@axa-fr/oidc-client 7.27.17 → 7.27.19

package/dist/index.js

@@ -207,7 +207,7 @@ var e = {
 				} : t,
 				prompt: "none"
 			}, n, o);
-			if (c) return a.tokens = c.tokens, i(e.token_acquired, {}), a.timeoutId = z(a, a.tokens.expiresAt, t, o), {};
+			if (c) return a.tokens = c.tokens, i(e.token_acquired, {}), a.timeoutId = H(a, a.tokens.expiresAt, t, o), {};
 		} catch (e) {
 			return e;
 		}
@@ -327,51 +327,51 @@ var _ = {
 	}
 	let i = await e.crypto.subtle.digest(n, f(r));
 	return h(new Uint8Array(i));
-} }, x = (e) => async (t) => await y.generate(e)(t), S = (e) => (t) => async (n, r = "POST", i, a = {}) => {
+} }, x = (e) => async (t) => await y.generate(e)(t), ee = (e) => (t) => async (n, r = "POST", i, a = {}) => {
 	let o = {
-		jti: btoa(C()),
+		jti: btoa(S()),
 		htm: r,
 		htu: i,
 		iat: Math.round(Date.now() / 1e3),
 		...a
 	}, s = await b.thumbprint(e)(n, t.digestAlgorithm);
 	return await v.sign(e)(n, { kid: s }, o, t);
-}, C = () => {
+}, S = () => {
 	let e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", t = "0123456789abcdef", n = 0, r = "";
 	for (let i = 0; i < 36; i++) e[i] !== "-" && e[i] !== "4" && (n = Math.random() * 16 | 0), e[i] === "x" ? r += t[n] : e[i] === "y" ? (n &= 3, n |= 8, r += t[n]) : r += e[i];
 	return r;
-}, w = () => {
+}, C = () => {
 	let e = typeof window < "u" && !!window.crypto;
 	return {
 		hasCrypto: e,
 		hasSubtleCrypto: e && !!window.crypto.subtle
 	};
-}, T = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", E = (e) => {
+}, w = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", T = (e) => {
 	let t = [];
 	for (let n = 0; n < e.byteLength; n += 1) {
 		let r = e[n] % 62;
-		t.push(T[r]);
+		t.push(w[r]);
 	}
 	return t.join("");
-}, D = (e) => {
-	let t = new Uint8Array(e), { hasCrypto: n } = w();
+}, E = (e) => {
+	let t = new Uint8Array(e), { hasCrypto: n } = C();
 	if (n) window.crypto.getRandomValues(t);
 	else for (let n = 0; n < e; n += 1) t[n] = Math.random() * 62 | 0;
-	return E(t);
+	return T(t);
 };
-function ee(e) {
+function D(e) {
 	let t = new ArrayBuffer(e.length), n = new Uint8Array(t);
 	for (let t = 0; t < e.length; t++) n[t] = e.charCodeAt(t);
 	return n;
 }
 function te(e) {
 	return new Promise((t, n) => {
-		crypto.subtle.digest("SHA-256", ee(e)).then((e) => t(h(new Uint8Array(e))), (e) => n(e));
+		crypto.subtle.digest("SHA-256", D(e)).then((e) => t(h(new Uint8Array(e))), (e) => n(e));
 	});
 }
 var ne = (e) => {
 	if (e.length < 43 || e.length > 128) return Promise.reject(/* @__PURE__ */ Error("Invalid code length."));
-	let { hasSubtleCrypto: t } = w();
+	let { hasSubtleCrypto: t } = C();
 	return t ? te(e) : Promise.reject(/* @__PURE__ */ Error("window.crypto.subtle is unavailable."));
 }, re = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), ie = (e) => {
 	let t = e.appVersion, n = e.userAgent, r = "-", i = [
@@ -549,7 +549,7 @@ var oe = () => {
 			if (i) {
 				n.startKeepAliveServiceWorker(), t.tokens = i;
 				let o = n.getLoginParams(t.configurationName);
-				t.timeoutId = z(t, t.tokens.expiresAt, o.extras, o.scope);
+				t.timeoutId = H(t, t.tokens.expiresAt, o.extras, o.scope);
 				let s = await n.getSessionStateAsync();
 				return await t.startCheckSessionAsync(a.checkSessionIframe, r.client_id, s), r.preload_user_info && await t.userInfoAsync(), t.publishEvent(e.tryKeepExistingSessionAsync_end, {
 					success: !0,
@@ -564,9 +564,9 @@ var oe = () => {
 			r.service_worker_relative_url && t.publishEvent(e.service_worker_not_supported_by_browser, { message: "service worker is not supported by this browser" });
 			let n = i(t.configurationName, r.storage ?? sessionStorage, r.login_state_storage ?? r.storage ?? sessionStorage), { tokens: o } = await n.initAsync();
 			if (o) {
-				t.tokens = W(o, null, r.token_renew_mode);
+				t.tokens = Ve(o, null, r.token_renew_mode);
 				let i = n.getLoginParams();
-				t.timeoutId = z(t, t.tokens.expiresAt, i.extras, i.scope);
+				t.timeoutId = H(t, t.tokens.expiresAt, i.extras, i.scope);
 				let s = await n.getSessionStateAsync();
 				return await t.startCheckSessionAsync(a.checkSessionIframe, r.client_id, s), r.preload_user_info && await t.userInfoAsync(), t.publishEvent(e.tryKeepExistingSessionAsync_end, {
 					success: !0,
@@ -598,30 +598,38 @@ var oe = () => {
 	getOrigin() {
 		return window.origin;
 	}
-}, k = {}, ce = (e, t = window.sessionStorage, n) => {
-	if (!k[e] && t) {
+}, k = {
+	STATE_MISSING: "STATE_MISSING",
+	STATE_MISMATCH: "STATE_MISMATCH",
+	NONCE_MISSING: "NONCE_MISSING"
+}, A = class e extends Error {
+	constructor(t, n) {
+		super(n), this.name = "OidcStateError", this.code = t, Object.setPrototypeOf(this, e.prototype);
+	}
+}, ce = (e) => e instanceof A, j = {}, le = (e, t = window.sessionStorage, n) => {
+	if (!j[e] && t) {
 		let n = t.getItem(e);
-		n && (k[e] = JSON.parse(n));
+		n && (j[e] = JSON.parse(n));
 	}
 	let r = 1e3 * n;
-	return k[e] && k[e].timestamp + r > Date.now() ? k[e].result : null;
-}, le = (e, t, n = window.sessionStorage) => {
+	return j[e] && j[e].timestamp + r > Date.now() ? j[e].result : null;
+}, ue = (e, t, n = window.sessionStorage) => {
 	let r = Date.now();
-	k[e] = {
+	j[e] = {
 		result: t,
 		timestamp: r
 	}, n && n.setItem(e, JSON.stringify({
 		result: t,
 		timestamp: r
 	}));
-}, ue = 3600, de = (e) => async (t, n = ue, r = window.sessionStorage, i = 1e4) => {
-	let a = `${t}/.well-known/openid-configuration`, o = `oidc.server:${t}`, s = ce(o, r, n);
-	if (s) return new I(s);
-	let c = await A(e)(a, {}, i);
+}, de = 3600, fe = (e) => async (t, n = de, r = window.sessionStorage, i = 1e4) => {
+	let a = `${t}/.well-known/openid-configuration`, o = `oidc.server:${t}`, s = le(o, r, n);
+	if (s) return new z(s);
+	let c = await M(e)(a, {}, i);
 	if (c.status !== 200) return null;
 	let l = await c.json();
-	return le(o, l, r), new I(l);
-}, A = (e) => async (t, n = {}, r = 1e4, i = 0) => {
+	return ue(o, l, r), new z(l);
+}, M = (e) => async (t, n = {}, r = 1e4, i = 0) => {
 	let a;
 	try {
 		let i = new AbortController();
@@ -631,15 +639,15 @@ var oe = () => {
 		});
 	} catch (a) {
 		if (a.name === "AbortError" || a.message === "Network request failed") {
-			if (i <= 1) return await A(e)(t, n, r, i + 1);
+			if (i <= 1) return await M(e)(t, n, r, i + 1);
 			throw a;
 		} else throw console.error(a.message), a;
 	}
 	return a;
-}, fe = {
+}, N = {
 	refresh_token: "refresh_token",
 	access_token: "access_token"
-}, pe = (e) => async (t, n, r = fe.refresh_token, i, a = {}, o = 1e4) => {
+}, pe = (e) => async (t, n, r = N.refresh_token, i, a = {}, o = 1e4) => {
 	let s = {
 		token: n,
 		token_type_hint: r,
@@ -652,7 +660,7 @@ var oe = () => {
 		c.push(`${t}=${n}`);
 	}
 	let l = c.join("&");
-	return (await A(e)(t, {
+	return (await M(e)(t, {
 		method: "POST",
 		headers: { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8" },
 		body: l
@@ -664,7 +672,7 @@ var oe = () => {
 		let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
 		c.push(`${t}=${r}`);
 	}
-	let l = c.join("&"), u = await A(e)(t, {
