@axa-fr/oidc-client 7.27.11 → 7.27.12

package/dist/index.js

@@ -1,48 +1,5 @@
-//#region src/location.ts
-var e = class {
-	open(e) {
-		window.location.href = e;
-	}
-	reload() {
-		window.location.reload();
-	}
-	getCurrentHref() {
-		return window.location.href;
-	}
-	getPath() {
-		let e = window.location;
-		return e.pathname + (e.search || "") + (e.hash || "");
-	}
-	getOrigin() {
-		return window.origin;
-	}
-}, t = 2e3, n = console, r = class {
-	constructor(e, n, r, i = t, a = !0) {
-		this._callback = e, this._client_id = n, this._url = r, this._interval = i || t, this._stopOnError = a;
-		let o = r.indexOf("/", r.indexOf("//") + 2);
-		this._frame_origin = r.substring(0, o), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = r;
-	}
-	load() {
-		return new Promise((e) => {
-			this._frame.onload = () => {
-				e();
-			}, window.document.body.appendChild(this._frame), this._boundMessageEvent = this._message.bind(this), window.addEventListener("message", this._boundMessageEvent, !1);
-		});
-	}
-	_message(e) {
-		e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (n.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (n.debug(e), n.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : n.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
-	}
-	start(e) {
-		n.debug("CheckSessionIFrame.start :" + e), this.stop();
-		let t = () => {
-			this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
-		};
-		t(), this._timer = window.setInterval(t, this._interval);
-	}
-	stop() {
-		this._timer &&= (n.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), null);
-	}
-}, i = {
+//#region src/events.ts
+var e = {
 	service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
 	token_acquired: "token_acquired",
 	logout_from_another_tab: "logout_from_another_tab",
@@ -71,35 +28,35 @@ var e = class {
 	syncTokensAsync_end: "syncTokensAsync_end",
 	syncTokensAsync_error: "syncTokensAsync_error",
 	tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
-}, a = (e, t, n) => {
+}, t = (e, t, n) => {
 	if (n == null) {
 		delete e[t];
 		return;
 	}
 	e[t] = JSON.stringify(n);
-}, o = (e, t, n) => {
+}, n = (e, t, n) => {
 	if (n == null) {
 		delete e[t];
 		return;
 	}
 	e[t] = n;
-}, s = (e) => {
+}, r = (e) => {
 	if (typeof e != "string" || e === "undefined" || e === "null" || e === "") return null;
 	try {
 		return JSON.parse(e);
 	} catch {
 		return null;
 	}
-}, c = (e, t = sessionStorage, n) => {
-	let r = n ?? t, i = (i) => (a(t, `oidc.${e}`, {
+}, i = (e, i = sessionStorage, a) => {
+	let o = a ?? i, s = (n) => (t(i, `oidc.${e}`, {
 		tokens: null,
-		status: i
-	}), delete t[`oidc.${e}.userInfo`], n && n !== t && (delete r[`oidc.login.${e}`], delete r[`oidc.state.${e}`], delete r[`oidc.code_verifier.${e}`], delete r[`oidc.nonce.${e}`]), Promise.resolve()), c = async () => {
-		let n = s(t[`oidc.${e}`]);
+		status: n
+	}), delete i[`oidc.${e}.userInfo`], a && a !== i && (delete o[`oidc.login.${e}`], delete o[`oidc.state.${e}`], delete o[`oidc.code_verifier.${e}`], delete o[`oidc.nonce.${e}`]), Promise.resolve()), c = async () => {
+		let n = r(i[`oidc.${e}`]);
 		return n ? Promise.resolve({
 			tokens: n.tokens,
 			status: n.status
-		}) : (a(t, `oidc.${e}`, {
+		}) : (t(i, `oidc.${e}`, {
 			tokens: null,
 			status: null
 		}), {
@@ -107,21 +64,21 @@ var e = class {
 			status: null
 		});
 	}, l = (n) => {
-		a(t, `oidc.${e}`, { tokens: n });
-	}, u = async (n) => {
-		o(t, `oidc.session_state.${e}`, n);
-	}, d = async () => t[`oidc.session_state.${e}`], f = (t) => {
-		o(r, `oidc.nonce.${e}`, t?.nonce);
+		t(i, `oidc.${e}`, { tokens: n });
+	}, u = async (t) => {
+		n(i, `oidc.session_state.${e}`, t);
+	}, d = async () => i[`oidc.session_state.${e}`], f = (t) => {
+		n(o, `oidc.nonce.${e}`, t?.nonce);
 	}, p = (n) => {
-		a(t, `oidc.jwk.${e}`, n);
-	}, m = () => s(t[`oidc.jwk.${e}`]), h = async () => ({ nonce: r[`oidc.nonce.${e}`] }), g = async (n) => {
-		o(t, `oidc.dpop_nonce.${e}`, n);
-	}, _ = () => t[`oidc.dpop_nonce.${e}`], v = () => {
-		let n = s(t[`oidc.${e}`]);
-		return n ? JSON.stringify({ tokens: n.tokens }) : null;
+		t(i, `oidc.jwk.${e}`, n);
+	}, m = () => r(i[`oidc.jwk.${e}`]), h = async () => ({ nonce: o[`oidc.nonce.${e}`] }), g = async (t) => {
+		n(i, `oidc.dpop_nonce.${e}`, t);
+	}, _ = () => i[`oidc.dpop_nonce.${e}`], v = () => {
+		let t = r(i[`oidc.${e}`]);
+		return t ? JSON.stringify({ tokens: t.tokens }) : null;
 	}, y = {};
 	return {
-		clearAsync: i,
+		clearAsync: s,
 		initAsync: c,
 		setTokens: l,
 		getTokens: v,
@@ -129,133 +86,58 @@ var e = class {
 		getSessionStateAsync: d,
 		setNonceAsync: f,
 		getNonceAsync: h,
-		setLoginParams: (t) => {
-			if (t == null) {
-				delete y[e], delete r[`oidc.login.${e}`];
+		setLoginParams: (n) => {
+			if (n == null) {
+				delete y[e], delete o[`oidc.login.${e}`];
 				return;
 			}
-			y[e] = t, a(r, `oidc.login.${e}`, t);
+			y[e] = n, t(o, `oidc.login.${e}`, n);
 		},
 		getLoginParams: () => {
 			if (y[e]) return y[e];
-			let t = s(r[`oidc.login.${e}`]);
+			let t = r(o[`oidc.login.${e}`]);
 			return t === null ? (console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`), null) : (y[e] = t, t);
 		},
-		getStateAsync: async () => r[`oidc.state.${e}`],
+		getStateAsync: async () => o[`oidc.state.${e}`],
 		setStateAsync: async (t) => {
-			o(r, `oidc.state.${e}`, t);
+			n(o, `oidc.state.${e}`, t);
 		},
-		getCodeVerifierAsync: async () => r[`oidc.code_verifier.${e}`],
+		getCodeVerifierAsync: async () => o[`oidc.code_verifier.${e}`],
 		setCodeVerifierAsync: async (t) => {
-			o(r, `oidc.code_verifier.${e}`, t);
+			n(o, `oidc.code_verifier.${e}`, t);
 		},
 		setDemonstratingProofOfPossessionNonce: g,
 		getDemonstratingProofOfPossessionNonce: _,
 		setDemonstratingProofOfPossessionJwkAsync: p,
 		getDemonstratingProofOfPossessionJwkAsync: m
 	};
-}, l = /* @__PURE__ */ function(e) {
-	return e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e;
-}({}), u = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), d = (e) => JSON.parse(u(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), f = (e) => {
-	try {
-		return e && p(e, ".") === 2 ? d(e.split(".")[1]) : null;
-	} catch (e) {
-		console.warn(e);
+}, a = 2e3, o = console, s = class {
+	constructor(e, t, n, r = a, i = !0) {
+		this._callback = e, this._client_id = t, this._url = n, this._interval = r || a, this._stopOnError = i;
+		let o = n.indexOf("/", n.indexOf("//") + 2);
+		this._frame_origin = n.substring(0, o), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = n;
 	}
-	return null;
-}, p = (e, t) => e.split(t).length - 1, m = {
-	access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
-	access_token_invalid: "access_token_invalid",
-	id_token_invalid: "id_token_invalid"
-};
-function h(e, t, n) {
-	return e.issuedAt ? typeof e.issuedAt == "string" ? parseInt(e.issuedAt, 10) : e.issuedAt : t && t.iat ? t.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
-}
-var g = (e, t = null, n) => {
-	if (!e) return null;
-	let r, i = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
-	r = e.accessTokenPayload === void 0 ? f(e.accessToken) : e.accessTokenPayload;
-	let a;
-	a = t != null && "idToken" in t && !("idToken" in e) ? t.idToken : e.idToken;
-	let o = e.idTokenPayload ? e.idTokenPayload : f(a), s = o && o.exp ? o.exp : Number.MAX_VALUE, c = r && r.exp ? r.exp : e.issuedAt + i;
-	e.issuedAt = h(e, r, o);
-	let l;
-	l = e.expiresAt ? e.expiresAt : n === m.access_token_invalid ? c : n === m.id_token_invalid || s < c ? s : c;
-	let u = {
-		...e,
-		idTokenPayload: o,
-		accessTokenPayload: r,
-		expiresAt: l,
-		idToken: a
-	};
-	if (t != null && "refreshToken" in t && !("refreshToken" in e)) {
-		let e = t.refreshToken;
-		return {
-			...u,
-			refreshToken: e
-		};
+	load() {
+		return new Promise((e) => {
+			this._frame.onload = () => {
+				e();
+			}, window.document.body.appendChild(this._frame), this._boundMessageEvent = this._message.bind(this), window.addEventListener("message", this._boundMessageEvent, !1);
+		});
 	}
-	return u;
-}, _ = (e, t, n) => {
-	if (!e) return null;
-	e.issued_at ||= (/* @__PURE__ */ new Date()).getTime() / 1e3;
-	let r = {
-		accessToken: e.access_token,
-		expiresIn: e.expires_in,
-		idToken: e.id_token,
-		scope: e.scope,
-		tokenType: e.token_type,
-		issuedAt: e.issued_at
-	};
-	return "refresh_token" in e && (r.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (r.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (r.idTokenPayload = e.idTokenPayload), g(r, t, n);
-}, v = (e, t) => {
-	let n = t - (/* @__PURE__ */ new Date()).getTime() / 1e3;
-	return Math.round(n - e);
-}, y = (e, t = 0) => e ? v(t, e.expiresAt) > 0 : !1, b = async (e, t = 200, n = 50) => {
-	let r = n, i = await e.syncTokensInfoAsync();
-	for (; [
-		G.REQUIRE_SYNC_TOKENS,
-		G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
-		G.TOKENS_INVALID
-	].includes(i) && r > 0;) {
-		if (e.configuration.token_automatic_renew_mode == l.AutomaticOnlyWhenFetchExecuted) {
-			await e.renewTokensAsync({});
-			break;
-		} else await E({ milliseconds: t });
-		--r, i = await e.syncTokensInfoAsync();
+	_message(e) {
+		e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (o.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (o.debug(e), o.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : o.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
 	}
-	return {
-		isTokensValid: y(e.getTokens()),
-		tokens: e.getTokens(),
-		numberWaited: r - n
-	};
-}, x = (e, t, n) => {
-	if (e.idTokenPayload) {
-		let r = e.idTokenPayload;
-		if (n.issuer !== r.iss) return {
-			isValid: !1,
-			reason: `Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`
-		};
-		let i = (/* @__PURE__ */ new Date()).getTime() / 1e3;
-		if (r.exp && r.exp < i) return {
-			isValid: !1,
-			reason: `Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`
-		};
-		let a = 3600 * 24 * 7;
-		if (r.iat && r.iat + a < i) return {
-			isValid: !1,
-			reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat + a} < (currentTimeUnixSecond) ${i}`
-		};
-		if (r.nonce && r.nonce !== t) return {
-			isValid: !1,
-			reason: `Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`
+	start(e) {
+		o.debug("CheckSessionIFrame.start :" + e), this.stop();
+		let t = () => {
+			this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
 		};
+		t(), this._timer = window.setInterval(t, this._interval);
 	}
-	return {
-		isValid: !0,
-		reason: ""
-	};
-}, S = (function() {
+	stop() {
+		this._timer &&= (o.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), null);
+	}
+}, c = (function() {
 	let e = typeof window > "u" ? global : window;
 	return {
 		setTimeout: setTimeout.bind(e),
@@ -263,328 +145,123 @@ var g = (e, t = null, n) => {
 		setInterval: setInterval.bind(e),
 		clearInterval: clearInterval.bind(e)
 	};
-})(), C = "7.27.11", w = null, T, E = ({ milliseconds: e }) => new Promise((t) => S.setTimeout(t, e)), D = (e = "/") => {
+})(), l = (t, n, r) => (i = null, a = null, o = null) => {
+	if (!n.silent_redirect_uri || !n.silent_login_uri) return Promise.resolve(null);
 	try {
-		T = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: T.signal }).catch((e) => {
-			console.log(e);
-		}), E({ milliseconds: 150 * 1e3 }).then(() => D(e));
-	} catch (e) {
-		console.log(e);
-	}
-}, O = () => {
-	T && T.abort();
-}, k = (e) => {
-	let t = `oidc.tabId.${e}`, n = sessionStorage.getItem(t);
-	if (n) return n;
-	let r = globalThis.crypto.randomUUID();
-	return sessionStorage.setItem(t, r), r;
-}, ee = 5e3, A = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, j = (e, t) => (n) => {
-	let r = t?.timeoutMs ?? ee;
-	return new Promise((t, i) => {
-		let a = A(e);
-		if (!a) {
-			i(/* @__PURE__ */ Error("Service worker target not available (controller/active/waiting/installing missing)"));
-			return;
-		}
-		let o = new MessageChannel(), s = null, c = () => {
+		r(e.silentLoginAsync_begin, {});
+		let s = "";
+		if (a && (i ??= {}, i.state = a), o != null && (i ??= {}, i.scope = o), i != null) for (let [e, t] of Object.entries(i)) t != null && (s === "" ? s = `?${encodeURIComponent(e)}=${encodeURIComponent(t)}` : s += `&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);
+		let c = n.silent_login_uri + s, l = c.indexOf("/", c.indexOf("//") + 2), u = c.substring(0, l), d = document.createElement("iframe");
+		return d.width = "0px", d.height = "0px", d.id = `${t}_oidc_iframe`, d.setAttribute("src", c), d.style.display = "none", document.body.appendChild(d), new Promise((i, a) => {
+			let o = !1, s = () => {
+				window.removeEventListener("message", c), d.remove(), o = !0;
+			}, c = (n) => {
+				if (n.origin === u && n.source === d.contentWindow) {
+					let c = `${t}_oidc_tokens:`, l = `${t}_oidc_error:`, u = `${t}_oidc_exception:`, d = n.data;
+					if (d && typeof d == "string" && !o) {
+						if (d.startsWith(c)) {
+							let t = JSON.parse(n.data.replace(c, ""));
+							r(e.silentLoginAsync_end, {}), i(t), s();
+						} else if (d.startsWith(l)) {
+							let t = JSON.parse(n.data.replace(l, ""));
+							r(e.silentLoginAsync_error, t), i({
+								error: "oidc_" + t.error,
+								tokens: null,
+								sessionState: null
+							}), s();
+						} else if (d.startsWith(u)) {
+							let t = JSON.parse(n.data.replace(u, ""));
+							r(e.silentLoginAsync_error, t), a(Error(t.error)), s();
+						}
+					}
+				}
+			};
 			try {
-				s != null && (S.clearTimeout(s), s = null), o.port1.onmessage = null, o.port1.close(), o.port2.close();
-			} catch (e) {
-				console.error(e);
+				window.addEventListener("message", c);
+				let t = n.silent_login_timeout;
