fix: do not require PKCE for public clients

backend/internal/service/oidc_service.go

@@ -506,7 +506,7 @@ func (s *OidcService) CreateClient(ctx context.Context, input dto.OidcClientCrea
 		LogoutCallbackURLs: input.LogoutCallbackURLs,
 		CreatedByID:        userID,
 		IsPublic:           input.IsPublic,
-		PkceEnabled:        input.IsPublic || input.PkceEnabled,
+		PkceEnabled:        input.PkceEnabled,
 	}
 
 	err := s.db.

frontend/messages/cs-CZ.json

@@ -276,7 +276,7 @@
 	"callback_urls": "URL zpětného volání",
 	"logout_callback_urls": "URL zpětného volání při odhlášení",
 	"public_client": "Veřejný klient",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Veřejní klienti nemají client secret a místo toho používají PKCE. Povolte to, pokud je váš klient SPA nebo mobilní aplikace.",
+	"public_clients_description": "Veřejní klienti nemají client secret a místo toho používají PKCE. Povolte to, pokud je váš klient SPA nebo mobilní aplikace.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Exchange je bezpečnostní funkce, která zabraňuje útokům CSRF a narušení autorizačních kódů.",
 	"name_logo": "Logo {name}",

frontend/messages/de-DE.json

@@ -276,7 +276,7 @@
 	"callback_urls": "Callback URLs",
 	"logout_callback_urls": "Abmelde Callback URLs",
 	"public_client": "Öffentlicher Client",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Öffentliche Clients haben kein Client-Geheimnis und verwenden stattdessen PKCE. Aktiviere dies, wenn dein Client eine SPA oder mobile App ist.",
+	"public_clients_description": "Öffentliche Clients haben kein Client-Geheimnis und verwenden stattdessen PKCE. Aktiviere dies, wenn dein Client eine SPA oder mobile App ist.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Der Public Key Code Exchange (öffentlicher Schlüsselaustausch) ist eine Sicherheitsfunktion, um CSRF Angriffe und Angriffe zum Abfangen von Autorisierungscodes zu verhindern.",
 	"name_logo": "{name} Logo",

frontend/messages/en-US.json

@@ -276,7 +276,7 @@
 	"callback_urls": "Callback URLs",
 	"logout_callback_urls": "Logout Callback URLs",
 	"public_client": "Public Client",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
+	"public_clients_description": "Public clients do not have a client secret. They are designed for mobile, web, and native applications where secrets cannot be securely stored.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
 	"name_logo": "{name} logo",

frontend/messages/es-ES.json

@@ -276,7 +276,7 @@
 	"callback_urls": "Callback URLs",
 	"logout_callback_urls": "Logout Callback URLs",
 	"public_client": "Public Client",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
+	"public_clients_description": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
 	"name_logo": "{name} logo",

frontend/messages/fr-FR.json

@@ -276,7 +276,7 @@
 	"callback_urls": "URL de callback",
 	"logout_callback_urls": "URL de callback de déconnexion",
 	"public_client": "Client public",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Les clients publics n'ont pas de secret client et utilisent PKCE à la place. Activez cette option si votre client est une application SPA ou une application mobile.",
+	"public_clients_description": "Les clients publics n'ont pas de secret client et utilisent PKCE à la place. Activez cette option si votre client est une application SPA ou une application mobile.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Le Public Key Code Exchange est une fonctionnalité de sécurité conçue pour prévenir les attaques CSRF et l’interception de code d’autorisation.",
 	"name_logo": "Logo {name}",

frontend/messages/it-IT.json

@@ -276,7 +276,7 @@
 	"callback_urls": "URL di callback",
 	"logout_callback_urls": "URL di callback per il logout",
 	"public_client": "Client pubblico",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "I client pubblici non hanno un client secret e utilizzano PKCE. Abilita questa opzione se il tuo client è una SPA o un'app mobile.",
+	"public_clients_description": "I client pubblici non hanno un client secret e utilizzano PKCE. Abilita questa opzione se il tuo client è una SPA o un'app mobile.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Il Public Key Code Exchange è una funzionalità di sicurezza per prevenire attacchi CSRF e intercettazione del codice di autorizzazione.",
 	"name_logo": "Logo di {name}",

frontend/messages/nl-NL.json

@@ -276,7 +276,7 @@
 	"callback_urls": "Callback-URL's",
 	"logout_callback_urls": "Callback-URL's voor afmelden",
 	"public_client": "Publieke client",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Publieke clients hebben geen client secret en gebruiken in plaats daarvan PKCE. Schakel dit in als uw client een SPA of mobiele app is.",
+	"public_clients_description": "Publieke clients hebben geen client secret en gebruiken in plaats daarvan PKCE. Schakel dit in als uw client een SPA of mobiele app is.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is een beveiligingsfunctie om CSRF- en autorisatiecode-onderscheppingsaanvallen te voorkomen.",
 	"name_logo": "{name} logo",

frontend/messages/pt-BR.json

@@ -276,7 +276,7 @@
 	"callback_urls": "Callback URLs",
 	"logout_callback_urls": "Logout Callback URLs",
 	"public_client": "Public Client",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
+	"public_clients_description": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
 	"name_logo": "{name} logo",

frontend/messages/pt-PT.json

@@ -276,7 +276,7 @@
 	"callback_urls": "Callback URLs",
 	"logout_callback_urls": "Logout Callback URLs",
 	"public_client": "Public Client",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
+	"public_clients_description": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
 	"name_logo": "{name} logo",

frontend/messages/ru-RU.json

@@ -276,7 +276,7 @@
 	"callback_urls": "Callback URLs",
 	"logout_callback_urls": "Logout Callback URLs",
 	"public_client": "Публичный клиент",
-	"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Публичные клиенты не имеют клиентского секрета и вместо этого используют PKCE. Включите, если ваш клиент является SPA или мобильным приложением.",
+	"public_clients_description": "Публичные клиенты не имеют клиентского секрета и вместо этого используют PKCE. Включите, если ваш клиент является SPA или мобильным приложением.",
 	"pkce": "PKCE",
 	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange — это функция безопасности для предотвращения атак CSRF и перехвата кода авторизации.",
 	"name_logo": "Логотип {name}",