+	let l = c.join("&"), u = await M(e)(t, {
 		method: "POST",
 		headers: {
 			"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
@@ -678,27 +686,27 @@ var oe = () => {
 		demonstratingProofOfPossessionNonce: null
 	};
 	let d = await u.json(), f = null;
-	return u.headers.has(j) && (f = u.headers.get(j)), {
+	return u.headers.has(P) && (f = u.headers.get(P)), {
 		success: !0,
 		status: u.status,
-		data: G(d, i, o),
+		data: He(d, i, o),
 		demonstratingProofOfPossessionNonce: f
 	};
 }, he = (e, t) => async (n, r) => {
 	r = r ? { ...r } : {};
-	let i = D(128), a = await ne(i);
+	let i = E(128), a = await ne(i);
 	await e.setCodeVerifierAsync(i), await e.setStateAsync(r.state), r.code_challenge = a, r.code_challenge_method = "S256";
 	let o = "";
 	if (r) for (let [e, t] of Object.entries(r)) o === "" ? o += "?" : o += "&", o += `${e}=${encodeURIComponent(t)}`;
 	t.open(`${n}${o}`);
-}, j = "DPoP-Nonce", ge = (e) => async (t, n, r, i, a = 1e4) => {
+}, P = "DPoP-Nonce", ge = (e) => async (t, n, r, i, a = 1e4) => {
 	n = n ? { ...n } : {}, n.code_verifier = await e.getCodeVerifierAsync();
 	let o = [];
 	for (let e in n) {
 		let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
 		o.push(`${t}=${r}`);
 	}
-	let s = o.join("&"), c = await A(fetch)(t, {
+	let s = o.join("&"), c = await M(fetch)(t, {
 		method: "POST",
 		headers: {
 			"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
@@ -711,13 +719,13 @@ var oe = () => {
 		status: c.status
 	};
 	let l = null;
-	c.headers.has(j) && (l = c.headers.get(j));
+	c.headers.has(P) && (l = c.headers.get(P));
 	let u = await c.json();
 	return {
 		success: !0,
 		data: {
 			state: n.state,
-			tokens: G(u, null, i),
+			tokens: He(u, null, i),
 			demonstratingProofOfPossessionNonce: l
 		}
 	};
@@ -744,7 +752,7 @@ var oe = () => {
 	n.endsWith("/") && (n = n.slice(0, -1));
 	let { hash: r } = t;
 	return r === "#_=_" && (r = ""), r && (n += r), n;
-}, M = (e) => {
+}, F = (e) => {
 	let { search: t } = _e(e);
 	return ye(t);
 }, ye = (e) => {
@@ -755,7 +763,7 @@ var oe = () => {
 	let d = c;
 	return c = { ...c }, (async () => {
 		let f = s || o.getPath();
-		if ("state" in c || (c.state = D(16)), r(e.loginAsync_begin, {}), c) for (let e of Object.keys(c)) e.endsWith(":token_request") && delete c[e];
+		if ("state" in c || (c.state = E(16)), r(e.loginAsync_begin, {}), c) for (let e of Object.keys(c)) e.endsWith(":token_request") && delete c[e];
 		try {
 			let e = l ? n.silent_redirect_uri : n.redirect_uri;
 			u ||= n.scope;
@@ -763,7 +771,7 @@ var oe = () => {
 				...n.extras,
 				...c
 			} : c;
-			r.nonce ||= D(12);
+			r.nonce ||= E(12);
 			let s = { nonce: r.nonce }, p = await $(n, t), m = await a(n.authority, n.authority_configuration), h;
 			if (p) p.setLoginParams({
 				callbackPath: f,
@@ -793,7 +801,7 @@ var oe = () => {
 }, xe = (t) => async (n = !1) => {
 	try {
 		t.publishEvent(e.loginCallbackAsync_begin, {});
-		let r = t.configuration, a = r.client_id, o = n ? r.silent_redirect_uri : r.redirect_uri, s = r.authority, c = r.token_request_timeout, l = await t.initAsync(s, r.authority_configuration), u = M(t.location.getCurrentHref()), d = u.session_state, f = await $(r, t.configurationName), p, m, h, g;
+		let r = t.configuration, a = r.client_id, o = n ? r.silent_redirect_uri : r.redirect_uri, s = r.authority, c = r.token_request_timeout, l = await t.initAsync(s, r.authority_configuration), u = F(t.location.getCurrentHref()), d = u.session_state, f = await $(r, t.configurationName), p, m, h, g;
 		if (f) await f.initAsync(l, "loginCallbackAsync", r), await f.setSessionStateAsync(d), m = await f.getNonceAsync(), h = f.getLoginParams(), g = await f.getStateAsync(), f.startKeepAliveServiceWorker(), p = f;
 		else {
 			let e = i(t.configurationName, r.storage ?? sessionStorage, r.login_state_storage ?? r.storage ?? sessionStorage);
@@ -801,7 +809,11 @@ var oe = () => {
 		}
 		if (u.error || u.error_description) throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);
 		if (u.iss && u.iss !== l.issuer) throw console.error(), Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);
-		if (u.state && u.state !== g) throw Error(`State not valid (expected: ${g}, received: ${u.state})`);
+		if (u.state) {
+			if (!g) throw new A(k.STATE_MISSING, "OIDC state is missing from storage. The login state may have been cleared between the authorization redirect and the callback (e.g., private browsing, storage cleared, or browser eviction).");
+			if (u.state !== g) throw new A(k.STATE_MISMATCH, `OIDC state does not match the stored one (expected: ${g}, received: ${u.state}).`);
+		}
+		if (!m || !m.nonce) throw new A(k.NONCE_MISSING, "OIDC nonce is missing from storage. The login state may have been cleared between the authorization redirect and the callback (e.g., private browsing, storage cleared, or browser eviction).");
 		let _ = {
 			code: u.code,
 			grant_type: "authorization_code",
@@ -814,32 +826,32 @@ var oe = () => {
 		if (r.demonstrating_proof_of_possession) if (f) b.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${t.configurationName}`;
 		else {
 			let e = await x(window)(r.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
-			await i(t.configurationName, r.storage, r.login_state_storage ?? r.storage).setDemonstratingProofOfPossessionJwkAsync(e), b.DPoP = await S(window)(r.demonstrating_proof_of_possession_configuration)(e, "POST", y);
+			await i(t.configurationName, r.storage, r.login_state_storage ?? r.storage).setDemonstratingProofOfPossessionJwkAsync(e), b.DPoP = await ee(window)(r.demonstrating_proof_of_possession_configuration)(e, "POST", y);
 		}
-		let C = await ge(p)(y, {
+		let S = await ge(p)(y, {
 			..._,
 			...v
 		}, b, t.configuration.token_renew_mode, c);
-		if (!C.success) throw Error("Token request failed");
-		let w, T = C.data.tokens, E = C.data.demonstratingProofOfPossessionNonce;
-		if (C.data.state !== v.state) throw Error("state is not valid");
-		let { isValid: D, reason: ee } = He(T, m.nonce, l);
-		if (!D) throw Error(`Tokens are not OpenID valid, reason: ${ee}`);
+		if (!S.success) throw Error("Token request failed");
+		let C, w = S.data.tokens, T = S.data.demonstratingProofOfPossessionNonce;
+		if (S.data.state !== v.state) throw Error("state is not valid");
+		let { isValid: E, reason: D } = Ge(w, m.nonce, l);
+		if (!E) throw Error(`Tokens are not OpenID valid, reason: ${D}`);
 		if (f) {
-			if (T.refreshToken && !T.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Refresh token should be hidden by service worker");
-			if (E && T?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Demonstration of proof of possession require Access token not hidden by service worker");
+			if (w.refreshToken && !w.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Refresh token should be hidden by service worker");
+			if (T && w?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Demonstration of proof of possession require Access token not hidden by service worker");
 		}
