@pod-os/core 0.12.1-6af5683.0 → 0.12.1-7d2693a.0

package/dist/index.js

@@ -41,22 +41,22 @@ var require_events = __commonJS({
     var NumberIsNaN = Number.isNaN || function NumberIsNaN2(value6) {
       return value6 !== value6;
     };
-    function EventEmitter3() {
-      EventEmitter3.init.call(this);
+    function EventEmitter2() {
+      EventEmitter2.init.call(this);
     }
-    module2.exports = EventEmitter3;
+    module2.exports = EventEmitter2;
     module2.exports.once = once;
-    EventEmitter3.EventEmitter = EventEmitter3;
-    EventEmitter3.prototype._events = void 0;
-    EventEmitter3.prototype._eventsCount = 0;
-    EventEmitter3.prototype._maxListeners = void 0;
+    EventEmitter2.EventEmitter = EventEmitter2;
+    EventEmitter2.prototype._events = void 0;
+    EventEmitter2.prototype._eventsCount = 0;
+    EventEmitter2.prototype._maxListeners = void 0;
     var defaultMaxListeners = 10;
     function checkListener(listener) {
       if (typeof listener !== "function") {
         throw new TypeError('The "listener" argument must be of type Function. Received type ' + typeof listener);
       }
     }
-    Object.defineProperty(EventEmitter3, "defaultMaxListeners", {
+    Object.defineProperty(EventEmitter2, "defaultMaxListeners", {
       enumerable: true,
       get: function() {
         return defaultMaxListeners;
@@ -68,14 +68,14 @@ var require_events = __commonJS({
         defaultMaxListeners = arg2;
       }
     });
-    EventEmitter3.init = function() {
+    EventEmitter2.init = function() {
       if (this._events === void 0 || this._events === Object.getPrototypeOf(this)._events) {
         this._events = /* @__PURE__ */ Object.create(null);
         this._eventsCount = 0;
       }
       this._maxListeners = this._maxListeners || void 0;
     };
-    EventEmitter3.prototype.setMaxListeners = function setMaxListeners(n2) {
+    EventEmitter2.prototype.setMaxListeners = function setMaxListeners(n2) {
       if (typeof n2 !== "number" || n2 < 0 || NumberIsNaN(n2)) {
         throw new RangeError('The value of "n" is out of range. It must be a non-negative number. Received ' + n2 + ".");
       }
@@ -84,13 +84,13 @@ var require_events = __commonJS({
     };
     function _getMaxListeners(that) {
       if (that._maxListeners === void 0)
-        return EventEmitter3.defaultMaxListeners;
+        return EventEmitter2.defaultMaxListeners;
       return that._maxListeners;
     }
-    EventEmitter3.prototype.getMaxListeners = function getMaxListeners() {
+    EventEmitter2.prototype.getMaxListeners = function getMaxListeners() {
       return _getMaxListeners(this);
     };
-    EventEmitter3.prototype.emit = function emit(type5) {
+    EventEmitter2.prototype.emit = function emit(type5) {
       var args = [];
       for (var i = 1; i < arguments.length; i++) args.push(arguments[i]);
       var doError = type5 === "error";
@@ -167,11 +167,11 @@ var require_events = __commonJS({
       }
       return target5;
     }
-    EventEmitter3.prototype.addListener = function addListener(type5, listener) {
+    EventEmitter2.prototype.addListener = function addListener(type5, listener) {
       return _addListener(this, type5, listener, false);
     };
-    EventEmitter3.prototype.on = EventEmitter3.prototype.addListener;
-    EventEmitter3.prototype.prependListener = function prependListener(type5, listener) {
+    EventEmitter2.prototype.on = EventEmitter2.prototype.addListener;
+    EventEmitter2.prototype.prependListener = function prependListener(type5, listener) {
       return _addListener(this, type5, listener, true);
     };
     function onceWrapper() {
@@ -190,17 +190,17 @@ var require_events = __commonJS({
       state2.wrapFn = wrapped;
       return wrapped;
     }
-    EventEmitter3.prototype.once = function once2(type5, listener) {
+    EventEmitter2.prototype.once = function once2(type5, listener) {
       checkListener(listener);
       this.on(type5, _onceWrap(this, type5, listener));
       return this;
     };
-    EventEmitter3.prototype.prependOnceListener = function prependOnceListener(type5, listener) {
+    EventEmitter2.prototype.prependOnceListener = function prependOnceListener(type5, listener) {
       checkListener(listener);
       this.prependListener(type5, _onceWrap(this, type5, listener));
       return this;
     };
-    EventEmitter3.prototype.removeListener = function removeListener(type5, listener) {
+    EventEmitter2.prototype.removeListener = function removeListener(type5, listener) {
       var list, events3, position4, i, originalListener;
       checkListener(listener);
       events3 = this._events;
@@ -240,8 +240,8 @@ var require_events = __commonJS({
       }
       return this;
     };
-    EventEmitter3.prototype.off = EventEmitter3.prototype.removeListener;
-    EventEmitter3.prototype.removeAllListeners = function removeAllListeners(type5) {
+    EventEmitter2.prototype.off = EventEmitter2.prototype.removeListener;
+    EventEmitter2.prototype.removeAllListeners = function removeAllListeners(type5) {
       var listeners, events3, i;
       events3 = this._events;
       if (events3 === void 0)
@@ -292,20 +292,20 @@ var require_events = __commonJS({
         return unwrap3 ? [evlistener.listener || evlistener] : [evlistener];
       return unwrap3 ? unwrapListeners(evlistener) : arrayClone(evlistener, evlistener.length);
     }
-    EventEmitter3.prototype.listeners = function listeners(type5) {
+    EventEmitter2.prototype.listeners = function listeners(type5) {
       return _listeners(this, type5, true);
     };
-    EventEmitter3.prototype.rawListeners = function rawListeners(type5) {
+    EventEmitter2.prototype.rawListeners = function rawListeners(type5) {
       return _listeners(this, type5, false);
     };
-    EventEmitter3.listenerCount = function(emitter, type5) {
+    EventEmitter2.listenerCount = function(emitter, type5) {
       if (typeof emitter.listenerCount === "function") {
         return emitter.listenerCount(type5);
       } else {
         return listenerCount.call(emitter, type5);
       }
     };
-    EventEmitter3.prototype.listenerCount = listenerCount;
+    EventEmitter2.prototype.listenerCount = listenerCount;
     function listenerCount(type5) {
       var events3 = this._events;
       if (events3 !== void 0) {
@@ -318,7 +318,7 @@ var require_events = __commonJS({
       }
       return 0;
     }
-    EventEmitter3.prototype.eventNames = function eventNames() {
+    EventEmitter2.prototype.eventNames = function eventNames() {
       return this._eventsCount > 0 ? ReflectOwnKeys(this._events) : [];
     };
     function arrayClone(arr, n2) {
@@ -6741,20 +6741,20 @@ var require_lunr = __commonJS({
         if (obj === null || obj === void 0) {
           return obj;
         }
-        var clone = /* @__PURE__ */ Object.create(null), keys = Object.keys(obj);
+        var clone2 = /* @__PURE__ */ Object.create(null), keys = Object.keys(obj);
         for (var i = 0; i < keys.length; i++) {
           var key3 = keys[i], val = obj[key3];
           if (Array.isArray(val)) {
-            clone[key3] = val.slice();
+            clone2[key3] = val.slice();
             continue;
           }
           if (typeof val === "string" || typeof val === "number" || typeof val === "boolean") {
-            clone[key3] = val;
+            clone2[key3] = val;
             continue;
           }
           throw new TypeError("clone is not deep and does not support nested objects");
         }
-        return clone;
+        return clone2;
       };
       lunr2.FieldRef = function(docRef, fieldName, stringValue) {
         this.docRef = docRef;
@@ -10119,18 +10119,11 @@ function tap(observerOrNext, error4, complete2) {
   }) : identity;
 }
 
-// ../node_modules/@inrupt/solid-client-authn-core/dist/index.mjs
-var import_events = __toESM(require_events(), 1);
-
-// ../node_modules/@inrupt/universal-fetch/dist/index-browser.mjs
-var indexBrowser = globalThis.fetch;
-var { fetch: fetch2, Response, Request, Headers } = globalThis;
-
-// ../node_modules/jose/dist/browser/runtime/webcrypto.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/webcrypto.js
 var webcrypto_default = crypto;
 var isCryptoKey = (key3) => key3 instanceof CryptoKey;
 
-// ../node_modules/jose/dist/browser/lib/buffer_utils.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/buffer_utils.js
 var encoder = new TextEncoder();
 var decoder = new TextDecoder();
 var MAX_INT32 = 2 ** 32;
@@ -10138,14 +10131,14 @@ function concat(...buffers) {
   const size4 = buffers.reduce((acc, { length: length2 }) => acc + length2, 0);
   const buf = new Uint8Array(size4);
   let i = 0;
-  buffers.forEach((buffer) => {
+  for (const buffer of buffers) {
     buf.set(buffer, i);
     i += buffer.length;
-  });
+  }
   return buf;
 }
 
-// ../node_modules/jose/dist/browser/runtime/base64url.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/base64url.js
 var encodeBase64 = (input2) => {
   let unencoded = input2;
   if (typeof unencoded === "string") {
@@ -10177,22 +10170,21 @@ var decode = (input2) => {
   encoded = encoded.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
     return decodeBase64(encoded);
-  } catch (_a) {
+  } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
 