+				setTimeout(() => {
+					o || (s(), r(e.silentLoginAsync_error, { reason: "timeout" }), a(/* @__PURE__ */ Error("timeout")));
+				}, t);
+			} catch (t) {
+				s(), r(e.silentLoginAsync_error, t), a(t);
 			}
-		};
-		s = S.setTimeout(() => {
-			c(), i(/* @__PURE__ */ Error(`Service worker did not respond within ${r}ms (type=${n?.type})`));
-		}, r), o.port1.onmessage = (e) => {
-			c(), e?.data?.error ? i(e.data.error) : t(e.data);
-		};
-		try {
-			let e = n?.configurationName;
-			a.postMessage({
-				...n,
-				tabId: k(e ?? "default")
-			}, [o.port2]);
-		} catch (e) {
-			c(), i(e);
-		}
-	});
-}, te = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((t) => {
-	let n = !1, r = () => {
-		n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
-	};
-	navigator.serviceWorker.addEventListener("controllerchange", r), S.setTimeout(() => {
-		n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
-	}, e);
-}), ne = !1, M = !1, N = /* @__PURE__ */ new Map(), P = "oidc.sw.controllerchange_reload_count", F = 3, I = () => {
-	try {
-		return parseInt(sessionStorage.getItem(P) ?? "0", 10);
-	} catch {
-		return 0;
+		});
+	} catch (t) {
+		throw r(e.silentLoginAsync_error, t), t;
 	}
-}, re = () => {
-	let e = I() + 1;
-	try {
-		sessionStorage.setItem(P, String(e));
-	} catch {}
-	return e;
-}, ie = () => {
-	try {
-		sessionStorage.removeItem(P);
-	} catch {}
-}, L = async (e, t) => {
-	let n = e.service_worker_relative_url;
-	if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n || e.service_worker_activate() === !1) return null;
-	let r = `${n}?v=${C}`, i = null;
-	e.service_worker_register ? (N.has(n) || N.set(n, e.service_worker_register(n)), i = await N.get(n)) : (N.has(r) || N.set(r, navigator.serviceWorker.register(r, { updateViaCache: "none" })), i = await N.get(r));
-	let a = `oidc.sw.version_mismatch_reload.${t}`, o = async (e) => {
-		O(), console.log("New SW waiting – SKIP_WAITING");
+}, u = (t, n, r, i, a) => (t = null, o = void 0) => {
+	t = { ...t };
+	let s = (e, t, o) => l(n, r, i.bind(a))(e, t, o);
+	return (async () => {
+		a.timeoutId && c.clearTimeout(a.timeoutId);
+		let n;
+		t && "state" in t && (n = t.state, delete t.state);
 		try {
-			await new Promise((n, r) => {
-				let i = new MessageChannel(), a = null, o = () => {
-					try {
-						a != null && (S.clearTimeout(a), a = null), i.port1.onmessage = null, i.port1.close(), i.port2.close();
-					} catch (e) {
-						console.error(e);
-					}
-				};
-				a = S.setTimeout(() => {
-					o(), r(/* @__PURE__ */ Error("SKIP_WAITING did not respond within 8000ms"));
-				}, 8e3), i.port1.onmessage = (e) => {
-					o(), e?.data?.error ? r(e.data.error) : n();
-				};
-				try {
-					e.postMessage({
-						type: "SKIP_WAITING",
-						configurationName: t,
-						data: null,
-						tabId: k(t ?? "default")
-					}, [i.port2]);
-				} catch (e) {
-					o(), r(e);
-				}
-			});
+			let c = await s({
+				...r.extras ? {
+					...r.extras,
+					...t
+				} : t,
+				prompt: "none"
+			}, n, o);
+			if (c) return a.tokens = c.tokens, i(e.token_acquired, {}), a.timeoutId = z(a, a.tokens.expiresAt, t, o), {};
 		} catch (e) {
-			console.warn("SKIP_WAITING failed", e);
+			return e;
 		}
-	}, s = async () => {
-		let e = i.waiting;
-		e ? await o(e) : console.warn("sendSkipWaiting called but no waiting service worker found");
-	}, c = (e) => {
-		O(), e.addEventListener("statechange", async () => {
-			if (e.state === "installed" && navigator.serviceWorker.controller) {
-				if (I() >= F) {
-					console.warn("SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted");
-					return;
-				}
-				await o(e);
-			}
-		});
-	};
-	i.addEventListener("updatefound", () => {
-		let e = i.installing;
-		e && c(e);
-	}), i.installing ? c(i.installing) : i.waiting && navigator.serviceWorker.controller && (I() < F ? s() : console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")), i.update().catch((e) => {
-		console.error(e);
+	})();
+}, d = (e, t, n) => (r, i, a, o = !1) => {
+	let c = (t, r = void 0, i = void 0) => l(e.configurationName, n, e.publishEvent.bind(e))(t, r, i);
+	return new Promise((l, u) => {
+		n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && r && a && !o ? (e.checkSessionIFrame = new s(() => {
+			e.checkSessionIFrame.stop();
+			let r = e.tokens;
+			if (r === null) return;
+			let i = r.idToken, a = r.idTokenPayload;
+			return c({
+				prompt: "none",
+				id_token_hint: i,
+				scope: n.scope || "openid"
+			}).then((t) => {
+				if (t.error) throw Error(t.error);
+				let n = t.tokens.idTokenPayload;
+				if (a.sub === n.sub) {
+					let r = t.sessionState;
+					e.checkSessionIFrame.start(t.sessionState), a.sid === n.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", r) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", r);
+				} else console.debug("SessionMonitor._callback: Different subject signed into OP:", n.sub);
+			}).catch(async (e) => {
+				console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", e);
+				for (let [, e] of Object.entries(t)) await e.logoutOtherTabAsync(n.client_id, a.sub);
+			});
+		}, i, r), e.checkSessionIFrame.load().then(() => {
+			e.checkSessionIFrame.start(a), l(e.checkSessionIFrame);
+		}).catch((e) => {
+			u(e);
+		})) : l(null);
 	});
-	try {
-		await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await j(i, { timeoutMs: 8e3 })({
-			type: "claim",
-			configurationName: t,
-			data: null
-		}), await te(2e3));
-	} catch (e) {
-		return console.warn(`Failed init ServiceWorker ${e?.toString?.() ?? String(e)}`), null;
-	}
-	ne || (ne = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
-		if (M) return;
-		let e = re();
-		if (e > F) {
-			console.warn(`SW controllerchange: reload budget exhausted (${e - 1} reloads). Skipping reload to avoid infinite loop.`);
-			return;
-		}
-		M = !0, console.log("SW controller changed – reloading page"), O(), window.location.reload();
-	}));
-	let l = async (e) => j(i)({
-		type: "clear",
-		data: { status: e },
-		configurationName: t
-	}), u = async (e, n, r) => {
-		let o = await j(i)({
-			type: "init",
-			data: {
-				oidcServerConfiguration: e,
-				where: n,
-				oidcConfiguration: {
-					token_renew_mode: r.token_renew_mode,
-					service_worker_convert_all_requests_to_cors: r.service_worker_convert_all_requests_to_cors
-				}
-			},
-			configurationName: t
-		}), c = o.version;
-		if (c !== "7.27.11") {
-			console.warn(`Service worker ${c} version mismatch with js client version ${C}, unregistering and reloading`);
-			let e = parseInt(sessionStorage.getItem(a) ?? "0", 10);
-			if (e < 3) {
-				if (sessionStorage.setItem(a, String(e + 1)), i.waiting) return await s(), await E({ milliseconds: 500 }), M || (M = !0, window.location.reload()), new Promise(() => {});
-				{
-					O();
-					try {
-						await i.update();
-					} catch (e) {
-						console.error(e);
-					}
-					let e = await i.unregister();
-					return console.log(`Service worker unregistering ${e}`), await E({ milliseconds: 500 }), M || (M = !0, window.location.reload()), new Promise(() => {});
-				}
-			} else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`);
-		} else sessionStorage.removeItem(a), ie();
-		return {
-			tokens: _(o.tokens, null, r.token_renew_mode),
-			status: o.status
-		};
-	}, d = (e = "/") => {
-		w ?? (w = "not_null", D(e));
-	}, f = (e) => j(i)({
-		type: "setSessionState",
-		data: { sessionState: e },
-		configurationName: t
-	}), p = async () => (await j(i)({
-		type: "getSessionState",
-		data: null,
-		configurationName: t
-	})).sessionState, m = (e) => (sessionStorage[`oidc.nonce.${t}`] = e.nonce, j(i)({
-		type: "setNonce",
-		data: { nonce: e },
-		configurationName: t
-	})), h = async (e = !0) => {
-		let n = (await j(i)({
-			type: "getNonce",
-			data: null,
-			configurationName: t
-		})).nonce;
-		return n || (n = sessionStorage[`oidc.nonce.${t}`], console.warn("nonce not found in service worker, using sessionStorage"), e && (await m(n), n = (await h(!1)).nonce)), { nonce: n };
-	}, g = {}, v = (e) => {
-		if (e == null) {
-			delete g[t], delete localStorage[`oidc.login.${t}`];
-			return;
-		}
-		g[t] = e, localStorage[`oidc.login.${t}`] = JSON.stringify(e);
-	}, y = () => {
-		if (g[t]) return g[t];
-		let e = localStorage[`oidc.login.${t}`];
-		if (typeof e != "string" || e === "" || e === "undefined" || e === "null") return null;
-		try {
-			g[t] = JSON.parse(e);
-		} catch {
-			return null;
-		}
-		return g[t];
-	}, b = async (e) => {
-		await j(i)({
-			type: "setDemonstratingProofOfPossessionNonce",
-			data: { demonstratingProofOfPossessionNonce: e },
-			configurationName: t
-		});
-	}, x = async () => (await j(i)({
-		type: "getDemonstratingProofOfPossessionNonce",
-		data: null,
-		configurationName: t
-	})).demonstratingProofOfPossessionNonce, T = async (e) => {
-		let n = JSON.stringify(e);
-		await j(i)({
-			type: "setDemonstratingProofOfPossessionJwk",
-			data: { demonstratingProofOfPossessionJwkJson: n },
-			configurationName: t
-		});
-	}, ee = async () => {
-		let e = await j(i)({
-			type: "getDemonstratingProofOfPossessionJwk",
-			data: null,
-			configurationName: t
-		});
-		return e.demonstratingProofOfPossessionJwkJson ? JSON.parse(e.demonstratingProofOfPossessionJwkJson) : null;
-	}, A = async (e = !0) => {
-		let n = (await j(i)({
-			type: "getState",
-			data: null,
-			configurationName: t
-		})).state;
-		return n || (n = sessionStorage[`oidc.state.${t}`], console.warn("state not found in service worker, using sessionStorage"), e && (await P(n), n = await A(!1))), n;
-	}, P = async (e) => (sessionStorage[`oidc.state.${t}`] = e, j(i)({
-		type: "setState",
-		data: { state: e },
-		configurationName: t
-	})), L = async (e = !0) => {
-		let n = (await j(i)({
-			type: "getCodeVerifier",
-			data: null,
-			configurationName: t
-		})).codeVerifier;
-		return n || (n = sessionStorage[`oidc.code_verifier.${t}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), e && (await R(n), n = await L(!1))), n;
-	}, R = async (e) => (sessionStorage[`oidc.code_verifier.${t}`] = e, j(i)({
-		type: "setCodeVerifier",
-		data: { codeVerifier: e },
-		configurationName: t
-	}));
-	return {
-		clearAsync: l,
-		initAsync: u,
-		startKeepAliveServiceWorker: () => d(e.service_worker_keep_alive_path),
-		setSessionStateAsync: f,
-		getSessionStateAsync: p,
-		setNonceAsync: m,
-		getNonceAsync: h,
-		setLoginParams: v,
-		getLoginParams: y,
-		getStateAsync: A,
-		setStateAsync: P,
-		getCodeVerifierAsync: L,
-		setCodeVerifierAsync: R,
-		setDemonstratingProofOfPossessionNonce: b,
-		getDemonstratingProofOfPossessionNonce: x,
-		setDemonstratingProofOfPossessionJwkAsync: T,
-		getDemonstratingProofOfPossessionJwkAsync: ee
-	};
-}, R = {}, ae = (e, t = window.sessionStorage, n) => {
-	if (!R[e] && t) {
-		let n = t.getItem(e);
-		n && (R[e] = JSON.parse(n));
-	}
-	let r = 1e3 * n;
-	return R[e] && R[e].timestamp + r > Date.now() ? R[e].result : null;
-}, oe = (e, t, n = window.sessionStorage) => {
-	let r = Date.now();
-	R[e] = {
-		result: t,
-		timestamp: r
-	}, n && n.setItem(e, JSON.stringify({
-		result: t,
-		timestamp: r
-	}));
 };
 //#endregion
 //#region src/jwt.ts
-function se(e) {
+function f(e) {
 	return new TextEncoder().encode(e);
 }
-function ce(e) {
+function p(e) {
 	return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
 }
-function le(e) {
+function m(e) {
 	return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(e, t) {
 		return String.fromCharCode(parseInt(t, 16));
 	});
 }
-var z = (e) => {
+var h = (e) => {
 	let t = "";
 	return e.forEach(function(e) {
 		t += String.fromCharCode(e);
-	}), ce(t);
+	}), p(t);
 };
-function ue(e) {
-	return ce(le(e));
+function g(e) {
+	return p(m(e));
 }
-var de = {
+var _ = {
 	importKeyAlgorithm: {
 		name: "ECDSA",
 		namedCurve: "P-256",
@@ -600,7 +277,7 @@ var de = {
 	},
 	digestAlgorithm: { name: "SHA-256" },
 	jwtHeaderAlgorithm: "ES256"
-}, fe = { sign: (e) => async (t, n, r, i, a = "dpop+jwt") => {
+}, v = { sign: (e) => async (t, n, r, i, a = "dpop+jwt") => {
 	switch (t = Object.assign({}, t), n.typ = a, n.alg = i.jwtHeaderAlgorithm, n.alg) {
 		case "ES256":
 			n.jwk = {
@@ -621,11 +298,11 @@ var de = {
 		default: throw Error("Unknown or not implemented JWS algorithm");
 	}
 	let o = {
-		protected: ue(JSON.stringify(n)),
-		payload: ue(JSON.stringify(r))
-	}, s = i.importKeyAlgorithm, c = await e.crypto.subtle.importKey("jwk", t, s, !0, ["sign"]), l = se(`${o.protected}.${o.payload}`), u = i.signAlgorithm, d = await e.crypto.subtle.sign(u, c, l);
-	return o.signature = z(new Uint8Array(d)), `${o.protected}.${o.payload}.${o.signature}`;
-} }, pe = {
+		protected: g(JSON.stringify(n)),
+		payload: g(JSON.stringify(r))
+	}, s = i.importKeyAlgorithm, c = await e.crypto.subtle.importKey("jwk", t, s, !0, ["sign"]), l = f(`${o.protected}.${o.payload}`), u = i.signAlgorithm, d = await e.crypto.subtle.sign(u, c, l);
+	return o.signature = h(new Uint8Array(d)), `${o.protected}.${o.payload}.${o.signature}`;
+} }, y = {
 	generate: (e) => async (t) => {
 		let n = t, r = await e.crypto.subtle.generateKey(n, !0, ["sign", "verify"]);
 		return await e.crypto.subtle.exportKey("jwk", r.privateKey);
@@ -634,7 +311,7 @@ var de = {
 		let t = Object.assign({}, e);
 		return delete t.d, t.key_ops = ["verify"], t;
 	}
-}, me = { thumbprint: (e) => async (t, n) => {
+}, b = { thumbprint: (e) => async (t, n) => {
 	let r;
 	switch (t.kty) {
 		case "EC":
@@ -645,483 +322,63 @@ var de = {
 			break;
 		default: throw Error("Unknown or not implemented JWK type");
 	}
-	let i = await e.crypto.subtle.digest(n, se(r));
