@axa-fr/oidc-client 7.4.1 → 7.5.1

package/dist/index.js

@@ -1,9 +1,9 @@
-const $ = console;
-class ge {
-  constructor(e, t, s, i = 2e3, o = !0) {
-    this._callback = e, this._client_id = t, this._url = s, this._interval = i || 2e3, this._stopOnError = o;
-    const r = s.indexOf("/", s.indexOf("//") + 2);
-    this._frame_origin = s.substr(0, r), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = s;
+const R = console;
+class Ie {
+  constructor(e, s, t, i = 2e3, o = !0) {
+    this._callback = e, this._client_id = s, this._url = t, this._interval = i || 2e3, this._stopOnError = o;
+    const r = t.indexOf("/", t.indexOf("//") + 2);
+    this._frame_origin = t.substr(0, r), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = t;
   }
   load() {
     return new Promise((e) => {
@@ -13,20 +13,20 @@ class ge {
     });
   }
   _message(e) {
-    e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? ($.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? ($.debug(e), $.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : $.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
+    e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (R.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (R.debug(e), R.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : R.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
   }
   start(e) {
-    $.debug("CheckSessionIFrame.start :" + e), this.stop();
-    const t = () => {
+    R.debug("CheckSessionIFrame.start :" + e), this.stop();
+    const s = () => {
       this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
     };
-    t(), this._timer = window.setInterval(t, this._interval);
+    s(), this._timer = window.setInterval(s, this._interval);
   }
   stop() {
-    this._timer && ($.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
+    this._timer && (R.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
   }
 }
-const m = {
+const k = {
   service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
   token_aquired: "token_aquired",
   logout_from_another_tab: "logout_from_another_tab",
@@ -53,89 +53,97 @@ const m = {
   syncTokensAsync_begin: "syncTokensAsync_begin",
   syncTokensAsync_end: "syncTokensAsync_end",
   syncTokensAsync_error: "syncTokensAsync_error"
-}, P = (n, e = sessionStorage) => {
-  const t = (k) => (e[`oidc.${n}`] = JSON.stringify({ tokens: null, status: k }), Promise.resolve()), s = async () => {
+}, I = (n, e = sessionStorage) => {
+  const s = (p) => (e[`oidc.${n}`] = JSON.stringify({ tokens: null, status: p }), Promise.resolve()), t = async () => {
     if (!e[`oidc.${n}`])
       return e[`oidc.${n}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
-    const k = JSON.parse(e[`oidc.${n}`]);
-    return Promise.resolve({ tokens: k.tokens, status: k.status });
-  }, i = (k) => {
-    e[`oidc.${n}`] = JSON.stringify({ tokens: k });
-  }, o = async (k) => {
-    e[`oidc.session_state.${n}`] = k;
-  }, r = async () => e[`oidc.session_state.${n}`], l = (k) => {
-    localStorage[`oidc.nonce.${n}`] = k.nonce;
-  }, c = async () => ({ nonce: localStorage[`oidc.nonce.${n}`] }), h = () => e[`oidc.${n}`] ? JSON.stringify({ tokens: JSON.parse(e[`oidc.${n}`]).tokens }) : null;
-  let a = null;
+    const p = JSON.parse(e[`oidc.${n}`]);
+    return Promise.resolve({ tokens: p.tokens, status: p.status });
+  }, i = (p) => {
+    e[`oidc.${n}`] = JSON.stringify({ tokens: p });
+  }, o = async (p) => {
+    e[`oidc.session_state.${n}`] = p;
+  }, r = async () => e[`oidc.session_state.${n}`], l = (p) => {
+    e[`oidc.nonce.${n}`] = p.nonce;
+  }, a = (p) => {
+    e[`oidc.jwk.${n}`] = JSON.stringify(p);
+  }, h = () => JSON.parse(e[`oidc.jwk.${n}`]), c = async () => ({ nonce: e[`oidc.nonce.${n}`] }), _ = (p) => {
+    e[`oidc.dpop_nonce.${n}`] = p;
+  }, y = () => e[`oidc.dpop_nonce.${n}`], u = () => e[`oidc.${n}`] ? JSON.stringify({ tokens: JSON.parse(e[`oidc.${n}`]).tokens }) : null;
+  let d = {};
   return {
-    clearAsync: t,
-    initAsync: s,
+    clearAsync: s,
+    initAsync: t,
     setTokens: i,
-    getTokens: h,
+    getTokens: u,
     setSessionStateAsync: o,
     getSessionStateAsync: r,
     setNonceAsync: l,
     getNonceAsync: c,
-    setLoginParams: (k, w) => {
-      a = w, e[`oidc.login.${k}`] = JSON.stringify(w);
+    setLoginParams: (p) => {
+      d[n] = p, e[`oidc.login.${n}`] = JSON.stringify(p);
     },
-    getLoginParams: (k) => {
-      const w = e[`oidc.login.${k}`];
-      return a || (a = JSON.parse(w)), a;
+    getLoginParams: () => {
+      const p = e[`oidc.login.${n}`];
+      return d[n] || (d[n] = JSON.parse(p)), d[n];
     },
     getStateAsync: async () => e[`oidc.state.${n}`],
-    setStateAsync: async (k) => {
-      e[`oidc.state.${n}`] = k;
+    setStateAsync: async (p) => {
+      e[`oidc.state.${n}`] = p;
     },
     getCodeVerifierAsync: async () => e[`oidc.code_verifier.${n}`],
-    setCodeVerifierAsync: async (k) => {
-      e[`oidc.code_verifier.${n}`] = k;
-    }
+    setCodeVerifierAsync: async (p) => {
+      e[`oidc.code_verifier.${n}`] = p;
+    },
+    setDemonstratingProofOfPossessionNonce: _,
+    getDemonstratingProofOfPossessionNonce: y,
+    setDemonstratingProofOfPossessionJwkAsync: a,
+    getDemonstratingProofOfPossessionJwkAsync: h
   };
-}, ke = (n) => decodeURIComponent(Array.prototype.map.call(atob(n), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), me = (n) => JSON.parse(ke(n.split(".")[1].replace("-", "+").replace("_", "/"))), Z = (n) => {
+}, Ce = (n) => decodeURIComponent(Array.prototype.map.call(atob(n), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), xe = (n) => JSON.parse(Ce(n.split(".")[1].replace("-", "+").replace("_", "/"))), re = (n) => {
   try {
-    return n && pe(n, ".") === 2 ? me(n) : null;
+    return n && Ne(n, ".") === 2 ? xe(n) : null;
   } catch (e) {
     console.warn(e);
   }
   return null;
-}, pe = (n, e) => n.split(e).length - 1, j = {
+}, Ne = (n, e) => n.split(e).length - 1, Y = {
   access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
   access_token_invalid: "access_token_invalid",
   id_token_invalid: "id_token_invalid"
 };
-function we(n, e, t) {
+function Le(n, e, s) {
   if (n.issuedAt) {
     if (typeof n.issuedAt == "string")
       return parseInt(n.issuedAt, 10);
   } else
-    return e && e.iat ? e.iat : t && t.iat ? t.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
+    return e && e.iat ? e.iat : s && s.iat ? s.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
   return n.issuedAt;
 }
-const ae = (n, e = null, t) => {
+const ye = (n, e = null, s) => {
   if (!n)
     return null;
-  let s;
+  let t;
   const i = typeof n.expiresIn == "string" ? parseInt(n.expiresIn, 10) : n.expiresIn;
-  n.accessTokenPayload !== void 0 ? s = n.accessTokenPayload : s = Z(n.accessToken);
-  const o = n.idTokenPayload ? n.idTokenPayload : Z(n.idToken), r = o && o.exp ? o.exp : Number.MAX_VALUE, l = s && s.exp ? s.exp : n.issuedAt + i;
-  n.issuedAt = we(n, s, o);
-  let c;
-  n.expiresAt ? c = n.expiresAt : t === j.access_token_invalid ? c = l : t === j.id_token_invalid ? c = r : c = r < l ? r : l;
-  const h = { ...n, idTokenPayload: o, accessTokenPayload: s, expiresAt: c };
+  n.accessTokenPayload !== void 0 ? t = n.accessTokenPayload : t = re(n.accessToken);
+  const o = n.idTokenPayload ? n.idTokenPayload : re(n.idToken), r = o && o.exp ? o.exp : Number.MAX_VALUE, l = t && t.exp ? t.exp : n.issuedAt + i;
+  n.issuedAt = Le(n, t, o);
+  let a;
+  n.expiresAt ? a = n.expiresAt : s === Y.access_token_invalid ? a = l : s === Y.id_token_invalid ? a = r : a = r < l ? r : l;
+  const h = { ...n, idTokenPayload: o, accessTokenPayload: t, expiresAt: a };
   if (e != null && "refreshToken" in e && !("refreshToken" in n)) {
-    const a = e.refreshToken;
-    return { ...h, refreshToken: a };
+    const c = e.refreshToken;
+    return { ...h, refreshToken: c };
   }
   return h;
-}, Y = (n, e, t) => {
+}, se = (n, e, s) => {
   if (!n)
     return null;
   if (!n.issued_at) {
     const i = (/* @__PURE__ */ new Date()).getTime() / 1e3;
     n.issued_at = i;
   }
-  const s = {
+  const t = {
     accessToken: n.access_token,
     expiresIn: n.expires_in,
     idToken: n.id_token,
@@ -143,129 +151,129 @@ const ae = (n, e = null, t) => {
     tokenType: n.token_type,
     issuedAt: n.issued_at
   };
-  return "refresh_token" in n && (s.refreshToken = n.refresh_token), n.accessTokenPayload !== void 0 && (s.accessTokenPayload = n.accessTokenPayload), n.idTokenPayload !== void 0 && (s.idTokenPayload = n.idTokenPayload), ae(s, e, t);
-}, D = (n, e) => {
-  const t = (/* @__PURE__ */ new Date()).getTime() / 1e3, s = e - t;
-  return Math.round(s - n);
-}, G = (n) => n ? D(0, n.expiresAt) > 0 : !1, Ae = async (n, e = 200, t = 50) => {
-  let s = t;
+  return "refresh_token" in n && (t.refreshToken = n.refresh_token), n.accessTokenPayload !== void 0 && (t.accessTokenPayload = n.accessTokenPayload), n.idTokenPayload !== void 0 && (t.idTokenPayload = n.idTokenPayload), ye(t, e, s);
+}, U = (n, e) => {
+  const s = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = e - s;
+  return Math.round(t - n);
+}, z = (n) => n ? U(0, n.expiresAt) > 0 : !1, We = async (n, e = 200, s = 50) => {
+  let t = s;
   if (!n.tokens)
     return null;
-  for (; !G(n.tokens) && s > 0; )
-    await W(e), s = s - 1;
+  for (; !z(n.tokens) && t > 0; )
+    await D(e), t = t - 1;
   return {
-    isTokensValid: G(n.tokens),
+    isTokensValid: z(n.tokens),
     tokens: n.tokens,
-    numberWaited: s - t
+    numberWaited: t - s
   };
-}, ce = (n, e, t) => {
+}, ge = (n, e, s) => {
   if (n.idTokenPayload) {
-    const s = n.idTokenPayload;
-    if (t.issuer !== s.iss)
-      return { isValid: !1, reason: `Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}` };
+    const t = n.idTokenPayload;
+    if (s.issuer !== t.iss)
+      return { isValid: !1, reason: `Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}` };
     const i = (/* @__PURE__ */ new Date()).getTime() / 1e3;
-    if (s.exp && s.exp < i)
-      return { isValid: !1, reason: `Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${i}` };
+    if (t.exp && t.exp < i)
+      return { isValid: !1, reason: `Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${i}` };
     const o = 60 * 60 * 24 * 7;
-    if (s.iat && s.iat + o < i)
-      return { isValid: !1, reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat + o} < (currentTimeUnixSecond) ${i}` };
-    if (s.nonce && s.nonce !== e)
-      return { isValid: !1, reason: `Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${e}` };
+    if (t.iat && t.iat + o < i)
+      return { isValid: !1, reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat + o} < (currentTimeUnixSecond) ${i}` };
+    if (t.nonce && t.nonce !== e)
+      return { isValid: !1, reason: `Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}` };
   }
   return { isValid: !0, reason: "" };
-}, M = function() {