-// ../node_modules/jose/dist/browser/util/errors.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/util/errors.js
 var JOSEError = class extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
   constructor(message4) {
-    var _a;
     super(message4);
     this.code = "ERR_JOSE_GENERIC";
     this.name = this.constructor.name;
-    (_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor);
+    Error.captureStackTrace?.(this, this.constructor);
   }
 };
 var JWTClaimValidationFailed = class extends JOSEError {
@@ -10253,6 +10245,45 @@ var JWTInvalid = class extends JOSEError {
     return "ERR_JWT_INVALID";
   }
 };
+var JWKSInvalid = class extends JOSEError {
+  constructor() {
+    super(...arguments);
+    this.code = "ERR_JWKS_INVALID";
+  }
+  static get code() {
+    return "ERR_JWKS_INVALID";
+  }
+};
+var JWKSNoMatchingKey = class extends JOSEError {
+  constructor() {
+    super(...arguments);
+    this.code = "ERR_JWKS_NO_MATCHING_KEY";
+    this.message = "no applicable key found in the JSON Web Key Set";
+  }
+  static get code() {
+    return "ERR_JWKS_NO_MATCHING_KEY";
+  }
+};
+var JWKSMultipleMatchingKeys = class extends JOSEError {
+  constructor() {
+    super(...arguments);
+    this.code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
+    this.message = "multiple matching keys found in the JSON Web Key Set";
+  }
+  static get code() {
+    return "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
+  }
+};
+var JWKSTimeout = class extends JOSEError {
+  constructor() {
+    super(...arguments);
+    this.code = "ERR_JWKS_TIMEOUT";
+    this.message = "request timed out";
+  }
+  static get code() {
+    return "ERR_JWKS_TIMEOUT";
+  }
+};
 var JWSSignatureVerificationFailed = class extends JOSEError {
   constructor() {
     super(...arguments);
@@ -10264,10 +10295,10 @@ var JWSSignatureVerificationFailed = class extends JOSEError {
   }
 };
 
-// ../node_modules/jose/dist/browser/runtime/random.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/random.js
 var random_default = webcrypto_default.getRandomValues.bind(webcrypto_default);
 
-// ../node_modules/jose/dist/browser/lib/crypto_key.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/crypto_key.js
 function unusable(name7, prop = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name7}`);
 }
@@ -10361,7 +10392,7 @@ function checkSigCryptoKey(key3, alg, ...usages) {
   checkUsage(key3, usages);
 }
 
-// ../node_modules/jose/dist/browser/lib/invalid_key_input.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/invalid_key_input.js
 function message(msg, actual2, ...types2) {
   if (types2.length > 2) {
     const last3 = types2.pop();
@@ -10376,7 +10407,7 @@ function message(msg, actual2, ...types2) {
   } else if (typeof actual2 === "function" && actual2.name) {
     msg += ` Received function ${actual2.name}`;
   } else if (typeof actual2 === "object" && actual2 != null) {
-    if (actual2.constructor && actual2.constructor.name) {
+    if (actual2.constructor?.name) {
       msg += ` Received an instance of ${actual2.constructor.name}`;
     }
   }
@@ -10389,13 +10420,13 @@ function withAlg(alg, actual2, ...types2) {
   return message(`Key for the ${alg} algorithm must be `, actual2, ...types2);
 }
 
-// ../node_modules/jose/dist/browser/runtime/is_key_like.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/is_key_like.js
 var is_key_like_default = (key3) => {
   return isCryptoKey(key3);
 };
 var types = ["CryptoKey"];
 
-// ../node_modules/jose/dist/browser/lib/is_disjoint.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/is_disjoint.js
 var isDisjoint = (...headers) => {
   const sources = headers.filter(Boolean);
   if (sources.length === 0 || sources.length === 1) {
@@ -10419,7 +10450,7 @@ var isDisjoint = (...headers) => {
 };
 var is_disjoint_default = isDisjoint;
 
-// ../node_modules/jose/dist/browser/lib/is_object.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/is_object.js
 function isObjectLike(value6) {
   return typeof value6 === "object" && value6 !== null;
 }
@@ -10437,7 +10468,7 @@ function isObject(input2) {
   return Object.getPrototypeOf(input2) === proto;
 }
 
-// ../node_modules/jose/dist/browser/runtime/check_key_length.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/check_key_length.js
 var check_key_length_default = (alg, key3) => {
   if (alg.startsWith("RS") || alg.startsWith("PS")) {
     const { modulusLength } = key3.algorithm;
@@ -10447,49 +10478,11 @@ var check_key_length_default = (alg, key3) => {
   }
 };
 
-// ../node_modules/jose/dist/browser/runtime/jwk_to_key.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/jwk_to_key.js
 function subtleMapping(jwk) {
   let algorithm3;
   let keyUsages;
   switch (jwk.kty) {
-    case "oct": {
-      switch (jwk.alg) {
-        case "HS256":
-        case "HS384":
-        case "HS512":
-          algorithm3 = { name: "HMAC", hash: `SHA-${jwk.alg.slice(-3)}` };
-          keyUsages = ["sign", "verify"];
-          break;
-        case "A128CBC-HS256":
-        case "A192CBC-HS384":
-        case "A256CBC-HS512":
-          throw new JOSENotSupported(`${jwk.alg} keys cannot be imported as CryptoKey instances`);
-        case "A128GCM":
-        case "A192GCM":
-        case "A256GCM":
-        case "A128GCMKW":
-        case "A192GCMKW":
-        case "A256GCMKW":
-          algorithm3 = { name: "AES-GCM" };
-          keyUsages = ["encrypt", "decrypt"];
-          break;
-        case "A128KW":
-        case "A192KW":
-        case "A256KW":
-          algorithm3 = { name: "AES-KW" };
-          keyUsages = ["wrapKey", "unwrapKey"];
-          break;
-        case "PBES2-HS256+A128KW":
-        case "PBES2-HS384+A192KW":
-        case "PBES2-HS512+A256KW":
-          algorithm3 = { name: "PBKDF2" };
-          keyUsages = ["deriveBits"];
-          break;
-        default:
-          throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-      }
-      break;
-    }
     case "RSA": {
       switch (jwk.alg) {
         case "PS256":
@@ -10569,19 +10562,15 @@ function subtleMapping(jwk) {
   return { algorithm: algorithm3, keyUsages };
 }
 var parse = async (jwk) => {
-  var _a, _b;
   if (!jwk.alg) {
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
   }
   const { algorithm: algorithm3, keyUsages } = subtleMapping(jwk);
   const rest3 = [
     algorithm3,
-    (_a = jwk.ext) !== null && _a !== void 0 ? _a : false,
-    (_b = jwk.key_ops) !== null && _b !== void 0 ? _b : keyUsages
+    jwk.ext ?? false,
+    jwk.key_ops ?? keyUsages
   ];
-  if (algorithm3.name === "PBKDF2") {
-    return webcrypto_default.subtle.importKey("raw", decode(jwk.k), ...rest3);
-  }
   const keyData = { ...jwk };
   delete keyData.alg;
   delete keyData.use;
@@ -10589,9 +10578,8 @@ var parse = async (jwk) => {
 };
 var jwk_to_key_default = parse;
 
-// ../node_modules/jose/dist/browser/key/import.js
-async function importJWK(jwk, alg, octAsKeyObject) {
-  var _a;
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/key/import.js
+async function importJWK(jwk, alg) {
   if (!isObject(jwk)) {
     throw new TypeError("JWK must be an object");
   }
@@ -10601,10 +10589,6 @@ async function importJWK(jwk, alg, octAsKeyObject) {
       if (typeof jwk.k !== "string" || !jwk.k) {
         throw new TypeError('missing "k" (Key Value) Parameter value');
       }
-      octAsKeyObject !== null && octAsKeyObject !== void 0 ? octAsKeyObject : octAsKeyObject = jwk.ext !== true;
-      if (octAsKeyObject) {
-        return jwk_to_key_default({ ...jwk, alg, ext: (_a = jwk.ext) !== null && _a !== void 0 ? _a : false });
-      }
       return decode(jwk.k);
     case "RSA":
       if (jwk.oth !== void 0) {
@@ -10618,7 +10602,7 @@ async function importJWK(jwk, alg, octAsKeyObject) {
   }
 }
 
-// ../node_modules/jose/dist/browser/lib/check_key_type.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/check_key_type.js
 var symmetricTypeCheck = (alg, key3) => {
   if (key3 instanceof Uint8Array)
     return;
@@ -10659,9 +10643,9 @@ var checkKeyType = (alg, key3, usage2) => {
 };
 var check_key_type_default = checkKeyType;
 
-// ../node_modules/jose/dist/browser/lib/validate_crit.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/validate_crit.js
 function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
-  if (joseHeader.crit !== void 0 && protectedHeader.crit === void 0) {
+  if (joseHeader.crit !== void 0 && protectedHeader?.crit === void 0) {
     throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
   }
   if (!protectedHeader || protectedHeader.crit === void 0) {
@@ -10682,7 +10666,8 @@ function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader,
     }
     if (joseHeader[parameter2] === void 0) {
       throw new Err(`Extension Header Parameter "${parameter2}" is missing`);
-    } else if (recognized.get(parameter2) && protectedHeader[parameter2] === void 0) {
+    }
+    if (recognized.get(parameter2) && protectedHeader[parameter2] === void 0) {
       throw new Err(`Extension Header Parameter "${parameter2}" MUST be integrity protected`);
     }
   }
@@ -10690,7 +10675,7 @@ function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader,
 }
 var validate_crit_default = validateCrit;
 