-		if (f) await f.initAsync(l, "syncTokensAsync", r), w = f.getLoginParams(), E && await f.setDemonstratingProofOfPossessionNonce(E);
+		if (f) await f.initAsync(l, "syncTokensAsync", r), C = f.getLoginParams(), T && await f.setDemonstratingProofOfPossessionNonce(T);
 		else {
 			let e = i(t.configurationName, r.storage, r.login_state_storage ?? r.storage);
-			w = e.getLoginParams(), E && await e.setDemonstratingProofOfPossessionNonce(E);
+			C = e.getLoginParams(), T && await e.setDemonstratingProofOfPossessionNonce(T);
 		}
 		return await t.startCheckSessionAsync(l.checkSessionIframe, a, d, n), t.publishEvent(e.loginCallbackAsync_end, {}), {
-			tokens: T,
+			tokens: w,
 			state: "request.state",
-			callbackPath: w.callbackPath,
+			callbackPath: C.callbackPath,
 			scope: u.scope,
-			extras: w.extras
+			extras: C.extras
 		};
 	} catch (n) {
 		throw console.error(n), t.publishEvent(e.loginCallbackAsync_error, n), n;
@@ -847,7 +859,7 @@ var oe = () => {
 }, Se = {
 	access_token: "access_token",
 	refresh_token: "refresh_token"
-}, N = (e, t) => {
+}, I = (e, t) => {
 	let n = {};
 	if (e) {
 		for (let [r, i] of Object.entries(e)) if (r.endsWith(t)) {
@@ -868,7 +880,7 @@ var oe = () => {
 	c.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
 	let n = await $(e.configuration, e.configurationName);
 	n ? await n.clearAsync(t) : await i(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).clearAsync(t), e.tokens = null, e.userInfo = null;
-}, P = (t, n) => async () => {
+}, L = (t, n) => async () => {
 	let r = t.tokens?.idTokenPayload?.sub ?? null;
 	await t.destroyAsync("LOGGED_OUT");
 	for (let [, i] of Object.entries(n)) i === t ? t.publishEvent(e.logout_from_same_tab, {}) : await t.logoutSameTabAsync(t.configuration.client_id, r);
@@ -890,12 +902,12 @@ var oe = () => {
 			if (t) {
 				let r = [], i = e.tokens ? e.tokens.accessToken : null;
 				if (i && s.logout_tokens_to_invalidate.includes(Se.access_token)) {
-					let e = N(o, ":revoke_access_token"), a = pe(n)(t, i, fe.access_token, s.client_id, e);
+					let e = I(o, ":revoke_access_token"), a = pe(n)(t, i, N.access_token, s.client_id, e);
 					r.push(a);
 				}
 				let a = e.tokens ? e.tokens.refreshToken : null;
 				if (a && s.logout_tokens_to_invalidate.includes(Se.refresh_token)) {
-					let e = N(o, ":revoke_refresh_token"), i = pe(n)(t, a, fe.refresh_token, s.client_id, e);
+					let e = I(o, ":revoke_refresh_token"), i = pe(n)(t, a, N.refresh_token, s.client_id, e);
 					r.push(i);
 				}
 				r.length > 0 && await Promise.all(r);
@@ -903,9 +915,9 @@ var oe = () => {
 		} catch (e) {
 			r.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), r.warn(e);
 		}
-		let a = N(o, ":oidc");
+		let a = I(o, ":oidc");
 		if (a && a.no_reload === "true") {
-			await P(e, t)(), e.isLoggingOut = !1;
+			await L(e, t)(), e.isLoggingOut = !1;
 			return;
 		}
 		let l = Ce(o);
@@ -913,23 +925,23 @@ var oe = () => {
 			let e = Te(c.endSessionEndpoint, l, f, d);
 			i.open(e);
 		} else i.reload();
-		await P(e, t)();
+		await L(e, t)();
 	} catch (t) {
 		throw e.isLoggingOut = !1, t;
 	}
-}, F = /* @__PURE__ */ function(e) {
+}, R = /* @__PURE__ */ function(e) {
 	return e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e;
 }({}), De = (e, t, n = !1) => async (...r) => {
 	let [i, a, ...o] = r, s = a ? { ...a } : { method: "GET" }, c = new Headers();
 	s.headers && (c = s.headers instanceof Headers ? s.headers : new Headers(s.headers));
-	let l = (await Ve({
+	let l = (await We({
 		getTokens: () => t.tokens,
 		configuration: {
 			token_automatic_renew_mode: t.configuration.token_automatic_renew_mode,
 			refresh_time_before_tokens_expiration_in_second: t.configuration.refresh_time_before_tokens_expiration_in_second
 		},
 		syncTokensInfoAsync: async () => {
-			let { status: e } = await V(t)(t.configuration, t.configurationName, t.tokens, !1);
+			let { status: e } = await Fe(t)(t.configuration, t.configurationName, t.tokens, !1);
 			return e;
 		},
 		renewTokensAsync: t.renewTokensAsync.bind(t)
@@ -954,14 +966,14 @@ var oe = () => {
 		return t.status === 200 ? t.json() : null;
 	})();
 	return e.userInfo = o, o && e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`, JSON.stringify(o)), o;
-}, ke = () => fetch, I = class {
+}, ke = () => fetch, z = class {
 	constructor(e) {
 		this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
 	}
-}, L = {}, Ae = (e, t = new O()) => (n, r = "default") => (L[r] || (L[r] = new R(n, r, e, t)), L[r]), je = async (e) => {
+}, B = {}, Ae = (e, t = new O()) => (n, r = "default") => (B[r] || (B[r] = new V(n, r, e, t)), B[r]), je = async (e) => {
 	let { parsedTokens: t, callbackPath: n, extras: r, scope: i } = await e.loginCallbackAsync();
-	return e.timeoutId = z(e, t.expiresAt, r, i), { callbackPath: n };
-}, Me = (e) => Math.floor(Math.random() * e), R = class t {
+	return e.timeoutId = H(e, t.expiresAt, r, i), { callbackPath: n };
+}, Me = (e) => Math.floor(Math.random() * e), V = class t {
 	constructor(e, t = "default", n, r = new O()) {
 		this.isLoggingOut = !1, this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.clearSessionPromise = null, this.logoutPromise = null;
 		let i = e.silent_login_uri;
@@ -970,11 +982,11 @@ var oe = () => {
 		a > 60 && (a -= Math.floor(Math.random() * 40)), this.location = r ?? new O(), this.configuration = {
 			...e,
 			silent_login_uri: i,
-			token_automatic_renew_mode: e.token_automatic_renew_mode ?? F.AutomaticBeforeTokenExpiration,
+			token_automatic_renew_mode: e.token_automatic_renew_mode ?? R.AutomaticBeforeTokenExpiration,
 			monitor_session: e.monitor_session ?? !1,
 			refresh_time_before_tokens_expiration_in_second: a,
 			silent_login_timeout: e.silent_login_timeout ?? 12e3,
-			token_renew_mode: e.token_renew_mode ?? U.access_token_or_id_token_invalid,
+			token_renew_mode: e.token_renew_mode ?? G.access_token_or_id_token_invalid,
 			demonstrating_proof_of_possession: e.demonstrating_proof_of_possession ?? !1,
 			authority_timeout_wellknowurl_in_millisecond: e.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
 			logout_tokens_to_invalidate: e.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
@@ -1003,7 +1015,7 @@ var oe = () => {
 		this.getOrCreate = (e, t) => (n, r = "default") => Ae(e, t)(n, r);
 	}
 	static get(e = "default") {
-		return Object.prototype.hasOwnProperty.call(L, e) ? L[e] : null;
+		return Object.prototype.hasOwnProperty.call(B, e) ? B[e] : null;
 	}
 	static getOrThrow(e = "default") {
 		let n = t.get(e);
@@ -1016,7 +1028,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 	}
 	_silentLoginCallbackFromIFrame() {
 		if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
-			let e = this.location, t = M(e.getCurrentHref());
+			let e = this.location, t = F(e.getCurrentHref());
 			window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({
 				tokens: this.tokens,
 				sessionState: t.session_state
@@ -1025,7 +1037,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 	}
 	_silentLoginErrorCallbackFromIFrame(e = null) {