frontend/messages/zh-CN.json

@@ -1,346 +1,346 @@
 {
-    "$schema": "https://inlang.com/schema/inlang-message-format",
-    "my_account": "账户",
-    "logout": "登出",
-    "confirm": "确认",
-    "key": "Key",
-    "value": "Value",
-    "remove_custom_claim": "移除自定义声明",
-    "add_custom_claim": "添加自定义声明",
-    "add_another": "添加另一个",
-    "select_a_date": "选择日期",
-    "select_file": "选择文件",
-    "profile_picture": "头像",
-    "profile_picture_is_managed_by_ldap_server": "头像由 LDAP 服务器管理，无法在此处更改。",
-    "click_profile_picture_to_upload_custom": "点击头像来从文件中上传您的自定义头像。",
-    "image_should_be_in_format": "图片应为 PNG 或 JPEG 格式。",
-    "items_per_page": "每页条数",
-    "no_items_found": "🌱 这里暂时空空如也。",
-    "search": "搜索...",
-    "expand_card": "展开卡片",
-    "copied": "已复制",
-    "click_to_copy": "点击复制",
-    "something_went_wrong": "出了点问题",
-    "go_back_to_home": "返回首页",
-    "dont_have_access_to_your_passkey": "无法使用您的通行密钥？试试其他登录方式。",
-    "login_background": "登录页背景图",
-    "logo": "Logo",
-    "login_code": "临时登录码",
-    "create_a_login_code_to_sign_in_without_a_passkey_once": "创建一个临时登录码，用户可以使用它一次性登录而无需通行密钥。",
-    "one_hour": "1 小时",
-    "twelve_hours": "12 小时",
-    "one_day": "1 天",
-    "one_week": "1 周",
-    "one_month": "1 个月",
-    "expiration": "到期时间",
-    "generate_code": "生成代码",
-    "name": "名称",
-    "browser_unsupported": "浏览器不支持",
-    "this_browser_does_not_support_passkeys": "此浏览器不支持通行密钥。请使用其他登录方式。",
-    "an_unknown_error_occurred": "发生未知错误",
-    "authentication_process_was_aborted": "认证过程被中止",
-    "error_occurred_with_authenticator": "认证器发生错误",
-    "authenticator_does_not_support_discoverable_credentials": "认证器不支持可发现的凭据",
-    "authenticator_does_not_support_resident_keys": "认证器不支持常驻密钥",
-    "passkey_was_previously_registered": "此通行密钥之前已注册",
-    "authenticator_does_not_support_any_of_the_requested_algorithms": "认证器不支持任何请求的算法",
-    "authenticator_timed_out": "认证器超时",
-    "critical_error_occurred_contact_administrator": "发生严重错误。请联系您的管理员。",
-    "sign_in_to": "登录到 {name}",
-    "client_not_found": "客户端未找到",
-    "client_wants_to_access_the_following_information": "<b>{client}</b> 希望访问以下信息：",
-    "do_you_want_to_sign_in_to_client_with_your_app_name_account": "您是否希望使用您的 <b>{appName}</b> 账户登录到 <b>{client}</b>？",
-    "email": "电子邮件",
-    "view_your_email_address": "查看您的电子邮件地址",
-    "profile": "个人资料",
-    "view_your_profile_information": "查看您的个人资料信息",
-    "groups": "群组",
-    "view_the_groups_you_are_a_member_of": "查看您所属的群组",
-    "cancel": "取消",
-    "sign_in": "登录",
-    "try_again": "重试",
-    "client_logo": "客户端标志",
-    "sign_out": "登出",
-    "do_you_want_to_sign_out_of_pocketid_with_the_account": "您是否希望使用账户 <b>{username}</b> 登出 Pocket ID？",
-    "sign_in_to_appname": "登录到 {appName}",
-    "please_try_to_sign_in_again": "请尝试重新登录。",
-    "authenticate_yourself_with_your_passkey_to_access_the_admin_panel": "使用通行密钥或通过临时登录码进行登录",
-    "authenticate": "登录",
-    "appname_setup": "{appName} 设置",
-    "please_try_again": "请重试。",
-    "you_are_about_to_sign_in_to_the_initial_admin_account": "您即将登录到初始管理员账户。在此添加通行密钥之前，任何拥有此链接的人都可以访问该账户。请尽快设置通行密钥以防止未经授权的访问。",
-    "continue": "继续",
-    "alternative_sign_in": "替代登录方式",
-    "if_you_do_not_have_access_to_your_passkey_you_can_sign_in_using_one_of_the_following_methods": "如果您无法访问您的通行密钥，可以使用以下方法之一登录。",
-    "use_your_passkey_instead": "改用您的通行密钥？",
-    "email_login": "电子邮件登录",
-    "enter_a_login_code_to_sign_in": "输入一次性登录码以登录。",
-    "request_a_login_code_via_email": "通过电子邮件请求登录代码。",
-    "go_back": "返回",
-    "an_email_has_been_sent_to_the_provided_email_if_it_exists_in_the_system": "如果系统中存在提供的电子邮件地址，则已发送一封电子邮件。",
-    "enter_code": "输入登录码",
-    "enter_your_email_address_to_receive_an_email_with_a_login_code": "输入您的电子邮件地址以接收包含登录代码的电子邮件。",
-    "your_email": "您的电子邮件",
-    "submit": "提交",
-    "enter_the_code_you_received_to_sign_in": "输入您收到的登录码以登录。",
-    "code": "Code",
-    "invalid_redirect_url": "无效的重定向 URL",
-    "audit_log": "日志",
-    "users": "用户",
-    "user_groups": "用户组",
-    "oidc_clients": "OIDC 客户端",
-    "api_keys": "API 密钥",
-    "application_configuration": "设置",
-    "settings": "设置",
-    "update_pocket_id": "更新 Pocket ID",
-    "powered_by": "Powered by",
-    "see_your_account_activities_from_the_last_3_months": "查看过去 3 个月的账户活动。",
-    "time": "时间",
-    "event": "事件",
-    "approximate_location": "大致位置",
-    "ip_address": "IP 地址",
-    "device": "设备",
-    "client": "客户端",
-    "unknown": "未知",
-    "account_details_updated_successfully": "账户详细信息更新成功",
-    "profile_picture_updated_successfully": "头像更新成功。可能需要几分钟才能更新。",
-    "account_settings": "账户设置",
-    "passkey_missing": "尚未绑定通行密钥",
-    "please_provide_a_passkey_to_prevent_losing_access_to_your_account": "请添加通行密钥以防止失去对账户的访问。",