-	return z(new Uint8Array(i));
-} }, he = (e) => async (t) => await pe.generate(e)(t), ge = (e) => (t) => async (n, r = "POST", i, a = {}) => {
+	let i = await e.crypto.subtle.digest(n, f(r));
+	return h(new Uint8Array(i));
+} }, x = (e) => async (t) => await y.generate(e)(t), S = (e) => (t) => async (n, r = "POST", i, a = {}) => {
 	let o = {
-		jti: btoa(_e()),
+		jti: btoa(C()),
 		htm: r,
 		htu: i,
 		iat: Math.round(Date.now() / 1e3),
 		...a
-	}, s = await me.thumbprint(e)(n, t.digestAlgorithm);
-	return await fe.sign(e)(n, { kid: s }, o, t);
-}, _e = () => {
+	}, s = await b.thumbprint(e)(n, t.digestAlgorithm);
+	return await v.sign(e)(n, { kid: s }, o, t);
+}, C = () => {
 	let e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", t = "0123456789abcdef", n = 0, r = "";
 	for (let i = 0; i < 36; i++) e[i] !== "-" && e[i] !== "4" && (n = Math.random() * 16 | 0), e[i] === "x" ? r += t[n] : e[i] === "y" ? (n &= 3, n |= 8, r += t[n]) : r += e[i];
 	return r;
-}, ve = () => {
+}, w = () => {
 	let e = typeof window < "u" && !!window.crypto;
 	return {
 		hasCrypto: e,
 		hasSubtleCrypto: e && !!window.crypto.subtle
 	};
-}, ye = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", be = (e) => {
+}, T = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", E = (e) => {
 	let t = [];
 	for (let n = 0; n < e.byteLength; n += 1) {
 		let r = e[n] % 62;
-		t.push(ye[r]);
+		t.push(T[r]);
 	}
 	return t.join("");
-}, B = (e) => {
-	let t = new Uint8Array(e), { hasCrypto: n } = ve();
+}, D = (e) => {
+	let t = new Uint8Array(e), { hasCrypto: n } = w();
 	if (n) window.crypto.getRandomValues(t);
 	else for (let n = 0; n < e; n += 1) t[n] = Math.random() * 62 | 0;
-	return be(t);
+	return E(t);
 };
-function xe(e) {
+function ee(e) {
 	let t = new ArrayBuffer(e.length), n = new Uint8Array(t);
 	for (let t = 0; t < e.length; t++) n[t] = e.charCodeAt(t);
 	return n;
 }
-function Se(e) {
+function te(e) {
 	return new Promise((t, n) => {
-		crypto.subtle.digest("SHA-256", xe(e)).then((e) => t(z(new Uint8Array(e))), (e) => n(e));
+		crypto.subtle.digest("SHA-256", ee(e)).then((e) => t(h(new Uint8Array(e))), (e) => n(e));
 	});
 }
-var Ce = (e) => {
+var ne = (e) => {
 	if (e.length < 43 || e.length > 128) return Promise.reject(/* @__PURE__ */ Error("Invalid code length."));
-	let { hasSubtleCrypto: t } = ve();
-	return t ? Se(e) : Promise.reject(/* @__PURE__ */ Error("window.crypto.subtle is unavailable."));
-}, we = 3600, Te = (e) => async (t, n = we, r = window.sessionStorage, i = 1e4) => {
-	let a = `${t}/.well-known/openid-configuration`, o = `oidc.server:${t}`, s = ae(o, r, n);
-	if (s) return new Z(s);
-	let c = await V(e)(a, {}, i);
-	if (c.status !== 200) return null;
-	let l = await c.json();
-	return oe(o, l, r), new Z(l);
-}, V = (e) => async (t, n = {}, r = 1e4, i = 0) => {
-	let a;
-	try {
-		let i = new AbortController();
-		setTimeout(() => i.abort(), r), a = await e(t, {
-			...n,
-			signal: i.signal
-		});
-	} catch (a) {
-		if (a.name === "AbortError" || a.message === "Network request failed") {
-			if (i <= 1) return await V(e)(t, n, r, i + 1);
-			throw a;
-		} else throw console.error(a.message), a;
-	}
-	return a;
-}, H = {
-	refresh_token: "refresh_token",
-	access_token: "access_token"
-}, Ee = (e) => async (t, n, r = H.refresh_token, i, a = {}, o = 1e4) => {
-	let s = {
-		token: n,
-		token_type_hint: r,
-		client_id: i
-	};
-	for (let [e, t] of Object.entries(a)) s[e] === void 0 && (s[e] = t);
-	let c = [];
-	for (let e in s) {
-		let t = encodeURIComponent(e), n = encodeURIComponent(s[e]);
-		c.push(`${t}=${n}`);
-	}
-	let l = c.join("&");
-	return (await V(e)(t, {
-		method: "POST",
-		headers: { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8" },
-		body: l
-	}, o)).status === 200 ? { success: !0 } : { success: !1 };
-}, De = (e) => async (t, n, r, i, a = {}, o, s = 1e4) => {
-	for (let [e, t] of Object.entries(r)) n[e] === void 0 && (n[e] = t);
-	let c = [];
-	for (let e in n) {
-		let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
-		c.push(`${t}=${r}`);
-	}
-	let l = c.join("&"), u = await V(e)(t, {
-		method: "POST",
-		headers: {
-			"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
-			...a
+	let { hasSubtleCrypto: t } = w();
+	return t ? te(e) : Promise.reject(/* @__PURE__ */ Error("window.crypto.subtle is unavailable."));
+}, re = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), ie = (e) => {
+	let t = e.appVersion, n = e.userAgent, r = "-", i = [
+		{
+			s: "Windows 10",
+			r: /(Windows 10.0|Windows NT 10.0)/
 		},
-		body: l
-	}, s);
-	if (u.status !== 200) return {
-		success: !1,
-		status: u.status,
-		demonstratingProofOfPossessionNonce: null
-	};
-	let d = await u.json(), f = null;
-	return u.headers.has(U) && (f = u.headers.get(U)), {
-		success: !0,
-		status: u.status,
-		data: _(d, i, o),
-		demonstratingProofOfPossessionNonce: f
-	};
-}, Oe = (e, t) => async (n, r) => {
-	r = r ? { ...r } : {};
-	let i = B(128), a = await Ce(i);
-	await e.setCodeVerifierAsync(i), await e.setStateAsync(r.state), r.code_challenge = a, r.code_challenge_method = "S256";
-	let o = "";
-	if (r) for (let [e, t] of Object.entries(r)) o === "" ? o += "?" : o += "&", o += `${e}=${encodeURIComponent(t)}`;
-	t.open(`${n}${o}`);
-}, U = "DPoP-Nonce", ke = (e) => async (t, n, r, i, a = 1e4) => {
-	n = n ? { ...n } : {}, n.code_verifier = await e.getCodeVerifierAsync();
-	let o = [];
-	for (let e in n) {
-		let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
-		o.push(`${t}=${r}`);
-	}
-	let s = o.join("&"), c = await V(fetch)(t, {
-		method: "POST",
-		headers: {
-			"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
-			...r
-		},
-		body: s
-	}, a);
-	if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), c.status !== 200) return {
-		success: !1,
-		status: c.status
-	};
-	let l = null;
-	c.headers.has(U) && (l = c.headers.get(U));
-	let u = await c.json();
-	return {
-		success: !0,
-		data: {
-			state: n.state,
-			tokens: _(u, null, i),
-			demonstratingProofOfPossessionNonce: l
-		}
-	};
-};
-//#endregion
-//#region src/renewTokens.ts
-async function Ae(e, t, n, r = null) {
-	let { tokens: i, status: a } = await q(e)((t) => {
-		e.tokens = t;
-	}, 0, 0, t, n, r);
-	return await L(e.configuration, e.configurationName) || c(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(a), null);
-}
-async function je(e, t = !1, n = null, r = null) {
-	let i = e.configuration, a = `${i.client_id}_${e.configurationName}_${i.authority}`, o, s = await L(e.configuration, e.configurationName);
-	if (i?.storage === window?.sessionStorage && !s || !navigator.locks) o = await Ae(e, t, n, r);
-	else {
-		let i = "retry";
-		for (; i === "retry";) i = await navigator.locks.request(a, { ifAvailable: !0 }, async (i) => i ? await Ae(e, t, n, r) : (e.publishEvent($.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), "retry"));
-		o = i;
-	}
-	return o ? (e.timeoutId &&= W(e, e.tokens.expiresAt, n, r), e.tokens) : null;
-}
-var W = (e, t, n = null, r = null) => {
-	let i = e.configuration.refresh_time_before_tokens_expiration_in_second;
-	return e.timeoutId && S.clearTimeout(e.timeoutId), S.setTimeout(async () => {
-		let a = { timeLeft: v(i, t) };
-		e.publishEvent($.eventNames.token_timer, a), await je(e, !1, n, r);
-	}, 1e3);
-}, G = {
-	FORCE_REFRESH: "FORCE_REFRESH",
-	SESSION_LOST: "SESSION_LOST",
-	NOT_CONNECTED: "NOT_CONNECTED",
-	TOKENS_VALID: "TOKENS_VALID",
-	TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
-	TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
-	LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
-	REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS",
-	TOKENS_INVALID: "TOKENS_INVALID"
-}, K = (e) => async (t, n, r, i = !1) => {
-	let a = { nonce: null };
-	if (!r) return {
-		tokens: null,
-		status: G.NOT_CONNECTED,
-		nonce: a
-	};
-	let o, s = await e.initAsync(t.authority, t.authority_configuration), l = await L(t, n);
-	if (l) {
-		let { status: e, tokens: n } = await l.initAsync(s, "syncTokensAsync", t);
-		if (e === "LOGGED_OUT") return {
-			tokens: null,
-			status: G.LOGOUT_FROM_ANOTHER_TAB,
-			nonce: a
-		};
-		if (e === "SESSIONS_LOST") return {
-			tokens: null,
-			status: G.SESSION_LOST,
-			nonce: a
-		};
-		if (!e || !n) return {
-			tokens: null,
-			status: G.REQUIRE_SYNC_TOKENS,
-			nonce: a
-		};
-		if (n.issuedAt !== r.issuedAt) return {
-			tokens: n,
-			status: v(t.refresh_time_before_tokens_expiration_in_second, n.expiresAt) > 0 ? G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
-			nonce: await l.getNonceAsync()
-		};
-		o = await l.getNonceAsync();
-	} else {
-		let i = c(n, t.storage ?? sessionStorage, t.login_state_storage ?? t.storage ?? sessionStorage), s = await i.initAsync(), { tokens: l } = s, { status: u } = s;
-		if (l &&= g(l, e.tokens, t.token_renew_mode), !l) return {
-			tokens: null,
-			status: G.LOGOUT_FROM_ANOTHER_TAB,
-			nonce: a
-		};
-		if (u === "SESSIONS_LOST") return {
-			tokens: null,
-			status: G.SESSION_LOST,
-			nonce: a
-		};
-		if (l.issuedAt !== r.issuedAt) {
-			let e = v(t.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, n = await i.getNonceAsync();
-			return {
-				tokens: l,
-				status: e,
-				nonce: n
-			};
-		}
-		o = await i.getNonceAsync();
-	}
-	let u = v(t.refresh_time_before_tokens_expiration_in_second, r.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
-	return i ? {
-		tokens: r,
-		status: "FORCE_REFRESH",
-		nonce: o
-	} : {
-		tokens: r,
-		status: u,
-		nonce: o
-	};
-}, q = (e) => async (t, n = 0, r = 0, a = !1, o = null, s = null) => {
-	if (!navigator.onLine && document.hidden) return {
-		tokens: e.tokens,
-		status: "GIVE_UP"
-	};
-	let u = 6, d = a ? 2 : 5;
-	for (; !navigator.onLine && u > 0;) await E({ milliseconds: 1e3 }), u--, e.publishEvent(i.refreshTokensAsync, { message: `wait because navigator is offline try ${u}` });
-	let f = document.hidden, p = f ? n : n + 1, m = f ? r + 1 : r;
-	if (n >= d || r >= 5) return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token" }), {
-		tokens: null,
-		status: "SESSION_LOST"
-	};
-	o ||= {};
-	let h = e.configuration, g = (t, n = null, r = null) => J(e.configurationName, e.configuration, e.publishEvent.bind(e))(t, n, r), _ = async () => {
-		try {
-			let n, r = await L(h, e.configurationName);
-			n = r ? r.getLoginParams() : c(e.configurationName, h.storage, h.login_state_storage ?? h.storage).getLoginParams();
-			let a = {};
-			if (n && n.extras) for (let [e, t] of Object.entries(n.extras)) t != null && (a[e] = t);
-			if (o) for (let [e, t] of Object.entries(o)) t != null && (a[e] = t);
-			a.prompt = "none", s && (a.scope = s);
-			let l = await g(a);
-			return l ? l.error ? (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token silent" }), {
-				tokens: null,
-				status: "SESSION_LOST"
-			}) : (t(l.tokens), e.publishEvent($.eventNames.token_renewed, {}), {
-				tokens: l.tokens,
-				status: "LOGGED"
-			}) : (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token silent not active" }), {
-				tokens: null,
-				status: "SESSION_LOST"
-			});
-		} catch (n) {
-			return console.error(n), e.publishEvent(i.refreshTokensAsync_silent_error, {
-				message: "exceptionSilent",
-				exception: n.message
-			}), await q(e)(t, p, m, a, o, s);
-		}
-	};
-	try {
-		let { status: u, tokens: d, nonce: f } = await K(e)(h, e.configurationName, e.tokens, a);
-		switch (u) {
-			case G.SESSION_LOST: return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token session lost" }), {
-				tokens: null,
-				status: "SESSION_LOST"
-			};
-			case G.NOT_CONNECTED: return t(null), {
-				tokens: null,
-				status: null
-			};
-			case G.TOKENS_VALID: return t(d), {
-				tokens: d,
-				status: "LOGGED_IN"
-			};
-			case G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: return t(d), e.publishEvent($.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), {
-				tokens: d,
-				status: "LOGGED_IN"
-			};
-			case G.LOGOUT_FROM_ANOTHER_TAB: return t(null), e.publishEvent(i.logout_from_another_tab, { status: "session syncTokensAsync" }), {
-				tokens: null,
-				status: "LOGGED_OUT"
-			};
-			case G.REQUIRE_SYNC_TOKENS: return h.token_automatic_renew_mode == l.AutomaticOnlyWhenFetchExecuted && !a ? (e.publishEvent(i.tokensInvalidAndWaitingActionsToRefresh, {}), {
-				tokens: e.tokens,
-				status: "GIVE_UP"
-			}) : (e.publishEvent(i.refreshTokensAsync_begin, { tryNumber: n }), await _());
-			default: {
-				if (h.token_automatic_renew_mode == l.AutomaticOnlyWhenFetchExecuted && G.FORCE_REFRESH !== u) return e.publishEvent(i.tokensInvalidAndWaitingActionsToRefresh, {}), {
-					tokens: e.tokens,
-					status: "GIVE_UP"
-				};
-				if (e.publishEvent(i.refreshTokensAsync_begin, {
-					refreshToken: d.refreshToken,
-					status: u,
-					tryNumber: n,
-					backgroundTry: r
-				}), !d.refreshToken) return await _();
-				let g = h.client_id, v = h.redirect_uri, y = h.authority, b = { ...h.token_request_extras ? h.token_request_extras : {} };
-				for (let [e, t] of Object.entries(o)) e.endsWith(":token_request") && (b[e.replace(":token_request", "")] = t);
-				return await (async () => {
-					let n = {
-						client_id: g,
-						redirect_uri: v,
-						grant_type: "refresh_token",
-						refresh_token: d.refreshToken
-					}, r = await e.initAsync(y, h.authority_configuration), l = document.hidden ? 1e4 : 3e4 * 10, u = r.tokenEndpoint, _ = {};
-					h.demonstrating_proof_of_possession && (_.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(d.accessToken, u, "POST"));
-					let S = await De(e.getFetch())(u, n, b, d, _, h.token_renew_mode, l);