-// ../node_modules/jose/dist/browser/lib/validate_algorithms.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/validate_algorithms.js
 var validateAlgorithms = (option5, algorithms) => {
   if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) {
     throw new TypeError(`"${option5}" option must be an array of strings`);
@@ -10702,7 +10687,7 @@ var validateAlgorithms = (option5, algorithms) => {
 };
 var validate_algorithms_default = validateAlgorithms;
 
-// ../node_modules/jose/dist/browser/runtime/key_to_jwk.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/key_to_jwk.js
 var keyToJWK = async (key3) => {
   if (key3 instanceof Uint8Array) {
     return {
@@ -10721,15 +10706,15 @@ var keyToJWK = async (key3) => {
 };
 var key_to_jwk_default = keyToJWK;
 
-// ../node_modules/jose/dist/browser/key/export.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/key/export.js
 async function exportJWK(key3) {
   return key_to_jwk_default(key3);
 }
 
-// ../node_modules/jose/dist/browser/jwe/flattened/encrypt.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwe/flattened/encrypt.js
 var unprotected = Symbol();
 
-// ../node_modules/jose/dist/browser/runtime/subtle_dsa.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/subtle_dsa.js
 function subtleDsa(alg, algorithm3) {
   const hash2 = `SHA-${alg.slice(-3)}`;
   switch (alg) {
@@ -10756,7 +10741,7 @@ function subtleDsa(alg, algorithm3) {
   }
 }
 
-// ../node_modules/jose/dist/browser/runtime/get_sign_verify_key.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/get_sign_verify_key.js
 function getCryptoKey(alg, key3, usage2) {
   if (isCryptoKey(key3)) {
     checkSigCryptoKey(key3, alg, usage2);
@@ -10771,22 +10756,21 @@ function getCryptoKey(alg, key3, usage2) {
   throw new TypeError(invalid_key_input_default(key3, ...types, "Uint8Array"));
 }
 
-// ../node_modules/jose/dist/browser/runtime/verify.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/verify.js
 var verify = async (alg, key3, signature2, data2) => {
   const cryptoKey = await getCryptoKey(alg, key3, "verify");
   check_key_length_default(alg, cryptoKey);
   const algorithm3 = subtleDsa(alg, cryptoKey.algorithm);
   try {
     return await webcrypto_default.subtle.verify(algorithm3, cryptoKey, signature2, data2);
-  } catch (_a) {
+  } catch {
     return false;
   }
 };
 var verify_default = verify;
 
-// ../node_modules/jose/dist/browser/jws/flattened/verify.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jws/flattened/verify.js
 async function flattenedVerify(jws2, key3, options) {
-  var _a;
   if (!isObject(jws2)) {
     throw new JWSInvalid("Flattened JWS must be an object");
   }
@@ -10810,7 +10794,7 @@ async function flattenedVerify(jws2, key3, options) {
     try {
       const protectedHeader = decode(jws2.protected);
       parsedProt = JSON.parse(decoder.decode(protectedHeader));
-    } catch (_b) {
+    } catch {
       throw new JWSInvalid("JWS Protected Header is invalid");
     }
   }
@@ -10821,7 +10805,7 @@ async function flattenedVerify(jws2, key3, options) {
     ...parsedProt,
     ...jws2.header
   };
-  const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader);
+  const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options?.crit, parsedProt, joseHeader);
   let b64 = true;
   if (extensions.has("b64")) {
     b64 = parsedProt.b64;
@@ -10835,7 +10819,7 @@ async function flattenedVerify(jws2, key3, options) {
   }
   const algorithms = options && validate_algorithms_default("algorithms", options.algorithms);
   if (algorithms && !algorithms.has(alg)) {
-    throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed');
+    throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter value not allowed');
   }
   if (b64) {
     if (typeof jws2.payload !== "string") {
@@ -10850,11 +10834,11 @@ async function flattenedVerify(jws2, key3, options) {
     resolvedKey = true;
   }
   check_key_type_default(alg, key3, "verify");
-  const data2 = concat(encoder.encode((_a = jws2.protected) !== null && _a !== void 0 ? _a : ""), encoder.encode("."), typeof jws2.payload === "string" ? encoder.encode(jws2.payload) : jws2.payload);
+  const data2 = concat(encoder.encode(jws2.protected ?? ""), encoder.encode("."), typeof jws2.payload === "string" ? encoder.encode(jws2.payload) : jws2.payload);
   let signature2;
   try {
     signature2 = decode(jws2.signature);
-  } catch (_c) {
+  } catch {
     throw new JWSInvalid("Failed to base64url decode the signature");
   }
   const verified2 = await verify_default(alg, key3, signature2, data2);
@@ -10865,7 +10849,7 @@ async function flattenedVerify(jws2, key3, options) {
   if (b64) {
     try {
       payload4 = decode(jws2.payload);
-    } catch (_d) {
+    } catch {
       throw new JWSInvalid("Failed to base64url decode the payload");
     }
   } else if (typeof jws2.payload === "string") {
@@ -10886,7 +10870,7 @@ async function flattenedVerify(jws2, key3, options) {
   return result5;
 }
 
-// ../node_modules/jose/dist/browser/jws/compact/verify.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jws/compact/verify.js
 async function compactVerify(jws2, key3, options) {
   if (jws2 instanceof Uint8Array) {
     jws2 = decoder.decode(jws2);
@@ -10906,56 +10890,67 @@ async function compactVerify(jws2, key3, options) {
   return result5;
 }
 
-// ../node_modules/jose/dist/browser/lib/epoch.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/epoch.js
 var epoch_default = (date5) => Math.floor(date5.getTime() / 1e3);
 
-// ../node_modules/jose/dist/browser/lib/secs.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/secs.js
 var minute = 60;
 var hour = minute * 60;
 var day = hour * 24;
 var week = day * 7;
 var year = day * 365.25;
-var REGEX = /^(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)$/i;
+var REGEX = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
 var secs_default = (str) => {
   const matched = REGEX.exec(str);
-  if (!matched) {
+  if (!matched || matched[4] && matched[1]) {
     throw new TypeError("Invalid time period format");
   }
-  const value6 = parseFloat(matched[1]);
-  const unit2 = matched[2].toLowerCase();
+  const value6 = parseFloat(matched[2]);
+  const unit2 = matched[3].toLowerCase();
+  let numericDate;
   switch (unit2) {
     case "sec":
     case "secs":
     case "second":
     case "seconds":
     case "s":
-      return Math.round(value6);
+      numericDate = Math.round(value6);
+      break;
     case "minute":
     case "minutes":
     case "min":
     case "mins":
     case "m":
-      return Math.round(value6 * minute);
+      numericDate = Math.round(value6 * minute);
+      break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      return Math.round(value6 * hour);
+      numericDate = Math.round(value6 * hour);
+      break;
     case "day":
     case "days":
     case "d":
-      return Math.round(value6 * day);
+      numericDate = Math.round(value6 * day);
+      break;
     case "week":
     case "weeks":
     case "w":
-      return Math.round(value6 * week);
+      numericDate = Math.round(value6 * week);
+      break;
     default:
-      return Math.round(value6 * year);
+      numericDate = Math.round(value6 * year);
+      break;
+  }
+  if (matched[1] === "-" || matched[4] === "ago") {
+    return -numericDate;
   }
+  return numericDate;
 };
 
-// ../node_modules/jose/dist/browser/lib/jwt_claims_set.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/lib/jwt_claims_set.js
 var normalizeTyp = (value6) => value6.toLowerCase().replace(/^application\//, "");
 var checkAudiencePresence = (audPayload, audOption) => {
   if (typeof audPayload === "string") {
@@ -10974,21 +10969,22 @@ var jwt_claims_set_default = (protectedHeader, encodedPayload, options = {}) =>
   let payload4;
   try {
     payload4 = JSON.parse(decoder.decode(encodedPayload));
-  } catch (_a) {
+  } catch {
   }
   if (!isObject(payload4)) {
     throw new JWTInvalid("JWT Claims Set must be a top-level JSON object");
   }
   const { requiredClaims = [], issuer: issuer2, subject: subject5, audience: audience5, maxTokenAge } = options;
+  const presenceCheck = [...requiredClaims];
   if (maxTokenAge !== void 0)
-    requiredClaims.push("iat");
+    presenceCheck.push("iat");
   if (audience5 !== void 0)
-    requiredClaims.push("aud");
+    presenceCheck.push("aud");
   if (subject5 !== void 0)
-    requiredClaims.push("sub");
+    presenceCheck.push("sub");
   if (issuer2 !== void 0)
-    requiredClaims.push("iss");
-  for (const claim2 of new Set(requiredClaims.reverse())) {
+    presenceCheck.push("iss");
+  for (const claim2 of new Set(presenceCheck.reverse())) {
     if (!(claim2 in payload4)) {
       throw new JWTClaimValidationFailed(`missing required "${claim2}" claim`, claim2, "missing");
     }
@@ -11050,11 +11046,10 @@ var jwt_claims_set_default = (protectedHeader, encodedPayload, options = {}) =>
   return payload4;
 };
 
-// ../node_modules/jose/dist/browser/jwt/verify.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwt/verify.js
 async function jwtVerify(jwt, key3, options) {
-  var _a;
   const verified2 = await compactVerify(jwt, key3, options);
-  if (((_a = verified2.protectedHeader.crit) === null || _a === void 0 ? void 0 : _a.includes("b64")) && verified2.protectedHeader.b64 === false) {
+  if (verified2.protectedHeader.crit?.includes("b64") && verified2.protectedHeader.b64 === false) {
     throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
   }
   const payload4 = jwt_claims_set_default(verified2.protectedHeader, verified2.payload, options);
@@ -11065,7 +11060,7 @@ async function jwtVerify(jwt, key3, options) {
   return result5;
 }
 