-    "single_passkey_configured": "已添加一个通行密钥",
-    "it_is_recommended_to_add_more_than_one_passkey": "建议添加多个通行密钥以避免失去对账户的访问。",
-    "account_details": "账户详情",
-    "passkeys": "通行密钥",
-    "manage_your_passkeys_that_you_can_use_to_authenticate_yourself": "管理您可以用来进行身份验证的通行密钥。",
-    "add_passkey": "添加通行密钥",
-    "create_a_one_time_login_code_to_sign_in_from_a_different_device_without_a_passkey": "创建一次性登录码，以便从不同设备登录而无需通行密钥。",
-    "create": "创建",
-    "first_name": "名字",
-    "last_name": "姓氏",
-    "username": "用户名",
-    "save": "保存",
-    "username_can_only_contain": "用户名只能包含小写字母、数字、下划线、点、连字符和 '@' 符号",
-    "sign_in_using_the_following_code_the_code_will_expire_in_minutes": "使用以下代码登录。代码将在 15 分钟后过期。",
-    "or_visit": "或访问",
-    "added_on": "添加于",
-    "rename": "重命名",
-    "delete": "删除",
-    "are_you_sure_you_want_to_delete_this_passkey": "您确定要删除此通行密钥吗？",
-    "passkey_deleted_successfully": "通行密钥删除成功",
-    "delete_passkey_name": "删除 {passkeyName}",
-    "passkey_name_updated_successfully": "通行密钥名称更新成功",
-    "name_passkey": "重命名通行密钥",
-    "name_your_passkey_to_easily_identify_it_later": "为您的通行密钥命名，以便以后轻松识别。",
-    "create_api_key": "创建 API 密钥",
-    "add_a_new_api_key_for_programmatic_access": "添加一个新的 API 密钥用于编程访问。",
-    "add_api_key": "添加 API 密钥",
-    "manage_api_keys": "管理 API 密钥",
-    "api_key_created": "API 密钥已创建",
-    "for_security_reasons_this_key_will_only_be_shown_once": "出于安全原因，此密钥只会显示一次。请妥善保存。",
-    "description": "描述",
-    "api_key": "API 密钥",
-    "close": "关闭",
-    "name_to_identify_this_api_key": "用于识别此 API 密钥的名称。",
-    "expires_at": "过期时间",
-    "when_this_api_key_will_expire": "此 API 密钥的过期时间。",
-    "optional_description_to_help_identify_this_keys_purpose": "可选描述，帮助识别此密钥的用途。",
-    "name_must_be_at_least_3_characters": "名称必须至少为 3 个字符",
-    "name_cannot_exceed_50_characters": "名称不能超过 50 个字符",
-    "expiration_date_must_be_in_the_future": "过期日期必须是未来的日期",
-    "revoke_api_key": "撤销 API 密钥",
-    "never": "永不",
-    "revoke": "撤销",
-    "api_key_revoked_successfully": "API 密钥撤销成功",
-    "are_you_sure_you_want_to_revoke_the_api_key_apikeyname": "您确定要撤销 API 密钥 \"{apiKeyName}\" 吗？这将中断使用此密钥的任何集成。",
-    "last_used": "最后使用",
-    "actions": "操作",
-    "images_updated_successfully": "图片更新成功",
-    "general": "常规",
-    "configure_smtp_to_send_emails": "启用电子邮件通知，以便在新设备或位置检测到登录时提醒用户。",
-    "ldap": "LDAP",
-    "configure_ldap_settings_to_sync_users_and_groups_from_an_ldap_server": "配置 LDAP 设置以从 LDAP 服务器同步用户和群组。",
-    "images": "图片",
-    "update": "更新",
-    "email_configuration_updated_successfully": "电子邮件配置更新成功",
-    "save_changes_question": "保存更改？",
-    "you_have_to_save_the_changes_before_sending_a_test_email_do_you_want_to_save_now": "在发送测试电子邮件之前，您必须保存更改。是否现在保存？",
-    "save_and_send": "保存并发送",
-    "test_email_sent_successfully": "测试电子邮件已成功发送到您的电子邮件地址。",
-    "failed_to_send_test_email": "发送测试电子邮件失败。请检查服务器日志以获取更多信息。",
-    "smtp_configuration": "SMTP 配置",
-    "smtp_host": "SMTP 主机",
-    "smtp_port": "SMTP 端口",
-    "smtp_user": "SMTP 用户",
-    "smtp_password": "SMTP 密码",
-    "smtp_from": "SMTP 发件人",
-    "smtp_tls_option": "SMTP TLS 选项",
-    "email_tls_option": "电子邮件 TLS 选项",
-    "skip_certificate_verification": "跳过证书验证",
-    "this_can_be_useful_for_selfsigned_certificates": "这对于自签名证书很有用。",
-    "enabled_emails": "启用的电子邮件",
-    "email_login_notification": "电子邮件登录通知",
-    "send_an_email_to_the_user_when_they_log_in_from_a_new_device": "当用户从新设备登录时，向其发送电子邮件。",
-    "emai_login_code_requested_by_user": "用户请求的电子邮件登录代码",
-    "allow_users_to_sign_in_with_a_login_code_sent_to_their_email": "允许用户通过发送到其电子邮件的登录代码登录。这会显著降低安全性，因为任何有权访问用户电子邮件的人都可以进入。",
-    "email_login_code_from_admin": "管理员发送的电子邮件登录代码",
-    "allows_an_admin_to_send_a_login_code_to_the_user": "允许管理员通过电子邮件向用户发送登录代码。",
-    "send_test_email": "发送测试电子邮件",
-    "application_configuration_updated_successfully": "应用配置更新成功",
-    "application_name": "应用名称",
-    "session_duration": "会话持续时间",
-    "the_duration_of_a_session_in_minutes_before_the_user_has_to_sign_in_again": "用户需要再次登录之前的会话持续时间（分钟）。",
-    "enable_self_account_editing": "启用自助账户编辑",
-    "whether_the_users_should_be_able_to_edit_their_own_account_details": "用户是否应能够编辑自己的账户详细信息。",
-    "emails_verified": "已验证的邮箱地址",
-    "whether_the_users_email_should_be_marked_as_verified_for_the_oidc_clients": "用户的电子邮件是否应标记为已验证，适用于 OIDC 客户端。",
-    "ldap_configuration_updated_successfully": "LDAP 配置更新成功",
-    "ldap_disabled_successfully": "LDAP 禁用成功",
-    "ldap_sync_finished": "LDAP 同步完成",
-    "client_configuration": "客户端配置",
-    "ldap_url": "LDAP URL",
-    "ldap_bind_dn": "LDAP Bind DN",
-    "ldap_bind_password": "LDAP Bind Password",