-					if (S.success) {
-						let { isValid: n, reason: a } = x(S.data, f.nonce, r);
-						if (!n) return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${a}` }), {
-							tokens: null,
-							status: "SESSION_LOST"
-						};
-						if (t(S.data), S.demonstratingProofOfPossessionNonce) {
-							let t = await L(h, e.configurationName);
-							t ? await t.setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce) : await c(e.configurationName, h.storage, h.login_state_storage ?? h.storage).setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce);
-						}
-						return e.publishEvent(i.refreshTokensAsync_end, { success: S.success }), e.publishEvent($.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), {
-							tokens: S.data,
-							status: "LOGGED_IN"
-						};
-					} else return e.publishEvent(i.refreshTokensAsync_silent_error, {
-						message: "bad request",
-						tokenResponse: S
-					}), S.status >= 400 && S.status < 500 ? (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: `session lost: ${S.status}` }), {
-						tokens: null,
-						status: "SESSION_LOST"
-					}) : await q(e)(t, p, m, a, o, s);
-				})();
-			}
-		}
-	} catch (n) {
-		return console.error(n), e.publishEvent(i.refreshTokensAsync_silent_error, {
-			message: "exception",
-			exception: n.message
-		}), new Promise((n, r) => {
-			setTimeout(() => {
-				q(e)(t, p, m, a, o, s).then(n).catch(r);
-			}, 1e3);
-		});
-	}
-}, J = (e, t, n) => (r = null, a = null, o = null) => {
-	if (!t.silent_redirect_uri || !t.silent_login_uri) return Promise.resolve(null);
-	try {
-		n(i.silentLoginAsync_begin, {});
-		let s = "";
-		if (a && (r ??= {}, r.state = a), o != null && (r ??= {}, r.scope = o), r != null) for (let [e, t] of Object.entries(r)) t != null && (s === "" ? s = `?${encodeURIComponent(e)}=${encodeURIComponent(t)}` : s += `&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);
-		let c = t.silent_login_uri + s, l = c.indexOf("/", c.indexOf("//") + 2), u = c.substring(0, l), d = document.createElement("iframe");
-		return d.width = "0px", d.height = "0px", d.id = `${e}_oidc_iframe`, d.setAttribute("src", c), d.style.display = "none", document.body.appendChild(d), new Promise((r, a) => {
-			let o = !1, s = () => {
-				window.removeEventListener("message", c), d.remove(), o = !0;
-			}, c = (t) => {
-				if (t.origin === u && t.source === d.contentWindow) {
-					let c = `${e}_oidc_tokens:`, l = `${e}_oidc_error:`, u = `${e}_oidc_exception:`, d = t.data;
-					if (d && typeof d == "string" && !o) {
-						if (d.startsWith(c)) {
-							let e = JSON.parse(t.data.replace(c, ""));
-							n(i.silentLoginAsync_end, {}), r(e), s();
-						} else if (d.startsWith(l)) {
-							let e = JSON.parse(t.data.replace(l, ""));
-							n(i.silentLoginAsync_error, e), r({
-								error: "oidc_" + e.error,
-								tokens: null,
-								sessionState: null
-							}), s();
-						} else if (d.startsWith(u)) {
-							let e = JSON.parse(t.data.replace(u, ""));
-							n(i.silentLoginAsync_error, e), a(Error(e.error)), s();
-						}
-					}
-				}
-			};
-			try {
-				window.addEventListener("message", c);
-				let e = t.silent_login_timeout;
-				setTimeout(() => {
-					o || (s(), n(i.silentLoginAsync_error, { reason: "timeout" }), a(/* @__PURE__ */ Error("timeout")));
-				}, e);
-			} catch (e) {
-				s(), n(i.silentLoginAsync_error, e), a(e);
-			}
-		});
-	} catch (e) {
-		throw n(i.silentLoginAsync_error, e), e;
-	}
-}, Me = (e, t, n, r, a) => (e = null, o = void 0) => {
-	e = { ...e };
-	let s = (e, i, o) => J(t, n, r.bind(a))(e, i, o);
-	return (async () => {
-		a.timeoutId && S.clearTimeout(a.timeoutId);
-		let t;
-		e && "state" in e && (t = e.state, delete e.state);
-		try {
-			let c = await s({
-				...n.extras ? {
-					...n.extras,
-					...e
-				} : e,
-				prompt: "none"
-			}, t, o);
-			if (c) return a.tokens = c.tokens, r(i.token_acquired, {}), a.timeoutId = W(a, a.tokens.expiresAt, e, o), {};
-		} catch (e) {
-			return e;
-		}
-	})();
-}, Ne = (e, t, n) => (i, a, o, s = !1) => {
-	let c = (t, r = void 0, i = void 0) => J(e.configurationName, n, e.publishEvent.bind(e))(t, r, i);
-	return new Promise((l, u) => {
-		n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && i && o && !s ? (e.checkSessionIFrame = new r(() => {
-			e.checkSessionIFrame.stop();
-			let r = e.tokens;
-			if (r === null) return;
-			let i = r.idToken, a = r.idTokenPayload;
-			return c({
-				prompt: "none",
-				id_token_hint: i,
-				scope: n.scope || "openid"
-			}).then((t) => {
-				if (t.error) throw Error(t.error);
-				let n = t.tokens.idTokenPayload;
-				if (a.sub === n.sub) {
-					let r = t.sessionState;
-					e.checkSessionIFrame.start(t.sessionState), a.sid === n.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", r) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", r);
-				} else console.debug("SessionMonitor._callback: Different subject signed into OP:", n.sub);
-			}).catch(async (e) => {
-				console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", e);
-				for (let [, e] of Object.entries(t)) await e.logoutOtherTabAsync(n.client_id, a.sub);
-			});
-		}, a, i), e.checkSessionIFrame.load().then(() => {
-			e.checkSessionIFrame.start(o), l(e.checkSessionIFrame);
-		}).catch((e) => {
-			u(e);
-		})) : l(null);
-	});
-}, Pe = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), Fe = (e) => {
-	let t = e.appVersion, n = e.userAgent, r = "-", i = [
-		{
-			s: "Windows 10",
-			r: /(Windows 10.0|Windows NT 10.0)/
-		},
-		{
-			s: "Windows 8.1",
-			r: /(Windows 8.1|Windows NT 6.3)/
+		{
+			s: "Windows 8.1",
+			r: /(Windows 8.1|Windows NT 6.3)/
 		},
 		{
 			s: "Windows 8",
@@ -1249,7 +506,7 @@ var W = (e, t, n = null, r = null) => {
 		osVersion: a
 	};
 };
-function Ie() {
+function ae() {
 	let e = navigator.userAgent, t, n = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
 	if (/trident/i.test(n[1])) return t = /\brv[ :]+(\d+)/g.exec(e) || [], {
 		name: "ie",
@@ -1275,53 +532,193 @@ function Ie() {
 		version: n[1]
 	};
 }
-var Le = () => {
-	let { name: e, version: t } = Ie();
-	return e === "chrome" && parseInt(t) <= 70 || e === "opera" && (!t || parseInt(t.split(".")[0]) < 80) || e === "ie" ? !1 : !Pe(Fe(navigator));
-}, Re = async (e) => {
-	let t;
-	if (e.tokens != null) return !1;
-	e.publishEvent(i.tryKeepExistingSessionAsync_begin, {});
+var oe = () => {
+	let { name: e, version: t } = ae();
+	return e === "chrome" && parseInt(t) <= 70 || e === "opera" && (!t || parseInt(t.split(".")[0]) < 80) || e === "ie" ? !1 : !re(ie(navigator));
+}, se = async (t) => {
+	let n;
+	if (t.tokens != null) return !1;
+	t.publishEvent(e.tryKeepExistingSessionAsync_begin, {});
 	try {
-		let n = e.configuration, r = await e.initAsync(n.authority, n.authority_configuration);
-		if (t = await L(n, e.configurationName), t) {
-			let { tokens: a } = await t.initAsync(r, "tryKeepExistingSessionAsync", n);
-			if (a) {
-				t.startKeepAliveServiceWorker(), e.tokens = a;
-				let o = t.getLoginParams(e.configurationName);
-				e.timeoutId = W(e, e.tokens.expiresAt, o.extras, o.scope);
-				let s = await t.getSessionStateAsync();
-				return await e.startCheckSessionAsync(r.checkSessionIframe, n.client_id, s), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_end, {
+		let r = t.configuration, a = await t.initAsync(r.authority, r.authority_configuration);
+		if (n = await $(r, t.configurationName), n) {
+			let { tokens: i } = await n.initAsync(a, "tryKeepExistingSessionAsync", r);
+			if (i) {
+				n.startKeepAliveServiceWorker(), t.tokens = i;
+				let o = n.getLoginParams(t.configurationName);
+				t.timeoutId = z(t, t.tokens.expiresAt, o.extras, o.scope);
+				let s = await n.getSessionStateAsync();
+				return await t.startCheckSessionAsync(a.checkSessionIframe, r.client_id, s), r.preload_user_info && await t.userInfoAsync(), t.publishEvent(e.tryKeepExistingSessionAsync_end, {
 					success: !0,
 					message: "tokens inside ServiceWorker are valid"
 				}), !0;
 			}
-			e.publishEvent(i.tryKeepExistingSessionAsync_end, {
+			t.publishEvent(e.tryKeepExistingSessionAsync_end, {
 				success: !1,
 				message: "no exiting session found"
 			});
 		} else {
-			n.service_worker_relative_url && e.publishEvent(i.service_worker_not_supported_by_browser, { message: "service worker is not supported by this browser" });
-			let t = c(e.configurationName, n.storage ?? sessionStorage, n.login_state_storage ?? n.storage ?? sessionStorage), { tokens: a } = await t.initAsync();
-			if (a) {
-				e.tokens = g(a, null, n.token_renew_mode);
-				let o = t.getLoginParams();
-				e.timeoutId = W(e, e.tokens.expiresAt, o.extras, o.scope);
-				let s = await t.getSessionStateAsync();
-				return await e.startCheckSessionAsync(r.checkSessionIframe, n.client_id, s), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_end, {
+			r.service_worker_relative_url && t.publishEvent(e.service_worker_not_supported_by_browser, { message: "service worker is not supported by this browser" });
+			let n = i(t.configurationName, r.storage ?? sessionStorage, r.login_state_storage ?? r.storage ?? sessionStorage), { tokens: o } = await n.initAsync();
+			if (o) {
+				t.tokens = W(o, null, r.token_renew_mode);
+				let i = n.getLoginParams();
+				t.timeoutId = z(t, t.tokens.expiresAt, i.extras, i.scope);
+				let s = await n.getSessionStateAsync();
+				return await t.startCheckSessionAsync(a.checkSessionIframe, r.client_id, s), r.preload_user_info && await t.userInfoAsync(), t.publishEvent(e.tryKeepExistingSessionAsync_end, {
 					success: !0,
 					message: "tokens inside storage are valid"
 				}), !0;
 			}
 		}
-		return e.publishEvent(i.tryKeepExistingSessionAsync_end, {
+		return t.publishEvent(e.tryKeepExistingSessionAsync_end, {
 			success: !1,
-			message: t ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
+			message: n ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
 		}), !1;
-	} catch (n) {
-		return console.error(n), t && await t.clearAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
+	} catch (r) {
+		return console.error(r), n && await n.clearAsync(), t.publishEvent(e.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
+	}
+}, O = class {
+	open(e) {
+		window.location.href = e;
+	}
+	reload() {
+		window.location.reload();
+	}
+	getCurrentHref() {
+		return window.location.href;
 	}
-}, ze = (e) => {
+	getPath() {
+		let e = window.location;
+		return e.pathname + (e.search || "") + (e.hash || "");
+	}
+	getOrigin() {
+		return window.origin;
+	}
+}, k = {}, ce = (e, t = window.sessionStorage, n) => {
+	if (!k[e] && t) {
+		let n = t.getItem(e);
+		n && (k[e] = JSON.parse(n));
+	}
+	let r = 1e3 * n;
+	return k[e] && k[e].timestamp + r > Date.now() ? k[e].result : null;
+}, le = (e, t, n = window.sessionStorage) => {
+	let r = Date.now();
+	k[e] = {
+		result: t,
+		timestamp: r
+	}, n && n.setItem(e, JSON.stringify({
+		result: t,
+		timestamp: r
+	}));
+}, ue = 3600, de = (e) => async (t, n = ue, r = window.sessionStorage, i = 1e4) => {
+	let a = `${t}/.well-known/openid-configuration`, o = `oidc.server:${t}`, s = ce(o, r, n);
+	if (s) return new I(s);
+	let c = await A(e)(a, {}, i);
+	if (c.status !== 200) return null;
+	let l = await c.json();
+	return le(o, l, r), new I(l);
+}, A = (e) => async (t, n = {}, r = 1e4, i = 0) => {
+	let a;
+	try {
+		let i = new AbortController();
+		setTimeout(() => i.abort(), r), a = await e(t, {
+			...n,
+			signal: i.signal
+		});
+	} catch (a) {
+		if (a.name === "AbortError" || a.message === "Network request failed") {
+			if (i <= 1) return await A(e)(t, n, r, i + 1);
+			throw a;
+		} else throw console.error(a.message), a;
+	}
+	return a;
+}, j = {
+	refresh_token: "refresh_token",
+	access_token: "access_token"
+}, fe = (e) => async (t, n, r = j.refresh_token, i, a = {}, o = 1e4) => {
+	let s = {
+		token: n,
+		token_type_hint: r,
+		client_id: i
+	};
+	for (let [e, t] of Object.entries(a)) s[e] === void 0 && (s[e] = t);
+	let c = [];
+	for (let e in s) {
+		let t = encodeURIComponent(e), n = encodeURIComponent(s[e]);
+		c.push(`${t}=${n}`);
+	}
+	let l = c.join("&");
+	return (await A(e)(t, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8" },
+		body: l
+	}, o)).status === 200 ? { success: !0 } : { success: !1 };
+}, pe = (e) => async (t, n, r, i, a = {}, o, s = 1e4) => {
+	for (let [e, t] of Object.entries(r)) n[e] === void 0 && (n[e] = t);
+	let c = [];
+	for (let e in n) {
+		let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
+		c.push(`${t}=${r}`);
+	}
+	let l = c.join("&"), u = await A(e)(t, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
+			...a
+		},
+		body: l
+	}, s);
+	if (u.status !== 200) return {
+		success: !1,
+		status: u.status,
+		demonstratingProofOfPossessionNonce: null
+	};
+	let d = await u.json(), f = null;
+	return u.headers.has(M) && (f = u.headers.get(M)), {
+		success: !0,
+		status: u.status,
+		data: G(d, i, o),
+		demonstratingProofOfPossessionNonce: f
+	};
+}, me = (e, t) => async (n, r) => {
+	r = r ? { ...r } : {};
+	let i = D(128), a = await ne(i);
+	await e.setCodeVerifierAsync(i), await e.setStateAsync(r.state), r.code_challenge = a, r.code_challenge_method = "S256";
+	let o = "";
+	if (r) for (let [e, t] of Object.entries(r)) o === "" ? o += "?" : o += "&", o += `${e}=${encodeURIComponent(t)}`;
+	t.open(`${n}${o}`);
+}, M = "DPoP-Nonce", he = (e) => async (t, n, r, i, a = 1e4) => {
+	n = n ? { ...n } : {}, n.code_verifier = await e.getCodeVerifierAsync();
+	let o = [];
+	for (let e in n) {
+		let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
+		o.push(`${t}=${r}`);
+	}