 		if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
-			let t = this.location, n = M(t.getCurrentHref());
+			let t = this.location, n = F(t.getCurrentHref());
 			n.error ? window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({ error: n.error })}`, t.getOrigin()) : window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({ error: e == null ? "" : e.toString() })}`, t.getOrigin());
 		}
 	}
@@ -1039,7 +1051,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 	async initAsync(e, t) {
 		if (this.initPromise !== null) return this.initPromise;
 		let n = async () => {
-			if (t != null) return new I({
+			if (t != null) return new z({
 				authorization_endpoint: t.authorization_endpoint,
 				end_session_endpoint: t.end_session_endpoint,
 				revocation_endpoint: t.revocation_endpoint,
@@ -1049,7 +1061,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 				issuer: t.issuer
 			});
 			let n = await $(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
-			return await de(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600, n, this.configuration.authority_timeout_wellknowurl_in_millisecond);
+			return await fe(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600, n, this.configuration.authority_timeout_wellknowurl_in_millisecond);
 		};
 		return this.initPromise = n(), this.initPromise.finally(() => {
 			this.initPromise = null;
@@ -1061,7 +1073,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 		})) : this.tryKeepExistingSessionPromise;
 	}
 	async startCheckSessionAsync(e, t, n, r = !1) {
-		await d(this, L, this.configuration)(e, t, n, r);
+		await d(this, B, this.configuration)(e, t, n, r);
 	}
 	async loginAsync(e = void 0, t = null, n = !1, r = void 0, i = !1) {
 		return this.logoutPromise && await this.logoutPromise, this.loginPromise === null ? (i ? this.loginPromise = u(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(t, r) : this.loginPromise = be(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, t, n, r), this.loginPromise.finally(() => {
@@ -1089,9 +1101,9 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 			ath: await te(e),
 			...r
 		};
-		if (await $(a, this.configurationName)) return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Ke(this.configurationName)}`;
+		if (await $(a, this.configurationName)) return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Ye(this.configurationName)}`;
 		let s = i(this.configurationName, a.storage, a.login_state_storage ?? a.storage), c = await s.getDemonstratingProofOfPossessionJwkAsync(), l = s.getDemonstratingProofOfPossessionNonce();
-		return l && (o.nonce = l), await S(window)(a.demonstrating_proof_of_possession_configuration)(c, n, t, o);
+		return l && (o.nonce = l), await ee(window)(a.demonstrating_proof_of_possession_configuration)(c, n, t, o);
 	}
 	loginCallbackWithAutoTokensRenewAsync() {
 		return this.loginCallbackWithAutoTokensRenewPromise === null ? (this.loginCallbackWithAutoTokensRenewPromise = je(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
@@ -1113,7 +1125,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 		return await we(this)(e);
 	}
 	async clearSessionAsync() {
-		return this.clearSessionPromise ? this.clearSessionPromise : (this.clearSessionPromise = P(this, L)(), this.clearSessionPromise.finally(() => {
+		return this.clearSessionPromise ? this.clearSessionPromise : (this.clearSessionPromise = L(this, B)(), this.clearSessionPromise.finally(() => {
 			this.clearSessionPromise = null;
 		}));
 	}
@@ -1130,7 +1142,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 		}));
 	}
 	async logoutAsync(e = void 0, t = null) {
-		return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = Ee(this, L, this.getFetch(), console, this.location)(e, t), this.logoutPromise.finally(() => {
+		return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = Ee(this, B, this.getFetch(), console, this.location)(e, t), this.logoutPromise.finally(() => {
 			this.logoutPromise = null;
 		}));
 	}
@@ -1138,7 +1150,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 //#endregion
 //#region src/renewTokens.ts
 async function Ne(e, t, n, r = null) {
-	let { tokens: a, status: o } = await H(e)((t) => {
+	let { tokens: a, status: o } = await W(e)((t) => {
 		e.tokens = t;
 	}, 0, 0, t, n, r);
 	return await $(e.configuration, e.configurationName) || i(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).setTokens(e.tokens), e.tokens ? a : (await e.destroyAsync(o), null);
@@ -1148,18 +1160,18 @@ async function Pe(e, t = !1, n = null, r = null) {
 	if (i?.storage === window?.sessionStorage && !s || !navigator.locks) o = await Ne(e, t, n, r);
 	else {
 		let i = "retry";
-		for (; i === "retry";) i = await navigator.locks.request(a, { ifAvailable: !0 }, async (i) => i ? await Ne(e, t, n, r) : (e.publishEvent(R.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), "retry"));
+		for (; i === "retry";) i = await navigator.locks.request(a, { ifAvailable: !0 }, async (i) => i ? await Ne(e, t, n, r) : (e.publishEvent(V.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), "retry"));
 		o = i;
 	}
-	return o ? (e.timeoutId &&= z(e, e.tokens.expiresAt, n, r), e.tokens) : null;
+	return o ? (e.timeoutId &&= H(e, e.tokens.expiresAt, n, r), e.tokens) : null;
 }
-var z = (e, t, n = null, r = null) => {
+var H = (e, t, n = null, r = null) => {
 	let i = e.configuration.refresh_time_before_tokens_expiration_in_second;
 	return e.timeoutId && c.clearTimeout(e.timeoutId), c.setTimeout(async () => {
 		let a = { timeLeft: K(i, t) };
-		e.publishEvent(R.eventNames.token_timer, a), await Pe(e, !1, n, r);
+		e.publishEvent(V.eventNames.token_timer, a), await Pe(e, !1, n, r);
 	}, 1e3);
-}, B = {
+}, U = {
 	FORCE_REFRESH: "FORCE_REFRESH",
 	SESSION_LOST: "SESSION_LOST",
 	NOT_CONNECTED: "NOT_CONNECTED",
@@ -1169,11 +1181,11 @@ var z = (e, t, n = null, r = null) => {
 	LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
 	REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS",
 	TOKENS_INVALID: "TOKENS_INVALID"
-}, V = (e) => async (t, n, r, a = !1) => {
+}, Fe = (e) => async (t, n, r, a = !1) => {
 	let o = { nonce: null };
 	if (!r) return {
 		tokens: null,
-		status: B.NOT_CONNECTED,
+		status: U.NOT_CONNECTED,
 		nonce: o
 	};
 	let s, c = await e.initAsync(t.authority, t.authority_configuration), l = await $(t, n);
@@ -1181,39 +1193,39 @@ var z = (e, t, n = null, r = null) => {
 		let { status: e, tokens: n } = await l.initAsync(c, "syncTokensAsync", t);
 		if (e === "LOGGED_OUT") return {
 			tokens: null,
-			status: B.LOGOUT_FROM_ANOTHER_TAB,
+			status: U.LOGOUT_FROM_ANOTHER_TAB,
 			nonce: o
 		};
 		if (e === "SESSIONS_LOST") return {
 			tokens: null,
-			status: B.SESSION_LOST,
+			status: U.SESSION_LOST,
 			nonce: o
 		};
 		if (!e || !n) return {
 			tokens: null,
-			status: B.REQUIRE_SYNC_TOKENS,
+			status: U.REQUIRE_SYNC_TOKENS,
 			nonce: o
 		};
 		if (n.issuedAt !== r.issuedAt) return {
 			tokens: n,
-			status: K(t.refresh_time_before_tokens_expiration_in_second, n.expiresAt) > 0 ? B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