-    "ldap_base_dn": "LDAP Base DN",
-    "user_search_filter": "User Search Filter",
-    "the_search_filter_to_use_to_search_or_sync_users": "用于搜索/同步用户的搜索过滤器。",
-    "groups_search_filter": "Groups Search Filter",
-    "the_search_filter_to_use_to_search_or_sync_groups": "用于搜索/同步群组的搜索过滤器。",
-    "attribute_mapping": "属性映射",
-    "user_unique_identifier_attribute": "User Unique Identifier Attribute",
-    "the_value_of_this_attribute_should_never_change": "此属性的值不应更改。",
-    "username_attribute": "Username Attribute",
-    "user_mail_attribute": "User Mail Attribute",
-    "user_first_name_attribute": "User First Name Attribute",
-    "user_last_name_attribute": "User Last Name Attribute",
-    "user_profile_picture_attribute": "User Profile Picture Attribute",
-    "the_value_of_this_attribute_can_either_be_a_url_binary_or_base64_encoded_image": "此属性的值可以是 URL、二进制或 base64 编码的图像。",
-    "group_members_attribute": "Group Members Attribute",
-    "the_attribute_to_use_for_querying_members_of_a_group": "用于查询群组成员的属性。",
-    "group_unique_identifier_attribute": "Group Unique Identifier Attribute",
-    "group_name_attribute": "Group Name Attribute",
-    "admin_group_name": "Admin Group Name",
-    "members_of_this_group_will_have_admin_privileges_in_pocketid": "此群组的成员将在 Pocket ID 中拥有管理员权限。",
-    "disable": "禁用",
-    "sync_now": "立即同步",
-    "enable": "启用",
-    "user_created_successfully": "用户创建成功",
-    "create_user": "创建用户",
-    "add_a_new_user_to_appname": "向 {appName} 添加新用户",
-    "add_user": "添加用户",
-    "manage_users": "管理用户",
-    "admin_privileges": "管理员权限",
-    "admins_have_full_access_to_the_admin_panel": "管理员拥有管理面板的完全访问权限。",
-    "delete_firstname_lastname": "删除 {firstName} {lastName}",
-    "are_you_sure_you_want_to_delete_this_user": "您确定要删除此用户吗？",
-    "user_deleted_successfully": "用户删除成功",
-    "role": "角色",
-    "source": "来源",
-    "admin": "管理员",
-    "user": "用户",
-    "local": "本地",
-    "toggle_menu": "切换菜单",
-    "edit": "编辑",
-    "user_groups_updated_successfully": "用户组更新成功",
-    "user_updated_successfully": "用户更新成功",
-    "custom_claims_updated_successfully": "自定义声明更新成功",
-    "back": "返回",
-    "user_details_firstname_lastname": "用户详情 {firstName} {lastName}",
-    "manage_which_groups_this_user_belongs_to": "管理此用户所属的群组。",
-    "custom_claims": "自定义声明",
-    "custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user": "自定义声明是键值对，可用于存储有关用户的额外信息。如果请求了 \"profile\" 范围，这些声明将包含在 ID Token 中。",
-    "user_group_created_successfully": "用户组创建成功",
-    "create_user_group": "创建用户组",
-    "create_a_new_group_that_can_be_assigned_to_users": "创建一个可以分配给用户的新群组。",
-    "add_group": "添加群组",
-    "manage_user_groups": "管理用户组",
-    "friendly_name": "显示名称",
-    "name_that_will_be_displayed_in_the_ui": "将在用户界面中显示的名称",
-    "name_that_will_be_in_the_groups_claim": "将在 \"groups\" 声明中显示的名称",
-    "delete_name": "删除 {name}",
-    "are_you_sure_you_want_to_delete_this_user_group": "您确定要删除此用户组吗？",
-    "user_group_deleted_successfully": "用户组删除成功",
-    "user_count": "用户数",
-    "user_group_updated_successfully": "用户组更新成功",
-    "users_updated_successfully": "用户更新成功",
-    "user_group_details_name": "用户组详情 {name}",
-    "assign_users_to_this_group": "将用户分配到此群组。",
-    "custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user_prioritized": "自定义声明是键值对，可用于存储有关用户的额外信息。如果请求了 'profile' 范围，这些声明将包含在 ID 令牌中。如果存在冲突，用户上定义的自定义声明将优先。",
-    "oidc_client_created_successfully": "OIDC 客户端创建成功",
-    "create_oidc_client": "创建 OIDC 客户端",
-    "add_a_new_oidc_client_to_appname": "向 {appName} 添加新的 OIDC 客户端。",
-    "add_oidc_client": "添加 OIDC 客户端",
-    "manage_oidc_clients": "管理 OIDC 客户端",
-    "one_time_link": "一次性链接",
-    "use_this_link_to_sign_in_once": "使用此链接一次性登录。这对于尚未添加通行密钥或丢失通行密钥的用户是必要的。",
-    "add": "添加",
-    "callback_urls": "Callback URL",
-    "logout_callback_urls": "Logout Callback URL",
-    "public_client": "公共客户端",
-    "public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "公共客户端没有客户端密钥，而是使用 PKCE。如果您的客户端是 SPA 或移动应用，请启用此选项。",
-    "pkce": "PKCE",
-    "public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "公钥代码交换是一种安全功能，可防止 CSRF 和授权代码拦截攻击。",
-    "name_logo": "{name} Logo",
-    "change_logo": "更改 Logo",
-    "upload_logo": "上传 Logo",
-    "remove_logo": "移除 Logo",
-    "are_you_sure_you_want_to_delete_this_oidc_client": "您确定要删除此 OIDC 客户端吗？",
-    "oidc_client_deleted_successfully": "OIDC 客户端删除成功",
-    "authorization_url": "Authorization URL",
-    "oidc_discovery_url": "OIDC Discovery URL",
-    "token_url": "Token URL",
-    "userinfo_url": "Userinfo URL",
-    "logout_url": "Logout URL",
-    "certificate_url": "Certificate URL",
-    "enabled": "已启用",
-    "disabled": "已禁用",
-    "oidc_client_updated_successfully": "OIDC 客户端更新成功",