-// ../node_modules/jose/dist/browser/runtime/sign.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/sign.js
 var sign = async (alg, key3, data2) => {
   const cryptoKey = await getCryptoKey(alg, key3, "sign");
   check_key_length_default(alg, cryptoKey);
@@ -11074,7 +11069,7 @@ var sign = async (alg, key3, data2) => {
 };
 var sign_default = sign;
 
-// ../node_modules/jose/dist/browser/jws/flattened/sign.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jws/flattened/sign.js
 var FlattenedSign = class {
   constructor(payload4) {
     if (!(payload4 instanceof Uint8Array)) {
@@ -11107,7 +11102,7 @@ var FlattenedSign = class {
       ...this._protectedHeader,
       ...this._unprotectedHeader
     };
-    const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader);
+    const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options?.crit, this._protectedHeader, joseHeader);
     let b64 = true;
     if (extensions.has("b64")) {
       b64 = this._protectedHeader.b64;
@@ -11149,7 +11144,7 @@ var FlattenedSign = class {
   }
 };
 
-// ../node_modules/jose/dist/browser/jws/compact/sign.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jws/compact/sign.js
 var CompactSign = class {
   constructor(payload4) {
     this._flattened = new FlattenedSign(payload4);
@@ -11167,9 +11162,15 @@ var CompactSign = class {
   }
 };
 
-// ../node_modules/jose/dist/browser/jwt/produce.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwt/produce.js
+function validateInput(label4, input2) {
+  if (!Number.isFinite(input2)) {
+    throw new TypeError(`Invalid ${label4} input`);
+  }
+  return input2;
+}
 var ProduceJWT = class {
-  constructor(payload4) {
+  constructor(payload4 = {}) {
     if (!isObject(payload4)) {
       throw new TypeError("JWT Claims Set MUST be an object");
     }
@@ -11193,7 +11194,9 @@ var ProduceJWT = class {
   }
   setNotBefore(input2) {
     if (typeof input2 === "number") {
-      this._payload = { ...this._payload, nbf: input2 };
+      this._payload = { ...this._payload, nbf: validateInput("setNotBefore", input2) };
+    } else if (input2 instanceof Date) {
+      this._payload = { ...this._payload, nbf: validateInput("setNotBefore", epoch_default(input2)) };
     } else {
       this._payload = { ...this._payload, nbf: epoch_default(/* @__PURE__ */ new Date()) + secs_default(input2) };
     }
@@ -11201,7 +11204,9 @@ var ProduceJWT = class {
   }
   setExpirationTime(input2) {
     if (typeof input2 === "number") {
-      this._payload = { ...this._payload, exp: input2 };
+      this._payload = { ...this._payload, exp: validateInput("setExpirationTime", input2) };
+    } else if (input2 instanceof Date) {
+      this._payload = { ...this._payload, exp: validateInput("setExpirationTime", epoch_default(input2)) };
     } else {
       this._payload = { ...this._payload, exp: epoch_default(/* @__PURE__ */ new Date()) + secs_default(input2) };
     }
@@ -11210,41 +11215,294 @@ var ProduceJWT = class {
   setIssuedAt(input2) {
     if (typeof input2 === "undefined") {
       this._payload = { ...this._payload, iat: epoch_default(/* @__PURE__ */ new Date()) };
+    } else if (input2 instanceof Date) {
+      this._payload = { ...this._payload, iat: validateInput("setIssuedAt", epoch_default(input2)) };
+    } else if (typeof input2 === "string") {
+      this._payload = {
+        ...this._payload,
+        iat: validateInput("setIssuedAt", epoch_default(/* @__PURE__ */ new Date()) + secs_default(input2))
+      };
     } else {
-      this._payload = { ...this._payload, iat: input2 };
+      this._payload = { ...this._payload, iat: validateInput("setIssuedAt", input2) };
     }
     return this;
   }
 };
 
-// ../node_modules/jose/dist/browser/jwt/sign.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwt/sign.js
 var SignJWT = class extends ProduceJWT {
   setProtectedHeader(protectedHeader) {
     this._protectedHeader = protectedHeader;
     return this;
   }
   async sign(key3, options) {
-    var _a;
     const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload)));
     sig.setProtectedHeader(this._protectedHeader);
-    if (Array.isArray((_a = this._protectedHeader) === null || _a === void 0 ? void 0 : _a.crit) && this._protectedHeader.crit.includes("b64") && this._protectedHeader.b64 === false) {
+    if (Array.isArray(this._protectedHeader?.crit) && this._protectedHeader.crit.includes("b64") && this._protectedHeader.b64 === false) {
       throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
     }
     return sig.sign(key3, options);
   }
 };
 