+	let s = o.join("&"), c = await A(fetch)(t, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
+			...r
+		},
+		body: s
+	}, a);
+	if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), c.status !== 200) return {
+		success: !1,
+		status: c.status
+	};
+	let l = null;
+	c.headers.has(M) && (l = c.headers.get(M));
+	let u = await c.json();
+	return {
+		success: !0,
+		data: {
+			state: n.state,
+			tokens: G(u, null, i),
+			demonstratingProofOfPossessionNonce: l
+		}
+	};
+}, ge = (e) => {
 	let t = e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);
 	if (!t) throw Error("Invalid URL");
 	let n = t[6], r = t[7];
@@ -1339,65 +736,65 @@ var Le = () => {
 		search: n,
 		hash: r
 	};
-}, Be = (e) => {
-	let t = ze(e), { path: n } = t;
+}, _e = (e) => {
+	let t = ge(e), { path: n } = t;
 	n.endsWith("/") && (n = n.slice(0, -1));
 	let { hash: r } = t;
 	return r === "#_=_" && (r = ""), r && (n += r), n;
-}, Y = (e) => {
-	let { search: t } = ze(e);
-	return Ve(t);
-}, Ve = (e) => {
+}, N = (e) => {
+	let { search: t } = ge(e);
+	return ve(t);
+}, ve = (e) => {
 	let t = {}, n, r, i, a = e.split("&");
 	for (r = 0, i = a.length; r < i; r++) n = a[r].split("="), t[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
 	return t;
-}, He = (e, t, n, r, a) => (o = void 0, s = null, l = !1, u = void 0) => {
-	let d = s;
-	return s = { ...s }, (async () => {
-		let f = o || a.getPath();
-		if ("state" in s || (s.state = B(16)), n(i.loginAsync_begin, {}), s) for (let e of Object.keys(s)) e.endsWith(":token_request") && delete s[e];
+}, ye = (t, n, r, a, o) => (s = void 0, c = null, l = !1, u = void 0) => {
+	let d = c;
+	return c = { ...c }, (async () => {
+		let f = s || o.getPath();
+		if ("state" in c || (c.state = D(16)), r(e.loginAsync_begin, {}), c) for (let e of Object.keys(c)) e.endsWith(":token_request") && delete c[e];
 		try {
-			let n = l ? t.silent_redirect_uri : t.redirect_uri;
-			u ||= t.scope;
-			let i = t.extras ? {
-				...t.extras,
-				...s
-			} : s;
-			i.nonce ||= B(12);
-			let o = { nonce: i.nonce }, p = await L(t, e), m = await r(t.authority, t.authority_configuration), h;
+			let e = l ? n.silent_redirect_uri : n.redirect_uri;
+			u ||= n.scope;
+			let r = n.extras ? {
+				...n.extras,
+				...c
+			} : c;
+			r.nonce ||= D(12);
+			let s = { nonce: r.nonce }, p = await $(n, t), m = await a(n.authority, n.authority_configuration), h;
 			if (p) p.setLoginParams({
 				callbackPath: f,
 				extras: d,
 				scope: u
-			}), await p.initAsync(m, "loginAsync", t), await p.setNonceAsync(o), p.startKeepAliveServiceWorker(), h = p;
+			}), await p.initAsync(m, "loginAsync", n), await p.setNonceAsync(s), p.startKeepAliveServiceWorker(), h = p;
 			else {
-				let n = c(e, t.storage ?? sessionStorage, t.login_state_storage ?? t.storage ?? sessionStorage);
-				n.setLoginParams({
+				let e = i(t, n.storage ?? sessionStorage, n.login_state_storage ?? n.storage ?? sessionStorage);
+				e.setLoginParams({
 					callbackPath: f,
 					extras: d,
 					scope: u
-				}), await n.setNonceAsync(o), h = n;
+				}), await e.setNonceAsync(s), h = e;
 			}
 			let g = {
-				client_id: t.client_id,
-				redirect_uri: n,
+				client_id: n.client_id,
+				redirect_uri: e,
 				scope: u,
 				response_type: "code",
-				...i
+				...r
 			};
-			await Oe(h, a)(m.authorizationEndpoint, g);
-		} catch (e) {
-			throw n(i.loginAsync_error, e), e;
+			await me(h, o)(m.authorizationEndpoint, g);
+		} catch (t) {
+			throw r(e.loginAsync_error, t), t;
 		}
 	})();
-}, Ue = (e) => async (t = !1) => {
+}, be = (t) => async (n = !1) => {
 	try {
-		e.publishEvent(i.loginCallbackAsync_begin, {});
-		let n = e.configuration, r = n.client_id, a = t ? n.silent_redirect_uri : n.redirect_uri, o = n.authority, s = n.token_request_timeout, l = await e.initAsync(o, n.authority_configuration), u = Y(e.location.getCurrentHref()), d = u.session_state, f = await L(n, e.configurationName), p, m, h, g;
-		if (f) await f.initAsync(l, "loginCallbackAsync", n), await f.setSessionStateAsync(d), m = await f.getNonceAsync(), h = f.getLoginParams(), g = await f.getStateAsync(), f.startKeepAliveServiceWorker(), p = f;
+		t.publishEvent(e.loginCallbackAsync_begin, {});
+		let r = t.configuration, a = r.client_id, o = n ? r.silent_redirect_uri : r.redirect_uri, s = r.authority, c = r.token_request_timeout, l = await t.initAsync(s, r.authority_configuration), u = N(t.location.getCurrentHref()), d = u.session_state, f = await $(r, t.configurationName), p, m, h, g;
+		if (f) await f.initAsync(l, "loginCallbackAsync", r), await f.setSessionStateAsync(d), m = await f.getNonceAsync(), h = f.getLoginParams(), g = await f.getStateAsync(), f.startKeepAliveServiceWorker(), p = f;
 		else {
-			let t = c(e.configurationName, n.storage ?? sessionStorage, n.login_state_storage ?? n.storage ?? sessionStorage);
-			await t.setSessionStateAsync(d), m = await t.getNonceAsync(), h = t.getLoginParams(), g = await t.getStateAsync(), p = t;
+			let e = i(t.configurationName, r.storage ?? sessionStorage, r.login_state_storage ?? r.storage ?? sessionStorage);
+			await e.setSessionStateAsync(d), m = await e.getNonceAsync(), h = e.getLoginParams(), g = await e.getStateAsync(), p = e;
 		}
 		if (u.error || u.error_description) throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);
 		if (u.iss && u.iss !== l.issuer) throw console.error(), Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);
@@ -1405,49 +802,49 @@ var Le = () => {
 		let _ = {
 			code: u.code,
 			grant_type: "authorization_code",
-			client_id: n.client_id,
-			redirect_uri: a
+			client_id: r.client_id,
+			redirect_uri: o
 		}, v = {};
-		if (n.token_request_extras) for (let [e, t] of Object.entries(n.token_request_extras)) v[e] = t;
+		if (r.token_request_extras) for (let [e, t] of Object.entries(r.token_request_extras)) v[e] = t;
 		if (h?.extras) for (let [e, t] of Object.entries(h.extras)) e.endsWith(":token_request") && (v[e.replace(":token_request", "")] = t);
 		let y = l.tokenEndpoint, b = {};
-		if (n.demonstrating_proof_of_possession) if (f) b.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
+		if (r.demonstrating_proof_of_possession) if (f) b.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${t.configurationName}`;
 		else {
-			let t = await he(window)(n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
-			await c(e.configurationName, n.storage, n.login_state_storage ?? n.storage).setDemonstratingProofOfPossessionJwkAsync(t), b.DPoP = await ge(window)(n.demonstrating_proof_of_possession_configuration)(t, "POST", y);
+			let e = await x(window)(r.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
+			await i(t.configurationName, r.storage, r.login_state_storage ?? r.storage).setDemonstratingProofOfPossessionJwkAsync(e), b.DPoP = await S(window)(r.demonstrating_proof_of_possession_configuration)(e, "POST", y);
 		}
-		let S = await ke(p)(y, {
+		let C = await he(p)(y, {
 			..._,
 			...v
-		}, b, e.configuration.token_renew_mode, s);
-		if (!S.success) throw Error("Token request failed");
-		let C, w = S.data.tokens, T = S.data.demonstratingProofOfPossessionNonce;
-		if (S.data.state !== v.state) throw Error("state is not valid");
-		let { isValid: E, reason: D } = x(w, m.nonce, l);
-		if (!E) throw Error(`Tokens are not OpenID valid, reason: ${D}`);
+		}, b, t.configuration.token_renew_mode, c);
+		if (!C.success) throw Error("Token request failed");
+		let w, T = C.data.tokens, E = C.data.demonstratingProofOfPossessionNonce;
+		if (C.data.state !== v.state) throw Error("state is not valid");
+		let { isValid: D, reason: ee } = Be(T, m.nonce, l);
+		if (!D) throw Error(`Tokens are not OpenID valid, reason: ${ee}`);
 		if (f) {
-			if (w.refreshToken && !w.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Refresh token should be hidden by service worker");
-			if (T && w?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Demonstration of proof of possession require Access token not hidden by service worker");
+			if (T.refreshToken && !T.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Refresh token should be hidden by service worker");
+			if (E && T?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Demonstration of proof of possession require Access token not hidden by service worker");
 		}
-		if (f) await f.initAsync(l, "syncTokensAsync", n), C = f.getLoginParams(), T && await f.setDemonstratingProofOfPossessionNonce(T);
+		if (f) await f.initAsync(l, "syncTokensAsync", r), w = f.getLoginParams(), E && await f.setDemonstratingProofOfPossessionNonce(E);
 		else {
-			let t = c(e.configurationName, n.storage, n.login_state_storage ?? n.storage);
-			C = t.getLoginParams(), T && await t.setDemonstratingProofOfPossessionNonce(T);
+			let e = i(t.configurationName, r.storage, r.login_state_storage ?? r.storage);
+			w = e.getLoginParams(), E && await e.setDemonstratingProofOfPossessionNonce(E);
 		}
-		return await e.startCheckSessionAsync(l.checkSessionIframe, r, d, t), e.publishEvent(i.loginCallbackAsync_end, {}), {
-			tokens: w,
+		return await t.startCheckSessionAsync(l.checkSessionIframe, a, d, n), t.publishEvent(e.loginCallbackAsync_end, {}), {
+			tokens: T,
 			state: "request.state",
-			callbackPath: C.callbackPath,
+			callbackPath: w.callbackPath,
 			scope: u.scope,
-			extras: C.extras
+			extras: w.extras
 		};
-	} catch (t) {
-		throw console.error(t), e.publishEvent(i.loginCallbackAsync_error, t), t;
+	} catch (n) {
+		throw console.error(n), t.publishEvent(e.loginCallbackAsync_error, n), n;
 	}
-}, We = {
+}, xe = {
 	access_token: "access_token",
 	refresh_token: "refresh_token"
-}, X = (e, t) => {
+}, P = (e, t) => {
 	let n = {};
 	if (e) {
 		for (let [r, i] of Object.entries(e)) if (r.endsWith(t)) {
@@ -1457,64 +854,66 @@ var Le = () => {
 		return n;
 	}
 	return n;
-}, Ge = (e) => {
+}, Se = (e) => {
 	let t = {};
 	if (e) {
 		for (let [n, r] of Object.entries(e)) n.includes(":") || (t[n] = r);
 		return t;
 	}
 	return t;
-}, Ke = (e) => async (t) => {
-	S.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
-	let n = await L(e.configuration, e.configurationName);
-	n ? await n.clearAsync(t) : await c(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).clearAsync(t), e.tokens = null, e.userInfo = null;
-}, qe = (e, t, n, r, a) => async (o = void 0, s = null) => {
-	let c = e.configuration, l = await e.initAsync(c.authority, c.authority_configuration);
-	o && typeof o != "string" && (o = void 0, r.warn("callbackPathOrUrl path is not a string"));
+}, Ce = (e) => async (t) => {
+	c.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
+	let n = await $(e.configuration, e.configurationName);
+	n ? await n.clearAsync(t) : await i(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).clearAsync(t), e.tokens = null, e.userInfo = null;
+}, we = (t, n, r, i, a) => async (o = void 0, s = null) => {
+	let c = t.configuration, l = await t.initAsync(c.authority, c.authority_configuration);
+	o && typeof o != "string" && (o = void 0, i.warn("callbackPathOrUrl path is not a string"));
 	let u = o ?? a.getPath(), d = !1;
 	o && (d = o.includes("https://") || o.includes("http://"));
-	let f = d ? o : a.getOrigin() + u, p = e.tokens ? e.tokens.idToken : "";
+	let f = d ? o : a.getOrigin() + u, p = t.tokens ? t.tokens.idToken : "";
 	try {
-		let t = l.revocationEndpoint;
-		if (t) {
-			let r = [], i = e.tokens ? e.tokens.accessToken : null;
-			if (i && c.logout_tokens_to_invalidate.includes(We.access_token)) {
-				let e = X(s, ":revoke_access_token"), a = Ee(n)(t, i, H.access_token, c.client_id, e);
-				r.push(a);
+		let e = l.revocationEndpoint;
+		if (e) {
+			let n = [], i = t.tokens ? t.tokens.accessToken : null;
+			if (i && c.logout_tokens_to_invalidate.includes(xe.access_token)) {
+				let t = P(s, ":revoke_access_token"), a = fe(r)(e, i, j.access_token, c.client_id, t);
+				n.push(a);
 			}
-			let a = e.tokens ? e.tokens.refreshToken : null;
-			if (a && c.logout_tokens_to_invalidate.includes(We.refresh_token)) {
-				let e = X(s, ":revoke_refresh_token"), i = Ee(n)(t, a, H.refresh_token, c.client_id, e);
-				r.push(i);
+			let a = t.tokens ? t.tokens.refreshToken : null;
+			if (a && c.logout_tokens_to_invalidate.includes(xe.refresh_token)) {
+				let t = P(s, ":revoke_refresh_token"), i = fe(r)(e, a, j.refresh_token, c.client_id, t);
+				n.push(i);
 			}
-			r.length > 0 && await Promise.all(r);
+			n.length > 0 && await Promise.all(n);
 		}
 	} catch (e) {
-		r.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), r.warn(e);
+		i.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), i.warn(e);
 	}
-	let m = e.tokens?.idTokenPayload?.sub ?? null;
-	await e.destroyAsync("LOGGED_OUT");
-	for (let [, n] of Object.entries(t)) n === e ? e.publishEvent(i.logout_from_same_tab, {}) : await e.logoutSameTabAsync(e.configuration.client_id, m);
-	let h = X(s, ":oidc");
+	let m = t.tokens?.idTokenPayload?.sub ?? null;
+	await t.destroyAsync("LOGGED_OUT");
+	for (let [, r] of Object.entries(n)) r === t ? t.publishEvent(e.logout_from_same_tab, {}) : await t.logoutSameTabAsync(t.configuration.client_id, m);
+	let h = P(s, ":oidc");
 	if (h && h.no_reload === "true") return;
-	let g = Ge(s);
+	let g = Se(s);
 	if (l.endSessionEndpoint) {
 		"id_token_hint" in g || (g.id_token_hint = p), !("post_logout_redirect_uri" in g) && o !== null && (g.post_logout_redirect_uri = f);
 		let e = "";
 		for (let [t, n] of Object.entries(g)) n != null && (e === "" ? e += "?" : e += "&", e += `${t}=${encodeURIComponent(n)}`);
 		a.open(`${l.endSessionEndpoint}${e}`);
 	} else a.reload();
-}, Je = (e, t, n = !1) => async (...r) => {
+}, F = /* @__PURE__ */ function(e) {
