npm - @genation/sdk - Versions diffs - 0.2.11 → 0.2.12 - Mend

@genation/sdk 0.2.11 → 0.2.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/genation.es.js CHANGED Viewed

@@ -1,62 +1,62 @@
-class N extends Error {
+class L extends Error {
   code;
   cause;
-  constructor(t, r, n) {
-    super(t), this.name = "GenationError", this.code = r, this.cause = n;
+  constructor(e, r, n) {
+    super(e), this.name = "GenationError", this.code = r, this.cause = n;
   }
 }
-class g extends N {
-  constructor(t, r, n) {
-    super(t, r, n), this.name = "AuthError";
+class g extends L {
+  constructor(e, r, n) {
+    super(e, r, n), this.name = "AuthError";
   }
-  static invalidGrant(t = "Invalid authorization code or refresh token") {
-    return new g(t, "invalid_grant");
+  static invalidGrant(e = "Invalid authorization code or refresh token") {
+    return new g(e, "invalid_grant");
   }
-  static accessDenied(t = "User denied access") {
-    return new g(t, "access_denied");
+  static accessDenied(e = "User denied access") {
+    return new g(e, "access_denied");
   }
-  static expiredToken(t = "Token has expired") {
-    return new g(t, "expired_token");
+  static expiredToken(e = "Token has expired") {
+    return new g(e, "expired_token");
   }
-  static invalidState(t = "State mismatch, possible CSRF attack") {
-    return new g(t, "invalid_state");
+  static invalidState(e = "State mismatch, possible CSRF attack") {
+    return new g(e, "invalid_state");
   }
-  static pkceVerificationFailed(t = "PKCE verification failed") {
-    return new g(t, "pkce_verification_failed");
+  static pkceVerificationFailed(e = "PKCE verification failed") {
+    return new g(e, "pkce_verification_failed");
   }
 }
-class S extends N {
+class S extends L {
   status;
-  constructor(t, r, n) {
-    super(t, "network_error", n), this.name = "NetworkError", this.status = r;
+  constructor(e, r, n) {
+    super(e, "network_error", n), this.name = "NetworkError", this.status = r;
   }
-  static fromResponse(t) {
+  static fromResponse(e) {
     return new S(
-      `HTTP ${t.status}: ${t.statusText}`,
-      t.status
+      `HTTP ${e.status}: ${e.statusText}`,
+      e.status
     );
   }
 }
-class v extends N {
-  constructor(t) {
-    super(t, "config_error"), this.name = "ConfigError";
+class v extends L {
+  constructor(e) {
+    super(e, "config_error"), this.name = "ConfigError";
   }
-  static missingField(t) {
-    return new v(`Missing required config field: ${t}`);
+  static missingField(e) {
+    return new v(`Missing required config field: ${e}`);
   }
 }
-class D {
+class U {
   baseUrl;
   timeout;
-  constructor(t) {
-    this.baseUrl = t.baseUrl.replace(/\/$/, ""), this.timeout = t.timeout ?? 3e4;
+  constructor(e) {
+    this.baseUrl = e.baseUrl.replace(/\/$/, ""), this.timeout = e.timeout ?? 3e4;
   }
   /**
    * Make an HTTP request
    */
-  async request(t, r = {}) {
+  async request(e, r = {}) {
     const { method: n = "GET", headers: s = {}, body: a, params: i } = r;
-    let c = `${this.baseUrl}${t}`;
+    let c = `${this.baseUrl}${e}`;
     if (i) {
       const o = new URLSearchParams(i);
       c += `?${o.toString()}`;
@@ -82,8 +82,8 @@ class D {
   /**
    * POST request with form data (for OAuth token exchange)
    */
-  async postForm(t, r, n = {}) {
-    const s = `${this.baseUrl}${t}`, a = new AbortController(), i = setTimeout(() => a.abort(), this.timeout);
+  async postForm(e, r, n = {}) {
+    const s = `${this.baseUrl}${e}`, a = new AbortController(), i = setTimeout(() => a.abort(), this.timeout);
     try {
       const c = await fetch(s, {
         method: "POST",
@@ -102,49 +102,49 @@ class D {
     }
   }
 }
-function $(e) {
-  return btoa(String.fromCharCode(...e)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+function $(t) {
+  return btoa(String.fromCharCode(...t)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
 }
 function fe() {
-  const e = new Uint8Array(32);
-  return crypto.getRandomValues(e), $(e);
+  const t = new Uint8Array(32);
+  return crypto.getRandomValues(t), $(t);
 }
-async function de(e) {
-  const r = new TextEncoder().encode(e), n = await crypto.subtle.digest("SHA-256", r);
+async function de(t) {
+  const r = new TextEncoder().encode(t), n = await crypto.subtle.digest("SHA-256", r);
   return $(new Uint8Array(n));
 }
 async function le() {
-  const e = fe(), t = await de(e);
+  const t = fe(), e = await de(t);
   return {
-    codeVerifier: e,
-    codeChallenge: t,
+    codeVerifier: t,
+    codeChallenge: e,
     codeChallengeMethod: "S256"
   };
 }
 function pe() {
-  const e = new Uint8Array(16);
-  return crypto.getRandomValues(e), $(e);
+  const t = new Uint8Array(16);
+  return crypto.getRandomValues(t), $(t);
 }
-const W = "tokens", k = "pkce", I = "state";
+const k = "tokens", I = "pkce", J = "state";
 class ye {
   storage;
-  constructor(t) {
-    this.storage = t;
+  constructor(e) {
+    this.storage = e;
   }
   /**
    * Store token set
    */
-  async setTokens(t) {
-    await this.storage.set(W, JSON.stringify(t));
+  async setTokens(e) {
+    await this.storage.set(k, JSON.stringify(e));
   }
   /**
    * Get stored tokens
    */
   async getTokens() {
-    const t = await this.storage.get(W);
-    if (!t) return null;
+    const e = await this.storage.get(k);
+    if (!e) return null;
     try {
-      return JSON.parse(t);
+      return JSON.parse(e);
     } catch {
       return null;
     }
@@ -153,42 +153,42 @@ class ye {
    * Clear stored tokens
    */
   async clearTokens() {
-    await this.storage.remove(W);
+    await this.storage.remove(k);
   }
   /**
    * Check if access token is expired
    */
   async isTokenExpired() {
-    const t = await this.getTokens();
-    if (!t) return !0;
-    const r = t.issuedAt + t.expiresIn * 1e3;
+    const e = await this.getTokens();
+    if (!e) return !0;
+    const r = e.issuedAt + e.expiresIn * 1e3;
     return Date.now() > r - 6e4;
   }
   /**
    * Store PKCE verifier for later validation
    */
-  async setPKCE(t) {
-    await this.storage.set(k, t);
+  async setPKCE(e) {
+    await this.storage.set(I, e);
   }
   /**
    * Get and clear stored PKCE verifier
    */
   async consumePKCE() {
-    const t = await this.storage.get(k);
-    return t && await this.storage.remove(k), t;
+    const e = await this.storage.get(I);
+    return e && await this.storage.remove(I), e;
   }
   /**
    * Store state for CSRF validation
    */
-  async setState(t) {
-    await this.storage.set(I, t);
+  async setState(e) {
+    await this.storage.set(J, e);
   }
   /**
    * Get and clear stored state
    */
   async consumeState() {
-    const t = await this.storage.get(I);
-    return t && await this.storage.remove(I), t;
+    const e = await this.storage.get(J);
+    return e && await this.storage.remove(J), e;
   }
   /**
    * Clear all auth-related data
@@ -197,41 +197,41 @@ class ye {
     await this.storage.clear();
   }
 }
-const ee = "https://mnnoheowoowbtpuoguul.supabase.co/auth/v1";
+const F = "https://mnnoheowoowbtpuoguul.supabase.co/auth/v1";
 class me {
   config;
   http;
   tokenManager;
-  constructor(t, r) {
+  constructor(e, r) {
     this.config = {
-      clientId: t.clientId,
-      clientSecret: t.clientSecret,
-      redirectUri: t.redirectUri,
-      scopes: t.scopes,
-      authUrl: t.authUrl ?? ee
-    }, this.http = new D({ baseUrl: this.config.authUrl }), this.tokenManager = r;
+      clientId: e.clientId,
+      clientSecret: e.clientSecret,
+      redirectUri: e.redirectUri,
+      scopes: e.scopes,
+      authUrl: e.authUrl ?? F
+    }, this.http = new U({ baseUrl: this.config.authUrl }), this.tokenManager = r;
   }
   /**
    * Generate authorization URL for OAuth flow
    * Stores PKCE verifier and state for later validation
    */
   async getAuthorizationUrl() {
-    const t = await le(), r = pe();
-    await this.tokenManager.setPKCE(t.codeVerifier), await this.tokenManager.setState(r);
+    const e = await le(), r = pe();
+    await this.tokenManager.setPKCE(e.codeVerifier), await this.tokenManager.setState(r);
     const n = new URLSearchParams({
       response_type: "code",
       client_id: this.config.clientId,
       redirect_uri: this.config.redirectUri,
       state: r,
-      code_challenge: t.codeChallenge,
-      code_challenge_method: t.codeChallengeMethod
+      code_challenge: e.codeChallenge,