-// ../node_modules/jose/dist/browser/runtime/generate.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwks/local.js
+function getKtyFromAlg(alg) {
+  switch (typeof alg === "string" && alg.slice(0, 2)) {
+    case "RS":
+    case "PS":
+      return "RSA";
+    case "ES":
+      return "EC";
+    case "Ed":
+      return "OKP";
+    default:
+      throw new JOSENotSupported('Unsupported "alg" value for a JSON Web Key Set');
+  }
+}
+function isJWKSLike(jwks) {
+  return jwks && typeof jwks === "object" && Array.isArray(jwks.keys) && jwks.keys.every(isJWKLike);
+}
+function isJWKLike(key3) {
+  return isObject(key3);
+}
+function clone(obj) {
+  if (typeof structuredClone === "function") {
+    return structuredClone(obj);
+  }
+  return JSON.parse(JSON.stringify(obj));
+}
+var LocalJWKSet = class {
+  constructor(jwks) {
+    this._cached = /* @__PURE__ */ new WeakMap();
+    if (!isJWKSLike(jwks)) {
+      throw new JWKSInvalid("JSON Web Key Set malformed");
+    }
+    this._jwks = clone(jwks);
+  }
+  async getKey(protectedHeader, token) {
+    const { alg, kid } = { ...protectedHeader, ...token?.header };
+    const kty = getKtyFromAlg(alg);
+    const candidates = this._jwks.keys.filter((jwk2) => {
+      let candidate4 = kty === jwk2.kty;
+      if (candidate4 && typeof kid === "string") {
+        candidate4 = kid === jwk2.kid;
+      }
+      if (candidate4 && typeof jwk2.alg === "string") {
+        candidate4 = alg === jwk2.alg;
+      }
+      if (candidate4 && typeof jwk2.use === "string") {
+        candidate4 = jwk2.use === "sig";
+      }
+      if (candidate4 && Array.isArray(jwk2.key_ops)) {
+        candidate4 = jwk2.key_ops.includes("verify");
+      }
+      if (candidate4 && alg === "EdDSA") {
+        candidate4 = jwk2.crv === "Ed25519" || jwk2.crv === "Ed448";
+      }
+      if (candidate4) {
+        switch (alg) {
+          case "ES256":
+            candidate4 = jwk2.crv === "P-256";
+            break;
+          case "ES256K":
+            candidate4 = jwk2.crv === "secp256k1";
+            break;
+          case "ES384":
+            candidate4 = jwk2.crv === "P-384";
+            break;
+          case "ES512":
+            candidate4 = jwk2.crv === "P-521";
+            break;
+        }
+      }
+      return candidate4;
+    });
+    const { 0: jwk, length: length2 } = candidates;
+    if (length2 === 0) {
+      throw new JWKSNoMatchingKey();
+    }
+    if (length2 !== 1) {
+      const error4 = new JWKSMultipleMatchingKeys();
+      const { _cached } = this;
+      error4[Symbol.asyncIterator] = async function* () {
+        for (const jwk2 of candidates) {
+          try {
+            yield await importWithAlgCache(_cached, jwk2, alg);
+          } catch {
+          }
+        }
+      };
+      throw error4;
+    }
+    return importWithAlgCache(this._cached, jwk, alg);
+  }
+};
+async function importWithAlgCache(cache, jwk, alg) {
+  const cached = cache.get(jwk) || cache.set(jwk, {}).get(jwk);
+  if (cached[alg] === void 0) {
+    const key3 = await importJWK({ ...jwk, ext: true }, alg);
+    if (key3 instanceof Uint8Array || key3.type !== "public") {
+      throw new JWKSInvalid("JSON Web Key Set members must be public keys");
+    }
+    cached[alg] = key3;
+  }
+  return cached[alg];
+}
+function createLocalJWKSet(jwks) {
+  const set = new LocalJWKSet(jwks);
+  const localJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);
+  Object.defineProperties(localJWKSet, {
+    jwks: {
+      value: () => clone(set._jwks),
+      enumerable: true,
+      configurable: false,
+      writable: false
+    }
+  });
+  return localJWKSet;
+}
+
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/fetch_jwks.js
+var fetchJwks = async (url7, timeout2, options) => {
+  let controller2;
+  let id4;
+  let timedOut = false;
+  if (typeof AbortController === "function") {
+    controller2 = new AbortController();
+    id4 = setTimeout(() => {
+      timedOut = true;
+      controller2.abort();
+    }, timeout2);
+  }
+  const response6 = await fetch(url7.href, {
+    signal: controller2 ? controller2.signal : void 0,
+    redirect: "manual",
+    headers: options.headers
+  }).catch((err) => {
+    if (timedOut)
+      throw new JWKSTimeout();
+    throw err;
+  });
+  if (id4 !== void 0)
+    clearTimeout(id4);
+  if (response6.status !== 200) {
+    throw new JOSEError("Expected 200 OK from the JSON Web Key Set HTTP response");
+  }
+  try {
+    return await response6.json();
+  } catch {
+    throw new JOSEError("Failed to parse the JSON Web Key Set HTTP response as JSON");
+  }
+};
+var fetch_jwks_default = fetchJwks;
+
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/jwks/remote.js
+function isCloudflareWorkers() {
+  return typeof WebSocketPair !== "undefined" || typeof navigator !== "undefined" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime !== "undefined" && EdgeRuntime === "vercel";
+}
+var USER_AGENT;
+if (typeof navigator === "undefined" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) {
+  const NAME = "jose";
+  const VERSION = "v5.3.0";
+  USER_AGENT = `${NAME}/${VERSION}`;
+}
+var RemoteJWKSet = class {
+  constructor(url7, options) {
+    if (!(url7 instanceof URL)) {
+      throw new TypeError("url must be an instance of URL");
+    }
+    this._url = new URL(url7.href);
+    this._options = { agent: options?.agent, headers: options?.headers };
+    this._timeoutDuration = typeof options?.timeoutDuration === "number" ? options?.timeoutDuration : 5e3;
+    this._cooldownDuration = typeof options?.cooldownDuration === "number" ? options?.cooldownDuration : 3e4;
+    this._cacheMaxAge = typeof options?.cacheMaxAge === "number" ? options?.cacheMaxAge : 6e5;
+  }
+  coolingDown() {
+    return typeof this._jwksTimestamp === "number" ? Date.now() < this._jwksTimestamp + this._cooldownDuration : false;
+  }
+  fresh() {
+    return typeof this._jwksTimestamp === "number" ? Date.now() < this._jwksTimestamp + this._cacheMaxAge : false;
+  }
+  async getKey(protectedHeader, token) {
+    if (!this._local || !this.fresh()) {
+      await this.reload();
+    }
+    try {
+      return await this._local(protectedHeader, token);
+    } catch (err) {
+      if (err instanceof JWKSNoMatchingKey) {
+        if (this.coolingDown() === false) {
+          await this.reload();
+          return this._local(protectedHeader, token);
+        }
+      }
+      throw err;
+    }
+  }
+  async reload() {
+    if (this._pendingFetch && isCloudflareWorkers()) {
+      this._pendingFetch = void 0;
+    }
+    const headers = new Headers(this._options.headers);
+    if (USER_AGENT && !headers.has("User-Agent")) {
+      headers.set("User-Agent", USER_AGENT);
+      this._options.headers = Object.fromEntries(headers.entries());
+    }
+    this._pendingFetch || (this._pendingFetch = fetch_jwks_default(this._url, this._timeoutDuration, this._options).then((json) => {
+      this._local = createLocalJWKSet(json);
+      this._jwksTimestamp = Date.now();
+      this._pendingFetch = void 0;
+    }).catch((err) => {
+      this._pendingFetch = void 0;
+      throw err;
+    }));
+    await this._pendingFetch;
+  }
+};
+function createRemoteJWKSet(url7, options) {
+  const set = new RemoteJWKSet(url7, options);
+  const remoteJWKSet = async (protectedHeader, token) => set.getKey(protectedHeader, token);
+  Object.defineProperties(remoteJWKSet, {
+    coolingDown: {
+      get: () => set.coolingDown(),
+      enumerable: true,
+      configurable: false
+    },
+    fresh: {
+      get: () => set.fresh(),
+      enumerable: true,
+      configurable: false
+    },
+    reload: {
+      value: () => set.reload(),
+      enumerable: true,
+      configurable: false,
+      writable: false
+    },
+    reloading: {
+      get: () => !!set._pendingFetch,
+      enumerable: true,
+      configurable: false
+    },
+    jwks: {
+      value: () => set._local?.jwks(),
+      enumerable: true,
+      configurable: false,
+      writable: false
+    }
+  });
+  return remoteJWKSet;
+}
+
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/runtime/generate.js
 function getModulusLengthOption(options) {
-  var _a;
-  const modulusLength = (_a = options === null || options === void 0 ? void 0 : options.modulusLength) !== null && _a !== void 0 ? _a : 2048;
+  const modulusLength = options?.modulusLength ?? 2048;
   if (typeof modulusLength !== "number" || modulusLength < 2048) {
     throw new JOSENotSupported("Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used");
   }
   return modulusLength;
 }
 async function generateKeyPair(alg, options) {
-  var _a, _b, _c;
   let algorithm3;
   let keyUsages;
   switch (alg) {
@@ -11294,9 +11552,9 @@ async function generateKeyPair(alg, options) {
       algorithm3 = { name: "ECDSA", namedCurve: "P-521" };
       keyUsages = ["sign", "verify"];
       break;
-    case "EdDSA":
+    case "EdDSA": {
       keyUsages = ["sign", "verify"];
-      const crv = (_a = options === null || options === void 0 ? void 0 : options.crv) !== null && _a !== void 0 ? _a : "Ed25519";
+      const crv = options?.crv ?? "Ed25519";
       switch (crv) {
         case "Ed25519":
         case "Ed448":
@@ -11306,22 +11564,23 @@ async function generateKeyPair(alg, options) {
           throw new JOSENotSupported("Invalid or unsupported crv option provided");
       }
       break;
+    }
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
       keyUsages = ["deriveKey", "deriveBits"];
-      const crv2 = (_b = options === null || options === void 0 ? void 0 : options.crv) !== null && _b !== void 0 ? _b : "P-256";
-      switch (crv2) {
+      const crv = options?.crv ?? "P-256";
+      switch (crv) {
         case "P-256":
         case "P-384":
         case "P-521": {
-          algorithm3 = { name: "ECDH", namedCurve: crv2 };
+          algorithm3 = { name: "ECDH", namedCurve: crv };
           break;
         }
         case "X25519":
         case "X448":
-          algorithm3 = { name: crv2 };
+          algorithm3 = { name: crv };
           break;
         default:
           throw new JOSENotSupported("Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448");
@@ -11331,10 +11590,10 @@ async function generateKeyPair(alg, options) {
     default:
       throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
   }
-  return webcrypto_default.subtle.generateKey(algorithm3, (_c = options === null || options === void 0 ? void 0 : options.extractable) !== null && _c !== void 0 ? _c : false, keyUsages);
+  return webcrypto_default.subtle.generateKey(algorithm3, options?.extractable ?? false, keyUsages);
 }
 