+}, K = function() {
   const n = function() {
-    let c, h;
-    const a = (function() {
-      const f = {}, u = {
-        setTimeout: function(d, g, k) {
-          f[g] = setTimeout(function() {
-            d.postMessage(g), f[g] = null;
-          }, k);
+    let a, h;
+    const c = (function() {
+      const y = {}, u = {
+        setTimeout: function(f, g, w) {
+          y[g] = setTimeout(function() {
+            f.postMessage(g), y[g] = null;
+          }, w);
         },
-        setInterval: function(d, g, k) {
-          f[g] = setInterval(function() {
-            d.postMessage(g);
-          }, k);
+        setInterval: function(f, g, w) {
+          y[g] = setInterval(function() {
+            f.postMessage(g);
+          }, w);
         },
-        clearTimeout: function(d, g) {
-          clearTimeout(f[g]), f[g] = null;
+        clearTimeout: function(f, g) {
+          clearTimeout(y[g]), y[g] = null;
         },
-        clearInterval: function(d, g) {
-          clearInterval(f[g]), f[g] = null;
+        clearInterval: function(f, g) {
+          clearInterval(y[g]), y[g] = null;
         }
       };
-      function y(d, g) {
-        const k = g.data[0], w = g.data[1], S = g.data[2];
-        u[k] && u[k](d, w, S);
+      function d(f, g) {
+        const w = g.data[0], v = g.data[1], b = g.data[2];
+        u[w] && u[w](f, v, b);
       }
-      this.onmessage = function(d) {
-        y(self, d);
-      }, this.onconnect = function(d) {
-        const g = d.ports[0];
-        g.onmessage = function(k) {
-          y(g, k);
+      this.onmessage = function(f) {
+        d(self, f);
+      }, this.onconnect = function(f) {
+        const g = f.ports[0];
+        g.onmessage = function(w) {
+          d(g, w);
         };
       };
     }).toString();
     try {
-      const f = new Blob(["(", a, ")()"], { type: "application/javascript" });
-      h = URL.createObjectURL(f);
+      const y = new Blob(["(", c, ")()"], { type: "application/javascript" });
+      h = URL.createObjectURL(y);
     } catch {
       return null;
     }
     const _ = typeof process > "u";
     try {
       if (SharedWorker)
-        return c = new SharedWorker(h), c.port;
+        return a = new SharedWorker(h), a.port;
     } catch {
       _ && console.warn("SharedWorker not available");
     }
     try {
       if (Worker)
-        return c = new Worker(h), c;
+        return a = new Worker(h), a;
     } catch {
       _ && console.warn("Worker not available");
     }
     return null;
   }();
   if (!n) {
-    const c = typeof window > "u" ? global : window;
+    const a = typeof window > "u" ? global : window;
     return {
-      setTimeout: setTimeout.bind(c),
-      clearTimeout: clearTimeout.bind(c),
-      setInterval: setInterval.bind(c),
-      clearInterval: clearInterval.bind(c)
+      setTimeout: setTimeout.bind(a),
+      clearTimeout: clearTimeout.bind(a),
+      setInterval: setInterval.bind(a),
+      clearInterval: clearInterval.bind(a)
     };
   }
   const e = function() {
-    let c = 0;
+    let a = 0;
     return function() {
-      return c++, c;
+      return a++, a;
     };
-  }(), t = {}, s = {};
-  n.onmessage = function(c) {
-    const h = c.data, a = t[h];
-    if (a) {
-      a(), t[h] = null;
+  }(), s = {}, t = {};
+  n.onmessage = function(a) {
+    const h = a.data, c = s[h];
+    if (c) {
+      c(), s[h] = null;
       return;
     }
-    const _ = s[h];
+    const _ = t[h];
     _ && _();
   };
-  function i(c, h) {
-    const a = e();
-    return n.postMessage(["setTimeout", a, h]), t[a] = c, a;
+  function i(a, h) {
+    const c = e();
+    return n.postMessage(["setTimeout", c, h]), s[c] = a, c;
   }
-  function o(c) {
-    n.postMessage(["clearTimeout", c]), t[c] = null;
+  function o(a) {
+    n.postMessage(["clearTimeout", a]), s[a] = null;
   }
-  function r(c, h) {
-    const a = e();
-    return n.postMessage(["setInterval", a, h]), s[a] = c, a;
+  function r(a, h) {
+    const c = e();
+    return n.postMessage(["setInterval", c, h]), t[c] = a, c;
   }
-  function l(c) {
-    n.postMessage(["clearInterval", c]), s[c] = null;
+  function l(a) {
+    n.postMessage(["clearInterval", a]), t[a] = null;
   }
   return {
     setTimeout: i,
@@ -273,9 +281,9 @@ const ae = (n, e = null, t) => {
     setInterval: r,
     clearInterval: l
   };
-}(), ee = "7.4.1", le = (n) => {
-  const e = n.appVersion, t = n.userAgent, s = "-";
-  let i = s;
+}(), ae = "7.5.1", ke = (n) => {
+  const e = n.appVersion, s = n.userAgent, t = "-";
+  let i = t;
   const o = [
     { s: "Windows 10", r: /(Windows 10.0|Windows NT 10.0)/ },
     { s: "Windows 8.1", r: /(Windows 8.1|Windows NT 6.3)/ },
@@ -306,18 +314,18 @@ const ae = (n, e = null, t) => {
     { s: "Search Bot", r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/ }
   ];
   for (const l in o) {
-    const c = o[l];
-    if (c.r.test(t)) {
-      i = c.s;
+    const a = o[l];
+    if (a.r.test(s)) {
+      i = a.s;
       break;
     }
   }
-  let r = s;
+  let r = t;
   switch (/Windows/.test(i) && (r = /Windows (.*)/.exec(i)[1], i = "Windows"), i) {
     case "Mac OS":
     case "Mac OS X":
     case "Android":
-      r = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];
+      r = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];
       break;
     case "iOS": {
       const l = /OS (\d+)_(\d+)_?(\d+)?/.exec(e);
@@ -330,57 +338,57 @@ const ae = (n, e = null, t) => {
     osVersion: r
   };
 };
-function ve() {
+function De() {
   const n = navigator.userAgent;
-  let e, t = n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
-  if (/trident/i.test(t[1]))
+  let e, s = n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
+  if (/trident/i.test(s[1]))
     return e = /\brv[ :]+(\d+)/g.exec(n) || [], { name: "ie", version: e[1] || "" };
-  if (t[1] === "Chrome" && (e = n.match(/\bOPR|Edge\/(\d+)/), e != null)) {
-    let s = e[1];
-    if (!s) {
+  if (s[1] === "Chrome" && (e = n.match(/\bOPR|Edge\/(\d+)/), e != null)) {
+    let t = e[1];
+    if (!t) {
       const i = n.split(e[0] + "/");
-      i.length > 1 && (s = i[1]);
+      i.length > 1 && (t = i[1]);
     }
-    return { name: "opera", version: s };
+    return { name: "opera", version: t };
   }
-  return t = t[2] ? [t[1], t[2]] : [navigator.appName, navigator.appVersion, "-?"], (e = n.match(/version\/(\d+)/i)) != null && t.splice(1, 1, e[1]), {
-    name: t[0].toLowerCase(),
-    version: t[1]
+  return s = s[2] ? [s[1], s[2]] : [navigator.appName, navigator.appVersion, "-?"], (e = n.match(/version\/(\d+)/i)) != null && s.splice(1, 1, e[1]), {
+    name: s[0].toLowerCase(),
+    version: s[1]
   };
 }
-let ne = null;
-const W = (n) => new Promise((e) => M.setTimeout(e, n));
-let B;
-const ue = () => {
+let ce = null;
+const D = (n) => new Promise((e) => K.setTimeout(e, n));
+let q;
+const me = () => {
   try {
-    const e = le(navigator).os === "Android" ? 240 : 150;
-    B = new AbortController(), fetch(`/OidcKeepAliveServiceWorker.json?minSleepSeconds=${e}`, { signal: B.signal }).catch((s) => {
-      console.log(s);
-    }), W(e * 1e3).then(ue);
+    const e = ke(navigator).os === "Android" ? 240 : 150;
+    q = new AbortController(), fetch(`/OidcKeepAliveServiceWorker.json?minSleepSeconds=${e}`, { signal: q.signal }).catch((t) => {
+      console.log(t);
+    }), D(e * 1e3).then(me);
   } catch (n) {
     console.log(n);
   }
-}, te = () => {
-  B && B.abort();
-}, Se = () => fetch("/OidcKeepAliveServiceWorker.json", {
+}, le = () => {
+  q && q.abort();
+}, $e = () => fetch("/OidcKeepAliveServiceWorker.json", {
   headers: {
     "oidc-vanilla": "true"
   }
 }).then((n) => n.statusText === "oidc-service-worker").catch((n) => {
   console.log(n);
-}), Te = (n) => !!(n.os === "iOS" && n.osVersion.startsWith("12") || n.os === "Mac OS X" && n.osVersion.startsWith("10_15_6")), b = (n) => (e) => new Promise(function(t, s) {
+}), Re = (n) => !!(n.os === "iOS" && n.osVersion.startsWith("12") || n.os === "Mac OS X" && n.osVersion.startsWith("10_15_6")), P = (n) => (e) => new Promise(function(s, t) {
   const i = new MessageChannel();
   i.port1.onmessage = function(o) {
-    o.data && o.data.error ? s(o.data.error) : t(o.data);
+    o.data && o.data.error ? t(o.data.error) : s(o.data);
   }, n.active.postMessage(e, [i.port2]);
-}), I = async (n, e) => {
+}), x = async (n, e) => {
   if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n)
     return null;
-  const { name: t, version: s } = ve();
-  if (t === "chrome" && parseInt(s) <= 70 || t === "opera" && (!s || parseInt(s.split(".")[0]) < 80) || t === "ie")
+  const { name: s, version: t } = De();
+  if (s === "chrome" && parseInt(t) <= 70 || s === "opera" && (!t || parseInt(t.split(".")[0]) < 80) || s === "ie")
     return null;
-  const i = le(navigator);
-  if (Te(i))
+  const i = ke(navigator);
+  if (Re(i))
     return null;
   const o = await navigator.serviceWorker.register(n);
   try {
@@ -388,569 +396,705 @@ const ue = () => {
   } catch {
     return null;
   }
-  const r = async (p) => b(o)({ type: "clear", data: { status: p }, configurationName: e }), l = async (p, A, T) => {
-    const v = await b(o)({
+  const r = async (m) => P(o)({ type: "clear", data: { status: m }, configurationName: e }), l = async (m, S, A) => {
+    const T = await P(o)({
       type: "init",
       data: {
-        oidcServerConfiguration: p,
-        where: A,
+        oidcServerConfiguration: m,
+        where: S,
         oidcConfiguration: {
-          token_renew_mode: T.token_renew_mode,
-          service_worker_convert_all_requests_to_cors: T.service_worker_convert_all_requests_to_cors
+          token_renew_mode: A.token_renew_mode,
+          service_worker_convert_all_requests_to_cors: A.service_worker_convert_all_requests_to_cors
         }
       },
       configurationName: e
-    }), O = v.version;
-    if (O !== ee)
-      if (console.warn(`Service worker ${O} version mismatch with js client version ${ee}, unregistering and reloading`), T.service_worker_update_require_callback)
-        await T.service_worker_update_require_callback(o, te);
+    }), B = T.version;
+    if (B !== ae)
+      if (console.warn(`Service worker ${B} version mismatch with js client version ${ae}, unregistering and reloading`), A.service_worker_update_require_callback)
+        await A.service_worker_update_require_callback(o, le);
       else {
-        te(), await o.update();
-        const C = await o.unregister();
-        console.log(`Service worker unregistering ${C}`), await W(2e3), window.location.reload();
+        le(), await o.update();
+        const X = await o.unregister();
+        console.log(`Service worker unregistering ${X}`), await D(2e3), window.location.reload();
       }
-    return { tokens: Y(v.tokens, null, T.token_renew_mode), status: v.status };
-  }, c = () => {
-    ne == null && (ne = "not_null", ue());