+      code_challenge_method: e.codeChallengeMethod
     });
     return this.config.scopes && this.config.scopes.length > 0 && n.append("scope", this.config.scopes.join(" ")), `${this.config.authUrl}/oauth/authorize?${n.toString()}`;
   }
   /**
    * Exchange authorization code for tokens
    */
-  async exchangeCode(t, r) {
+  async exchangeCode(e, r) {
     const n = await this.tokenManager.consumeState();
     if (!n || n !== r)
       throw g.invalidState();
@@ -242,7 +242,7 @@ class me {
       "/oauth/token",
       {
         grant_type: "authorization_code",
-        code: t,
+        code: e,
         redirect_uri: this.config.redirectUri,
         client_id: this.config.clientId,
         client_secret: this.config.clientSecret,
@@ -255,14 +255,14 @@ class me {
    * Refresh access token using refresh token
    */
   async refreshToken() {
-    const t = await this.tokenManager.getTokens();
-    if (!t?.refreshToken)
+    const e = await this.tokenManager.getTokens();
+    if (!e?.refreshToken)
       throw g.invalidGrant("No refresh token available");
     const r = await this.http.postForm(
       "/oauth/token",
       {
         grant_type: "refresh_token",
-        refresh_token: t.refreshToken,
+        refresh_token: e.refreshToken,
         client_id: this.config.clientId,
         client_secret: this.config.clientSecret
       }
@@ -273,11 +273,11 @@ class me {
    * Revoke current tokens
    */
   async revokeToken() {
-    const t = await this.tokenManager.getTokens();
-    if (t)
+    const e = await this.tokenManager.getTokens();
+    if (e)
       try {
         await this.http.postForm("/oauth/revoke", {
-          token: t.accessToken,
+          token: e.accessToken,
           client_id: this.config.clientId,
           client_secret: this.config.clientSecret
         });
@@ -288,134 +288,138 @@ class me {
   /**
    * Map OAuth token response to TokenSet
    */
-  mapTokenResponse(t) {
+  mapTokenResponse(e) {
     return {
-      accessToken: t.access_token,
-      refreshToken: t.refresh_token,
-      tokenType: t.token_type,
-      expiresIn: t.expires_in,
+      accessToken: e.access_token,
+      refreshToken: e.refresh_token,
+      tokenType: e.token_type,
+      expiresIn: e.expires_in,
       issuedAt: Date.now(),
-      scope: t.scope
+      scope: e.scope
     };
   }
 }
-const G = new TextEncoder(), _ = new TextDecoder();
-function we(...e) {
-  const t = e.reduce((s, { length: a }) => s + a, 0), r = new Uint8Array(t);
+const B = new TextEncoder(), _ = new TextDecoder();
+function we(...t) {
+  const e = t.reduce((s, { length: a }) => s + a, 0), r = new Uint8Array(e);
   let n = 0;
-  for (const s of e)
+  for (const s of t)
     r.set(s, n), n += s.length;
   return r;
 }
-function J(e) {
-  const t = new Uint8Array(e.length);
-  for (let r = 0; r < e.length; r++) {
-    const n = e.charCodeAt(r);
+function x(t) {
+  const e = new Uint8Array(t.length);
+  for (let r = 0; r < t.length; r++) {
+    const n = t.charCodeAt(r);
     if (n > 127)
       throw new TypeError("non-ASCII string encountered in encode()");
-    t[r] = n;
+    e[r] = n;
   }
-  return t;
+  return e;
 }
-function Se(e) {
+function Se(t) {
   if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(e);
-  const t = atob(e), r = new Uint8Array(t.length);
-  for (let n = 0; n < t.length; n++)
-    r[n] = t.charCodeAt(n);
+    return Uint8Array.fromBase64(t);
+  const e = atob(t), r = new Uint8Array(e.length);
+  for (let n = 0; n < e.length; n++)
+    r[n] = e.charCodeAt(n);
   return r;
 }
-function C(e) {
+function C(t) {
   if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(typeof e == "string" ? e : _.decode(e), {
+    return Uint8Array.fromBase64(typeof t == "string" ? t : _.decode(t), {
       alphabet: "base64url"
     });
-  let t = e;
-  t instanceof Uint8Array && (t = _.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/");
+  let e = t;
+  e instanceof Uint8Array && (e = _.decode(e)), e = e.replace(/-/g, "+").replace(/_/g, "/");
   try {
-    return Se(t);
+    return Se(e);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 }
-class l extends Error {
+class d extends Error {
   static code = "ERR_JOSE_GENERIC";
   code = "ERR_JOSE_GENERIC";
-  constructor(t, r) {
-    super(t, r), this.name = this.constructor.name, Error.captureStackTrace?.(this, this.constructor);
+  constructor(e, r) {
+    super(e, r), this.name = this.constructor.name, Error.captureStackTrace?.(this, this.constructor);
   }
 }
-class y extends l {
+class y extends d {
   static code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
   code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
   claim;
   reason;
   payload;
-  constructor(t, r, n = "unspecified", s = "unspecified") {
-    super(t, { cause: { claim: n, reason: s, payload: r } }), this.claim = n, this.reason = s, this.payload = r;
+  constructor(e, r, n = "unspecified", s = "unspecified") {
+    super(e, { cause: { claim: n, reason: s, payload: r } }), this.claim = n, this.reason = s, this.payload = r;
   }
 }
-class z extends l {
+class z extends d {
   static code = "ERR_JWT_EXPIRED";
   code = "ERR_JWT_EXPIRED";
   claim;
   reason;
   payload;
-  constructor(t, r, n = "unspecified", s = "unspecified") {
-    super(t, { cause: { claim: n, reason: s, payload: r } }), this.claim = n, this.reason = s, this.payload = r;
+  constructor(e, r, n = "unspecified", s = "unspecified") {
+    super(e, { cause: { claim: n, reason: s, payload: r } }), this.claim = n, this.reason = s, this.payload = r;
   }
 }
-class w extends l {
+class ge extends d {
+  static code = "ERR_JOSE_ALG_NOT_ALLOWED";
+  code = "ERR_JOSE_ALG_NOT_ALLOWED";
+}
+class w extends d {
   static code = "ERR_JOSE_NOT_SUPPORTED";
   code = "ERR_JOSE_NOT_SUPPORTED";
 }
-class f extends l {
+class f extends d {
   static code = "ERR_JWS_INVALID";
   code = "ERR_JWS_INVALID";
 }
-class te extends l {
+class ee extends d {
   static code = "ERR_JWT_INVALID";
   code = "ERR_JWT_INVALID";
 }
-class re extends l {
+class te extends d {
   static code = "ERR_JWKS_INVALID";
   code = "ERR_JWKS_INVALID";
 }
-class ne extends l {
+class re extends d {
   static code = "ERR_JWKS_NO_MATCHING_KEY";
   code = "ERR_JWKS_NO_MATCHING_KEY";
-  constructor(t = "no applicable key found in the JSON Web Key Set", r) {
-    super(t, r);
+  constructor(e = "no applicable key found in the JSON Web Key Set", r) {
+    super(e, r);
   }
 }
-class ge extends l {
+class be extends d {
   [Symbol.asyncIterator];
   static code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
   code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
-  constructor(t = "multiple matching keys found in the JSON Web Key Set", r) {
-    super(t, r);
+  constructor(e = "multiple matching keys found in the JSON Web Key Set", r) {
+    super(e, r);
   }
 }
-class be extends l {
+class Ee extends d {
   static code = "ERR_JWKS_TIMEOUT";
   code = "ERR_JWKS_TIMEOUT";
-  constructor(t = "request timed out", r) {
-    super(t, r);
+  constructor(e = "request timed out", r) {
+    super(e, r);
   }
 }
-class Ee extends l {
+class Ae extends d {
   static code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
   code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
-  constructor(t = "signature verification failed", r) {
-    super(t, r);
+  constructor(e = "signature verification failed", r) {
+    super(e, r);
   }
 }
-const m = (e, t = "algorithm.name") => new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`), A = (e, t) => e.name === t;
-function x(e) {
-  return parseInt(e.name.slice(4), 10);
+const m = (t, e = "algorithm.name") => new TypeError(`CryptoKey does not support this operation, its ${e} must be ${t}`), A = (t, e) => t.name === e;
+function O(t) {
+  return parseInt(t.name.slice(4), 10);
 }
-function Ae(e) {
-  switch (e) {
+function Te(t) {
+  switch (t) {
     case "ES256":
       return "P-256";
     case "ES384":
@@ -426,92 +430,92 @@ function Ae(e) {
       throw new Error("unreachable");
   }
 }
-function Ke(e, t) {
-  if (!e.usages.includes(t))
-    throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
+function Ke(t, e) {
+  if (!t.usages.includes(e))
+    throw new TypeError(`CryptoKey does not support this operation, its usages must include ${e}.`);
 }
-function Te(e, t, r) {
-  switch (t) {
+function ve(t, e, r) {
+  switch (e) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!A(e.algorithm, "HMAC"))