-// ../node_modules/jose/dist/browser/key/generate_key_pair.js
+// ../node_modules/@inrupt/solid-client-authn-core/node_modules/jose/dist/browser/key/generate_key_pair.js
 async function generateKeyPair2(alg, options) {
   return generateKeyPair(alg, options);
 }
@@ -11406,17 +11665,6 @@ var SCOPE_OPENID = "openid";
 var SCOPE_OFFLINE = "offline_access";
 var SCOPE_WEBID = "webid";
 var DEFAULT_SCOPES = [SCOPE_OPENID, SCOPE_OFFLINE, SCOPE_WEBID].join(" ");
-var buildProxyHandler = (toExclude, errorMessage) => ({
-  // This proxy is only a temporary measure until Session no longer extends
-  // SessionEventEmitter, and the proxying is no longer necessary.
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  get(target5, prop, receiver2) {
-    if (!Object.getOwnPropertyNames(import_events.EventEmitter).includes(prop) && Object.getOwnPropertyNames(toExclude).includes(prop)) {
-      throw new Error(`${errorMessage}: [${prop}] is not supported`);
-    }
-    return Reflect.get(target5, prop, receiver2);
-  }
-});
 var AggregateHandler = class {
   constructor(handleables) {
     this.handleables = handleables;
@@ -11453,24 +11701,10 @@ var AggregateHandler = class {
     }).join(", ")}`);
   }
 };
-async function fetchJwks(jwksIri, issuerIri) {
-  const jwksResponse = await fetch2.call(globalThis, jwksIri);
-  if (jwksResponse.status !== 200) {
-    throw new Error(`Could not fetch JWKS for [${issuerIri}] at [${jwksIri}]: ${jwksResponse.status} ${jwksResponse.statusText}`);
-  }
-  let jwk;
-  try {
-    jwk = (await jwksResponse.json()).keys[0];
-  } catch (e) {
-    throw new Error(`Malformed JWKS for [${issuerIri}] at [${jwksIri}]: ${e.message}`);
-  }
-  return jwk;
-}
 async function getWebidFromTokenPayload(idToken, jwksIri, issuerIri, clientId) {
-  const jwk = await fetchJwks(jwksIri, issuerIri);
   let payload4;
   try {
-    const { payload: verifiedPayload } = await jwtVerify(idToken, await importJWK(jwk), {
+    const { payload: verifiedPayload } = await jwtVerify(idToken, createRemoteJWKSet(new URL(jwksIri)), {
       issuer: issuerIri,
       audience: clientId
     });
@@ -11510,17 +11744,29 @@ function removeOpenIdParams(redirectUrl) {
   cleanedUpUrl.searchParams.delete("iss");
   return cleanedUpUrl;
 }
+function booleanWithFallback(value6, fallback) {
+  if (typeof value6 === "boolean") {
+    return Boolean(value6);
+  }
+  return Boolean(fallback);
+}
 var AuthorizationCodeWithPkceOidcHandlerBase = class {
   constructor(storageUtility, redirector) {
     this.storageUtility = storageUtility;
     this.redirector = redirector;
+    this.parametersGuard = (oidcLoginOptions) => {
+      return oidcLoginOptions.issuerConfiguration.grantTypesSupported !== void 0 && oidcLoginOptions.issuerConfiguration.grantTypesSupported.indexOf("authorization_code") > -1 && oidcLoginOptions.redirectUrl !== void 0;
+    };
     this.storageUtility = storageUtility;
     this.redirector = redirector;
   }
   async canHandle(oidcLoginOptions) {
-    return !!(oidcLoginOptions.issuerConfiguration.grantTypesSupported && oidcLoginOptions.issuerConfiguration.grantTypesSupported.indexOf("authorization_code") > -1);
+    return this.parametersGuard(oidcLoginOptions);
   }
   async handleRedirect({ oidcLoginOptions, state: state2, codeVerifier, targetUrl: targetUrl3 }) {
+    if (!this.parametersGuard(oidcLoginOptions)) {
+      throw new Error("The authorization code grant requires a redirectUrl.");
+    }
     await Promise.all([
       // We use the OAuth 'state' value (which should be crypto-random) as
       // the key in our storage to store our actual SessionID. We do this
@@ -11531,7 +11777,6 @@ var AuthorizationCodeWithPkceOidcHandlerBase = class {
       // that session ID can be any developer-specified value, and therefore
       // may not be appropriate (since the OAuth 'state' value should really
       // be an unguessable crypto-random value).
-      // eslint-disable-next-line no-underscore-dangle
       this.storageUtility.setForUser(state2, {
         sessionId: oidcLoginOptions.sessionId
       }),
@@ -11540,12 +11785,12 @@ var AuthorizationCodeWithPkceOidcHandlerBase = class {
       // our session ID is unnecessary, but it provides a slightly cleaner
       // separation of concerns.
       this.storageUtility.setForUser(oidcLoginOptions.sessionId, {
-        // eslint-disable-next-line no-underscore-dangle
         codeVerifier,
         issuer: oidcLoginOptions.issuer.toString(),
         // The redirect URL is read after redirect, so it must be stored now.
         redirectUrl: oidcLoginOptions.redirectUrl,
-        dpop: oidcLoginOptions.dpop ? "true" : "false"
+        dpop: Boolean(oidcLoginOptions.dpop).toString(),
+        keepAlive: booleanWithFallback(oidcLoginOptions.keepAlive, true).toString()
       })
     ]);
     this.redirector.redirect(targetUrl3, {
@@ -11607,7 +11852,7 @@ function getUnauthenticatedSession() {
   return {
     isLoggedIn: false,
     sessionId: v4_default(),
-    fetch: (...args) => fetch2.call(globalThis, ...args)
+    fetch: (...args) => fetch(...args)
   };
 }
 async function clear(sessionId, storage2) {
@@ -11701,48 +11946,51 @@ function determineSigningAlg(supported, preferred2) {
     return supported.includes(signingAlg);
   })) !== null && _a !== void 0 ? _a : null;
 }
-function determineClientType(options, issuerConfig) {
-  if (options.clientId !== void 0 && !isValidUrl(options.clientId)) {
-    return "static";
-  }
-  if (issuerConfig.scopesSupported.includes("webid") && options.clientId !== void 0 && isValidUrl(options.clientId)) {
-    return "solid-oidc";
-  }
-  return "dynamic";
+function isStaticClient(options) {
+  return options.clientId !== void 0 && !isValidUrl(options.clientId);
+}
+function isSolidOidcClient(options, issuerConfig) {
+  return issuerConfig.scopesSupported.includes("webid") && options.clientId !== void 0 && isValidUrl(options.clientId);
+}
+function isKnownClientType(clientType) {
+  return typeof clientType === "string" && ["dynamic", "static", "solid-oidc"].includes(clientType);
 }
 async function handleRegistration(options, issuerConfig, storageUtility, clientRegistrar) {
-  const clientType = determineClientType(options, issuerConfig);
-  if (clientType === "dynamic") {
+  let clientInfo;
+  if (isSolidOidcClient(options, issuerConfig)) {
+    clientInfo = {
+      clientId: options.clientId,
+      clientName: options.clientName,
+      clientType: "solid-oidc"
+    };
+  } else if (isStaticClient(options)) {
+    clientInfo = {
+      clientId: options.clientId,
+      clientSecret: options.clientSecret,
+      clientName: options.clientName,
+      clientType: "static"
+    };
+  } else {
     return clientRegistrar.getClient({
       sessionId: options.sessionId,
       clientName: options.clientName,
       redirectUrl: options.redirectUrl
     }, issuerConfig);
   }
-  await storageUtility.setForUser(options.sessionId, {
-    // If the client is either static or solid-oidc compliant, its client ID cannot be undefined.
-    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-    clientId: options.clientId
-  });
-  if (options.clientSecret) {
-    await storageUtility.setForUser(options.sessionId, {
-      clientSecret: options.clientSecret
-    });
+  const infoToSave = {
+    clientId: clientInfo.clientId,
+    clientType: clientInfo.clientType
+  };
+  if (clientInfo.clientType === "static") {
+    infoToSave.clientSecret = clientInfo.clientSecret;
   }
-  if (options.clientName) {
-    await storageUtility.setForUser(options.sessionId, {
-      clientName: options.clientName
-    });
+  if (clientInfo.clientName) {
+    infoToSave.clientName = clientInfo.clientName;
   }
-  return {
-    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-    clientId: options.clientId,
-    clientSecret: options.clientSecret,
-    clientName: options.clientName,
-    clientType
-  };
+  await storageUtility.setForUser(options.sessionId, infoToSave);
+  return clientInfo;
 }
-var globalFetch = (request2, init) => fetch2.call(globalThis, request2, init);
+var boundFetch = (request2, init) => fetch(request2, init);
 var ClientAuthentication = class {
   constructor(loginHandler, redirectHandler, logoutHandler, sessionInfoManager, issuerConfigFetcher) {
     this.loginHandler = loginHandler;
@@ -11750,13 +11998,13 @@ var ClientAuthentication = class {
     this.logoutHandler = logoutHandler;
     this.sessionInfoManager = sessionInfoManager;
     this.issuerConfigFetcher = issuerConfigFetcher;
-    this.fetch = globalFetch;
+    this.fetch = boundFetch;
     this.logout = async (sessionId, options) => {
       await this.logoutHandler.handle(sessionId, (options === null || options === void 0 ? void 0 : options.logoutType) === "idp" ? {
         ...options,
         toLogoutUrl: this.boundLogout
       } : options);
-      this.fetch = globalFetch;
+      this.fetch = boundFetch;
       delete this.boundLogout;
     };
     this.getSessionInfo = async (sessionId) => {
@@ -11774,13 +12022,14 @@ var ClientAuthentication = class {
 };
 async function loadOidcContextFromStorage(sessionId, storageUtility, configFetcher) {
   try {
-    const [issuerIri, codeVerifier, storedRedirectIri, dpop] = await Promise.all([
+    const [issuerIri, codeVerifier, storedRedirectIri, dpop, keepAlive] = await Promise.all([
       storageUtility.getForUser(sessionId, "issuer", {
         errorIfNull: true
       }),
       storageUtility.getForUser(sessionId, "codeVerifier"),
       storageUtility.getForUser(sessionId, "redirectUrl"),
-      storageUtility.getForUser(sessionId, "dpop", { errorIfNull: true })
+      storageUtility.getForUser(sessionId, "dpop", { errorIfNull: true }),
+      storageUtility.getForUser(sessionId, "keepAlive")
     ]);
     await storageUtility.deleteForUser(sessionId, "codeVerifier");
     const issuerConfig = await configFetcher.fetchConfig(issuerIri);
@@ -11788,7 +12037,9 @@ async function loadOidcContextFromStorage(sessionId, storageUtility, configFetch
       codeVerifier,
       redirectUrl: storedRedirectIri,
       issuerConfig,
-      dpop: dpop === "true"
+      dpop: dpop === "true",
+      // Default keepAlive to true if not found in storage.
+      keepAlive: typeof keepAlive === "string" ? keepAlive === "true" : true
     };
   } catch (e) {
     throw new Error(`Failed to retrieve OIDC context from storage associated with session [${sessionId}]: ${e}`);
@@ -11945,8 +12196,8 @@ async function buildAuthenticatedHeaders(targetUrl3, authToken, dpopKey, default
     headers
   };
 }
-async function makeAuthenticatedRequest(unauthFetch, accessToken, url7, defaultRequestInit, dpopKey) {
-  return unauthFetch(url7, await buildAuthenticatedHeaders(url7.toString(), accessToken, dpopKey, defaultRequestInit));
+async function makeAuthenticatedRequest(accessToken, url7, defaultRequestInit, dpopKey) {
+  return fetch(url7, await buildAuthenticatedHeaders(url7.toString(), accessToken, dpopKey, defaultRequestInit));
 }
 async function refreshAccessToken(refreshOptions, dpopKey, eventEmitter) {
   var _a;
@@ -11970,7 +12221,7 @@ var computeRefreshDelay = (expiresIn) => {
   }
   return DEFAULT_EXPIRATION_TIME_SECONDS;
 };
-async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
+async function buildAuthenticatedFetch(accessToken, options) {
   var _a;
   let currentAccessToken = accessToken;
   let latestTimeout;
@@ -12018,7 +12269,7 @@ async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
     options.eventEmitter.emit(EVENTS.TIMEOUT_SET, expirationTimeout);
   }
   return async (url7, requestInit) => {
-    let response6 = await makeAuthenticatedRequest(unauthFetch, currentAccessToken, url7, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
+    let response6 = await makeAuthenticatedRequest(currentAccessToken, url7, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
     const failedButNotExpectedAuthError = !response6.ok && !isExpectedAuthError(response6.status);
     if (response6.ok || failedButNotExpectedAuthError) {
       return response6;
@@ -12026,7 +12277,6 @@ async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
     const hasBeenRedirected = response6.url !== url7;
     if (hasBeenRedirected && (options === null || options === void 0 ? void 0 : options.dpopKey) !== void 0) {
       response6 = await makeAuthenticatedRequest(
-        unauthFetch,
         currentAccessToken,
         // Replace the original target IRI (`url`) by the redirection target
         response6.url,
@@ -12039,7 +12289,7 @@ async function buildAuthenticatedFetch(unauthFetch, accessToken, options) {
 }
 