-    "create_new_client_secret": "创建新的客户端密钥",
-    "are_you_sure_you_want_to_create_a_new_client_secret": "您确定要创建新的客户端密钥吗？旧的密钥将被失效。",
-    "generate": "生成",
-    "new_client_secret_created_successfully": "新客户端密钥创建成功",
-    "allowed_user_groups_updated_successfully": "允许的用户组更新成功",
-    "oidc_client_name": "OIDC 客户端 {name}",
-    "client_id": "客户端 ID",
-    "client_secret": "客户端密钥",
-    "show_more_details": "显示更多详情",
-    "allowed_user_groups": "允许的用户组",
-    "add_user_groups_to_this_client_to_restrict_access_to_users_in_these_groups": "将用户组添加到此客户端以限制访问，仅允许这些组中的用户。如果未选择用户组，所有用户都将有权访问此客户端。",
-    "favicon": "网站图标",
-    "light_mode_logo": "浅色模式 Logo",
-    "dark_mode_logo": "深色模式 Logo",
-    "background_image": "背景图片",
-    "language": "语言",
-    "reset_profile_picture_question": "重置头像？",
-    "this_will_remove_the_uploaded_image_and_reset_the_profile_picture_to_default": "这将移除已上传的图片，并将头像重置为默认值。您是否要继续？",
-    "reset": "重置",
-    "reset_to_default": "重置为默认",
-    "profile_picture_has_been_reset": "头像已重置。可能需要几分钟才能更新。",
-    "select_the_language_you_want_to_use": "选择您要使用的语言。某些语言可能未完全翻译。",
-    "personal": "个人",
-    "global": "全局",
-    "all_users": "所有用户",
-    "all_events": "所有事件",
-    "all_clients": "所有客户端",
-    "global_audit_log": "全局日志",
-    "see_all_account_activities_from_the_last_3_months": "查看过去 3 个月的所有用户活动。",
-    "token_sign_in": "Token 登录",
-    "client_authorization": "客户端授权",
-    "new_client_authorization": "首次客户端授权",
-    "disable_animations": "禁用动画",
-    "turn_off_all_animations_throughout_the_admin_ui": "关闭管理用户界面中的所有动画。",
-    "user_disabled": "账户已禁用",
-    "disabled_users_cannot_log_in_or_use_services": "禁用的用户无法登录或使用服务。",
-    "user_disabled_successfully": "用户已成功禁用。",
-    "user_enabled_successfully": "用户已成功启用。",
-    "status": "状态",
-    "disable_firstname_lastname": "禁用 {firstName} {lastName}",
-    "are_you_sure_you_want_to_disable_this_user": "您确定要禁用此用户吗？他们将无法登录或访问任何服务。",
-    "ldap_soft_delete_users": "保留来自 LDAP 的禁用用户。",
-    "ldap_soft_delete_users_description": "启用后，从 LDAP 中移除的用户将被禁用，而不是从系统中删除。",
-    "login_code_email_success": "登录代码已发送给用户。",
-    "send_email": "发送电子邮件",
-    "show_code": "显示登录码",
-    "callback_url_description": "由您的客户端提供的 URL。支持通配符 (*)，但为了更好的安全性最好避免使用。",
-    "api_key_expiration": "API 密钥过期",
-    "send_an_email_to_the_user_when_their_api_key_is_about_to_expire": "当用户的 API 密钥即将过期时，向其发送电子邮件。"
+	"$schema": "https://inlang.com/schema/inlang-message-format",
+	"my_account": "账户",
+	"logout": "登出",
+	"confirm": "确认",
+	"key": "Key",
+	"value": "Value",
+	"remove_custom_claim": "移除自定义声明",
+	"add_custom_claim": "添加自定义声明",
+	"add_another": "添加另一个",
+	"select_a_date": "选择日期",
+	"select_file": "选择文件",
+	"profile_picture": "头像",
+	"profile_picture_is_managed_by_ldap_server": "头像由 LDAP 服务器管理，无法在此处更改。",
+	"click_profile_picture_to_upload_custom": "点击头像来从文件中上传您的自定义头像。",
+	"image_should_be_in_format": "图片应为 PNG 或 JPEG 格式。",
+	"items_per_page": "每页条数",
+	"no_items_found": "🌱 这里暂时空空如也。",
+	"search": "搜索...",
+	"expand_card": "展开卡片",
+	"copied": "已复制",
+	"click_to_copy": "点击复制",
+	"something_went_wrong": "出了点问题",
+	"go_back_to_home": "返回首页",
+	"dont_have_access_to_your_passkey": "无法使用您的通行密钥？试试其他登录方式。",
+	"login_background": "登录页背景图",
+	"logo": "Logo",
+	"login_code": "临时登录码",
+	"create_a_login_code_to_sign_in_without_a_passkey_once": "创建一个临时登录码，用户可以使用它一次性登录而无需通行密钥。",
+	"one_hour": "1 小时",
+	"twelve_hours": "12 小时",
+	"one_day": "1 天",
+	"one_week": "1 周",
+	"one_month": "1 个月",
+	"expiration": "到期时间",
+	"generate_code": "生成代码",
+	"name": "名称",
+	"browser_unsupported": "浏览器不支持",
+	"this_browser_does_not_support_passkeys": "此浏览器不支持通行密钥。请使用其他登录方式。",
+	"an_unknown_error_occurred": "发生未知错误",
+	"authentication_process_was_aborted": "认证过程被中止",
+	"error_occurred_with_authenticator": "认证器发生错误",
+	"authenticator_does_not_support_discoverable_credentials": "认证器不支持可发现的凭据",
+	"authenticator_does_not_support_resident_keys": "认证器不支持常驻密钥",
+	"passkey_was_previously_registered": "此通行密钥之前已注册",
+	"authenticator_does_not_support_any_of_the_requested_algorithms": "认证器不支持任何请求的算法",
+	"authenticator_timed_out": "认证器超时",
+	"critical_error_occurred_contact_administrator": "发生严重错误。请联系您的管理员。",
+	"sign_in_to": "登录到 {name}",
+	"client_not_found": "客户端未找到",
+	"client_wants_to_access_the_following_information": "<b>{client}</b> 希望访问以下信息：",
+	"do_you_want_to_sign_in_to_client_with_your_app_name_account": "您是否希望使用您的 <b>{appName}</b> 账户登录到 <b>{client}</b>？",
+	"email": "电子邮件",
+	"view_your_email_address": "查看您的电子邮件地址",
+	"profile": "个人资料",
+	"view_your_profile_information": "查看您的个人资料信息",
+	"groups": "群组",
+	"view_the_groups_you_are_a_member_of": "查看您所属的群组",
+	"cancel": "取消",
+	"sign_in": "登录",
+	"try_again": "重试",
