": "11.0.3",
 });
-
--- a/src/test/bin/main.ts
+++ b/src/test/bin/main.ts
@ -1,24 +1,16 @@
-
-
-import {
-    setupSampleReactProject,
-    sampleReactProjectDirPath
-} from "./setupSampleReactProject";
+import { setupSampleReactProject, sampleReactProjectDirPath } from "./setupSampleReactProject";
 import * as st from "scripting-tools";
 import { join as pathJoin } from "path";
 import { getProjectRoot } from "../../bin/tools/getProjectRoot";

 setupSampleReactProject();

-const binDirPath= pathJoin(getProjectRoot(), "dist", "bin");
+const binDirPath = pathJoin(getProjectRoot(), "dist", "bin");

 st.execSyncTrace(
    //`node ${pathJoin(binDirPath, "build-keycloak-theme")} --external-assets`,
    `node ${pathJoin(binDirPath, "build-keycloak-theme")}`,
-    { "cwd": sampleReactProjectDirPath }
+    { "cwd": sampleReactProjectDirPath },
 );

-st.execSyncTrace(
-    `node ${pathJoin(binDirPath, "download-builtin-keycloak-theme")}`,
-    { "cwd": sampleReactProjectDirPath }
-);
+st.execSyncTrace(`node ${pathJoin(binDirPath, "download-builtin-keycloak-theme")}`, { "cwd": sampleReactProjectDirPath });
--- a/src/test/bin/replaceImportFromStatic.ts
+++ b/src/test/bin/replaceImportFromStatic.ts
@ -1,8 +1,7 @@
-
-import { 
+import {
    replaceImportsFromStaticInJsCode,
    replaceImportsInCssCode,
-    generateCssCodeToDefineGlobals
+    generateCssCodeToDefineGlobals,
 } from "../../bin/build-keycloak-theme/replaceImportFromStatic";

 const { fixedJsCode } = replaceImportsFromStaticInJsCode({
@ -19,7 +18,7 @@ const { fixedJsCode } = replaceImportsFromStaticInJsCode({
            }[e] + ".chunk.js"
        }
    `,
-    "urlOrigin": undefined
+    "urlOrigin": undefined,
 });

 const { fixedJsCode: fixedJsCodeExternal } = replaceImportsFromStaticInJsCode({
@ -36,10 +35,10 @@ const { fixedJsCode: fixedJsCodeExternal } = replaceImportsFromStaticInJsCode({
            }[e] + ".chunk.js"
        }
    `,
-    "urlOrigin": "https://www.example.com"
+    "urlOrigin": "https://www.example.com",
 });

-console.log({ fixedJsCode, fixedJsCodeExternal });
+console.log({ fixedJsCode, fixedJsCodeExternal });

 const { fixedCssCode, cssGlobalsToDefine } = replaceImportsInCssCode({
    "cssCode": `
@ -55,13 +54,14 @@ const { fixedCssCode, cssGlobalsToDefine } = replaceImportsInCssCode({
    .my-div {
        background-image: url(/static/media/something.svg);
    }
-    `
+    `,
 });

-
 console.log({ fixedCssCode, cssGlobalsToDefine });

+const { cssCodeToPrependInHead } = generateCssCodeToDefineGlobals({
+    cssGlobalsToDefine,
+    "urlPathname": "/",
+});

-const { cssCodeToPrependInHead } = generateCssCodeToDefineGlobals({ cssGlobalsToDefine, "urlPathname": "/" });
-
-console.log({ cssCodeToPrependInHead });
+console.log({ cssCodeToPrependInHead });
--- a/src/test/bin/setupSampleReactProject.ts
+++ b/src/test/bin/setupSampleReactProject.ts
@ -1,4 +1,3 @@
-
 import { getProjectRoot } from "../../bin/tools/getProjectRoot";
 import { join as pathJoin } from "path";
 import { downloadAndUnzip } from "../../bin/tools/downloadAndUnzip";
@ -6,9 +5,8 @@ import { downloadAndUnzip } from "../../bin/tools/downloadAndUnzip";
 export const sampleReactProjectDirPath = pathJoin(getProjectRoot(), "sample_react_project");