 // ../node_modules/@inrupt/solid-client-authn-browser/dist/index.mjs
-var import_events2 = __toESM(require_events(), 1);
+var import_events = __toESM(require_events(), 1);
 
 // ../node_modules/@inrupt/oidc-client-ext/dist/index.es.js
 var import_oidc_client = __toESM(require_oidc_client_min());
@@ -12187,7 +12437,7 @@ async function getTokens(issuer2, client, data2, dpop) {
     headers,
     body: new URLSearchParams(requestBody).toString()
   };
-  const rawTokenResponse = await fetch2(issuer2.tokenEndpoint, tokenRequestInit);
+  const rawTokenResponse = await fetch(issuer2.tokenEndpoint, tokenRequestInit);
   const jsonTokenResponse = await rawTokenResponse.json();
   const tokenResponse = validateTokenEndpointResponse(jsonTokenResponse, dpop);
   const webId = await getWebidFromTokenPayload(tokenResponse.id_token, issuer2.jwksUri, issuer2.issuer, client.clientId);
@@ -12200,66 +12450,6 @@ async function getTokens(issuer2, client, data2, dpop) {
     expiresIn: tokenResponse.expires_in
   };
 }
-async function getBearerToken(redirectUrl) {
-  let signinResponse;
-  try {
-    const client = new import_oidc_client.OidcClient({
-      // TODO: We should look at the various interfaces being used for storage,
-      //  i.e. between oidc-client-js (WebStorageStoreState), localStorage
-      //  (which has an interface Storage), and our own proprietary interface
-      //  IStorage - i.e. we should really just be using the browser Web Storage
-      //  API, e.g. "stateStore: window.localStorage,".
-      // We are instantiating a new instance here, so the only value we need to
-      // explicitly provide is the response mode (default otherwise will look
-      // for a hash '#' fragment!).
-      // eslint-disable-next-line camelcase
-      response_mode: "query",
-      // The userinfo endpoint on NSS fails, so disable this for now
-      // Note that in Solid, information should be retrieved from the
-      // profile referenced by the WebId.
-      // TODO: Note that this is heavy-handed, and that this userinfo check
-      //  verifies that the `sub` claim in the id token you get along with the
-      //  access token matches the sub claim associated with the access token at
-      //  the userinfo endpoint.
-      // That is a useful check, and in the future it should be only disabled
-      // against NSS, and not in general.
-      // Issue tracker: https://github.com/solid/node-solid-server/issues/1490
-      loadUserInfo: false
-    });
-    signinResponse = await client.processSigninResponse(redirectUrl);
-    if (client.settings.metadata === void 0) {
-      throw new Error("Cannot retrieve issuer metadata from client information in storage.");
-    }
-    if (client.settings.metadata.jwks_uri === void 0) {
-      throw new Error("Missing some issuer metadata from client information in storage: 'jwks_uri' is undefined");
-    }
-    if (client.settings.metadata.issuer === void 0) {
-      throw new Error("Missing some issuer metadata from client information in storage: 'issuer' is undefined");
-    }
-    if (client.settings.client_id === void 0) {
-      throw new Error("Missing some client information in storage: 'client_id' is undefined");
-    }
-    const webId = await getWebidFromTokenPayload(signinResponse.id_token, client.settings.metadata.jwks_uri, client.settings.metadata.issuer, client.settings.client_id);
-    return {
-      accessToken: signinResponse.access_token,
-      idToken: signinResponse.id_token,
-      webId,
-      // Although not a field in the TypeScript response interface, the refresh
-      // token (which can optionally come back with the access token (if, as per
-      // the OAuth2 spec, we requested one using the scope of 'offline_access')
-      // will be included in the signin response object.
-      // eslint-disable-next-line camelcase
-      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-      // @ts-ignore
-      refreshToken: signinResponse.refresh_token
-    };
-  } catch (err) {
-    throw new Error(`Problem handling Auth Code Grant (Flow) redirect - URL [${redirectUrl}]: ${err}`);
-  }
-}
-async function getDpopToken(issuer2, client, data2) {
-  return getTokens(issuer2, client, data2, true);
-}
 var isValidUrl2 = (url7) => {
   try {
     new URL(url7);
@@ -12293,7 +12483,7 @@ async function refresh(refreshToken, issuer2, client, dpopKey) {
   } else if (isValidUrl2(client.clientId)) {
     requestBody.client_id = client.clientId;
   }
-  const rawResponse = await fetch2(issuer2.tokenEndpoint, {
+  const rawResponse = await fetch(issuer2.tokenEndpoint, {
     method: "POST",
     body: new URLSearchParams(requestBody).toString(),
     headers: {
@@ -12391,7 +12581,7 @@ var ClientAuthentication2 = class extends ClientAuthentication {
     };
     this.handleIncomingRedirect = async (url7, eventEmitter) => {
       try {
-        const redirectInfo = await this.redirectHandler.handle(url7, eventEmitter);
+        const redirectInfo = await this.redirectHandler.handle(url7, eventEmitter, void 0);
         this.fetch = redirectInfo.fetch.bind(window);
         this.boundLogout = redirectInfo.getLogoutUrl;
         await this.cleanUrlAfterRedirect(url7);
@@ -12470,8 +12660,7 @@ var AuthorizationCodeWithPkceOidcHandler = class extends AuthorizationCodeWithPk
       authority: oidcLoginOptions.issuer.toString(),
       client_id: oidcLoginOptions.client.clientId,
       client_secret: oidcLoginOptions.client.clientSecret,
-      redirect_uri: oidcLoginOptions.redirectUrl.toString(),
-      post_logout_redirect_uri: oidcLoginOptions.redirectUrl.toString(),
+      redirect_uri: oidcLoginOptions.redirectUrl,
       response_type: "code",
       scope: DEFAULT_SCOPES,
       filterProtocolClaims: true,
@@ -12617,7 +12806,7 @@ var IssuerConfigFetcher = class _IssuerConfigFetcher {
       // includes the full issuer path. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig.
       issuer2.endsWith("/") ? issuer2 : `${issuer2}/`
     ).href;
-    const issuerConfigRequestBody = await fetch2.call(globalThis, openIdConfigUrl);
+    const issuerConfigRequestBody = await fetch(openIdConfigUrl);
     try {
       issuerConfig = processConfig(await issuerConfigRequestBody.json());
     } catch (err) {
@@ -12708,7 +12897,6 @@ var FallbackRedirectHandler = class {
     return getUnauthenticatedSession();
   }
 };
-var globalFetch2 = (...args) => fetch2.call(globalThis, ...args);
 var AuthCodeRedirectHandler = class {
   constructor(storageUtility, sessionInfoManager, issuerConfigFetcher, clientRegistrar, tokerRefresher) {
     this.storageUtility = storageUtility;
@@ -12751,21 +12939,16 @@ var AuthCodeRedirectHandler = class {
       throw new Error(`The redirect URL for session ${storedSessionId} is missing from storage.`);
     }
     const client = await this.clientRegistrar.getClient({ sessionId: storedSessionId }, issuerConfig);
-    let tokens;
     const tokenCreatedAt = Date.now();
-    if (isDpop) {
-      tokens = await getDpopToken(issuerConfig, client, {
-        grantType: "authorization_code",
-        // We rely on our 'canHandle' function checking that the OAuth 'code'
-        // parameter is present in our query string.
-        code: url7.searchParams.get("code"),
-        codeVerifier,
-        redirectUrl: storedRedirectIri
-      });
-      window.localStorage.removeItem(`oidc.${oauthState}`);
-    } else {
-      tokens = await getBearerToken(url7.toString());
-    }
+    const tokens = await getTokens(issuerConfig, client, {
+      grantType: "authorization_code",
+      // We rely on our 'canHandle' function checking that the OAuth 'code'
+      // parameter is present in our query string.
+      code: url7.searchParams.get("code"),
+      codeVerifier,
+      redirectUrl: storedRedirectIri
+    }, isDpop);
+    window.localStorage.removeItem(`oidc.${oauthState}`);
     let refreshOptions;
     if (tokens.refreshToken !== void 0) {
       refreshOptions = {
@@ -12774,7 +12957,7 @@ var AuthCodeRedirectHandler = class {
         tokenRefresher: this.tokerRefresher
       };
     }
-    const authFetch = await buildAuthenticatedFetch(globalFetch2, tokens.accessToken, {
+    const authFetch = await buildAuthenticatedFetch(tokens.accessToken, {
       dpopKey: tokens.dpopKey,
       refreshOptions,
       eventEmitter,
@@ -12834,33 +13017,34 @@ var ClientRegistrar = class {
     this.storageUtility = storageUtility;
   }
   async getClient(options, issuerConfig) {
-    const [
-      storedClientId,
-      storedClientSecret
-      // storedClientName,
-    ] = await Promise.all([
+    const [storedClientId, storedClientSecret, storedClientName, storedClientType] = await Promise.all([
       this.storageUtility.getForUser(options.sessionId, "clientId", {
         secure: false
       }),
       this.storageUtility.getForUser(options.sessionId, "clientSecret", {
         secure: false
+      }),
+      this.storageUtility.getForUser(options.sessionId, "clientName", {
+        secure: false
+      }),
+      this.storageUtility.getForUser(options.sessionId, "clientType", {
+        secure: false
       })
-      // this.storageUtility.getForUser(options.sessionId, "clientName", {
-      //   // FIXME: figure out how to persist secure storage at reload
-      //   secure: false,
-      // }),
     ]);
-    if (storedClientId) {
+    if (storedClientId && isKnownClientType(storedClientType)) {
       return {
         clientId: storedClientId,
         clientSecret: storedClientSecret,
-        clientType: "dynamic"
+        clientName: storedClientName,
+        // Note: static clients are not applicable in a browser context.
+        clientType: storedClientType
       };
     }
     try {
       const registeredClient = await registerClient(options, issuerConfig);
       const infoToSave = {
-        clientId: registeredClient.clientId
+        clientId: registeredClient.clientId,
+        clientType: "dynamic"
       };
       if (registeredClient.clientSecret) {
         infoToSave.clientSecret = registeredClient.clientSecret;
@@ -12969,7 +13153,7 @@ async function silentlyAuthenticate(sessionId, clientAuthn, session4) {
 function isLoggedIn(sessionInfo) {
   return !!(sessionInfo === null || sessionInfo === void 0 ? void 0 : sessionInfo.isLoggedIn);
 }
-var Session = class _Session extends import_events2.default {
+var Session = class {
   /**
    * Session object constructor. Typically called as follows:
    *
@@ -12986,7 +13170,6 @@ var Session = class _Session extends import_events2.default {
    *
    */
   constructor(sessionOptions = {}, sessionId = void 0) {
-    super();
     this.tokenRequestInProgress = false;
     this.login = async (options) => {
       var _a;
@@ -13043,7 +13226,7 @@ var Session = class _Session extends import_events2.default {
       this.tokenRequestInProgress = false;
       return sessionInfo;
     };
-    this.events = new Proxy(this, buildProxyHandler(_Session.prototype, "events only implements ISessionEventListener"));
+    this.events = new import_events.default();
     if (sessionOptions.clientAuthentication) {
       this.clientAuthentication = sessionOptions.clientAuthentication;
     } else if (sessionOptions.secureStorage && sessionOptions.insecureStorage) {
@@ -13070,58 +13253,6 @@ var Session = class _Session extends import_events2.default {
     this.events.on(EVENTS.SESSION_EXPIRED, () => this.internalLogout(false));
     this.events.on(EVENTS.ERROR, () => this.internalLogout(false));
   }
-  /**
-   * Register a callback function to be called when a user completes login.
-   *
-   * The callback is called when {@link handleIncomingRedirect} completes successfully.
-   *
-   * @param callback The function called when a user completes login.
-   * @deprecated Prefer session.events.on(EVENTS.LOGIN, callback)
-   */
-  onLogin(callback) {
-    this.events.on(EVENTS.LOGIN, callback);
-  }
-  /**
-   * Register a callback function to be called when a user logs out:
-   *
-   * @param callback The function called when a user completes logout.
-   * @deprecated Prefer session.events.on(EVENTS.LOGOUT, callback)
-   */
-  onLogout(callback) {
-    this.events.on(EVENTS.LOGOUT, callback);
-  }
-  /**
-   * Register a callback function to be called when a user logs out:
-   *
-   * @param callback The function called when an error occurs.
-   * @since 1.11.0
-   * @deprecated Prefer session.events.on(EVENTS.ERROR, callback)
-   */
-  onError(callback) {
-    this.events.on(EVENTS.ERROR, callback);
-  }
-  /**
-   * Register a callback function to be called when a session is restored.
-   *
-   * Note: the callback will be called with the saved value of the 'current URL'
-   * at the time the session was restored.
-   *
-   * @param callback The function called when a user's already logged-in session is restored, e.g., after a silent authentication is completed after a page refresh.
-   * @deprecated Prefer session.events.on(EVENTS.SESSION_RESTORED, callback)
-   */
-  onSessionRestore(callback) {
-    this.events.on(EVENTS.SESSION_RESTORED, callback);
-  }
-  /**
-   * Register a callback that runs when the session expires and can no longer
-   * make authenticated requests, but following a user logout.
-   * @param callback The function that runs on session expiration.
-   * @since 1.11.0
-   * @deprecated Prefer session.events.on(EVENTS.SESSION_EXPIRED, callback)
-   */
-  onSessionExpiration(callback) {
-    this.events.on(EVENTS.SESSION_EXPIRED, callback);
-  }
   setSessionInfo(sessionInfo) {
     this.info.isLoggedIn = sessionInfo.isLoggedIn;
     this.info.webId = sessionInfo.webId;
@@ -13172,16 +13303,19 @@ var BrowserSession = class {
    * @deprecated use observeSession instead
    */
   trackSession(callback) {
-    this.session.on(EVENTS.LOGIN, () => callback(this.session.info));
-    this.session.on(EVENTS.LOGOUT, () => callback(this.session.info));
-    this.session.on(EVENTS.SESSION_RESTORED, () => callback(this.session.info));
+    this.session.events.on(EVENTS.LOGIN, () => callback(this.session.info));
+    this.session.events.on(EVENTS.LOGOUT, () => callback(this.session.info));
+    this.session.events.on(
+      EVENTS.SESSION_RESTORED,
+      () => callback(this.session.info)
+    );
     callback(this.session.info);
   }
   observeSession() {
     return this.sessionInfo$;
   }
   onSessionRestore(callback) {
-    this.session.on(EVENTS.SESSION_RESTORED, callback);
+    this.session.events.on(EVENTS.SESSION_RESTORED, callback);
   }
 };
 