+	"client_logo": "客户端标志",
+	"sign_out": "登出",
+	"do_you_want_to_sign_out_of_pocketid_with_the_account": "您是否希望使用账户 <b>{username}</b> 登出 Pocket ID？",
+	"sign_in_to_appname": "登录到 {appName}",
+	"please_try_to_sign_in_again": "请尝试重新登录。",
+	"authenticate_yourself_with_your_passkey_to_access_the_admin_panel": "使用通行密钥或通过临时登录码进行登录",
+	"authenticate": "登录",
+	"appname_setup": "{appName} 设置",
+	"please_try_again": "请重试。",
+	"you_are_about_to_sign_in_to_the_initial_admin_account": "您即将登录到初始管理员账户。在此添加通行密钥之前，任何拥有此链接的人都可以访问该账户。请尽快设置通行密钥以防止未经授权的访问。",
+	"continue": "继续",
+	"alternative_sign_in": "替代登录方式",
+	"if_you_do_not_have_access_to_your_passkey_you_can_sign_in_using_one_of_the_following_methods": "如果您无法访问您的通行密钥，可以使用以下方法之一登录。",
+	"use_your_passkey_instead": "改用您的通行密钥？",
+	"email_login": "电子邮件登录",
+	"enter_a_login_code_to_sign_in": "输入一次性登录码以登录。",
+	"request_a_login_code_via_email": "通过电子邮件请求登录代码。",
+	"go_back": "返回",
+	"an_email_has_been_sent_to_the_provided_email_if_it_exists_in_the_system": "如果系统中存在提供的电子邮件地址，则已发送一封电子邮件。",
+	"enter_code": "输入登录码",
+	"enter_your_email_address_to_receive_an_email_with_a_login_code": "输入您的电子邮件地址以接收包含登录代码的电子邮件。",
+	"your_email": "您的电子邮件",
+	"submit": "提交",
+	"enter_the_code_you_received_to_sign_in": "输入您收到的登录码以登录。",
+	"code": "Code",
+	"invalid_redirect_url": "无效的重定向 URL",
+	"audit_log": "日志",
+	"users": "用户",
+	"user_groups": "用户组",
+	"oidc_clients": "OIDC 客户端",
+	"api_keys": "API 密钥",
+	"application_configuration": "设置",
+	"settings": "设置",
+	"update_pocket_id": "更新 Pocket ID",
+	"powered_by": "Powered by",
+	"see_your_account_activities_from_the_last_3_months": "查看过去 3 个月的账户活动。",
+	"time": "时间",
+	"event": "事件",
+	"approximate_location": "大致位置",
+	"ip_address": "IP 地址",
+	"device": "设备",
+	"client": "客户端",
+	"unknown": "未知",
+	"account_details_updated_successfully": "账户详细信息更新成功",
+	"profile_picture_updated_successfully": "头像更新成功。可能需要几分钟才能更新。",
+	"account_settings": "账户设置",
+	"passkey_missing": "尚未绑定通行密钥",
+	"please_provide_a_passkey_to_prevent_losing_access_to_your_account": "请添加通行密钥以防止失去对账户的访问。",
+	"single_passkey_configured": "已添加一个通行密钥",
+	"it_is_recommended_to_add_more_than_one_passkey": "建议添加多个通行密钥以避免失去对账户的访问。",
+	"account_details": "账户详情",
+	"passkeys": "通行密钥",
+	"manage_your_passkeys_that_you_can_use_to_authenticate_yourself": "管理您可以用来进行身份验证的通行密钥。",
+	"add_passkey": "添加通行密钥",
+	"create_a_one_time_login_code_to_sign_in_from_a_different_device_without_a_passkey": "创建一次性登录码，以便从不同设备登录而无需通行密钥。",
+	"create": "创建",
+	"first_name": "名字",
+	"last_name": "姓氏",
+	"username": "用户名",
+	"save": "保存",
+	"username_can_only_contain": "用户名只能包含小写字母、数字、下划线、点、连字符和 '@' 符号",
+	"sign_in_using_the_following_code_the_code_will_expire_in_minutes": "使用以下代码登录。代码将在 15 分钟后过期。",
+	"or_visit": "或访问",
+	"added_on": "添加于",
+	"rename": "重命名",
+	"delete": "删除",
+	"are_you_sure_you_want_to_delete_this_passkey": "您确定要删除此通行密钥吗？",
+	"passkey_deleted_successfully": "通行密钥删除成功",
+	"delete_passkey_name": "删除 {passkeyName}",
+	"passkey_name_updated_successfully": "通行密钥名称更新成功",
+	"name_passkey": "重命名通行密钥",
+	"name_your_passkey_to_easily_identify_it_later": "为您的通行密钥命名，以便以后轻松识别。",
+	"create_api_key": "创建 API 密钥",
+	"add_a_new_api_key_for_programmatic_access": "添加一个新的 API 密钥用于编程访问。",
+	"add_api_key": "添加 API 密钥",
+	"manage_api_keys": "管理 API 密钥",
+	"api_key_created": "API 密钥已创建",
+	"for_security_reasons_this_key_will_only_be_shown_once": "出于安全原因，此密钥只会显示一次。请妥善保存。",
+	"description": "描述",
+	"api_key": "API 密钥",
+	"close": "关闭",
+	"name_to_identify_this_api_key": "用于识别此 API 密钥的名称。",
+	"expires_at": "过期时间",
+	"when_this_api_key_will_expire": "此 API 密钥的过期时间。",
+	"optional_description_to_help_identify_this_keys_purpose": "可选描述，帮助识别此密钥的用途。",
+	"name_must_be_at_least_3_characters": "名称必须至少为 3 个字符",
+	"name_cannot_exceed_50_characters": "名称不能超过 50 个字符",
+	"expiration_date_must_be_in_the_future": "过期日期必须是未来的日期",
+	"revoke_api_key": "撤销 API 密钥",
+	"never": "永不",
+	"revoke": "撤销",
+	"api_key_revoked_successfully": "API 密钥撤销成功",
+	"are_you_sure_you_want_to_revoke_the_api_key_apikeyname": "您确定要撤销 API 密钥 \"{apiKeyName}\" 吗？这将中断使用此密钥的任何集成。",
+	"last_used": "最后使用",
+	"actions": "操作",
+	"images_updated_successfully": "图片更新成功",
+	"general": "常规",
+	"configure_smtp_to_send_emails": "启用电子邮件通知，以便在新设备或位置检测到登录时提醒用户。",
+	"ldap": "LDAP",
+	"configure_ldap_settings_to_sync_users_and_groups_from_an_ldap_server": "配置 LDAP 设置以从 LDAP 服务器同步用户和群组。",
+	"images": "图片",
+	"update": "更新",
+	"email_configuration_updated_successfully": "电子邮件配置更新成功",
+	"save_changes_question": "保存更改？",
+	"you_have_to_save_the_changes_before_sending_a_test_email_do_you_want_to_save_now": "在发送测试电子邮件之前，您必须保存更改。是否现在保存？",
+	"save_and_send": "保存并发送",
+	"test_email_sent_successfully": "测试电子邮件已成功发送到您的电子邮件地址。",