+			status: K(t.refresh_time_before_tokens_expiration_in_second, n.expiresAt) > 0 ? U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
 			nonce: await l.getNonceAsync()
 		};
 		s = await l.getNonceAsync();
 	} else {
 		let a = i(n, t.storage ?? sessionStorage, t.login_state_storage ?? t.storage ?? sessionStorage), c = await a.initAsync(), { tokens: l } = c, { status: u } = c;
-		if (l &&= W(l, e.tokens, t.token_renew_mode), !l) return {
+		if (l &&= Ve(l, e.tokens, t.token_renew_mode), !l) return {
 			tokens: null,
-			status: B.LOGOUT_FROM_ANOTHER_TAB,
+			status: U.LOGOUT_FROM_ANOTHER_TAB,
 			nonce: o
 		};
 		if (u === "SESSIONS_LOST") return {
 			tokens: null,
-			status: B.SESSION_LOST,
+			status: U.SESSION_LOST,
 			nonce: o
 		};
 		if (l.issuedAt !== r.issuedAt) {
-			let e = K(t.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, n = await a.getNonceAsync();
+			let e = K(t.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, n = await a.getNonceAsync();
 			return {
 				tokens: l,
 				status: e,
@@ -1232,7 +1244,7 @@ var z = (e, t, n = null, r = null) => {
 		status: u,
 		nonce: s
 	};
-}, H = (t) => async (n, r = 0, a = 0, o = !1, s = null, c = null) => {
+}, W = (t) => async (n, r = 0, a = 0, o = !1, s = null, c = null) => {
 	if (!navigator.onLine && document.hidden) return {
 		tokens: t.tokens,
 		status: "GIVE_UP"
@@ -1257,7 +1269,7 @@ var z = (e, t, n = null, r = null) => {
 			return l ? l.error ? (n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token silent" }), {
 				tokens: null,
 				status: "SESSION_LOST"
-			}) : (n(l.tokens), t.publishEvent(R.eventNames.token_renewed, {}), {
+			}) : (n(l.tokens), t.publishEvent(V.eventNames.token_renewed, {}), {
 				tokens: l.tokens,
 				status: "LOGGED"
 			}) : (n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token silent not active" }), {
@@ -1268,38 +1280,38 @@ var z = (e, t, n = null, r = null) => {
 			return console.error(r), t.publishEvent(e.refreshTokensAsync_silent_error, {
 				message: "exceptionSilent",
 				exception: r.message
-			}), await H(t)(n, p, m, o, s, c);
+			}), await W(t)(n, p, m, o, s, c);
 		}
 	};
 	try {
-		let { status: l, tokens: u, nonce: d } = await V(t)(h, t.configurationName, t.tokens, o);
+		let { status: l, tokens: u, nonce: d } = await Fe(t)(h, t.configurationName, t.tokens, o);
 		switch (l) {
-			case B.SESSION_LOST: return n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token session lost" }), {
+			case U.SESSION_LOST: return n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token session lost" }), {
 				tokens: null,
 				status: "SESSION_LOST"
 			};
-			case B.NOT_CONNECTED: return n(null), {
+			case U.NOT_CONNECTED: return n(null), {
 				tokens: null,
 				status: null
 			};
-			case B.TOKENS_VALID: return n(u), {
+			case U.TOKENS_VALID: return n(u), {
 				tokens: u,
 				status: "LOGGED_IN"
 			};
-			case B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: return n(u), t.publishEvent(R.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), {
+			case U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: return n(u), t.publishEvent(V.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), {
 				tokens: u,
 				status: "LOGGED_IN"
 			};
-			case B.LOGOUT_FROM_ANOTHER_TAB: return n(null), t.publishEvent(e.logout_from_another_tab, { status: "session syncTokensAsync" }), {
+			case U.LOGOUT_FROM_ANOTHER_TAB: return n(null), t.publishEvent(e.logout_from_another_tab, { status: "session syncTokensAsync" }), {
 				tokens: null,
 				status: "LOGGED_OUT"
 			};
-			case B.REQUIRE_SYNC_TOKENS: return h.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted && !o ? (t.publishEvent(e.tokensInvalidAndWaitingActionsToRefresh, {}), {
+			case U.REQUIRE_SYNC_TOKENS: return h.token_automatic_renew_mode == R.AutomaticOnlyWhenFetchExecuted && !o ? (t.publishEvent(e.tokensInvalidAndWaitingActionsToRefresh, {}), {
 				tokens: t.tokens,
 				status: "GIVE_UP"
 			}) : (t.publishEvent(e.refreshTokensAsync_begin, { tryNumber: r }), await _());
 			default: {
-				if (h.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted && B.FORCE_REFRESH !== l) return t.publishEvent(e.tokensInvalidAndWaitingActionsToRefresh, {}), {
+				if (h.token_automatic_renew_mode == R.AutomaticOnlyWhenFetchExecuted && U.FORCE_REFRESH !== l) return t.publishEvent(e.tokensInvalidAndWaitingActionsToRefresh, {}), {
 					tokens: t.tokens,
 					status: "GIVE_UP"
 				};
@@ -1321,7 +1333,11 @@ var z = (e, t, n = null, r = null) => {
 					h.demonstrating_proof_of_possession && (b.DPoP = await t.generateDemonstrationOfProofOfPossessionAsync(u.accessToken, _, "POST"));
 					let x = await me(t.getFetch())(_, r, y, u, b, h.token_renew_mode, l);
 					if (x.success) {
-						let { isValid: r, reason: o } = He(x.data, d.nonce, a);
+						if (!d || !d.nonce) return n(null), t.publishEvent(e.refreshTokensAsync_error, { message: "refresh token: nonce missing from storage" }), {
+							tokens: null,
+							status: "SESSION_LOST"
+						};
+						let { isValid: r, reason: o } = Ge(x.data, d.nonce, a);
 						if (!r) return n(null), t.publishEvent(e.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${o}` }), {
 							tokens: null,
 							status: "SESSION_LOST"
@@ -1330,7 +1346,7 @@ var z = (e, t, n = null, r = null) => {
 							let e = await $(h, t.configurationName);
 							e ? await e.setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce) : await i(t.configurationName, h.storage, h.login_state_storage ?? h.storage).setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce);
 						}
-						return t.publishEvent(e.refreshTokensAsync_end, { success: x.success }), t.publishEvent(R.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), {
+						return t.publishEvent(e.refreshTokensAsync_end, { success: x.success }), t.publishEvent(V.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), {
 							tokens: x.data,
 							status: "LOGGED_IN"
 						};
@@ -1340,7 +1356,7 @@ var z = (e, t, n = null, r = null) => {
 					}), x.status >= 400 && x.status < 500 ? (n(null), t.publishEvent(e.refreshTokensAsync_error, { message: `session lost: ${x.status}` }), {
 						tokens: null,
 						status: "SESSION_LOST"
-					}) : await H(t)(n, p, m, o, s, c);
+					}) : await W(t)(n, p, m, o, s, c);
 				})();
 			}
 		}
@@ -1350,35 +1366,35 @@ var z = (e, t, n = null, r = null) => {
 			exception: r.message
 		}), new Promise((e, r) => {
 			setTimeout(() => {
-				H(t)(n, p, m, o, s, c).then(e).catch(r);
+				W(t)(n, p, m, o, s, c).then(e).catch(r);
 			}, 1e3);
 		});
 	}
-}, Fe = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), Ie = (e) => JSON.parse(Fe(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), Le = (e) => {
+}, Ie = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), Le = (e) => JSON.parse(Ie(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), Re = (e) => {
 	try {
-		return e && Re(e, ".") === 2 ? Ie(e.split(".")[1]) : null;