+      if (!A(t.algorithm, "HMAC"))
         throw m("HMAC");
-      const n = parseInt(t.slice(2), 10);
-      if (x(e.algorithm.hash) !== n)
+      const n = parseInt(e.slice(2), 10);
+      if (O(t.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!A(e.algorithm, "RSASSA-PKCS1-v1_5"))
+      if (!A(t.algorithm, "RSASSA-PKCS1-v1_5"))
         throw m("RSASSA-PKCS1-v1_5");
-      const n = parseInt(t.slice(2), 10);
-      if (x(e.algorithm.hash) !== n)
+      const n = parseInt(e.slice(2), 10);
+      if (O(t.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!A(e.algorithm, "RSA-PSS"))
+      if (!A(t.algorithm, "RSA-PSS"))
         throw m("RSA-PSS");
-      const n = parseInt(t.slice(2), 10);
-      if (x(e.algorithm.hash) !== n)
+      const n = parseInt(e.slice(2), 10);
+      if (O(t.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "Ed25519":
     case "EdDSA": {
-      if (!A(e.algorithm, "Ed25519"))
+      if (!A(t.algorithm, "Ed25519"))
         throw m("Ed25519");
       break;
     }
     case "ML-DSA-44":
     case "ML-DSA-65":
     case "ML-DSA-87": {
-      if (!A(e.algorithm, t))
-        throw m(t);
+      if (!A(t.algorithm, e))
+        throw m(e);
       break;
     }
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!A(e.algorithm, "ECDSA"))
+      if (!A(t.algorithm, "ECDSA"))
         throw m("ECDSA");
-      const n = Ae(t);
-      if (e.algorithm.namedCurve !== n)
+      const n = Te(e);
+      if (t.algorithm.namedCurve !== n)
         throw m(n, "algorithm.namedCurve");
       break;
     }
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  Ke(e, r);
+  Ke(t, r);
 }
-function se(e, t, ...r) {
+function ne(t, e, ...r) {
   if (r = r.filter(Boolean), r.length > 2) {
     const n = r.pop();
-    e += `one of type ${r.join(", ")}, or ${n}.`;
-  } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
-  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && t.constructor?.name && (e += ` Received an instance of ${t.constructor.name}`), e;
+    t += `one of type ${r.join(", ")}, or ${n}.`;
+  } else r.length === 2 ? t += `one of type ${r[0]} or ${r[1]}.` : t += `of type ${r[0]}.`;
+  return e == null ? t += ` Received ${e}` : typeof e == "function" && e.name ? t += ` Received function ${e.name}` : typeof e == "object" && e != null && e.constructor?.name && (t += ` Received an instance of ${e.constructor.name}`), t;
 }
-const ve = (e, ...t) => se("Key must be ", e, ...t), ae = (e, t, ...r) => se(`Key for the ${e} algorithm must be `, t, ...r), ie = (e) => {
-  if (e?.[Symbol.toStringTag] === "CryptoKey")
+const Ce = (t, ...e) => ne("Key must be ", t, ...e), se = (t, e, ...r) => ne(`Key for the ${t} algorithm must be `, e, ...r), ae = (t) => {
+  if (t?.[Symbol.toStringTag] === "CryptoKey")
     return !0;
   try {
-    return e instanceof CryptoKey;
+    return t instanceof CryptoKey;
   } catch {
     return !1;
   }
-}, oe = (e) => e?.[Symbol.toStringTag] === "KeyObject", ce = (e) => ie(e) || oe(e);
-function Ce(...e) {
-  const t = e.filter(Boolean);
-  if (t.length === 0 || t.length === 1)
+}, ie = (t) => t?.[Symbol.toStringTag] === "KeyObject", oe = (t) => ae(t) || ie(t);
+function _e(...t) {
+  const e = t.filter(Boolean);
+  if (e.length === 0 || e.length === 1)
     return !0;
   let r;
-  for (const n of t) {
+  for (const n of e) {
     const s = Object.keys(n);
     if (!r || r.size === 0) {
       r = new Set(s);
@@ -525,33 +529,33 @@ function Ce(...e) {
   }
   return !0;
 }
-const _e = (e) => typeof e == "object" && e !== null;
-function E(e) {
-  if (!_e(e) || Object.prototype.toString.call(e) !== "[object Object]")
+const Re = (t) => typeof t == "object" && t !== null;
+function b(t) {
+  if (!Re(t) || Object.prototype.toString.call(t) !== "[object Object]")
     return !1;
-  if (Object.getPrototypeOf(e) === null)
+  if (Object.getPrototypeOf(t) === null)
     return !0;
-  let t = e;
-  for (; Object.getPrototypeOf(t) !== null; )
-    t = Object.getPrototypeOf(t);
-  return Object.getPrototypeOf(e) === t;
-}
-function Re(e, t) {
-  if (e.startsWith("RS") || e.startsWith("PS")) {
-    const { modulusLength: r } = t.algorithm;
+  let e = t;
+  for (; Object.getPrototypeOf(e) !== null; )
+    e = Object.getPrototypeOf(e);
+  return Object.getPrototypeOf(t) === e;
+}
+function Pe(t, e) {
+  if (t.startsWith("RS") || t.startsWith("PS")) {
+    const { modulusLength: r } = e.algorithm;
     if (typeof r != "number" || r < 2048)
-      throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
+      throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`);
   }
 }
-function Pe(e) {
-  let t, r;
-  switch (e.kty) {
+function We(t) {
+  let e, r;
+  switch (t.kty) {
     case "AKP": {
-      switch (e.alg) {
+      switch (t.alg) {
         case "ML-DSA-44":
         case "ML-DSA-65":
         case "ML-DSA-87":
-          t = { name: e.alg }, r = e.priv ? ["sign"] : ["verify"];
+          e = { name: t.alg }, r = t.priv ? ["sign"] : ["verify"];
           break;
         default:
           throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
@@ -559,25 +563,25 @@ function Pe(e) {
       break;
     }
     case "RSA": {
-      switch (e.alg) {
+      switch (t.alg) {
         case "PS256":
         case "PS384":
         case "PS512":
-          t = { name: "RSA-PSS", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
+          e = { name: "RSA-PSS", hash: `SHA-${t.alg.slice(-3)}` }, r = t.d ? ["sign"] : ["verify"];
           break;
         case "RS256":
         case "RS384":
         case "RS512":
-          t = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
+          e = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${t.alg.slice(-3)}` }, r = t.d ? ["sign"] : ["verify"];
           break;
         case "RSA-OAEP":
         case "RSA-OAEP-256":
         case "RSA-OAEP-384":
         case "RSA-OAEP-512":
-          t = {
+          e = {
             name: "RSA-OAEP",
-            hash: `SHA-${parseInt(e.alg.slice(-3), 10) || 1}`
-          }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
+            hash: `SHA-${parseInt(t.alg.slice(-3), 10) || 1}`
+          }, r = t.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
           break;
         default:
           throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
@@ -585,21 +589,21 @@ function Pe(e) {
       break;
     }
     case "EC": {
-      switch (e.alg) {
+      switch (t.alg) {
         case "ES256":
-          t = { name: "ECDSA", namedCurve: "P-256" }, r = e.d ? ["sign"] : ["verify"];
+          e = { name: "ECDSA", namedCurve: "P-256" }, r = t.d ? ["sign"] : ["verify"];
           break;
         case "ES384":
-          t = { name: "ECDSA", namedCurve: "P-384" }, r = e.d ? ["sign"] : ["verify"];
+          e = { name: "ECDSA", namedCurve: "P-384" }, r = t.d ? ["sign"] : ["verify"];
           break;
         case "ES512":
-          t = { name: "ECDSA", namedCurve: "P-521" }, r = e.d ? ["sign"] : ["verify"];
+          e = { name: "ECDSA", namedCurve: "P-521" }, r = t.d ? ["sign"] : ["verify"];
           break;
         case "ECDH-ES":
         case "ECDH-ES+A128KW":
         case "ECDH-ES+A192KW":
         case "ECDH-ES+A256KW":
-          t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
+          e = { name: "ECDH", namedCurve: t.crv }, r = t.d ? ["deriveBits"] : [];
           break;
         default:
           throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
@@ -607,16 +611,16 @@ function Pe(e) {
       break;
     }
     case "OKP": {
-      switch (e.alg) {
+      switch (t.alg) {
         case "Ed25519":
         case "EdDSA":
-          t = { name: "Ed25519" }, r = e.d ? ["sign"] : ["verify"];
+          e = { name: "Ed25519" }, r = t.d ? ["sign"] : ["verify"];
           break;
         case "ECDH-ES":
         case "ECDH-ES+A128KW":
         case "ECDH-ES+A192KW":
         case "ECDH-ES+A256KW":
-          t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
+          e = { name: t.crv }, r = t.d ? ["deriveBits"] : [];
           break;
         default:
           throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
@@ -626,78 +630,84 @@ function Pe(e) {
     default:
       throw new w('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
   }
-  return { algorithm: t, keyUsages: r };
+  return { algorithm: e, keyUsages: r };
 }