+	return e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e;
+}({}), Te = (e, t, n = !1) => async (...r) => {
 	let [i, a, ...o] = r, s = a ? { ...a } : { method: "GET" }, c = new Headers();
 	s.headers && (c = s.headers instanceof Headers ? s.headers : new Headers(s.headers));
-	let l = (await b({
+	let l = (await ze({
 		getTokens: () => t.tokens,
 		configuration: {
 			token_automatic_renew_mode: t.configuration.token_automatic_renew_mode,
 			refresh_time_before_tokens_expiration_in_second: t.configuration.refresh_time_before_tokens_expiration_in_second
 		},
 		syncTokensInfoAsync: async () => {
-			let { status: e } = await K(t)(t.configuration, t.configurationName, t.tokens, !1);
+			let { status: e } = await V(t)(t.configuration, t.configurationName, t.tokens, !1);
 			return e;
 		},
 		renewTokensAsync: t.renewTokensAsync.bind(t)
@@ -1530,46 +929,46 @@ var Le = () => {
 		...s,
 		headers: c
 	}, ...o);
-}, Ye = (e) => async (t = !1, n = !1) => {
+}, Ee = (e) => async (t = !1, n = !1) => {
 	if (e.userInfo != null && !t) return e.userInfo;
 	let r = !t && e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);
 	if (r) return e.userInfo = JSON.parse(r), e.userInfo;
 	let i = e.configuration, a = (await e.initAsync(i.authority, i.authority_configuration)).userInfoEndpoint, o = await (async () => {
-		let t = await Je(fetch, e, n)(a);
+		let t = await Te(fetch, e, n)(a);
 		return t.status === 200 ? t.json() : null;
 	})();
 	return e.userInfo = o, o && e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`, JSON.stringify(o)), o;
-}, Xe = () => fetch, Z = class {
+}, De = () => fetch, I = class {
 	constructor(e) {
 		this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
 	}
-}, Q = {}, Ze = (t, n = new e()) => (e, r = "default") => (Q[r] || (Q[r] = new $(e, r, t, n)), Q[r]), Qe = async (e) => {
+}, L = {}, Oe = (e, t = new O()) => (n, r = "default") => (L[r] || (L[r] = new R(n, r, e, t)), L[r]), ke = async (e) => {
 	let { parsedTokens: t, callbackPath: n, extras: r, scope: i } = await e.loginCallbackAsync();
-	return e.timeoutId = W(e, t.expiresAt, r, i), { callbackPath: n };
-}, $e = (e) => Math.floor(Math.random() * e), $ = class t {
-	constructor(t, n = "default", r, i = new e()) {
+	return e.timeoutId = z(e, t.expiresAt, r, i), { callbackPath: n };
+}, Ae = (e) => Math.floor(Math.random() * e), R = class t {
+	constructor(e, t = "default", n, r = new O()) {
 		this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
-		let a = t.silent_login_uri;
-		t.silent_redirect_uri && !t.silent_login_uri && (a = `${t.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
-		let o = t.refresh_time_before_tokens_expiration_in_second ?? 120;
-		o > 60 && (o -= Math.floor(Math.random() * 40)), this.location = i ?? new e(), this.configuration = {
-			...t,
-			silent_login_uri: a,
-			token_automatic_renew_mode: t.token_automatic_renew_mode ?? l.AutomaticBeforeTokenExpiration,
-			monitor_session: t.monitor_session ?? !1,
-			refresh_time_before_tokens_expiration_in_second: o,
-			silent_login_timeout: t.silent_login_timeout ?? 12e3,
-			token_renew_mode: t.token_renew_mode ?? m.access_token_or_id_token_invalid,
-			demonstrating_proof_of_possession: t.demonstrating_proof_of_possession ?? !1,
-			authority_timeout_wellknowurl_in_millisecond: t.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
-			logout_tokens_to_invalidate: t.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
-			service_worker_activate: t.service_worker_activate ?? Le,
-			demonstrating_proof_of_possession_configuration: t.demonstrating_proof_of_possession_configuration ?? de,
-			preload_user_info: t.preload_user_info ?? !1
-		}, this.getFetch = r ?? Xe, this.configurationName = n, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
+		let i = e.silent_login_uri;
+		e.silent_redirect_uri && !e.silent_login_uri && (i = `${e.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
+		let a = e.refresh_time_before_tokens_expiration_in_second ?? 120;
+		a > 60 && (a -= Math.floor(Math.random() * 40)), this.location = r ?? new O(), this.configuration = {
+			...e,
+			silent_login_uri: i,
+			token_automatic_renew_mode: e.token_automatic_renew_mode ?? F.AutomaticBeforeTokenExpiration,
+			monitor_session: e.monitor_session ?? !1,
+			refresh_time_before_tokens_expiration_in_second: a,
+			silent_login_timeout: e.silent_login_timeout ?? 12e3,
+			token_renew_mode: e.token_renew_mode ?? U.access_token_or_id_token_invalid,
+			demonstrating_proof_of_possession: e.demonstrating_proof_of_possession ?? !1,
+			authority_timeout_wellknowurl_in_millisecond: e.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
+			logout_tokens_to_invalidate: e.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
+			service_worker_activate: e.service_worker_activate ?? oe,
+			demonstrating_proof_of_possession_configuration: e.demonstrating_proof_of_possession_configuration ?? _,
+			preload_user_info: e.preload_user_info ?? !1
+		}, this.getFetch = n ?? De, this.configurationName = t, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
 	}
 	subscribeEvents(e) {
-		let t = $e(9999999999999).toString();
+		let t = Ae(9999999999999).toString();
 		return this.events.push({
 			id: t,
 			func: e
@@ -1585,20 +984,20 @@ var Le = () => {
 		});
 	}
 	static {
-		this.getOrCreate = (e, t) => (n, r = "default") => Ze(e, t)(n, r);
+		this.getOrCreate = (e, t) => (n, r = "default") => Oe(e, t)(n, r);
 	}
 	static get(e = "default") {
 		let t = typeof process > "u";
-		if (!Object.prototype.hasOwnProperty.call(Q, e) && t) throw Error(`OIDC library does seem initialized.
+		if (!Object.prototype.hasOwnProperty.call(L, e) && t) throw Error(`OIDC library does seem initialized.
 Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> component.`);
-		return Q[e];
+		return L[e];
 	}
 	static {
-		this.eventNames = i;
+		this.eventNames = e;
 	}
 	_silentLoginCallbackFromIFrame() {
 		if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
-			let e = this.location, t = Y(e.getCurrentHref());
+			let e = this.location, t = N(e.getCurrentHref());
 			window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({
 				tokens: this.tokens,
 				sessionState: t.session_state
@@ -1607,7 +1006,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 	}
 	_silentLoginErrorCallbackFromIFrame(e = null) {
 		if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
-			let t = this.location, n = Y(t.getCurrentHref());
+			let t = this.location, n = N(t.getCurrentHref());
 			n.error ? window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({ error: n.error })}`, t.getOrigin()) : window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({ error: e == null ? "" : e.toString() })}`, t.getOrigin());
 		}
 	}
@@ -1621,7 +1020,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 	async initAsync(e, t) {
 		if (this.initPromise !== null) return this.initPromise;
 		let n = async () => {
-			if (t != null) return new Z({
+			if (t != null) return new I({
 				authorization_endpoint: t.authorization_endpoint,
 				end_session_endpoint: t.end_session_endpoint,
 				revocation_endpoint: t.revocation_endpoint,
@@ -1630,31 +1029,31 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 				check_session_iframe: t.check_session_iframe,
 				issuer: t.issuer
 			});
-			let n = await L(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
-			return await Te(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600, n, this.configuration.authority_timeout_wellknowurl_in_millisecond);
+			let n = await $(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
+			return await de(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600, n, this.configuration.authority_timeout_wellknowurl_in_millisecond);
 		};
 		return this.initPromise = n(), this.initPromise.finally(() => {
 			this.initPromise = null;
 		});
 	}
 	async tryKeepExistingSessionAsync() {
-		return this.tryKeepExistingSessionPromise === null ? (this.tryKeepExistingSessionPromise = Re(this), this.tryKeepExistingSessionPromise.finally(() => {
+		return this.tryKeepExistingSessionPromise === null ? (this.tryKeepExistingSessionPromise = se(this), this.tryKeepExistingSessionPromise.finally(() => {
 			this.tryKeepExistingSessionPromise = null;
 		})) : this.tryKeepExistingSessionPromise;
 	}
 	async startCheckSessionAsync(e, t, n, r = !1) {
-		await Ne(this, Q, this.configuration)(e, t, n, r);
+		await d(this, L, this.configuration)(e, t, n, r);
 	}
 	async loginAsync(e = void 0, t = null, n = !1, r = void 0, i = !1) {
-		return this.logoutPromise && await this.logoutPromise, this.loginPromise === null ? (i ? this.loginPromise = Me(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(t, r) : this.loginPromise = He(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, t, n, r), this.loginPromise.finally(() => {
+		return this.logoutPromise && await this.logoutPromise, this.loginPromise === null ? (i ? this.loginPromise = u(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(t, r) : this.loginPromise = ye(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, t, n, r), this.loginPromise.finally(() => {
 			this.loginPromise = null;
 		})) : this.loginPromise;
 	}
 	async loginCallbackAsync(e = !1) {
 		if (this.loginCallbackPromise !== null) return this.loginCallbackPromise;
 		let n = async () => {
-			let n = await Ue(this)(e), r = n.tokens;
-			return this.tokens = r, await L(this.configuration, this.configurationName) || c(this.configurationName, this.configuration.storage, this.configuration.login_state_storage ?? this.configuration.storage).setTokens(r), this.publishEvent(t.eventNames.token_acquired, r), this.configuration.preload_user_info && await this.userInfoAsync(), {
+			let n = await be(this)(e), r = n.tokens;
+			return this.tokens = r, await $(this.configuration, this.configurationName) || i(this.configurationName, this.configuration.storage, this.configuration.login_state_storage ?? this.configuration.storage).setTokens(r), this.publishEvent(t.eventNames.token_acquired, r), this.configuration.preload_user_info && await this.userInfoAsync(), {
 				parsedTokens: r,
 				state: n.state,
 				callbackPath: n.callbackPath,
@@ -1667,71 +1066,680 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 		});
 	}
 	async generateDemonstrationOfProofOfPossessionAsync(e, t, n, r = {}) {
-		let i = this.configuration, a = {
-			ath: await Se(e),
+		let a = this.configuration, o = {
+			ath: await te(e),
 			...r
 		};
-		if (await L(i, this.configurationName)) return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${k(this.configurationName)}`;
-		let o = c(this.configurationName, i.storage, i.login_state_storage ?? i.storage), s = await o.getDemonstratingProofOfPossessionJwkAsync(), l = o.getDemonstratingProofOfPossessionNonce();
-		return l && (a.nonce = l), await ge(window)(i.demonstrating_proof_of_possession_configuration)(s, n, t, a);
+		if (await $(a, this.configurationName)) return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${We(this.configurationName)}`;
+		let s = i(this.configurationName, a.storage, a.login_state_storage ?? a.storage), c = await s.getDemonstratingProofOfPossessionJwkAsync(), l = s.getDemonstratingProofOfPossessionNonce();
+		return l && (o.nonce = l), await S(window)(a.demonstrating_proof_of_possession_configuration)(c, n, t, o);
 	}
 	loginCallbackWithAutoTokensRenewAsync() {
-		return this.loginCallbackWithAutoTokensRenewPromise === null ? (this.loginCallbackWithAutoTokensRenewPromise = Qe(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
+		return this.loginCallbackWithAutoTokensRenewPromise === null ? (this.loginCallbackWithAutoTokensRenewPromise = ke(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
 			this.loginCallbackWithAutoTokensRenewPromise = null;
 		})) : this.loginCallbackWithAutoTokensRenewPromise;
 	}
 	userInfoAsync(e = !1, t = !1) {
-		return this.userInfoPromise === null ? (this.userInfoPromise = Ye(this)(e, t), this.userInfoPromise.finally(() => {
+		return this.userInfoPromise === null ? (this.userInfoPromise = Ee(this)(e, t), this.userInfoPromise.finally(() => {
 			this.userInfoPromise = null;
 		})) : this.userInfoPromise;
 	}
 	async renewTokensAsync(e = null, t = null) {
 		if (this.renewTokensPromise !== null) return this.renewTokensPromise;
-		if (this.timeoutId) return S.clearTimeout(this.timeoutId), this.renewTokensPromise = je(this, !0, e, t), this.renewTokensPromise.finally(() => {
+		if (this.timeoutId) return c.clearTimeout(this.timeoutId), this.renewTokensPromise = Me(this, !0, e, t), this.renewTokensPromise.finally(() => {
 			this.renewTokensPromise = null;
 		});
 	}
 	async destroyAsync(e) {
-		return await Ke(this)(e);
+		return await Ce(this)(e);
 	}
-	async logoutSameTabAsync(e, t) {
-		this.configuration.monitor_session && this.configuration.client_id === e && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(i.logout_from_same_tab, {
+	async logoutSameTabAsync(t, n) {
+		this.configuration.monitor_session && this.configuration.client_id === t && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(e.logout_from_same_tab, {
 			mmessage: "SessionMonitor",
-			sub: t
+			sub: n
 		}));
 	}
-	async logoutOtherTabAsync(e, t) {
-		this.configuration.monitor_session && this.configuration.client_id === e && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(i.logout_from_another_tab, {
+	async logoutOtherTabAsync(t, n) {
+		this.configuration.monitor_session && this.configuration.client_id === t && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(e.logout_from_another_tab, {
 			message: "SessionMonitor",
-			sub: t
+			sub: n