-  }, h = (p) => b(o)({ type: "setSessionState", data: { sessionState: p }, configurationName: e }), a = async () => (await b(o)({ type: "getSessionState", data: null, configurationName: e })).sessionState, _ = (p) => (sessionStorage["oidc.nonce"] = p.nonce, b(o)({ type: "setNonce", data: { nonce: p }, configurationName: e })), f = async () => {
-    let A = (await b(o)({ type: "getNonce", data: null, configurationName: e })).nonce;
-    return A || (A = sessionStorage["oidc.nonce"], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: A };
+    return { tokens: se(T.tokens, null, A.token_renew_mode), status: T.status };
+  }, a = () => {
+    ce == null && (ce = "not_null", me());
+  }, h = (m) => P(o)({ type: "setSessionState", data: { sessionState: m }, configurationName: e }), c = async () => (await P(o)({ type: "getSessionState", data: null, configurationName: e })).sessionState, _ = (m) => (sessionStorage[`oidc.nonce.${e}`] = m.nonce, P(o)({ type: "setNonce", data: { nonce: m }, configurationName: e })), y = async () => {
+    let S = (await P(o)({ type: "getNonce", data: null, configurationName: e })).nonce;
+    return S || (S = sessionStorage[`oidc.nonce.${e}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: S };
   };
-  let u = null;
+  let u = {};
   return {
     clearAsync: r,
     initAsync: l,
-    startKeepAliveServiceWorker: c,
-    isServiceWorkerProxyActiveAsync: Se,
+    startKeepAliveServiceWorker: a,
+    isServiceWorkerProxyActiveAsync: $e,
     setSessionStateAsync: h,
-    getSessionStateAsync: a,
+    getSessionStateAsync: c,
     setNonceAsync: _,
-    getNonceAsync: f,
-    setLoginParams: (p, A) => {
-      u = A, localStorage[`oidc.login.${p}`] = JSON.stringify(A);
+    getNonceAsync: y,
+    setLoginParams: (m) => {
+      u[e] = m, localStorage[`oidc.login.${e}`] = JSON.stringify(m);
     },
-    getLoginParams: (p) => {
-      const A = localStorage[`oidc.login.${p}`];
-      return u || (u = JSON.parse(A)), u;
+    getLoginParams: () => {
+      const m = localStorage[`oidc.login.${e}`];
+      return u[e] || (u[e] = JSON.parse(m)), u[e];
     },
     getStateAsync: async () => {
-      let A = (await b(o)({ type: "getState", data: null, configurationName: e })).state;
-      return A || (A = sessionStorage[`oidc.state.${e}`], console.warn("state not found in service worker, using sessionStorage")), A;
+      let S = (await P(o)({ type: "getState", data: null, configurationName: e })).state;
+      return S || (S = sessionStorage[`oidc.state.${e}`], console.warn("state not found in service worker, using sessionStorage")), S;
     },
-    setStateAsync: async (p) => (sessionStorage[`oidc.state.${e}`] = p, b(o)({ type: "setState", data: { state: p }, configurationName: e })),
+    setStateAsync: async (m) => (sessionStorage[`oidc.state.${e}`] = m, P(o)({ type: "setState", data: { state: m }, configurationName: e })),
     getCodeVerifierAsync: async () => {
-      let A = (await b(o)({ type: "getCodeVerifier", data: null, configurationName: e })).codeVerifier;
-      return A || (A = sessionStorage[`oidc.code_verifier.${e}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), A;
+      let S = (await P(o)({ type: "getCodeVerifier", data: null, configurationName: e })).codeVerifier;
+      return S || (S = sessionStorage[`oidc.code_verifier.${e}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), S;
     },
-    setCodeVerifierAsync: async (p) => (sessionStorage[`oidc.code_verifier.${e}`] = p, b(o)({ type: "setCodeVerifier", data: { codeVerifier: p }, configurationName: e }))
+    setCodeVerifierAsync: async (m) => (sessionStorage[`oidc.code_verifier.${e}`] = m, P(o)({ type: "setCodeVerifier", data: { codeVerifier: m }, configurationName: e })),
+    setDemonstratingProofOfPossessionNonce: (m) => {
+      P(o)({ type: "setDemonstratingProofOfPossessionNonce", data: { demonstratingProofOfPossessionNonce: m }, configurationName: e });
+    },
+    getDemonstratingProofOfPossessionNonce: async () => (await P(o)({ type: "getDemonstratingProofOfPossessionNonce", data: null, configurationName: e })).demonstratingProofOfPossessionNonce,
+    setDemonstratingProofOfPossessionJwkAsync: (m) => {
+      const S = JSON.stringify(m);
+      P(o)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson: S }, configurationName: e });
+    },
+    getDemonstratingProofOfPossessionJwkAsync: async () => {
+      const m = await P(o)({ type: "getDemonstratingProofOfPossessionJwk", data: null, configurationName: e });
+      return m.demonstratingProofOfPossessionJwkJson ? JSON.parse(m.demonstratingProofOfPossessionJwkJson) : null;
+    }
   };
 };
-async function de(n, e, t = !1, s = null) {
-  const i = (c) => {
-    n.tokens = c;
-  }, { tokens: o, status: r } = await n.synchroniseTokensAsync(e, 0, t, s, i);
-  if (await I(n.configuration.service_worker_relative_url, n.configurationName) || await P(n.configurationName, n.configuration.storage).setTokens(n.tokens), !n.tokens) {
+async function pe(n, e, s = !1, t = null) {
+  const i = (a) => {
+    n.tokens = a;
+  }, { tokens: o, status: r } = await n.synchroniseTokensAsync(e, 0, s, t, i);
+  if (await x(n.configuration.service_worker_relative_url, n.configurationName) || await I(n.configurationName, n.configuration.storage).setTokens(n.tokens), !n.tokens) {
     await n.destroyAsync(r);
     return;
   }
-  return n.timeoutId && (n.timeoutId = V(n, o.refreshToken, n.tokens.expiresAt, s)), n.tokens;
+  return n.timeoutId && (n.timeoutId = M(n, o.refreshToken, n.tokens.expiresAt, t)), n.tokens;
 }
-const V = (n, e, t, s = null) => {
+const M = (n, e, s, t = null) => {
   const i = n.configuration.refresh_time_before_tokens_expiration_in_second;
-  return M.setTimeout(async () => {
-    const r = { timeLeft: D(i, t) };
-    n.publishEvent(x.eventNames.token_timer, r), await de(n, e, !1, s);
+  return K.setTimeout(async () => {
+    const r = { timeLeft: U(i, s) };
+    n.publishEvent($.eventNames.token_timer, r), await pe(n, e, !1, t);
   }, 1e3);
-}, Q = (n, e, t) => (s = null, i = null, o = null) => {
+}, te = (n, e, s) => (t = null, i = null, o = null) => {
   if (!e.silent_redirect_uri || !e.silent_login_uri)
     return Promise.resolve(null);
   try {
-    t(m.silentLoginAsync_begin, {});
+    s(k.silentLoginAsync_begin, {});
     let r = "";
-    if (i && (s == null && (s = {}), s.state = i), o && (s == null && (s = {}), s.scope = o), s != null)
-      for (const [_, f] of Object.entries(s))
-        r === "" ? r = `?${encodeURIComponent(_)}=${encodeURIComponent(f)}` : r += `&${encodeURIComponent(_)}=${encodeURIComponent(f)}`;
-    const l = e.silent_login_uri + r, c = l.indexOf("/", l.indexOf("//") + 2), h = l.substr(0, c), a = document.createElement("iframe");
-    return a.width = "0px", a.height = "0px", a.id = `${n}_oidc_iframe`, a.setAttribute("src", l), document.body.appendChild(a), new Promise((_, f) => {
+    if (i && (t == null && (t = {}), t.state = i), o && (t == null && (t = {}), t.scope = o), t != null)
+      for (const [_, y] of Object.entries(t))
+        r === "" ? r = `?${encodeURIComponent(_)}=${encodeURIComponent(y)}` : r += `&${encodeURIComponent(_)}=${encodeURIComponent(y)}`;
+    const l = e.silent_login_uri + r, a = l.indexOf("/", l.indexOf("//") + 2), h = l.substr(0, a), c = document.createElement("iframe");
+    return c.width = "0px", c.height = "0px", c.id = `${n}_oidc_iframe`, c.setAttribute("src", l), document.body.appendChild(c), new Promise((_, y) => {
       try {
         let u = !1;
-        window.onmessage = (d) => {
-          if (d.origin === h && d.source === a.contentWindow) {
-            const g = `${n}_oidc_tokens:`, k = `${n}_oidc_error:`, w = d.data;
-            if (w && typeof w == "string" && !u) {
-              if (w.startsWith(g)) {
-                const S = JSON.parse(d.data.replace(g, ""));
-                t(m.silentLoginAsync_end, {}), a.remove(), u = !0, _(S);
-              } else if (w.startsWith(k)) {
-                const S = JSON.parse(d.data.replace(k, ""));
-                t(m.silentLoginAsync_error, S), a.remove(), u = !0, f(new Error("oidc_" + S.error));
+        window.onmessage = (f) => {
+          if (f.origin === h && f.source === c.contentWindow) {
+            const g = `${n}_oidc_tokens:`, w = `${n}_oidc_error:`, v = f.data;
+            if (v && typeof v == "string" && !u) {
+              if (v.startsWith(g)) {
+                const b = JSON.parse(f.data.replace(g, ""));
+                s(k.silentLoginAsync_end, {}), c.remove(), u = !0, _(b);
+              } else if (v.startsWith(w)) {
+                const b = JSON.parse(f.data.replace(w, ""));
+                s(k.silentLoginAsync_error, b), c.remove(), u = !0, y(new Error("oidc_" + b.error));
               }
             }
           }
         };
-        const y = e.silent_login_timeout;
+        const d = e.silent_login_timeout;
         setTimeout(() => {
-          u || (t(m.silentLoginAsync_error, { reason: "timeout" }), a.remove(), u = !0, f(new Error("timeout")));
-        }, y);
+          u || (s(k.silentLoginAsync_error, { reason: "timeout" }), c.remove(), u = !0, y(new Error("timeout")));
+        }, d);
       } catch (u) {
-        a.remove(), t(m.silentLoginAsync_error, u), f(u);
+        c.remove(), s(k.silentLoginAsync_error, u), y(u);
       }
     });
   } catch (r) {
-    throw t(m.silentLoginAsync_error, r), r;
+    throw s(k.silentLoginAsync_error, r), r;
   }
-}, be = (n, e, t, s, i) => (o = null, r = void 0) => {
+}, Fe = (n, e, s, t, i) => (o = null, r = void 0) => {
   o = { ...o };
-  const l = (h, a, _) => Q(e, t, s.bind(i))(h, a, _);
+  const l = (h, c, _) => te(e, s, t.bind(i))(h, c, _);
   return (async () => {
-    i.timeoutId && M.clearTimeout(i.timeoutId);
+    i.timeoutId && K.clearTimeout(i.timeoutId);
     let h;
     o && "state" in o && (h = o.state, delete o.state);
     try {
-      const a = t.extras ? { ...t.extras, ...o } : o, _ = await l({
-        ...a,
+      const c = s.extras ? { ...s.extras, ...o } : o, _ = await l({
+        ...c,
         prompt: "none"
       }, h, r);
       if (_)
-        return i.tokens = _.tokens, s(m.token_aquired, {}), i.timeoutId = V(i, i.tokens.refreshToken, i.tokens.expiresAt, o), {};
-    } catch (a) {
-      return a;
+        return i.tokens = _.tokens, t(k.token_aquired, {}), i.timeoutId = M(i, i.tokens.refreshToken, i.tokens.expiresAt, o), {};
+    } catch (c) {
+      return c;
     }
   })();
-}, Ee = (n, e, t) => (s, i, o, r = !1) => {
-  const l = (c, h = void 0, a = void 0) => Q(n.configurationName, t, n.publishEvent.bind(n))(c, h, a);
-  return new Promise((c, h) => {
-    if (t.silent_login_uri && t.silent_redirect_uri && t.monitor_session && s && o && !r) {
-      const a = () => {
+}, Ve = (n, e, s) => (t, i, o, r = !1) => {
+  const l = (a, h = void 0, c = void 0) => te(n.configurationName, s, n.publishEvent.bind(n))(a, h, c);
+  return new Promise((a, h) => {
+    if (s.silent_login_uri && s.silent_redirect_uri && s.monitor_session && t && o && !r) {