-async function R(e) {
-  if (!e.alg)
+async function W(t) {
+  if (!t.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = Pe(e), n = { ...e };
-  return n.kty !== "AKP" && delete n.alg, delete n.use, crypto.subtle.importKey("jwk", n, t, e.ext ?? !(e.d || e.priv), e.key_ops ?? r);
+  const { algorithm: e, keyUsages: r } = We(t), n = { ...t };
+  return n.kty !== "AKP" && delete n.alg, delete n.use, crypto.subtle.importKey("jwk", n, e, t.ext ?? !(t.d || t.priv), t.key_ops ?? r);
 }
-async function We(e, t, r) {
-  if (!E(e))
+async function ke(t, e, r) {
+  if (!b(t))
     throw new TypeError("JWK must be an object");
   let n;
-  switch (t ??= e.alg, n ??= e.ext, e.kty) {
+  switch (e ??= t.alg, n ??= t.ext, t.kty) {
     case "oct":
-      if (typeof e.k != "string" || !e.k)
+      if (typeof t.k != "string" || !t.k)
         throw new TypeError('missing "k" (Key Value) Parameter value');
-      return C(e.k);
+      return C(t.k);
     case "RSA":
-      if ("oth" in e && e.oth !== void 0)
+      if ("oth" in t && t.oth !== void 0)
         throw new w('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
-      return R({ ...e, alg: t, ext: n });
+      return W({ ...t, alg: e, ext: n });
     case "AKP": {
-      if (typeof e.alg != "string" || !e.alg)
+      if (typeof t.alg != "string" || !t.alg)
         throw new TypeError('missing "alg" (Algorithm) Parameter value');
-      if (t !== void 0 && t !== e.alg)
+      if (e !== void 0 && e !== t.alg)
         throw new TypeError("JWK alg and alg option value mismatch");
-      return R({ ...e, ext: n });
+      return W({ ...t, ext: n });
     }
     case "EC":
     case "OKP":
-      return R({ ...e, alg: t, ext: n });
+      return W({ ...t, alg: e, ext: n });
     default:
       throw new w('Unsupported "kty" (Key Type) Parameter value');
   }
 }
-function ke(e, t, r, n, s) {
+function Ie(t, e, r, n, s) {
   if (s.crit !== void 0 && n?.crit === void 0)
-    throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
+    throw new t('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
   if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((i) => typeof i != "string" || i.length === 0))
-    throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
+    throw new t('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
   let a;
-  a = t;
+  r !== void 0 ? a = new Map([...Object.entries(r), ...e.entries()]) : a = e;
   for (const i of n.crit) {
     if (!a.has(i))
       throw new w(`Extension Header Parameter "${i}" is not recognized`);
     if (s[i] === void 0)
-      throw new e(`Extension Header Parameter "${i}" is missing`);
+      throw new t(`Extension Header Parameter "${i}" is missing`);
     if (a.get(i) && n[i] === void 0)
-      throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`);
+      throw new t(`Extension Header Parameter "${i}" MUST be integrity protected`);
   }
   return new Set(n.crit);
 }
-const L = (e) => E(e) && typeof e.kty == "string", Ie = (e) => e.kty !== "oct" && (e.kty === "AKP" && typeof e.priv == "string" || typeof e.d == "string"), Je = (e) => e.kty !== "oct" && e.d === void 0 && e.priv === void 0, xe = (e) => e.kty === "oct" && typeof e.k == "string";
-let T;
-const B = async (e, t, r, n = !1) => {
-  T ||= /* @__PURE__ */ new WeakMap();
-  let s = T.get(e);
+function Je(t, e) {
+  if (e !== void 0 && (!Array.isArray(e) || e.some((r) => typeof r != "string")))
+    throw new TypeError(`"${t}" option must be an array of strings`);
+  if (e)
+    return new Set(e);
+}
+const V = (t) => b(t) && typeof t.kty == "string", xe = (t) => t.kty !== "oct" && (t.kty === "AKP" && typeof t.priv == "string" || typeof t.d == "string"), Oe = (t) => t.kty !== "oct" && t.d === void 0 && t.priv === void 0, De = (t) => t.kty === "oct" && typeof t.k == "string";
+let K;
+const q = async (t, e, r, n = !1) => {
+  K ||= /* @__PURE__ */ new WeakMap();
+  let s = K.get(t);
   if (s?.[r])
     return s[r];
-  const a = await R({ ...t, alg: r });
-  return n && Object.freeze(e), s ? s[r] = a : T.set(e, { [r]: a }), a;
-}, Ue = (e, t) => {
-  T ||= /* @__PURE__ */ new WeakMap();
-  let r = T.get(e);
-  if (r?.[t])
-    return r[t];
-  const n = e.type === "public", s = !!n;
+  const a = await W({ ...e, alg: r });
+  return n && Object.freeze(t), s ? s[r] = a : K.set(t, { [r]: a }), a;
+}, Ue = (t, e) => {
+  K ||= /* @__PURE__ */ new WeakMap();
+  let r = K.get(t);
+  if (r?.[e])
+    return r[e];
+  const n = t.type === "public", s = !!n;
   let a;
-  if (e.asymmetricKeyType === "x25519") {
-    switch (t) {
+  if (t.asymmetricKeyType === "x25519") {
+    switch (e) {
       case "ECDH-ES":
       case "ECDH-ES+A128KW":
       case "ECDH-ES+A192KW":
@@ -706,29 +716,29 @@ const B = async (e, t, r, n = !1) => {
       default:
         throw new TypeError("given KeyObject instance cannot be used for this algorithm");
     }
-    a = e.toCryptoKey(e.asymmetricKeyType, s, n ? [] : ["deriveBits"]);
+    a = t.toCryptoKey(t.asymmetricKeyType, s, n ? [] : ["deriveBits"]);
   }
-  if (e.asymmetricKeyType === "ed25519") {
-    if (t !== "EdDSA" && t !== "Ed25519")
+  if (t.asymmetricKeyType === "ed25519") {
+    if (e !== "EdDSA" && e !== "Ed25519")
       throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    a = e.toCryptoKey(e.asymmetricKeyType, s, [
+    a = t.toCryptoKey(t.asymmetricKeyType, s, [
       n ? "verify" : "sign"
     ]);
   }
-  switch (e.asymmetricKeyType) {
+  switch (t.asymmetricKeyType) {
     case "ml-dsa-44":
     case "ml-dsa-65":
     case "ml-dsa-87": {
-      if (t !== e.asymmetricKeyType.toUpperCase())
+      if (e !== t.asymmetricKeyType.toUpperCase())
         throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-      a = e.toCryptoKey(e.asymmetricKeyType, s, [
+      a = t.toCryptoKey(t.asymmetricKeyType, s, [
         n ? "verify" : "sign"
       ]);
     }
   }
-  if (e.asymmetricKeyType === "rsa") {
+  if (t.asymmetricKeyType === "rsa") {
     let i;
-    switch (t) {
+    switch (e) {
       case "RSA-OAEP":
         i = "SHA-1";
         break;
@@ -750,64 +760,64 @@ const B = async (e, t, r, n = !1) => {
       default:
         throw new TypeError("given KeyObject instance cannot be used for this algorithm");
     }
-    if (t.startsWith("RSA-OAEP"))
-      return e.toCryptoKey({
+    if (e.startsWith("RSA-OAEP"))
+      return t.toCryptoKey({
         name: "RSA-OAEP",
         hash: i
       }, s, n ? ["encrypt"] : ["decrypt"]);
-    a = e.toCryptoKey({
-      name: t.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5",
+    a = t.toCryptoKey({
+      name: e.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5",
       hash: i
     }, s, [n ? "verify" : "sign"]);
   }
-  if (e.asymmetricKeyType === "ec") {
+  if (t.asymmetricKeyType === "ec") {
     const c = (/* @__PURE__ */ new Map([
       ["prime256v1", "P-256"],
       ["secp384r1", "P-384"],
       ["secp521r1", "P-521"]
-    ])).get(e.asymmetricKeyDetails?.namedCurve);
+    ])).get(t.asymmetricKeyDetails?.namedCurve);
     if (!c)
       throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    t === "ES256" && c === "P-256" && (a = e.toCryptoKey({
+    e === "ES256" && c === "P-256" && (a = t.toCryptoKey({
       name: "ECDSA",
       namedCurve: c
-    }, s, [n ? "verify" : "sign"])), t === "ES384" && c === "P-384" && (a = e.toCryptoKey({
+    }, s, [n ? "verify" : "sign"])), e === "ES384" && c === "P-384" && (a = t.toCryptoKey({
       name: "ECDSA",
       namedCurve: c
-    }, s, [n ? "verify" : "sign"])), t === "ES512" && c === "P-521" && (a = e.toCryptoKey({
+    }, s, [n ? "verify" : "sign"])), e === "ES512" && c === "P-521" && (a = t.toCryptoKey({
       name: "ECDSA",
       namedCurve: c
-    }, s, [n ? "verify" : "sign"])), t.startsWith("ECDH-ES") && (a = e.toCryptoKey({
+    }, s, [n ? "verify" : "sign"])), e.startsWith("ECDH-ES") && (a = t.toCryptoKey({
       name: "ECDH",
       namedCurve: c
     }, s, n ? [] : ["deriveBits"]));
   }
   if (!a)
     throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-  return r ? r[t] = a : T.set(e, { [t]: a }), a;
+  return r ? r[e] = a : K.set(t, { [e]: a }), a;
 };
-async function De(e, t) {
-  if (e instanceof Uint8Array || ie(e))
-    return e;
-  if (oe(e)) {
-    if (e.type === "secret")
-      return e.export();
-    if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
+async function Me(t, e) {