 		}));
 	}
 	async logoutAsync(e = void 0, t = null) {
-		return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = qe(this, Q, this.getFetch(), console, this.location)(e, t), this.logoutPromise.finally(() => {
+		return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = we(this, L, this.getFetch(), console, this.location)(e, t), this.logoutPromise.finally(() => {
 			this.logoutPromise = null;
 		}));
 	}
-}, et = class t {
-	constructor(e) {
-		this._oidc = e;
-	}
-	subscribeEvents(e) {
-		return this._oidc.subscribeEvents(e);
-	}
-	removeEventSubscription(e) {
-		this._oidc.removeEventSubscription(e);
-	}
-	publishEvent(e, t) {
-		this._oidc.publishEvent(e, t);
+};
+//#endregion
+//#region src/renewTokens.ts
+async function je(e, t, n, r = null) {
+	let { tokens: a, status: o } = await H(e)((t) => {
+		e.tokens = t;
+	}, 0, 0, t, n, r);
+	return await $(e.configuration, e.configurationName) || i(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).setTokens(e.tokens), e.tokens ? a : (await e.destroyAsync(o), null);
+}
+async function Me(e, t = !1, n = null, r = null) {
+	let i = e.configuration, a = `${i.client_id}_${e.configurationName}_${i.authority}`, o, s = await $(e.configuration, e.configurationName);
+	if (i?.storage === window?.sessionStorage && !s || !navigator.locks) o = await je(e, t, n, r);
+	else {
+		let i = "retry";
+		for (; i === "retry";) i = await navigator.locks.request(a, { ifAvailable: !0 }, async (i) => i ? await je(e, t, n, r) : (e.publishEvent(R.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), "retry"));
+		o = i;
+	}
+	return o ? (e.timeoutId &&= z(e, e.tokens.expiresAt, n, r), e.tokens) : null;
+}
+var z = (e, t, n = null, r = null) => {
+	let i = e.configuration.refresh_time_before_tokens_expiration_in_second;
+	return e.timeoutId && c.clearTimeout(e.timeoutId), c.setTimeout(async () => {
+		let a = { timeLeft: K(i, t) };
+		e.publishEvent(R.eventNames.token_timer, a), await Me(e, !1, n, r);
+	}, 1e3);
+}, B = {
+	FORCE_REFRESH: "FORCE_REFRESH",
+	SESSION_LOST: "SESSION_LOST",
+	NOT_CONNECTED: "NOT_CONNECTED",
+	TOKENS_VALID: "TOKENS_VALID",
+	TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
+	TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
+	LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
+	REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS",
+	TOKENS_INVALID: "TOKENS_INVALID"
+}, V = (e) => async (t, n, r, a = !1) => {
+	let o = { nonce: null };
+	if (!r) return {
+		tokens: null,
+		status: B.NOT_CONNECTED,
+		nonce: o
+	};
+	let s, c = await e.initAsync(t.authority, t.authority_configuration), l = await $(t, n);
+	if (l) {
+		let { status: e, tokens: n } = await l.initAsync(c, "syncTokensAsync", t);
+		if (e === "LOGGED_OUT") return {
+			tokens: null,
+			status: B.LOGOUT_FROM_ANOTHER_TAB,
+			nonce: o
+		};
+		if (e === "SESSIONS_LOST") return {
+			tokens: null,
+			status: B.SESSION_LOST,
+			nonce: o
+		};
+		if (!e || !n) return {
+			tokens: null,
+			status: B.REQUIRE_SYNC_TOKENS,
+			nonce: o
+		};
+		if (n.issuedAt !== r.issuedAt) return {
+			tokens: n,
+			status: K(t.refresh_time_before_tokens_expiration_in_second, n.expiresAt) > 0 ? B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
+			nonce: await l.getNonceAsync()
+		};
+		s = await l.getNonceAsync();
+	} else {
+		let a = i(n, t.storage ?? sessionStorage, t.login_state_storage ?? t.storage ?? sessionStorage), c = await a.initAsync(), { tokens: l } = c, { status: u } = c;
+		if (l &&= W(l, e.tokens, t.token_renew_mode), !l) return {
+			tokens: null,
+			status: B.LOGOUT_FROM_ANOTHER_TAB,
+			nonce: o
+		};
+		if (u === "SESSIONS_LOST") return {
+			tokens: null,
+			status: B.SESSION_LOST,
+			nonce: o
+		};
+		if (l.issuedAt !== r.issuedAt) {
+			let e = K(t.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, n = await a.getNonceAsync();
+			return {
+				tokens: l,
+				status: e,
+				nonce: n
+			};
+		}
+		s = await a.getNonceAsync();
+	}
+	let u = K(t.refresh_time_before_tokens_expiration_in_second, r.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
+	return a ? {
+		tokens: r,
+		status: "FORCE_REFRESH",
+		nonce: s
+	} : {
+		tokens: r,
+		status: u,
+		nonce: s
+	};
+}, H = (t) => async (n, r = 0, a = 0, o = !1, s = null, c = null) => {
+	if (!navigator.onLine && document.hidden) return {
+		tokens: t.tokens,
+		status: "GIVE_UP"
+	};
+	let u = 6, d = o ? 2 : 5;
+	for (; !navigator.onLine && u > 0;) await J({ milliseconds: 1e3 }), u--, t.publishEvent(e.refreshTokensAsync, { message: `wait because navigator is offline try ${u}` });
+	let f = document.hidden, p = f ? r : r + 1, m = f ? a + 1 : a;
+	if (r >= d || a >= 5) return n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token" }), {
+		tokens: null,
+		status: "SESSION_LOST"
+	};
+	s ||= {};
+	let h = t.configuration, g = (e, n = null, r = null) => l(t.configurationName, t.configuration, t.publishEvent.bind(t))(e, n, r), _ = async () => {
+		try {
+			let r, a = await $(h, t.configurationName);
+			r = a ? a.getLoginParams() : i(t.configurationName, h.storage, h.login_state_storage ?? h.storage).getLoginParams();
+			let o = {};
+			if (r && r.extras) for (let [e, t] of Object.entries(r.extras)) t != null && (o[e] = t);
+			if (s) for (let [e, t] of Object.entries(s)) t != null && (o[e] = t);
+			o.prompt = "none", c && (o.scope = c);
+			let l = await g(o);
+			return l ? l.error ? (n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token silent" }), {
+				tokens: null,
+				status: "SESSION_LOST"
+			}) : (n(l.tokens), t.publishEvent(R.eventNames.token_renewed, {}), {
+				tokens: l.tokens,
+				status: "LOGGED"
+			}) : (n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token silent not active" }), {
+				tokens: null,
+				status: "SESSION_LOST"
+			});
+		} catch (r) {
+			return console.error(r), t.publishEvent(e.refreshTokensAsync_silent_error, {
+				message: "exceptionSilent",
+				exception: r.message
+			}), await H(t)(n, p, m, o, s, c);
+		}
+	};
+	try {
+		let { status: l, tokens: u, nonce: d } = await V(t)(h, t.configurationName, t.tokens, o);
+		switch (l) {
+			case B.SESSION_LOST: return n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token session lost" }), {
+				tokens: null,
+				status: "SESSION_LOST"
+			};
+			case B.NOT_CONNECTED: return n(null), {
+				tokens: null,
+				status: null
+			};
+			case B.TOKENS_VALID: return n(u), {
+				tokens: u,
+				status: "LOGGED_IN"
+			};
+			case B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: return n(u), t.publishEvent(R.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), {
+				tokens: u,
+				status: "LOGGED_IN"
+			};
+			case B.LOGOUT_FROM_ANOTHER_TAB: return n(null), t.publishEvent(e.logout_from_another_tab, { status: "session syncTokensAsync" }), {
+				tokens: null,
+				status: "LOGGED_OUT"
+			};
+			case B.REQUIRE_SYNC_TOKENS: return h.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted && !o ? (t.publishEvent(e.tokensInvalidAndWaitingActionsToRefresh, {}), {
+				tokens: t.tokens,
+				status: "GIVE_UP"
+			}) : (t.publishEvent(e.refreshTokensAsync_begin, { tryNumber: r }), await _());
+			default: {
+				if (h.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted && B.FORCE_REFRESH !== l) return t.publishEvent(e.tokensInvalidAndWaitingActionsToRefresh, {}), {
+					tokens: t.tokens,
+					status: "GIVE_UP"
+				};
+				if (t.publishEvent(e.refreshTokensAsync_begin, {
+					refreshToken: u.refreshToken,
+					status: l,
+					tryNumber: r,
+					backgroundTry: a
+				}), !u.refreshToken) return await _();
+				let f = h.client_id, g = h.redirect_uri, v = h.authority, y = { ...h.token_request_extras ? h.token_request_extras : {} };
+				for (let [e, t] of Object.entries(s)) e.endsWith(":token_request") && (y[e.replace(":token_request", "")] = t);
+				return await (async () => {
+					let r = {
+						client_id: f,
+						redirect_uri: g,
+						grant_type: "refresh_token",
+						refresh_token: u.refreshToken
+					}, a = await t.initAsync(v, h.authority_configuration), l = document.hidden ? 1e4 : 3e4 * 10, _ = a.tokenEndpoint, b = {};
+					h.demonstrating_proof_of_possession && (b.DPoP = await t.generateDemonstrationOfProofOfPossessionAsync(u.accessToken, _, "POST"));
+					let x = await pe(t.getFetch())(_, r, y, u, b, h.token_renew_mode, l);
+					if (x.success) {
+						let { isValid: r, reason: o } = Be(x.data, d.nonce, a);
+						if (!r) return n(null), t.publishEvent(e.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${o}` }), {
+							tokens: null,
+							status: "SESSION_LOST"
+						};
+						if (n(x.data), x.demonstratingProofOfPossessionNonce) {
+							let e = await $(h, t.configurationName);
+							e ? await e.setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce) : await i(t.configurationName, h.storage, h.login_state_storage ?? h.storage).setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce);
+						}
+						return t.publishEvent(e.refreshTokensAsync_end, { success: x.success }), t.publishEvent(R.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), {
+							tokens: x.data,
+							status: "LOGGED_IN"
+						};
+					} else return t.publishEvent(e.refreshTokensAsync_silent_error, {
+						message: "bad request",
+						tokenResponse: x
+					}), x.status >= 400 && x.status < 500 ? (n(null), t.publishEvent(e.refreshTokensAsync_error, { message: `session lost: ${x.status}` }), {
+						tokens: null,
+						status: "SESSION_LOST"
+					}) : await H(t)(n, p, m, o, s, c);
+				})();
+			}
+		}
+	} catch (r) {
+		return console.error(r), t.publishEvent(e.refreshTokensAsync_silent_error, {
+			message: "exception",
+			exception: r.message
+		}), new Promise((e, r) => {
+			setTimeout(() => {
+				H(t)(n, p, m, o, s, c).then(e).catch(r);
+			}, 1e3);
+		});
+	}
+}, Ne = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), Pe = (e) => JSON.parse(Ne(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), Fe = (e) => {
+	try {
+		return e && Ie(e, ".") === 2 ? Pe(e.split(".")[1]) : null;
+	} catch (e) {
+		console.warn(e);
+	}
+	return null;
+}, Ie = (e, t) => e.split(t).length - 1, U = {
+	access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
+	access_token_invalid: "access_token_invalid",
+	id_token_invalid: "id_token_invalid"
+};
+function Le(e, t, n) {
+	return e.issuedAt ? typeof e.issuedAt == "string" ? parseInt(e.issuedAt, 10) : e.issuedAt : t && t.iat ? t.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
+}
+var W = (e, t = null, n) => {
+	if (!e) return null;
+	let r, i = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
+	r = e.accessTokenPayload === void 0 ? Fe(e.accessToken) : e.accessTokenPayload;
+	let a;
+	a = t != null && "idToken" in t && !("idToken" in e) ? t.idToken : e.idToken;
+	let o = e.idTokenPayload ? e.idTokenPayload : Fe(a), s = o && o.exp ? o.exp : Number.MAX_VALUE, c = r && r.exp ? r.exp : e.issuedAt + i;
+	e.issuedAt = Le(e, r, o);
+	let l;
+	l = e.expiresAt ? e.expiresAt : n === U.access_token_invalid ? c : n === U.id_token_invalid || s < c ? s : c;
+	let u = {
+		...e,
+		idTokenPayload: o,
+		accessTokenPayload: r,
+		expiresAt: l,
+		idToken: a
+	};
+	if (t != null && "refreshToken" in t && !("refreshToken" in e)) {
+		let e = t.refreshToken;
+		return {
+			...u,
+			refreshToken: e
+		};
+	}
+	return u;
+}, G = (e, t, n) => {
+	if (!e) return null;
+	e.issued_at ||= (/* @__PURE__ */ new Date()).getTime() / 1e3;
+	let r = {
+		accessToken: e.access_token,
+		expiresIn: e.expires_in,
+		idToken: e.id_token,
+		scope: e.scope,
+		tokenType: e.token_type,
+		issuedAt: e.issued_at
+	};
+	return "refresh_token" in e && (r.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (r.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (r.idTokenPayload = e.idTokenPayload), W(r, t, n);
+}, K = (e, t) => {
+	let n = t - (/* @__PURE__ */ new Date()).getTime() / 1e3;
+	return Math.round(n - e);
+}, Re = (e, t = 0) => e ? K(t, e.expiresAt) > 0 : !1, ze = async (e, t = 200, n = 50) => {
+	let r = n, i = await e.syncTokensInfoAsync();
+	for (; [
+		B.REQUIRE_SYNC_TOKENS,
+		B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
+		B.TOKENS_INVALID
+	].includes(i) && r > 0;) {
+		if (e.configuration.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted) {
+			await e.renewTokensAsync({});
+			break;
+		} else await J({ milliseconds: t });
+		--r, i = await e.syncTokensInfoAsync();
+	}
+	return {
+		isTokensValid: Re(e.getTokens()),
+		tokens: e.getTokens(),
+		numberWaited: r - n
+	};
+}, Be = (e, t, n) => {
+	if (e.idTokenPayload) {
+		let r = e.idTokenPayload;
+		if (n.issuer !== r.iss) return {
+			isValid: !1,
+			reason: `Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`
+		};
+		let i = (/* @__PURE__ */ new Date()).getTime() / 1e3;
+		if (r.exp && r.exp < i) return {
+			isValid: !1,
+			reason: `Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`
+		};
+		let a = 3600 * 24 * 7;
+		if (r.iat && r.iat + a < i) return {
+			isValid: !1,
+			reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat + a} < (currentTimeUnixSecond) ${i}`
+		};
+		if (r.nonce && r.nonce !== t) return {
+			isValid: !1,
+			reason: `Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`
+		};
+	}
+	return {
+		isValid: !0,
+		reason: ""
+	};
+}, Ve = "7.27.12", He = null, q, J = ({ milliseconds: e }) => new Promise((t) => c.setTimeout(t, e)), Ue = (e = "/") => {
+	try {
+		q = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((e) => {
+			console.log(e);
+		}), J({ milliseconds: 150 * 1e3 }).then(() => Ue(e));
+	} catch (e) {
+		console.log(e);
+	}
+}, Y = () => {
+	q && q.abort();
+}, We = (e) => {