+      const c = () => {
         n.checkSessionIFrame.stop();
         const _ = n.tokens;
         if (_ === null)
           return;
-        const f = _.idToken, u = _.idTokenPayload;
+        const y = _.idToken, u = _.idTokenPayload;
         return l({
           prompt: "none",
-          id_token_hint: f,
-          scope: t.scope || "openid"
-        }).then((y) => {
-          const d = y.tokens.idTokenPayload;
-          if (u.sub === d.sub) {
-            const g = y.sessionState;
-            n.checkSessionIFrame.start(y.sessionState), u.sid === d.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", g) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", g);
+          id_token_hint: y,
+          scope: s.scope || "openid"
+        }).then((d) => {
+          const f = d.tokens.idTokenPayload;
+          if (u.sub === f.sub) {
+            const g = d.sessionState;
+            n.checkSessionIFrame.start(d.sessionState), u.sid === f.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", g) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", g);
           } else
-            console.debug("SessionMonitor._callback: Different subject signed into OP:", d.sub);
-        }).catch(async (y) => {
-          console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", y);
-          for (const [d, g] of Object.entries(e))
-            await g.logoutOtherTabAsync(t.client_id, u.sub);
+            console.debug("SessionMonitor._callback: Different subject signed into OP:", f.sub);
+        }).catch(async (d) => {
+          console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", d);
+          for (const [f, g] of Object.entries(e))
+            await g.logoutOtherTabAsync(s.client_id, u.sub);
         });
       };
-      n.checkSessionIFrame = new ge(a, i, s), n.checkSessionIFrame.load().then(() => {
-        n.checkSessionIFrame.start(o), c(n.checkSessionIFrame);
+      n.checkSessionIFrame = new Ie(c, i, t), n.checkSessionIFrame.load().then(() => {
+        n.checkSessionIFrame.start(o), a(n.checkSessionIFrame);
       }).catch((_) => {
         h(_);
       });
     } else
-      c(null);
+      a(null);
   });
 };
-var Ie = Le, E = [], se = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-for (var K = 0, Pe = se.length; K < Pe; ++K)
-  E[K] = se[K];
-function Oe(n) {
-  return E[n >> 18 & 63] + E[n >> 12 & 63] + E[n >> 6 & 63] + E[n & 63];
+var Ue = Be, N = [], ue = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+for (var j = 0, Me = ue.length; j < Me; ++j)
+  N[j] = ue[j];
+function Ke(n) {
+  return N[n >> 18 & 63] + N[n >> 12 & 63] + N[n >> 6 & 63] + N[n & 63];
 }
-function Ce(n, e, t) {
-  for (var s, i = [], o = e; o < t; o += 3)
-    s = (n[o] << 16 & 16711680) + (n[o + 1] << 8 & 65280) + (n[o + 2] & 255), i.push(Oe(s));
+function Je(n, e, s) {
+  for (var t, i = [], o = e; o < s; o += 3)
+    t = (n[o] << 16 & 16711680) + (n[o + 1] << 8 & 65280) + (n[o + 2] & 255), i.push(Ke(t));
   return i.join("");
 }
-function Le(n) {
-  for (var e, t = n.length, s = t % 3, i = [], o = 16383, r = 0, l = t - s; r < l; r += o)
-    i.push(Ce(n, r, r + o > l ? l : r + o));
-  return s === 1 ? (e = n[t - 1], i.push(
-    E[e >> 2] + E[e << 4 & 63] + "=="
-  )) : s === 2 && (e = (n[t - 2] << 8) + n[t - 1], i.push(
-    E[e >> 10] + E[e >> 4 & 63] + E[e << 2 & 63] + "="
+function Be(n) {
+  for (var e, s = n.length, t = s % 3, i = [], o = 16383, r = 0, l = s - t; r < l; r += o)
+    i.push(Je(n, r, r + o > l ? l : r + o));
+  return t === 1 ? (e = n[s - 1], i.push(
+    N[e >> 2] + N[e << 4 & 63] + "=="
+  )) : t === 2 && (e = (n[s - 2] << 8) + n[s - 1], i.push(
+    N[e >> 10] + N[e >> 4 & 63] + N[e << 2 & 63] + "="
   )), i.join("");
 }
-const he = () => {
+const we = () => {
   const n = typeof window < "u" && !!window.crypto, e = n && !!window.crypto.subtle;
   return { hasCrypto: n, hasSubtleCrypto: e };
-}, J = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", Ne = (n) => {
+}, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", je = (n) => {
   const e = [];
-  for (let t = 0; t < n.byteLength; t += 1) {
-    const s = n[t] % J.length;
-    e.push(J[s]);
+  for (let s = 0; s < n.byteLength; s += 1) {
+    const t = n[s] % Q.length;
+    e.push(Q[t]);
   }
   return e.join("");
-}, We = (n) => Ie(new Uint8Array(n)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, ""), H = (n) => {
-  const e = new Uint8Array(n), { hasCrypto: t } = he();
-  if (t)
+}, qe = (n) => Ue(new Uint8Array(n)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, ""), Z = (n) => {
+  const e = new Uint8Array(n), { hasCrypto: s } = we();
+  if (s)
     window.crypto.getRandomValues(e);
   else
-    for (let s = 0; s < n; s += 1)
-      e[s] = Math.random() * J.length | 0;
-  return Ne(e);
+    for (let t = 0; t < n; t += 1)
+      e[t] = Math.random() * Q.length | 0;
+  return je(e);
 };
-function xe(n) {
-  const e = new ArrayBuffer(n.length), t = new Uint8Array(e);
-  for (let s = 0; s < n.length; s++)
-    t[s] = n.charCodeAt(s);
-  return t;
+function Ge(n) {
+  const e = new ArrayBuffer(n.length), s = new Uint8Array(e);
+  for (let t = 0; t < n.length; t++)
+    s[t] = n.charCodeAt(t);
+  return s;
+}
+function Ae(n) {
+  return new Promise((e, s) => {
+    crypto.subtle.digest("SHA-256", Ge(n)).then((t) => e(qe(new Uint8Array(t))), (t) => s(t));
+  });
 }
-const $e = (n) => {
+const He = (n) => {
   if (n.length < 43 || n.length > 128)
     return Promise.reject(new Error("Invalid code length."));
-  const { hasSubtleCrypto: e } = he();
-  return e ? new Promise((t, s) => {
-    crypto.subtle.digest("SHA-256", xe(n)).then((i) => t(We(new Uint8Array(i))), (i) => s(i));
-  }) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
-}, F = {}, Fe = (n, e = window.sessionStorage, t) => {
+  const { hasSubtleCrypto: e } = we();
+  return e ? Ae(n) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
+}, F = {}, Xe = (n, e = window.sessionStorage, s) => {
   if (!F[n] && e) {
     const i = e.getItem(n);
     i && (F[n] = JSON.parse(i));
   }
-  const s = 1e3 * t;
-  return F[n] && F[n].timestamp + s > Date.now() ? F[n].result : null;
-}, Re = (n, e, t = window.sessionStorage) => {
-  const s = Date.now();
-  F[n] = { result: e, timestamp: s }, t && t.setItem(n, JSON.stringify({ result: e, timestamp: s }));
-}, De = 60 * 60, Ve = (n) => async (e, t = De, s = window.sessionStorage, i = 1e4) => {
-  const o = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, l = Fe(r, s, t);
+  const t = 1e3 * s;
+  return F[n] && F[n].timestamp + t > Date.now() ? F[n].result : null;
+}, Ye = (n, e, s = window.sessionStorage) => {
+  const t = Date.now();
+  F[n] = { result: e, timestamp: t }, s && s.setItem(n, JSON.stringify({ result: e, timestamp: t }));
+}, ze = 60 * 60, Qe = (n) => async (e, s = ze, t = window.sessionStorage, i = 1e4) => {
+  const o = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, l = Xe(r, t, s);
   if (l)
-    return new z(l);
-  const c = await U(n)(o, {}, i);
-  if (c.status !== 200)
+    return new ne(l);
+  const a = await J(n)(o, {}, i);
+  if (a.status !== 200)
     return null;
-  const h = await c.json();
-  return Re(r, h, s), new z(h);
-}, U = (n) => async (e, t = {}, s = 1e4, i = 0) => {
+  const h = await a.json();
+  return Ye(r, h, t), new ne(h);
+}, J = (n) => async (e, s = {}, t = 1e4, i = 0) => {
   let o;
   try {
     const r = new AbortController();
-    setTimeout(() => r.abort(), s), o = await n(e, { ...t, signal: r.signal });
+    setTimeout(() => r.abort(), t), o = await n(e, { ...s, signal: r.signal });
   } catch (r) {
     if (r.name === "AbortError" || r.message === "Network request failed") {
       if (i <= 1)
-        return await U(n)(e, t, s, i + 1);
+        return await J(n)(e, s, t, i + 1);
       throw r;
     } else
       throw console.error(r.message), r;
   }
   return o;
-}, X = {
+}, ee = {
   refresh_token: "refresh_token",
   access_token: "access_token"
-}, oe = (n) => async (e, t, s = X.refresh_token, i, o = 1e4) => {
+}, de = (n) => async (e, s, t = ee.refresh_token, i, o = 1e4) => {
   const r = {
-    token: t,
-    token_type_hint: s,
+    token: s,
+    token_type_hint: t,
     client_id: i
   }, l = [];
-  for (const a in r) {
-    const _ = encodeURIComponent(a), f = encodeURIComponent(r[a]);
-    l.push(`${_}=${f}`);
+  for (const c in r) {
+    const _ = encodeURIComponent(c), y = encodeURIComponent(r[c]);
+    l.push(`${_}=${y}`);
   }
-  const c = l.join("&");
-  return (await U(n)(e, {
+  const a = l.join("&");
+  return (await J(n)(e, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
     },
-    body: c
+    body: a
   }, o)).status !== 200 ? { success: !1 } : {
     success: !0
   };
-}, Me = (n) => async (e, t, s, i, o, r = 1e4) => {
-  for (const [_, f] of Object.entries(s))
-    t[_] === void 0 && (t[_] = f);
-  const l = [];
-  for (const _ in t) {
-    const f = encodeURIComponent(_), u = encodeURIComponent(t[_]);
-    l.push(`${f}=${u}`);
-  }
-  const c = l.join("&"), h = await U(n)(e, {
+}, Ze = (n) => async (e, s, t, i, o = {}, r, l = 1e4) => {
+  for (const [u, d] of Object.entries(t))
+    s[u] === void 0 && (s[u] = d);
+  const a = [];
+  for (const u in s) {
+    const d = encodeURIComponent(u), f = encodeURIComponent(s[u]);
+    a.push(`${d}=${f}`);
+  }
+  const h = a.join("&"), c = await J(n)(e, {
     method: "POST",
     headers: {
-      "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
+      "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
+      ...o
     },
-    body: c
-  }, r);
-  if (h.status !== 200)
-    return { success: !1, status: h.status };
-  const a = await h.json();
-  return {
+    body: h
+  }, l);
+  if (c.status !== 200)
+    return { success: !1, status: c.status, demonstratingProofOfPossessionNonce: null };
+  const _ = await c.json();
+  let y = null;
+  return c.headers.has(G) && (y = c.headers.get(G)), {
     success: !0,
-    data: Y(a, i, o)
+    data: se(_, i, r),
+    demonstratingProofOfPossessionNonce: y
   };
-}, Ue = (n) => async (e, t) => {
-  t = t ? { ...t } : {};
-  const s = H(128), i = await $e(s);
-  await n.setCodeVerifierAsync(s), await n.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
+}, en = (n) => async (e, s) => {
+  s = s ? { ...s } : {};
+  const t = Z(128), i = await He(t);
+  await n.setCodeVerifierAsync(t), await n.setStateAsync(s.state), s.code_challenge = i, s.code_challenge_method = "S256";
   let o = "";
-  if (t)
-    for (const [r, l] of Object.entries(t))
+  if (s)
+    for (const [r, l] of Object.entries(s))
       o === "" ? o += "?" : o += "&", o += `${r}=${encodeURIComponent(l)}`;
   window.location.href = `${e}${o}`;
-}, Ke = (n) => async (e, t, s, i = 1e4) => {
-  t = t ? { ...t } : {}, t.code_verifier = await n.getCodeVerifierAsync();
-  const o = [];
-  for (const h in t) {
-    const a = encodeURIComponent(h), _ = encodeURIComponent(t[h]);