+  if (t instanceof Uint8Array || ae(t))
+    return t;
+  if (ie(t)) {
+    if (t.type === "secret")
+      return t.export();
+    if ("toCryptoKey" in t && typeof t.toCryptoKey == "function")
       try {
-        return Ue(e, t);
+        return Ue(t, e);
       } catch (n) {
         if (n instanceof TypeError)
           throw n;
       }
-    let r = e.export({ format: "jwk" });
-    return B(e, r, t);
+    let r = t.export({ format: "jwk" });
+    return q(t, r, e);
   }
-  if (L(e))
-    return e.k ? C(e.k) : B(e, e, t, !0);
+  if (V(t))
+    return t.k ? C(t.k) : q(t, t, e, !0);
   throw new Error("unreachable");
 }
-const K = (e) => e?.[Symbol.toStringTag], M = (e, t, r) => {
-  if (t.use !== void 0) {
+const T = (t) => t?.[Symbol.toStringTag], M = (t, e, r) => {
+  if (e.use !== void 0) {
     let n;
     switch (r) {
       case "sign":
@@ -819,97 +829,97 @@ const K = (e) => e?.[Symbol.toStringTag], M = (e, t, r) => {
         n = "enc";
         break;
     }
-    if (t.use !== n)
+    if (e.use !== n)
       throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`);
   }
-  if (t.alg !== void 0 && t.alg !== e)
-    throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);
-  if (Array.isArray(t.key_ops)) {
+  if (e.alg !== void 0 && e.alg !== t)
+    throw new TypeError(`Invalid key for this operation, its "alg" must be "${t}" when present`);
+  if (Array.isArray(e.key_ops)) {
     let n;
     switch (!0) {
       case r === "verify":
-      case e === "dir":
-      case e.includes("CBC-HS"):
+      case t === "dir":
+      case t.includes("CBC-HS"):
         n = r;
         break;
-      case e.startsWith("PBES2"):
+      case t.startsWith("PBES2"):
         n = "deriveBits";
         break;
-      case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):
-        !e.includes("GCM") && e.endsWith("KW") ? n = "unwrapKey" : n = r;
+      case /^A\d{3}(?:GCM)?(?:KW)?$/.test(t):
+        !t.includes("GCM") && t.endsWith("KW") ? n = "unwrapKey" : n = r;
         break;
       case r === "encrypt":
         n = "wrapKey";
         break;
       case r === "decrypt":
-        n = e.startsWith("RSA") ? "unwrapKey" : "deriveBits";
+        n = t.startsWith("RSA") ? "unwrapKey" : "deriveBits";
         break;
     }
-    if (n && t.key_ops?.includes?.(n) === !1)
+    if (n && e.key_ops?.includes?.(n) === !1)
       throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`);
   }
   return !0;
-}, Me = (e, t, r) => {
-  if (!(t instanceof Uint8Array)) {
-    if (L(t)) {
-      if (xe(t) && M(e, t, r))
+}, He = (t, e, r) => {
+  if (!(e instanceof Uint8Array)) {
+    if (V(e)) {
+      if (De(e) && M(t, e, r))
         return;
       throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
     }
-    if (!ce(t))
-      throw new TypeError(ae(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
-    if (t.type !== "secret")
-      throw new TypeError(`${K(t)} instances for symmetric algorithms must be of type "secret"`);
+    if (!oe(e))
+      throw new TypeError(se(t, e, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
+    if (e.type !== "secret")
+      throw new TypeError(`${T(e)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Oe = (e, t, r) => {
-  if (L(t))
+}, Ne = (t, e, r) => {
+  if (V(e))
     switch (r) {
       case "decrypt":
       case "sign":
-        if (Ie(t) && M(e, t, r))
+        if (xe(e) && M(t, e, r))
           return;
         throw new TypeError("JSON Web Key for this operation must be a private JWK");
       case "encrypt":
       case "verify":
-        if (Je(t) && M(e, t, r))
+        if (Oe(e) && M(t, e, r))
           return;
         throw new TypeError("JSON Web Key for this operation must be a public JWK");
     }
-  if (!ce(t))
-    throw new TypeError(ae(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
-  if (t.type === "secret")
-    throw new TypeError(`${K(t)} instances for asymmetric algorithms must not be of type "secret"`);
-  if (t.type === "public")
+  if (!oe(e))
+    throw new TypeError(se(t, e, "CryptoKey", "KeyObject", "JSON Web Key"));
+  if (e.type === "secret")
+    throw new TypeError(`${T(e)} instances for asymmetric algorithms must not be of type "secret"`);
+  if (e.type === "public")
     switch (r) {
       case "sign":
-        throw new TypeError(`${K(t)} instances for asymmetric algorithm signing must be of type "private"`);
+        throw new TypeError(`${T(e)} instances for asymmetric algorithm signing must be of type "private"`);
       case "decrypt":
-        throw new TypeError(`${K(t)} instances for asymmetric algorithm decryption must be of type "private"`);
+        throw new TypeError(`${T(e)} instances for asymmetric algorithm decryption must be of type "private"`);
     }
-  if (t.type === "private")
+  if (e.type === "private")
     switch (r) {
       case "verify":
-        throw new TypeError(`${K(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+        throw new TypeError(`${T(e)} instances for asymmetric algorithm verifying must be of type "public"`);
       case "encrypt":
-        throw new TypeError(`${K(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+        throw new TypeError(`${T(e)} instances for asymmetric algorithm encryption must be of type "public"`);
     }
 };
-function He(e, t, r) {
-  switch (e.substring(0, 2)) {
+function Le(t, e, r) {
+  switch (t.substring(0, 2)) {
     case "A1":
     case "A2":
     case "di":
     case "HS":
     case "PB":
-      Me(e, t, r);
+      He(t, e, r);
       break;
     default:
-      Oe(e, t, r);
+      Ne(t, e, r);
   }
 }
-function Ne(e, t) {
-  const r = `SHA-${e.slice(-3)}`;
-  switch (e) {
+function $e(t, e) {
+  const r = `SHA-${t.slice(-3)}`;
+  switch (t) {
     case "HS256":
     case "HS384":
     case "HS512":
@@ -917,7 +927,7 @@ function Ne(e, t) {
     case "PS256":
     case "PS384":
     case "PS512":
-      return { hash: r, name: "RSA-PSS", saltLength: parseInt(e.slice(-3), 10) >> 3 };
+      return { hash: r, name: "RSA-PSS", saltLength: parseInt(t.slice(-3), 10) >> 3 };
     case "RS256":
     case "RS384":
     case "RS512":
@@ -925,112 +935,115 @@ function Ne(e, t) {
     case "ES256":
     case "ES384":
     case "ES512":
-      return { hash: r, name: "ECDSA", namedCurve: t.namedCurve };
+      return { hash: r, name: "ECDSA", namedCurve: e.namedCurve };
     case "Ed25519":
     case "EdDSA":
       return { name: "Ed25519" };
     case "ML-DSA-44":
     case "ML-DSA-65":
     case "ML-DSA-87":
-      return { name: e };
+      return { name: t };
     default:
-      throw new w(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+      throw new w(`alg ${t} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function $e(e, t, r) {
-  if (t instanceof Uint8Array) {
-    if (!e.startsWith("HS"))
-      throw new TypeError(ve(t, "CryptoKey", "KeyObject", "JSON Web Key"));
-    return crypto.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
+async function Fe(t, e, r) {
+  if (e instanceof Uint8Array) {
+    if (!t.startsWith("HS"))
+      throw new TypeError(Ce(e, "CryptoKey", "KeyObject", "JSON Web Key"));
+    return crypto.subtle.importKey("raw", e, { hash: `SHA-${t.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  return Te(t, e, r), t;
+  return ve(e, t, r), e;
 }
-async function Le(e, t, r, n) {
-  const s = await $e(e, t, "verify");
-  Re(e, s);
-  const a = Ne(e, s.algorithm);
+async function Ve(t, e, r, n) {
+  const s = await Fe(t, e, "verify");
+  Pe(t, s);
+  const a = $e(t, s.algorithm);
   try {
     return await crypto.subtle.verify(a, s, r, n);
   } catch {
     return !1;
   }
 }
-async function Fe(e, t, r) {
-  if (!E(e))
+async function Ge(t, e, r) {
+  if (!b(t))
     throw new f("Flattened JWS must be an object");
-  if (e.protected === void 0 && e.header === void 0)
+  if (t.protected === void 0 && t.header === void 0)
     throw new f('Flattened JWS must have either of the "protected" or "header" members');
-  if (e.protected !== void 0 && typeof e.protected != "string")
+  if (t.protected !== void 0 && typeof t.protected != "string")
     throw new f("JWS Protected Header incorrect type");
-  if (e.payload === void 0)
+  if (t.payload === void 0)
     throw new f("JWS Payload missing");
-  if (typeof e.signature != "string")
+  if (typeof t.signature != "string")
     throw new f("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !E(e.header))