 export function setupSampleReactProject() {
-
    downloadAndUnzip({
        "url": "https://github.com/garronej/keycloakify/releases/download/v0.0.1/sample_build_dir_and_package_json.zip",
-        "destDirPath": sampleReactProjectDirPath
+        "destDirPath": sampleReactProjectDirPath,
    });
 }
--- a/src/test/lib/getKcContext.ts
+++ b/src/test/lib/getKcContext.ts
@ -1,250 +1,242 @@
-
 import { getKcContext } from "../../lib/getKcContext";
 import type { KcContextBase } from "../../lib/getKcContext";
-import type { ExtendsKcContextBase } from "../../lib/getKcContext/getKcContext";
+import type { ExtendsKcContextBase } from "../../lib/getKcContext";
 import { same } from "evt/tools/inDepth";
-import { doExtends } from "tsafe/doExtends";
 import { assert } from "tsafe/assert";
+import type { Equals } from "tsafe";
 import { kcContextMocks, kcContextCommonMock } from "../../lib/getKcContext/kcContextMocks";
 import { deepClone } from "../../lib/tools/deepClone";
-import type { Any } from "ts-toolbelt";

 {
+    const authorizedMailDomains = ["example.com", "another-example.com", "*.yet-another-example.com", "*.example.com", "hello-world.com"];
+
+    const displayName = "this is an overwritten common value";
+
+    const aNonStandardValue1 = "a non standard value 1";
+    const aNonStandardValue2 = "a non standard value 2";
+
+    type KcContextExtended =
+        | {
+              pageId: "register.ftl";
+              authorizedMailDomains: string[];
+          }
+        | {
+              pageId: "info.ftl";
+              aNonStandardValue1: string;
+          }
+        | {
+              pageId: "my-extra-page-1.ftl";
+          }
+        | {
+              pageId: "my-extra-page-2.ftl";
+              aNonStandardValue2: string;
+          };
+
+    const getKcContextProxy = (params: { mockPageId: ExtendsKcContextBase<KcContextExtended>["pageId"] }) => {
+        const { mockPageId } = params;
+
+        const { kcContext } = getKcContext<KcContextExtended>({
+            mockPageId,
+            "mockData": [
+                {
+                    "pageId": "login.ftl",
+                    "realm": { displayName },
+                },
+                {
+                    "pageId": "info.ftl",
+                    aNonStandardValue1,
+                },
+                {
+                    "pageId": "register.ftl",
+                    authorizedMailDomains,
+                },
+                {
+                    "pageId": "my-extra-page-2.ftl",
+                    aNonStandardValue2,
+                },
+            ],
+        });
+
+        return { kcContext };
+    };
+
+    {
+        const pageId = "login.ftl";
+
+        const { kcContext } = getKcContextProxy({ "mockPageId": pageId });
+
+        assert(kcContext?.pageId === pageId);
+
+        assert<Equals<typeof kcContext, KcContextBase.Login>>();
+
+        assert(
+            same(
+                //NOTE: deepClone for printIfExists or other functions...
+                deepClone(kcContext),
+                (() => {
+                    const mock = deepClone(kcContextMocks.find(({ pageId: pageId_i }) => pageId_i === pageId)!);
+
+                    mock.realm.displayName = displayName;
+
+                    return mock;
+                })(),
+            ),
+        );
+
+        console.log(`PASS ${pageId}`);
+    }
+
+    {
+        const pageId = "info.ftl";
+
+        const { kcContext } = getKcContextProxy({ "mockPageId": pageId });
+
+        assert(kcContext?.pageId === pageId);
+
+        //NOTE: I don't understand the need to add: pageId: typeof pageId; ...
+        assert<
+            Equals<
+                typeof kcContext,
+                KcContextBase.Info & {
+                    pageId: typeof pageId;
+                    aNonStandardValue1: string;
+                }
+            >
+        >();
+
+        assert(
+            same(
+                deepClone(kcContext),
+                (() => {
+                    const mock = deepClone(kcContextMocks.find(({ pageId: pageId_i }) => pageId_i === pageId)!);
+
+                    Object.assign(mock, { aNonStandardValue1 });
+
+                    return mock;
+                })(),
+            ),
+        );
+
+        console.log(`PASS ${pageId}`);
+    }
+
+    {
+        const pageId = "register.ftl";
+
+        const { kcContext } = getKcContextProxy({ "mockPageId": pageId });
+
+        assert(kcContext?.pageId === pageId);
+
+        //NOTE: I don't understand the need to add: pageId: typeof pageId; ...
+        assert<
+            Equals<
+                typeof kcContext,
+                KcContextBase.Register & {
+                    pageId: typeof pageId;
+                    authorizedMailDomains: string[];
+                }
+            >
+        >();
+
+        assert(
+            same(
+                deepClone(kcContext),
+                (() => {
+                    const mock = deepClone(kcContextMocks.find(({ pageId: pageId_i }) => pageId_i === pageId)!);