-    o.push(`${a}=${_}`);
-  }
-  const r = o.join("&"), l = await U(fetch)(e, {
+}, G = "DPoP-Nonce", nn = (n) => async (e, s, t, i, o = 1e4) => {
+  s = s ? { ...s } : {}, s.code_verifier = await n.getCodeVerifierAsync();
+  const r = [];
+  for (const _ in s) {
+    const y = encodeURIComponent(_), u = encodeURIComponent(s[_]);
+    r.push(`${y}=${u}`);
+  }
+  const l = r.join("&"), a = await J(fetch)(e, {
     method: "POST",
     headers: {
-      "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
+      "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
+      ...t
     },
-    body: r
-  }, i);
-  if (await Promise.all([n.setCodeVerifierAsync(null), n.setStateAsync(null)]), l.status !== 200)
-    return { success: !1, status: l.status };
-  const c = await l.json();
+    body: l
+  }, o);
+  if (await Promise.all([n.setCodeVerifierAsync(null), n.setStateAsync(null)]), a.status !== 200)
+    return { success: !1, status: a.status };
+  let h = null;
+  a.headers.has(G) && (h = a.headers.get(G));
+  const c = await a.json();
   return {
     success: !0,
     data: {
-      state: t.state,
-      tokens: Y(c, null, s)
+      state: s.state,
+      tokens: se(c, null, i),
+      demonstratingProofOfPossessionNonce: h
     }
   };
-}, _e = (n) => {
+}, ve = (n) => {
   const e = n.match(
     // eslint-disable-next-line no-useless-escape
     /^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
   );
   if (!e)
     throw new Error("Invalid URL");
-  let t = e[6], s = e[7];
-  if (s) {
-    const i = s.split("?");
-    i.length === 2 && (s = i[0], t = i[1]);
+  let s = e[6], t = e[7];
+  if (t) {
+    const i = t.split("?");
+    i.length === 2 && (t = i[0], s = i[1]);
   }
-  return t.startsWith("?") && (t = t.slice(1)), e && {
+  return s.startsWith("?") && (s = s.slice(1)), e && {
     href: n,
     protocol: e[1],
     host: e[2],
     hostname: e[3],
     port: e[4],
     path: e[5],
-    search: t,
-    hash: s
+    search: s,
+    hash: t
   };
-}, Ze = (n) => {
-  const e = _e(n);
-  let { path: t } = e;
-  t.endsWith("/") && (t = t.slice(0, -1));
-  let { hash: s } = e;
-  return s === "#_=_" && (s = ""), s && (t += s), t;
-}, q = (n) => {
-  const e = _e(n), { search: t } = e;
-  return Be(t);
-}, Be = (n) => {
+}, kn = (n) => {
+  const e = ve(n);
+  let { path: s } = e;
+  s.endsWith("/") && (s = s.slice(0, -1));
+  let { hash: t } = e;
+  return t === "#_=_" && (t = ""), t && (s += t), s;
+}, H = (n) => {
+  const e = ve(n), { search: s } = e;
+  return sn(s);
+}, sn = (n) => {
   const e = {};
-  let t, s, i;
+  let s, t, i;
   const o = n.split("&");
-  for (s = 0, i = o.length; s < i; s++)
-    t = o[s].split("="), e[decodeURIComponent(t[0])] = decodeURIComponent(t[1]);
+  for (t = 0, i = o.length; t < i; t++)
+    s = o[t].split("="), e[decodeURIComponent(s[0])] = decodeURIComponent(s[1]);
   return e;
-}, qe = (n, e, t, s, i) => (o = void 0, r = null, l = !1, c = void 0) => {
+};
+function Se(n) {
+  return new TextEncoder().encode(n);
+}
+function Te(n) {
+  return btoa(n).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
+}
+function tn(n) {
+  return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g, function(t, i) {
+    return String.fromCharCode(parseInt(i, 16));
+  });
+}
+function be(n) {
+  let e = "";
+  return n.forEach(function(s) {
+    e += String.fromCharCode(s);
+  }), Te(e);
+}
+function fe(n) {
+  return Te(tn(n));
+}
+var Pe = {};
+Pe.sign = (n, e, s, t = "dpop+jwt") => {
+  n = Object.assign({}, n), e.typ = t, e.alg = "ES256", e.kid || (e.jwk = { kty: n.kty, crv: n.crv, x: n.x, y: n.y });
+  const i = {
+    // @ts-ignore
+    // JWT "headers" really means JWS "protected headers"
+    protected: fe(JSON.stringify(e)),
+    // @ts-ignore
+    // JWT "claims" are really a JSON-defined JWS "payload"
+    payload: fe(JSON.stringify(s))
+  }, o = {
+    name: "ECDSA",
+    namedCurve: "P-256",
+    hash: { name: "ES256" }
+  }, r = !0, l = ["sign"];
+  return window.crypto.subtle.importKey("jwk", n, o, r, l).then(function(a) {
+    const h = Se(i.protected + "." + i.payload), c = { name: "ECDSA", hash: { name: "SHA-256" } };
+    return window.crypto.subtle.sign(c, a, h).then(function(_) {
+      return i.signature = be(new Uint8Array(_)), i.protected + "." + i.payload + "." + i.signature;
+    });
+  });
+};
+const oe = {};
+oe.generate = function() {
+  const n = {
+    name: "ECDSA",
+    namedCurve: "P-256"
+  }, e = !0, s = ["sign", "verify"];
+  return window.crypto.subtle.generateKey(n, e, s).then(function(t) {
+    return window.crypto.subtle.exportKey("jwk", t.privateKey);
+  });
+};
+oe.neuter = function(n) {
+  const e = Object.assign({}, n);
+  return delete e.d, e.key_ops = ["verify"], e;
+};
+var Oe = {};
+Oe.thumbprint = function(n) {
+  const e = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", n.crv).replace("X", n.x).replace("Y", n.y);
+  return window.crypto.subtle.digest({ name: "SHA-256" }, Se(e)).then(function(s) {
+    return be(new Uint8Array(s));
+  });
+};
+const on = function() {
+  const n = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", e = "0123456789abcdef";
+  let s = 0, t = "";
+  for (let i = 0; i < 36; i++)
+    n[i] !== "-" && n[i] !== "4" && (s = Math.random() * 16 | 0), n[i] === "x" ? t += e[s] : n[i] === "y" ? (s &= 3, s |= 8, t += e[s]) : t += n[i];
+  return t;
+}, rn = () => oe.generate().then(function(n) {
+  return n;
+}), Ee = (n, e = "POST", s, t = {}) => {
+  const i = {
+    // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
+    jit: btoa(on()),
+    htm: e,
+    htu: s,
+    iat: Math.round(Date.now() / 1e3),
+    ...t
+  };
+  return Oe.thumbprint(n).then(function(o) {
+    return Pe.sign(n, {
+      /*kid: kid*/
+    }, i).then(function(r) {
+      return r;
+    });
+  });
+}, an = (n, e, s, t, i) => (o = void 0, r = null, l = !1, a = void 0) => {
   const h = r;
   return r = { ...r }, (async () => {
-    const _ = n.location, f = o || _.pathname + (_.search || "") + (_.hash || "");
-    if ("state" in r || (r.state = H(16)), s(m.loginAsync_begin, {}), r)
+    const _ = n.location, y = o || _.pathname + (_.search || "") + (_.hash || "");
+    if ("state" in r || (r.state = Z(16)), t(k.loginAsync_begin, {}), r)
       for (const u of Object.keys(r))
         u.endsWith(":token_request") && delete r[u];
     try {
-      const u = l ? t.silent_redirect_uri : t.redirect_uri;
-      c || (c = t.scope);
-      const y = t.extras ? { ...t.extras, ...r } : r;
-      y.nonce || (y.nonce = H(12));
-      const d = { nonce: y.nonce }, g = await I(t.service_worker_relative_url, e), k = await i(t.authority, t.authority_configuration);
-      let w;
+      const u = l ? s.silent_redirect_uri : s.redirect_uri;
+      a || (a = s.scope);
+      const d = s.extras ? { ...s.extras, ...r } : r;
+      d.nonce || (d.nonce = Z(12));
+      const f = { nonce: d.nonce }, g = await x(s.service_worker_relative_url, e), w = await i(s.authority, s.authority_configuration);
+      let v;
       if (g)
-        g.setLoginParams(e, { callbackPath: f, extras: h }), await g.initAsync(k, "loginAsync", t), await g.setNonceAsync(d), g.startKeepAliveServiceWorker(), w = g;
+        g.setLoginParams({ callbackPath: y, extras: h }), await g.initAsync(w, "loginAsync", s), await g.setNonceAsync(f), g.startKeepAliveServiceWorker(), v = g;
       else {
-        const p = P(e, t.storage ?? sessionStorage);
-        p.setLoginParams(e, { callbackPath: f, extras: h }), await p.setNonceAsync(d), w = p;
+        const O = I(e, s.storage ?? sessionStorage);
+        O.setLoginParams({ callbackPath: y, extras: h }), await O.setNonceAsync(f), v = O;
       }
-      const S = {
-        client_id: t.client_id,
+      const b = {
+        client_id: s.client_id,
         redirect_uri: u,
-        scope: c,
+        scope: a,
         response_type: "code",
-        ...y
+        ...d
       };
-      await Ue(w)(k.authorizationEndpoint, S);
+      await en(v)(w.authorizationEndpoint, b);
     } catch (u) {
-      throw s(m.loginAsync_error, u), u;
+      throw t(k.loginAsync_error, u), u;
     }
   })();
-}, je = (n) => async (e = !1) => {
+}, cn = (n) => async (e = !1) => {
   try {
-    n.publishEvent(m.loginCallbackAsync_begin, {});
-    const t = n.configuration, s = t.client_id, i = e ? t.silent_redirect_uri : t.redirect_uri, o = t.authority, r = t.token_request_timeout, l = await n.initAsync(o, t.authority_configuration), h = q(window.location.href).session_state, a = await I(t.service_worker_relative_url, n.configurationName);
-    let _, f, u, y;
-    if (a)
-      await a.initAsync(l, "loginCallbackAsync", t), await a.setSessionStateAsync(h), f = await a.getNonceAsync(), u = a.getLoginParams(n.configurationName), y = await a.getStateAsync(), a.startKeepAliveServiceWorker(), _ = a;
+    n.publishEvent(k.loginCallbackAsync_begin, {});
+    const s = n.configuration, t = s.client_id, i = e ? s.silent_redirect_uri : s.redirect_uri, o = s.authority, r = s.token_request_timeout, l = await n.initAsync(o, s.authority_configuration), h = H(window.location.href).session_state, c = await x(s.service_worker_relative_url, n.configurationName);
+    let _, y, u, d;
+    if (c)
+      await c.initAsync(l, "loginCallbackAsync", s), await c.setSessionStateAsync(h), y = await c.getNonceAsync(), u = c.getLoginParams(), d = await c.getStateAsync(), c.startKeepAliveServiceWorker(), _ = c;
     else {
-      const v = P(n.configurationName, t.storage ?? sessionStorage);
-      await v.setSessionStateAsync(h), f = await v.getNonceAsync(), u = v.getLoginParams(n.configurationName), y = await v.getStateAsync(), _ = v;
+      const A = I(n.configurationName, s.storage ?? sessionStorage);
+      await A.setSessionStateAsync(h), y = await A.getNonceAsync(), u = A.getLoginParams(), d = await A.getStateAsync(), _ = A;
     }
-    const d = q(window.location.toString());
-    if (d.iss && d.iss !== l.issuer)
-      throw console.error(), new Error(`issuer not valid (expected: ${l.issuer}, received: ${d.iss})`);
-    if (d.state && d.state !== y)
-      throw new Error(`state not valid (expected: ${y}, received: ${d.state})`);
+    const f = H(window.location.toString());
+    if (f.iss && f.iss !== l.issuer)
+      throw console.error(), new Error(`issuer not valid (expected: ${l.issuer}, received: ${f.iss})`);
+    if (f.state && f.state !== d)
+      throw new Error(`state not valid (expected: ${d}, received: ${f.state})`);
     const g = {
-      code: d.code,
+      code: f.code,
       grant_type: "authorization_code",
-      client_id: t.client_id,
+      client_id: s.client_id,
       redirect_uri: i
-    }, k = {};
-    if (t.token_request_extras)
-      for (const [v, O] of Object.entries(t.token_request_extras))
-        k[v] = O;
+    }, w = {};
+    if (s.token_request_extras)
+      for (const [A, T] of Object.entries(s.token_request_extras))
+        w[A] = T;
     if (u && u.extras)
-      for (const [v, O] of Object.entries(u.extras))