+  if (t.header !== void 0 && !b(t.header))
     throw new f("JWS Unprotected Header incorrect type");
   let n = {};
-  if (e.protected)
+  if (t.protected)
     try {
-      const P = C(e.protected);
-      n = JSON.parse(_.decode(P));
+      const he = C(t.protected);
+      n = JSON.parse(_.decode(he));
     } catch {
       throw new f("JWS Protected Header is invalid");
     }
-  if (!Ce(n, e.header))
+  if (!_e(n, t.header))
     throw new f("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const s = {
     ...n,
-    ...e.header
-  }, a = ke(f, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, s);
+    ...t.header
+  }, a = Ie(f, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, n, s);
   let i = !0;
   if (a.has("b64") && (i = n.b64, typeof i != "boolean"))
     throw new f('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: c } = s;
   if (typeof c != "string" || !c)
     throw new f('JWS "alg" (Algorithm) Header Parameter missing or invalid');
+  const h = r && Je("algorithms", r.algorithms);
+  if (h && !h.has(c))
+    throw new ge('"alg" (Algorithm) Header Parameter value not allowed');
   if (i) {
-    if (typeof e.payload != "string")
+    if (typeof t.payload != "string")
       throw new f("JWS Payload must be a string");
-  } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
+  } else if (typeof t.payload != "string" && !(t.payload instanceof Uint8Array))
     throw new f("JWS Payload must be a string or an Uint8Array instance");
-  let h = !1;
-  typeof t == "function" && (t = await t(n, e), h = !0), He(c, t, "verify");
-  const u = we(e.protected !== void 0 ? J(e.protected) : new Uint8Array(), J("."), typeof e.payload == "string" ? i ? J(e.payload) : G.encode(e.payload) : e.payload);
-  let o;
+  let u = !1;
+  typeof e == "function" && (e = await e(n, t), u = !0), Le(c, e, "verify");
+  const o = we(t.protected !== void 0 ? x(t.protected) : new Uint8Array(), x("."), typeof t.payload == "string" ? i ? x(t.payload) : B.encode(t.payload) : t.payload);
+  let l;
   try {
-    o = C(e.signature);
+    l = C(t.signature);
   } catch {
     throw new f("Failed to base64url decode the signature");
   }
-  const d = await De(t, c);
-  if (!await Le(c, d, o, u))
-    throw new Ee();
-  let b;
+  const R = await Me(e, c);
+  if (!await Ve(c, R, l, o))
+    throw new Ae();
+  let p;
   if (i)
     try {
-      b = C(e.payload);
+      p = C(t.payload);
     } catch {
       throw new f("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? b = G.encode(e.payload) : b = e.payload;
-  const p = { payload: b };
-  return e.protected !== void 0 && (p.protectedHeader = n), e.header !== void 0 && (p.unprotectedHeader = e.header), h ? { ...p, key: d } : p;
+  else typeof t.payload == "string" ? p = B.encode(t.payload) : p = t.payload;
+  const E = { payload: p };
+  return t.protected !== void 0 && (E.protectedHeader = n), t.header !== void 0 && (E.unprotectedHeader = t.header), u ? { ...E, key: R } : E;
 }
-async function Ve(e, t, r) {
-  if (e instanceof Uint8Array && (e = _.decode(e)), typeof e != "string")
+async function Be(t, e, r) {
+  if (t instanceof Uint8Array && (t = _.decode(t)), typeof t != "string")
     throw new f("Compact JWS must be a string or Uint8Array");
-  const { 0: n, 1: s, 2: a, length: i } = e.split(".");
+  const { 0: n, 1: s, 2: a, length: i } = t.split(".");
   if (i !== 3)
     throw new f("Invalid Compact JWS");
-  const c = await Fe({ payload: s, protected: n, signature: a }, t, r), h = { payload: c.payload, protectedHeader: c.protectedHeader };
-  return typeof t == "function" ? { ...h, key: c.key } : h;
+  const c = await Ge({ payload: s, protected: n, signature: a }, e, r), h = { payload: c.payload, protectedHeader: c.protectedHeader };
+  return typeof e == "function" ? { ...h, key: c.key } : h;
 }
-const Ge = (e) => Math.floor(e.getTime() / 1e3), ue = 60, he = ue * 60, F = he * 24, ze = F * 7, Be = F * 365.25, qe = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
-function q(e) {
-  const t = qe.exec(e);
-  if (!t || t[4] && t[1])
+const ze = (t) => Math.floor(t.getTime() / 1e3), ce = 60, ue = ce * 60, G = ue * 24, qe = G * 7, Ye = G * 365.25, Xe = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
+function Y(t) {
+  const e = Xe.exec(t);
+  if (!e || e[4] && e[1])
     throw new TypeError("Invalid time period format");
-  const r = parseFloat(t[2]), n = t[3].toLowerCase();
+  const r = parseFloat(e[2]), n = e[3].toLowerCase();
   let s;
   switch (n) {
     case "sec":
@@ -1045,42 +1058,42 @@ function q(e) {
     case "min":
     case "mins":
     case "m":
-      s = Math.round(r * ue);
+      s = Math.round(r * ce);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      s = Math.round(r * he);
+      s = Math.round(r * ue);
       break;
     case "day":
     case "days":
     case "d":
-      s = Math.round(r * F);
+      s = Math.round(r * G);
       break;
     case "week":
     case "weeks":
     case "w":
-      s = Math.round(r * ze);
+      s = Math.round(r * qe);
       break;
     default:
-      s = Math.round(r * Be);
+      s = Math.round(r * Ye);
       break;
   }
-  return t[1] === "-" || t[4] === "ago" ? -s : s;
+  return e[1] === "-" || e[4] === "ago" ? -s : s;
 }
-const Y = (e) => e.includes("/") ? e.toLowerCase() : `application/${e.toLowerCase()}`, Ye = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
-function Xe(e, t, r = {}) {
+const X = (t) => t.includes("/") ? t.toLowerCase() : `application/${t.toLowerCase()}`, Qe = (t, e) => typeof t == "string" ? e.includes(t) : Array.isArray(t) ? e.some(Set.prototype.has.bind(new Set(t))) : !1;
+function Ze(t, e, r = {}) {
   let n;
   try {
-    n = JSON.parse(_.decode(t));
+    n = JSON.parse(_.decode(e));
   } catch {
   }
-  if (!E(n))
-    throw new te("JWT Claims Set must be a top-level JSON object");
+  if (!b(n))
+    throw new ee("JWT Claims Set must be a top-level JSON object");
   const { typ: s } = r;
-  if (s && (typeof e.typ != "string" || Y(e.typ) !== Y(s)))
+  if (s && (typeof t.typ != "string" || X(t.typ) !== X(s)))
     throw new y('unexpected "typ" JWT header value', n, "typ", "check_failed");
   const { requiredClaims: a = [], issuer: i, subject: c, audience: h, maxTokenAge: u } = r, o = [...a];
   u !== void 0 && o.push("iat"), h !== void 0 && o.push("aud"), c !== void 0 && o.push("sub"), i !== void 0 && o.push("iss");
@@ -1091,55 +1104,55 @@ function Xe(e, t, r = {}) {
     throw new y('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new y('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (h && !Ye(n.aud, typeof h == "string" ? [h] : h))
+  if (h && !Qe(n.aud, typeof h == "string" ? [h] : h))
     throw new y('unexpected "aud" claim value', n, "aud", "check_failed");
-  let d;
+  let l;
   switch (typeof r.clockTolerance) {
     case "string":
-      d = q(r.clockTolerance);
+      l = Y(r.clockTolerance);
       break;
     case "number":
-      d = r.clockTolerance;
+      l = r.clockTolerance;
       break;
     case "undefined":
-      d = 0;
+      l = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: V } = r, b = Ge(V || /* @__PURE__ */ new Date());
+  const { currentDate: R } = r, P = ze(R || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || u) && typeof n.iat != "number")
     throw new y('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
     if (typeof n.nbf != "number")
       throw new y('"nbf" claim must be a number', n, "nbf", "invalid");
-    if (n.nbf > b + d)
+    if (n.nbf > P + l)
       throw new y('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
   }
   if (n.exp !== void 0) {
     if (typeof n.exp != "number")
       throw new y('"exp" claim must be a number', n, "exp", "invalid");
-    if (n.exp <= b - d)
+    if (n.exp <= P - l)
       throw new z('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (u) {
-    const p = b - n.iat, P = typeof u == "number" ? u : q(u);
-    if (p - d > P)
+    const p = P - n.iat, E = typeof u == "number" ? u : Y(u);
+    if (p - l > E)
       throw new z('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
-    if (p < 0 - d)
+    if (p < 0 - l)
       throw new y('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
   return n;
 }
-async function Qe(e, t, r) {
-  const n = await Ve(e, t, r);
+async function je(t, e, r) {
+  const n = await Be(t, e, r);
   if (n.protectedHeader.crit?.includes("b64") && n.protectedHeader.b64 === !1)