-	const authorizedMailDomains = [
-		"example.com",
-		"another-example.com",
-		"*.yet-another-example.com",
-		"*.example.com",
-		"hello-world.com"
-	];
+                    Object.assign(mock, { authorizedMailDomains });

-	const displayName = "this is an overwritten common value";
+                    return mock;
+                })(),
+            ),
+        );

-	const aNonStandardValue1 = "a non standard value 1";
-	const aNonStandardValue2 = "a non standard value 2";
+        console.log(`PASS ${pageId}`);
+    }

-	type KcContextExtended = {
-		pageId: "register.ftl";
-		authorizedMailDomains: string[];
-	} | {
-		pageId: "info.ftl";
-		aNonStandardValue1: string;
-	} | {
-		pageId: "my-extra-page-1.ftl";
-	} | {
-		pageId: "my-extra-page-2.ftl";
-		aNonStandardValue2: string;
-	};
+    {
+        const pageId = "my-extra-page-2.ftl";

-	const getKcContextProxy = (
-		params: {
-			mockPageId: ExtendsKcContextBase<KcContextExtended>["pageId"];
-		}
-	) => {
+        const { kcContext } = getKcContextProxy({ "mockPageId": pageId });

-		const { mockPageId } = params;
+        assert(kcContext?.pageId === pageId);

-		const { kcContext } = getKcContext<KcContextExtended>({
-			mockPageId,
-			"mockData": [
-				{
-					"pageId": "login.ftl",
-					"realm": { displayName }
-				},
-				{
-					"pageId": "info.ftl",
-					aNonStandardValue1
-				},
-				{
-					"pageId": "register.ftl",
-					authorizedMailDomains
-				},
-				{
-					"pageId": "my-extra-page-2.ftl",
-					aNonStandardValue2
-				}
-			]
-		});
+        assert<
+            Equals<
+                typeof kcContext,
+                KcContextBase.Common & {
+                    pageId: typeof pageId;
+                    aNonStandardValue2: string;
+                }
+            >
+        >();

-		return { kcContext };
+        kcContext.aNonStandardValue2;

-	};
+        assert(
+            same(
+                deepClone(kcContext),
+                (() => {
+                    const mock = deepClone(kcContextCommonMock);

-	{
+                    Object.assign(mock, { pageId, aNonStandardValue2 });

-		const pageId = "login.ftl";
+                    return mock;
+                })(),
+            ),
+        );

-		const { kcContext } = getKcContextProxy({ "mockPageId": pageId });
+        console.log(`PASS ${pageId}`);
+    }

-		assert(kcContext?.pageId === pageId);
+    {
+        const pageId = "my-extra-page-1.ftl";

-		doExtends<Any.Equals<typeof kcContext, KcContextBase.Login>, 1>();
+        console.log("We expect a warning here =>");

-		assert(same(
-			//NOTE: deepClone for printIfExists or other functions...
-			deepClone(kcContext),
-			(() => {
+        const { kcContext } = getKcContextProxy({ "mockPageId": pageId });

-				const mock = deepClone(kcContextMocks.find(({ pageId: pageId_i }) => pageId_i === pageId)!);
+        assert(kcContext?.pageId === pageId);

-				mock.realm.displayName = displayName;
+        assert<Equals<typeof kcContext, KcContextBase.Common & { pageId: typeof pageId }>>();

-				return mock;
+        assert(
+            same(
+                deepClone(kcContext),
+                (() => {
+                    const mock = deepClone(kcContextCommonMock);

-			})()
-		));
+                    Object.assign(mock, { pageId });