+		return e && ze(e, ".") === 2 ? Le(e.split(".")[1]) : null;
 	} catch (e) {
 		console.warn(e);
 	}
 	return null;
-}, Re = (e, t) => e.split(t).length - 1, U = {
+}, ze = (e, t) => e.split(t).length - 1, G = {
 	access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
 	access_token_invalid: "access_token_invalid",
 	id_token_invalid: "id_token_invalid"
 };
-function ze(e, t, n) {
+function Be(e, t, n) {
 	return e.issuedAt ? typeof e.issuedAt == "string" ? parseInt(e.issuedAt, 10) : e.issuedAt : t && t.iat ? t.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
 }
-var W = (e, t = null, n) => {
+var Ve = (e, t = null, n) => {
 	if (!e) return null;
 	let r, i = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
-	r = e.accessTokenPayload === void 0 ? Le(e.accessToken) : e.accessTokenPayload;
+	r = e.accessTokenPayload === void 0 ? Re(e.accessToken) : e.accessTokenPayload;
 	let a;
 	a = t != null && "idToken" in t && !("idToken" in e) ? t.idToken : e.idToken;
-	let o = e.idTokenPayload ? e.idTokenPayload : Le(a), s = o && o.exp ? o.exp : Number.MAX_VALUE, c = r && r.exp ? r.exp : e.issuedAt + i;
-	e.issuedAt = ze(e, r, o);
+	let o = e.idTokenPayload ? e.idTokenPayload : Re(a), s = o && o.exp ? o.exp : Number.MAX_VALUE, c = r && r.exp ? r.exp : e.issuedAt + i;
+	e.issuedAt = Be(e, r, o);
 	let l;
-	l = e.expiresAt ? e.expiresAt : n === U.access_token_invalid ? c : n === U.id_token_invalid || s < c ? s : c;
+	l = e.expiresAt ? e.expiresAt : n === G.access_token_invalid ? c : n === G.id_token_invalid || s < c ? s : c;
 	let u = {
 		...e,
 		idTokenPayload: o,
@@ -1394,7 +1410,7 @@ var W = (e, t = null, n) => {
 		};
 	}
 	return u;
-}, G = (e, t, n) => {
+}, He = (e, t, n) => {
 	if (!e) return null;
 	e.issued_at ||= (/* @__PURE__ */ new Date()).getTime() / 1e3;
 	let r = {
@@ -1405,29 +1421,29 @@ var W = (e, t = null, n) => {
 		tokenType: e.token_type,
 		issuedAt: e.issued_at
 	};
-	return "refresh_token" in e && (r.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (r.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (r.idTokenPayload = e.idTokenPayload), W(r, t, n);
+	return "refresh_token" in e && (r.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (r.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (r.idTokenPayload = e.idTokenPayload), Ve(r, t, n);
 }, K = (e, t) => {
 	let n = t - (/* @__PURE__ */ new Date()).getTime() / 1e3;
 	return Math.round(n - e);
-}, Be = (e, t = 0) => e ? K(t, e.expiresAt) > 0 : !1, Ve = async (e, t = 200, n = 50) => {
+}, Ue = (e, t = 0) => e ? K(t, e.expiresAt) > 0 : !1, We = async (e, t = 200, n = 50) => {
 	let r = n, i = await e.syncTokensInfoAsync();
 	for (; [
-		B.REQUIRE_SYNC_TOKENS,
-		B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
-		B.TOKENS_INVALID
+		U.REQUIRE_SYNC_TOKENS,
+		U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
+		U.TOKENS_INVALID
 	].includes(i) && r > 0;) {
-		if (e.configuration.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted) {
+		if (e.configuration.token_automatic_renew_mode == R.AutomaticOnlyWhenFetchExecuted) {
 			await e.renewTokensAsync({});
 			break;
 		} else await J({ milliseconds: t });
 		--r, i = await e.syncTokensInfoAsync();
 	}
 	return {
-		isTokensValid: Be(e.getTokens()),
+		isTokensValid: Ue(e.getTokens()),
 		tokens: e.getTokens(),
 		numberWaited: r - n
 	};
-}, He = (e, t, n) => {
+}, Ge = (e, t, n) => {
 	if (e.idTokenPayload) {
 		let r = e.idTokenPayload;
 		if (n.issuer !== r.iss) return {
@@ -1453,25 +1469,25 @@ var W = (e, t = null, n) => {
 		isValid: !0,
 		reason: ""
 	};
-}, Ue = "7.27.17", We = null, q, J = ({ milliseconds: e }) => new Promise((t) => c.setTimeout(t, e)), Ge = (e = "/") => {
+}, Ke = "7.27.19", qe = null, q, J = ({ milliseconds: e }) => new Promise((t) => c.setTimeout(t, e)), Je = (e = "/") => {
 	try {
 		q = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((e) => {
 			console.log(e);
-		}), J({ milliseconds: 150 * 1e3 }).then(() => Ge(e));
+		}), J({ milliseconds: 150 * 1e3 }).then(() => Je(e));
 	} catch (e) {
 		console.log(e);
 	}
 }, Y = () => {
 	q && q.abort();
-}, Ke = (e) => {
+}, Ye = (e) => {
 	let t = `oidc.tabId.${e}`, n = sessionStorage.getItem(t);
 	if (n) return n;
 	let r = globalThis.crypto.randomUUID();
 	return sessionStorage.setItem(t, r), r;
-}, qe = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, X = (e, t) => (n) => {
+}, Xe = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, X = (e, t) => (n) => {
 	let r = t?.timeoutMs ?? 5e3;
 	return new Promise((t, i) => {
-		let a = qe(e);
+		let a = Xe(e);
 		if (!a) {
 			i(/* @__PURE__ */ Error("Service worker target not available (controller/active/waiting/installing missing)"));
 			return;
@@ -1492,41 +1508,48 @@ var W = (e, t = null, n) => {
 			let e = n?.configurationName;
 			a.postMessage({
 				...n,
-				tabId: Ke(e ?? "default")
+				tabId: Ye(e ?? "default")
 			}, [o.port2]);
 		} catch (e) {
 			l(), i(e);
 		}
 	});
-}, Je = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((t) => {
+}, Ze = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((t) => {
 	let n = !1, r = () => {
 		n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
 	};
 	navigator.serviceWorker.addEventListener("controllerchange", r), c.setTimeout(() => {
 		n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
 	}, e);
-}), Ye = !1, Z = !1, Q = /* @__PURE__ */ new Map(), Xe = "oidc.sw.controllerchange_reload_count", Ze = 3, Qe = () => {
+}), Qe = !1, Z = !1, Q = /* @__PURE__ */ new Map(), $e = (e) => e instanceof DOMException ? e.name === "AbortError" : e?.name === "AbortError", et = "oidc.sw.controllerchange_reload_count", tt = 3, nt = () => {
 	try {
-		return parseInt(sessionStorage.getItem(Xe) ?? "0", 10);
+		return parseInt(sessionStorage.getItem(et) ?? "0", 10);
 	} catch {
 		return 0;
 	}
-}, $e = () => {
-	let e = Qe() + 1;
+}, rt = () => {
+	let e = nt() + 1;
 	try {
-		sessionStorage.setItem(Xe, String(e));
+		sessionStorage.setItem(et, String(e));
 	} catch {}
 	return e;
-}, et = () => {
+}, it = () => {
 	try {
-		sessionStorage.removeItem(Xe);
+		sessionStorage.removeItem(et);
 	} catch {}
 }, $ = async (e, t) => {
 	let n = e.service_worker_relative_url;
 	if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n || e.service_worker_activate() === !1) return null;
-	let r = `${n}?v=${Ue}`, i = null;
-	e.service_worker_register ? (Q.has(n) || Q.set(n, e.service_worker_register(n)), i = await Q.get(n)) : (Q.has(r) || Q.set(r, navigator.serviceWorker.register(r, { updateViaCache: "none" })), i = await Q.get(r));
-	let a = `oidc.sw.version_mismatch_reload.${t}`, o = async (e) => {
+	let r = `${n}?v=${Ke}`, i = e.service_worker_register ? n : r;
+	Q.has(i) || Q.set(i, e.service_worker_register ? e.service_worker_register(n) : navigator.serviceWorker.register(r, { updateViaCache: "none" }));
+	let a = null;
+	try {
+		a = await Q.get(i);
+	} catch (e) {
+		if ($e(e)) return Q.delete(i), console.warn("oidc-client: service worker registration was aborted (likely tab shutdown or backgrounding); falling back to non–service-worker mode.", e), null;