-        v.endsWith(":token_request") && (k[v.replace(":token_request", "")] = O);
-    const w = await Ke(_)(l.tokenEndpoint, { ...g, ...k }, n.configuration.token_renew_mode, r);
-    if (!w.success)
+      for (const [A, T] of Object.entries(u.extras))
+        A.endsWith(":token_request") && (w[A.replace(":token_request", "")] = T);
+    const v = l.tokenEndpoint, b = {};
+    if (s.demonstrating_proof_of_possession) {
+      const A = await rn();
+      c ? await c.setDemonstratingProofOfPossessionJwkAsync(A) : await I(n.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(A), b.DPoP = await Ee(A, "POST", v);
+    }
+    const O = await nn(_)(
+      v,
+      { ...g, ...w },
+      b,
+      n.configuration.token_renew_mode,
+      r
+    );
+    if (!O.success)
       throw new Error("Token request failed");
-    let S;
-    const p = w.data.tokens;
-    if (a ? (await a.initAsync(i, "syncTokensAsync", t), S = a.getLoginParams(n.configurationName)) : S = P(n.configurationName, t.storage).getLoginParams(n.configurationName), w.data.state !== k.state)
+    let p;
+    const E = O.data.tokens, C = O.data.demonstratingProofOfPossessionNonce;
+    if (O.data.state !== w.state)
       throw new Error("state is not valid");
-    const { isValid: A, reason: T } = ce(p, f.nonce, l);
-    if (!A)
-      throw new Error(`Tokens are not OpenID valid, reason: ${T}`);
-    return await n.startCheckSessionAsync(l.checkSessionIframe, s, h, e), n.publishEvent(m.loginCallbackAsync_end, {}), {
-      tokens: p,
+    const { isValid: m, reason: S } = ge(E, y.nonce, l);
+    if (!m)
+      throw new Error(`Tokens are not OpenID valid, reason: ${S}`);
+    if (c) {
+      if (E.refreshToken && !E.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
+        throw new Error("Refresh token should be hidden by service worker");
+      if (C && E.accessToken && E.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
+        throw new Error("Demonstration of proof of possession require Access token not hidden by service worker");
+    }
+    if (c)
+      await c.initAsync(i, "syncTokensAsync", s), p = c.getLoginParams(), C && await c.setDemonstratingProofOfPossessionNonce(C);
+    else {
+      const A = I(n.configurationName, s.storage);
+      p = A.getLoginParams(), C && await A.setDemonstratingProofOfPossessionNonce(C);
+    }
+    return await n.startCheckSessionAsync(l.checkSessionIframe, t, h, e), n.publishEvent(k.loginCallbackAsync_end, {}), {
+      tokens: E,
       state: "request.state",
-      callbackPath: S.callbackPath
+      callbackPath: p.callbackPath
     };
-  } catch (t) {
-    throw console.error(t), n.publishEvent(m.loginCallbackAsync_error, t), t;
+  } catch (s) {
+    throw console.error(s), n.publishEvent(k.loginCallbackAsync_error, s), s;
   }
-}, ie = {
+}, he = {
   access_token: "access_token",
   refresh_token: "refresh_token"
-}, Ge = (n) => async (e) => {
-  M.clearTimeout(n.timeoutId), n.timeoutId = null, n.checkSessionIFrame && n.checkSessionIFrame.stop();
-  const t = await I(n.configuration.service_worker_relative_url, n.configurationName);
-  t ? await t.clearAsync(e) : await P(n.configurationName, n.configuration.storage).clearAsync(e), n.tokens = null, n.userInfo = null;
-}, Je = (n, e, t, s, i) => async (o = void 0, r = null) => {
-  const l = n.configuration, c = await n.initAsync(l.authority, l.authority_configuration);
+}, ln = (n) => async (e) => {
+  K.clearTimeout(n.timeoutId), n.timeoutId = null, n.checkSessionIFrame && n.checkSessionIFrame.stop();
+  const s = await x(n.configuration.service_worker_relative_url, n.configurationName);
+  s ? await s.clearAsync(e) : await I(n.configurationName, n.configuration.storage).clearAsync(e), n.tokens = null, n.userInfo = null;
+}, un = (n, e, s, t, i) => async (o = void 0, r = null) => {
+  const l = n.configuration, a = await n.initAsync(l.authority, l.authority_configuration);
   o && typeof o != "string" && (o = void 0, i.warn("callbackPathOrUrl path is not a string"));
   const h = o ?? location.pathname + (location.search || "") + (location.hash || "");
-  let a = !1;
-  o && (a = o.includes("https://") || o.includes("http://"));
-  const _ = a ? o : s.location.origin + h, f = n.tokens ? n.tokens.idToken : "";
+  let c = !1;
+  o && (c = o.includes("https://") || o.includes("http://"));
+  const _ = c ? o : t.location.origin + h, y = n.tokens ? n.tokens.idToken : "";
   try {
-    const y = c.revocationEndpoint;
-    if (y) {
-      const d = [], g = n.tokens.accessToken;
-      if (g && l.logout_tokens_to_invalidate.includes(ie.access_token)) {
-        const w = oe(t)(y, g, X.access_token, l.client_id);
-        d.push(w);
+    const d = a.revocationEndpoint;
+    if (d) {
+      const f = [], g = n.tokens.accessToken;
+      if (g && l.logout_tokens_to_invalidate.includes(he.access_token)) {
+        const v = de(s)(d, g, ee.access_token, l.client_id);
+        f.push(v);
       }
-      const k = n.tokens.refreshToken;
-      if (k && l.logout_tokens_to_invalidate.includes(ie.refresh_token)) {
-        const w = oe(t)(y, k, X.refresh_token, l.client_id);
-        d.push(w);
+      const w = n.tokens.refreshToken;
+      if (w && l.logout_tokens_to_invalidate.includes(he.refresh_token)) {
+        const v = de(s)(d, w, ee.refresh_token, l.client_id);
+        f.push(v);
       }
-      d.length > 0 && await Promise.all(d);
+      f.length > 0 && await Promise.all(f);
     }
-  } catch (y) {
-    i.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), i.warn(y);
+  } catch (d) {
+    i.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), i.warn(d);
   }
   const u = n.tokens && n.tokens.idTokenPayload ? n.tokens.idTokenPayload.sub : null;
   await n.destroyAsync("LOGGED_OUT");
-  for (const [y, d] of Object.entries(e))
-    d !== n && await n.logoutSameTabAsync(n.configuration.client_id, u);
-  if (c.endSessionEndpoint) {
+  for (const [d, f] of Object.entries(e))
+    f !== n && await n.logoutSameTabAsync(n.configuration.client_id, u);
+  if (a.endSessionEndpoint) {
     r || (r = {
-      id_token_hint: f
+      id_token_hint: y
     }, o !== null && (r.post_logout_redirect_uri = _));
-    let y = "";
+    let d = "";
     if (r)
-      for (const [d, g] of Object.entries(r))
-        y === "" ? y += "?" : y += "&", y += `${d}=${encodeURIComponent(g)}`;
-    s.location.href = `${c.endSessionEndpoint}${y}`;
+      for (const [f, g] of Object.entries(r))
+        d === "" ? d += "?" : d += "&", d += `${f}=${encodeURIComponent(g)}`;
+    t.location.href = `${a.endSessionEndpoint}${d}`;
   } else
-    s.location.reload();
-}, He = (n) => async (e = !1) => {
+    t.location.reload();
+}, dn = (n) => async (e = !1) => {
   if (n.userInfo != null && !e)
     return n.userInfo;
-  for (; n.tokens && !G(n.tokens); )
-    await W(200);
+  for (; n.tokens && !z(n.tokens); )
+    await D(200);
   if (!n.tokens)
     return null;
-  const t = n.tokens.accessToken;
-  if (!t)
+  const s = n.tokens.accessToken;
+  if (!s)
     return null;
   const i = (await n.initAsync(n.configuration.authority, n.configuration.authority_configuration)).userInfoEndpoint, r = await (async (l) => {
-    const c = await fetch(i, {
+    const a = await fetch(i, {
       headers: {
         authorization: `Bearer ${l}`
       }
     });
-    return c.status !== 200 ? null : c.json();
-  })(t);
+    return a.status !== 200 ? null : a.json();
+  })(s);
   return n.userInfo = r, r;
-}, Xe = () => fetch;
-class z {
+}, fn = () => fetch;
+class ne {
   constructor(e) {
     this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
   }
 }
-const N = {}, ze = (n) => (e, t = "default") => (N[t] || (N[t] = new x(e, t, n)), N[t]), Ye = async (n) => {
-  const { parsedTokens: e, callbackPath: t } = await n.loginCallbackAsync();
-  return n.timeoutId = V(n, e.refreshToken, e.expiresAt), { callbackPath: t };
-}, Qe = (n) => Math.floor(Math.random() * n), L = class L {
-  constructor(e, t = "default", s) {
+const W = {}, hn = (n) => (e, s = "default") => (W[s] || (W[s] = new $(e, s, n)), W[s]), _n = async (n) => {
+  const { parsedTokens: e, callbackPath: s } = await n.loginCallbackAsync();
+  return n.timeoutId = M(n, e.refreshToken, e.expiresAt), { callbackPath: s };
+}, yn = (n) => Math.floor(Math.random() * n), L = class L {
+  constructor(e, s = "default", t) {
     this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
     let i = e.silent_login_uri;
     e.silent_redirect_uri && !e.silent_login_uri && (i = `${e.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
     let o = e.refresh_time_before_tokens_expiration_in_second ?? 120;
-    o > 60 && (o = o - Math.floor(Math.random() * 40)), e.logout_tokens_to_invalidate || (e.logout_tokens_to_invalidate = ["access_token", "refresh_token"]), e.authority_timeout_wellknowurl_in_millisecond || (e.authority_timeout_wellknowurl_in_millisecond = 1e4), this.configuration = {
+    o > 60 && (o = o - Math.floor(Math.random() * 40)), this.configuration = {
       ...e,
       silent_login_uri: i,
       monitor_session: e.monitor_session ?? !1,
       refresh_time_before_tokens_expiration_in_second: o,
       silent_login_timeout: e.silent_login_timeout ?? 12e3,
-      token_renew_mode: e.token_renew_mode ?? j.access_token_or_id_token_invalid
-    }, this.getFetch = s ?? Xe, this.configurationName = t, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.synchroniseTokensAsync.bind(this), this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
+      token_renew_mode: e.token_renew_mode ?? Y.access_token_or_id_token_invalid,
+      demonstrating_proof_of_possession: e.demonstrating_proof_of_possession ?? !1,
+      authority_timeout_wellknowurl_in_millisecond: e.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
+      logout_tokens_to_invalidate: e.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"]
+    }, this.getFetch = t ?? fn, this.configurationName = s, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.synchroniseTokensAsync.bind(this), this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
   }
   subscribeEvents(e) {
-    const t = Qe(9999999999999).toString();
-    return this.events.push({ id: t, func: e }), t;
+    const s = yn(9999999999999).toString();
+    return this.events.push({ id: s, func: e }), s;
   }
   removeEventSubscription(e) {
-    const t = this.events.filter((s) => s.id !== e);
-    this.events = t;
+    const s = this.events.filter((t) => t.id !== e);
+    this.events = s;
   }
-  publishEvent(e, t) {
-    this.events.forEach((s) => {
-      s.func(e, t);
+  publishEvent(e, s) {
+    this.events.forEach((t) => {
+      t.func(e, s);
     });
   }
   static get(e = "default") {
-    const t = typeof process > "u";
-    if (!Object.prototype.hasOwnProperty.call(N, e) && t)
+    const s = typeof process > "u";
+    if (!Object.prototype.hasOwnProperty.call(W, e) && s)
       throw Error(`OIDC library does seem initialized.
 Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);
-    return N[e];
+    return W[e];
   }
   _silentLoginCallbackFromIFrame() {
     if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
-      const e = q(window.location.href);
+      const e = H(window.location.href);
       window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({ tokens: this.tokens, sessionState: e.session_state })}`, window.location.origin);
     }
   }
   _silentLoginErrorCallbackFromIFrame() {
     if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
-      const e = q(window.location.href);
+      const e = H(window.location.href);
       window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({ error: e.error })}`, window.location.origin);
     }
   }
@@ -961,229 +1105,256 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
       console.error(e), this._silentLoginErrorCallbackFromIFrame();
     }
   }
-  async initAsync(e, t) {
+  async initAsync(e, s) {
     if (this.initPromise !== null)
       return this.initPromise;
-    const s = async () => {
-      if (t != null)
-        return new z({
-          authorization_endpoint: t.authorization_endpoint,
-          end_session_endpoint: t.end_session_endpoint,
-          revocation_endpoint: t.revocation_endpoint,
-          token_endpoint: t.token_endpoint,
-          userinfo_endpoint: t.userinfo_endpoint,
-          check_session_iframe: t.check_session_iframe,
-          issuer: t.issuer
+    const t = async () => {
+      if (s != null)
+        return new ne({
+          authorization_endpoint: s.authorization_endpoint,
+          end_session_endpoint: s.end_session_endpoint,
+          revocation_endpoint: s.revocation_endpoint,
+          token_endpoint: s.token_endpoint,
+          userinfo_endpoint: s.userinfo_endpoint,
+          check_session_iframe: s.check_session_iframe,
+          issuer: s.issuer
         });
-      const o = await I(this.configuration.service_worker_relative_url, this.configurationName) ? window.localStorage : null;
-      return await Ve(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60, o, this.configuration.authority_timeout_wellknowurl_in_millisecond);
+      const o = await x(this.configuration.service_worker_relative_url, this.configurationName) ? window.localStorage : null;
+      return await Qe(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60, o, this.configuration.authority_timeout_wellknowurl_in_millisecond);
     };
-    return this.initPromise = s(), this.initPromise.then((i) => (this.initPromise = null, i));
+    return this.initPromise = t(), this.initPromise.then((i) => (this.initPromise = null, i));
   }
   async tryKeepExistingSessionAsync() {
     if (this.tryKeepExistingSessionPromise !== null)
       return this.tryKeepExistingSessionPromise;
     const e = async () => {
-      let t;
+      let s;
       if (this.tokens != null)
         return !1;
-      this.publishEvent(m.tryKeepExistingSessionAsync_begin, {});
+      this.publishEvent(k.tryKeepExistingSessionAsync_begin, {});
       try {
-        const s = this.configuration, i = await this.initAsync(s.authority, s.authority_configuration);
-        if (t = await I(s.service_worker_relative_url, this.configurationName), t) {
-          const { tokens: o } = await t.initAsync(i, "tryKeepExistingSessionAsync", s);
+        const t = this.configuration, i = await this.initAsync(t.authority, t.authority_configuration);
+        if (s = await x(t.service_worker_relative_url, this.configurationName), s) {
+          const { tokens: o } = await s.initAsync(i, "tryKeepExistingSessionAsync", t);
           if (o) {
-            t.startKeepAliveServiceWorker(), this.tokens = o;
-            const r = t.getLoginParams(this.configurationName);
-            this.timeoutId = V(this, this.tokens.refreshToken, this.tokens.expiresAt, r.extras);
-            const l = await t.getSessionStateAsync();
-            return await this.startCheckSessionAsync(i.check_session_iframe, s.client_id, l), this.publishEvent(m.tryKeepExistingSessionAsync_end, {
+            s.startKeepAliveServiceWorker(), this.tokens = o;
+            const r = s.getLoginParams(this.configurationName);
+            this.timeoutId = M(this, this.tokens.refreshToken, this.tokens.expiresAt, r.extras);
+            const l = await s.getSessionStateAsync();
+            return await this.startCheckSessionAsync(i.check_session_iframe, t.client_id, l), this.publishEvent(k.tryKeepExistingSessionAsync_end, {
               success: !0,
               message: "tokens inside ServiceWorker are valid"
             }), !0;
           }
-          this.publishEvent(m.tryKeepExistingSessionAsync_end, {
+          this.publishEvent(k.tryKeepExistingSessionAsync_end, {
             success: !1,
             message: "no exiting session found"
           });
         } else {
-          s.service_worker_relative_url && this.publishEvent(m.service_worker_not_supported_by_browser, {
+          t.service_worker_relative_url && this.publishEvent(k.service_worker_not_supported_by_browser, {
             message: "service worker is not supported by this browser"
           });
-          const o = P(this.configurationName, s.storage ?? sessionStorage), { tokens: r } = await o.initAsync();
+          const o = I(this.configurationName, t.storage ?? sessionStorage), { tokens: r } = await o.initAsync();
           if (r) {
-            this.tokens = ae(r, null, s.token_renew_mode);
-            const l = o.getLoginParams(this.configurationName);
-            this.timeoutId = V(this, r.refreshToken, this.tokens.expiresAt, l.extras);
-            const c = await o.getSessionStateAsync();
-            return await this.startCheckSessionAsync(i.check_session_iframe, s.client_id, c), this.publishEvent(m.tryKeepExistingSessionAsync_end, {
+            this.tokens = ye(r, null, t.token_renew_mode);
+            const l = o.getLoginParams();
+            this.timeoutId = M(this, r.refreshToken, this.tokens.expiresAt, l.extras);
+            const a = await o.getSessionStateAsync();
+            return await this.startCheckSessionAsync(i.check_session_iframe, t.client_id, a), this.publishEvent(k.tryKeepExistingSessionAsync_end, {
               success: !0,
               message: "tokens inside storage are valid"
             }), !0;
           }
         }
-        return this.publishEvent(m.tryKeepExistingSessionAsync_end, {
+        return this.publishEvent(k.tryKeepExistingSessionAsync_end, {
           success: !1,
-          message: t ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
+          message: s ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
         }), !1;
-      } catch (s) {
-        return console.error(s), t && await t.clearAsync(), this.publishEvent(m.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
+      } catch (t) {
+        return console.error(t), s && await s.clearAsync(), this.publishEvent(k.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
       }
     };
-    return this.tryKeepExistingSessionPromise = e(), this.tryKeepExistingSessionPromise.then((t) => (this.tryKeepExistingSessionPromise = null, t));
+    return this.tryKeepExistingSessionPromise = e(), this.tryKeepExistingSessionPromise.then((s) => (this.tryKeepExistingSessionPromise = null, s));
   }
-  async startCheckSessionAsync(e, t, s, i = !1) {
-    await Ee(this, N, this.configuration)(e, t, s, i);
+  async startCheckSessionAsync(e, s, t, i = !1) {
+    await Ve(this, W, this.configuration)(e, s, t, i);
   }
-  async loginAsync(e = void 0, t = null, s = !1, i = void 0, o = !1) {
-    return this.loginPromise !== null ? this.loginPromise : o ? be(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(t, i) : (this.loginPromise = qe(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this))(e, t, s, i), this.loginPromise.then((r) => (this.loginPromise = null, r)));
+  async loginAsync(e = void 0, s = null, t = !1, i = void 0, o = !1) {
+    return this.loginPromise !== null ? this.loginPromise : o ? Fe(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(s, i) : (this.loginPromise = an(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this))(e, s, t, i), this.loginPromise.then((r) => (this.loginPromise = null, r)));
   }
   async loginCallbackAsync(e = !1) {
     if (this.loginCallbackPromise !== null)
       return this.loginCallbackPromise;
-    const t = async () => {
-      const s = await je(this)(e), i = s.tokens;
-      return this.tokens = i, await I(this.configuration.service_worker_relative_url, this.configurationName) || P(this.configurationName, this.configuration.storage).setTokens(i), this.publishEvent(L.eventNames.token_aquired, i), { parsedTokens: i, state: s.state, callbackPath: s.callbackPath };
+    const s = async () => {
+      const t = await cn(this)(e), i = t.tokens;
+      return this.tokens = i, await x(this.configuration.service_worker_relative_url, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(i), this.publishEvent(L.eventNames.token_aquired, i), { parsedTokens: i, state: t.state, callbackPath: t.callbackPath };
     };
-    return this.loginCallbackPromise = t(), this.loginCallbackPromise.then((s) => (this.loginCallbackPromise = null, s));
+    return this.loginCallbackPromise = s(), this.loginCallbackPromise.then((t) => (this.loginCallbackPromise = null, t));
   }
-  async synchroniseTokensAsync(e, t = 0, s = !1, i = null, o) {
+  async synchroniseTokensAsync(e, s = 0, t = !1, i = null, o) {
     for (; !navigator.onLine && document.hidden; )
-      await W(1e3), this.publishEvent(m.refreshTokensAsync, { message: "wait because navigator is offline and hidden" });
+      await D(1e3), this.publishEvent(k.refreshTokensAsync, { message: "wait because navigator is offline and hidden" });
     let r = 6;
     for (; !navigator.onLine && r > 0; )
-      await W(1e3), r--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
+      await D(1e3), r--, this.publishEvent(k.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
     let l = Math.floor(Math.random() * 15) + 10;
     for (; document.hidden && l > 0; )
-      await W(1e3), l--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is hidden try ${l}` });
-    const h = document.hidden ? t : t + 1;
+      await D(1e3), l--, this.publishEvent(k.refreshTokensAsync, { message: `wait because navigator is hidden try ${l}` });
+    const h = document.hidden ? s : s + 1;
     i || (i = {});
-    const a = this.configuration, _ = (u, y, d = null) => Q(this.configurationName, this.configuration, this.publishEvent.bind(this))(u, y, d), f = async () => {
+    const c = this.configuration, _ = (u, d, f = null) => te(this.configurationName, this.configuration, this.publishEvent.bind(this))(u, d, f), y = async () => {
       try {
         let u;
-        const y = await I(a.service_worker_relative_url, this.configurationName);
-        y ? u = y.getLoginParams(this.configurationName) : u = P(this.configurationName, a.storage).getLoginParams(this.configurationName);
-        const d = await _({
+        const d = await x(c.service_worker_relative_url, this.configurationName);
+        d ? u = d.getLoginParams() : u = I(this.configurationName, c.storage).getLoginParams();
+        const f = await _({
           ...u.extras,
           ...i,
           prompt: "none"
         }, u.state);
-        if (d)
-          return o(d.tokens), this.publishEvent(L.eventNames.token_renewed, {}), { tokens: d.tokens, status: "LOGGED" };
+        if (f)
+          return o(f.tokens), this.publishEvent(L.eventNames.token_renewed, {}), { tokens: f.tokens, status: "LOGGED" };
       } catch (u) {
-        if (console.error(u), this.publishEvent(m.refreshTokensAsync_silent_error, { message: "exceptionSilent", exception: u.message }), u && u.message && u.message.startsWith("oidc"))
-          return o(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" };
+        if (console.error(u), this.publishEvent(k.refreshTokensAsync_silent_error, { message: "exceptionSilent", exception: u.message }), u && u.message && u.message.startsWith("oidc"))
+          return o(null), this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" };
       }
-      return this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent return" }), await this.synchroniseTokensAsync(null, h, s, i, o);
+      return this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token silent return" }), await this.synchroniseTokensAsync(null, h, t, i, o);
     };
-    if (t > 4)
-      return o(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
+    if (s > 4)
+      return o(null), this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
     try {
-      const { status: u, tokens: y, nonce: d } = await this.syncTokensInfoAsync(a, this.configurationName, this.tokens, s);
+      const { status: u, tokens: d, nonce: f } = await this.syncTokensInfoAsync(c, this.configurationName, this.tokens, t);
       switch (u) {
         case "SESSION_LOST":
-          return o(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token session lost" }), { tokens: null, status: "SESSION_LOST" };
+          return o(null), this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token session lost" }), { tokens: null, status: "SESSION_LOST" };
         case "NOT_CONNECTED":
           return o(null), { tokens: null, status: null };
         case "TOKENS_VALID":
-          return o(y), { tokens: y, status: "LOGGED_IN" };
+          return o(d), { tokens: d, status: "LOGGED_IN" };
         case "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":