-		console.log(`PASS ${pageId}`);
-
-	}
-
-	{
-		const pageId = "info.ftl";
-
-		const { kcContext } = getKcContextProxy({ "mockPageId": pageId });
-
-		assert(kcContext?.pageId === pageId);
-
-		//NOTE: I don't understand the need to add: pageId: typeof pageId; ...
-		doExtends<Any.Equals<typeof kcContext, KcContextBase.Info & { pageId: typeof pageId; aNonStandardValue1: string; }>, 1>();
-
-		assert(same(
-			deepClone(kcContext),
-			(() => {
-
-				const mock = deepClone(kcContextMocks.find(({ pageId: pageId_i }) => pageId_i === pageId)!);
-
-				Object.assign(mock, { aNonStandardValue1 });
-
-				return mock;
-
-			})()
-		));
-
-		console.log(`PASS ${pageId}`);
-
-	}
-
-	{
-		const pageId = "register.ftl";
-
-		const { kcContext } = getKcContextProxy({ "mockPageId": pageId });
-
-		assert(kcContext?.pageId === pageId);
-
-		//NOTE: I don't understand the need to add: pageId: typeof pageId; ...
-		doExtends<Any.Equals<typeof kcContext, KcContextBase.Register & { pageId: typeof pageId; authorizedMailDomains: string[]; }>, 1>();
-
-		assert(same(
-			deepClone(kcContext),
-			(() => {
-
-				const mock = deepClone(kcContextMocks.find(({ pageId: pageId_i }) => pageId_i === pageId)!);
-
-				Object.assign(mock, { authorizedMailDomains });
-
-				return mock;
-
-			})()
-		));
-
-		console.log(`PASS ${pageId}`);
-
-	}
-
-	{
-
-		const pageId = "my-extra-page-2.ftl";
-
-		const { kcContext } = getKcContextProxy({ "mockPageId": pageId });
-
-		assert(kcContext?.pageId === pageId);
-
-		doExtends<Any.Equals<typeof kcContext, KcContextBase.Common & { pageId: typeof pageId; aNonStandardValue2: string; }>, 1>();
-
-		kcContext.aNonStandardValue2;
-
-		assert(same(
-			deepClone(kcContext),
-			(() => {
-
-				const mock = deepClone(kcContextCommonMock);
-
-				Object.assign(mock, { pageId, aNonStandardValue2 });
-
-				return mock;
-
-			})()
-		));
-
-		console.log(`PASS ${pageId}`);
-
-	}
-
-	{
-
-		const pageId = "my-extra-page-1.ftl";
-
-		console.log("We expect a warning here =>");
-
-		const { kcContext } = getKcContextProxy({ "mockPageId": pageId });
-
-
-		assert(kcContext?.pageId === pageId);
-
-		doExtends<Any.Equals<typeof kcContext, KcContextBase.Common & { pageId: typeof pageId;  }>, 1>();
-
-		assert(same(
-			deepClone(kcContext),
-			(() => {
-
-				const mock = deepClone(kcContextCommonMock);
-
-				Object.assign(mock, { pageId });
-
-				return mock;
-
-			})()
-		));
-
-		console.log(`PASS ${pageId}`);
-
-	}
+                    return mock;
+                })(),
+            ),
+        );

+        console.log(`PASS ${pageId}`);
+    }
 }

 {
+    const pageId = "login.ftl";

-	const pageId = "login.ftl";
+    const { kcContext } = getKcContext({
+        "mockPageId": pageId,
+    });

-	const { kcContext } = getKcContext({
-		"mockPageId": pageId
-	});
+    assert<Equals<typeof kcContext, KcContextBase | undefined>>();

-	doExtends<Any.Equals<typeof kcContext, KcContextBase | undefined>, 1>();
-
-	assert(same(
-		deepClone(kcContext),
-		deepClone(kcContextMocks.find(({ pageId: pageId_i }) => pageId_i === pageId)!)
-	));
-
-	console.log("PASS no extension");
+    assert(same(deepClone(kcContext), deepClone(kcContextMocks.find(({ pageId: pageId_i }) => pageId_i === pageId)!)));

+    console.log("PASS no extension");
 }

-
 {
+    const { kcContext } = getKcContext();

-	const { kcContext } = getKcContext();
+    assert<Equals<typeof kcContext, KcContextBase | undefined>>();