+		throw e;
+	}
+	let o = `oidc.sw.version_mismatch_reload.${t}`, s = async (e) => {
 		Y(), console.log("New SW waiting – SKIP_WAITING");
 		try {
 			await new Promise((n, r) => {
@@ -1547,7 +1570,7 @@ var W = (e, t = null, n) => {
 						type: "SKIP_WAITING",
 						configurationName: t,
 						data: null,
-						tabId: Ke(t ?? "default")
+						tabId: Ye(t ?? "default")
 					}, [i.port2]);
 				} catch (e) {
 					o(), r(e);
@@ -1556,50 +1579,50 @@ var W = (e, t = null, n) => {
 		} catch (e) {
 			console.warn("SKIP_WAITING failed", e);
 		}
-	}, s = async () => {
-		let e = i.waiting;
-		e ? await o(e) : console.warn("sendSkipWaiting called but no waiting service worker found");
-	}, l = (e) => {
+	}, l = async () => {
+		let e = a.waiting;
+		e ? await s(e) : console.warn("sendSkipWaiting called but no waiting service worker found");
+	}, u = (e) => {
 		Y(), e.addEventListener("statechange", async () => {
 			if (e.state === "installed" && navigator.serviceWorker.controller) {
-				if (Qe() >= Ze) {
+				if (nt() >= tt) {
 					console.warn("SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted");
 					return;
 				}
-				await o(e);
+				await s(e);
 			}
 		});
 	};
-	i.addEventListener("updatefound", () => {
-		let e = i.installing;
-		e && l(e);
-	}), i.installing ? l(i.installing) : i.waiting && navigator.serviceWorker.controller && (Qe() < Ze ? s() : console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")), i.update().catch((e) => {
+	a.addEventListener("updatefound", () => {
+		let e = a.installing;
+		e && u(e);
+	}), a.installing ? u(a.installing) : a.waiting && navigator.serviceWorker.controller && (nt() < tt ? l() : console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")), a.update().catch((e) => {
 		console.error(e);
 	});
 	try {
-		await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await X(i, { timeoutMs: 8e3 })({
+		await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await X(a, { timeoutMs: 8e3 })({
 			type: "claim",
 			configurationName: t,
 			data: null
-		}), await Je(2e3));
+		}), await Ze(2e3));
 	} catch (e) {
 		return console.warn(`Failed init ServiceWorker ${e?.toString?.() ?? String(e)}`), null;
 	}
-	Ye || (Ye = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
+	Qe || (Qe = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
 		if (Z) return;
-		let e = $e();
-		if (e > Ze) {
+		let e = rt();
+		if (e > tt) {
 			console.warn(`SW controllerchange: reload budget exhausted (${e - 1} reloads). Skipping reload to avoid infinite loop.`);
 			return;
 		}
 		Z = !0, console.log("SW controller changed – reloading page"), Y(), window.location.reload();
 	}));
-	let u = async (e) => X(i)({
+	let d = async (e) => X(a)({
 		type: "clear",
 		data: { status: e },
 		configurationName: t
-	}), d = async (e, n, r) => {
-		let o = await X(i)({
+	}), f = async (e, n, r) => {
+		let i = await X(a)({
 			type: "init",
 			data: {
 				oidcServerConfiguration: e,
@@ -1610,140 +1633,140 @@ var W = (e, t = null, n) => {
 				}
 			},
 			configurationName: t
-		}), c = o.version;
-		if (c !== "7.27.17") {
-			console.warn(`Service worker ${c} version mismatch with js client version ${Ue}, unregistering and reloading`);
-			let e = parseInt(sessionStorage.getItem(a) ?? "0", 10);
+		}), s = i.version;
+		if (s !== "7.27.19") {
+			console.warn(`Service worker ${s} version mismatch with js client version ${Ke}, unregistering and reloading`);
+			let e = parseInt(sessionStorage.getItem(o) ?? "0", 10);
 			if (e < 3) {
-				if (sessionStorage.setItem(a, String(e + 1)), i.waiting) return await s(), await J({ milliseconds: 500 }), Z || (Z = !0, window.location.reload()), new Promise(() => {});
+				if (sessionStorage.setItem(o, String(e + 1)), a.waiting) return await l(), await J({ milliseconds: 500 }), Z || (Z = !0, window.location.reload()), new Promise(() => {});
 				{
 					Y();
 					try {
-						await i.update();
+						await a.update();
 					} catch (e) {
 						console.error(e);
 					}
-					let e = await i.unregister();
+					let e = await a.unregister();
 					return console.log(`Service worker unregistering ${e}`), await J({ milliseconds: 500 }), Z || (Z = !0, window.location.reload()), new Promise(() => {});
 				}
 			} else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`);
-		} else sessionStorage.removeItem(a), et();
+		} else sessionStorage.removeItem(o), it();
 		return {
-			tokens: G(o.tokens, null, r.token_renew_mode),
-			status: o.status
+			tokens: He(i.tokens, null, r.token_renew_mode),
+			status: i.status
 		};
-	}, f = (e = "/") => {
-		We ?? (We = "not_null", Ge(e));
-	}, p = (e) => X(i)({
+	}, p = (e = "/") => {
+		qe ?? (qe = "not_null", Je(e));
+	}, m = (e) => X(a)({
 		type: "setSessionState",
 		data: { sessionState: e },
 		configurationName: t
-	}), m = async () => (await X(i)({
+	}), h = async () => (await X(a)({
 		type: "getSessionState",
 		data: null,
 		configurationName: t
-	})).sessionState, h = (e) => (sessionStorage[`oidc.nonce.${t}`] = e.nonce, X(i)({
+	})).sessionState, g = (e) => (sessionStorage[`oidc.nonce.${t}`] = e.nonce, X(a)({
 		type: "setNonce",
 		data: { nonce: e },
 		configurationName: t
-	})), g = async (e = !0) => {
-		let n = (await X(i)({
+	})), _ = async (e = !0) => {
+		let n = (await X(a)({
 			type: "getNonce",
 			data: null,
 			configurationName: t
 		})).nonce;
-		return n || (n = sessionStorage[`oidc.nonce.${t}`], console.warn("nonce not found in service worker, using sessionStorage"), e && (await h(n), n = (await g(!1)).nonce)), { nonce: n };
-	}, _ = {}, v = (e) => {
+		return n || (n = sessionStorage[`oidc.nonce.${t}`], console.warn("nonce not found in service worker, using sessionStorage"), e && (await g(n), n = (await _(!1)).nonce)), { nonce: n };
+	}, v = {}, y = (e) => {
 		if (e == null) {
-			delete _[t], delete localStorage[`oidc.login.${t}`];
+			delete v[t], delete localStorage[`oidc.login.${t}`];
 			return;
 		}
-		_[t] = e, localStorage[`oidc.login.${t}`] = JSON.stringify(e);
-	}, y = () => {
-		if (_[t]) return _[t];
+		v[t] = e, localStorage[`oidc.login.${t}`] = JSON.stringify(e);
+	}, b = () => {
+		if (v[t]) return v[t];
 		let e = localStorage[`oidc.login.${t}`];
 		if (typeof e != "string" || e === "" || e === "undefined" || e === "null") return null;
 		try {
-			_[t] = JSON.parse(e);
+			v[t] = JSON.parse(e);
 		} catch {
 			return null;
 		}
-		return _[t];
-	}, b = async (e) => {
-		await X(i)({
+		return v[t];
+	}, x = async (e) => {
+		await X(a)({
 			type: "setDemonstratingProofOfPossessionNonce",
 			data: { demonstratingProofOfPossessionNonce: e },
 			configurationName: t
 		});
-	}, x = async () => (await X(i)({
+	}, ee = async () => (await X(a)({
 		type: "getDemonstratingProofOfPossessionNonce",
 		data: null,
 		configurationName: t
 	})).demonstratingProofOfPossessionNonce, S = async (e) => {
 		let n = JSON.stringify(e);
-		await X(i)({
+		await X(a)({
 			type: "setDemonstratingProofOfPossessionJwk",