-          return o(y), this.publishEvent(L.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), { tokens: y, status: "LOGGED_IN" };
+          return o(d), this.publishEvent(L.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), { tokens: d, status: "LOGGED_IN" };
         case "LOGOUT_FROM_ANOTHER_TAB":
-          return o(null), this.publishEvent(m.logout_from_another_tab, { status: "session syncTokensAsync" }), { tokens: null, status: "LOGGED_OUT" };
+          return o(null), this.publishEvent(k.logout_from_another_tab, { status: "session syncTokensAsync" }), { tokens: null, status: "LOGGED_OUT" };
         case "REQUIRE_SYNC_TOKENS":
-          return this.publishEvent(m.refreshTokensAsync_begin, { refreshToken: e, status: u, tryNumber: t }), await f();
+          return this.publishEvent(k.refreshTokensAsync_begin, { refreshToken: e, status: u, tryNumber: s }), await y();
         default: {
-          if (this.publishEvent(m.refreshTokensAsync_begin, { refreshToken: e, status: u, tryNumber: t }), !e)
-            return await f();
-          const g = a.client_id, k = a.redirect_uri, w = a.authority, p = { ...a.token_request_extras ? a.token_request_extras : {} };
-          for (const [T, v] of Object.entries(i))
-            T.endsWith(":token_request") && (p[T.replace(":token_request", "")] = v);
+          if (this.publishEvent(k.refreshTokensAsync_begin, { refreshToken: e, status: u, tryNumber: s }), !e)
+            return await y();
+          const g = c.client_id, w = c.redirect_uri, v = c.authority, O = { ...c.token_request_extras ? c.token_request_extras : {} };
+          for (const [E, C] of Object.entries(i))
+            E.endsWith(":token_request") && (O[E.replace(":token_request", "")] = C);
           return await (async () => {
-            const T = {
+            const E = {
               client_id: g,
-              redirect_uri: k,
+              redirect_uri: w,
               grant_type: "refresh_token",
-              refresh_token: y.refreshToken
-            }, v = await this.initAsync(w, a.authority_configuration), O = document.hidden ? 1e4 : 3e4 * 10, C = await Me(this.getFetch())(v.tokenEndpoint, T, p, y, a.token_renew_mode, O);
-            if (C.success) {
-              const { isValid: fe, reason: ye } = ce(C.data, d.nonce, v);
-              return fe ? (o(C.data), this.publishEvent(m.refreshTokensAsync_end, { success: C.success }), this.publishEvent(L.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: C.data, status: "LOGGED_IN" }) : (o(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${ye}` }), { tokens: null, status: "SESSION_LOST" });
+              refresh_token: d.refreshToken
+            }, C = await this.initAsync(v, c.authority_configuration), m = document.hidden ? 1e4 : 3e4 * 10, S = C.tokenEndpoint, A = {};
+            c.demonstrating_proof_of_possession && (A.DPoP = await this.generateDemonstrationOfProofOfPossessionAsync(d.accessToken, S, "POST"));
+            const T = await Ze(this.getFetch())(
+              S,
+              E,
+              O,
+              d,
+              A,
+              c.token_renew_mode,
+              m
+            );
+            if (T.success) {
+              const { isValid: B, reason: X } = ge(T.data, f.nonce, C);
+              if (!B)
+                return o(null), this.publishEvent(k.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${X}` }), { tokens: null, status: "SESSION_LOST" };
+              if (o(T.data), T.demonstratingProofOfPossessionNonce) {
+                const ie = await x(c.service_worker_relative_url, this.configurationName);
+                ie ? await ie.setDemonstratingProofOfPossessionNonce(T.demonstratingProofOfPossessionNonce) : await I(this.configurationName, c.storage).setDemonstratingProofOfPossessionNonce(T.demonstratingProofOfPossessionNonce);
+              }
+              return this.publishEvent(k.refreshTokensAsync_end, { success: T.success }), this.publishEvent(L.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: T.data, status: "LOGGED_IN" };
             } else
-              return this.publishEvent(m.refreshTokensAsync_silent_error, {
+              return this.publishEvent(k.refreshTokensAsync_silent_error, {
                 message: "bad request",
-                tokenResponse: C
-              }), await this.synchroniseTokensAsync(e, h, s, i, o);
+                tokenResponse: T
+              }), await this.synchroniseTokensAsync(e, h, t, i, o);
           })();
         }
       }
     } catch (u) {
-      return console.error(u), this.publishEvent(m.refreshTokensAsync_silent_error, { message: "exception", exception: u.message }), this.synchroniseTokensAsync(e, h, s, i, o);
+      return console.error(u), this.publishEvent(k.refreshTokensAsync_silent_error, { message: "exception", exception: u.message }), this.synchroniseTokensAsync(e, h, t, i, o);
+    }
+  }
+  async generateDemonstrationOfProofOfPossessionAsync(e, s, t) {
+    const i = this.configuration, o = { ath: await Ae(e) }, r = await x(i.service_worker_relative_url, this.configurationName);
+    let l = null, a;
+    if (r)
+      l = await r.getDemonstratingProofOfPossessionNonce(), a = await r.getDemonstratingProofOfPossessionJwkAsync();
+    else {
+      const h = I(this.configurationName, i.storage);
+      a = await h.getDemonstratingProofOfPossessionJwkAsync(), l = await h.getDemonstratingProofOfPossessionNonce();
     }
+    return l && (o.nonce = l), await Ee(a, t, s, o);
   }
-  async syncTokensInfoAsync(e, t, s, i = !1) {
+  async syncTokensInfoAsync(e, s, t, i = !1) {
     const o = { nonce: null };
-    if (!s)
+    if (!t)
       return { tokens: null, status: "NOT_CONNECTED", nonce: o };
     let r = o;
-    const l = await this.initAsync(e.authority, e.authority_configuration), c = await I(e.service_worker_relative_url, t);
-    if (c) {
-      const { status: _, tokens: f } = await c.initAsync(l, "syncTokensAsync", e);
+    const l = await this.initAsync(e.authority, e.authority_configuration), a = await x(e.service_worker_relative_url, s);
+    if (a) {
+      const { status: _, tokens: y } = await a.initAsync(l, "syncTokensAsync", e);
       if (_ === "LOGGED_OUT")
         return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: o };
       if (_ === "SESSIONS_LOST")
         return { tokens: null, status: "SESSIONS_LOST", nonce: o };
-      if (!_ || !f)
+      if (!_ || !y)
         return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: o };
-      if (f.issuedAt !== s.issuedAt) {
-        const y = D(e.refresh_time_before_tokens_expiration_in_second, f.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", d = await c.getNonceAsync();
-        return { tokens: f, status: y, nonce: d };
+      if (y.issuedAt !== t.issuedAt) {
+        const d = U(e.refresh_time_before_tokens_expiration_in_second, y.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", f = await a.getNonceAsync();
+        return { tokens: y, status: d, nonce: f };
       }
-      r = await c.getNonceAsync();
+      r = await a.getNonceAsync();
     } else {
-      const _ = P(t, e.storage ?? sessionStorage), { tokens: f, status: u } = await _.initAsync();
-      if (f) {
+      const _ = I(s, e.storage ?? sessionStorage), { tokens: y, status: u } = await _.initAsync();
+      if (y) {
         if (u === "SESSIONS_LOST")
           return { tokens: null, status: "SESSIONS_LOST", nonce: o };
-        if (f.issuedAt !== s.issuedAt) {
-          const d = D(e.refresh_time_before_tokens_expiration_in_second, f.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", g = await _.getNonceAsync();
-          return { tokens: f, status: d, nonce: g };
+        if (y.issuedAt !== t.issuedAt) {
+          const f = U(e.refresh_time_before_tokens_expiration_in_second, y.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", g = await _.getNonceAsync();
+          return { tokens: y, status: f, nonce: g };
         }
       } else
         return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: o };
       r = await _.getNonceAsync();
     }
-    const a = D(e.refresh_time_before_tokens_expiration_in_second, s.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
-    return i ? { tokens: s, status: "FORCE_REFRESH", nonce: r } : { tokens: s, status: a, nonce: r };
+    const c = U(e.refresh_time_before_tokens_expiration_in_second, t.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
+    return i ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: c, nonce: r };
   }
   loginCallbackWithAutoTokensRenewAsync() {
-    return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = Ye(this), this.loginCallbackWithAutoTokensRenewPromise.then((e) => (this.loginCallbackWithAutoTokensRenewPromise = null, e)));
+    return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = _n(this), this.loginCallbackWithAutoTokensRenewPromise.then((e) => (this.loginCallbackWithAutoTokensRenewPromise = null, e)));
   }
   userInfoAsync(e = !1) {
-    return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = He(this)(e), this.userInfoPromise.then((t) => (this.userInfoPromise = null, t)));
+    return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = dn(this)(e), this.userInfoPromise.then((s) => (this.userInfoPromise = null, s)));
   }
   async renewTokensAsync(e = null) {
     if (this.renewTokensPromise !== null)
       return this.renewTokensPromise;
     if (this.timeoutId)
-      return M.clearTimeout(this.timeoutId), this.renewTokensPromise = de(this, this.tokens.refreshToken, !0, e), this.renewTokensPromise.then((t) => (this.renewTokensPromise = null, t));
+      return K.clearTimeout(this.timeoutId), this.renewTokensPromise = pe(this, this.tokens.refreshToken, !0, e), this.renewTokensPromise.then((s) => (this.renewTokensPromise = null, s));
   }
   async destroyAsync(e) {
-    return await Ge(this)(e);
+    return await ln(this)(e);
   }
-  async logoutSameTabAsync(e, t) {
-    this.configuration.monitor_session && this.configuration.client_id === e && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (this.publishEvent(m.logout_from_same_tab, { message: t }), await this.destroyAsync("LOGGED_OUT"));
+  async logoutSameTabAsync(e, s) {
+    this.configuration.monitor_session && this.configuration.client_id === e && s && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === s && (this.publishEvent(k.logout_from_same_tab, { message: s }), await this.destroyAsync("LOGGED_OUT"));
   }
-  async logoutOtherTabAsync(e, t) {
-    this.configuration.monitor_session && this.configuration.client_id === e && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: t }));
+  async logoutOtherTabAsync(e, s) {
+    this.configuration.monitor_session && this.configuration.client_id === e && s && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === s && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(k.logout_from_another_tab, { message: "SessionMonitor", sub: s }));
   }
-  async logoutAsync(e = void 0, t = null) {
-    return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = Je(this, N, this.getFetch(), window, console)(e, t), this.logoutPromise.then((s) => (this.logoutPromise = null, s)));
+  async logoutAsync(e = void 0, s = null) {
+    return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = un(this, W, this.getFetch(), window, console)(e, s), this.logoutPromise.then((t) => (this.logoutPromise = null, t)));
   }
 };
-L.getOrCreate = (e) => (t, s = "default") => ze(e)(t, s), L.eventNames = m;
-let x = L;
-const R = class R {
+L.getOrCreate = (e) => (s, t = "default") => hn(e)(s, t), L.eventNames = k;
+let $ = L;
+const V = class V {
   constructor(e) {
     this._oidc = e;
   }
@@ -1193,20 +1364,20 @@ const R = class R {
   removeEventSubscription(e) {
     this._oidc.removeEventSubscription(e);
   }
-  publishEvent(e, t) {
-    this._oidc.publishEvent(e, t);
+  publishEvent(e, s) {
+    this._oidc.publishEvent(e, s);
   }
   static get(e = "default") {
-    return new R(x.get(e));
+    return new V($.get(e));
   }
   tryKeepExistingSessionAsync() {
     return this._oidc.tryKeepExistingSessionAsync();
   }
-  loginAsync(e = void 0, t = null, s = !1, i = void 0, o = !1) {
-    return this._oidc.loginAsync(e, t, s, i, o);
+  loginAsync(e = void 0, s = null, t = !1, i = void 0, o = !1) {
+    return this._oidc.loginAsync(e, s, t, i, o);
   }
-  logoutAsync(e = void 0, t = null) {
-    return this._oidc.logoutAsync(e, t);
+  logoutAsync(e = void 0, s = null) {
+    return this._oidc.logoutAsync(e, s);
   }
   silentLoginCallbackAsync() {
     return this._oidc.silentLoginCallbackAsync();
@@ -1223,19 +1394,22 @@ const R = class R {
   get configuration() {
     return this._oidc.configuration;
   }
-  async getValidTokenAsync(e = 200, t = 50) {
-    return Ae(this._oidc, e, t);
+  async generateDemonstrationOfProofOfPossessionAsync(e, s, t) {
+    return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e, s, t);
+  }
+  async getValidTokenAsync(e = 200, s = 50) {
+    return We(this._oidc, e, s);
   }
   async userInfoAsync(e = !1) {
     return this._oidc.userInfoAsync(e);
   }
 };
-R.getOrCreate = (e) => (t, s = "default") => new R(x.getOrCreate(e)(t, s)), R.eventNames = x.eventNames;
-let re = R;
+V.getOrCreate = (e) => (s, t = "default") => new V($.getOrCreate(e)(s, t)), V.eventNames = $.eventNames;
+let _e = V;
 export {
-  re as OidcClient,
-  j as TokenRenewMode,
-  Xe as getFetchDefault,
-  q as getParseQueryStringFromLocation,
-  Ze as getPath
+  _e as OidcClient,
+  Y as TokenRenewMode,
+  fn as getFetchDefault,
+  H as getParseQueryStringFromLocation,
+  kn as getPath
 };