+	"failed_to_send_test_email": "发送测试电子邮件失败。请检查服务器日志以获取更多信息。",
+	"smtp_configuration": "SMTP 配置",
+	"smtp_host": "SMTP 主机",
+	"smtp_port": "SMTP 端口",
+	"smtp_user": "SMTP 用户",
+	"smtp_password": "SMTP 密码",
+	"smtp_from": "SMTP 发件人",
+	"smtp_tls_option": "SMTP TLS 选项",
+	"email_tls_option": "电子邮件 TLS 选项",
+	"skip_certificate_verification": "跳过证书验证",
+	"this_can_be_useful_for_selfsigned_certificates": "这对于自签名证书很有用。",
+	"enabled_emails": "启用的电子邮件",
+	"email_login_notification": "电子邮件登录通知",
+	"send_an_email_to_the_user_when_they_log_in_from_a_new_device": "当用户从新设备登录时，向其发送电子邮件。",
+	"emai_login_code_requested_by_user": "用户请求的电子邮件登录代码",
+	"allow_users_to_sign_in_with_a_login_code_sent_to_their_email": "允许用户通过发送到其电子邮件的登录代码登录。这会显著降低安全性，因为任何有权访问用户电子邮件的人都可以进入。",
+	"email_login_code_from_admin": "管理员发送的电子邮件登录代码",
+	"allows_an_admin_to_send_a_login_code_to_the_user": "允许管理员通过电子邮件向用户发送登录代码。",
+	"send_test_email": "发送测试电子邮件",
+	"application_configuration_updated_successfully": "应用配置更新成功",
+	"application_name": "应用名称",
+	"session_duration": "会话持续时间",
+	"the_duration_of_a_session_in_minutes_before_the_user_has_to_sign_in_again": "用户需要再次登录之前的会话持续时间（分钟）。",
+	"enable_self_account_editing": "启用自助账户编辑",
+	"whether_the_users_should_be_able_to_edit_their_own_account_details": "用户是否应能够编辑自己的账户详细信息。",
+	"emails_verified": "已验证的邮箱地址",
+	"whether_the_users_email_should_be_marked_as_verified_for_the_oidc_clients": "用户的电子邮件是否应标记为已验证，适用于 OIDC 客户端。",
+	"ldap_configuration_updated_successfully": "LDAP 配置更新成功",
+	"ldap_disabled_successfully": "LDAP 禁用成功",
+	"ldap_sync_finished": "LDAP 同步完成",
+	"client_configuration": "客户端配置",
+	"ldap_url": "LDAP URL",
+	"ldap_bind_dn": "LDAP Bind DN",
+	"ldap_bind_password": "LDAP Bind Password",
+	"ldap_base_dn": "LDAP Base DN",
+	"user_search_filter": "User Search Filter",
+	"the_search_filter_to_use_to_search_or_sync_users": "用于搜索/同步用户的搜索过滤器。",
+	"groups_search_filter": "Groups Search Filter",
+	"the_search_filter_to_use_to_search_or_sync_groups": "用于搜索/同步群组的搜索过滤器。",
+	"attribute_mapping": "属性映射",
+	"user_unique_identifier_attribute": "User Unique Identifier Attribute",
+	"the_value_of_this_attribute_should_never_change": "此属性的值不应更改。",
+	"username_attribute": "Username Attribute",
+	"user_mail_attribute": "User Mail Attribute",
+	"user_first_name_attribute": "User First Name Attribute",
+	"user_last_name_attribute": "User Last Name Attribute",
+	"user_profile_picture_attribute": "User Profile Picture Attribute",
+	"the_value_of_this_attribute_can_either_be_a_url_binary_or_base64_encoded_image": "此属性的值可以是 URL、二进制或 base64 编码的图像。",
+	"group_members_attribute": "Group Members Attribute",
+	"the_attribute_to_use_for_querying_members_of_a_group": "用于查询群组成员的属性。",
+	"group_unique_identifier_attribute": "Group Unique Identifier Attribute",
+	"group_name_attribute": "Group Name Attribute",
+	"admin_group_name": "Admin Group Name",
+	"members_of_this_group_will_have_admin_privileges_in_pocketid": "此群组的成员将在 Pocket ID 中拥有管理员权限。",
+	"disable": "禁用",
+	"sync_now": "立即同步",
+	"enable": "启用",
+	"user_created_successfully": "用户创建成功",
+	"create_user": "创建用户",
+	"add_a_new_user_to_appname": "向 {appName} 添加新用户",
+	"add_user": "添加用户",
+	"manage_users": "管理用户",
+	"admin_privileges": "管理员权限",
+	"admins_have_full_access_to_the_admin_panel": "管理员拥有管理面板的完全访问权限。",
+	"delete_firstname_lastname": "删除 {firstName} {lastName}",
+	"are_you_sure_you_want_to_delete_this_user": "您确定要删除此用户吗？",
+	"user_deleted_successfully": "用户删除成功",
+	"role": "角色",
+	"source": "来源",
+	"admin": "管理员",
+	"user": "用户",
+	"local": "本地",
+	"toggle_menu": "切换菜单",
+	"edit": "编辑",
+	"user_groups_updated_successfully": "用户组更新成功",
+	"user_updated_successfully": "用户更新成功",
+	"custom_claims_updated_successfully": "自定义声明更新成功",
+	"back": "返回",
+	"user_details_firstname_lastname": "用户详情 {firstName} {lastName}",
+	"manage_which_groups_this_user_belongs_to": "管理此用户所属的群组。",
+	"custom_claims": "自定义声明",
+	"custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user": "自定义声明是键值对，可用于存储有关用户的额外信息。如果请求了 \"profile\" 范围，这些声明将包含在 ID Token 中。",
+	"user_group_created_successfully": "用户组创建成功",
+	"create_user_group": "创建用户组",
+	"create_a_new_group_that_can_be_assigned_to_users": "创建一个可以分配给用户的新群组。",
+	"add_group": "添加群组",
+	"manage_user_groups": "管理用户组",
+	"friendly_name": "显示名称",
+	"name_that_will_be_displayed_in_the_ui": "将在用户界面中显示的名称",
+	"name_that_will_be_in_the_groups_claim": "将在 \"groups\" 声明中显示的名称",
+	"delete_name": "删除 {name}",
+	"are_you_sure_you_want_to_delete_this_user_group": "您确定要删除此用户组吗？",
+	"user_group_deleted_successfully": "用户组删除成功",
+	"user_count": "用户数",
+	"user_group_updated_successfully": "用户组更新成功",
+	"users_updated_successfully": "用户更新成功",
+	"user_group_details_name": "用户组详情 {name}",