-    throw new te("JWTs MUST NOT use unencoded payload");
-  const a = { payload: Xe(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...a, key: n.key } : a;
+    throw new ee("JWTs MUST NOT use unencoded payload");
+  const a = { payload: Ze(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  return typeof e == "function" ? { ...a, key: n.key } : a;
 }
-function Ze(e) {
-  switch (typeof e == "string" && e.slice(0, 2)) {
+function et(t) {
+  switch (typeof t == "string" && t.slice(0, 2)) {
     case "RS":
     case "PS":
       return "RSA";
@@ -1153,25 +1166,25 @@ function Ze(e) {
       throw new w('Unsupported "alg" value for a JSON Web Key Set');
   }
 }
-function je(e) {
-  return e && typeof e == "object" && Array.isArray(e.keys) && e.keys.every(et);
+function tt(t) {
+  return t && typeof t == "object" && Array.isArray(t.keys) && t.keys.every(rt);
 }
-function et(e) {
-  return E(e);
+function rt(t) {
+  return b(t);
 }
-class tt {
+class nt {
   #r;
   #i = /* @__PURE__ */ new WeakMap();
-  constructor(t) {
-    if (!je(t))
-      throw new re("JSON Web Key Set malformed");
-    this.#r = structuredClone(t);
+  constructor(e) {
+    if (!tt(e))
+      throw new te("JSON Web Key Set malformed");
+    this.#r = structuredClone(e);
   }
   jwks() {
     return this.#r;
   }
-  async getKey(t, r) {
-    const { alg: n, kid: s } = { ...t, ...r?.header }, a = Ze(n), i = this.#r.keys.filter((u) => {
+  async getKey(e, r) {
+    const { alg: n, kid: s } = { ...e, ...r?.header }, a = et(n), i = this.#r.keys.filter((u) => {
       let o = a === u.kty;
       if (o && typeof s == "string" && (o = s === u.kid), o && (typeof u.alg == "string" || a === "AKP") && (o = n === u.alg), o && typeof u.use == "string" && (o = u.use === "sig"), o && Array.isArray(u.key_ops) && (o = u.key_ops.includes("verify")), o)
         switch (n) {
@@ -1192,69 +1205,69 @@ class tt {
       return o;
     }), { 0: c, length: h } = i;
     if (h === 0)
-      throw new ne();
+      throw new re();
     if (h !== 1) {
-      const u = new ge(), o = this.#i;
+      const u = new be(), o = this.#i;
       throw u[Symbol.asyncIterator] = async function* () {
-        for (const d of i)
+        for (const l of i)
           try {
-            yield await X(o, d, n);
+            yield await Q(o, l, n);
           } catch {
           }
       }, u;
     }
-    return X(this.#i, c, n);
+    return Q(this.#i, c, n);
   }
 }
-async function X(e, t, r) {
-  const n = e.get(t) || e.set(t, {}).get(t);
+async function Q(t, e, r) {
+  const n = t.get(e) || t.set(e, {}).get(e);
   if (n[r] === void 0) {
-    const s = await We({ ...t, ext: !0 }, r);
+    const s = await ke({ ...e, ext: !0 }, r);
     if (s instanceof Uint8Array || s.type !== "public")
-      throw new re("JSON Web Key Set members must be public keys");
+      throw new te("JSON Web Key Set members must be public keys");
     n[r] = s;
   }
   return n[r];
 }
-function Q(e) {
-  const t = new tt(e), r = async (n, s) => t.getKey(n, s);
+function Z(t) {
+  const e = new nt(t), r = async (n, s) => e.getKey(n, s);
   return Object.defineProperties(r, {
     jwks: {
-      value: () => structuredClone(t.jwks()),
+      value: () => structuredClone(e.jwks()),
       enumerable: !1,
       configurable: !1,
       writable: !1
     }
   }), r;
 }
-function rt() {
+function st() {
   return typeof WebSocketPair < "u" || typeof navigator < "u" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime < "u" && EdgeRuntime === "vercel";
 }
-let O;
-(typeof navigator > "u" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) && (O = "jose/v6.1.3");
-const nt = /* @__PURE__ */ Symbol();
-async function st(e, t, r, n = fetch) {
-  const s = await n(e, {
+let H;
+(typeof navigator > "u" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) && (H = "jose/v6.1.3");
+const at = /* @__PURE__ */ Symbol();
+async function it(t, e, r, n = fetch) {
+  const s = await n(t, {
     method: "GET",
     signal: r,
     redirect: "manual",
-    headers: t
+    headers: e
   }).catch((a) => {
-    throw a.name === "TimeoutError" ? new be() : a;
+    throw a.name === "TimeoutError" ? new Ee() : a;
   });
   if (s.status !== 200)
-    throw new l("Expected 200 OK from the JSON Web Key Set HTTP response");
+    throw new d("Expected 200 OK from the JSON Web Key Set HTTP response");
   try {
     return await s.json();
   } catch {
-    throw new l("Failed to parse the JSON Web Key Set HTTP response as JSON");
+    throw new d("Failed to parse the JSON Web Key Set HTTP response as JSON");
   }
 }
-const U = /* @__PURE__ */ Symbol();
-function at(e, t) {
-  return !(typeof e != "object" || e === null || !("uat" in e) || typeof e.uat != "number" || Date.now() - e.uat >= t || !("jwks" in e) || !E(e.jwks) || !Array.isArray(e.jwks.keys) || !Array.prototype.every.call(e.jwks.keys, E));
+const D = /* @__PURE__ */ Symbol();
+function ot(t, e) {
+  return !(typeof t != "object" || t === null || !("uat" in t) || typeof t.uat != "number" || Date.now() - t.uat >= e || !("jwks" in t) || !b(t.jwks) || !Array.isArray(t.jwks.keys) || !Array.prototype.every.call(t.jwks.keys, b));
 }
-class it {
+class ct {
   #r;
   #i;
   #c;
@@ -1265,10 +1278,10 @@ class it {
   #u;
   #s;
   #a;
-  constructor(t, r) {
-    if (!(t instanceof URL))
+  constructor(e, r) {
+    if (!(e instanceof URL))
       throw new TypeError("url must be an instance of URL");
-    this.#r = new URL(t.href), this.#i = typeof r?.timeoutDuration == "number" ? r?.timeoutDuration : 5e3, this.#c = typeof r?.cooldownDuration == "number" ? r?.cooldownDuration : 3e4, this.#o = typeof r?.cacheMaxAge == "number" ? r?.cacheMaxAge : 6e5, this.#t = new Headers(r?.headers), O && !this.#t.has("User-Agent") && this.#t.set("User-Agent", O), this.#t.has("accept") || (this.#t.set("accept", "application/json"), this.#t.append("accept", "application/jwk-set+json")), this.#u = r?.[nt], r?.[U] !== void 0 && (this.#a = r?.[U], at(r?.[U], this.#o) && (this.#n = this.#a.uat, this.#s = Q(this.#a.jwks)));
+    this.#r = new URL(e.href), this.#i = typeof r?.timeoutDuration == "number" ? r?.timeoutDuration : 5e3, this.#c = typeof r?.cooldownDuration == "number" ? r?.cooldownDuration : 3e4, this.#o = typeof r?.cacheMaxAge == "number" ? r?.cacheMaxAge : 6e5, this.#t = new Headers(r?.headers), H && !this.#t.has("User-Agent") && this.#t.set("User-Agent", H), this.#t.has("accept") || (this.#t.set("accept", "application/json"), this.#t.append("accept", "application/jwk-set+json")), this.#u = r?.[at], r?.[D] !== void 0 && (this.#a = r?.[D], ot(r?.[D], this.#o) && (this.#n = this.#a.uat, this.#s = Z(this.#a.jwks)));
   }
   pendingFetch() {
     return !!this.#e;
@@ -1282,26 +1295,26 @@ class it {
   jwks() {
     return this.#s?.jwks();
   }
-  async getKey(t, r) {
+  async getKey(e, r) {
     (!this.#s || !this.fresh()) && await this.reload();
     try {
-      return await this.#s(t, r);
+      return await this.#s(e, r);
     } catch (n) {
-      if (n instanceof ne && this.coolingDown() === !1)
-        return await this.reload(), this.#s(t, r);
+      if (n instanceof re && this.coolingDown() === !1)
+        return await this.reload(), this.#s(e, r);
       throw n;
     }
   }
   async reload() {
-    this.#e && rt() && (this.#e = void 0), this.#e ||= st(this.#r.href, this.#t, AbortSignal.timeout(this.#i), this.#u).then((t) => {
-      this.#s = Q(t), this.#a && (this.#a.uat = Date.now(), this.#a.jwks = t), this.#n = Date.now(), this.#e = void 0;
-    }).catch((t) => {
-      throw this.#e = void 0, t;
+    this.#e && st() && (this.#e = void 0), this.#e ||= it(this.#r.href, this.#t, AbortSignal.timeout(this.#i), this.#u).then((e) => {
+      this.#s = Z(e), this.#a && (this.#a.uat = Date.now(), this.#a.jwks = e), this.#n = Date.now(), this.#e = void 0;
+    }).catch((e) => {
+      throw this.#e = void 0, e;
     }), await this.#e;
   }
 }
-function ot(e, t) {
-  const r = new it(e, t), n = async (s, a) => r.getKey(s, a);
+function ut(t, e) {
+  const r = new ct(t, e), n = async (s, a) => r.getKey(s, a);
   return Object.defineProperties(n, {
     coolingDown: {
       get: () => r.coolingDown(),
@@ -1332,21 +1345,30 @@ function ot(e, t) {
     }
   }), n;
 }
-const Z = /* @__PURE__ */ new Map();
-async function ct(e, t = `${ee}/.well-known/jwks.json`) {
-  let r = Z.get(t);
-  return r || (r = ot(new URL(t)), Z.set(t, r)), Qe(e, r);
+const ht = ut(