-	doExtends<Any.Equals<typeof kcContext, KcContextBase | undefined>, 1>();
-
-	assert(kcContext === undefined);
-
-	console.log("PASS no extension, no mock");
+    assert(kcContext === undefined);

+    console.log("PASS no extension, no mock");
 }
-
-
-
--- a/src/test/lib/index.ts
+++ b/src/test/lib/index.ts
@ -1,2 +1 @@
-
-import "./getKcContext";
+import "./getKcContext";
--- a/src/test/lib/tools/AndByDiscriminatingKey.type.ts
+++ b/src/test/lib/tools/AndByDiscriminatingKey.type.ts
@ -1,91 +1,73 @@
-
 import { AndByDiscriminatingKey } from "../../../lib/tools/AndByDiscriminatingKey";
-import { doExtends } from "tsafe/doExtends";
+import { assert } from "tsafe/assert";
+import type { Equals } from "tsafe";

-type Base =
-	{ pageId: "a"; onlyA: string; } |
-	{ pageId: "b"; onlyB: string; } |
-	{ pageId: "only base"; onlyBase: string; };
+type Base = { pageId: "a"; onlyA: string } | { pageId: "b"; onlyB: string } | { pageId: "only base"; onlyBase: string };

-type Extension =
-	{ pageId: "a"; onlyExtA: string; } |
-	{ pageId: "b"; onlyExtB: string; } |
-	{ pageId: "only ext"; onlyExt: string; };
+type Extension = { pageId: "a"; onlyExtA: string } | { pageId: "b"; onlyExtB: string } | { pageId: "only ext"; onlyExt: string };

 type Got = AndByDiscriminatingKey<"pageId", Extension, Base>;

 type Expected =
-	{ pageId: "a"; onlyA: string; onlyExtA: string; } |
-	{ pageId: "b"; onlyB: string; onlyExtB: string; } |
-	{ pageId: "only base"; onlyBase: string; } |
-	{ pageId: "only ext"; onlyExt: string; };
+    | { pageId: "a"; onlyA: string; onlyExtA: string }
+    | { pageId: "b"; onlyB: string; onlyExtB: string }
+    | { pageId: "only base"; onlyBase: string }
+    | { pageId: "only ext"; onlyExt: string };

-doExtends<Got, Expected>();
-doExtends<Expected, Got>();
+assert<Equals<Got, Expected>>();

 const x: Got = null as any;

 if (x.pageId === "a") {
+    x.onlyA;
+    x.onlyExtA;

-	x.onlyA;
-	x.onlyExtA;
+    //@ts-expect-error
+    x.onlyB;

-	//@ts-expect-error
-	x.onlyB;
-
-	//@ts-expect-error
-	x.onlyBase;
-
-	//@ts-expect-error
-	x.onlyExt;
+    //@ts-expect-error
+    x.onlyBase;

+    //@ts-expect-error
+    x.onlyExt;
 }

-
 if (x.pageId === "b") {
+    x.onlyB;
+    x.onlyExtB;

-	x.onlyB;
-	x.onlyExtB;
+    //@ts-expect-error
+    x.onlyA;

-	//@ts-expect-error
-	x.onlyA;
-
-	//@ts-expect-error
-	x.onlyBase;
-
-	//@ts-expect-error
-	x.onlyExt;
+    //@ts-expect-error
+    x.onlyBase;

+    //@ts-expect-error
+    x.onlyExt;
 }

 if (x.pageId === "only base") {
+    x.onlyBase;

-	x.onlyBase;
+    //@ts-expect-error
+    x.onlyA;

-	//@ts-expect-error
-	x.onlyA;
-
-	//@ts-expect-error
-	x.onlyB;
-
-	//@ts-expect-error
-	x.onlyExt;
+    //@ts-expect-error
+    x.onlyB;

+    //@ts-expect-error
+    x.onlyExt;
 }

 if (x.pageId === "only ext") {
+    x.onlyExt;

-	x.onlyExt;
+    //@ts-expect-error
+    x.onlyA;

+    //@ts-expect-error
+    x.onlyB;

-	//@ts-expect-error
-	x.onlyA;
-
-	//@ts-expect-error
-	x.onlyB;
-
-	//@ts-expect-error
-	x.onlyBase;
-
+    //@ts-expect-error
+    x.onlyBase;
 }
-
--- a/yarn.lock
+++ b/yarn.lock