+	"assign_users_to_this_group": "将用户分配到此群组。",
+	"custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user_prioritized": "自定义声明是键值对，可用于存储有关用户的额外信息。如果请求了 'profile' 范围，这些声明将包含在 ID 令牌中。如果存在冲突，用户上定义的自定义声明将优先。",
+	"oidc_client_created_successfully": "OIDC 客户端创建成功",
+	"create_oidc_client": "创建 OIDC 客户端",
+	"add_a_new_oidc_client_to_appname": "向 {appName} 添加新的 OIDC 客户端。",
+	"add_oidc_client": "添加 OIDC 客户端",
+	"manage_oidc_clients": "管理 OIDC 客户端",
+	"one_time_link": "一次性链接",
+	"use_this_link_to_sign_in_once": "使用此链接一次性登录。这对于尚未添加通行密钥或丢失通行密钥的用户是必要的。",
+	"add": "添加",
+	"callback_urls": "Callback URL",
+	"logout_callback_urls": "Logout Callback URL",
+	"public_client": "公共客户端",
+	"public_clients_description": "公共客户端没有客户端密钥，而是使用 PKCE。如果您的客户端是 SPA 或移动应用，请启用此选项。",
+	"pkce": "PKCE",
+	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "公钥代码交换是一种安全功能，可防止 CSRF 和授权代码拦截攻击。",
+	"name_logo": "{name} Logo",
+	"change_logo": "更改 Logo",
+	"upload_logo": "上传 Logo",
+	"remove_logo": "移除 Logo",
+	"are_you_sure_you_want_to_delete_this_oidc_client": "您确定要删除此 OIDC 客户端吗？",
+	"oidc_client_deleted_successfully": "OIDC 客户端删除成功",
+	"authorization_url": "Authorization URL",
+	"oidc_discovery_url": "OIDC Discovery URL",
+	"token_url": "Token URL",
+	"userinfo_url": "Userinfo URL",
+	"logout_url": "Logout URL",
+	"certificate_url": "Certificate URL",
+	"enabled": "已启用",
+	"disabled": "已禁用",
+	"oidc_client_updated_successfully": "OIDC 客户端更新成功",
+	"create_new_client_secret": "创建新的客户端密钥",
+	"are_you_sure_you_want_to_create_a_new_client_secret": "您确定要创建新的客户端密钥吗？旧的密钥将被失效。",
+	"generate": "生成",
+	"new_client_secret_created_successfully": "新客户端密钥创建成功",
+	"allowed_user_groups_updated_successfully": "允许的用户组更新成功",
+	"oidc_client_name": "OIDC 客户端 {name}",
+	"client_id": "客户端 ID",
+	"client_secret": "客户端密钥",
+	"show_more_details": "显示更多详情",
+	"allowed_user_groups": "允许的用户组",
+	"add_user_groups_to_this_client_to_restrict_access_to_users_in_these_groups": "将用户组添加到此客户端以限制访问，仅允许这些组中的用户。如果未选择用户组，所有用户都将有权访问此客户端。",
+	"favicon": "网站图标",
+	"light_mode_logo": "浅色模式 Logo",
+	"dark_mode_logo": "深色模式 Logo",
+	"background_image": "背景图片",
+	"language": "语言",
+	"reset_profile_picture_question": "重置头像？",
+	"this_will_remove_the_uploaded_image_and_reset_the_profile_picture_to_default": "这将移除已上传的图片，并将头像重置为默认值。您是否要继续？",
+	"reset": "重置",
+	"reset_to_default": "重置为默认",
+	"profile_picture_has_been_reset": "头像已重置。可能需要几分钟才能更新。",
+	"select_the_language_you_want_to_use": "选择您要使用的语言。某些语言可能未完全翻译。",
+	"personal": "个人",
+	"global": "全局",
+	"all_users": "所有用户",
+	"all_events": "所有事件",
+	"all_clients": "所有客户端",
+	"global_audit_log": "全局日志",
+	"see_all_account_activities_from_the_last_3_months": "查看过去 3 个月的所有用户活动。",
+	"token_sign_in": "Token 登录",
+	"client_authorization": "客户端授权",
+	"new_client_authorization": "首次客户端授权",
+	"disable_animations": "禁用动画",
+	"turn_off_all_animations_throughout_the_admin_ui": "关闭管理用户界面中的所有动画。",
+	"user_disabled": "账户已禁用",
+	"disabled_users_cannot_log_in_or_use_services": "禁用的用户无法登录或使用服务。",
+	"user_disabled_successfully": "用户已成功禁用。",
+	"user_enabled_successfully": "用户已成功启用。",
+	"status": "状态",
+	"disable_firstname_lastname": "禁用 {firstName} {lastName}",
+	"are_you_sure_you_want_to_disable_this_user": "您确定要禁用此用户吗？他们将无法登录或访问任何服务。",
+	"ldap_soft_delete_users": "保留来自 LDAP 的禁用用户。",
+	"ldap_soft_delete_users_description": "启用后，从 LDAP 中移除的用户将被禁用，而不是从系统中删除。",
+	"login_code_email_success": "登录代码已发送给用户。",
+	"send_email": "发送电子邮件",
+	"show_code": "显示登录码",
+	"callback_url_description": "由您的客户端提供的 URL。支持通配符 (*)，但为了更好的安全性最好避免使用。",
+	"api_key_expiration": "API 密钥过期",
+	"send_an_email_to_the_user_when_their_api_key_is_about_to_expire": "当用户的 API 密钥即将过期时，向其发送电子邮件。"
 }

frontend/src/routes/settings/admin/oidc-clients/oidc-client-form.svelte

@@ -33,7 +33,7 @@
 		callbackURLs: existingClient?.callbackURLs || [''],
 		logoutCallbackURLs: existingClient?.logoutCallbackURLs || [],
 		isPublic: existingClient?.isPublic || false,
-		pkceEnabled: existingClient?.isPublic == true || existingClient?.pkceEnabled || false
+		pkceEnabled: existingClient?.pkceEnabled || false
 	};
 
 	const formSchema = z.object({
@@ -98,17 +98,13 @@
 		<CheckboxWithLabel
 			id="public-client"
 			label={m.public_client()}
-			description={m.public_clients_do_not_have_a_client_secret_and_use_pkce_instead()}
-			onCheckedChange={(v) => {
-				if (v == true) form.setValue('pkceEnabled', true);
-			}}
+			description={m.public_clients_description()}
 			bind:checked={$inputs.isPublic.value}
 		/>
 		<CheckboxWithLabel
 			id="pkce"
 			label={m.pkce()}
 			description={m.public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks()}
-			disabled={$inputs.isPublic.value}
 			bind:checked={$inputs.pkceEnabled.value}
 		/>
 	</div>