@@ -23163,7 +23297,7 @@ var Document3 = "http://www.w3.org/2007/ont/link#Document";
 var Mailbox = "http://www.w3.org/2007/ont/link#Mailbox";
 var ProtocolEvent = "http://www.w3.org/2007/ont/link#ProtocolEvent";
 var RDFDocument = "http://www.w3.org/2007/ont/link#RDFDocument";
-var Response2 = "http://www.w3.org/2007/ont/link#Response";
+var Response = "http://www.w3.org/2007/ont/link#Response";
 var Session3 = "http://www.w3.org/2007/ont/link#Session";
 var isMentionedIn = "http://www.w3.org/2007/ont/link#isMentionedIn";
 var mentionsClass = "http://www.w3.org/2007/ont/link#mentionsClass";
@@ -23183,7 +23317,7 @@ var linkImport = /* @__PURE__ */ Object.freeze({
   Mailbox,
   ProtocolEvent,
   RDFDocument,
-  Response: Response2,
+  Response,
   Session: Session3,
   isMentionedIn,
   mentionsClass,
@@ -33449,7 +33583,7 @@ var Document4 = "http://www.w3.org/2007/ont/link#Document";
 var Mailbox2 = "http://www.w3.org/2007/ont/link#Mailbox";
 var ProtocolEvent2 = "http://www.w3.org/2007/ont/link#ProtocolEvent";
 var RDFDocument2 = "http://www.w3.org/2007/ont/link#RDFDocument";
-var Response3 = "http://www.w3.org/2007/ont/link#Response";
+var Response2 = "http://www.w3.org/2007/ont/link#Response";
 var Session4 = "http://www.w3.org/2007/ont/link#Session";
 var isMentionedIn2 = "http://www.w3.org/2007/ont/link#isMentionedIn";
 var mentionsClass2 = "http://www.w3.org/2007/ont/link#mentionsClass";
@@ -33469,7 +33603,7 @@ var tabImport = /* @__PURE__ */ Object.freeze({
   Mailbox: Mailbox2,
   ProtocolEvent: ProtocolEvent2,
   RDFDocument: RDFDocument2,
-  Response: Response3,
+  Response: Response2,
   Session: Session4,
   isMentionedIn: isMentionedIn2,
   mentionsClass: mentionsClass2,
@@ -33491,7 +33625,7 @@ var Document5 = "http://www.w3.org/2007/ont/link#Document";
 var Mailbox3 = "http://www.w3.org/2007/ont/link#Mailbox";
 var ProtocolEvent3 = "http://www.w3.org/2007/ont/link#ProtocolEvent";
 var RDFDocument3 = "http://www.w3.org/2007/ont/link#RDFDocument";
-var Response4 = "http://www.w3.org/2007/ont/link#Response";
+var Response3 = "http://www.w3.org/2007/ont/link#Response";
 var Session5 = "http://www.w3.org/2007/ont/link#Session";
 var isMentionedIn3 = "http://www.w3.org/2007/ont/link#isMentionedIn";
 var mentionsClass3 = "http://www.w3.org/2007/ont/link#mentionsClass";
@@ -33511,7 +33645,7 @@ var tabontImport = /* @__PURE__ */ Object.freeze({
   Mailbox: Mailbox3,
   ProtocolEvent: ProtocolEvent3,
   RDFDocument: RDFDocument3,
-  Response: Response4,
+  Response: Response3,
   Session: Session5,
   isMentionedIn: isMentionedIn3,
   mentionsClass: mentionsClass3,