+	let t = `oidc.tabId.${e}`, n = sessionStorage.getItem(t);
+	if (n) return n;
+	let r = globalThis.crypto.randomUUID();
+	return sessionStorage.setItem(t, r), r;
+}, Ge = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, X = (e, t) => (n) => {
+	let r = t?.timeoutMs ?? 5e3;
+	return new Promise((t, i) => {
+		let a = Ge(e);
+		if (!a) {
+			i(/* @__PURE__ */ Error("Service worker target not available (controller/active/waiting/installing missing)"));
+			return;
+		}
+		let o = new MessageChannel(), s = null, l = () => {
+			try {
+				s != null && (c.clearTimeout(s), s = null), o.port1.onmessage = null, o.port1.close(), o.port2.close();
+			} catch (e) {
+				console.error(e);
+			}
+		};
+		s = c.setTimeout(() => {
+			l(), i(/* @__PURE__ */ Error(`Service worker did not respond within ${r}ms (type=${n?.type})`));
+		}, r), o.port1.onmessage = (e) => {
+			l(), e?.data?.error ? i(e.data.error) : t(e.data);
+		};
+		try {
+			let e = n?.configurationName;
+			a.postMessage({
+				...n,
+				tabId: We(e ?? "default")
+			}, [o.port2]);
+		} catch (e) {
+			l(), i(e);
+		}
+	});
+}, Ke = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((t) => {
+	let n = !1, r = () => {
+		n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
+	};
+	navigator.serviceWorker.addEventListener("controllerchange", r), c.setTimeout(() => {
+		n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
+	}, e);
+}), qe = !1, Z = !1, Q = /* @__PURE__ */ new Map(), Je = "oidc.sw.controllerchange_reload_count", Ye = 3, Xe = () => {
+	try {
+		return parseInt(sessionStorage.getItem(Je) ?? "0", 10);
+	} catch {
+		return 0;
+	}
+}, Ze = () => {
+	let e = Xe() + 1;
+	try {
+		sessionStorage.setItem(Je, String(e));
+	} catch {}
+	return e;
+}, Qe = () => {
+	try {
+		sessionStorage.removeItem(Je);
+	} catch {}
+}, $ = async (e, t) => {
+	let n = e.service_worker_relative_url;
+	if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n || e.service_worker_activate() === !1) return null;
+	let r = `${n}?v=${Ve}`, i = null;
+	e.service_worker_register ? (Q.has(n) || Q.set(n, e.service_worker_register(n)), i = await Q.get(n)) : (Q.has(r) || Q.set(r, navigator.serviceWorker.register(r, { updateViaCache: "none" })), i = await Q.get(r));
+	let a = `oidc.sw.version_mismatch_reload.${t}`, o = async (e) => {
+		Y(), console.log("New SW waiting – SKIP_WAITING");
+		try {
+			await new Promise((n, r) => {
+				let i = new MessageChannel(), a = null, o = () => {
+					try {
+						a != null && (c.clearTimeout(a), a = null), i.port1.onmessage = null, i.port1.close(), i.port2.close();
+					} catch (e) {
+						console.error(e);
+					}
+				};
+				a = c.setTimeout(() => {
+					o(), r(/* @__PURE__ */ Error("SKIP_WAITING did not respond within 8000ms"));
+				}, 8e3), i.port1.onmessage = (e) => {
+					o(), e?.data?.error ? r(e.data.error) : n();
+				};
+				try {
+					e.postMessage({
+						type: "SKIP_WAITING",
+						configurationName: t,
+						data: null,
+						tabId: We(t ?? "default")
+					}, [i.port2]);
+				} catch (e) {
+					o(), r(e);
+				}
+			});
+		} catch (e) {
+			console.warn("SKIP_WAITING failed", e);
+		}
+	}, s = async () => {
+		let e = i.waiting;
+		e ? await o(e) : console.warn("sendSkipWaiting called but no waiting service worker found");
+	}, l = (e) => {
+		Y(), e.addEventListener("statechange", async () => {
+			if (e.state === "installed" && navigator.serviceWorker.controller) {
+				if (Xe() >= Ye) {
+					console.warn("SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted");
+					return;
+				}
+				await o(e);
+			}
+		});
+	};
+	i.addEventListener("updatefound", () => {
+		let e = i.installing;
+		e && l(e);
+	}), i.installing ? l(i.installing) : i.waiting && navigator.serviceWorker.controller && (Xe() < Ye ? s() : console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")), i.update().catch((e) => {
+		console.error(e);
+	});
+	try {
+		await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await X(i, { timeoutMs: 8e3 })({
+			type: "claim",
+			configurationName: t,
+			data: null
+		}), await Ke(2e3));
+	} catch (e) {
+		return console.warn(`Failed init ServiceWorker ${e?.toString?.() ?? String(e)}`), null;
+	}
+	qe || (qe = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
+		if (Z) return;
+		let e = Ze();
+		if (e > Ye) {
+			console.warn(`SW controllerchange: reload budget exhausted (${e - 1} reloads). Skipping reload to avoid infinite loop.`);
+			return;
+		}
+		Z = !0, console.log("SW controller changed – reloading page"), Y(), window.location.reload();
+	}));
+	let u = async (e) => X(i)({
+		type: "clear",
+		data: { status: e },
+		configurationName: t
+	}), d = async (e, n, r) => {
+		let o = await X(i)({
+			type: "init",
+			data: {
+				oidcServerConfiguration: e,
+				where: n,
+				oidcConfiguration: {
+					token_renew_mode: r.token_renew_mode,
+					service_worker_convert_all_requests_to_cors: r.service_worker_convert_all_requests_to_cors
+				}
+			},
+			configurationName: t
+		}), c = o.version;
+		if (c !== "7.27.12") {
+			console.warn(`Service worker ${c} version mismatch with js client version ${Ve}, unregistering and reloading`);
+			let e = parseInt(sessionStorage.getItem(a) ?? "0", 10);
+			if (e < 3) {
+				if (sessionStorage.setItem(a, String(e + 1)), i.waiting) return await s(), await J({ milliseconds: 500 }), Z || (Z = !0, window.location.reload()), new Promise(() => {});
+				{
+					Y();
+					try {
+						await i.update();
+					} catch (e) {
+						console.error(e);
+					}
+					let e = await i.unregister();
+					return console.log(`Service worker unregistering ${e}`), await J({ milliseconds: 500 }), Z || (Z = !0, window.location.reload()), new Promise(() => {});
+				}
+			} else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`);
+		} else sessionStorage.removeItem(a), Qe();
+		return {
+			tokens: G(o.tokens, null, r.token_renew_mode),
+			status: o.status
+		};
+	}, f = (e = "/") => {
+		He ?? (He = "not_null", Ue(e));
+	}, p = (e) => X(i)({
+		type: "setSessionState",
+		data: { sessionState: e },
+		configurationName: t
+	}), m = async () => (await X(i)({
+		type: "getSessionState",
+		data: null,
+		configurationName: t
+	})).sessionState, h = (e) => (sessionStorage[`oidc.nonce.${t}`] = e.nonce, X(i)({
+		type: "setNonce",
+		data: { nonce: e },
+		configurationName: t
+	})), g = async (e = !0) => {
+		let n = (await X(i)({
+			type: "getNonce",
+			data: null,
+			configurationName: t
+		})).nonce;
+		return n || (n = sessionStorage[`oidc.nonce.${t}`], console.warn("nonce not found in service worker, using sessionStorage"), e && (await h(n), n = (await g(!1)).nonce)), { nonce: n };
+	}, _ = {}, v = (e) => {
+		if (e == null) {
+			delete _[t], delete localStorage[`oidc.login.${t}`];
+			return;
+		}
+		_[t] = e, localStorage[`oidc.login.${t}`] = JSON.stringify(e);
+	}, y = () => {
+		if (_[t]) return _[t];
+		let e = localStorage[`oidc.login.${t}`];
+		if (typeof e != "string" || e === "" || e === "undefined" || e === "null") return null;
+		try {
+			_[t] = JSON.parse(e);
+		} catch {
+			return null;
+		}
+		return _[t];
+	}, b = async (e) => {
+		await X(i)({
+			type: "setDemonstratingProofOfPossessionNonce",
+			data: { demonstratingProofOfPossessionNonce: e },
+			configurationName: t
+		});
+	}, x = async () => (await X(i)({
+		type: "getDemonstratingProofOfPossessionNonce",
+		data: null,
+		configurationName: t
+	})).demonstratingProofOfPossessionNonce, S = async (e) => {
+		let n = JSON.stringify(e);
+		await X(i)({
+			type: "setDemonstratingProofOfPossessionJwk",
+			data: { demonstratingProofOfPossessionJwkJson: n },
+			configurationName: t
+		});
+	}, C = async () => {
+		let e = await X(i)({
+			type: "getDemonstratingProofOfPossessionJwk",
+			data: null,
+			configurationName: t
+		});
+		return e.demonstratingProofOfPossessionJwkJson ? JSON.parse(e.demonstratingProofOfPossessionJwkJson) : null;
+	}, w = async (e = !0) => {
+		let n = (await X(i)({
+			type: "getState",
+			data: null,
+			configurationName: t
+		})).state;
+		return n || (n = sessionStorage[`oidc.state.${t}`], console.warn("state not found in service worker, using sessionStorage"), e && (await T(n), n = await w(!1))), n;
+	}, T = async (e) => (sessionStorage[`oidc.state.${t}`] = e, X(i)({
+		type: "setState",
+		data: { state: e },
+		configurationName: t
+	})), E = async (e = !0) => {
+		let n = (await X(i)({
+			type: "getCodeVerifier",
+			data: null,
+			configurationName: t
+		})).codeVerifier;
+		return n || (n = sessionStorage[`oidc.code_verifier.${t}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), e && (await D(n), n = await E(!1))), n;
+	}, D = async (e) => (sessionStorage[`oidc.code_verifier.${t}`] = e, X(i)({
+		type: "setCodeVerifier",
+		data: { codeVerifier: e },
+		configurationName: t
+	}));
+	return {
+		clearAsync: u,
+		initAsync: d,
+		startKeepAliveServiceWorker: () => f(e.service_worker_keep_alive_path),
+		setSessionStateAsync: p,
+		getSessionStateAsync: m,
+		setNonceAsync: h,
+		getNonceAsync: g,
+		setLoginParams: v,
+		getLoginParams: y,
+		getStateAsync: w,
+		setStateAsync: T,
+		getCodeVerifierAsync: E,
+		setCodeVerifierAsync: D,
+		setDemonstratingProofOfPossessionNonce: b,
+		getDemonstratingProofOfPossessionNonce: x,
+		setDemonstratingProofOfPossessionJwkAsync: S,
+		getDemonstratingProofOfPossessionJwkAsync: C,
+		signalAsync: (e, n) => X(i, n)({
+			...e,
+			configurationName: e.configurationName ?? t
+		})
+	};
+}, $e = async (e, t, n, r) => {
+	let i = await $(e, t);
+	if (!i) throw Error(`signalServiceWorkerAsync: no service worker registered for configuration "${t}"`);
+	return i.signalAsync(n, r);
+}, et = class e {
+	constructor(e) {
+		this._oidc = e;
+	}
+	subscribeEvents(e) {
+		return this._oidc.subscribeEvents(e);
+	}
+	removeEventSubscription(e) {
+		this._oidc.removeEventSubscription(e);
+	}
+	publishEvent(e, t) {
+		this._oidc.publishEvent(e, t);
 	}
 	static {
-		this.getOrCreate = (n, r = new e()) => (e, i = "default") => new t($.getOrCreate(n, r)(e, i));
+		this.getOrCreate = (t, n = new O()) => (r, i = "default") => new e(R.getOrCreate(t, n)(r, i));
 	}
-	static get(e = "default") {
-		return new t($.get(e));
+	static get(t = "default") {
+		return new e(R.get(t));
 	}
 	static {
-		this.eventNames = $.eventNames;
+		this.eventNames = R.eventNames;
 	}
 	tryKeepExistingSessionAsync() {
 		return this._oidc.tryKeepExistingSessionAsync();
@@ -1762,21 +1770,21 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 	}
 	async getValidTokenAsync(e = 200, t = 50) {
 		let n = this._oidc;
-		return b({
+		return ze({
 			getTokens: () => n.tokens,
 			configuration: {
 				token_automatic_renew_mode: n.configuration.token_automatic_renew_mode,
 				refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
 			},
 			syncTokensInfoAsync: async () => {
-				let { status: e } = await K(n)(n.configuration, n.configurationName, n.tokens, !1);
+				let { status: e } = await V(n)(n.configuration, n.configurationName, n.tokens, !1);
 				return e;
 			},
 			renewTokensAsync: n.renewTokensAsync.bind(n)
 		}, e, t);
 	}
 	fetchWithTokens(e, t = !1) {
-		return Je(e, this._oidc, t);
+		return Te(e, this._oidc, t);
 	}
 	async userInfoAsync(e = !1, t = !1) {
 		return this._oidc.userInfoAsync(e, t);
@@ -1784,6 +1792,38 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 	userInfo() {
 		return this._oidc.userInfo;
 	}
-};
+	async signalServiceWorker(e, t) {
+		return $e(this._oidc.configuration, this._oidc.configurationName, e, t);
+	}
+}, tt = "1.0.0", nt = {
+	SKIP_WAITING: "SKIP_WAITING",
+	CLAIM: "claim",
+	CLEAR: "clear",
+	INIT: "init",
+	SET_STATE: "setState",
+	GET_STATE: "getState",
+	SET_CODE_VERIFIER: "setCodeVerifier",
+	GET_CODE_VERIFIER: "getCodeVerifier",
+	SET_SESSION_STATE: "setSessionState",
+	GET_SESSION_STATE: "getSessionState",
+	SET_NONCE: "setNonce",
+	GET_NONCE: "getNonce",
+	SET_DPOP_NONCE: "setDemonstratingProofOfPossessionNonce",
+	GET_DPOP_NONCE: "getDemonstratingProofOfPossessionNonce",
+	SET_DPOP_JWK: "setDemonstratingProofOfPossessionJwk",
+	GET_DPOP_JWK: "getDemonstratingProofOfPossessionJwk"
+}, rt = {
+	ACCESS_TOKEN: "ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER",
+	REFRESH_TOKEN: "REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER",
+	NONCE_TOKEN: "NONCE_SECURED_BY_OIDC_SERVICE_WORKER",
+	CODE_VERIFIER: "CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER"
+}, it = "DPOP_SECURED_BY_OIDC_SERVICE_WORKER", at = {
+	TAB_ID: "oidc.tabId.",
+	STATE: "oidc.state.",
+	NONCE: "oidc.nonce.",
+	CODE_VERIFIER: "oidc.code_verifier.",
+	LOGIN_PARAMS: "oidc.login.",
+	SW_VERSION_MISMATCH_RELOAD: "oidc.sw.version_mismatch_reload."
+}, ot = "oidc.sw.controllerchange_reload_count", st = (e, t) => `${e}${t}`, ct = (e, t, n = "default") => `${e}_${t}#tabId=${n}`, lt = (e, t = "default") => `${it}_${e}#tabId=${t}`, ut = (e) => typeof e == "string" ? Object.values(nt).includes(e) : !1;
 //#endregion
-export { et as OidcClient, e as OidcLocation, l as TokenAutomaticRenewMode, m as TokenRenewMode, Xe as getFetchDefault, Y as getParseQueryStringFromLocation, Be as getPath };
+export { it as DPOP_TOKEN_PLACEHOLDER_PREFIX, et as OidcClient, O as OidcLocation, tt as PROTOCOL_VERSION, at as STORAGE_KEY_PREFIX, ot as SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY, nt as ServiceWorkerMessageType, rt as TOKEN_PLACEHOLDERS, F as TokenAutomaticRenewMode, U as TokenRenewMode, lt as buildDpopSecuredPlaceholder, ct as buildSecuredTokenPlaceholder, st as buildStorageKey, De as getFetchDefault, N as getParseQueryStringFromLocation, _e as getPath, ut as isServiceWorkerMessageType, $e as signalServiceWorkerAsync };