 			data: { demonstratingProofOfPossessionJwkJson: n },
 			configurationName: t
 		});
 	}, C = async () => {
-		let e = await X(i)({
+		let e = await X(a)({
 			type: "getDemonstratingProofOfPossessionJwk",
 			data: null,
 			configurationName: t
 		});
 		return e.demonstratingProofOfPossessionJwkJson ? JSON.parse(e.demonstratingProofOfPossessionJwkJson) : null;
 	}, w = async (e = !0) => {
-		let n = (await X(i)({
+		let n = (await X(a)({
 			type: "getState",
 			data: null,
 			configurationName: t
 		})).state;
 		return n || (n = sessionStorage[`oidc.state.${t}`], console.warn("state not found in service worker, using sessionStorage"), e && (await T(n), n = await w(!1))), n;
-	}, T = async (e) => (sessionStorage[`oidc.state.${t}`] = e, X(i)({
+	}, T = async (e) => (sessionStorage[`oidc.state.${t}`] = e, X(a)({
 		type: "setState",
 		data: { state: e },
 		configurationName: t
 	})), E = async (e = !0) => {
-		let n = (await X(i)({
+		let n = (await X(a)({
 			type: "getCodeVerifier",
 			data: null,
 			configurationName: t
 		})).codeVerifier;
 		return n || (n = sessionStorage[`oidc.code_verifier.${t}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), e && (await D(n), n = await E(!1))), n;
-	}, D = async (e) => (sessionStorage[`oidc.code_verifier.${t}`] = e, X(i)({
+	}, D = async (e) => (sessionStorage[`oidc.code_verifier.${t}`] = e, X(a)({
 		type: "setCodeVerifier",
 		data: { codeVerifier: e },
 		configurationName: t
 	}));
 	return {
-		clearAsync: u,
-		initAsync: d,
-		startKeepAliveServiceWorker: () => f(e.service_worker_keep_alive_path),
-		setSessionStateAsync: p,
-		getSessionStateAsync: m,
-		setNonceAsync: h,
-		getNonceAsync: g,
-		setLoginParams: v,
-		getLoginParams: y,
+		clearAsync: d,
+		initAsync: f,
+		startKeepAliveServiceWorker: () => p(e.service_worker_keep_alive_path),
+		setSessionStateAsync: m,
+		getSessionStateAsync: h,
+		setNonceAsync: g,
+		getNonceAsync: _,
+		setLoginParams: y,
+		getLoginParams: b,
 		getStateAsync: w,
 		setStateAsync: T,
 		getCodeVerifierAsync: E,
 		setCodeVerifierAsync: D,
-		setDemonstratingProofOfPossessionNonce: b,
-		getDemonstratingProofOfPossessionNonce: x,
+		setDemonstratingProofOfPossessionNonce: x,
+		getDemonstratingProofOfPossessionNonce: ee,
 		setDemonstratingProofOfPossessionJwkAsync: S,
 		getDemonstratingProofOfPossessionJwkAsync: C,
-		signalAsync: (e, n) => X(i, n)({
+		signalAsync: (e, n) => X(a, n)({
 			...e,
 			configurationName: e.configurationName ?? t
 		})
 	};
-}, tt = async (e, t, n, r) => {
+}, at = async (e, t, n, r) => {
 	let i = await $(e, t);
 	if (!i) throw Error(`signalServiceWorkerAsync: no service worker registered for configuration "${t}"`);
 	return i.signalAsync(n, r);
-}, nt = class e {
+}, ot = class e {
 	constructor(e) {
 		this._oidc = e;
 	}
@@ -1757,17 +1780,17 @@ var W = (e, t = null, n) => {
 		this._oidc.publishEvent(e, t);
 	}
 	static {
-		this.getOrCreate = (t, n = new O()) => (r, i = "default") => new e(R.getOrCreate(t, n)(r, i));
+		this.getOrCreate = (t, n = new O()) => (r, i = "default") => new e(V.getOrCreate(t, n)(r, i));
 	}
 	static get(t = "default") {
-		let n = R.get(t);
+		let n = V.get(t);
 		return n ? new e(n) : null;
 	}
 	static getOrThrow(t = "default") {
-		return new e(R.getOrThrow(t));
+		return new e(V.getOrThrow(t));
 	}
 	static {
-		this.eventNames = R.eventNames;
+		this.eventNames = V.eventNames;
 	}
 	tryKeepExistingSessionAsync() {
 		return this._oidc.tryKeepExistingSessionAsync();
@@ -1804,14 +1827,14 @@ var W = (e, t = null, n) => {
 	}
 	async getValidTokenAsync(e = 200, t = 50) {
 		let n = this._oidc;
-		return Ve({
+		return We({
 			getTokens: () => n.tokens,
 			configuration: {
 				token_automatic_renew_mode: n.configuration.token_automatic_renew_mode,
 				refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
 			},
 			syncTokensInfoAsync: async () => {
-				let { status: e } = await V(n)(n.configuration, n.configurationName, n.tokens, !1);
+				let { status: e } = await Fe(n)(n.configuration, n.configurationName, n.tokens, !1);
 				return e;
 			},
 			renewTokensAsync: n.renewTokensAsync.bind(n)
@@ -1827,9 +1850,9 @@ var W = (e, t = null, n) => {
 		return this._oidc.userInfo;
 	}
 	async signalServiceWorker(e, t) {
-		return tt(this._oidc.configuration, this._oidc.configurationName, e, t);
+		return at(this._oidc.configuration, this._oidc.configurationName, e, t);
 	}
-}, rt = "1.0.0", it = {
+}, st = "1.0.0", ct = {
 	SKIP_WAITING: "SKIP_WAITING",
 	CLAIM: "claim",
 	CLEAR: "clear",
@@ -1846,18 +1869,18 @@ var W = (e, t = null, n) => {
 	GET_DPOP_NONCE: "getDemonstratingProofOfPossessionNonce",
 	SET_DPOP_JWK: "setDemonstratingProofOfPossessionJwk",
 	GET_DPOP_JWK: "getDemonstratingProofOfPossessionJwk"
-}, at = {
+}, lt = {
 	ACCESS_TOKEN: "ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER",
 	REFRESH_TOKEN: "REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER",
 	NONCE_TOKEN: "NONCE_SECURED_BY_OIDC_SERVICE_WORKER",
 	CODE_VERIFIER: "CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER"
-}, ot = "DPOP_SECURED_BY_OIDC_SERVICE_WORKER", st = {
+}, ut = "DPOP_SECURED_BY_OIDC_SERVICE_WORKER", dt = {
 	TAB_ID: "oidc.tabId.",
 	STATE: "oidc.state.",
 	NONCE: "oidc.nonce.",
 	CODE_VERIFIER: "oidc.code_verifier.",
 	LOGIN_PARAMS: "oidc.login.",
 	SW_VERSION_MISMATCH_RELOAD: "oidc.sw.version_mismatch_reload."
-}, ct = "oidc.sw.controllerchange_reload_count", lt = (e, t) => `${e}${t}`, ut = (e, t, n = "default") => `${e}_${t}#tabId=${n}`, dt = (e, t = "default") => `${ot}_${e}#tabId=${t}`, ft = (e) => typeof e == "string" ? Object.values(it).includes(e) : !1;
+}, ft = "oidc.sw.controllerchange_reload_count", pt = (e, t) => `${e}${t}`, mt = (e, t, n = "default") => `${e}_${t}#tabId=${n}`, ht = (e, t = "default") => `${ut}_${e}#tabId=${t}`, gt = (e) => typeof e == "string" ? Object.values(ct).includes(e) : !1;
 //#endregion
-export { ot as DPOP_TOKEN_PLACEHOLDER_PREFIX, nt as OidcClient, O as OidcLocation, rt as PROTOCOL_VERSION, st as STORAGE_KEY_PREFIX, ct as SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY, it as ServiceWorkerMessageType, at as TOKEN_PLACEHOLDERS, F as TokenAutomaticRenewMode, U as TokenRenewMode, dt as buildDpopSecuredPlaceholder, ut as buildSecuredTokenPlaceholder, lt as buildStorageKey, ke as getFetchDefault, M as getParseQueryStringFromLocation, ve as getPath, ft as isServiceWorkerMessageType, tt as signalServiceWorkerAsync };
+export { ut as DPOP_TOKEN_PLACEHOLDER_PREFIX, ot as OidcClient, O as OidcLocation, A as OidcStateError, k as OidcStateErrorCode, st as PROTOCOL_VERSION, dt as STORAGE_KEY_PREFIX, ft as SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY, ct as ServiceWorkerMessageType, lt as TOKEN_PLACEHOLDERS, R as TokenAutomaticRenewMode, G as TokenRenewMode, ht as buildDpopSecuredPlaceholder, mt as buildSecuredTokenPlaceholder, pt as buildStorageKey, ke as getFetchDefault, F as getParseQueryStringFromLocation, ve as getPath, ce as isOidcStateError, gt as isServiceWorkerMessageType, at as signalServiceWorkerAsync };