+  new URL(`${F}/.well-known/jwks.json`)
+);
+async function ft(t) {
+  try {
+    const { payload: e } = await je(t, ht, {
+      issuer: F,
+      audience: "authenticated"
+    });
+    return e;
+  } catch (e) {
+    return console.error("Token verification failed:", e), null;
+  }
 }
-class ut {
+class dt {
   store = /* @__PURE__ */ new Map();
-  async get(t) {
-    return this.store.get(t) ?? null;
+  async get(e) {
+    return this.store.get(e) ?? null;
   }
-  async set(t, r) {
-    this.store.set(t, r);
+  async set(e, r) {
+    this.store.set(e, r);
   }
-  async remove(t) {
-    this.store.delete(t);
+  async remove(e) {
+    this.store.delete(e);
   }
   async clear() {
     this.store.clear();
@@ -1354,20 +1376,20 @@ class ut {
 }
 class j {
   prefix;
-  constructor(t = "genation") {
-    this.prefix = t;
+  constructor(e = "genation") {
+    this.prefix = e;
   }
-  getKey(t) {
-    return `${this.prefix}:${t}`;
+  getKey(e) {
+    return `${this.prefix}:${e}`;
   }
-  async get(t) {
-    return typeof window > "u" ? null : localStorage.getItem(this.getKey(t));
+  async get(e) {
+    return typeof window > "u" ? null : localStorage.getItem(this.getKey(e));
   }
-  async set(t, r) {
-    typeof window > "u" || localStorage.setItem(this.getKey(t), r);
+  async set(e, r) {
+    typeof window > "u" || localStorage.setItem(this.getKey(e), r);
   }
-  async remove(t) {
-    typeof window > "u" || localStorage.removeItem(this.getKey(t));
+  async remove(e) {
+    typeof window > "u" || localStorage.removeItem(this.getKey(e));
   }
   async clear() {
     if (typeof window > "u") return;
@@ -1376,22 +1398,22 @@ class j {
     ).forEach((r) => localStorage.removeItem(r));
   }
 }
-class ht {
+class lt {
   prefix;
-  constructor(t = "genation") {
-    this.prefix = t;
+  constructor(e = "genation") {
+    this.prefix = e;
   }
-  getKey(t) {
-    return `${this.prefix}:${t}`;
+  getKey(e) {
+    return `${this.prefix}:${e}`;
   }
-  async get(t) {
-    return typeof window > "u" ? null : sessionStorage.getItem(this.getKey(t));
+  async get(e) {
+    return typeof window > "u" ? null : sessionStorage.getItem(this.getKey(e));
   }
-  async set(t, r) {
-    typeof window > "u" || sessionStorage.setItem(this.getKey(t), r);
+  async set(e, r) {
+    typeof window > "u" || sessionStorage.setItem(this.getKey(e), r);
   }
-  async remove(t) {
-    typeof window > "u" || sessionStorage.removeItem(this.getKey(t));
+  async remove(e) {
+    typeof window > "u" || sessionStorage.removeItem(this.getKey(e));
   }
   async clear() {
     if (typeof window > "u") return;
@@ -1400,57 +1422,56 @@ class ht {
     ).forEach((r) => sessionStorage.removeItem(r));
   }
 }
-function ft(e = "localStorage") {
-  switch (e) {
+function pt(t = "localStorage") {
+  switch (t) {
     case "memory":
-      return new ut();
+      return new dt();
     case "localStorage":
       return new j();
     case "sessionStorage":
-      return new ht();
+      return new lt();
     default:
       return new j();
   }
 }
-function H(e) {
-  return Array.isArray(e) ? e.map(H) : typeof e == "object" && e !== null ? Object.fromEntries(
-    Object.entries(e).map(([t, r]) => [
-      t.replace(/_([a-z])/g, (n, s) => s.toUpperCase()),
-      H(r)
+function N(t) {
+  return Array.isArray(t) ? t.map(N) : typeof t == "object" && t !== null ? Object.fromEntries(
+    Object.entries(t).map(([e, r]) => [
+      e.replace(/_([a-z])/g, (n, s) => s.toUpperCase()),
+      N(r)
     ])
-  ) : e;
+  ) : t;
 }
-class dt {
+class yt {
   oauth;
   tokenManager;
-  jwksUrl;
   http;
   httpServer;
   listeners = /* @__PURE__ */ new Set();
   initialized = !1;
-  constructor(t) {
-    this.validateConfig(t);
-    const r = typeof t.storage == "object" ? t.storage : ft(t.storage), n = t.authUrl ?? "https://mnnoheowoowbtpuoguul.supabase.co/auth/v1";
-    this.tokenManager = new ye(r), this.oauth = new me(t, this.tokenManager), this.jwksUrl = `${n}/.well-known/jwks.json`, this.http = new D({
+  constructor(e) {
+    this.validateConfig(e);
+    const r = typeof e.storage == "object" ? e.storage : pt(e.storage), n = e.authUrl ?? "https://mnnoheowoowbtpuoguul.supabase.co/auth/v1";
+    this.tokenManager = new ye(r), this.oauth = new me(e, this.tokenManager), this.http = new U({
       baseUrl: n
-    }), this.httpServer = new D({
+    }), this.httpServer = new U({
       baseUrl: "https://ff-api.genation.ai/api/v2/client"
     });
   }
-  validateConfig(t) {
-    if (!t.clientId) throw v.missingField("clientId");
-    if (!t.clientSecret)
+  validateConfig(e) {
+    if (!e.clientId) throw v.missingField("clientId");
+    if (!e.clientSecret)
       throw v.missingField("clientSecret");
-    if (!t.redirectUri) throw v.missingField("redirectUri");
+    if (!e.redirectUri) throw v.missingField("redirectUri");
   }
   /**
    * Emit auth state change event to all listeners
    */
-  async emitAuthStateChange(t) {
+  async emitAuthStateChange(e) {
     const r = await this.getSession();
     this.listeners.forEach((n) => {
       try {
-        n(t, r);
+        n(e, r);
       } catch (s) {
         console.error("Error in auth state change callback:", s);
       }
@@ -1491,15 +1512,15 @@ class dt {
    * subscription.unsubscribe();
    * ```
    */
-  onAuthStateChange(t) {
-    return this.listeners.add(t), this.initialized ? setTimeout(() => {
+  onAuthStateChange(e) {
+    return this.listeners.add(e), this.initialized ? setTimeout(() => {
       this.emitAuthStateChange("INITIAL_SESSION");
     }, 0) : (this.initialized = !0, setTimeout(() => {
       this.emitAuthStateChange("INITIAL_SESSION");
     }, 0)), {
       subscription: {
         unsubscribe: () => {
-          this.listeners.delete(t);
+          this.listeners.delete(e);
         }
       }
     };
@@ -1545,8 +1566,8 @@ class dt {
    * }
    * ```
    */
-  async handleCallback(t) {
-    const r = new URL(t), n = r.searchParams.get("code"), s = r.searchParams.get("state");
+  async handleCallback(e) {
+    const r = new URL(e), n = r.searchParams.get("code"), s = r.searchParams.get("state");
     if (!n || !s)
       throw new Error("Missing code or state");
     const a = await this.oauth.exchangeCode(n, s);
@@ -1617,9 +1638,8 @@ class dt {
    * @returns Decoded token payload if valid
    * @throws Error if token is invalid
    */
-  async verifyToken(t) {
-    const { payload: r } = await ct(t, this.jwksUrl);
-    return r;
+  async verifyToken(e) {
+    return await ft(e);
   }
   /**
    * Get licenses
@@ -1628,23 +1648,23 @@ class dt {
    * @param options.expiresAfter - Query licenses that are expired after the given date, default set to today to get all valid licenses (unexpired licenses)
    * @returns The licenses
    */
-  async getLicenses(t = {}) {
+  async getLicenses(e = {}) {
     const r = await this.getSession();
     if (!r)
       return null;
-    const n = r.accessToken, { expiresAfter: s = /* @__PURE__ */ new Date() } = t, a = await this.httpServer.request("/licenses", {
+    const n = r.accessToken, { expiresAfter: s = /* @__PURE__ */ new Date() } = e, a = await this.httpServer.request("/licenses", {
       headers: { Authorization: `Bearer ${n}` },
       params: { expiresAfter: s.toISOString() }
     });
-    return a.ok ? H(a.data) : (console.error("GenationClient: Error fetching licenses:", a.error), null);
+    return a.ok ? N(a.data) : (console.error("GenationClient: Error fetching licenses:", a.error), null);
   }
   /**
    * Fetch user info from auth server
    */
-  async fetchUser(t) {
+  async fetchUser(e) {
     try {
       const r = await this.http.request("/oauth/userinfo", {
-        headers: { Authorization: `Bearer ${t}` }
+        headers: { Authorization: `Bearer ${e}` }
       });
       return {
         sub: r.sub,
@@ -1660,20 +1680,20 @@ class dt {
     }
   }
 }
-function lt(e) {
-  return new dt(e);
+function mt(t) {
+  return new yt(t);
 }
 export {
   g as AuthError,
   v as ConfigError,
-  dt as GenationClient,
-  N as GenationError,
+  yt as GenationClient,
+  L as GenationError,
   j as LocalStorage,
-  ut as MemoryStorage,
+  dt as MemoryStorage,
   S as NetworkError,
-  ht as SessionStorage,
-  lt as createClient,
-  ft as createStorage,
-  ct as verifyToken
+  lt as SessionStorage,
+  mt as createClient,
+  pt as createStorage,
+  ft as verifyToken
 };
 //# sourceMappingURL=genation.es.js.map